• Business Standards

    • BC BC Business and Market Conduct

      • BC-A BC-A Introduction

        • BC-B BC-B Provision of Financial Services on a Non-discriminatory Basis

          • BC-B.1 BC-B.1 Provision of Financial Services on a Non-discriminatory Basis

            • BC-B.1.1

              Conventional Bank Licensees must ensure that all regulated financial services are provided without any discrimination based on gender, nationality, origin, language, faith, religion, physical ability or social standing.

              Added: October 2020

          • BC-A.1 BC-A.1 Purpose

            • BC-A.1.1

              This Module contains requirements that have to be met by conventional bank licensees with regards to their dealings with customers. The Rules contained in this Module aim to ensure that conventional bank licensees deal with their clients in a fair and open manner, and address their customers' information needs.

              October 07

            • BC-A.1.2

              The Rules build upon several of the Principles of Business (see Module PB (Principles of Business)). Principle 1 (Integrity) requires conventional bank licensees to observe high standards of integrity and fair dealing, and to be honest and straightforward in their dealings with customers. Principle 3 (Due skill, care and diligence) requires conventional bank licensees to act with due skill, care and diligence when acting on behalf of their customers. Principle 7 (Client Interests) requires conventional bank licensees to pay due regard to the legitimate interests and information needs of their customers, and to communicate with them in a fair and transparent manner.

              October 07

            • BC-A.1.3

              This Module also provides support for certain aspects relating to business and market conduct in the Bahrain Commercial Companies Law of 2001 (as amended).

              October 07

            • Legal Basis

              • BC-A.1.4

                This Module contains the Central Bank of Bahrain's ('CBB') Directive (as amended from time to time) on business conduct by conventional bank licensees, and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 (CBB Law). The directive in this Module is applicable to all conventional bank licensees.

                Amended: January 2011
                October 07

              • BC-A.1.5

                For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

                October 07

          • BC-A.2 BC-A.2 Scope of Application and Key Requirements

            • BC-A.2.1

              This Module applies to all conventional bank licensees unless indicated otherwise. The provisions of this Module do not apply to overseas branches and subsidiaries unless clearly stated otherwise.

              October 07

            • BC-A.2.2

              The remainder of this Module covers the following activities by conventional bank licensees:

              (a) Promotion of financial products and services (Chapter BC-1);
              (b) Code of Conduct for bank dealers and foreign exchange dealers (Chapter BC-2);
              (c) Client confidentiality (Chapter BC-3);
              (d) Customer account services and charges (Chapter BC-4);
              (e) Dishonoured cheques (Chapter BC-5);
              (f) ATMs and charges for their use (Chapter BC-6);
              (g) Margin Trading system (Chapter BC-7);
              (h) Investment Business related activities (Chapter BC-8);
              (i) Customer Complaints Procedures (Chapter BC-9); and
              (j) Measures and Procedures for Services Provided to Disabled Customers by Bahraini Retail Banks (Chapter BC-10).
              Amended: April 2016
              Amended: October 2011
              Amended: January 2011
              Amended: April 2008
              October 07

          • BC-A.3 BC-A.3 Module History

            • BC-A.3.1

              This Module was first issued in July 2004 by the BMA, as part of the conventional principles volume. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG-3 provides further details on Rulebook maintenance and version control.

              October 07

            • BC-A.3.2

              When the CBB replaced the BMA in September 2006, the provisions of this Module remained in force. Volume 1 was updated in October 2007 to reflect the switch to the CBB; however, new calendar quarter dates were only issued where the update necessitated changes to actual requirements.

              October 07

            • BC-A.3.3

              The most recent changes to this Module are detailed in the table below:

              Summary of Changes

              Module Ref.Change DateDescription of Changes
              BC-4.101/01/05New minimum balance and charges regulations.
              BC-4.701/10/05Streamlined notification requirements regarding new products.
              BC-701/04/06Margin trading rules and guidance.
              BC-A.110/2007New Rule BC-A.1.4 introduced, categorising this Module as a Directive.
              BC-804/2008New conduct of business requirements for Investment Business
              BC-4.904/2008New requirement to comply with Code of Best Practice on Consumer Credit and Charging.
              BC-7.207/2009Removal of numerical restrictions related to margin trading requirement.
              BC-8.5.1710/2010Clarified the wording of Rule by replacing the term "legal" with "licensing".
              BC-A.1.401/2011Clarified legal basis.
              BC-1.1.1301/2011Corrected reference to Ministry of Industry and Commerce.
              BC-801/2011Changes made to reflect new definitions related to licensed exchange(s).
              BC-1.1.1104/2011Clarified retention period of records for promotional schemes.
              BC-3.1.1 and BC-4.3.104/2011Minor amendments to clarify Rules.
              BC-A.2.210/2011Added new Section to list of activities covered by this Module.
              BC-4.7.310/2011Deleted Paragraph. Reduced notification requirements on new or expanded products and facilities.
              BC-4.8.210/2011Updated name of Ministry of Justice and Islamic Affairs.
              BC-4.1010/2011Added new Section on transaction advice.
              BC-8.11 and BC-910/2011Replaced Section BC-8.11 dealing with complaints and added Chapter BC-9 Customer Complaints Procedures in line with results of consultation and made it applicable to all regulated banking services.
              BC-901/2012Minor corrections to correct typos and clarify language.
              BC-9.3.901/2012Paragraph deleted as it repeats what is in Paragraph BC-9.3.7.
              BC-6.1.604/2012Cross reference added.
              BC-6.1.10 and BC-6.1.1104/2012Rule clarified and split into one Rule and one Guidance Paragraphs.
              BC-8.2.104/2012Corrected cross reference.
              BC-1.207/2012Added Section on Advertisements for retail banking products and services
              BC-4.307/2012Corrected cross reference.
              BC-8.5.12A07/2012Added guidance to clarify promotion material from banks.
              BC-9.1.3A07/2012Added guidance on the appointment of the customer complaints officer.
              BC-1.1.210/2012Added cross reference to advertising requirements under Section BC-1.2.
              BC-4.310/2012Section amended to reflect outcome of consultation on disclosure of interest/profit rate fees and charges by retail banks.
              BC-4.810/2012Amended to make Rules clearer.
              BC-6.1.210/2012Clarified process for applications for the installation of off-site ATMs.
              BC-4.401/2013This Section was deleted and requirements are now covered under Section FC-1.6.
              BC-1.2.204/2013Corrected cross reference.
              BC-4.3.204/2013Clarified Rule on instances when customers must be kept informed of charges.
              BC-8.9.14 and BC-8.9.16(e)(v)04/2013Clarified Rules on allocations.
              BC-9.707/2013Additional details provided on reporting of complaints.
              BC-4.2.1510/2013Corrected cross-reference.
              BC-5.310/2013Updated penalty charges on dishonoured cheques.
              BC-6.301/2014Added new Section on local ATM network charges.
              BC-4.1104/2014Added new Section on donations to NGO accounts.
              BC-4.1210/2015Added new Section on credit check reports.
              BC-A.2.2, and BC-1004/2016Added new Section on Measures and Procedures for Services Provided to Disabled Customers by Bahraini retail banks.
              BC-6.304/2016Amendment to local ATM charges.
              BC-6.1.607/2016Deleted reference to Ministry of Interior.
              BC-4.710/2016Clarified Rules on notification for new or changes to customer products and facilities.
              BC-4.10.110/2016Amendment to Transaction Advice
              BC-4.10.210/2016Deleted Paragraph
              BC-7.2.510/2016Rectified term 'Credit Reference Bureau'
              BC-5A01/2017Added new Section on Return Policy – Post-Dated Cheques
              BC-10.1, BC-10.2 and BC-10.304/2017Amended Paragraphs to clarify applicability of Rules.
              BC-5.3.107/2017Amended Paragraph to include penalty charges on returned cheques for the reason of Insufficient Funds.
              BC-4.104/2018Deleted Section on "Minimum Balance and Charges on Savings Accounts".
              BC-4.1304/2018Added new Section on "Fees and Charges for Services Provided to Individuals".
              BC-5.3.204/2018Deleted Paragraph on "Dishonoured Cheques".
              BC-6.204/2018Deleted Section on "GCC ATM Network Charges".
              BC-6.304/2018Deleted Section on "Local ATM Network Charges".
              BC-4.1410/2018Added a new Section on Fees and Charges for Services Provided to Companies under Formation.
              BC-1110/2018Added a new Chapter on Financial Advice Programme.
              BC-4.3.2201/2019Amended Paragraph on disclosure of charges by retail banks.
              BC-4.3.2401/2019Amended Paragraph on disclosure to individual customers.
              BC-4.3.25A01/2019Added a new Paragraph on rounding off in transactions.
              BC-4.13.201/2019Added a new Paragraph on waived fees and charges.
              BC-4.1507/2019Added a new Section on Interest on Credit Card Transactions.
              BC-4.1610/2019Added a new Section on Interest on Credit Facilities.
              BC-6.110/2019Deleted Section.
              BC-10.2.201/2020Amended Paragraph.
              BC-4.1704/2020Added a new Section on Blocking Customer Accounts.
              BC-9.3.1504/2020Amended Paragraph adding reference to CBB consumer protection.
               04/2020Amended Paragraph adding reference to CBB consumer protection.
              BC-9.7.1 - BC-9.7.304/2020Amended Paragraph adding reference to CBB consumer protection.
              BC-B10/2020Added a new Chapter on Provision of Financial Services on a Non-discriminatory Basis.
              BC-4.1810/2020Added a new Section on Fund Transfers by Customers of Payment Service Providers (PSP).
              BC-4.1904/2021Added a new Section on ‘Merchant Fees on Payments to Zakat and Charity Fund’.
              BC-1.2.107/2021Deleted Paragraph.
              BC-1.2.207/2021Deleted Paragraph.
              BC-4.3.607/2021Amended Paragraph.
              BC-1.101/2022Added new enhanced Section on Promotions.
              BC-1.201/2022Added new enhanced Section on Advertisements.
              BC-4.2001/2022Added a new Section on Dormant Accounts and Unclaimed Balances.
              BC-11.1.301/2022Deleted Paragraph.
              BC-2.8.204/2022Deleted Subparagraph (b).
              BC-4.20.707/2022Amended Paragraph on dormant accounts activity.
              BC-11.1.107/2022Amended Paragraph on the Financial Advice Program (FAP).
              BC-4.2101/2024Added a new Section on Insurance cover on loans.

            • Effective Date and Evolution of the Module

              • BC-A.3.4

                Prior to the Rulebook, the CBB had issued various circulars representing regulations covering different aspects of Business and Market Conduct. The contents of this Module are effective from the date depicted in the original circulars listed below or from the dates indicated in Paragraph BC-A.3.3 above:

                Circular Ref. Date of Issue Module Ref. Circular Subject
                EDBC/73/96 1 May 1996 BC-1.1 Explanatory note on the promotion of Banking and Financial Products.
                BS.C7/91/442 10 Sep 1991 BC-1.1 Promotion of Banking Services.
                85/25 2 May 1985 BC-2 Code of Conduct for Foreign Exchange Dealers and Brokers.
                83/5 10 Apr 1983 BC-3 Disclosure of Information about Individual Accounts.
                BS/11/2004 10 Aug 2004 BC-4.1 Min balances and savings accounts.
                BS.C7/90/34 31 Jan 1990 BC-4.2 Dinar Certificates of Deposits.
                EDBO/51/02 2 Apr 2002 BC-4.3 Charges to Customers.
                BC/5/00 8 Mar 2000 BC-4.4 Accounts held for Clubs and Societies.
                BSD(111)/94/157 24 Sep 1994 BC-4.5 Fees on Current Accounts.
                BC/2/01 3 Mar 2001 BC-4.6 Brokerage Fees in Bahrain.
                ODG/145/92 18 Aug 1992 BC-4.7 New products in the Retail Banking Field.
                EDBO/46/03 8 Apr 2003 BC-4.8 Inheritance — Financial Procedures.
                EDBO/27/96 25 Sep 1996 BC-5.1 Regulation for "Dishonoured Cheques".
                OG/399/94 28 Nov 1994 BC-5.2 Returned Cheques.
                EDBO/49/01 6 May 2001 BC-5.3 Penalty Charges on Returned Cheques.
                BC/8/98 24 May 1998 BC-6.1 Off-site ATMs.
                EDBO/45/02 13 Mar 2002 BC-6.2 GCC ATM Network Charges.
                BC/15/99 17 Jul 1999 BC-7.1 Margin Trading.
                EDBS/KH/C/73/2018 22 Nov 2018 BC-4.3.25A Rounding off in Transactions.
                Amended: January 2019
                Amended: October 2010
                October 07

        • BC-1 BC-1 Promotion of Financial Products and Services

          • BC-1.1 BC-1.1 Promotions

            • Introduction

              • BC-1.1.1

                The purpose of the content of this Section is to set out requirements pertaining to the promotion of financial services and products offered in/from Bahrain by conventional retail bank licensees. For the purposes of this Section, promotions mean all types of promotional campaigns, competitions, merchant discount schemes/loyalty programmes or other schemes of similar nature offered to customers or prospective customers by means of incentives etc.

                 

                Amended: January 2022
                Added: October 07

                 

              • BC-1.1.2

                Conventional retail bank licensees must ensure that all the following requirements are met with regards to promotion of products or services:

                (a) They do not involve a breach of Bahrain law or any other relevant applicable law or regulation;
                (b) All documentation concerning promotions is in a language necessary for customers to fully understand and appreciate the products or services;
                (c) Customers to whom promotions are directed must enjoy equal opportunity in terms of access to, and treatment within such schemes;
                (d) The communication concerning promotions must be clear, concise, truthful, unambiguous and complete to enable customers to make a fully informed decision; and
                (e) Where the promotion involves communication of earnings potential or benefits associated with the products or services promoted, all costs, charges or levies and risks are also disclosed.

                 

                Amended: January 2022
                Amended: October 2012
                Amended: January 2011
                Added: October 07

              • BC-1.1.3

                Licensees using character-limited media (e.g. social media platforms such as Instagram, Facebook etc.) as a means of promoting complex features of financial products or services should provide a reference or link to more comprehensive information available elsewhere.

                 

                Amended: January 2022
                Amended: January 2011
                Added: October 07

              • BC-1.1.4

                Conventional retail bank licensees must ensure that the following requirements are met with regards to raffles/lotteries:

                (a) Adequate systems and documented procedures are in place that describe the checks and balances to ensure fair play, impartiality and the inclusion of eligible participants as well as for informing participants of the results of a raffle/lottery without delay;
                (b) They are subject to the rules and requirements (including prior authorisation/approval) laid down by the Ministry of Industry, Commerce and Tourism;
                (c) The raffle draw date of the announced prize/incentive/campaign is disclosed in advance to the public and that other subsequent announced prize/incentive/campaign follow the same approach. Raffle dates must not be postponed unless a valid reason is stated/indicated;
                (d) The winner(s) report includes the winner's name, CPR number, mobile number and the number of chances (e.g. tickets/ certificates) in the draw;
                (e) Each draw of the raffle/lottery held as part of the bank’s promotional scheme is independently verified and monitored/witnessed by the bank’s internal auditor and, additionally, draws involving prizes of BD 10,000 or above in aggregate must be independently verified and monitored/witnessed by the bank’s external auditors;
                (f) An annual check and a comprehensive audit on the “raffle draw” system is conducted by the external IT auditor. In addition, a detailed report in this regard from such auditor must be submitted to the CBB within 3 months from year-end and a copy is sent to the consumer protection department in the Ministry of Industry, Commerce and Tourism; and
                (g) The internal auditor periodically reviews, at least annually, all promotions, raffles/lotteries in addition to the systems, procedures, processes and related operational risks.

                 

                Amended: January 2022
                Amended: April 2008
                Added: October 07

            • General Requirements

              • BC-1.1.5

                The requirements of Paragraph BC-1.1.4 do not apply to promotions or giveaways generally offered and selected through draws to customers on an ad hoc basis (at no cost to the customer, implicit or otherwise). In such cases, there is no direct link between the acquisition of the products or services by the customers and the periodic raffle draw/lotteries.

                 

                Amended: January 2022
                Amended: April 2011
                Added: April 08

              • BC-1.1.6

                While there is to be no formal restriction on the types of incentive which may be used by institutions, care should be taken to ensure that promotional schemes do not negatively affect the integrity, reputation, good image and standing of Bahrain and/or its financial sector, and do not detrimentally affect Bahrain's economy.

                Amended: April 08
                October 07

              • BC-1.1.7

                Bearing in mind the reputation of, and the requirement to develop, the financial sector in Bahrain, as well as the need to act at all times in the best interests of the customer, banks need to take adequate care to ensure that promotional schemes do not unreasonably divert the attention of the public from other important considerations in choosing a bank or a banking/financial product.

                Amended: April 08
                October 07

              • BC-1.1.8

                All documentation concerning promotional schemes should be in Arabic and English and, if relevant, any other language necessary for customers to fully understand and appreciate their terms and conditions. Such terms and conditions, including any related advertising, need to be clear, concise, truthful, unambiguous and complete so as to enable customers to make a fully informed decision.

                Amended: April 08
                October 07

              • BC-1.1.9

                Customers to whom promotional schemes are directed should enjoy equal opportunity in terms of access to, and treatment within, such schemes.

                Amended: April 08
                October 07

              • BC-1.1.10

                No costs (including funding costs), charges or levies associated with promotional schemes should be concealed from prospective customers.

                Amended: April 08
                October 07

              • BC-1.1.11

                All material related to promotional schemes, particularly where raffles/lotteries etc. are concerned, must be maintained for a minimum period of 5 years (see Paragraph OM-7.3.4).

                Amended: April 2011
                Amended: April 08
                October 07

              • BC-1.1.12

                Any raffles/lotteries etc. held as part of promotional schemes should be independently monitored (e.g. by the institution's external auditor) and adequate systems put in place to ensure fair play and impartiality.

                Amended: April 08
                October 07

              • BC-1.1.13

                An appropriate system must also exist for informing participants of the results of a raffle/lottery without delay. Institutions must note that raffles/lotteries etc. may be subject to rules and requirements (including prior authorisation/approval) laid down by the Ministry of Industry and Commerce.

                Amended: April 2011
                Amended: January 2011
                Amended: April 08
                October 07

              • BC-1.1.14

                Banks may use small 'gifts' as an inducement to members of the public to use banks' services, provided such gifts are offered on a general basis and have a low monetary value.

                Amended: April 08
                October 07

              • BC-1.1.15

                Due note should be taken of the overriding provisions of Bahrain (and any other relevant) law in relation to institutions' duties to customers to the extent (if any) that promotional schemes might impact on such duties.

                Amended: January 2011
                Amended: April 08
                October 07

          • BC-1.2 BC-1.2 Advertisements

            • BC-1.2.1

              Conventional retail bank licensees must allow a means for customers to opt-out from receiving promotional or advertisement material through email, SMS, WhatsApp or other communication means should such customers want to opt-out. The opt-out can be in writing or electronically.

               

              Amended: January 2022
              Deleted: July 2021
              Added: July 2012

            • BC-1.2.2

              The CBB may, at its discretion, require the licensee to withdraw the advertisement or any material thereof, if it believes that the advertisement is not compliant with the requirements of this Module or that it has a negative impact on the financial sector or on the society.

               

              Amended: January 2022
              Deleted: July 2021
              Amended: April 2013
              Added: July 2012

            • BC-1.2.3

              Conventional retail bank licensees must ensure that advertisements:

              a) Are clear, fair, accurate and not misleading;
              b) Are simple to understand and presented in a way that is likely to be understood by the average person to whom it is directed;
              c) Clearly state what the letters stand for if acronyms are used (for e.g. APR);
              d) Font size for all advertisements must be clear and readable, including footnotes;
              e) Terms and conditions are easily accessible by customers;
              f) Any concessionary offer/promotion in an advertisement contains the validity period of such offer/promotion;
              g) Clearly present any comparison or contrast (if any) in a fair and balanced way. Such comparison or contrast must be meaningful and presented in general terms, i.e. banks must avoid making direct comparisons of their products with those of their competitors;
              h) Are publicly announced by the licensee only;
              i) Clearly state the name of the bank, bank logo, and contact details;
              j) The name of the product and its details are clear to the customers;
              k) Include a proper link to the terms and conditions including fees and charges;
              l) Include a statement that the bank is licensed by CBB as a conventional retail bank licensee; and
              m) Do not make use of the name of CBB in any advertisement in such a way that would indicate endorsement or approval of its products or services.

               

              Added: January 2022

            • BC-1.2.4

              Conventional retail bank licensees must ensure that advertisements do not:

              a) Include the expression ‘interest free’ or any similar expression when there is implicit interest embedded in the product or service;
              b) Include the descriptions of product or service as ‘free’ or ‘with no cost’ or any similar expression if any type of fee would be imposed;
              c) Include the descriptions of feature of a product or service as ‘guaranteed’ or ‘secured’ or use a similar expression unless the bank communicates all the necessary information, and present that information with sufficient clarity and prominence to make the use of that term fair, clear and not misleading;
              d) Contain any statement such as “the best in”, “the most competitive”, “the best rate in”, “the first in”, ‘the highest’ or ‘the lowest’ or ‘the best’ in the market unless it is fully supported by evidential documents;
              e) Emphasise any potential benefits of a product or service without also giving a fair and prominent indication of any relevant risks; and
              f) Disguise, omit, diminish or obscure important information, statements or warnings.

               

              Added: January 2022

            • Digital Advertisements

              • BC-1.2.5

                Conventional retail bank licensees must ensure that each digital advertisement through the internet/social media (e.g. Twitter, Instagram, WhatsApp, Facebook, web page, etc.) complies with the requirements in this Section.

                 

                Added: January 2022

              • BC-1.2.6

                Where a licensee publishes customer feedback/review on the internet/social media, it must display both positive and negative feedback/review.

                 

                Added: January 2022

        • BC-2 BC-2 Code of Conduct for Bank Dealers and Foreign Exchange and Money Brokers in the Foreign Currency and Deposit Markets

          • BC-2.1 BC-2.1 Introduction

            • BC-2.1.1

              The Code of Conduct, which is prepared in cooperation with the Bankers' Society of Bahrain and foreign exchange brokers, provides rules in respect of certain kinds of practice which experience has shown may cause difficulty and may jeopardise the good standing of the Bahrain market. Management of banks and money brokers are responsible for ensuring that their institutions are in full compliance with the Code.

              October 07

            • BC-2.1.2

              Every broker and dealer shall at all times comply with the criteria in respect to market practice, integrity and conduct. Failure to comply with such criteria will be regarded as a serious offence by the CBB, which reserves the right to investigate any complaints brought to its attention. All participants should adhere to the spirit as well as to the letter of the Code.

              October 07

          • BC-2.2 BC-2.2 Market Terminology and Definitions

            • BC-2.2.1

              The use of generally accepted precise terminology should reduce misunderstandings and frustration, and to this end Appendix BC-5 sets out, without claiming to be exhaustive, accepted market terminology and definitions.

              October 07

            • BC-2.2.2

              For the purpose of this Chapter, the following definitions apply:

              (a) 'Broker' means a money and foreign exchange broker who is authorised by the CBB to operate in Bahrain;
              (b) 'Principal' means a party undertaking a transaction through a broker; and
              (c) 'Bank' means any institution holding a banking license.
              Amended: April 2011
              October 07

          • BC-2.3 BC-2.3 Confidentiality and Market Practice

            • BC-2.3.1

              Confidentiality is vital for the preservation of a reputable and efficient market. Accordingly, the exchange of confidential information in respect of third parties is forbidden.

              October 07

            • BC-2.3.2

              The rules which follow are not intended to define exhaustively the obligations of dealers and brokers but set down specific ways in which confidentiality should be safeguarded and operations should be conducted:

              (a) Use of phrases and terms likely to identify the name of the principal should be avoided at all times;
              (b) In foreign exchange transactions brokers should not disclose the name of the principal until the deal is being closed.
              A broker asking for a specific support price should be prepared to qualify the principal in terms of geographical location, by country or by region when the broker genuinely believes it will enable business to be concluded satisfactorily to the benefit of both broker and principal;
              (c) In deposit transactions, brokers should not disclose the name of the borrower until the broker is satisfied that the potential lender seriously intends to do business. Once a lender has asked for the identity of the borrower ('Who pays?'), the lender is committed to do business at the rate quoted with an acceptable name, until the lending bank takes the broker 'off' or puts himself under reference. In the event of the first disclosed name being unacceptable to the lender, the lender will be prepared to check other acceptable names provided that such names are shown to the lender by the broker within a reasonable amount of time, which should be stipulated if necessary;
              (d) In the deposit market, banks should whenever possible give brokers prior indication of those categories of principals and of any centres and areas with which they would be unwilling to do business, in order that the smooth operation of markets be facilitated and frustration be minimized. Lenders should indicate the amounts they are prepared to place with particular categories of borrower. Brokers should classify bids with an indication of the type and quality of names they are in a position to pass;
              (e) Practices whereby banks reject a succession of names in order to assess the market and brokers offer banks deals which have no chance of being concluded, merely in order to establish their interest, are totally unacceptable;
              (f) A principal is urged whenever possible to specify to a broker the rate, the amount, the currency, and the period of his requirements. The principal shall be willing to deal in a marketable amount with acceptable names and shall remain bound so to deal at the quoted rate unless either:
              (i) The broker is informed otherwise at the time of acceptance; or
              (ii) A time limit was placed (for example, 'Firm for one minute only').
              A broker who quotes a firm rate without qualification shall be prepared to deal at the rate, in a marketable amount. A broker, if quoting only the basis of one or two names, shall qualify his quotation, e.g., 'one small offeror – only two names paying'. The broker should indicate whether prices are firm or simply for guidance and, if requested by the principal, should be willing to indicate the amount involved. Further he should confirm with banks at reasonable intervals that their interest is still firm.
              It is the responsibility of the principal to ensure the broker is made aware of any circumstances which materially affect the validity of the order placed with the broker.
              (g) A principal, by selecting to 'put a broker on', is deemed to have a serious intention of completing business, and should allow the broker sufficient time to quote the principal's interest to a potential counterparty with a view to doing business. In quantifying a 'sufficient time' factors such as the currency, market conditions and communication systems employed, should be taken into account;
              (h) A broker is held responsible for advising a principal on every occasion that his deposit rates are being checked by a potential counterparty. This action should help minimise the occasional difficulties that arise when a principal 'takes a broker off' simultaneously to having his prices checked.
              Whenever possible and subject to market conditions, a bank in the deposit market should, before he 'takes a broker off' either a single order or several orders, check whether the broker is already committed to deal on his behalf;
              (i) 'Under reference' orders placed by banks with brokers without having first being placed as 'firm', are to be discouraged. Firm orders which are later qualified by a request to 'put me under reference' indicate a principal's weakening desire to conclude business with that broker. 'Under reference' orders should not be left with a broker for more than a few minutes. A principal must ensure that the broker has the opportunity frequently to check the validity of an 'under reference' order;
              (j) No person may visit the dealing room of any broker or any bank except with the consent of a Manager or Director of that institution. A broker shall not in any circumstances permit any visitors from a bank to deal for his bank in the dealing room of that broker;
              (k) Management of banks should issue clear directions to staff on the monitoring, control and recording of 'after hours' dealing from premises other than bank dealing rooms. All deals of this kind must be properly authorised and confirmed;
              (l) A bank dealer shall not apply unfair pressure upon a broker to pass information which it would be improper for the broker to pass. Unfair pressure would for example include a statement made in any form that a failure to co-operate would lead to reduction in the business given by the principal or by other principals to the broker;
              (m) A principal should not place an order with a broker solely with the intention of finding out the name of a counterparty, who can be contacted directly with a view to concluding further deals;
              (n) Management of banks and brokers should lay down clear directions to staff on the extent to which dealing in foreign exchange or deposits for personal accounts is permitted. Any such dealing must be strictly controlled;
              (o) Care should be taken over the positioning of 2-way loudspeakers in dealing rooms; and
              (p) Brokers and dealers should inform each other if conversations are being recorded. The use of such equipment is encouraged as a sensible means of enabling any subsequent disputes and differences to be settled.
              Amended: April 2011
              October 07

          • BC-2.4 BC-2.4 Passing of Details

            • BC-2.4.1

              The passing and recording of details form an essential part of the transaction and the possibility of errors and misunderstanding is increased by delay and by the passing of details in batches. Brokers should pass details verbally, and principals should be prepared to receive them, normally within a few minutes after deals have been concluded.

              October 07

            • BC-2.4.2

              When arranging and passing details on forward contracts in foreign exchange, banks and brokers must ensure that the rate applied to the spot end of the transaction bears a close relationship to the spot rate at the time the deal was concluded.

              October 07

          • BC-2.5 BC-2.5 Confirmations

            • BC-2.5.1

              Written confirmation by a broker is the final check on the details of the transaction. The handling of confirmations must take account of the desire of brokers to have a realistic time-limit placed on their liability for differences. There is an obligation on recipients to check such confirmations. Initial confirmations should be sent out by telex without delay, and at the latest by close of business on the same working day. They should be followed up by written confirmation, normally hand-delivered and receipted before close of business on the following working day.

              October 07

            • BC-2.5.2

              Banks must check all confirmations carefully upon receipt so that discrepancies shall be quickly revealed and differences minimised. Principals shall also make enquiries of brokers about particular confirmations which have not been received within an appropriate time (as above) or about any changes in contract terms.

              October 07

            • BC-2.5.3

              In the case of deals where a bank pays against telex confirmation, the broker remains liable for differences until receipt of written confirmation is provided by the bank.

              October 07

          • BC-2.6 BC-2.6 Differences and Disputes

            • BC-2.6.1

              The majority of differences payable by brokers arise from errors occurring in payment or repayment instructions. They also arise from a broker, having in good faith indicated a firm rate, being unable to substantiate his quotation.

              October 07

            • BC-2.6.2

              Any differences deemed payable by a broker to a bank (or by a bank to a broker) should be settled as soon as possible. The parties should provide each other with documents, setting out the exact details of and circumstances surrounding the deal.

              October 07

            • BC-2.6.3

              It is acknowledged that differences are sometimes paid by 'points'. The management of broking firms should always ensure that this practice is strictly controlled and monitored.

              October 07

            • BC-2.6.4

              All differences settled by direct payment should be advised in writing by the broker to the Director of Reserve Management, CBB, (copied to the Bank) indicating the amount paid and the other party's name. The CBB reserves the right to ask for further information at its discretion.

              October 07

          • BC-2.7 BC-2.7 Conduct

            • BC-2.7.1

              The CBB will regard any breaches of the rules stated below regarding gifts, favours, betting and entertainment unacceptable.

              October 07

            • Gifts and Favours

              • BC-2.7.2

                No broker, including management, employees and other persons acting on their behalf, shall offer or give inducements to dealing room personnel of a bank. No gifts or favours whatsoever shall be so given unless the broker is satisfied that the person responsible for dealing operations in the bank concerned has been informed of the nature of the gift or favour.

                October 07

              • BC-2.7.3

                Employees of banks shall not solicit inducements from brokers, nor shall they receive unsolicited gifts or favours from brokers without informing the person responsible for dealing operations in the bank concerned of the nature of such gifts or favours.

                October 07

            • Bets

              • BC-2.7.4

                The making or arranging of bets between brokers and bank dealers is totally unacceptable.

                October 07

            • Entertaining

              • BC-2.7.5

                It shall be the responsibility of management in both banks and brokers to ensure that entertainment offered in the course of business does not exceed reasonable limits and does not infringe standards of propriety and decency.

                October 07

          • BC-2.8 BC-2.8 Responsibility

            • BC-2.8.1

              Brokers shall be responsible for ensuring that:

              (a) Their principals understand fully the limitations of the brokers' responsibilities for business and market conducted;
              (b) All their principals understand that they are required to conform, where appropriate, to the Code of Conduct;
              (c) Their staff carrying out transactions on behalf of principals are adequately trained both in the practices of the market-place and in the firm's responsibilities to principals; and
              (d) The CBB is notified of any changes in broking staff, in accordance with CBB requirements.
              October 07

            • BC-2.8.2

              Bankers shall be responsible for ensuring that:

              (a) Their dealing staff are adequately trained and supervised in the practices of the market (the requirement of this Code of Conduct should be fully understood by all staff involved in foreign exchange and currency deposit operations);
              (b) [This Subparagraph was deleted in April 2022];
              (c) Their staff understand that the ultimate responsibility for assessing the creditworthiness of a borrower or lender lies with the bank and not the broker;
              (d) Brokerage is normally payable at the end of the month in which the money passes, or otherwise by special arrangement; and
              (e) There is no pressure on brokers to reduce charges below the approved minimum rates.
              Amended: April 2022
              October 07

          • BC-2.9 BC-2.9 Market Regulations – Foreign Exchange

            • Currencies

              • BC-2.9.1

                A broker will, in response to an enquiry from any bank, make known the currencies which it elects to quote and to make a service in.

                October 07

              • BC-2.9.2

                Each broker shall provide, on request by a bank taking a service, general market information on all currencies handled (whether for the time being active or not) by that broker.

                October 07

            • Brokerage

              • BC-2.9.3

                Brokers shall comply with the minimum scales of brokerage charges (see Section BC-4.6) agreed in consultation with the Bankers' Society Council from time to time, or laid down by the CBB.
                In cases where there is no established minimum scale of brokerage charges, no deals shall be transacted until a rate has been agreed. Rates of brokerage in these cases should be agreed in advance, and only by Directors or senior managers on each side, and in no event by the dealers themselves.

                October 07

              • BC-2.9.4

                Put-through deals may be net of brokerage.

                October 07

              • BC-2.9.5

                Brokerage should be expressed in US dollars.

                October 07

          • BC-2.10 BC-2.10 Market Regulations – Currency Deposits

            • Brokerage

              • BC-2.10.1

                Brokers shall comply with the minimum scales of brokerage charges (see Section BC-4.6) agreed in consultation with the Bankers' Society Council from time to time, or laid down by the CBB. In cases where there is no established minimum scale of brokerage charges, no deals shall be transacted until a rate has been agreed. Rates of brokerage in these cases should be agreed in advance, and only by Directors or senior managers on each side, and in no event by the dealers themselves.

                October 07

              • BC-2.10.2

                Calculation of brokerage on all currency deposits shall be worked out on a 360-day year, or a 365-day year, according to normally accepted market practice. For example, Sterling and Kuwaiti Dinars are on a 365-day year basis, and US dollars and Saudi Riyals are on a 360-day year basis.

                October 07

            • Brokers' confirmations and statements should express brokerage in US dollars.

              • BC-2.10.3

                In a forward-forward deposit (e.g. one month against six months) the brokerage to be charged shall be on the actual intervening period (i.e. in the above example - five months).

                October 07

              • BC-2.10.4

                Put-through deals may be net of brokerage.

                October 07

          • BC-2.11 BC-2.11 Market Discipline

            • BC-2.11.1

              As part of its responsibility for supervising the conduct of brokers and dealers in the foreign exchange and currency markets, the CBB may, at its discretion:

              (a) Investigate any complains concerning the conduct of brokers and dealers;
              (b) Investigate possible breaches of this Code by brokers and banks; and/or
              (c) Take such further action as it considers appropriate, in the light of all the relevant facts.
              Amended: January 2011
              October 07

          • BC-2.12 BC-2.12 Adjustment of Value Dates in Case of Unexpected Banking Closing Dates

            • BC-2.12.1

              Spot transactions and outrights:

              (a) Original agreed upon value date for identical currency sold and purchased: extension of value date to next possible value date for both currencies; and
              (b) Original agreed upon value date for non-identical currency sold and purchased (for instance, Friday for US Dollars and Saturday for Gulf Currencies): as unexpected banking closing days for non-Middle Eastern currencies are unlikely - value of non-Gulf currencies unchanged and value of Gulf currency on the next working day, adjusting spot or outright rate taking into account interest rate difference between the two currencies.
              For pure outrights it would be advisable to adopt same system as for swaps; however, implied swap difference is not visible or identical for both parties.
              •   It can be assumed that, if the above rule would cause substantial losses for one party, dealers will re-negotiate a new rate, on a case-by case basis; if no agreement can be reached, the CBB - as final arbitrator - will fix the interest rates, prevailing at that time, which will be used to calculate the points difference, with which the outright rate will be adjusted.

              It is possible that payment instructions for counter-currency are already sent out and cannot be cancelled; in that case the paying party should be entitled to the proceeds of the unexpected use of funds by the receiving party.

              Amended: April 2011
              October 07

            • BC-2.12.2

              Deposits:

              (a) Maturing on unexpected closing day(s): Extending deposit to next possible value date; interest to be calculated in the extended period at original agreed upon interest rate;
              (b) Starting on unexpected closing day(s) and maturing after unexpected closing day(s): Starting date will be extended to next possible value date without altering maturing date; interest to be calculated on the shortened period at the originally agreed upon interest rate; and
              (c) Starting on unexpected closing day(s) and maturing before or on next possible value date: Cancellation of deal:
              1. If payment instructions are already sent out by lender and can only be executed on next possible value date, and cannot be cancelled, borrower ensures repayment will be done on the same next possible value date. If in that case borrower cannot repay because of deadline of receiving instructions by correspondent on same next possible value day, parties negotiate a new deal starting at value date of payment by lender and maturing according to new deal.
              2. If payment instructions are already sent out by lender for capital and by borrower for capital and interest both payments will be executed at same next possible value date, lender should refund to borrower unearned interest.
              Amended: April 2011
              October 07

            • BC-2.12.3

              Swaps:

              (a) Maturing on unexpected closing day(s): Extending swap to next possible value date for both currencies, adjusting swap difference according to formula - swap difference divided by original number of days and multiplied by new number of days;
              (b) Starting on unexpected closing day(s) and maturing after unexpected closing day(s): Starting date for both currencies would be extended to next possible value date for both currencies without altering maturing date, adjusting swap difference according to Formula under Paragraph BC-2.12.3(a); and
              (c) Starting on unexpected closing day(s) and maturing before or on next possible value date: Deals are cancelled.

              If starting or maturing date of original swap under Paragraph BC-2.12.1 or Paragraph BC-2.12.2 is substantially different, per currency swap difference has to be recalculated in mutual agreement between the dealers;

              •   It is possible that payment instructions for counter currency are already sent out and cannot be cancelled - in that case paying party should be entitled to the proceeds of the unexpected use of funds by the receiving party;
              •   It is possible that payment instructions for Gulf currencies are already sent out and cannot be cancelled - in these cases rules according to Paragraph BC-2.12.2(c)-1 and Paragraph BC-2.12.2(c)-2 should be applied.
              Amended: April 2011
              Amended: January 2011
              October 07

        • BC-3 BC-3 Client Confidentiality

          • BC-3.1 BC-3.1 Disclosure of Information about Individual Accounts

            • BC-3.1.1

              In accordance with Article 117 of the CBB Law, banks must not publish or release information to third parties concerning the accounts or activities of their individual customers, unless:

              (a) Such information is requested by the CBB or by an order from the Courts;
              (b) The release of such information is approved by the customer concerned; or
              (c) It is in compliance with the provision of the law or any international agreements to which the Kingdom is a signatory.
              Amended: April 2011
              October 07

        • BC-4 BC-4 Customer Account Services and Charges

          • BC-4.1 BC-4.1 Minimum Balance and Charges on Savings Accounts [This Section was deleted in April 2018]

            • BC-4.1.1

              [This paragraph was deleted in April 2018].

              Deleted: April 2018
              October 07

            • BC-4.1.2

              [This paragraph was deleted in April 2018].

              Deleted: April 2018
              October 07

          • BC-4.2 BC-4.2 Dinar Certificates of Deposits – Rules

            • BC-4.2.1

              The purpose of the contents of this Section is to set out rules governing the issue of Dinar Certificates of Deposit by retail bank licensees.

              October 07

            • BC-4.2.2

              For the purpose of this Section, 'Dinar Certificates of Deposit' are financial instruments payable in Bahrain Dinars. They must be negotiable – in accordance with the Law of Commerce (No. 7) of 1987 – and must satisfy the conditions set out in this Section.

              October 07

            • Issue

              • BC-4.2.3

                Dinar Certificates of Deposit may be issued only by retail bank licensees and must be payable at their offices in Bahrain.

                October 07

              • BC-4.2.4

                Retail bank licensees may issue Certificates of Deposit to both resident and non-resident customers and to other banks inside and outside Bahrain.

                October 07

              • BC-4.2.5

                Retail bank licensees may not issue Certificates of Deposit until they receive the necessary funds.

                October 07

            • Denominations

              • BC-4.2.6

                Certificates of Deposit may be issued for any amount subject only to a minimum denomination of BD 30,000.

                October 07

            • Maturities

              • BC-4.2.7

                Certificates of Deposit may be issued for any maturity between 183 days (6 months) and 5 years.

                October 07

            • Interest Rates

              • BC-4.2.8

                The interest rates on Certificates of Deposit may be freely agreed between banks and their counterparties at the time of issue.

                October 07

              • BC-4.2.9

                Interest may be payable by agreement at a fixed or floating rate. In the case of a floating interest rate, the formula for revising the rate must be specified at the time of issue.

                October 07

              • BC-4.2.10

                Interest may be payable at maturity or on earlier dates specified at the time of issue.

                October 07

              • BC-4.2.11

                As an alternative to paying interest, Certificates of Deposit may be issued (like Treasury bills) at a discount to their face value (the repayment amount).

                October 07

              • BC-4.2.12

                Interest and discounted values should be calculated on the basis of a 360 day year.

                October 07

            • Negotiability

              • BC-4.2.13

                In view of their negotiability, Certificates of Deposit may be freely traded between banks, and between banks and customers. Issuing banks are permitted to re-purchase their own Certificates.

                October 07

            • Safe Custody

              • BC-4.2.14

                Although it is not obligatory, holders of Certificates of Deposit are advised to keep these certificates with a bank for safe custody and to handle them with care at all times.

                October 07

            • Reserve Ratio

              • BC-4.2.15

                Outstanding Certificates of Deposit are subject to reserve requirements in accordance with the provisions set out under Section BR-4.1.

                Amended: October 2013
                October 07

            • Other Conditions

              • BC-4.2.16

                Banks must not describe deposit receipts, confirmations and other non-negotiable documents relating to ordinary deposits as 'Certificates of Deposit' and must not include such liabilities among Certificates of Deposit in their monthly statistical reports (also see Module BR).

                October 07

              • BC-4.2.17

                In their statistical reports (also see Module BR), banks should always classify their outstanding Certificates of Deposit according to the type of customer (e.g. resident etc.) to whom they were first issued.

                October 07

          • BC-4.3 BC-4.3 Disclosure of Charges by Retail Banks

            • BC-4.3.1

              In order to improve retail customer awareness and enhance transparency of retail banks charging structures, all retail banks must display in a prominent position, in Arabic and in English, by notice in their banking halls (both head offices and branches), a list of all applicable charges.

              Amended: October 2012
              Amended: April 2011
              October 07

            • BC-4.3.2

              Retail banks must also ensure that each customer is in receipt of their current list of charges, by enclosing such a list with account statements and displaying such charges on their websites. The list must specify standard charges and commissions that will be applied by the retail bank to individual services and transactions and to specific areas of business. Such notification must be made in instances where there are changes in the fees or when new fees are introduced.

              Amended: April 2013
              Amended: October 2012
              October 2007

            • Credit Agreements

              • BC-4.3.4

                For the purpose of this Section, the following definitions apply:

                (a) Credit agreement – Means all instalment financing agreements and lease agreements, as well as credit cards, overdraft, revolving and other types of credit offered to retail customers;
                (b) Customer – Means both the debtor and the guarantor (if any) and/or any potential debtor or guarantor;
                (c) Conspicuous notice – Means a written statement in both Arabic and English languages which is easily visible and legible and displayed in all retail banks' premises open to the public (head offices and branches), and via means such as websites, newspapers and other press notices;
                (d) Nominal annual rate – Means the interest rate charged to the customer, calculated by dividing the amount of the total interest by the amount of the funds provided to the customer and excluding any other charges, the results of which is divided by the number of years of the term of the credit agreement;
                (e) Outstanding credit amount – Means the amount outstanding under a credit agreement representing the amount of funds provided to the customer and any other charges that are included as part of the principal amount to be repaid by the customer over the duration of the agreement less any repayment made related to the principal amount at a specified date;
                (f) Principal – Means the amount of credit received plus any other charges, the total of which is subject to interest; and
                (g) Retail customers – Means a natural person.
                Added: October 2012

              • BC-4.3.3

                A retail bank must make available, at their premises, information leaflets containing information on the key products and services in respect of all credit agreements including:

                (a) The Annual Percentage Rate (APR) as defined in Paragraph BC-4.3.10, for instalment financing facilities only; and
                (b) The annual interest rate on credit facilities (as referred to in Paragraph BC-4.3.14), commission, fees, one-off charges, expenses on behalf of third parties, exchange rates applied and any other charges.
                Amended: October 2012
                Amended: July 2012
                Amended: April 2011
                October 07

            • General Rules

              • BC-4.3.5

                Where a retail customer has a credit agreement with a retail bank, retail banks must:

                (a) Duly inform their customers in accordance with this Module about the nature and the characteristics (including relevant risks) of the credit agreements and services offered by them, and about the terms and conditions governing such agreements;
                (b) Periodically inform, in writing, their customers on the evolution and the terms of any credit agreement signed, throughout the duration of the contract (refer to Paragraphs BC-4.3.24 and BC-4.3.25);
                (c) Respond in due time, to customers' requests for the provision of information and clarifications regarding the application of contractual terms (refer to Paragraphs BC-4.3.29 and BC-4.3.30);
                (d) Appoint a customer complaints officer and publicise his/ her contact details (refer to Chapter BC-9 on Customer Complaints Procedures);
                (e) Ensure the proper training of employees involved in interfacing and providing specific information to customers;
                (f) Disclose information required in this document in both Arabic & English languages;
                (g) Show clearly the APR for instalment facilities and the annual rate of interest for other credit facilities on the credit agreement application and 'key terms disclosure' document; and
                (h) Disclose all information in a clear and readable form (refer to Paragraph BC-4.3.6).
                Added: October 2012

              • BC-4.3.6

                Marketing of customer credit agreements, advertising and sales promoting credit agreements, irrespective of the media used (SMS, Internet, printed material, telephone solicitation) must be clear and understandable, must be true and not misleading and meet the basic customer information requirements as defined in this Module. Retail banks are also asked to take special care to ensure that the content of any advertising material does not mislead or deceive the public in any way.

                Amended: July 2021
                Added: October 2012

              • BC-4.3.7

                The use of "small print" to make potentially important information less visible is not compatible with good business conduct, and should be avoided.

                Added: October 2012

            • Minimum Disclosure Requirements

              • BC-4.3.8

                Retail banks must make:

                (a) Public disclosure regarding credit agreements; and
                (b) Disclosures to individual customer(s), whether these be during the course of the initial negotiation of the credit agreement or during the term of the facility being offered.
                Added: October 2012

            • Public Disclosure Requirements for all Credit agreements

              • BC-4.3.9

                The following public disclosures must be made by conspicuous notice for all types of credit agreements:

                (a) Any obligation on the part of the customer to open a deposit account with the retail bank as a condition of granting the credit agreement;
                (b) Any late payment charges;
                (c) The level of fees for any special services rendered, or one-off expenses, as well as any amount collected by retail banks on behalf of third parties;
                (d) Any fees or charges payable under any linked or mandatory contract entered into as a condition for the granting of the credit agreement, such as payment protection insurance; and
                (e) Any other charges not included above.
                Added: October 2012

            • Additional Public Disclosure for Instalment Financing Facilities

              • BC-4.3.10

                In addition to the requirements under Paragraph BC-4.3.9, retail banks must publicly disclose by conspicuous notice for instalment financing facilities:

                (a) The current Annual Percentage Rate (APR) as calculated using the APR methodology in Paragraph BC-4.3.31. The APR displayed must be calculated based on the following scenarios. In case of consumer finance, amount borrowed is BD10,000 for a 7-year term and for housing facilities, BD100,000 for 25 years.
                (b) The Annual Percentage Rate (APR), must be broken down as follows:
                (i) The annual nominal interest rate payable on the instalment financing;
                (ii) Administration/handling fees;
                (iii) In the case of finance lease contracts/ijara or deferred purchase contracts, any fees for purchasing the asset; and
                (iv) Any other mandatory charges (contingent costs are excluded); and
                (c) The terms and conditions for early repayment, partial or full, of the credit agreement, or for any change in the terms and covenants of the credit agreement, as well as any relevant charges (where permitted) and the way in which these are calculated.
                Added: October 2012

              • BC-4.3.11

                The APR is a standard measure that allows customers to compare total charges for instalment financing facilities on a like-for-like basis. The APR allows the customer to compare the total charge for credit over differing periods (e.g. – two versus three years) or offered by different retail banks with differing payment profiles and taking into account the payment of any other fees payable as a condition of the contract, such as administration fees or insurance premiums.

                Added: October 2012

              • BC-4.3.12

                Any advertising through any media means of instalment financing facilities, offered by the retail banks must specify only the APR (including all fees and charges) and no other rates, i.e. nominal, base, flat or rates by any other names.

                Added: October 2012

              • BC-4.3.13

                For the purposes of Paragraph BC-4.3.10, the disclosures can be provided as one APR or a range of APRs for retail banks that provide instalment financing to different segments and products. A retail bank may have different customer segments with different risk profiles, for whom the APR offered on the same product may vary. However, the disclosures must comply with the scenarios outlined in Subparagraph BC-4.3.10(a).

                Added: October 2012

            • Additional Public Disclosure for Credit Agreements other than Instalment Financing Facilities

              • BC-4.3.14

                In addition to the requirements under Paragraph BC-4.3.9, retail banks must publicly disclose by conspicuous notice for Credit Agreements other than instalment financing facilities:

                (a) For credit cards, the monthly and the annual rate of interest plus other fees and charges;
                (b) For overdrafts, the annual rate of interest plus other fees and charges;
                (c) For floating-rate credit agreements, the interest rate clearly defined on the basis of the relevant base rate, the periods during which this rate would apply, as well as information on key factors that could affect the total cost of the credit agreement; and
                (d) For instances where the customer exceeds contractual credit lines, the terms and any relevant charges.
                Added: October 2012

              • BC-4.3.15

                For credit agreements other than instalment financing facilities, any advertising through any media means must specify only the annual interest rate and other fees and charges.

                Added: October 2012

              • BC-4.3.16

                For credit agreements other than instalment financing facilities, banks are prohibited from using the term APR in any advertising.

                Added: October 2012

            • Disclosure to Individual Customers: Initial Disclosure Requirements of Key Terms

              • BC-4.3.17

                Retail banks must make clear to potential customers, prior to entering into a credit agreement, all relevant key terms of the agreement in the credit agreement application and 'key terms disclosure' document, in order for them to clearly understand the characteristics of the services and products on offer. Retail banks must also comply with the disclosure requirements under the "Code of Best Practice on Consumer Credit and Charging" (see Appendix CM-2).

                Added: October 2012

              • BC-4.3.18

                The above "key terms disclosure" document must be summarised in plain English and Arabic. This document must be signed and dated by the customer(s) in duplicate as having been read and understood, prior to signing a credit agreement. One copy should be retained by the customer and the other must be retained by the retail bank in their customer file.

                Added: October 2012

              • BC-4.3.19

                For credit agreements where a retailer extends credit to purchase goods or services by operating in agreement with retail banks, all conditions of the credit agreement must be disclosed in the credit agreement application and 'key terms disclosure' document, including when interest will begin to accrue, along with information on any indirect charges.

                Added: October 2012

              • BC-4.3.20

                Credit agreements, referred to in Paragraph BC-4.3.19, must be finalised with an employee of the retail bank, whether located at the premises of the retailer or at the premises of the retail bank providing the credit. Interest must in no event be charged before the disbursement of funds.

                Added: October 2012

              • BC-4.3.21

                Retail banks must inform the customers on the nature of their contractual relationship with the retail outlet and the customers' rights arising as a result of this relationship.

                Added: October 2012

              • BC-4.3.22

                In addition to the initial disclosure of key terms noted in Paragraphs BC-4.3.17 to BC-4.3.21, the "key terms disclosure" document must at the time of signing the credit agreement, amongst other things, make clear:

                (a) The detailed breakdown of the payments:
                (i) The principal amount being borrowed, the interest per month and the maturity of the credit agreement;
                (ii) The net amount provided to the customer after deducting or applying any upfront or other charges;
                (iii) The total interest payments and principal repayment for the term of the credit agreement; and
                (iv) The total administration/handling fees and any other fees and charges spread over the term of the credit agreement.
                (b) The APR and the nominal annual rate as defined in Paragraphs BC-4.3.10 and BC-4.3.4(d) respectively;
                (c) Whether the rate of interest is fixed or can be varied, and under what circumstances;
                (d) The basis on which interest is charged (e.g. actual reducing balance) and applied to the account (e.g. monthly or quarterly compounding) and whether principal repayments are taken into account in the calculation, together with an illustration of the calculation method;
                (e) The detailed costs associated with "top-ups" of credit agreements or other alternative arrangements for extending additional credit or early repayments, whether partial or full, of amounts due including the treatment of remaining interest and the payment of premium for insurance;
                (f) Any late payment charges;
                (g) The annual interest rate and credit limit being offered for credit agreements such as credit cards and overdrafts; and
                (h) Any other charges related to the credit agreement not included above.
                Amended: January 2019
                Added: October 2012

              • BC-4.3.23

                Retail banks are free to design the layout and wording to be used in their 'key terms disclosure' document, as they see fit, providing they contain the information specified in Paragraph BC-4.3.22. The CBB will monitor compliance with the spirit as well as the letter of the requirements in this Chapter.

                Added: October 2012

            • Disclosure to Individual Customers: During the Term of the Credit Agreement

              • BC-4.3.24

                Retail banks must, at the time of signing the credit agreement, give the clients information on the payment schedule of the credit agreement, including the breakdown of principal, interest and other charges per month for the whole life of the facility. Information must be given, free of charge, at least on a semi-annual basis, unless the period of debt servicing is shorter or where there exists a prior agreement on a more frequent basis.

                Amended: January 2019
                Added: October 2012

              • BC-4.3.25

                In addition to the requirements under Paragraph BC-4.3.24, when credit is granted through credit cards or overdraft facilities, monthly statements must be provided and include information on minimum payment.

                Added: October 2012

              • BC-4.3.25A

                Retail bank licensees must, when billing their customers, reflect the card transactions without rounding off the amounts in Fils. Retail bank licensees must collaborate with acquirers and Visa/MasterCard network schemes to ensure that there is no rounding off in any transaction irrespective of the currency of the transaction.

                Added: January 2019

            • Variation Disclosures Requirements

              • BC-4.3.26

                Retail banks must disclose to the customer in advance, either collectively or individually, all relevant changes or variations to a credit agreement. The circumstances in which a customer must be provided with variation disclosures are:

                (a) If both the retail bank and customer agree to change the credit agreement; in this case, the customer must be provided in writing with full particulars of the change, at least seven calendar days before it takes effect; and
                (b) If the credit agreement gives the retail bank power to vary fees or charges, the amount or timing of payments, the interest rate or the way interest is calculated, and the retail bank decides to exercise that power, the customer must be provided with full particulars of the change, including an updated schedule of the total interest payments and principal repayment for the remaining term of the credit agreement, at least thirty calendar days prior to the date the change takes effect. Such notice is to enable the customer to decide whether to accept the new terms or terminate the agreement by settling the outstanding credit amount, in accordance with relevant provisions therein, which must have been stated in a clear and understandable manner.
                Added: October 2012

              • BC-4.3.27

                Any increase of the interest rate or the amount of any fee or charge payable under a credit agreement, must be disclosed publicly, by conspicuous notice, at least thirty calendar days prior to the date the change takes effect by:

                (a) Displaying the information prominently at the retail bank's place of business; and
                (b) Posting the information on the retail bank's website.
                Added: October 2012

              • BC-4.3.28

                Any deferral of interest or principal announced by the retail bank must also take account of the APR methodology as shown in Paragraphs BC-4.3.31 to BC-4.3.33, and the new APR must be given to the client or made public in advertisements.

                Added: October 2012

            • Request Disclosure

              • BC-4.3.29

                The retail bank must provide a reply to any request for disclosure within fifteen business days of receiving the request.

                Added: October 2012

              • BC-4.3.30

                Disclosures requested by the customer may include but are not limited to any or all of the following information about a credit agreement:

                (a) The effect of part prepayment on the customer's obligations;
                (b) Full particulars of any changes to the agreement since it was made;
                (c) The amount of any fee payable on part prepayment and how the fee will be calculated;
                (d) The amount required for full prepayment on a specified date and how the amount will be calculated;
                (e) The outstanding credit amount, including any outstanding interest charge (calculated at the date the disclosure statement is prepared);
                (f) The amount of payments made or to be made or the method of calculating the amount of those payments;
                (g) The number of payments made or to be made (if ascertainable);
                (h) How often payments are to be made;
                (i) The total amount of payments to be made under the agreement, if ascertainable; and
                (j) A copy of any disclosure statement that was or should have been provided before the request was made.
                Added: October 2012

              • BC-4.3.31

                The APR must be calculated using the following methodology:

                K=m K'=m'
                Σ   Ak
                (1 + i) tk =  
                Σ   A'k'
                (1 + i) tk'  
                K=1 K'=1
                Added: October 2012

              • BC-4.3.32

                The meaning of letters and symbols used in the above formula are:

                K is the number identifying a particular advance of credit;
                K' is the number identifying a particular instalment;
                Ak is the amount of advance K;
                A'k' is the amount of instalment K;
                Σ represents the sum of all the terms indicated;
                m is the number of advances of credit;
                m' is the total number of instalments;
                tk is the interval, expressed in years between the relevant date and the date of advance K;
                tk' is the interval expressed in years between the relevant date and the date of instalment K';
                i is the APR, expressed as a decimal.
                Added: October 2012

              • BC-4.3.33

                For the purpose of this Chapter, the 'relevant date' is the earliest identifiable date on which the borrower is able to acquire anything which is the subject of the agreement (e.g. delivery of goods), or otherwise the 'relevant date' is the date on which the credit agreement is made.

                Added: October 2012

          • BC-4.4 BC-4.4 Accounts Held for Clubs and Societies in Bahrain [This Section was deleted in January 2013 as requirements are covered under Section FC-1.6]

            • BC-4.4.1

              [This Paragraph was deleted in January 2013].

              Deleted: January 2013

            • BC-4.4.2

              [This Paragraph was deleted in January 2013].

              Deleted: January 2013

            • BC-4.4.3

              [This Paragraph was deleted in January 2013].

              Deleted: January 2013

          • BC-4.5 BC-4.5 Current Accounts

            • BC-4.5.1

              Retail bank licensees levying fees on their low-balance customer current accounts are required by the CBB to apply such fees to average balances when these fall below a prescribed level during a specified period.

              Amended: January 2011
              October 07

            • BC-4.5.2

              In order to prevent incidences of returned cheques due to maintenance of low-balance current accounts, the banks may convert some low-balance and/or inactive current accounts to savings accounts.

              October 07

          • BC-4.6 BC-4.6 Brokerage Fees

            • BC-4.6.1

              The purpose of the contents of this Section is to set out the scale of brokerage fees effective for all banks in Bahrain.

              October 07

            • BC-4.6.2

              The scale of fees is the result of discussion and consultation between The Bankers' Society and the Bahrain Money Brokers.

              October 07

            • BC-4.6.3

              For the list of brokerage fees, see Appendix BC-6.

              October 07

          • BC-4.7 BC-4.7 Notification to the CBB on Introduction of New or Changes to Customer Products and Facilities

            • BC-4.7.1

              [This Paragraph was deleted in October 2016.]

              Deleted: October 2016
              Amended: October 2012
              Amended: January 2011
              October 07

            • BC-4.7.2

              All retail banks licensed by the CBB are required to notify the CBB before the introduction of any new products or services or any changes in existing product/service. The CBB will respond to the concerned bank within one week of receipt of the notification if it has any observations on the new application.

              Amended: October 2016
              Amended: January 2011
              October 07

            • BC-4.7.2A

              The reference to changes to customer products refers to the structure, features, risk profile in terms and conditions in existing product/service refers to changes that will have an additional financial cost to the customers.

              Added: October 2016

            • BC-4.7.3

              [This Paragraph was deleted in October 2011].

              Deleted: October 2011
              Amended: April 2011
              Amended: January 2011
              October 07

          • BC-4.8 BC-4.8 Dealing with Inheritance Claims

            • BC-4.8.1

              Licensees must ensure that no transfer of legal ownership of financial assets is made until they have sight of documentation (which must be duly copied for their records) from the Ministry of Justice and Islamic Affairs confirming the entitlement of a person or persons to inherit from the deceased. Such documentation must be complied with precisely. Particular care must be taken where minors (children) or other people lacking full legal capacity are named as inheritors.

              Amended: October 2012
              Amended: October 2011
              Amended: January 2011
              October 07

            • BC-4.8.2

              Without prejudice to Paragraph BC-4.8.1, financial assets may be distributed to the order of an individual provided that individual is named in a mandate, duly certified by the Ministry of Justice and Islamic Affairs, as having the permission to act on behalf of all of the inheritors.

              Amended: October 2012
              Amended: October 2011
              Amended: January 2011
              October 07

          • BC-4.9 BC-4.9 Compliance with the Code of Best Practice on Consumer Credit and Charging

            • BC-4.9.1

              Conventional bank licensees must comply with the Code of Best Practice on Consumer Credit and Charging as attached in Appendix CM-2 and the Investment Business Code of Practice requirements in this Chapter throughout the lifetime of their relationship with a customer.

              Adopted: April 2008

            • BC-4.9.2

              Conventional bank licensees must take responsibility for compliance with the above requirements by all persons carrying out regulated banking services on their behalf. Conventional bank licensees must put in place appropriate measures across all their business operations and distribution channels to ensure compliance with the requirements of the Code of Best Practice on Consumer Credit and Charging where relevant.

              Adopted: April 2008

          • BC-4.10 BC-4.10 Transaction Advice

            • BC-4.10.1

              All retail banks must provide at no charge, a transaction advice service for its customers (natural persons). This service information must be communicated through short message service (SMS) on all types of withdrawals/deductions from customer's account and any credit and pre-paid card transaction, including, but not limited to:

              (a) ATM withdrawals;
              (b) Internal and external transfers from the customer's account/credit and pre-paid cards;
              (c) Withdrawals through a bank counter;
              (d) Point of sale (POS) transactions;
              (e) Any withdrawals and payments from the customer's account and credit and pre-paid-cards through mobile, internet or other electronic means;
              (f) Any repayment of outstanding credit card balances; and
              (g) Any other withdrawals or deductions from the customer's account and credit and pre-paid cards.
              Amended: October 2016
              October 2011

            • BC-4.10.2

              [Deleted in October 2016 as per EDBS/KH/34/2016 letter dated 28th July 2016].

              Deleted: October 2016
              October 2011

          • BC-4.11 BC-4.11 Donations to NGO Accounts

            • BC-4.11.1

              All retail banks must waive any administrative fees when transferring donated funds from the donor accounts to the accounts of NGOs registered with the Ministry of Social Development (MoSD), provided that a valid funds collection license is presented to the bank by the concerned NGO.

              Added: April 2014

            • BC-4.11.2

              All retail banks must refrain from transferring any funds, collected by way of donations or fund raising, to the account of any society or club where the NGO has not submitted a valid written fund collection license to the bank, as required under Paragraph BC-4.11.1.

              Added: April 2014

            • BC-4.11.3

              Banks must notify the CBB in instances where donated funds have been received and no valid license was submitted. The CBB will then inform the MoSD accordingly.

              Added: April 2014

            • BC-4.11.4

              NGOs, including societies and clubs, registered with the MoSD, and having fund collection licenses, are listed in the NGOs fund collection directory, available on the website of the MoSD.

              Added: April 2014

            • BC-4.11.5

              NGOs registered with the MoSD and holding a fund collection license must present such license to the concerned banks in order for the related administration fee to be waived.

              Added: April 2014

            • BC-4.11.6

              Administration fees will be waived by the banks only for the period of the validity of the funds collection license.

              Added: April 2014

          • BC-4.12 BC-4.12 Credit Check Reports

            • BC-4.12.1

              Where a pensioner has been requested to produce a credit report by the Social Insurance Organization (SIO) to establish his/her credit standing, conventional retail bank licensees must not levy any administrative charges.

              Added: October 2015

          • BC-4.13 BC-4.13 Fees and Charges for Services Provided to Individuals

            • BC-4.13.1

              Retail bank licensees must comply with the caps on fees and charges for standard services provided to individuals effective from 1st May 2018 as per the table in Appendix BC-7 in Part B of the CBB Rulebook Volume 1.

              Added: April 2018

            • BC-4.13.2

              Fees and charges on withdrawals done through bank counters for amounts below the ATM withdrawal limits must be waived for all of the following customers:

              (a) Orphans;
              (b) Widows;
              (c) Pensioners;
              (d) Individuals receiving social subsidies from Ministry of Labor and Social Affairs;
              (e) Students; and
              (f) Bahraini nationals with a monthly salary below BD 250.
              Added: January 2019

          • BC-4.14 BC-4.14 Fees and Charges for Services Provided to Companies Under Formation

            • BC-4.14.1

              Retail bank licensees may charge companies under formation a fee capped at BD 10 for the issuance of letter of confirmation of capital maintained with the bank regardless of the capital amount deposited and maintained.

              Added: October 2018

            • BC-4.14.2

              Retail bank licensees must not charge any setup fees for opening bank accounts for companies under formation.

              Added: October 2018

          • BC-4.15 BC-4.15 Interest on Credit Card Transactions

            • BC-4.15.1

              Conventional retail bank licensees must comply with the following requirements with regards to charging interest on credit card statement dues:

              (a) Interest must not be charged if the customer pays the full amount billed and due before or on the due date specified in the monthly credit card statement except for cash withdrawal transactions;
              (b) Interest must not be charged on partial payments made by the customer on or before the due date specified in the monthly credit card statement against credit card amount billed and due;
              (c) Interest on cash withdrawal transactions must be computed from the date of the transaction ("transaction date");
              (d) Interest on credit card amounts billed but unpaid on or before the due date must be computed from the posting date of the transaction; and
              (e) Interest must not be charged on outstanding interest amounts, fees and charges due from the customer.
              Added: July 2019

            • BC-4.15.2

              For the purpose of charging interest on credit card dues, conventional retail bank licensees must only calculate interest charges using 365-days a year basis.

              Added: July 2019

          • BC-4.16 BC-4.16 Interest on Credit Facilities

            • BC-4.16.1

              Conventional retail bank licensees must not charge interest on credit facilities using a 'monthly flat rate'; they must instead use an effective interest rate based on a reducing balance method.

              Added: October 2019

          • BC-4.17 BC-4.17 Blocking Customer Accounts

            • BC-4.17.1

              Conventional retail bank licensees must not block the accounts of a customer (who has a financing arrangement with it) due to customer’s termination from his or her employment or retirement regardless of the bank’s contractual rights to take such action. Banks instead must agree on other arrangements with the customer for the repayment of the financing.

              Added: April 2020

          • BC-4.18 BC-4.18 Fund Transfers by Customers of Payment Service Providers (PSP)

            • BC-4.18.1

              Conventional bank licensees that act as acquirers or payment gateways for PSPs, must not charge more than 100 fils in line with the Electronic Fund Transfer System (EFTS) requirements to the customers of PSPs for normal fund transfers made electronically.

              Added: October 2020

          • BC-4.19 BC-4.19 Merchant Fees on Payments to Zakat and Charity Fund

            • BC-4.19.1

              Conventional bank licensees must exempt the Zakat and Charity Fund (“the Fund”) of the Ministry of Justice, Islamic Affairs and Awqaf from merchant fees for payments made to the Fund.

              Added: April 2021

          • BC-4.20 BC-4.20 Dormant Accounts and Unclaimed Balances

            • BC-4.20.1

              This section sets out the requirements relating to dormant accounts which represents customer accounts including current, call, savings or fixed deposits which turn dormant due to inactivity or no claim or renewal request being made and unclaimed balances relating to various negotiable instruments such as manager cheques, amounts remaining unpaid to customers relating to their investments or amounts remaining unclaimed for other reasons such as cash not dispensed from ATMs etc.

               

              Added: January 2022

            • BC-4.20.2

              Conventional retail bank licensees must establish policies and procedures to deal with dormant accounts and unclaimed balances which must include measures to contact the customer concerned, activation of the accounts where appropriate, return of the moneys to the customer and control measures to prevent frauds and misuse of such accounts.

               

              Added: January 2022

            • Dormant Accounts Treatment

              • BC-4.20.3

                Conventional retail bank licensees must treat customer accounts as dormant accounts in the following cases:

                (a) Current and call accounts, where there have been no transactions initiated by the customer by for a period of 12 months; or
                (b) Saving accounts of any type, where there have been no transactions for a period of 24 months; or
                (c) Fixed deposit accounts where there has been no claim or renewal request for a period of 6 months from the maturity date.

                 

                Added: January 2022

              • BC-4.20.4

                For the purpose of Paragraph BC-4.20.3 (b), savings certificates with no expected withdrawals and deposit should not be considered as “dormant” unless the licensee has become aware of non-traceability of the customer and there is evidence for the same.

                 

                Added: January 2022

              • BC-4.20.5

                Conventional retail bank licensees must not treat a customer account as dormant if any one or more of the following criteria are met:

                a) The customer has other accounts, of any nature, with the licensee in respect of which there are active transactions initiated by the account holder;
                b) The account is blocked under the requirements of a relevant competent authority; or
                c) The account is subject to litigations or constraints from other regulatory authorities or the customer is deceased.

                 

                Added: January 2022

              • BC-4.20.6

                Notwithstanding the requirement under BC-4.20.5, conventional retail bank licensees must notify the customer by mail, e-mail or other communication channel, when any of his accounts becomes inactive.

                 

                Added: January 2022

              • BC-4.20.7

                Conventional retail bank licensees must ensure that no withdrawal or transfer or inward clearing cheque is permitted from dormant accounts unless the activation procedures set out in this section are complied with.

                Amended: July 2022
                Added: January 2022

              • BC-4.20.8

                Conventional retail bank licensees must comply with the following additional requirements in transactions relating to dormant accounts:

                (a) Allow electronic and manual transfers to the account;
                (b) Accrue interest in respect of interest-bearing accounts at the prevailing rates depending on the terms of the contract between the bank and the customer;
                (c) Ensure only fees or expenses permitted by CBB is charged, provided, however, that no fee is charged when the account balances become zero;
                (d) Ensure that an account is closed within six months from the date the account becomes dormant and its balance becomes zero following which, a closure notification is sent to the customer by mail, e-mail or other communication channel;
                (e) Make attempts to periodically contact the customer through different communication means and such attempts must be documented;
                (f) Ensure that the movements in dormant accounts are monitored to ensure that such accounts are not being used for money laundering or fraudulent purposes by internal or external parties;
                (g) Licensees must ensure that any movement in dormant accounts is subject to principles of “four-eyes” or “maker and checker” involving at least one authorised signatory of the licensee; and
                (h) Ensure that changes in respect of the dormant accounts, including movement in balances, change of customer contact details, status etc. are subject to internal audit every six months.

                 

                Added: January 2022

              • BC-4.20.9

                Conventional retail bank licensees must ensure that the terms and conditions of deposit agreements include provisions relevant to Subparagraphs BC-4.20.8 (a) and (d) above.

                 

                Added: January 2022

            • Activation of Dormant Accounts

              • BC-4.20.10

                To activate a dormant account, conventional retail bank licensees must ensure the following:

                (a) The customer provides the licensee with a written or electronic request to activate the account stating the reasons for dormancy of the account;
                (b) The customer submits updated KYC information;
                (c) Activation of the account is subject to principles of “four-eyes” or “maker and checker”/ dual authority checks involving at least one authorised signatory of the licensee; and
                (d) In case of a joint account, the request for activation of the dormant account is signed by the joint accountholders authorised to operate the account unless a valid power of attorney is given.

                 

                Added: January 2022

              • BC-4.20.11

                In case of requests for activation of a dormant account through electronic channels using digital signature, the conventional retail bank licensee must check the authenticity of the request and related information, for example, through telephone or video calls, email or other measures to satisfy itself about the authenticity.

                 

                Added: January 2022

            • Unclaimed Balances

              • BC-4.20.12

                Conventional retail bank licensees must treat the following balances that remain unpaid due to operational or other reasons as unclaimed balances:

                (a) Unclaimed balances relating to manager cheques, demand drafts, or cashier cheques which have not been presented /claimed during their validity periods;
                (b) Positive credit card balances relating to credit cards not used for a period of 1 year or more;
                (c) Unclaimed cash due to failed ATM/POS or electronic transactions for a period of 1 month or more;
                (d) Dividends that remained unpaid by non-listed conventional retail bank licensees for a period of 1 year or more; and
                (e) Unclaimed balances relating to investments, including undistributed profits and accrued profit/interest for a period of 1 year or more.

                 

                Added: January 2022

              • BC-4.20.13

                For purposes of Subparagraph BC-4.20.12 (d), listed companies must follow the guidelines stipulated in Bahrain Bourse Resolution of year 2020, mandating the transfer of unclaimed cash dividends into the Unclaimed Cash Dividends Fund account maintained by Bahrain Clear.

                 

                Added: January 2022

              • BC-4.20.14

                Conventional retail bank licensees must make attempts to periodically contact the relevant customers or the rightful parties to return the unclaimed balances through different communication means. The licensee must maintain documentary evidence of such attempts.

                 

                Added: January 2022

            • Reporting

              • BC-4.20.15

                Conventional retail bank licensees must report the particulars of dormant accounts and unclaimed balances in the relevant section of the Prudential Information Return ('Form PIR').

                 

                Added: January 2022

            • Prohibition of Transfer of Balances

              • BC-4.20.16

                Conventional retail bank licensees must not transfer any of the balances in dormant accounts or unclaimed balances to their income statements.

                 

                Added: January 2022

          • BC-4.21 Insurance Cover on Loans

            • BC-4.21.1

              The requirements in this Section apply to conventional retail bank licensees which seek life or other insurance cover in respect of loans to a borrower. These requirements are effective from 1st April 2024, i.e. all credit exposures that mature or are repaid/prepaid in full on or after 1st April 2024 must be subject to the requirements in this Section.

              Added: January 2024

              • BC-4.21.2

                Conventional retail bank licensees using insurance cover as risk mitigant for its loans to individuals must comply with the following requirements:

                (a) Credit policies must specify whether the licensee will bear the cost of insurance cover or if it will recover the cost from the customer;
                (b) If a customer wishes to buy his own insurance cover, the licensee must not refuse to accept assignment of such policy, however, the licensee may require the customer to ensure that the insurance policy terms, duration and features match its requirements;
                (c) If insurance is arranged by the licensee for its customer, the cost recovered from the customer must be the actual cost paid by the licensee to the insurance provider;
                (d) The insurance cost recovered from the customer, in the case of group insurance cover, must not exceed the proportionate aggregate cost payable to the insurance company attributable to the credit facility. Licensees must, on an annual basis, evaluate the insurance costs, which must be based on the actual insurance premiums levied by the insurer for the purpose of determining the insurance cost to be recovered for new facilities. At maturity of loans or at the point of early repayment, the licensee must refund any excess insurance cost amount collected;
                (e) Licensee must not receive any commission, referral fees or any other fees from the insurance provider and/or receive any commission from the borrower;

                (f) Full disclosure with respect to the insurance arrangement (whether individual or group insurance cover), must be made to the customer prior to signing the loan agreement regarding:

                (i) The terms of the insurance coverage and name of the insurance provider;
                (ii) Benefits and exclusions;
                (iii) Need for medical examinations, underlying illnesses not covered and the implications of health conditions on the insurance cost or the insurance claim;
                (iv) Payment method for the insurance cost (i.e. one time upfront payment or addition to loan amount and recovered as part of repayment instalments);
                (v) The insurance premium rate currently applicable and
                (vi) The basis and method of calculation of the insurance cost at the time of granting of the loan;
                (vii) Refund/adjustment of insurance cost in the case of early repayment/ pre-payments and top-ups;

                (g) Customers must be informed in writing if:

                (i) There is a change in the insurance provider in the case of individual insurance cover;
                (ii) There is a possibility of additional costs to be recovered or refunds in case of upfront payments due to changes in insurance premium rates; and
                (iii) Additional insurance costs would be recovered from the customer if loan repayment instalments are not paid on time; and
                (h) The statements of account must clearly show the insurance cost as a separate item where applicable.
                Added: January 2024

              • BC-4.21.3

                If licensees decide to restructure the loan but cannot obtain insurance coverage due to the customer's age or due to a ‘retiree’ status, they must inform the customer in writing about the unavailability of insurance for the extended loan period. In such cases, the licensee must not demand full repayment of loan by the customer due to the customer’s age.

                Added: January 2024

              • BC-4.21.4

                Licensees’ credit policy must specify, at a minimum, the following:

                (a) Disclosures to be made to customers prior to signing of the loan agreement;
                (b) Age limits, if any, that apply for insurance cover as per the licensee’s arrangements with the insurer and the options available to customers not meeting the age limits;
                (c) Measures or implications of default or extension of tenor for any reason, particularly for loans which have an expiry date falling in a higher age bracket at the time of grant of the loan; and
                (d) Any additional terms that apply to customers who fall within the higher age bracket.
                Added: January 2024

              • BC-4.21.5

                Licensees’ credit policy must also specify its approach with regard to lending and the corresponding insurance coverage implications for customers who fall within higher age groups (to be defined by the licensee) and those who have retired from employment or will retire during the tenor of the loan.

                Added: January 2024

              • BC-4.21.6

                For the purposes of BC-4.21.5, extension of loans to individuals who are beyond the retirement age should take into account, in addition to other factors, the increases in life expectancy in Bahrain and the general trend in loss ratios. For this purpose, licensees should agree with their insurer the terms, conditions and procedures in order to meet the needs of individuals above the insurable age of the group loan portfolio and consider measures to be taken in the case of exceptional scenarios such as a customer in the higher age group needing to restructure a facility.

                Added: January 2024

              • BC-4.21.7

                Licensees using group insurance cover must perform a due diligence of the insurance provider at periodic intervals to ensure optimum benefits are obtained for their customers. The due diligence must also involve assessment of various insurance plans and loss ratios.

                Added: January 2024

              • BC-4.21.8

                If the insurance provider is a related party of the licensee, the insurance cost must not be higher than the market quotes for similar insurance cover.

                Added: January 2024

        • BC-5 BC-5 Dishonoured Cheques

          • BC-5.1 BC-5.1 Penalty System for Dishonoured Cheques

            • BC-5.1.1

              The purpose of the contents of this Section is to set out Rules relating to the system of penalising any person, whether natural or corporate in form, (referred to as a 'customer' in this Chapter) whose cheque is:

              (a) Presented for payment, but is returned due to insufficient funds being available on his current account, where,
              (b) In the opinion of the bank on whom the cheque is drawn, such cheque has been issued by the customer in bad faith.
              Cheques falling within this system are referred to as 'dishonoured cheques'. Due regard must be given by retail banks to the general provisions of Bahrain Law regarding joint accounts, partnership accounts and accounts in the name of corporate entities, as well as to the customer mandate in each case, to determine how such accounts may be dealt with for purposes of the Rules in this Chapter.
              Amended: October 2012
              Amended: January 2011
              October 07

            • Procedures to be Followed

              • BC-5.1.2

                On each occasion that a retail bank becomes aware of a dishonoured cheque of one of its customers, that bank will send a written warning to the relevant customer informing him/her of the existence of the dishonoured cheque, requesting him/her to immediately make good the insufficiency in his current account in order to clear the cheque. This written warning will also inform the customer of the provisions of this system with regard to dishonoured cheques and abusers of cheques.

                Amended: October 2012
                October 07

              • BC-5.1.3

                On the first working day of each calendar month, each retail bank must provide to the CBB a list of the names, supported with I.D. numbers (CPR or CR numbers (as applicable) for Bahrain residents, Passport or CR-equivalent numbers (as applicable) for non-Bahrain residents) of those customers to whom one (or more) written warning(s) has been sent in accordance with Paragraph BC-5.1.2 above during the immediately preceding calendar month. This list should specify the number of written warnings relating to dishonoured cheques for each customer of the relevant retail bank for the month in question and shall be in the form set out in Appendix BC-1. Retail banks will be responsible for ensuring the accuracy of all details on their respective lists.

                Amended: October 2012
                Amended: January 2011
                October 07

              • BC-5.1.4

                Using the lists referred to in Paragraph BC-5.1.3 above, the CBB will prepare a further list (the 'Control List') of those customers to whom two or more written warnings were sent by any one or more retail bank licensees at any time within a maximum period of three consecutive calendar months. The Control List, which will be in the form set out in Appendix BC-2, will specify the name and I.D. numbers of each such customer, the total number of dishonoured cheques for that customer included in the lists referred to in Paragraph BC-5.1.3 above, the name of the relevant bank(s) on whose list(s) the customer's name has been included, and other relevant details for banks' information and checking in accordance with Paragraph BC-5.1.5 below. Any customer to whom more than two written warnings relating to dishonoured cheques were sent by any one or more retail bank licensees at any time within a maximum period of three consecutive calendar months will be automatically deemed an abuser of cheques for the purposes of Paragraph BC-5.1.7 below.

                Amended: October 2012
                Amended: January 2011
                October 07

              • BC-5.1.5

                On the second working day of each calendar month, the CBB will circulate a draft copy of the Control List to all retail bank licensees. Banks will be requested to check the accuracy of the Control List by reference to the information they have sent to the CBB in accordance with Paragraph BC-5.1.3 above, and to notify the CBB within a maximum period of one week of receiving the list of any inaccuracies on the Control List. The Control List, as amended if appropriate, will be circulated to retail bank licensees by the CBB on the second working day after it receives all responses from concerned banks. Retail bank licensees will be required to monitor the customers on this Control List to establish whether any one or more of them issued another dishonoured cheque in the instant calendar month. Any bank becoming aware of a dishonoured cheque of one or more of its customers on the Control List during this month should notify the CBB of this fact, using the relevant section in Appendix BC-1, on the first working day of each calendar month.

                Amended: January 2011
                October 07

              • BC-5.1.6

                If the CBB does not receive any notification as contemplated in Paragraph BC-5.1.5 above for a particular customer on the Control List, that customer's name shall be withdrawn from the next issue of the Control List. However, the CBB will monitor the names of customers appearing on the Control List during the three consecutive calendar months falling immediately after the calendar month in which a customer's name is taken off the Control List. If any such customer's name is again reported to the CBB pursuant to Paragraph BC-5.1.3 above at any time during this three-month period,

                (a) His name will be returned to the Control List on the date of its next issue if there is only one dishonoured cheque reported in this context; or
                (b) He will be automatically deemed an abuser of cheques for the purposes of Paragraph BC-5.1.7 below if there is more than one dishonoured cheque reported in this context.
                If, however, his name is not reported to the CBB in this regard, the CBB will cease its monitoring thereof.
                Amended: January 2011
                October 07

              • BC-5.1.7

                If the CBB does receive notification as contemplated in Paragraph BC-5.1.5 above for a particular customer on the Control List, or if a customer is deemed to be an abuser of cheques within Paragraph BC-5.1.4 or Paragraph BC-5.1.6 above, such customer (herein referred to as an 'abuser of cheques') will be penalised as follows. Using Appendix BC-3, on the second working day of the calendar month following the receipt of the information referred to above, the CBB will circulate a draft list to all retail bank licensees. Banks will be requested to check the accuracy of this list by reference to the information they have sent to the CBB in accordance with Paragraph BC-5.1.5 above, and to notify the CBB within a maximum period of one week of receiving the list of any inaccuracies on that list. The list, as amended if appropriate, will be circulated to retail bank licensees by the CBB on the second working day after it receives all responses from banks, and will direct the bank(s) which has/have reported an abuser of cheques to withdraw all cheque books held by that abuser of cheques, and to close such person's current account(s) by transferring any balances therein to saving and/or any other accounts held with that/those bank(s). Furthermore, that bank(s) must not provide current account facilities to that abuser of cheques for the twelve calendar month period immediately following the date of issue of the relevant list. All other banks should, within a maximum period of one month after the issue of the relevant list, also withdraw current account facilities from that abuser of cheques for the same twelve calendar month period. Retail bank licensees will be entitled to recover any amounts due to them from abusers of cheques as a result of compliance with this system by availing of their set-off rights under Bahrain Law.

                Amended: January 2011
                October 07

              • BC-5.1.8

                On Appendix BC-4, the CBB will notify retail bank licensees of those abusers of cheques in respect of whom the twelve calendar month period referred to in Paragraph BC-5.1.7 above has ended, and to whom banks may reinstate/offer current account facilities at their discretion.

                Amended: January 2011
                October 07

              • BC-5.1.9

                Nothing in this Directive shall prejudice the rights of banks against customers otherwise existing under Bahrain Law and/or under any particular bank/customer agreement. Furthermore, retail bank licensees will be entitled to the same immunity from prosecution as the CBB for any harm suffered, or alleged to be suffered, by customers as a result of banks complying with the Rules in this Chapter.

                Amended: October 2012
                Amended: January 2011
                October 07

              • BC-5.1.10

                The Rules may be amended, in whole or in part, from time to time by the CBB. In addition, the CBB may, at its discretion and as it so deems appropriate, issue specific directions to all or any retail bank licensees regarding abusers of cheques or any particular abuser of cheques.

                Amended: October 2012
                Amended: January 2011
                October 07

          • BC-5.2 BC-5.2 General Guidance on Administration of Dishonoured Cheques

            • BC-5.2.1

              Retail bank licensees that wish to issue cheque guarantee cards for an amount not exceeding BD 200 may do so, subject to informing the Director of Banking Services at the CBB of their intention and the arrangements governing the issue of such cards.

              Amended: January 2011
              October 07

            • BC-5.2.2

              Retail bank licensees, generally, should take steps to extend their administrative supervision and control over current account customers (in particular those who are in repeated breach of normally-accepted behaviour), and to stress to account holders the need for an appropriate level of discipline in the usage of cheques.

              October 07

            • BC-5.2.3

              Retail bank licensees should exercise greater vigilance over borrowers, especially in the area of consumer finance, where such borrowers maintain their current accounts at a bank or banks other than at the lending bank.

              October 07

            • BC-5.2.4

              The CBB will monitor the incidence of returned cheques on a monthly basis (as stipulated in Section BC-5.1) in order to determine the extent to which such incidence is being reduced or otherwise.

              Amended: January 2011
              October 07

          • BC-5.3 BC-5.3 Penalty Charges on Dishonoured Cheques

            • BC-5.3.1

              The CBB will impose penalty charges of BD 7 on each returned cheque for the reasons of 'Insufficient Funds', 'Refer to Drawer', 'Not Arranged For', 'Present the cheque again', and 'Account Closed'. Individual banks will continue to be informed daily of any charges accruing to their accounts. The respective accounts will be debited on the same day.

              Amended: July 2017
              Amended: October 2013
              Amended: January 2011
              October 07

            • BC-5.3.2

              [This paragraph was deleted in April 2018].

              Deleted: April 2018
              Amended: October 2013
              October 07

        • BC-5A BC-5A Return Policy — Post-Dated Cheques

          • BC-5A.1 BC-5A.1 Return Policy — Post-Dated Cheques

            • BC-5A.1.1

              When a customer fully repays his/her credit outstanding amount in full or settles in part pursuant to a settlement agreement, the subject retail bank licensee must immediately return all holding of the customer's post-dated cheques taken as collateral or destroy such cheques and inform the customer in writing.

              Added: January 2017

        • BC-6 BC-6 Automated Teller Machines (ATM)

          • BC-6.1 BC-6.1 [This Section was deleted in October 2019].

            • BC-6.1.1

              [This Paragraph was deleted in October 2019].

              Deleted: October 2019
              October 07

            • BC-6.1.2

              [This Paragraph was deleted in October 2019].

              Deleted: October 2019
              Amended: October 2012
              Amended: January 2011
              October 07

            • General Criteria

              • BC-6.1.3

                [This Paragraph was deleted in October 2019].

                Deleted: October 2019
                Amended: January 2011
                October 07

              • BC-6.1.4

                [This Paragraph was deleted in October 2019].

                Deleted: October 2019
                Amended: January 2011
                October 07

              • BC-6.1.5

                [This Paragraph was deleted in October 2019].

                Deleted: October 2019
                October 07

              • BC-6.1.6

                [This Paragraph was deleted in October 2019].

                Deleted: October 2019
                Amended: July 2016
                Amended: April 2012
                Amended: January 2011
                October 07

              • BC-6.1.7

                [This Paragraph was deleted in October 2019].

                Deleted: October 2019
                Amended: January 2011
                October 07

              • BC-6.1.8

                [This Paragraph was deleted in October 2019].

                Deleted: October 2019
                Amended: January 2011
                October 07

              • BC-6.1.9

                [This Paragraph was deleted in October 2019].

                Deleted: October 2019
                Amended: January 2011
                October 07

              • BC-6.1.10

                [This Paragraph was deleted in October 2019].

                Deleted: October 2019
                Amended: April 2012
                Amended: January 2011
                October 07

              • BC-6.1.11

                [This Paragraph was deleted in October 2019].

                Deleted: October 2019
                Added: April 2012

          • BC-6.2 BC-6.2 GCC ATM Network Charges [This Section was deleted in April 2018]

            • BC-6.2.1

              [This paragraph was deleted in April 2018].

              Deleted: April 2018
              October 07

            • BC-6.2.2

              [This paragraph was deleted in April 2018].

              Deleted: April 2018
              October 07

            • BC-6.2.3

              [This paragraph was deleted in April 2018].

              Deleted: April 2018
              Amended: January 2011
              October 07

          • BC-6.3 BC-6.3 Local ATM Network Charges [This Section was deleted in April 2018]

            • BC-6.3.1

              [This paragraph was deleted in April 2018].

              Deleted: April 2018
              Amended: April 2016
              Added: January 2014

            • BC-6.3.2

              [This Paragraph was deleted in April 2016.]

              Deleted: April 2016
              Added: January 2014

            • BC-6.3.3

              [This Paragraph was deleted in April 2016.]

              Deleted: April 2016
              Added: January 2014

        • BC-7 BC-7 Margin Trading System

          • BC-7.1 BC-7.1 Introduction

            • BC-7.1.1

              This Chapter applies to all full commercial banks in Bahrain.

              October 07

            • BC-7.1.2

              Investors purchasing securities listed on any licensed exchange may pay for them under the Margin Trading System ("The System") by borrowing a portion of the purchase price from a participating bank. The System is subject to relevant provisions of the CBB Law, the Rulebook of the licensed exchange, any rules and regulations issued pursuant to such Law, Rulebook and this Module. The System applies to equities in companies listed on any licensed exchange. Unless restrictions apply under Bahrain law in this regard, the System shall be available to Bahraini or non-Bahraini investors, whether resident or non-resident in Bahrain.

              Amended: January 2011
              October 07

            • BC-7.1.3

              The main objective of introducing the System is to enhance the overall activity on any licensed exchange, allowing investors to leverage their investments, in a controlled manner.

              Amended: January 2011
              October 07

            • General Criteria

              • BC-7.1.4

                Only retail bank licensees will be permitted to act as participating banks for the System. Participating banks must each receive the prior general written approval of the CBB in order to take part in the System. The CBB will notify the licensed exchange of the identity of participating banks for the System. The CBB's approval may be withdrawn at its discretion.

                Amended: January 2011
                October 07

              • BC-7.1.5

                SRO members who are not retail banks will not be permitted to act as lenders or financiers for the System.

                Amended: January 2011
                October 07

          • BC-7.2 BC-7.2 Limits and Trading Rules

            • BC-7.2.1

              An investor may, through his relationship with any participating bank under the System, invest in securities made up by way of the investor's own initial margin and by way of financing from the relevant participating bank to that investor.

              Amended July 09
              October 07

            • BC-7.2.2

              Such financing referred to in Paragraph BC-7.2.1 is subject to the limit on margin percentage given in Paragraph BC-7.2.10.

              Amended: January 2011
              Amended July 09
              October 07

            • BC-7.2.3

              The amount of the margin facility made to an investor under the System shall be included as an exposure to that customer, and contribute towards the large exposures limit and the consumer finance limit for that person.

              October 07

            • BC-7.2.4

              The total amount of financing granted by an individual participating bank to all investors under the System shall not, at any time exceed 15% of that participating bank's capital base, such percentage to be reviewed by the CBB at its discretion from time to time.

              October 07

            • BC-7.2.5

              The CBB will require participating banks to inform the Credit Reference Bureau ('CRB') of all facility limits approved to investors under the System from time to time. Participating banks must check with the CRB on the amount of facility limits outstanding under the System at any time to a particular investor.

              Amended: July 2016
              Amended: January 2011
              October 07

            • SRO Members

              • BC-7.2.6

                Only licensed SRO members who meet the requirements to participate in the System and are authorised as such by the licensed exhange and the CBB will be permitted to act as brokers for the System.

                Amended: January 2011
                October 07

            • Documentation

              • BC-7.2.7

                Only standard-form documents (application forms and agreements) will be used for the System. Standard-form agreements, drafted and approved in advance by the licensed exchange, will be entered into between the participating bank and the investor (in respect of financing), and between the participating bank and the investor and the SRO member (in respect of trading) and, as relevant, these agreements shall (amongst other things) confirm that:

                (a) The investor is borrowing or financing a stated amount from the participating bank for the purpose of taking part in the System;
                (b) The investor will repay such stated amount, together with any interest or charges thereon, when due and in accordance with the agreement;
                (c) The investor understands the risks involved in margin trading as well as the implications of the undertakings given by him;
                (d) The participating bank can sell the securities bought through the System if the relevant margin is called and not met, without further formalities being required;
                (e) The SRO member is liable for marking the securities to market on a daily (or more frequent) basis and for keeping the participating bank updated as to the participating bank's exposure to the investor;
                (f) The investor can place orders with the broker for the purchase of securities up to the limit permitted by the agreement;
                (g) Each party to the agreement in question shall abide by the duty of confidentiality imposed on him in relation to the matters set out in the agreement; and
                (h) There is an overriding obligation on the parties thereto to comply with Bahrain law in general and, in particular, with the share-ownership restrictions applying to certain types of securities.
                Amended: January 2011
                October 07

            • Owner of the Securities bought Using the System

              • BC-7.2.8

                For ease of transfer and sale of the securities in the event that a margin is called by the participating bank but not met by the investor, the securities will be registered in the participating bank's name (for the account of the investor) and held by a custodian.

                Amended: January 2011
                October 07

              • BC-7.2.9

                Under Paragraph BC-7.2.8 above; (a) the securities should not be considered as part of the bank's own assets for the purposes of determining ownership/control under Bahrain law, and (b) if the investor has discharged his obligations to the participating bank under the System and the securities have not been sold, the securities shall be transferred into the legal ownership of the investor.

                Amended: January 2011
                October 07

            • Margin Percentage

              • BC-7.2.10

                For equities listed on any licensed exchange, an investor shall have the right to borrow a loan the value of which shall not exceed 50% of the total value of the funds being invested (i.e. 1:1). The CBB and the licensed exchange shall coordinate in making any change to the margin percentages set for the System.

                Amended: April 2011
                Amended: January 2011
                October 07

            • Margin Call Top-up

              • BC-7.2.11

                The margin call top-up shall be 30% of the total value of the funds invested by an investor through a margin account with a participating bank. An investor shall settle a margin call on the settlement date (as determined by the BSE) by making a cash payment of such amount to the participating bank. Such cash payment may, at the investor's discretion and in whole or part, come from the sale of the securities bought through the System, or otherwise. Failure to meet such margin call will, however, give the participating bank the right to sell the securities bought through the System.

                Amended: January 2011
                October 07

            • Margin Interest

              • BC-7.2.12

                The participating bank shall charge a rate of interest or impose charges on the financing amount granted to the investor at a rate or on a basis to be determined by the participating bank. In the event that investor's margin account is in credit in excess of the margin applicable thereto, interest or profit shall be paid on the excess at a rate to be determined by the participating bank.

                October 07

        • BC-8 BC-8 Investment Business Activities

          • BC-8.1 BC-8.1 Scope of Application in Relation to Customer Categories

            • BC-8.1.1

              This Chapter provides for two categories of customers, and applies different levels of protection to each, depending on their level of sophistication.

              Added: April 2008

            • BC-8.1.2

              The scope of application of this Chapter BC-8 with regards to customer categories is as follows:

              Section Subject Matter Customer Category
              BC-8.3 Overarching Principles All categories.
              BC-8.4 Customer Classification All categories.
              BC-8.5 Marketing and Promotion All categories; BC-8.5.3 and BC-8.5.4 apply to retail customers only.
              BC-8.6 Accepting Customers Retail customers only.
              BC-8.7 Suitability Retail customers only.
              BC-8.8 Disclosure of Information All categories; BC-8.8.5 to BC-8.8.12 apply to retail customers only.
              BC-8.9 Dealing and Managing All categories; various Rules apply to retail customers only.
              BC-8.10 Reporting to Customers All categories.
              BC-8.11 Complaints All categories.
              BC-8.12 Conflicts of Interest All categories.
              BC-8.13 Appendix All categories; various Paragraphs apply to retail customers only.


              Added: April 2008

            • Overseas Branches and Subsidiaries

              • BC-8.1.3

                Locally incorporated conventional bank licensees must ensure that their branches and subsidiaries operating in foreign jurisdictions comply, at a minimum, with local conduct of business standards and regulatory requirements (where applicable).

                Added: April 2008

              • BC-8.1.4

                For branches of foreign banks located in Bahrain, these requirements only apply to the business and customers of the Bahrain branch.

                Amended: January 2011
                Added: April 2008

              • BC-8.1.5

                The CBB encourages locally incorporated conventional bank licensees to apply — with respect to their overseas branches and subsidiaries — conduct of business standards at least equivalent to those set out in this Module. Where this is not the case, then the CBB will consider any potential risk to the conventional bank licensee that may arise through adverse reputational or other consequences.

                Amended: January 2011
                Added: April 2008

          • BC-8.2 BC-8.2 General Rules

            • BC-8.2.1

              This Module applies to the regulated banking services listed in Subparagraphs LR-1.3.1 (h to l) of all conventional bank licensees.

              Amended: April 2012
              Amended: January 2011
              Added: April 2008

            • BC-8.2.2

              This Module aims to encourage high standards of business conduct, which are broadly applicable to all conventional bank licensees, all regulated banking services referred to in Paragraph BC-8.2.1, and all types of customers. The CBB, nevertheless, recognises that customers' level of sophistication and understanding of risks underlying financial instruments vary. Accordingly, the level of safeguards provided for in the business conduct requirements for retail customers, for instance, are different from those for accredited investors.

              Amended: January 2011
              Added: April 2008

            • BC-8.2.3

              This Chapter comprises a number of overarching principles of business conduct, with respect to the conduct of regulated banking services by conventional bank licensees; these cover the various stages of the life of a customer relationship.

              Added: April 2008

            • BC-8.2.4

              Conventional bank licensees must maintain adequate records to demonstrate compliance with the requirements in this Chapter.

              Added: April 2008

            • BC-8.2.5

              The CBB will monitor compliance with this Chapter. If required, the CBB may develop more detailed rules and guidance to supplement the existing IBCP.

              Added: April 2008

          • BC-8.3 BC-8.3 Overarching Principles

            • BC-8.3.1

              In the course of offering regulated banking services listed in Paragraph BC-8.2.1, licensees must:

              (a) Act with due skill, care and diligence in all dealings with customers;
              (b) Act fairly and reasonably in all dealings with customers;
              (c) Identify customers' specific requirements in relation to the products and services about which they are enquiring;
              (d) Ensure that any advice to customers is aimed at the customers' interests and based on adequate standards of research and analysis;
              (e) Provide sufficient information to enable customers to make informed decisions when purchasing investment products and services offered to them;
              (f) Provide sufficient and timely documentation to customers to confirm that their investment arrangements are in place and provide all necessary information about their products, rights and responsibilities;
              (g) Maintain fair treatment of customers through the lifetime of the customer relationships, and ensure that customers are kept informed of important events;
              (h) Ensure complaints from customers are dealt with fairly and promptly;
              (i) Ensure that all information provided to customers is clear, fair and not misleading, and appropriate to customers' information needs; and
              (j) Take appropriate measures to safeguard any money and property handled on behalf of customers and maintain confidentiality of customer information.
              Amended: January 2011
              Added: April 2008

            • BC-8.3.2

              The Rules contained in Chapter BC-8 are largely principles-based and focus on desired outcomes rather than on prescribing detailed measures to achieve those outcomes. This gives conventional bank licensees flexibility in how to implement the basic standards prescribed in this Module.

              Added: April 2008

          • BC-8.4 BC-8.4 Customer Classification

            • BC-8.4.1

              A conventional bank licensee must classify the persons with or for whom it intends to carry on regulated banking services listed in Paragraph BC-8.2.1, in accordance with the requirements in this Section, and communicate its classification to the person concerned. The customer must be notified of his/her customer classification before any documentation is finalised or where regulated banking services or products listed in Paragraph BC-8.2.1 are offered.

              Amended: January 2011
              Added: April 2008

            • BC-8.4.2

              The purpose of the classification is to ensure that conventional bank licenseescustomers are appropriately categorised so that regulatory protections are focused on those classes of customer that need them most: The following wording may be used for customer notification of status. ‘According to the Central Bank of Bahrain Rulebook, we are required to notify all customers of their status for the purpose of investment business and certain regulated banking services. For the purpose of this relationship, you are classified as an accredited investor/retail customer.’

              Added: April 2008

            • BC-8.4.3

              Before conducting regulated banking services listed in Paragraph BC-8.2.1 with or for any person, a conventional bank licensee must take reasonable steps to obtain appropriate information to establish whether that person is an accredited investor or a retail customer.

              Amended: January 2011
              Added: April 2008

            • BC-8.4.4

              The treatment of a conventional bank licensee’s customers must be in accordance with the classification it has established for the purpose of Rule BC-8.4.3.

              Added: April 2008

            • BC-8.4.5

              Where specific rules do not exist for a particular class of customers, the CBB requires appropriate treatment in accordance with the overarching principles set forth in Section BC-8.3.

              Added: April 2008

            • Accredited Investors

              • BC-8.4.6

                For the purpose of Rule BC 8.4.3, an accredited investor includes:

                (a) Individuals holding financial assets (either singly or jointly with their spouse) of USD 1,000,000 or more;
                (b) Companies, partnerships, trusts or other commercial undertakings, which have financial assets available for investment of not less than USD 1,000,000; or
                (c) Governments, supranational organisations, central banks or other national monetary authorities, and state organisations whose main activity is to invest in financial instruments (such as state pension funds).
                Amended: January 2011
                Added: April 2008

              • BC-8.4.7

                Conventional bank licensees must notify a customer (that is not licensee of the CBB or a licensed financial institution in a foreign country) in writing, that he is being classified as an accredited investor and provide a written warning that he will not benefit from the specific protections afforded to retail investors.

                Amended: January 2011
                Added: April 2008

              • BC-8.4.8

                Persons classified as accredited investors under Rule BC-8.4.6 may, however, request treatment as retail customers where the concerned product is a listed security or is retail in nature, in which case conventional bank licensees must agree to treat them as retail customers.

                Amended: January 2011
                Added: April 2008

              • BC-8.4.9

                A retail customer, as defined in Rule BC-8.4.10, may voluntarily elect to be treated as an accredited investor. In this instance the conventional bank licensee must obtain a signed declaration to that effect prior to any provision of regulated banking services.

                Added: April 2008

            • Retail Customer

              • BC-8.4.10

                For the purposes of Rule BC-8.4.3 a retail customer means a customer who is not classified as an accredited investor under Rule BC-8.4.6 .

                Amended: January 2011
                Added: April 2008

            • Records

              • BC-8.4.11

                A conventional bank licensee must make a record of the classification established for each customer, including sufficient information to support such classification.

                Added: April 2008

          • BC-8.5 BC-8.5 Marketing and Promotion

            • BC-8.5.1

              The requirements of this section apply to product specific or service specific material and not to general brand awareness promotional material.

              Added: April 2008

            • BC-8.5.2

              Conventional bank licensees must ensure that all advertising and promotional material that is sent to any class of customer is fair, clear and not misleading.

              Added: April 2008

            • BC-8.5.3

              With respect to retail customers, in ensuring that the description of the product or the service in the promotional material is fair, clear and not misleading, the conventional bank licensee should, among other precautionary measures, ensure that:

              a) The purpose, and to the extent practicable, the content, of the information or communication are likely to be understood by the average member of the group to whom the communication is addressed;
              b) Key items contained in the information are given due prominence;
              c) The method of presentation in the information does not disguise, diminish, or obscure important risks, warnings or information; and
              d) The communication does not omit information that is material to ensure it is fair, clear and not misleading.

              Added: April 2008

            • BC-8.5.4

              In ensuring that the description of the product or the service in the promotional material is fair, the conventional bank licensee should avoid exaggerating the potential benefits of the investment service or financial instrument in any communication with a retail customer or potential retail customer.

              Added: April 2008

            • BC-8.5.5

              In ensuring that the description of the product or the service in relation to promotional material directed at retail customers is adequate, the conventional bank licensee should: ensure that the promotional material contains a balanced description of the main characteristics of the financial instrument and/or service state it relates, including the nature of the financial commitment and risks involved; whether or not the financial instruments involved are illiquid, and traded in a recognised exchange or market; the existence or absence of any right of withdrawal or cancellation and, where such a right exists, its duration and the conditions for exercising it, including information on any amount that the retail customer may be required to pay to exercise that right; and state if the communication relates to a financial instrument or service of a person other than the conventional bank licensee, the name of the person.

              Added: April 2008

            • BC-8.5.6

              Conventional bank licensees must ensure that the accuracy of all material statements of fact in promotional materials is supported by adequate evidence.

              Added: April 2008

            • BC-8.5.7

              Conventional bank licensees must not, in any form of communication with an individual customer or any class of customer, unreasonably attempt to limit or avoid any duty or liability it may have to that individual customer or class of customer in relation to regulated banking services, unless otherwise agreed in writing by both parties.

              Added: April 2008

            • BC-8.5.8

              An example of an unreasonable attempt to limit liability is where a financial product is given protection or compensation status in its home country and such status is not given by the Bahrain Bank (or branch) to its customers.

              Added: April 2008

            • BC-8.5.9

              Conventional bank licensees that underwrite or market public offerings must ensure that their promotional material complies with the relevant capital markets disclosure standards of the CBB.

              Added: April 2008

            • BD-8.5.10

              Capital markets disclosure standards are currently contained in the Disclosure Standards Regulation of 3 December 2003.

              Added: April 2008

            • Content of Promotions

              • BC-8.5.11

                Before a conventional bank licensee communicates any promotional material on a specific product or service to a customer or a potential customer it must ensure that the promotional material at the very least contains the information laid out in Paragraph BC-8.13.1.

                Added: April 2008

              • BC-8.5.12

                Conventional bank licensees must not make use of the name of the CBB in any promotion in such a way that would indicate endorsement or approval of its products or services.

                Added: April 2008

              • BC-8.5.12A

                For greater certainty, notification in promotion material that a bank is licensed by the CBB is not regarded as endorsement or approval by the CBB of any products or services being offered by the bank and does not contravene the requirements of Paragraph BC-8.5.12.

                Added: July 2012

            • Records

              • BC-8.5.13

                Conventional bank licensees must maintain a record of all promotional materials issued by them or on their behalf.

                Added: April 2008

            • Real Time Promotions

              • BC-8.5.14

                Conventional bank licensees must not make a real time promotion to retail customers unless the concerned customer has been notified of the fact in advance and has agreed in writing to receive real time promotions.

                Added: April 2008

              • BC-8.5.15

                For the purposes of Paragraph BC-8.5.14, a real time promotion is a promotion made in the course of a personal visit, telephone conversation or other interactive dialogue.

                Added: April 2008

              • BC-8.5.16

                Consent to receive real time promotions could be, for instance, at the time of the initial customer profiling, by means of signing a form clearly indicating such consent.

                Added: April 2008

              • BC-8.5.17

                A representative of the conventional bank licensee must, on making contact for the first time with a customer, and again at any time when asked to do so by the customer:

                (a) Identify himself as being a representative of the conventional bank licensee;
                (b) State the name of the conventional bank licensee; and
                (c) Present the customer with a business card on meeting that customer, unless he has given him such a card at a previous meeting. The business card must include a statement of the conventional bank licensee's licensing status.
                Amended: October 2010
                Added: April 2008

              • BC-8.5.18

                For the purposes of Rule BC-8.5.17(c), the statement on the business card should make clear the licensing status of the conventional bank licensee; however it should not lead the customer to believe that the product being offered has been approved by the CBB. The suggested wording for the statement of licensing status is as follows: "Licensed as a conventional retail /wholesale bank by the CBB".

                Amended: October 2010
                Added: April 2008

              • BC-8.5.19

                In oral communications with a retail customer, whether in person or by telephone, the representative of the conventional bank licensee must:

                (i) Conduct himself in a polite manner and respect the wishes of the customer;
                (ii) State the genuine purpose of the call at the commencement of the conversation;
                (iii) Ascertain whether or not the customer wishes him to proceed with the conversation if the time of the conversation was not previously agreed by the customer;
                (iv) Explain clearly the financial instruments or other services which he is authorised to arrange;
                (v) Recognise and respect the right of the customer to terminate the call at any time; and
                (vi) If he requests another appointment and the customer refuses, shall accept that refusal courteously and in such a manner as to cause no embarrassment to the customer.

                Added: April 2008

              • Records

                • BC-8.5.20

                  Conventional bank licensees must keep sufficient records of real time promotions made by them, or on their behalf by other persons, for CBB’s supervision purposes.

                  Added: April 2008

                • BC-8.5.21

                  These records should include evidence that customers have been notified in advance and agreed to receive real time promotions, as required under Rule BC-8.5.14.

                  Added: April 2008

          • BC-8.6 BC-8.6 Accepting Customers

            • Applicability

              • BC-8.6.1

                This Section applies to retail customers only.

                Added: April 2008

            • Terms of Business

              • BC-8.6.2

                Conventional bank licensees must provide their retail customers with their terms of business, setting out the basis on which the regulated banking services are to be conducted (see also Paragraph BC-8.8.13).

                Amended: January 2011
                Added: April 2008

              • BC-8.6.3

                The terms of business in relation to providing regulated banking services as defined in Paragraph BC-8.2.1 to a retail customer must take the form of a customer agreement.

                Amended: January 2011
                Added: April 2008

              • BC-8.6.4

                The terms of business must include the rights and obligations of parties to the agreement, as well as other terms relevant to the regulated banking services. The terms of business must include, but are not limited to, the items included in Paragraph BC-8.13.2.

                Added: April 2008

              • BC-8.6.5

                An application form in relation to regulated banking services will be deemed to be a customer agreement, provided the form includes the principal terms and conditions of the service, such that the customer is provided sufficient information to allow him to understand the basis on which the service is to be conducted.

                Added: April 2008

              • BC-8.6.6

                The customer agreement must be provided in good time prior to providing the regulated banking service.

                Added: April 2008

              • BC-8.6.7

                For the purposes of Rule BC-8.6.6, ‘good time’ should be taken to mean sufficient time to enable the customer to consider properly the service or financial instrument on offer before he is bound.

                Added: April 2008

            • Customer Understanding and Acknowledgement

              • BC-8.6.8

                Conventional bank licensees must not enter into a customer agreement unless they have taken reasonable care to ensure that their retail customer has had a proper opportunity to consider the terms.

                Added: April 2008

              • BC-8.6.9

                Conventional bank licensees must obtain their retail customer’s consent to the terms of the customer agreement as evidenced by a signature or an equivalent mechanism.

                Added: April 2008

              • BC-8.6.10

                The equivalent mechanism refers to instances where a customer may have signed a mandate letter or other document accompanying the terms of the customer agreement.

                Added: April 2008

              • BC-8.6.11

                The customer agreement must contain the signatures of both parties to the agreement. If the agreement is signed by only the customer (in case it is in the form of an application), copies of the signed agreement must be provided by the conventional bank licensee to the customer.

                Added: April 2008

            • Records

              • BC-8.6.12

                Conventional bank licensees must keep sufficient records of customer agreements and any documents referred to in the customer agreement as soon as the agreement comes into force, for CBB’s supervision purposes.

                Added: April 2008

              • BC-8.6.13

                Detailed record-keeping requirements are contained in Module GR (General Requirements) and Module FC (Financial Crime).

                Added: April 2008

          • BC-8.7 BC-8.7 Suitability

            • Applicability

              • BC-8.7.1

                This Section applies to retail customers only.

                Added: April 2008

            • Information and Communication

              • BC-8.7.2

                Conventional bank licensees must seek information from their retail customers (and potential retail customers about their needs, circumstances and investment objectives (including their risk appetite), relevant to the services to be provided.

                Added: April 2008

              • BC-8.7.3

                For the purposes of Rule BC-8.7.2, the conventional bank licensee, when providing the regulated investment services, should ask the customer or potential customer to provide information regarding his knowledge and experience in the investment field relevant to the specific type of financial instrument or service offered or demanded so as to enable the licensee to assess whether the financial instrument or service is appropriate to the customer. The evaluation of the customer's needs, circumstances and investment objectives (including risk appetite) can be done through a structured questionnaire.

                Amended: January 2011
                Added: April 2008

              • BC-8.7.4

                For the purposes of satisfying the requirement under Rule BC-8.7.2, conventional bank licensees must ensure that the information and facts they hold about their customers are accurate, complete and up to date.

                Added: April 2008

              • BC-8.7.5

                Where a conventional bank licensee is managing financial instruments for a customer, it must periodically assess whether the customer’s portfolio or account remains suitable over the lifetime of the customer relationship and advise the customer if it is no longer suitable.

                Added: April 2008

              • BC-8.7.6

                Where a conventional bank licensee has pooled a customer’s assets with those of others, with a view to taking common discretionary management decisions, the conventional bank licensee must take reasonable steps to ensure that the transaction is suitable for the related customers having regard to their stated investment objectives.

                Added: April 2008

            • Records

              • BC-8.7.7

                Conventional bank licensees must keep a record of each recommendation made to retail customers, and be able to demonstrate to the CBB compliance with this Section.

                Added: April 2008

          • BC-8.8 BC-8.8 Disclosure of Information

            • Applicability

              • BC-8.8.1

                This Section applies to conventional bank licensees in relation to their dealings with all categories of customers, except when stated otherwise.

                Added: April 2008

            • Initial Disclosure Requirement

              • BC-8.8.2

                A conventional bank licensee must provide (with respect to regulated banking services), comprehensible information to customers or potential customers on:

                a) Itself and the types of services that it can provide;
                b) Whether it is acting as agent or principal;
                c) Fees, costs and associated charges payable by the customer such as:
                i. The basis or amount of its charges, remuneration and commission for conducting regulated financial services and
                ii. The nature or amount of any other income receivable by it or, to its knowledge, by its associate and attributable to that regulated banking service;
                d) Financial instruments and proposed strategies and appropriate guidance on and warnings of the risks associated with those financial instruments and strategies; and
                e) Information about methods of redress.

                Added: April 2008

              • BC-8.8.3

                The purpose of Paragraph BC-8.8.2 is to ensure that customers are reasonably able to understand the nature and risks of the investment service and type of financial instrument that is being offered and, consequently, to take investment decisions on an informed basis. This information may be provided in standard format.

                Amended: January 2011
                Added: April 2008

            • Risks

              • BC-8.8.4

                Conventional bank licensees must disclose adequate information to all classes of customers about risks underlying the financial instrument that are not readily apparent and which relate to the regulated banking service being provided.

                Added: April 2008

              • BC-8.8.5

                Without prejudice to the scope of the requirement under Rule BC-8.8.2(c), conventional bank licensees must provide retail customers with appropriate guidance on, and warnings of, relevant risks when providing regulated banking services, in relation to:

                (a) Transactions in illiquid financial instruments;
                (b) Leveraged transactions, including asset portfolios or collective investment schemes that have embedded leverage;
                (c) Financial instruments subject to high volatility in normal market conditions;
                (d) Securities repurchase agreements or securities lending agreements;
                (e) Transactions which involve credit, margin payments, or deposit of collateral;
                (f) Transactions involving material foreign exchange risk;
                (g) Interests in real estate; and/or
                (h) Islamic financial instruments.
                Amended: January 2011
                Added: April 2008

              • BC-8.8.6

                In relation to transactions involving warrants or derivatives, conventional bank licensees must provide retail customers with a written statement that includes explanations of their characteristics, in particular their leverage effect, liquidity and price volatility.

                Added: April 2008

              • BC-8.8.7

                To satisfy Rule BC-8.8.6, with respect to warrants, conventional bank licensees should provide retail customers with a statement that includes, at a minimum, the information contained in Paragraph BC-8.13.3.

                Added: April 2008

              • BC-8.8.8

                To satisfy Rule BC-8.8.6, with respect to futures contracts, conventional bank licensees should provide retail customers with a statement that includes, at a minimum, the information contained in Paragraph BC-8.13.4.

                Added: April 2008

              • BC-8.8.9

                To satisfy Rule BC-8.8.6, with respect to option transactions, conventional bank licensees should provide retail customers with a statement that includes, at a minimum, the information contained in Paragraphs BC-8.13.5 and BC-8.13.6.

                Added: April 2008

              • BC-8.8.10

                In relation to a transaction in a financial instrument that is not readily realisable, conventional bank licensees must:

                (a) Warn the retail customer that there is a restricted market for such financial instruments, and that it may therefore be difficult to deal in the financial instrument or to obtain reliable information about its value; and
                (b) Disclose any position knowingly held by the conventional bank licensee or any of its associates in the financial instrument or in a related financial instrument.

                Added: April 2008

              • BC-8.8.11

                The risk warning given to a retail customer or potential retail customer must be given due prominence in all related materials and must not be concealed or masked in any way by the wording, design or format of the information provided.

                Added: April 2008

              • BC-8.8.12

                Risk warnings provided to a retail customer or potential retail customer about warrants or derivatives must make clear that the instrument can be subject to sudden and sharp falls in value. Where the retail customer may not only lose his entire investment but may also be required to pay more later, he must also be warned about this fact and the possible obligation to provide extra funding.

                Added: April 2008

            • Cancellations and Withdrawals

              • BC-8.8.13

                Conventional bank licensees must disclose in their terms of business the existence or absence of a right to cancel as per the provisions of Paragraph BC-8.6.2.

                Added: April 2008

              • BC-8.8.14

                Conventional bank licensees must pay due regard to the interests of their customers and treat them fairly.

                Added: April 2008

            • Records

              • BC-8.8.15

                Conventional bank licensees must keep a record of statements issued in compliance with Rule BC-8.8.6, and of other information or recommendations provided to their customers, and be able to demonstrate to the CBB compliance with this Section.

                Added: April 2008

          • BC-8.9 BC-8.9 Dealing and Managing

            • BC-8.9.1

              Conventional bank licensees must apply the requirements contained in this Section to all customer categories.

              Added: April 2008

            • Best and Timely Execution

              • BC-8.9.2

                Conventional bank licensees must take all reasonable steps to obtain, when executing orders, the best possible result for customers taking into account price, costs, speed, likelihood of execution and settlement, and any other consideration relevant to the execution of the order (subject to Paragraph BC-8.9.5 below).

                Amended: January 2011
                Added: April 2008

              • BC-8.9.3

                Conventional bank licensees must establish and implement effective arrangements for complying with Rule BC-8.9.2 including:

                a) Execution policies for each class of financial instrument;
                b) Maintenance of and disclosure to customers of information regarding execution venues and arrangements for disclosure to customers if orders are to be executed outside regulated markets;
                c) Monitoring of effectiveness of the order execution arrangements and execution policies in order to identify and, where appropriate, correct any deficiencies; and
                d) Maintenance of audit trails to demonstrate to their customers that orders were executed in accordance with the relevant execution policy.

                Added: April 2008

              • BC-8.9.4

                Conventional bank licensees are not required to provide best execution (as defined in Paragraph BC-8.9.5 below) where they have agreed with the customer in writing that they will not provide best execution.

                Amended: January 2011
                Added: April 2008

              • BC-8.9.5

                In determining whether a conventional bank licensee has taken reasonable care to provide the best overall price for a customer in accordance with Rules BC-8.9.2 to BC-8.9.4, the CBB will take into account whether an conventional bank licensee has:

                (a) Executed orders promptly and sequentially;
                (b) Discounted any fees and charges previously disclosed to the customer;
                (c) Disclosed the price at which an order is executed; and
                (d) Taken into account the available range of price sources for the execution of its customers’ transactions. In the case where the conventional bank licensee has access to prices of different regulated financial markets or alternative trading systems, it must execute the transaction at the best overall price available having considered other relevant factors.

                Added: April 2008

              • BC-8.9.6

                Conventional bank licensees may only postpone the execution of a transaction if it is in the best interests of the customer, and the prior consent of the customer has been given, or when circumstances are beyond its control. The conventional bank licensee must maintain a record of all postponements together with the reasons for the postponement.

                Added: April 2008

              • BC-8.9.7

                Factors relevant to whether the postponement of an existing customer order may be in the best interests of the customer include where:

                (a) The customer order is received outside of normal trading hours;
                (b) A foreseeable improvement in the level of liquidity in the financial instrument is likely to enhance the terms on which the conventional bank licensee can execute the order; or
                (c) Executing the order as a series of partial executions over a period of time is likely to improve the terms on which the order as a whole is executed.

                Added: April 2008

            • Non-market Price Transactions

              • BC-8.9.8

                Conventional bank licensees must not enter into a non-market price transaction in any capacity, with or for a customer, if it has reasonable grounds to suspect that the customer is entering into the transaction for an illegal or improper purpose.

                Added: April 2008

              • BC-8.9.9

                For the purposes of Paragraph BC-8.9.8, a non-market price transaction is one where the price paid by the conventional bank licensee, or its customer, differs from the prevailing market price. With respect to transactions in financial instruments traded on a licensed exchange, licensees are reminded that in Bahrain the law prohibits off-market transactions.

                Amended: January 2011
                Added: April 2008

              • BC-8.9.10

                For the purposes of Paragraph BC-8.9.8, examples of improper purposes for transactions include:

                (a) The perpetration of a fraud;
                (b) The disguising or concealment of the nature of a transaction or of profits, losses or cash flows;
                (c) Transactions which amount to market abuse;
                (d) High-risk transactions under the Anti Money Laundering Regulations; and
                (e) "Window dressing", in particular around the year end, to disguise the true financial position of the person concerned.

                Added: April 2008

              • BC-8.9.11

                Rule BC-8.9.8 does not apply to a non-market-price transaction if it is subject to the rules of a recognised investment exchange.

                Added: April 2008

            • Aggregation and Allocation

              • BC-8.9.12

                Conventional bank licensees may only aggregate an order for a customer with an order for other customers, or with an order for its own account, where:

                (a) It is unlikely that the aggregation will disadvantage the customers whose orders have been aggregated; and
                (b) It has disclosed to each customer concerned in writing that it may aggregate orders, where these work to the customer’s advantage.

                Added: April 2008

              • BC-8.9.13

                If a conventional bank licensee has aggregated orders of customers, it must make a record of the intended basis of allocation and the identity of each customer before the order is effected (subject to the "best execution" provisions of Paragraph BC-8.9.2).

                Amended: January 2011
                Added: April 2008

              • BC-8.9.14

                Where an allocation takes place, prices must not be changed. The order must be allocated equally so that no customer or broker is advantaged over any change.

                Amended: April 2013
                Added: April 2008

              • BC-8.9.15

                Conventional bank licensees must have written policies on aggregation and allocation which are consistently applied; these must include the policy that will be adopted when only part of the aggregated order has been filled.

                Added: April 2008

              • BC-8.9.16

                Where a conventional bank licensee has aggregated a customer order with an order for other customers or with an order for its own account, and part or all of the aggregated order has been filled, it must:

                (a) Promptly allocate the financial instruments concerned;
                (b) Allocate the financial instruments in accordance with its stated policy;
                (c) Ensure the allocation is done fairly and uniformly by not giving undue preference to itself or to any of those for whom it dealt;
                (d) Give priority to satisfying customer orders where the aggregation order combines a customer order and an own account order, if the aggregate total of all orders cannot be satisfied, unless it can demonstrate on reasonable grounds that without its own participation it would not have been able to execute those orders on such favourable terms, or at all; and
                (e) Make and maintain a record of:
                (i) The date and time of the allocation;
                (ii) The relevant financial instruments;
                (iii) The identity of each customer concerned;
                (iv) The amount allocated to each customer and to the conventional bank licensee; and
                (v) The price of each financial instrument and allocation.
                Amended: April 2013
                Added: April 2008

            • Excessive Dealing

              • BC-8.9.17

                Conventional bank licensees must not advise any customer to transact with a frequency or in amounts that might result in those transactions being deemed excessive in light of historical volumes, market capitalisation, customer portfolio size and related factors. This Rule does not apply to customers classified as market counterparties.

                Added: April 2008

            • Right to Realise a Retail Customer's Assets

              • BC-8.9.18

                Conventional bank licensees must not realise a retail customer’s assets, unless it is legally entitled to do so, and has either:

                (a) Set out in the terms of business:
                (i) The action it may take to realise any assets of the retail customer;
                (ii) The circumstances in which it may do so;
                (iii) The asset (if relevant) or type or class of asset over which it may exercise the right; or
                (b) Given the retail customer written or oral notice of its intention to exercise its rights before it does so.

                Added: April 2008

            • Margin Requirements

              • BC-8.9.19

                Before conducting a transaction with or for a retail customer, conventional bank licensees must notify the customer of:

                (a) The circumstances in which the customer may be required to provide any margin;
                (b) The form in which the margin may be provided;
                (c) The steps the conventional bank licensee may be required or entitled to take if the customer fails to provide the required margin, including:
                (i) The fact that the customer's failure to provide margin may lead to the conventional bank licensee closing out his position after a time limit specified by the firm;
                (ii) The circumstances in which the conventional bank licensee will have the right or duty to close out the customer's position; and
                (iii) The circumstances, other than failure to provide the required margin, that may lead to the conventional bank licensee closing out the customer’s position without prior reference to him.

                Added: April 2008

              • BC-8.9.20

                Conventional bank licensees must close out a retail customer's open position if that customer has failed to meet a margin call within a maximum of five business days following the date on which the obligation to meet the call accrues, unless:

                (a) The conventional bank licensee has received confirmation from a relevant third party (such as a clearing firm) that the retail customer has given instructions to pay in full; or
                (b) The conventional bank licensee has taken reasonable care to establish that the delay is owing to circumstances beyond the retail customer's control.
                Amended: January 2011
                Added: April 2008

              • BC-8.9.21

                For the purposes of Rule BC-8.9.20, conventional bank licensees may require the closing of a retail customer’s open position in less than five business days, for their own risk management purposes.

                Added: April 2008

              • BC-8.9.22

                Conventional bank licensees must also follow the requirements of Chapter BC-7 concerning the operation of the margin trading system.

                Amended: January 2011
                Added: April 2008

            • Programme Trading

              • BC-8.9.23

                Before a conventional bank licensee executes a programme trade, it must disclose to its customer whether it will be acting as a principal or agent. A conventional bank licensee must not subsequently act in a different capacity from that which is disclosed without the prior consent of the customer.

                Added: April 2008

              • BC-8.9.24

                The term ‘programme trade’ describes a single transaction or series of transactions executed for the purpose of acquiring or disposing of, for a customer, all or part of a portfolio or a large basket of financial instruments.

                Added: April 2008

              • BC-8.9.25

                Conventional bank licensees must ensure that neither they, nor an associate, execute an own account transaction in any financial instrument included in a programme trade, unless they have notified the customer in advance that they may do this, or can otherwise demonstrate that they have provided fair treatment to the customer concerned.

                Added: April 2008

            • Records

              • BC-8.9.26

                Conventional bank licensees must keep a record of each step they undertake in relation to each transaction to demonstrate to the CBB compliance with Section BC-8.9.

                Added: April 2008

          • BC-8.10 BC-8.10 Reporting to Customers

            • BC-8.10.1

              Section BC-8.10 applies to all customer categories.

              Added: April 2008

            • Confirmation of Transactions

              • BC-8.10.2

                When a conventional bank licensee executes a transaction in a financial instrument for a customer on a specific order, it must establish procedures to keep the customer informed of the essential details of the transaction and essential information regarding the carrying out of his order.

                Added: April 2008

              • BC-8.10.3

                For the purposes of Rule BC-8.10.2, the essential details of the transaction and essential information regarding the carrying out of the order include:

                (a) Execution price;
                (b) Charges; and
                (c) Date of execution.

                Added: April 2008

              • BC-8.10.4

                For the purposes of Rule BC-8.10.2, conventional bank licensees must include at the very least in their confirmation notes, the information included in Paragraph BC-8.13.7.

                Added: April 2008

            • Periodic Statements

              • BC-8.10.5

                Conventional bank licensees must promptly and at suitable intervals provide their customers with a written statement when they:

                (a) Undertake the activity of managing financial instruments; or
                (b) Operate a customer's account containing financial instruments.
                Added: April 2008

              • BC-8.10.6

                Conventional bank licensees must provide a periodic statement:

                (a) Monthly, if the customer is a retail customer and the retail customer's portfolio includes derivative transactions in highly volatile classes of financial instruments or leveraged transactions; or
                (b) At least every six months in other cases.
                Amended: July 2012
                Added: April 2008

              • BC-8.10.7

                Periodic statements, issued in accordance with Rule BC-8.10.6, must contain, at the very least, the information contained in Paragraph BC-8.13.8, as at the end of the period covered.

                Amended: January 2011
                Added: April 2008

              • BC-8.10.8

                Where a conventional bank licensee undertakes the activity of managing financial instruments on a discretionary basis, the periodic statements, issued in accordance with Rule BC-8.10.6, must also include at the very least the information included in Paragraph BC-8.13.9.

                Amended: January 2011
                Added: April 2008

              • BC-8.10.9

                In addition to Rules BC-8.10.7 and BC-8.10.8, where the retail customer may not only lose his entire investment but may also be required to pay more later, conventional bank licensees must also include the additional information included in Paragraph BC-8.13.10.

                Added: April 2008

            • Records

              • BC-8.10.10

                Conventional bank licensees must immediately record the essential elements of all orders that are received.

                Added: April 2008

              • BC-8.10.11

                For the purposes of Rule BC-8.10.10, essential elements of orders received include the particulars of the customer and order, time, price of execution, and number of instruments.

                Added: April 2008

              • BC-8.10.12

                Conventional bank licensees must record the essential elements of all:

                (a) Orders executed;
                (b) Transactions executed for their own account;
                (c) Non-market price transactions entered into by the conventional bank licensee; and
                (d) Orders that have been aggregated with their basis of allocation.

                Added: April 2008

              • BC-8.10.13

                For purposes of Rule BC-8.10.12, conventional bank licensees should include, at the very least, the information provided in Paragraph BC-8.13.9.

                Added: April 2008

              • BC-8.10.14

                Conventional bank licensees must make a copy of any confirmation of a transaction or periodic statement provided to a customer, and retain it for at least five years from the date on which it was provided.

                Added: April 2008

          • BC-8.11 BC-8.11 [This section was deleted in October 2011]

            • BC-8.11.1

              [This paragraph was deleted in October 2011]

              Deleted: October 2011
              Added: April 2008

            • BC-8.11.2

              [This paragraph was deleted in October 2011]

              Deleted: October 2011
              Added: April 2008

            • BC-8.11.3

              [This paragraph was deleted in October 2011]

              Deleted: October 2011
              Added: April 2008

            • [Deleted]

              Deleted: October 2011

              • BC-8.11.4

                [This paragraph was deleted in October 2011]

                Deleted: October 2011
                Added: April 2008

              • BC-8.11.5

                [This paragraph was deleted in October 2011]

                Deleted: October 2011
                Added: April 2008

          • BC-8.12 BC-8.12 Conflicts of Interest

            • BC-8.12.1

              Conventional bank licensees must undertake all reasonable steps to identify conflicts of interest between themselves (or any person directly or indirectly linked to them by control) and their customers, which may arise in the course of providing a regulated banking service.

              Added: April 2008

            • BC-8.12.2

              Where conflicts arise, conventional bank licensees must:

              (a) Disclose any material interest or conflict of interest to the customer in writing (which may include a disclosure in the conventional bank licensee’s terms of business) either generally or in relation to a specific transaction, and take reasonable steps to ensure that the customer does not object;
              (b) Establish information barriers between activities such as proprietary trading, portfolio management and corporate finance business; and
              (c) Produce a written policy of independence, which requires an employee to disregard any conflict of interest or material interest when advising a customer or exercising discretion.

              Added: April 2008

            • BC-8.12.3

              If a conventional bank licensee determines that it is unable to manage a conflict of interest or material interest using one of the methods described in Rule BC-8.12.2 it must decline to act for the customer.

              Added: April 2008

            • Personal Account Transactions

              • BC-8.12.4

                Conventional bank licensees must establish and maintain adequate policies and procedures, to ensure that:

                (a) Employees involved with advising and arranging do not undertake a personal account transaction unless:
                (i) The conventional bank licensee has, in a written notice, drawn to the attention of the employee the conditions upon which the employee may undertake personal account transactions and that the contents of such a notice are made a term of his contract of employment or services;
                (ii) The conventional bank licensee has given its written permission to that employee for that transaction or to transactions generally in financial instruments of that kind; and
                (iii) The transaction will not conflict with the conventional bank licensee’s duties to its customers;
                (b) It receives prompt notification or is otherwise aware of each employee’s personal account transactions; and
                (c) If an employee’s personal account transactions are conducted with the conventional bank licensee, each employee’s account must be clearly identified and distinguishable from other customers’ accounts.

                Added: April 2008

              • BC-8.12.5

                The written notice in sub-Paragraph BC-8.12.4 (a)(i) must make it explicit that, if an employee is prohibited from undertaking a personal account transaction, he must not, except in the proper course of his employment:

                (a) Procure another person to enter into such a transaction; or
                (b) Communicate any information or opinion to another person if he knows, or ought to know, that the person will as a result, enter into such a transaction or procure some other person to do so.

                Added: April 2008

              • BC-8.12.6

                Where a conventional bank licensee has taken reasonable steps to determine that an employee will not be involved to any material extent in, or have access to information about, the conventional bank licensee’s investment business, then the conditions or restrictions on personal account transactions, in Rule BC-8.12.4, need not be applied to that employee.

                Added: April 2008

              • BC-8.12.7

                Conventional bank licensees must establish and maintain procedures and controls so as to ensure that an investment analyst does not undertake a personal account transaction in a financial instrument if the investment analyst is preparing investment research:

                (a) On that investment or its issuer; or
                (b) On a related investment, or its issuer;

                until the investment research is published or made available to the conventional bank licensee’s customers.

                Added: April 2008

            • Investment Research

              • BC-8.12.8

                Where a conventional bank licensee issues investment research, its conflict of interest policy must specify the types of investment research issued by it. A conventional bank licensee that prepares and publishes investment research must have adequate procedures and controls to ensure:

                (a) The effective supervision of investment analysts by following at the very least the items listed in Paragraph BC-8.13.11;
                (b) That any actual or potential conflicts of interest are managed in accordance with Rule BC-8.12.1; and
                (c) That the investment research issued to customers is not biased.

                Added: April 2008

              • BC-8.12.9

                Conventional bank licensees that publish investment research must take reasonable steps to ensure that the investment research:

                (a) Identifies the types of customers for which it is principally intended;
                (b) Distinguishes fact from opinion or estimates, and includes references to sources of data used;
                (c) Specifies the date when it was first published;
                (d) Specifies the period the ratings or recommendations are intended to cover;
                (e) Contains a clear and unambiguous explanation of the rating or recommendation system used;
                (f) Includes a price chart or line graph depicting the performance of the financial instrument for the period that the conventional bank licensee has assigned a rating or recommendation for that financial instrument, which must also show the dates on which the ratings were revised; and
                (g) Includes a distribution of the different ratings or recommendations, in percentage terms:
                (i) For all financial instruments in respect of which the conventional bank licensee publishes investment research; and
                (ii) For financial instruments, if any, where the conventional bank licensee has undertaken corporate finance business with or for the issuer over the past 12 months.

                Added: April 2008

              • BC-8.12.10

                A conventional bank licensee must take reasonable steps to ensure that when it publishes investment research, disclosure is made of the following matters:

                (a) Any financial interest or material interest that the investment analyst or a close relative has, which relates to the financial instrument;
                (b) Any shareholding by the conventional bank licensee or its associate of 1% or more of the total issued share capital of the issuer;
                (c) Whether the conventional bank licensee or its associate acts as corporate broker for the issuer;
                (d) Any material shareholding by the issuer in the conventional bank licensee;
                (e) Any corporate finance business undertaken by the conventional bank licensee with or for the issuer over the past 12 months, and any future relevant corporate finance business initiatives; and
                (f) Whether the conventional bank licensee is a market maker in the financial instrument.
                Amended: January 2011
                Added: April 2008

              • BC-8.12.11

                If a conventional bank licensee acts as a manager or co-manager of an initial public offering or a secondary offering it must take reasonable steps to ensure that it does not publish investment research relating to the financial instrument during the period beginning on the day of publication of the listing particulars or a prospectus relating to the offering of that financial instrument and ending on the 30th calendar day after the day on which the financial instrument is admitted to trading.

                Amended: January 2011
                Added: April 2008

              • BC-8.12.12

                A conventional bank licensee and its associates must not knowingly execute an own account transaction in a financial instrument, which is the subject of investment research, prepared either by the conventional bank licensee or its associate, until the customers for whom the investment research was principally intended have had a reasonable opportunity to act upon it.

                Amended: January 2011
                Added: April 2008

              • BC-8.12.13

                The restriction in Rule BC-8.12.11 does not apply if:

                (a) The conventional bank licensee or its associate is a market maker in the relevant financial instrument;
                (b) The conventional bank licensee or its associate executes an unsolicited transaction for a customer; or
                (c) It is not expected to materially affect the price of the financial instrument.

                Added: April 2008

            • Inducements

              • BC-8.12.14

                Conventional bank licensees must have systems and controls, policies and procedures to ensure that neither they, nor any of their employees, offer, give, solicit or accept any inducement which is likely to conflict significantly with any duty that they owe to their customers.

                Added: April 2008

              • BC-8.12.15

                A conventional bank licensee may only accept goods and services under a soft dollar agreement if:

                (a) The goods and services do not constitute an inducement;
                (b) The goods and services are reasonably expected to assist in the provision of regulated investment activities to the conventional bank licensee’s customers;
                (c) The agreement is a written agreement for the supply of goods or services described in Rule BC-8.12.14, and these goods and services do not take the form of, or include, cash or any other direct financial benefit; and
                (d) The conventional bank licensee makes adequate disclosures regarding the use of soft dollar agreements.

                Added: April 2008

              • BC-8.12.16

                For the purpose of Sub-Paragraph BC-8.12.15(d), Paragraph BC-8.13.12 sets out the minimum disclosure requirements.

                Added: April 2008

              • BC-8.12.17

                A soft dollar agreement is an agreement in any form under which a conventional bank licensee receives goods or services in return for investment business put through or in the way of another person.

                Added: April 2008

              • BC-8.12.18

                Before a conventional bank licensee enters into a transaction for a customer, either directly or indirectly, with or through the agency of another person, under a soft dollar agreement which the conventional bank licensee has, or knows that another member of its group has, with that other person, it must disclose to its customer:

                (a) The existence of the soft dollar agreement; and
                (b) The conventional bank licensee’s or its group’s policy relating to soft dollar agreements.

                Added: April 2008

              • BC-8.12.19

                If a conventional bank licensee has a soft dollar agreement under which the conventional bank licensee deals for a customer, the conventional bank licensee must provide that customer with information as set out in Paragraph BC-8.13.12.

                Added: April 2008

          • BC-8.13 BC-8.13 Appendix

            • BC-8.13.1

              The minimum information that should be contained in promotional material for specific products includes:

              (a) The name of the conventional bank licensee communicating the promotional material;
              (b) The conventional bank licensee’s Category of license;
              (c) The conventional bank licensee’s address;
              (d) A description of the main characteristics of the financial instrument involved or service offered;
              (e) Suitable warning regarding the risks of the financial instrument involved and/or service offered; and
              (f) A clear statement indicating that, if a retail customer (as defined in Section BC-8.4) is in any doubt about the suitability of the agreement which is the subject of the promotion, he should consult his own financial adviser, or else the conventional bank licensee.

              Added: April 2008

            • BC-8.13.2

              The minimum information that should be contained in the terms of business includes:

              (a) The regulatory status of the conventional bank licensee;
              (b) A statement that the licensee is bound by the CBB's regulation and licensing conditions;
              (c) The licensee's name, address, e-mail and telephone number;
              (d) A statement of the products and services provided by the licensee, as permitted by the CBB;
              (e) The total price to be paid by the customer to the conventional bank licensee for its services, or, where an exact price cannot be indicated, the basis for the calculation of the price enabling the customer to verify it;
              (f) Information on any rights the parties may have to terminate the contract early or unilaterally under its terms, including any penalties imposed by the contract in such cases;
              (g) Where appropriate, the customer's investment objectives;
              (h) Where appropriate, the extent to which the conventional bank licensee will consider the customers' personal circumstances when considering suitability (as required under Section BC-8.7) and the details of such matters that will be taken into account;
              (i) Any conflict of interest disclosure as required by Section BC-8.12;
              (j) Any disclosure of soft dollar agreements under Section BC-8.12;
              (k) A statement that clearly indicates the following:
              (i) The customer's right to obtain copies of records relating to his business with the licensee;
              (ii) The customer's record will be kept for 5 years or as otherwise required by Bahrain Law; and
              (l) The name and job title, address and telephone number of the person in the conventional bank licensee to whom any complaint should be addressed (in writing) by the customer.
              Added: April 2008

            • BC-8.13.3

              The minimum information that should be contained in a notice in relation to a warrant includes:
              "A warrant is a time-limited right to subscribe for shares or debentures and is exercisable against the original issuer of the underlying securities. A relatively small movement in the price of the underlying security results in a disproportionately large movement, unfavourable or favourable, in the price of the warrant. The prices of warrants can therefore be volatile. It is essential for anyone who is considering purchasing warrants to understand that the right to subscribe which a warrant confers is invariably limited in time, with the consequence that if the investor fails to exercise this right within the predetermined time-scale then the investment becomes worthless. You should not buy a warrant unless you are prepared to sustain a total loss of the money you have invested plus any commission or other transaction charges."

              Added: April 2008

            • BC-8.13.4

              The minimum information that should be contained in a notice in relation to a futures transaction includes:
              "Transactions in futures involve the obligation to make, or to take, delivery of the underlying asset of the contract at a future date, or in some cases to settle the position with cash. They carry a high degree of risk. The 'gearing' or 'leverage' often obtainable in futures trading means that a small deposit or down payment can lead to large losses as well as gains. It also means that a relatively small movement can lead to a proportionately much larger movement in the value of your investment, and this can work against you as well as for you. Futures transactions have a contingent liability, and you should be aware of the implications of this, in particular the margining requirements."

              Added: April 2008

            • BC-8.13.5

              The minimum information that should be contained in a notice in relation to a purchased option includes:
              "Buying options: buying options involves less risk than selling options because, if the price of the underlying asset moves against you, you can simply allow the option to lapse. The maximum loss is limited to the premium, plus any commission or other transaction charges. However, if you buy a call option on a futures contract and you later exercise the option, you will acquire the future. This will expose you to the risks associated with 'futures' and 'contingent liability investment transactions'."

              Added: April 2008

            • BC-8.13.6

              The minimum information that should be contained in a notice in relation to a written option includes:
              "Writing options: if you write an option, the risk involved is considerably greater than buying options. You may be liable for margin to maintain your position and a loss may be sustained well in excess of the premium received. By writing an option, you accept a legal obligation to purchase or sell the underlying asset if the option is exercised against you, however far the market price has moved away from the exercise price. If you already own the underlying asset which you have contracted to sell (when the options will be known as 'covered call options') the risk is reduced. If you do not own the underlying asset ('uncovered call options') the risk can be unlimited. Only experienced persons should contemplate writing uncovered options, and then only after securing full details of the applicable conditions and potential risk exposure."

              Added: April 2008

            • BC-8.13.7

              The minimum information that should be included in a transaction confirmation includes:

              (a) The conventional bank licensee’s name and address;
              (b) Whether the conventional bank licensee executed the transaction as principal or agent;
              (c) The customer’s name, account number or other identifier;
              (d) Where relevant, a description of the collective investment undertaking or fund, including the amount invested or number of units involved;
              (e) Whether the transaction was a sale or purchase;
              (f) The price or unit price at which the transaction was executed;
              (g) If applicable, a statement that the transaction was executed on an execution only basis;
              (h) The date and time of the transaction or a statement that the time of execution will be provided on request;
              (i) Due date and procedure for settlement of transaction and the bank account;
              (j) The amount the conventional bank licensee charges in connection with the transaction, including commission charges and the amount of any mark-up or mark-down, fees, taxes or duties;
              (k) The amount or basis of any charges shared with another person or statement that this will be made available on request;
              (l) For collective investment undertakings, a statement that the price at which the transaction has been executed is on a historic price or forward price basis, as the case may be;
              (m) The regulated market on which the transaction was carried out or the fact that the transaction was undertaken outside a regulated market; and
              (n) Whether the retail customer’s counterparty was the conventional bank licensee itself or any other person in the conventional bank group.

              Added: April 2008

            • BC-8.13.8

              The minimum information that should be included in a periodic statement includes:

              (a) The number, description and value of each financial instrument;
              (b) The amount of cash held;
              (c) The total value of the portfolio; and
              (d) A statement as to the basis on which the value of each financial instrument was calculated.

              Added: April 2008

            • BC-8.13.9

              The minimum information that should be included in a periodic statement, where the relationship includes portfolio management, includes:

              (a) A statement of which financial instruments, if any, were at the closing date loaned to any third party and which financial instruments, if any, were at that date charged to secure borrowings made on behalf of the portfolio;
              (b) The aggregate of any interest payments made and income received during the account period in respect of loans or borrowings made during that period;
              (c) A management report on the strategy implemented (provided at least yearly);
              (d) Total amount of fees and charges incurred during the period and an indication of their nature;
              (e) Information on any remuneration received from a third party and details of calculation basis;
              (f) Total amount of dividends, interest and other payments received during the period in relation to the customers’ portfolio;
              (g) Details of each transaction which have been entered into for the portfolio during the period;
              (h) The aggregate of money and details of all financial instruments transferred into and out of the portfolio during the period;
              (i) The aggregate of any interest payments, including the dates of their application and dividends or other benefits received by the conventional bank licensee from the portfolio for its own account during that period;
              (j) A statement of the aggregate charges of the conventional bank licensee and its associates; and
              (k) A statement of the amount of any remuneration received by the conventional bank licensee or its associates or both from a third party.

              Added: April 2008

            • BC-8.13.10

              The minimum information that should be included in periodic statements, where the relationship includes contingent liability investment transactions, includes:

              (a) The aggregate of money transferred into and out of the portfolio during the valuation period;
              (b) In relation to each open position in the account at the end of the account period, the unrealised profit or loss to the customer (before deducting or adding any commission which would be payable on closing out);
              (c) In relation to each transaction executed during the account period to close out a customer’s position, the resulting profit or loss to the customer after deducting or adding any commission;
              (d) The aggregate of each of the following in, or relating to, the customer’s portfolio at the close of business on the valuation date:
              (i) Cash;
              (ii) Collateral value;
              (iii) Management fees; and
              (iv) Commissions;
              (e) Option account valuations in respect of each open option contained in the account on the valuation date stating:
              (i) The share, or future or other financial instrument involved;
              (ii) The trade price and date for the opening transaction, unless the valuation statement follows the statement for the period in which the option was opened;
              (iii) The market price of the contract; and
              (iv) The exercise price of the contract.

              Added: April 2008

            • BC-8.13.11

              The minimum requirements that should be met where the conventional bank licensee prepares and publishes investment research include:

              (a) Analysts must not trade in securities or related derivatives ahead of publishing research on the issuer of these securities;
              (b) Analysts must not trade in securities or related derivatives of any issuer that they review in a manner contrary to their existing recommendations except in special circumstances subject to pre-approval by compliance or legal personnel;
              (c) Analysts must not accept inducements by issuers or others with a material interest in the subject matter of investment research; and
              (d) Conventional banks must not promise issuers favorable research coverage, specific ratings or specific target prices in return for a future or continued business relationship, service or investment.
              Amended: January 2011
              Added: April 2008

            • BC-8.13.12

              The minimum requirements that should be met where the conventional bank licensee has a soft dollar agreement under which it deals with customers include:

              (a) The percentage paid under soft dollar agreements of the total commission paid by or at the direction of:
              (i) The conventional bank licensee; and
              (ii) Any other member of the conventional bank licensee’s group which is a party to those agreements;
              (b) The value, on a cost price basis, of the goods and services received by the conventional bank licensee under soft dollar agreements, expressed as a percentage of the total commission paid by or at the direction of:
              (i) The conventional bank licensee; or
              (ii) Other members of the conventional bank licensee’s group;
              (c) A summary of the nature of the goods and services received by the conventional bank licensee under the soft dollar agreements; and
              (d) The total commission paid from the portfolio of that customer.

              Added: April 2008

        • BC-9 BC-9 Customer Complaints Procedures

          • BC-9.1 BC-9.1 General Requirements

            • BC-9.1.1

              All conventional bank licensees must have appropriate customer complaints handling procedures and systems for effective handling of complaints made by customers by 31st March 2012.

              October 2011

            • BC-9.1.2

              Customer complaints procedures must be documented appropriately and their customers must be informed of their availability.

              October 2011

            • BC-9.1.3

              All conventional bank licensees must appoint a customer complaints officer and publicise his/ her contact details at all departments and branches and on the bank's website. The customer complaints officer must be of a senior level at the conventional bank and must be independent of the parties to the complaint to minimize any potential conflict of interest.

              October 2011

            • BC-9.1.3A

              The position of customer complaints officer may be combined with that of compliance officer.

              Added: July 2012

            • BC-9.1.4

              In the case of an overseas conventional bank licensee, a local complaints officer must be present and must report all complaints to the head office complaints unit.

              Amended: January 2012
              October 2011

          • BC-9.2 BC-9.2 Documenting Customer Complaints Handling Procedures

            • BC-9.2.1

              In order to make customer complaints handling procedures as transparent and accessible as possible, all conventional bank licensees must document their customer complaints handling procedures. These include setting out in writing:

              (a) The procedures and policies for:
              (i) Receiving and acknowledging complaints;
              (ii) Investigating complaints;
              (iii) Responding to complaints within appropriate time limits;
              (iv) Recording information about complaints;
              (v) Identifying recurring system failure issues.
              (b) The types of remedies available for resolving complaints; and
              (c) The organisational reporting structure for the complaints handling function.
              Amended: January 2012
              October 2011

            • BC-9.2.2

              Conventional bank licensees must provide a copy of the procedures to all relevant staff, so that they may be able to inform customers. A simple and easy-to-use guide to the procedures must also be made available to all customers, on request, and when they want to make a complaint.

              October 2011

            • BC-9.2.3

              Conventional bank licensees are required to ensure that all financial services related documentation (such as loan documentation) provided to the customer includes a statement informing the customer of the availability of a simple and easy-to-use guide on customer complaints procedures in the event the customer is not satisfied with the services provided.

              Amended: January 2012
              October 2011

          • BC-9.3 BC-9.3 Principles for Effective Handling of Complaints

            • BC-9.3.1

              Adherence to the following principles is required for effective handling of complaints:

              October 2011

            • Visibility

              • BC-9.3.2

                "How and where to complain" must be well publicised to customers and other interested parties, in both English and Arabic languages.

                October 2011

            • Accessibility

              • BC-9.3.3

                A complaints handling process must be easily accessible to all customers and must be free of charge.

                October 2011

              • BC-9.3.4

                While a conventional bank licensee's website is considered an acceptable mean for dealing with customer complaints, it should not be the only means available to customers as not all customers have access to the internet.

                Amended: January 2012
                October 2011

              • BC-9.3.5

                Process information must be readily accessible and must include flexibility in the method of making complaints.

                October 2011

              • BC-9.3.6

                Support for customers in interpreting the complaints procedures must be provided, upon request.

                October 2011

              • BC-9.3.7

                Information and assistance must be available on details of making and resolving a complaint.

                October 2011

              • BC-9.3.8

                Supporting information must be easy to understand and use.

                October 2011

              • BC-9.3.9

                [This Paragraph was deleted in January 2012].

                Deleted: January 2012

            • Responsiveness

              • BC-9.3.10

                Receipt of complaints must be acknowledged in accordance with Section BC-9.5 "Response to Complaints".

                October 2011

              • BC-9.3.11

                Complaints must be addressed promptly in accordance with their urgency.

                October 2011

              • BC-9.3.12

                Customers must be treated with courtesy.

                October 2011

              • BC-9.3.13

                Customers must be kept informed of the progress of their complaint, in accordance with Section BC-9.5.

                October 2011

              • BC-9.3.14

                If a customer is not satisfied with a conventional bank licensee's response, the conventional bank licensee must advise the customer on how to take the complaint further within the organisation.

                October 2011

              • BC-9.3.15

                In the event that they are unable to resolve a complaint, conventional bank licensees must outline the options that are open to that customer to pursue the matter further, including, where appropriate, referring the matter to the Consumer Protection Unit at the CBB.

                Amended: April 2020
                Added: October 2011

            • Objectivity and Efficiency

              • BC-9.3.16

                Complaints must be addressed in an equitable, objective, unbiased and efficient manner.

                Amended: January 2012
                October 2011

              • BC-9.3.17

                General principles for objectivity in the complaints handling process include:

                (a) Openness:

                The process must be clear and well publicised so that both staff and customers can understand.
                (b) Impartiality:
                (i) Measures must be taken to protect the person the complaint is made against from bias;
                (ii) Emphasis must be placed on resolution of the complaint not blame; and
                (iii) The investigation must be carried out by a person independent of the person complained about.
                (c) Accessibility:
                (i) The bank must allow customer access to the process at any reasonable point in time; and
                (ii) A joint response must be made when the complaint affects different participants.
                (d) Completeness:

                The complaints officer must find relevant facts, talk to both sides, establish common ground and verify explanations wherever possible;
                (e) Equitability:

                Give equal treatment to all parties.
                (f) Sensitivity:

                Each complaint must be treated on its merits and paying due care to individual circumstances.
                (g) Objectivity for personnel — complaints handling procedures must ensure those complained about are treated fairly which implies:
                (i) Informing them immediately and completely on complaints about performance;
                (ii) Giving them an opportunity to explain and providing appropriate support;
                (iii) Keeping them informed of the progress and result of the complaint investigation;
                (iv) Full details of the complaint are given to those the complaint is made against prior to interview; and
                (v) Personnel must be assured they are supported by the process and should be encouraged to learn from the experience and develop a better understanding of the complaints process.
                (h) Confidentiality:
                (i) In addition to customer confidentiality, the process must ensure confidentiality for staff who have a complaint made against them and the details must only be known to those directly concerned;
                (ii) Customer information must be protected and not disclosed, unless the customer consents otherwise; and
                (iii) Protect the customer and customer's identity as far as is reasonable to avoid deterring complaints due to fear of inconvenience or discrimination.
                (i) Objectivity monitoring:

                Conventional bank licensees must monitor responses to customers to ensure objectivity which could include random monitoring of resolved complaints.
                (j) Charges:

                The process must be free of charge to customers;
                (k) Customer Focused Approach:
                (i) Conventional bank licensees must have a customer focused approach;
                (ii) Conventional bank licensees must be open to feedback; and
                (iii) Conventional bank licensees must show commitment to resolving problems.
                (l) Accountability:

                Conventional bank licensees must ensure accountability for reporting actions and decisions with respect to complaints handling.
                (m) Continual improvement:

                Continual improvement of the complaints handling process and the quality of products and services must be a permanent objective of the conventional bank licensee.
                Amended: January 2012
                October 2011

          • BC-9.4 BC-9.4 Internal Complaint Handling Procedures

            • BC-9.4.1

              A conventional bank licensee's internal complaint handling procedures must provide for:

              (a) The receipt of written complaints;
              (b) The appropriate investigation of complaints;
              (c) An appropriate decision-making process in relation to the response to a customer complaint;
              (d) Notification of the decision to the customer;
              (e) The recording of complaints; and
              (f) How to deal with complaints when a business continuity plan (BCP) is operative.
              October 2011

            • BC-9.4.2

              A conventional bank licensee's internal complaint handling procedures must be designed to ensure that:

              (a) All complaints are handled fairly, effectively and promptly;
              (b) Recurring systems failures are identified, investigated and remedied;
              (c) The number of unresolved complaints referred to the CBB is minimised;
              (d) The employee responsible for the resolution of complaints has the necessary authority to resolve complaints or has ready access to an employee who has the necessary authority; and
              (e) Relevant employees are aware of the conventional bank licensee's internal complaint handling procedures and comply with them and receive training periodically to be kept abreast of changes in procedures.
              October 2011

          • BC-9.5 BC-9.5 Response to Complaints

            • BC-9.5.1

              A conventional bank licensee must acknowledge in writing customer written complaints within 5 working days of receipt.

              October 2011

            • BC-9.5.2

              A conventional bank licensee must respond in writing to a customer complaint within 4 weeks of receiving the complaint, explaining their position and how they propose to deal with the complaint.

              October 2011

            • Redress

              • BC-9.5.3

                A conventional bank licensee should decide and communicate how it proposes (if at all) to provide the customer with redress. Where appropriate, the conventional bank licensee must explain the options open to the customer and the procedures necessary to obtain the redress.

                October 2011

              • BC-9.5.4

                Where a conventional bank licensee decides that redress in the form of compensation is appropriate, the conventional bank licensee must provide the complainant with fair compensation and must comply with any offer of compensation made by it which the complainant accepts.

                October 2011

              • BC-9.5.5

                Where a conventional bank licensee decides that redress in a form other than compensation is appropriate, it must provide the redress as soon as practicable.

                October 2011

              • BC-9.5.6

                Should the customer that filed a complaint not be satisfied with the response received as per Paragraph BC-9.5.2, he can forward the complaint to the Consumer Protection Unit at the CBB within 30 calendar days from the date of receiving the letter.

                Amended: April 2020
                Added: October 2011

          • BC-9.6 BC-9.6 Records of Complaints

            • BC-9.6.1

              A conventional bank licensee must maintain a record of all customers' complaints. The record of each complaint must include:

              (a) The identity of the complainant;
              (b) The substance of the complaint;
              (c) The status of the complaint, including whether resolved or not, and whether redress was provided; and
              (d) All correspondence in relation to the complaint. Such records must be retained by the conventional bank licensees for a period of 5 years from the date of receipt of the complaint.
              October 2011

          • BC-9.7 BC-9.7 Reporting of Complaints

            • BC-9.7.1

              A conventional bank licensee must submit to the CBB's Consumer Protection Unit, 20 days after the end of the quarter, a quarterly report summarising the following:

              (a) The number of complaints received;
              (b) The substance of the complaints;
              (c) The number of days it took the conventional bank licensee to acknowledge and to respond to the complaints; and
              (d) The status of the complaint, including whether resolved or not, and whether redress was provided.
              Amended: April 2020
              Added: October 2011

            • BC-9.7.2

              The report referred to in Paragraph BC-9.7.1 must be sent electronically to complaint@cbb.gov.bh.

              Amended: April 2020
              Added: July 2013

            • BC-9.7.3

              Where no complaints have been received by the licensee within the quarter, a 'nil' report should be submitted to the CBB's Consumer Protection Unit.

              Amended: April 2020
              Added: July 2013

          • BC-9.8 BC-9.8 Monitoring and Enforcement

            • BC-9.8.1

              Compliance with these requirements is subject to the ongoing supervision of the CBB as well as being part of any CBB inspection of a licensee. Failure to comply with these requirements is subject to enforcement measures as outlined in Module EN (Enforcement).

              October 2011

        • BC-10 BC-10 Measures and Procedures for Services Provided to Disabled Customers by Bahraini Retail Banks

          • BC-10.1 BC-10.1 General Requirements

            This Chapter BC-10 is applicable only to Bahraini retail banks that operate 10 or more branches.

            Amended: April 2017

            • BC-10.1.1

              Bahraini retail banks must develop special measures and procedures when providing financial and banking services and transactions for disabled customers to safeguard their rights in requesting and receiving information to ensure equal treatment amongst all customers. Disabled customers must be identified based on the certificate issued by the Ministry of Labour and Social Development or a medical certificate issued by a qualified doctor.

              Amended: April 2017
              Added: April 2016

            • BC-10.1.2

              Bahraini retail banks are encouraged to enhance the disabled customers' access to their ranges of banking services by:

              (a) Liaising with organisations representing disabled customers to provide assistance; and
              (b) Keeping pace with changing technologies involving ATMs, electronic and internet banking.
              Amended: April 2017
              Added: April 2016

            • BC-10.1.3

              Bahraini retail banks must have in place appropriate methods to communicate with the disabled to address their specific needs.

              Amended: April 2017
              Added: April 2016

            • BC-10.1.4

              Bahraini retail banks must ensure that all legal requirements/documentations are taken into consideration when entering into contracts with disabled customers with the aim of protecting the disabled customers and themselves in court cases.

              Amended: April 2017
              Added: April 2016

            • BC-10.1.5

              Bahraini retail banks must ensure that disabled customers are provided full access to all banking and financial services offered by the bank, including the provision of ATM cards on the same basis as for all other bank customers.

              Amended: April 2017
              Added: April 2016

            • BC-10.1.6

              Bahraini retail banks must provide fast track and/or priority services for disabled customers to address their banking needs.

              Amended: April 2017
              Added: April 2016

            • Fees and Charges

              • BC-10.1.7

                Fees and charges on withdrawals, done through bank counters must be waived for all disabled customers.

                Added: April 2016

              • BC-10.1.8

                Monthly fees and charges on current and savings account, including minimum balance charges, must be waived for all disabled customers.

                Added: April 2016

            • Branch and ATM Requirements

              • BC-10.1.9

                Bahraini retail banks must provide at least one branch for serving the disabled customers in line with the requirements in this Module, in addition to the normal branch activities. At least one ATM machine must be provided in the branch to serve the disabled customers.

                Amended: April 2017
                Added: April 2016

              • BC-10.1.10

                To ensure an adequate geographical distribution within the Kingdom of Bahrain, the CBB will expect two specially equipped branches within each governorate of the Kingdom. The geographical distribution will be coordinated by the CBB.

                Added: April 2016

              • BC-10.1.11

                With reference to Paragraph BC-10.1.9, the ATM devices must be equipped with technology specially adapted for customers with disabilities where ATMs must:

                (a) Be wheelchair accessible, ensuring that the ATM is set at an appropriate height and track for movement; and
                (b) Provide Braille alphabet and voice software technology (talking ATM) for the visually impaired customers.
                Added: April 2016

            • Customer Account Numbers

              • BC-10.1.12

                Customer account numbers provided for accounts of disabled customers must be identifiable among other customer accounts to ensure that the disabled customers are offered the specialised services as outlined in this Chapter and that all bank staff offers the bank's services accordingly, whether in person or by phone.

                Added: April 2016

            • In Branch Services

              • BC-10.1.13

                Bahraini retail banks must provide a special priority desk for disabled customers, clearly designated with a special logo. In addition parking facilities and easy access entrances must also be provided.

                Amended: April 2017
                Added: April 2016

              • BC-10.1.14

                Within the branch itself, special layout and signage must be used to facilitate the movement of disabled customers, including the use of any elevators, should this be the case.

                Added: April 2016

            • Training for Bank Staff

              • BC-10.1.15

                Bahraini retail banks must ensure that their staff dealing with disabled customers are enrolled in specialised training to ensure that they are qualified and fully familiar with the use of any specialised technology adapted for such customers and to address any other special requirements in dealing with these customers. Such training must be part of the staff's overall training requirements.

                Amended: April 2017
                Added: April 2016

            • Personal Banking

              • BC-10.1.16

                Bahraini retail banks must provide special door step non-cash financial services to disabled customers.

                Amended: April 2017
                Added: April 2016

          • BC-10.2 BC-10.2 Special Services for Visually Impaired Customers

            • BC-10.2.1

              Bahraini retail banks must provide the following application forms along with the terms and conditions of contracts signed by visually impaired customers for all conducted transactions in Braille format or voice records or screen readers or any other advanced and secured means:

              (a) Account opening forms;
              (b) Facilities contracts;
              (c) Investment and transactions documents;
              (d) Instructions manuals; and
              (e) Customer notifications.
              Amended: April 2017
              Added: April 2016

            • BC-10.2.2

              Bahraini retail banks may accept electronic signatures and electronic finger print as a satisfactory form of signature to meet the needs of the disabled customers. Banks should refer to Legislative Decree No. (54) of 2018 with respect to Electronic Transactions "The Electronic Communications and Transactions Law" and its amendments. Banks may determine the terms and conditions on which the facilities of biometric identification can be extended to the disabled customers.

              Amended: January 2020
              Amended: April 2017
              Added: April 2016

            • BC-10.2.3

              Bahraini retail banks must ensure that two bank employees witness when transactions undertaken by visually impaired customers. In case of customers with visual as well as hearing impairments, Bahraini retail banks must ensure that witnesses (other than bank staff) are present for the signature of any transaction and that documents providing the identity of such witnesses are submitted.

              Amended: April 2017
              Added: April 2016

            • BC-10.2.4

              Bahraini retail banks must provide speaking screens for the priority waiting area of banks for visually impaired customers.

              Amended: April 2017
              Added: April 2016

          • BC-10.3 BC-10.3 Special Services for Hearing Impaired Customers

            • BC-10.3.1

              Bahraini retail banks must ensure that their staff dealing with hearing impaired customers are enrolled in specialised training on sign language or provide a full time translator/interpreter in the bank's premises, dedicated to communicate with such customers.

              Amended: April 2017
              Added: April 2016

            • BC-10.3.2

              To facilitate the implementation of Paragraph BC-10.3.1, retail banks should provide a banking dictionary designed to address banking vocabulary by way of sign language through video clips and pictures to enable such customers to have a clear understanding of the banking terminology being used.

              Amended: April 2017
              Added: April 2016

        • BC-11 BC-11 Financial Advice Programme

          • BC-11.1.1

            All banks must ensure that staff members who provide financial advice to customers are enrolled in the BIBF Financial Advice Programme (“FAP”). Staff members with less than three years of experience must be enrolled for the foundation level course while staff members with three to five years of experience must be enrolled in the Level 2 programme. Staff members with five years of experience must be enrolled for the Level 3 FAP programme. However, FAP is not mandatory for employees who occupy controlled functions or employees who have the Chartered Financial Analyst (CFA) or the Certified Financial Planner (CFP) qualifications.

            Amended: July 2022
            Added: October 2018

          • BC-11.1.2

            All banks must ensure that a suitably experienced designated senior manager monitors compliance with the requirement in BC-11.1.1 on an on-going basis.

            Added: October 2018

          • BC-11.1.3

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: October 2018

    • CA CA Capital Adequacy

      • PART 1: PART 1: Definition of Capital

        • CA-A CA-A Introduction

          • CA-A.1 CA-A.1 Purpose

            • Executive Summary

              • CA-A.1.1

                The purpose of this module is to set out the Central Bank of Bahrain (CBB)'s capital adequacy Rules and provide guidance on the risk measurements for the calculation of capital requirements by Bahraini conventional bank licensees. This requirement is supported by Article 44(c) of the Central Bank of Bahrain and Financial Institutions Law (Decree No. 64 of 2006).

                January 2015

              • CA-A.1.2

                Principle 9 of the Principles of Business requires that conventional bank licensees maintain adequate human, financial and other resources, sufficient to run their business in an orderly manner (see Section PB-1.9). In addition, Condition 5 of CBB's Licensing Conditions (Section LR-2.5) requires conventional bank licensees to maintain financial resources in excess of the minimum requirements specified in Module CA (Capital Adequacy).

                January 2015

              • CA-A.1.3

                This Module also sets out the minimum leverage requirements which relevant banks (referred to in Section CA-B.1) must meet as a condition of their licensing.

                January 2015

              • CA-A.1.4

                The requirements specified in this Module vary according to the inherent risk profile of a licensee, and the volume and type of business undertaken. As one of the principal objectives of the CBB (as outlined in Article 3 of the CBB Law 2006) is the protection of depositors, it is essential to ensure that the capital recognised in regulatory capital measures is readily available for those depositors and to ensure that conventional bank licensees hold sufficient capital to provide some protection against unexpected losses in the normal course of business, and otherwise allow conventional banks to effect an orderly wind-down of their operations. The minimum capital requirements specified here may not be sufficient to absorb all unexpected losses. The CBB therefore may impose more stringent capital requirements than those stated in this Module on certain banks taking into account the riskiness of the activities conducted by the concerned bank (see Paragraph CA-A.1.5A).

                January 2015

              • CA-A.1.5

                The CBB requires that conventional bank licensees maintain adequate capital, in accordance with the requirements of this Module, against their risks. In particular, all Bahraini conventional bank licensees are required to maintain capital adequacy ratios or CARs (both on a solo and a consolidated basis where applicable) above the minimum levels set out in Chapters CA-B and CA-2. Failure to remain above these ratios will result in enforcement and other measures as outlined in Section CA-1.2 and Module EN. The detailed methodology for calculating the CARs is set out in the instructions for the form PIR.

                January 2015

              • CA-A.1.5A

                All Bahraini conventional bank licensees must maintain their own target capital ratios above the supervisory CARs mentioned in Section CA-B.2 (on a solo and on a consolidated basis). Each concerned licensee must observe individual target ratios as agreed with the CBB on a case-by-case basis subject to a methodology to be disclosed in due course.

                January 2015

              • CA-A.1.6

                This module provides support for certain other parts of the Rulebook, mainly:

                (a) Prudential Consolidation and Deduction Requirements;
                (b) Licensing and Authorisation Requirements;
                (c) CBB Reporting Requirements;
                (d) Credit Risk Management;
                (e) Operational Risk Management;
                (f) High Level Controls:
                (g) Relationship with Audit Firms; and
                (h) Enforcement.
                January 2015

            • Legal Basis

              • CA-A.1.7

                This Module contains the CBB's Directive (as amended from time to time) relating to the capital adequacy of conventional bank licensees, and is issued under the powers available to the CBB under Article 38 of the CBB Law. The Directive in this Module is applicable in its entirety to all Bahraini conventional bank licensees.

                January 2015

              • CA-A.1.8

                For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

                January 2015

          • CA-A.2 CA-A.2 Module History

            • CA-A.2.1

              This module was first issued in July 2004 as part of the conventional principles volume. Material changes took place in January 2008 to implement Basel II. Other changes that have subsequently been made to this module are annotated with the calendar quarter date in which the changes were made. Chapter UG-3 provides further guidance on Rulebook maintenance and version control.

              January 2015

            • CA-A.2.1A

              The most recent changes are detailed in the Table below.

              Summary of Changes

              Module Ref. Change Date Description of Changes
              CA-A.2 10/07 Change categorising Module as a Directive
              CA-1 to CA-8 01/08 Extensive changes to implement Basel II
              CA-3.4 04/08 Recognition and mapping of grades for Capital Intelligence
              CA-3.2.15-18 01/09 New guidance and rules on SMEs
              CA-A 01/2011 Various minor amendments to ensure consistency in CBB Rulebook.
              CA-A.2.7 01/2011 Clarified legal basis.
              CA-6, CA-8, CA-9, CA-10, CA-14 & CA-16 01/2012 Changes in respect of July 2009 and February 2011 amendments to Basel II.
              CA-3.2.10 and CA-3.2.11A 04/2012 Amendment made for claims on banks dealing with self-liquidating letters of credit.
              CA-2.1.5, CA-2.1.5A and CA-2.1.5B 04/2013 Clarified Rules dealing with subordinated debt issued.
              CA-2.1.5(h) 10/2013 Added Rule to include limited general provision against unidentified future losses as part of Tier 2.
              CA-11.3.7 10/2013 Clarified Rules for excluding positions of a structural nature from the calculation of the net open currency positions.
              Module CA 01/2015 Extensive changes to implement Basel III.
              CA-1.3.3 04/2015 Existing exemptions in respect of PIR review will cease as at 31st December 2014 for all Bahraini conventional bank licensees.
              CA-2.1.2 04/2015 Underlined the term 'financial instruments' so that it is linked to the glossary definition.
              CA-2.3.5 04/2015 Corrected cross reference.
              CA-2.4.2 04/2015 Clarified that intangible assets other than goodwill and mortgage servicing rights are subject to transitional arrangements and are phased out as regulatory adjustments as outlined in Subparagraph CA-B.2.1(d).
              CA-2.4.12 04/2015 Clarified that shares of the bank held as collateral are considered as shares held indirectly and are subject to deduction under regulatory adjustments.
              CA-2.4.23 and CA-3.2.19A 04/2015 Corrected reference to conventional bank licensee.
              CA-2.4.25 04/2015 Clarified the rule on significant investments in commercial entities by adding cross reference to the definition.
              CA-2A.3.3 04/2015 Paragraph deleted as not applicable on the implementation of the capital conservation buffer.
              CA-B.2.1(d) 07/2015 Amendment made to clarify that during the transition period, the remainder not deducted from capital is subject to the risk weights outlined in the October 2014 version of Chapter CA-3.
              CA-2.4.25 and CA-2.4.26 07/2015 Amendment made to reflect the treatment of the risk weighting for exposures below the threshold limits.
              CA-2.1.6 and CA-2.1.10 01/2016 Updated criteria for AT1 and T2 instruments.
              CA-3.2.4, CA-3.2.4A and CA-3.2.4B 04/2016 Updated risk weightings for claims on non-central government public sector entities (PSEs).
              CA-2.4.25 10/2016 Updated reference of CM Module
              CA-B.1.5 and CA-B.1.6 07/2017 Deleted the term 'financial entity'.
              CA-15 10/2018 Added new Section on Leverage Ratio Requirements.
              CA-3.2.19B 07/2019 Added a new Paragraph on exposures to Social Housing Schemes.
              CA-1.1.6 01/2022 Amended Paragraph.
              CA-1.1.6A 01/2022 Added new Paragraph on reverting from standardised approach to basic indicator approach.
              CA-3.2.19B 10/2022 Amended Paragraph on the implementation of social housing schemes.
              CA-15.7 10/2022 Amended Section on Gearing.
              CA-4.5.7A 01/2023 Added a new Paragraph on recognition of credit default guarantees provided by Tamkeen.

            • Evolution of Module

              • CA-A.2.2

                The contents retained from the previous Module (Capital Adequacy — Conventional Banks) are effective from the dates depicted above.

                January 2015

          • CA-A.3 – CA-A.5

            [Sections CA-A.3 to CA-A.5 were deleted in January 2015.]

            Deleted: January 2015

        • CA-B CA-B Scope of Application and Transitional Rules

          • CA-B.1 CA-B.1 Scope

            • CA-B.1.1

              All Bahraini conventional bank licensees are required to measure and apply capital charges with respect to their credit risk, operational risk and market risks capital requirements.

              January 2015

            • CA-B.1.2

              Rules in this Module are applicable to Bahraini conventional bank licensees on both a solo (i.e. including their foreign branches) and on a consolidated group basis as described below. The applicable ratios and methodology are described in this Chapter and Chapters CA-1 and CA-2 for solo and consolidated CAR calculations.

              January 2015

            • CA-B.1.2A

              The scope of this Module includes the parent bank and all its banking subsidiaries and any other financial entities such as Special Purpose Vehicles (SPVs) which are required to be consolidated for regulatory purposes by the CBB. The assets and liabilities of all such subsidiaries must be fully consolidated on a line-by-line basis. In some cases, the assets of foreign banking subsidiaries will be allowed to be included by way of aggregation (see CA-B.1.4 onward). All other financial activities (both regulated and unregulated) must be captured through consolidation where practical to do so. Generally, majority-owned or controlled financial entities must be fully consolidated according to the methodologies outlined in this Module. If any majority-owned financial entities are not consolidated for capital purposes, all equity and other regulatory capital investments in those entities must be deducted and the assets and liabilities as well as third-party capital investments in the entity must be removed from the conventional bank licensee's balance sheet.

              January 2015

            • CA-B.1.2B

              In addition, this Module applies to conventional bank licensees on a solo basis (also including their foreign branches). This means that the assets and liabilities of subsidiaries referred to in Paragraph CA-B.1.2A must not be included in the balance sheet of the parent bank for the solo capital calculation and all equity and other regulatory capital investments in those entities must be deducted from the applicable components of Total Capital of the parent bank.

              January 2015

            • CA-B.1.2C

              Where a conventional bank licensee has no subsidiaries as referred to in Paragraph CA-B.1.2A, then the consolidated CAR requirements of this Module apply to the conventional bank licensee on a stand-alone basis.

              January 2015

            • CA-B.1.2D

              Although consolidation outlined in this Module are prescribed only for computing regulatory minimum capital, the procedures applied for such consolidation are performed in accordance with applicable accounting standards and best practices which may be subject to change from time to time.

              January 2015

            • CA-B.1.3

              If conventional bank licensees have investments in or control over banking or financial entities, including SPVs, they will also need to apply rules set out in Section CA-2.4 for the calculation of their solo and consolidated Capital Adequacy Ratios (CAR).

              January 2015

            • Full Consolidation Versus Aggregation

              • CA-B.1.4

                Generally, wherever possible, the assets and liabilities of banking subsidiaries must be consolidated on a line-by-line basis using the risk-weighting and other rules and guidance in this Module. In some cases, foreign banking subsidiaries are subject to slightly differing rules by their host regulator. In such cases it may be more convenient to add in the risk-weighted assets of the subsidiary as calculated by host rules rather than by adding in the assets of the subsidiary and subjecting them to CBB requirements and risk weights. This process of using host risk-weights instead of CBB risk-weights is termed 'aggregation'. Also host rules may treat some capital items differently to CBB rules. For example, T2 instruments may have different rules in host countries. There may therefore need to be a 'haircut' to such capital instruments, if the amount allowed by the host regulator is different to the amount of the investment by the parent bank.

                January 2015

              • CA-B.1.5

                For the reasons outlined in Paragraphs CA-B.1.2A to CA-B.1.4, banks must agree the proposed regulatory consolidation or aggregation approach for banking subsidiaries with the CBB and their external auditor.

                Amended: July 2017
                January 2015

              • CA-B.1.6

                If a banking subsidiary is to be consolidated by way of aggregation, the capital and risk weighted assets (RWAs) of the non-resident entity must be shown separately. The parent bank is required to aggregate the subsidiary's eligible capital and RWAs (based on the risk weighting of assets reported by the subsidiary to its host central bank) with its own eligible capital and RWAs respectively.

                Amended: July 2017
                January 2015

              • CA-B.1.7

                Appropriate adjustments must be made to eliminate intra-group exposures.

                January 2015

              • CA-B.1.8

                If a conventional bank operates an Islamic window, the assets of such Islamic window will be risk weighted in accordance with CBB's guidelines for conventional banks.

                January 2015

              • CA-B.1.9

                If a bank in Bahrain is a subsidiary of a non-resident parent bank, the capital adequacy of such bank is determined on a standalone basis.

                January 2015

              • CA-B.1.10

                Majority-owned or controlled financial entity subsidiaries must be adequately capitalised to reduce the possibility of future potential losses to the parent bank. The parent bank must monitor actions taken by the subsidiary to correct any capital shortfall and, if it is not corrected in a timely manner, the shortfall must also be deducted from the parent bank's solo and consolidated capital for regulatory capital purposes.

                January 2015

          • CA-B.2 CA-B.2 Transitional Arrangements

            • CA-B.2.1

              The transitional arrangements for implementing the new standards help to ensure that the banking sector can meet the higher capital standards through reasonable earnings retention and capital raising, while still supporting lending to the economy. The transitional arrangements are as follows:

              (a) Implementation of this Module begins on 1 January 2015. As of 1 January 2015, conventional bank licensees are required to meet the following new minimum CAR requirements taking each component of capital as defined in Chapters CA-2 and CA-2A divided by total risk-weighted assets (RWAs) as defined in Paragraph CA-1.1.3:

              Components of Consolidated CARs
                Optional Minimum Ratio Required
              Core Equity Tier 1 (CET 1)   6.5%
              Additional Tier 1 (AT1) 1.5%  
              Tier 1 (T1)   8%
              Tier 2 (T2) 2%  
              Total Capital   10%
              Capital Conservation Buffer (CCB) (see below)   2.5%
              CARs including CCB
              CET 1 plus CCB   9%
              Tier 1 plus CCB   10.5%
              Total Capital plus CCB   12.5%

              Components of Solo CARs
                Optional Minimum Ratio Required
              Core Equity Tier 1 (CET1)   4.5%
              Additional Tier 1 (AT1) 1.5%  
              Tier 1 (T1)   6.0%
              Tier 2 (T2) 2%  
              Total Capital   8.0%
              Capital Conservation Buffer (CCB) (see below)   0%
              CARs including CCB
              CET 1 plus CCB   N/A
              Tier 1 plus CCB   N/A
              Total Capital plus CCB   N/A
              (b) The difference between the Total Capital plus CCB (Capital Conservation Buffer — see Chapter CA-2A for more details) of 12.5% and the T1 plus CCB requirement (10.5%) for the consolidated CAR can be met with T2 and higher forms of capital;
              (c) The regulatory adjustments (i.e. deductions), including amounts above the aggregate 15% limit for significant investments in financial institutions, mortgage servicing rights, and deferred tax assets from temporary differences, are fully deducted from CET1 by 1 January 2019;
              (d) The regulatory adjustments (refer to Section CA-2.4) begin at 20% of the required adjustments to CET 1 on 1 January 2015, 40% on 1 January 2016, 60% on 1 January 2017, 80% on 1 January 2018, and reach 100% on 1 January 2019. The same transition approach applies to deductions from AT1 and T2 capital. Specifically, the regulatory adjustments to AT1 and T2 capital begin at 20% of the required deductions on 1 January 2015, 40% on 1 January 2016, 60% on 1 January 2017, 80% on 1 January 2018, and reach 100% on 1 January 2019. During the transition period, the remainder of exposures held prior to 1st January 2015 not deducted from capital is subject to the risk weights outlined in the October 2014 version of Chapter CA-3;
              (e) The treatment of capital issued out of subsidiaries and held by third parties (e.g. minority interest) is also phased in. Where such capital is eligible for inclusion in one of the three components of capital according to Paragraphs CA-2.3.1 to CA-2.3.5, it can be included from 1 January 2015. Where such capital is not eligible for inclusion in one of the three components of capital but is included under the existing treatment, 20% of this amount must be excluded from the relevant component of capital on 1 January 2015, 40% on 1 January 2016, 60% on 1 January 2017, 80% on 1 January 2018, and reach 100% on 1 January 2019; and
              (f) Capital instruments that no longer qualify as non-common equity T1 capital or T2 capital are phased out beginning 1 January 2015. Fixing the base at the nominal amount of such instruments outstanding on 1 January 2015, their recognition is capped at 90% from 1 January 2015, with the cap reducing by 10 percentage points in each subsequent year. This cap is applied to AT1 and T2 separately and refers to the total amount of instruments outstanding that no longer meet the relevant entry criteria. To the extent an instrument is redeemed, or its recognition in capital is amortised, after 1 January 2015, the nominal amount serving as the base is not reduced. In addition, instruments with an incentive to be redeemed are treated as follows:
              (i) For an instrument that has a call and a step-up prior to 1 January 2015 (or another incentive to be redeemed), if the instrument is not called at its effective maturity date and on a forward-looking basis meets the new criteria for inclusion in T1 or T2, it continues to be recognised in that tier of capital;
              (ii) For an instrument that has a call and a step-up on or after 1 January 2015 (or another incentive to be redeemed), if the instrument is not called at its effective maturity date and on a forward looking basis meets the new criteria for inclusion in T1 or T2, it continues to be recognised in that tier of capital. Prior to the effective maturity date, the instrument would be considered an "instrument that no longer qualifies as AT1 or T2" and is therefore phased out from 1 January 2015;
              (iii) For an instrument that has a call and a step-up between 12 September 2012 and 1 January 2015 (or another incentive to be redeemed), if the instrument is not called at its effective maturity date and on a forward looking basis does not meet the new criteria for inclusion in T1 or T2, it is fully derecognised in that tier of regulatory capital from 1 January 2015;
              (iv) For an instrument that has a call and a step-up on or after 1 January 2015 (or another incentive to be redeemed), if the instrument is not called at its effective maturity date and on a forward looking basis does not meet the new criteria for inclusion in T1 or T2, it is derecognised in that tier of regulatory capital from the effective maturity date. Prior to the effective maturity date, the instrument would be considered an "instrument that no longer qualifies as AT1 or T2" and is therefore phased out from 1 January 2015; and
              (v) For an instrument that had a call and a step-up on or prior to 12 September 2012 (or another incentive to be redeemed), if the instrument was not called at its effective maturity date and on a forward looking basis does not meet the new criteria for inclusion in T1 or T2, it is considered an "instrument that no longer qualifies as AT1 or T2" and is therefore phased out from 1 January 2015.
              Amended: July 2015
              January 2015

            • CA-B.2.2

              Capital instruments that do not meet the criteria for inclusion in CET1 are excluded from CET1 as of 1 January 2015.

              January 2015

            • CA-B.2.3

              Only those instruments issued before 12 September 2012 qualify for the transition arrangements outlined in Paragraph CA-B.2.1.

              January 2015

        • CA-1 CA-1 General Requirements

          • CA-1.1 CA-1.1 Capital Adequacy Ratio (Definition and Methodology)

            • CA-1.1.1

              A conventional bank licensee's consolidated capital adequacy ratio is calculated by dividing its Consolidated Total Capital by its consolidated risk-weighted assets (RWAs). These items are defined and described in Paragraphs CA-1.1.2 to CA-1.1.8. A diagrammatic description of the formula used to calculate the consolidated CAR is given below.

                                Consolidated Total Capital                 
              RWAs (Credit + Market + Operational Risks)
              January 2015

            • Consolidated Total Capital

              • CA-1.1.2

                Consolidated Total Capital consists of the sum of the following elements:

                (a) T1 (Going-concern):
                (i) CET1 (as defined in Paragraph CA-2.1.2);
                (ii) AT1 (as defined in Paragraph CA-2.1.4); and
                (b) T2 (Gone-concern) as defined in Paragraph CA-2.1.8.
                January 2015

            • Consolidated Risk-Weighted Assets

              • CA-1.1.3

                Consolidated Total RWAs are determined by:

                (a) Multiplying the capital requirements for market risk (see CA-1.1.7) and operational risk (see CA-1.1.6) by 12.5 for the conventional bank licensee and all its consolidated subsidiaries; and
                (b) Adding the resulting figures to the sum of RWAs for credit risk (see CA-1.1.4) and securitisation risk for the conventional bank licensee and all its consolidated subsidiaries (see CA-1.1.5).
                January 2015

              • CA-1.1.4

                For the measurement of their credit risks, conventional bank licensees measure the risks in the standardised approach, applying the measurement framework described in Chapter CA-3 and subject to the credit mitigation techniques outlined in Chapter CA-4 of this Module.

                January 2015

              • CA-1.1.5

                The securitisation framework is set out in Chapter CA-6. Conventional bank licensees must apply the securitisation framework for determining regulatory capital requirements on exposures arising from traditional and synthetic securitisations or similar structures that contain features common to both.

                January 2015

              • CA-1.1.6

                For the measurement of their operational risks, conventional bank licensees have a choice, subject to notification to the CBB, between two broad methodologies:

                (a) The basic indicator approach, by applying the measurement framework described in Chapter CA-7 of this Module; and
                (b) The standardised approach (also in Chapter CA-7) this approach is subject to certain conditions (outlined in Chapter OM-8) and requires the explicit approval of the CBB.
                Amended: January 2022
                Added: January 2015

              • CA-1.1.6A

                For the purpose of Sub-paragraph CA-1.1.6 (b), a licensee must provide appropriate justification and seek CBB’s prior approval, if it wishes to revert from the standardised approach to the basic indicator approach.

                 

                Added: January 2022

              • CA-1.1.7

                For the measurement of their market risk, conventional bank licensees have a choice, subject to the written approval of the CBB, between two broad methodologies:

                (a) One alternative is to measure the risks in a standardised approach, applying the measurement frameworks described in Chapters CA-9 to CA-13 of this Module; and
                (b) The second alternative methodology (i.e. the IMM or internal models approach) is set out in detail in Chapter CA-14 including the procedure for obtaining the CBB's approval. This methodology is subject to the fulfilment of certain conditions. The use of this methodology is, therefore, conditional upon the explicit approval of the CBB.
                January 2015

              • CA-1.1.8

                In light of Paragraphs CA-1.1.3 to CA-1.1.7, each conventional bank licensee's overall capital requirement consists of:

                (a) The credit risk requirements laid down in Chapters CA-2 to CA-6, and including the credit counterparty risk on all over-the-counter derivatives whether in the trading or the banking books (see Chapter CA-8);
                (b) The capital charges for operational risk described in Chapter CA-7; and
                (c) The capital charges for market risks:
                (i) Described in Chapters CA-9 to CA-13 summed arithmetically;
                (ii) Derived from the models approach set out in Chapter CA-14; or
                (iii) A mixture of (i) and (ii) summed arithmetically.
                January 2015

              • CA-1.1.9

                All transactions, including forward sales and purchases, must be included in the calculation of capital requirements as from the date on which they were entered into. Although regular reporting takes place quarterly, conventional bank licensees must manage their risks in such a way that the capital and leverage requirements are being met on a continuous basis, i.e. at the close of each business day. Conventional bank licensees must not "window-dress" by showing significantly lower credit or market risk positions on reporting dates. Conventional bank licensees must maintain strict risk management systems to ensure that intra-day exposures are not excessive. If a conventional bank licensee fails to meet the capital requirements of this Module, the bank must take immediate measures to rectify the situation as detailed in Section CA-1.2.

                January 2015

            • Solo Capital Adequacy Ratio

              • CA-1.1.10

                A conventional bank licensee's solo capital adequacy ratio is calculated by dividing its Solo Total Capital by its Solo RWAs as described in Paragraph CA-1.1.11 and CA-1.1.12 without consolidating the assets and liabilities of subsidiaries referred to Paragraph CA-B.1.2A into the balance sheet of the parent bank.

                January 2015

            • Solo Total Capital

              • CA-1.1.11

                Solo Total Capital consists of the sum of the following elements:

                (a) T1 (Going-concern):
                (i) CET1 for the parent bank only (as defined in Paragraph CA-2.1.2 but deducting item (c) before applying regulatory adjustments in item (d);
                (ii) AT1 for the parent bank only (as defined in Paragraph CA-2.1.4 but deducting item (c) before applying regulatory adjustments in item (d); and
                (b) T2 (Gone-concern) for the parent bank only as defined in Paragraph CA-2.1.8 but deducting item (c) before applying regulatory adjustments in item (d).
                January 2015

            • Solo Risk-Weighted Assets

              • CA-1.1.12

                Solo Total RWAs are determined by:

                (a) Multiplying the capital requirements for market risk (see CA-1.1.7) and operational risk (see CA-1.1.6) by 12.5 for the parent bank alone; and
                (b) Adding the resulting figures to the sum of risk-weighted assets for credit risk (see CA-1.1.4) and securitisation risk for the parent bank alone (see CA-1.1.5).
                January 2015

              • CA-1.1.13

                For the purpose of this Module the solo CAR may be shown diagrammatically as below.

                                            Total Capital                           
                RWAs (Credit + Market + Operational Risks)
                January 2015

          • CA-1.2 CA-1.2 Reporting

            • CA-1.2.1

              Formal reporting to the CBB of capital adequacy must be made in accordance with the requirements set out under Section BR-3.1.

              January 2015

            • CA-1.2.2

              All Bahraini conventional bank licensees must provide the CBB, with immediate written notification (i.e. by no later than the following business day) of any actual breach of the minimum ratios outlined in Subparagraph CA-B.2.1 (a). Where such notification is given, the conventional bank licensee must also:

              (a) Provide the CBB no later than one calendar week after the notification, with a written action plan setting out how the conventional bank licensee proposes to restore the relevant ratios to the required minimum level(s), further, describing how the conventional bank licensee will ensure that a breach of such ratios will not occur again in the future;
              (b) Provide the CBB with weekly reports basis thereafter on the conventional bank licensee's relevant ratios until such ratios have reached the required minimum, level(s) described in Subparagraph CA-B.2.1(a); and
              (c) Take additional note of the Capital Conservation plan requirements in Chapter CA-2A where additional action is required when the Capital Conservation Buffer has been breached.
              January 2015

            • CA-1.2.3

              The conventional bank licensee is required to submit form PIR to the CBB on a weekly basis, until the concerned CARs identified in Paragraph CA-1.2.2 exceed the required minimum ratios.

              January 2015

            • CA-1.2.4

              The CBB will notify conventional bank licensees in writing of any action required of them with regard to the corrective and preventive action (as appropriate) proposed by the conventional bank licensee pursuant to the above, as well as of any other requirement of the CBB in any particular case.

              January 2015

            • CA-1.2.5

              Conventional bank licensees must note that the CBB considers the breach of regulatory CARs to be a very serious matter. Consequently, the CBB may (at its discretion) subject a conventional bank licensee which breaches its CAR(s) to a formal licensing reappraisal. Such reappraisal may be effected either through the CBB's own inspection function or through the use of appointed experts, as appropriate. Following such appraisal, the CBB will notify the conventional bank licensee concerned in writing of its conclusions with regard to the continued licensing of the conventional bank licensee.

              January 2015

            • CA-1.2.6

              The CBB recommends that the conventional bank licensee's compliance officer support and cooperate with the CBB in the monitoring and reporting of the CARs and other regulatory reporting matters. Compliance officers should ensure that their conventional bank licensees have adequate internal systems and controls to comply with these rules.

              January 2015

          • CA-1.3 CA-1.3 Review of Prudential Information Returns

            • CA-1.3.1

              The CBB requires all conventional bank licensees to request their external auditor to conduct a review of the prudential returns on a quarterly basis in accordance with the requirements set out under Section BR-3.1.

              January 2015

            • CA-1.3.2

              If a conventional bank licensee provides prudential returns without any reservation from auditors for two consecutive quarters, it can apply for exemption from such review for a period to be decided by CBB.

              January 2015

            • CA-1.3.3

              For Bahraini conventional bank licensees, all existing exemptions in respect of PIR review as at 31st December 2014 will cease.

              Amended: April 2015
              January 2015

            • CA-1.3.4

              Conventional bank licensees' daily compliance with the capital requirements for credit and market risk must be verified by the independent risk management department and the internal auditor.

              January 2015

        • CA-2 CA-2 Regulatory Capital

          • CA-2.1 CA-2.1 Regulatory Capital

            • Tier 1 (T1)

              • CA-2.1.1

                The predominant form of T1 capital must be common shares and retained earnings (hereafter referred to as CET1). Deductions from capital and prudential filters are applied at the level of CET1 (see CA-2.1 to CA-2.4 for a more detailed explanation). The remainder of the T1 capital base must be comprised of instruments that are subordinated, have fully discretionary non-cumulative dividends or coupons and have neither a maturity date nor an incentive to redeem.

                January 2015

            • Common Equity Tier 1 (CET1)

              • CA-2.1.2

                CET1 capital consists of the sum of the following items (a) to (d) below:

                (a) Issued and fully paid common shares that meet the criteria for classification as common shares for regulatory purposes (see Paragraph CA-2.1.3);
                (b) Disclosed reserves including:
                (i) General reserves;
                (ii) Legal / statutory reserves;
                (iii) Share premium;
                (iv) Fair value reserves arising from fair valuing financial instruments; and
                (v) Retained earnings or losses (including net profit and loss for the reporting period, whether reviewed or audited);
                (c) Common shares issued by consolidated banking subsidiaries of the conventional bank licensee and held by third parties (i.e. minority interest) that meet the criteria for inclusion in CET1. See Section CA-2.3 for the relevant criteria; and
                (d) Regulatory adjustments applied in the calculation of CET1 (see Section CA-2.4).
                Amended: April 2015
                January 2015

              • CA-2.1.2A

                For unrealised fair value reserves relating to financial instruments to be included in CET1 Capital, conventional bank licensees and their auditor must only recognise such gains or losses that are prudently valued and independently verifiable (e.g. by reference to market prices). The CBB will closely review the components and extent of unrealised gains and losses and will exclude any that do not have reference to independent valuations (i.e. those made by bank management alone will not be included) or which are not deemed to be made on a prudent basis. As such, the prudent valuations, and the independent verification thereof, are mandatory. Unrealised gains and losses that have resulted from changes in the fair value of liabilities that are due to changes in the bank's own credit risk must be derecognised in the calculation of CET1.

                January 2015

              • CA-2.1.3

                For a common share to be included in CET1, it must meet the following criteria:

                (a) It is directly issued to shareholders and fully paid in;
                (b) It is non-cumulative;
                (c) It is able to absorb losses within the conventional bank licensee on a going-concern basis;
                (d) It is neither secured nor covered by a guarantee of the issuer or a related entity or any other arrangement that legally or economically enhances the seniority of the claim vis-à-vis bank creditors;
                (e) It represents the most subordinated claim in liquidation of the conventional bank licensee (i.e. it is junior to depositors, general creditors, and subordinated debt of the bank);
                (f) It is entitled to a claim on the residual assets that is proportional with its share of issued capital, after all senior claims have been repaid in liquidation (i.e. it has an unlimited and variable claim, not a fixed or capped claim);
                (g) Its principal is perpetual and never repaid outside of liquidation;
                (h) The conventional bank licensee does nothing to create an expectation at issuance that the instrument will be bought back, redeemed or cancelled nor do the statutory or contractual terms provide any feature which might give rise to such an expectation;
                (i) Distributions are paid out of distributable items (retained earnings included). The level of distributions is not in any way tied or linked to the amount paid in at issuance and is not subject to a contractual cap (except to the extent that a bank is unable to pay distributions that exceed the level of distributable items);
                (j) There are no circumstances under which the distributions are obligatory. Non-payment is therefore not an event of default;
                (k) Distributions are paid only after all legal and contractual obligations have been met and payments on more senior capital instruments have been made. This means that there are no preferential distributions;
                (l) It is the issued capital that takes the first and proportionately greatest share of any losses as they occur;
                (m) The paid in amount is recognised as equity capital (i.e. it is not recognised as a liability) for determining balance sheet insolvency;
                (n) The paid in amount is classified as equity under IFRS and disclosed separately in the financial statements;
                (o) The conventional bank licensee cannot directly or indirectly have funded the purchase of the instrument (i.e. treasury shares and shares purchased or funded by the conventional bank licensee for employee share purchase schemes must be deducted from CET1, and are subject to the 10% limit under the Commercial Companies' Law. Any of the conventional bank licensee's own shares used as collateral for the advance of funds to its customers must be deducted from CET1 and are also subject to the above 10% limit); and
                (p) It is only issued with the approval of the shareholders of the issuing conventional bank licensee.
                January 2015

            • Additional Tier 1 Capital (AT1)

              • CA-2.1.4

                AT1 capital consists of the sum of the items (a ) to (d):

                (a) Instruments issued by the bank that meet the criteria for inclusion in AT1 outlined in Paragraph CA-2.1.6;
                (b) Stock surplus (share premium) resulting from the issue of instruments included in AT1;
                (c) Instruments issued by consolidated subsidiaries of the bank and held by third parties that meet the criteria for inclusion in AT1 and are not included in CET1. See section CA-2.3 for the relevant criteria; and
                (d) Regulatory adjustments applied in the calculation of AT1 (see CA-2.4).
                January 2015

              • CA-2.1.5

                [This paragraph has been left blank.]

                January 2015

              • CA-2.1.6

                For an instrument to be included in AT1, it must meet or exceed all the criteria below:

                (a) It is issued and paid-in;
                (b) It is subordinated to depositors, general creditors and subordinated debt of the conventional bank licensee;
                (c) It is neither secured nor covered by a guarantee of the issuer or related entity or other arrangement that legally or economically enhances the seniority of the claim vis-à-vis conventional bank licensee creditors;
                (d) It is perpetual, i.e. there is no maturity date and there are no step-ups or other incentives to redeem;
                (e) It may be callable at the initiative of the issuer only after a minimum of five years and a conventional bank licensee must not do anything which creates an expectation that the call will be exercised. A conventional bank licensee may not exercise such a call option without receiving prior written approval of the CBB and the called instrument is replaced with capital of the same or better quality; or the conventional bank licensee demonstrates that its capital position is well above the minimum capital requirements after the call option is exercised;
                (f) In all early call situations, replacement of existing capital must be done at conditions which are sustainable for the income capacity of the conventional bank licensee;
                (g) Any repayment of principal (e.g. through repurchase or redemption) must be with prior written approval of the CBB and the conventional bank licensee must not assume or create market expectations that supervisory approval will be given;
                (h) The conventional bank licensee must have full discretion at all times to cancel distributions/payments. This means that 'dividend pushers' are prohibited. A dividend pusher obliges a bank to make a dividend or coupon payment on an instrument if it has made a payment on another capital instrument or share. Also features that require the conventional bank licensee to make distributions in kind are not permitted;
                (i) Cancellation of discretionary payments must not be an event of default;
                (j) Conventional bank licensees must have full access to cancelled payments to meet obligations as they fall due;
                (k) Cancellation of distributions/payments must not impose restrictions on the conventional bank licensee except in relation to distributions to common stockholders;
                (l) Dividends/coupons must be paid out of distributable items;
                (m) The instrument cannot have a credit sensitive dividend feature (this might serve to increase the dividend payable if a bank's credit rating falls from A to BBB, for example) which may lead to the dividend/coupon being reset periodically based in whole or in part on the conventional bank licensee's credit standing;
                (n) The instrument cannot contribute to liabilities exceeding assets if such a balance sheet test forms part of national insolvency law. This means that instruments accounted for as liabilities must be able to be written down in some way as described in subparagraph (o);
                (o) All instruments must have principal loss absorption through either (i) conversion to common shares at an objective pre-specified trigger event; or (ii) a write-down mechanism which allocates losses to the instrument at a pre-specified trigger event. The write-down will reduce the claim of the instrument in liquidation and reduce the amount that will be re-paid when a call is exercised and partially or fully reduce coupon/dividend payments on the instrument;
                (p) Neither the conventional bank licensee nor a related party over which it exercises control or significant influence can have purchased the instrument, nor can the conventional bank licensee directly or indirectly have funded the purchase of the instrument. This also means that own holdings of AT1 instruments and AT1 instruments purchased or funded by the bank for employee share purchase schemes must be deducted from AT1. Any of the conventional bank licensee's AT1 instruments used as collateral for the advance of funds to its customers must be deducted from AT1 ;
                (q) The instrument cannot have any features that hinder recapitalisation, such as provisions that require the issuer to compensate investors if a new instrument is issued at a lower price during a specified time frame; and
                (r) If the instrument is not issued out of a fully consolidated subsidiary bank or the parent conventional bank licensee in the consolidated group (e.g. a special purpose vehicle — "SPV"), proceeds must be immediately available without limitation to the parent bank in the consolidated group in a form which meets or exceeds all of the other criteria for inclusion in AT1.
                Amended: January 2016
                January 2015

              • CA-2.1.7

                [This paragraph has been left blank.]

                January 2015

              • CA-2.1.7A

                The issuance of any new shares as a result of a trigger event must occur prior to any public sector injection of capital so that the capital provided by the public sector is not diluted.

                January 2015

              • CA-2.1.7B

                Where an issuing bank or SPV is part of a banking group and the issuer wishes the instrument to be included in the capital base of the group (in addition to its solo capital where applicable), the terms and conditions must specify an additional trigger event.

                January 2015

              • CA-2.1.7C

                Any common stock paid as compensation to the holders of the instrument must be common stock of either the issuing bank or the parent bank of the group (including any successor in resolution).

                January 2015

            • Write Down or Conversion of Additional Tier 1 Instruments

              • CA-2.1.7D

                For the purposes of Subparagraph CA-2.1.6(o), the following provisions apply to AT1 instruments accounted for as liabilities:

                (a) A trigger event occurs when the CET1 capital ratio of the conventional bank licensee institution referred to in Subparagraph CA-B.2.1(a) falls below either of the following:
                (i) 7.0%;
                (ii) A level higher than 7.0 %, where determined by the conventional bank licensee and specified in the provisions governing the instrument; and
                (b) Conventional bank licensees may specify in the provisions governing the instrument one or more trigger events in addition to that referred to in Subparagraph (a).
                January 2015

              • CA-2.1.7E

                Where the provisions governing AT1 instruments require them to be converted into CET1 instruments upon the occurrence of a trigger event, those provisions must specify either of the following:

                (a) The rate of such conversion and a limit on the permitted amount of conversion; or
                (b) A range within which the instruments will convert into CET1 instruments.
                January 2015

              • CA-2.1.7F

                Where the provisions governing AT1 instruments require their principal amount to be written down upon the occurrence of a trigger event, the write down must reduce all the following:

                (a)The claim of the holder of the instrument in the insolvency or liquidation of the conventional bank licensee;
                (b)The amount required to be paid in the event of the call or redemption of the instrument; and
                (c)The distributions made on the instrument.
                January 2015

              • CA-2.1.7G

                Write down or conversion of an AT1 instrument must, under the applicable accounting framework, generate items that qualify as CET1 items.

                January 2015

              • CA-2.1.7H

                The amount of AT1 instruments recognised in AT1 items is limited to the minimum amount of CET1 items that would be generated if the principal amount of the AT1 instruments were fully written down or converted into CET1 instruments.

                January 2015

              • CA-2.1.7I

                The aggregate amount of AT1 instruments that is required to be written down or converted upon the occurrence of a trigger event must be no less than the lower of the following:

                (a)The amount required to restore fully the CET1 ratio of the conventional bank licensee to 7.0 %; and
                (b)The full principal amount of the instrument.
                January 2015

              • CA-2.1.7J

                When a trigger event occurs conventional bank licensees must do the following:

                (a) Immediately inform the CBB;
                (b) Inform the holders of the AT1 instruments; and
                (c) Write down the principal amount of the AT1 instruments, or convert the instruments into CET1 instruments without delay, but no later than within one month, in accordance with the requirement laid down in this Section.
                January 2015

              • CA-2.1.7K

                A conventional bank licensee issuing AT1 instruments that convert to CET1 on the occurrence of a trigger event must ensure that its authorised share capital is at all times sufficient, for converting all such convertible AT1 instruments into shares if a trigger event occurs.

                January 2015

              • CA-2.1.7L

                All necessary authorisations must be obtained at the date of issuance of such convertible AT1 instruments. The conventional bank licensee must maintain at all times the necessary prior authorisation from the CBB to issue the CET1 instruments into which such AT1 instruments would convert upon occurrence of a trigger event.

                January 2015

              • CA-2.1.7M

                A conventional bank licensee issuing AT1 instruments that convert to CET1 on the occurrence of a trigger event must ensure that there are no procedural impediments to that conversion by virtue of its incorporation or statutes or contractual arrangements.

                January 2015

            • Consequences of the Conditions for AT1 Instruments Ceasing to Be Met

              • CA-2.1.7N

                The following must apply where, in the case of an AT1 instrument, the conditions laid down in Paragraph CA-2.1.6 cease to be met:

                (a) That instrument must immediately cease to qualify as an AT1 instrument; and
                (b) The part of the share premium accounts that relates to that instrument must immediately cease to qualify as an AT1 item.
                January 2015

            • Tier 2 Capital (T2)

              • CA-2.1.8

                T2 capital consists of the sum of the following items:

                (a) Instruments issued by the conventional bank licensee that meet the criteria for inclusion in T2 outlined in Paragraph CA-2.1.10;
                (b) Stock surplus (share premium) resulting from the issue of instruments included in T2;
                (c) Instruments issued by consolidated subsidiaries of the conventional bank licensee and held by third parties that meet the criteria for inclusion in T2 capital and are not included in T1. See CA-2.3 for the relevant criteria;
                (d) General loan loss provisions held against future, presently unidentified losses and are freely available to meet losses which subsequently materialise and qualify for inclusion within T2. Such general loan loss provisions which are eligible for inclusion in T2 will be limited to a maximum of 1.25 percentage points of credit risk-weighted risk assets. Provisions ascribed to identified deterioration of particular assets or known liabilities, whether individual or grouped, must be excluded;
                (e) Regulatory adjustments applied in the calculation of T2 (see CA-2.4); and
                (f) Asset revaluation reserves which arise from the revaluation of fixed assets from time to time in line with the change in market values, and are reflected on the face of the balance sheet as a revaluation reserve. Similarly, gains may also arise from revaluation of Investment Properties (real estate). These reserves (including the net gains on investment properties) may be included in T2 capital, with the concurrence of the external auditor, provided that the assets are prudently valued, fully reflecting the possibility of price fluctuation and forced sale.
                January 2015

              • CA-2.1.9

                The treatment of instruments issued out of consolidated subsidiaries of the conventional bank licensee and the regulatory adjustments applied in the calculation of T2 are addressed in Section CA-2.3.

                January 2015

              • CA-2.1.10

                For an instrument to be included in T2(see CA-2.1.8(a)), it must meet all the criteria below:

                (a) It is issued and paid-in;
                (b) It is subordinated to depositors and general creditors of the conventional bank licensee;
                (c) It is neither secured nor covered by a guarantee of the issuing conventional bank licensee or related entity or other arrangement that legally or economically enhances the seniority of the claim vis-à-vis depositors and general creditors of the conventional bank licensee;
                (d) It must have a minimum maturity of at least 5 years and it will be amortised on a straight line basis in the remaining five years before maturity and there are no step-ups or other incentives to redeem;
                (e) It may be callable at the initiative of the conventional bank licensee only after a minimum of five years and the conventional bank licensee must not do anything which creates an expectation that the call will be exercised. The conventional bank licensee may not exercise such a call option without receiving written prior approval of the CBB and the called instrument must be replaced with capital of the same or better quality; or the conventional bank licensee demonstrates that its capital position is well above the minimum capital requirements after the call option is exercised. In all early call situations, any replacement of existing capital must be done at conditions which are sustainable for the income capacity of the conventional bank licensee;
                (f) The investor must have no rights to accelerate the repayment of future scheduled payments (coupon or principal), except in bankruptcy and liquidation;
                (g) The instrument cannot have a credit sensitive dividend/coupon that is reset periodically based in whole or in part on the conventional bank licensee's credit standing;
                (h) Neither the conventional bank licensee nor a related party over which the bank exercises control or significant influence can have purchased the instrument, nor can the conventional bank licensee directly or indirectly have funded the purchase of the instrument. This means own holdings of T2 instruments and T2 purchased or funded by the conventional bank licensee for employee share purchase schemes must be deducted from T2. Any of the conventional bank licensee's own T2 instruments used as collateral for the advance of funds to its customers must be deducted from T2;
                (i) If the instrument is not issued out of a fully consolidated subsidiary bank or the parent conventional bank licensee in the consolidated group (e.g. a special purpose vehicle — "SPV"), proceeds must be immediately available without limitation to the parent conventional bank licensee in the consolidated group in a form which meets or exceeds all of the other criteria for inclusion in T2; and
                (j) All T2 Instruments must have principal loss absorption through either (i) conversion to common shares at an objective pre-specified trigger event; or (ii) a write-down mechanism which allocates losses to the instrument at a pre-specified trigger event. The write-down will reduce the claim of the instrument in liquidation and reduce the amount that will be re-paid when a call is exercised and partially or fully reduce coupon/dividend payments on the instrument;
                Amended: January 2016
                January 2015

              • CA-2.1.11

                [This paragraph has been left blank.]

                January 2015

              • CA-2.1.11A

                The issuance of any new shares as a result of a trigger event must occur prior to any public sector injection of capital so that the capital provided by the public sector is not diluted.

                January 2015

              • CA-2.1.11B

                Where an issuing bank or SPV is part of a banking group and the issuer wishes the instrument to be included in the capital base of the group (in addition to its solo capital where applicable), the terms and conditions must specify an additional trigger event.

                January 2015

              • CA-2.1.11C

                Any common stock paid as compensation to the holders of the instrument must be common stock of either the issuing bank or the parent bank of the group (including any successor in resolution).

                January 2015

            • Write Down or Conversion of Tier 2 Instruments

              • CA-2.1.11D

                For the purposes of Subparagraph CA-2.1.10(j), the following provisions apply to T2 instruments accounted for as liabilities:

                (a) A trigger event occurs when the CET1 capital ratio of the conventional bank licensee institution referred to in Subparagraph CA-B.2.1(a) falls below either of the following:
                (i) 7.0%; or
                (ii) A level higher than 7.0 %, where determined by the conventional bank licensee and specified in the provisions governing the instrument; and
                (b) Conventional bank licensees may specify in the provisions governing the instrument one or more trigger events in addition to that referred to in Subparagraph (a).
                January 2015

              • CA-2.1.11E

                Where the provisions governing T2 instruments require them to be converted into CET1 instruments upon the occurrence of a trigger event, those provisions must specify either of the following:

                (a) The rate of such conversion and a limit on the permitted amount of conversion; or
                (b) A range within which the instruments will convert into CET1 instruments.
                January 2015

              • CA-2.1.11F

                Where the provisions governing T2 instruments require their principal amount to be written down upon the occurrence of a trigger event, the write down must reduce all the following:

                (a) The claim of the holder of the instrument in the insolvency or liquidation of the conventional bank licensee;
                (b) The amount required to be paid in the event of the call or redemption of the instrument; and
                (c) The distributions made on the instrument.
                January 2015

              • CA-2.1.11G

                Write down or conversion of a T2 instrument must, under the applicable accounting framework, generate items that qualify as CET1 items.

                January 2015

              • CA-2.1.11H

                The amount of T2 instruments recognised in T2 items is limited to the minimum amount of CET1 items that would be generated if the principal amount of the T2 instruments were fully written down or converted into CET1 instruments.

                January 2015

              • CA-2.1.11I

                The aggregate amount of T2 instruments that is required to be written down or converted upon the occurrence of a trigger event must be no less than the lower of the following:

                (a) The amount required to restore fully the CET1 ratio of the conventional bank licensee to 7.0 %; and
                (b) The full principal amount of the instrument.
                January 2015

              • CA-2.1.11J

                When a trigger event occurs conventional bank licensees must do the following:

                (a)Immediately inform the CBB;
                (b)Inform the holders of the T2 instruments; and
                (c)Write down the principal amount of the T2 instruments, or convert the instruments into CET1 instruments without delay, but no later than within one month, in accordance with the requirement laid down in this Section.
                January 2015

              • CA-2.1.11K

                A conventional bank licensee issuing T2 instruments that convert to CET1 on the occurrence of a trigger event must ensure that its authorised share capital is at all times sufficient, for converting all such convertible T2 instruments into shares if a trigger event occurs.

                January 2015

              • CA-2.1.11L

                All necessary authorisations must be obtained at the date of issuance of such convertible T2 instruments. The conventional bank licensee must maintain at all times the necessary prior authorisation from the CBB to issue the CET1 instruments into which such T2 instruments would convert upon occurrence of a trigger event.

                January 2015

              • CA-2.1.11M

                A conventional bank licensee issuing T2 instruments that convert to CET1 on the occurrence of a trigger event must ensure that there are no procedural impediments to that conversion by virtue of its incorporation or statutes or contractual arrangements.

                January 2015

            • Consequences of the Conditions for T2 Instruments Ceasing to be Met

              • CA-2.1.11N

                The following must apply where, in the case of a T2 instrument, the conditions laid down in CA-2.1.10 cease to be met:

                (a) That instrument must immediately cease to qualify as a T2 instrument; and
                (b) The part of the share premium accounts that relates to that instrument must immediately cease to qualify as a T2 item.
                January 2015

          • CA-2.2 CA-2.2 Limits and Minima on the Use of Different Forms of Capital

            • Consolidated T1 Capital and Total Capital

              • CA-2.2.1

                CAR components and CARs outlined in Paragraph CA-B.2.1 must meet or exceed the following minimum ratios relative to total risk-weighted assets:

                (a) CET1 must be at least 6.5% of risk-weighted assets at all times;
                (b) T1 Capital must be at least 8% of risk-weighted assets at all times;
                (c) Total Capital (T1 Capital plus T2 Capital) must be at least 10% of risk-weighted assets at all times;
                (d) In addition, conventional bank licensees must meet the minimum Capital Conservation Buffer (CCB) requirement of 2.5% of risk-weighted assets. The CCB must be composed of CET1 and so this gives an aggregate 9% CET1 including the CCB minimum capital requirement;
                (e) A minimum 10.5% T1 Capital Adequacy Ratio including the above CCB requirement; and
                (f) A 12.5% minimum Total Capital Adequacy Ratio including the above CCB requirement.
                January 2015

            • Solo Tier 1 Capital and Total Capital

              • CA-2.2.1A

                CAR components and CARs outlined in Paragraph CA-B.2.1 must meet or exceed the following minimum ratios on a solo basis relative to total risk-weighted assets:

                (a) CET1 must be at least 4.5% of risk-weighted assets at all times;
                (b) T1 Capital must be at least 6% of risk-weighted assets at all times;
                (c) Total Capital (T1 Capital plus T2 Capital) must be at least 8% of risk-weighted assets at all times; and
                (d) The minimum Capital Conservation Buffer (CCB) requirement of 2.5% of risk-weighted assets does not apply on a solo basis.
                January 2015

              • CA-2.2.2

                CET1 must be the predominant form of capital. Accordingly, the contribution of AT1 instruments towards the Minimum T1 Capital Ratios mentioned in Paragraphs CA-2.2.1 and CA-2.2.1A is limited to 1.5%.

                January 2015

              • CA-2.2.3

                The limits on AT1 instruments and T2 instruments are based on the amount of CET1 after deductions pursuant to CA-2.4 (see Appendices CA-22 and CA-23 for examples of the threshold deduction effects and the caps).

                January 2015

            • Tier 2: Supplementary Capital

              • CA-2.2.4

                The contribution of T2 capital towards the Minimum Total Capital Ratios and Minimum Total Capital plus Capital Conservation Buffer Ratios mentioned in Paragraphs CA-2.2.1 (consolidated) and CA-2.2.1A (solo) is limited to 2.0%.

                January 2015

              • CA-2.2.5

                To explain the limits outlined in Paragraph CA-2.2.4 on the contributions of AT1 and T2 Capital to T1 and Total Capital, a simple example is given below where a conventional bank licensee has BD650mn of Core Equity Tier One Capital and BD200mn of AT1 and BD300mn of T2 Capital and BD10,000mn of total risk-weighted assets:

                (a) 6.5% CET1 = BD650mn;
                (b) 8.0% T1 = BD800mn (i.e. only BD150mn of the AT1 may be included in the T1 minimum requirement);
                (c) 10% Total Capital = BD1,000 mn (i.e. only BD200mn of the T2 Capital may be included in the Total Capital requirement).

                This means that if the conventional bank licensee only has BD650mn of CET1, it cannot comply with the additional Capital Conservation Buffer Requirement of 2.5% nor can it use excess AT1 or T2 Capital to meet this requirement. Although it would appear that the conventional bank licensee has BD1,150mn of total capital, only BD1,000 can be used to meet the minimum ratios. This example serves to underline the importance of CET1. Unless a conventional bank licensee can meet the CET1 minimum CARs of 6.5% and 9.0% mentioned above, it may not be able to meet any of the other minimum capital adequacy ratios outlined in Paragraph CA-2.2.1.

                January 2015

          • CA-2.3 CA-2.3 Minority Interest Held by Third Parties in Consolidated Banking Subsidiaries

            • Common Shares Issued by Consolidated Banking Subsidiaries

              • CA-2.3.1

                In order for minority interest arising from the issue of common shares by a fully consolidated subsidiary of the conventional bank licensee to be recognised in CET1 for the consolidated CAR calculation, it must meet the following conditions:

                (a) The instrument giving rise to the minority interest would, if issued by the conventional bank licensee, meet all of the criteria for classification as common shares for regulatory capital purposes;
                (b) The subsidiary that issued the instrument is itself a bank1'2; and
                (c) The subsidiary meets the limits outlined in Paragraph CA-2.3.2.

                1 For the purposes of this paragraph, any institution that is subject to the same minimum prudential standards and level of supervision as a bank may be considered to be a bank.

                2 Minority interest in a subsidiary that is a bank is strictly excluded from the parent bank's common equity if the parent bank or affiliate has entered into any arrangements to fund directly or indirectly minority investment in the subsidiary whether through an SPV or through another vehicle or arrangement. The treatment outlined above, thus, is strictly available where all minority investments in the bank subsidiary solely represent genuine third party common equity contributions to the subsidiary.

                January 2015

              • CA-2.3.2

                The amount of minority interest meeting the criteria above that will be recognised in consolidated CET1 will be calculated as follows:

                (a) Total minority interest meeting the criteria in Paragraph CA-2.3.1 minus the amount of the surplus CET1 of the subsidiary attributable to the minority shareholders;
                (b) Surplus CET1 of the subsidiary is calculated as the CET1 of the subsidiary minus the lower of:
                (i) The minimum CET1 requirement of the subsidiary plus the capital conservation buffer (CCB) (i.e. 7.0% of risk weighted assets or more as required by the concerned supervisor) and;
                (ii) The portion of the consolidated minimum CET1 requirement plus the CCB (i.e. 9.0% of consolidated risk weighted assets) that relates to the subsidiary; and
                (c) The amount of the surplus CET1 that is attributable to the minority shareholders is calculated by multiplying the surplus CET1 by the percentage of CET1 that is held by minority shareholders.
                January 2015

              • CA-2.3.2A

                Appendix CA-1 outlines an example of the effect of an allocation of minority interest between the parent bank and minority shareholders in the fully consolidated subsidiary.

                January 2015

            • AT1 Qualifying Capital Issued by Consolidated Banking Subsidiaries

              • CA-2.3.3

                AT1 capital instruments issued by a fully consolidated banking subsidiary of the conventional bank licensee to third party investors (including amounts under Paragraph CA-2.3.2) may receive recognition in T1 capital only if the instruments would, if issued by the conventional bank licensee, meet all of the criteria for classification as T1. The amount of this AT1 that will be recognised in consolidated AT1 will exclude amounts recognised in consolidated CET1 under Paragraph CA-2.3.2 and will be calculated as follows:

                (a) T1 of the subsidiary issued to third parties minus the amount of the surplus T1 of the subsidiary attributable to the third party investors;
                (b) Surplus T1 of the subsidiary is calculated as the T1 of the subsidiary minus the lower of: (1) the minimum T1 requirement of the subsidiary plus the CCB and (2) the portion of the consolidated minimum T1 requirement plus the CCB that relates to the subsidiary; and
                (c) The amount of the surplus T1 that is attributable to the third party investors is calculated by multiplying the surplus T1 by the percentage of T1 that is held by third party investors.
                January 2015

            • T2 Qualifying Capital issued by Consolidated Banking Subsidiaries

              • CA-2.3.4

                T2 instruments issued by a fully consolidated banking subsidiary of the conventional bank licensee to third party investors (including amounts under Paragraphs CA-2.3.2 and CA-2.3.3) may receive recognition in consolidated Total Capital only if the instruments would, if issued by the conventional bank licensee, meet all of the criteria for classification as T2. The amount of this T2 that will be recognised in the parent bank's T2 will exclude amounts recognised in CET1 under Paragraph CA-2.3.2 and amounts recognised in AT1 under Paragraph CA-2.3.3 and will be calculated as follows:

                (a) Total capital instruments of the subsidiary issued to third parties minus the amount of the surplus Total Capital of the subsidiary attributable to the third party investors;
                (b) Surplus Total Capital of the subsidiary is calculated as the Total Capital of the subsidiary minus the lower of:
                (i) The minimum Total Capital requirement of the subsidiary plus the capital conservation buffer; and
                (ii) The portion of the consolidated minimum Total Capital requirement plus the capital conservation buffer that relates to the subsidiary; and
                (c) The amount of the surplus Total Capital that is attributable to the third party investors is calculated by multiplying the surplus Total Capital by the percentage of Total Capital that is held by third party investors.
                January 2015

              • CA-2.3.5

                Where capital has been issued to third parties out of a special purpose vehicle (SPV), none of this capital can be included in consolidated CET1. However, such capital can be included in consolidated AT1 or T2 and treated as if the conventional bank licensee itself had issued the capital directly to the third parties only if it meets all the relevant entry criteria and the only asset of the SPV is its investment in the capital of the conventional bank licensee in a form that meets or exceeds all the relevant entry criteria3 (as required by CA-2.1.6(r) for AT1 and CA-2.1.10(i) for T2). In cases where the capital has been issued to third parties through an SPV via a fully consolidated subsidiary of the conventional bank licensee, such capital may, subject to the requirements of this paragraph, be treated as if the subsidiary itself had issued it directly to the third parties and may be included in the conventional bank licensee's consolidated AT1 or T2 in accordance with the treatment outlined in Paragraphs CA-2.3.3 and CA-2.3.4.


                3 Assets that relate to the operation of the SPV may be excluded from this assessment if they are de minimis.

                Amended: April 2015
                January 2015

          • CA-2.4 CA-2.4 Regulatory Adjustments (Solo and Consolidated)

            • CA-2.4.1

              This section sets out the regulatory adjustments to be applied to Regulatory Capital. There are four stages of adjustments for CET1. In most cases these adjustments are applied in the calculation of CET1. The first set of adjustments is applied in Paragraphs CA-2.4.2 to CA-2.4.15. A subtotal for CET1 is obtained (this can be called CET1a). A second regulatory adjustment described in Paragraphs CA-2.4.16 to CA-2.4.19 is then applied to CET1a (this adjustment results in CET1b). A third regulatory adjustment described in Paragraphs CA-2.4.20 to CA-2.4.21 is then applied to CET1b (this adjustment results in CET1c). Then a final regulatory adjustment described in Paragraph CA-2.4.23 is then applied to CET1c (this adjustment results in CET1d). This is the amount of CET1 that can be used for the calculation of the CAR and determining all other applicable caps on T1 and T2. An example of the effects of the regulatory deductions is given in Appendix CA-22.

              January 2015

            • Goodwill and Other Intangibles (Except Mortgage Servicing Rights)

              • CA-2.4.2

                Goodwill must be deducted in the calculation of CET1, including any goodwill included in the valuation of significant investments in the capital of banking, financial and insurance entities that are outside the scope of regulatory consolidation. The full amount is to be deducted net of any associated deferred tax liability which would be extinguished if the goodwill becomes impaired or derecognised under IFRS. The amount to be deducted in respect of mortgage servicing rights is set out in Paragraph CA-2.4.23A. Intangible assets other than goodwill and mortgage service rights are subject to transitional arrangements and are phased out as regulatory adjustments as outlined in Subparagraph CA-B.2.1(d).

                Amended: April 2015
                January 2015

              • CA-2.4.3

                Conventional bank licensees must use the IFRS definition of intangible assets to determine which assets are classified as intangible and are thus required to be deducted.

                January 2015

            • Deferred Tax Assets

              • CA-2.4.4

                Deferred tax assets (DTAs) that rely on future profitability of the conventional bank licensee to be realised are to be deducted in the calculation of CET1. Deferred tax assets may be netted with associated deferred tax liabilities (DTLs) only if the DTAs and DTLs relate to taxes levied by the same taxation authority and offsetting is permitted by the relevant taxation authority. Where these DTAs relate to temporary differences (e.g. allowance for credit losses) the amount to be deducted is set out in Paragraph CA-2.4.23. All other such assets, e.g. those relating to operating losses, such as the carry forward of unused tax losses, or unused tax credits, are to be deducted in full net of deferred tax liabilities as described above. The DTLs permitted to be netted against DTAs must exclude amounts that have been netted against the deduction of goodwill, intangibles and defined benefit pension assets, and must be allocated on a pro rata basis between DTAs subject to the threshold deduction treatment and DTAs that are to be deducted in full.

                January 2015

              • CA-2.4.5

                An over instalment of tax or, in some jurisdictions, current year tax losses carried back to prior years may give rise to a claim or receivable from the government or local tax authority. Such amounts are typically classified as current tax assets for accounting purposes. The recovery of such a claim or receivable would not rely on the future profitability of the conventional bank licensee and must be assigned the relevant sovereign risk weighting.

                January 2015

            • Cash Flow Hedge Reserve

              • CA-2.4.6

                The amount of the cash flow hedge reserve that relates to the hedging of items that are not fair valued on the balance sheet (including projected cash flows) must be derecognised in the calculation of CET1. This means that positive amounts must be deducted and negative amounts must be added back.

                January 2015

              • CA-2.4.7

                This treatment specifically identifies the element of the cash flow hedge reserve that is to be derecognised for prudential purposes. It removes the element that gives rise to artificial volatility in common equity, as in this case the reserve only reflects one half of the picture (the fair value of the derivative, but not the changes in fair value of the hedged future cash flow).

                January 2015

            • Gain on Sale Related to Securitisation Transactions

              • CA-2.4.8

                Any increase in equity capital resulting from a securitisation transaction (see Section CA-6.4) must be deducted from the calculation of CET1.

                January 2015

              • CA-2.4.9

                [This paragraph has been left blank.]

                January 2015

            • Defined Benefit Pension Fund Assets and Liabilities

              • CA-2.4.10

                Defined benefit pension fund liabilities, as included on the balance sheet, must be fully recognised in the calculation of CET1 (i.e. CET1 cannot be increased through derecognising these liabilities). For each defined benefit pension fund that is an asset on the balance sheet, the asset must be deducted in the calculation of CET1 net of any associated deferred tax liability which would be extinguished if the asset should become impaired or derecognised under the relevant accounting standards. Assets in the fund to which the conventional bank licensee has unrestricted and unfettered access can, with supervisory approval, offset the deduction. Such offsetting assets must be given the risk weight they would receive if they were owned directly by the conventional bank licensee.

                January 2015

              • CA-2.4.11

                Paragraph CA-2.4.10 only applies to conventional bank licensees which have subsidiaries which are located in jurisdictions where there are defined benefit pension schemes and addresses the concern that assets arising from pension funds may not be capable of being withdrawn and used for the protection of depositors and other creditors of a bank. The concern is that their only value stems from a reduction in future payments into the fund. The treatment allows for banks to reduce the deduction of the asset if they can address these concerns and show that the assets can be easily and promptly withdrawn from the fund.

                January 2015

            • Investments in Own Shares

              • CA-2.4.12

                All of a conventional bank licensee's investments in its own common shares, whether held directly or indirectly must have already been deducted in the calculation of CET1 as required by Subparagraph CA-2.1.3(o). In addition, any own stock which the conventional bank licensee could be contractually obliged to purchase must be deducted in the calculation of CET1. The treatment described applies irrespective of the location of the exposure in the banking book or the trading book. In addition:

                (a) Gross long positions may be deducted net of short positions in the same underlying exposure only if the short positions involve no counterparty risk (i.e. this would normally mean that the long and short positions are with the same counterparty and a valid close-out netting agreement is in place);
                (b) Conventional bank licensees must look through holdings of index securities to deduct exposures to own shares. However, gross long positions in own shares resulting from holdings of index securities may be netted against short positions in own shares resulting from short positions in the same underlying index where they are undertaken with the same counterparty. In such cases the short positions may still involve counterparty risk (which is subject to the relevant counterparty credit risk charge); and
                (c) Any shares of the conventional bank licensee held as collateral against exposures to customers are considered to be held indirectly and are subject to deduction.
                Amended: April 2015
                January 2015

              • CA-2.4.13

                The deductions under Subparagraphs CA-2.1.3(o) and Paragraph CA-2.4.12 are necessary to avoid the double counting of a conventional bank licensee's own capital. The treatment seeks to remove the double counting that arises from direct holdings, indirect holdings via index funds and potential future holdings as a result of contractual obligations to purchase own shares.

                January 2015

              • CA-2.4.14

                Conventional bank licensee must deduct investments in their own AT1 in the calculation of their AT1 capital and must deduct investments in their own T2 in the calculation of their T2 capital.

                January 2015

            • Reciprocal Cross Holdings in the Capital of Banking and Financial Entities

              • CA-2.4.15

                Reciprocal cross holdings of capital that are designed to artificially inflate the capital position of conventional bank licensees will be deducted in full. Conventional bank licensees must apply a "corresponding deduction approach" to such investments in the capital of other banks and financial entities. This means the deduction must be applied to the same component of capital for which the capital would qualify if it was issued by the conventional bank licensee itself. The above adjustments (CA-2.4.2 to CA-2.4.15) must now be aggregated and applied to CET1 to obtain a subtotal (CET1a). This new adjusted CET1a is used for the purpose of calculating the next adjustment.

                January 2015

            • Investments in the capital of banking and financial entities that are outside the scope of regulatory consolidation and where the bank does not own more than 10% of the issued common share capital of the entity

              • CA-2.4.16

                The regulatory adjustment described in Paragraph CA-2.4.17 applies to investments in the capital of banking and financial entities that are outside the scope of regulatory consolidation and where the conventional bank licensee does not own more than 10% of the issued common share capital of the entity. In addition:

                (a) Investments include direct, indirect4 and synthetic holdings of capital instruments. For example, conventional bank licensees must look through holdings of index securities to determine their underlying holdings of capital;5
                (b) Holdings in both the banking book and trading book must be included. Capital includes common stock and all other types of cash and synthetic capital instruments (e.g. subordinated debt). It is the net long position that is to be included (i.e. the gross long position net of short positions in the same underlying exposure where the maturity of the short position either matches the maturity of the long position or has a residual maturity of at least one year);
                (c) Underwriting positions held for five working days or less can be excluded. Underwriting positions held for longer than five working days must be included; and
                (d) If the capital instrument of the entity in which the conventional bank licensee has invested does not meet the criteria for CET1, AT1, or T2 (see CA-2.1.2(f)) of the concerned bank, the capital is to be considered common shares for the purposes of this regulatory adjustment. However, if the investment is issued out of a regulated financial entity and not included in regulatory capital in the relevant jurisdiction of the financial entity, it is not required to be deducted.

                4 Indirect holdings are exposures or parts of exposures that, if a direct holding loses its value, will result in a loss to the bank substantially equivalent to the loss in value of the direct holding.

                5 If banks find it operationally burdensome to look through and monitor their exact exposure to the capital of other financial institutions as a result of their holdings of index securities, the CBB may permit banks, subject to prior CBB approval, to use a conservative estimate of the amount to be deducted.

                January 2015

              • CA-2.4.17

                If the total of all holdings listed in Paragraph CA-2.4.16 in aggregate exceed 10% of the conventional bank licensee's CET1a (i.e. after applying all other regulatory adjustments from Paragraph CA-2.4.2 to Paragraph CA-2.4.15) then the amount above 10% is required to be deducted, applying a corresponding deduction approach. This means the deduction must be applied to the same component of capital for which the capital would qualify if it was issued by the conventional bank licensee itself. Accordingly, the amount to be deducted from CET1a must be calculated as the total of all holdings which in aggregate exceed 10% of the conventional bank licensee's CET1a (as per above) multiplied by the common equity holdings as a percentage of the total capital holdings. This would result in a CET1a deduction which corresponds to the proportion of Total Capital holdings held in CET1a. Similarly, the amount to be deducted from AT1 must be calculated as the total of all holdings which in aggregate exceed 10% of the conventional bank licensee's CET1a (as per above) multiplied by the AT1 holdings as a percentage of the Total Capital holdings. The amount to be deducted from T2 must be calculated as the total of all holdings which in aggregate exceed 10% of the conventional bank licensee's CET1a (as per above) multiplied by the T2 holdings as a percentage of the Total Capital holdings.

                January 2015

              • CA-2.4.18

                See Paragraph CA-2.4.21 for further details on what to do if, under the corresponding deduction approach, a conventional bank licensee is required to make a deduction from a particular tier of capital and it does not have enough of that tier of capital to satisfy that deduction.

                January 2015

              • CA-2.4.19

                Amounts below the threshold, which are not deducted, will continue to be risk weighted. Thus, instruments in the trading book will be treated as per the market risk rules and instruments in the banking book must be treated as per Chapter CA-3. For the application of risk weighting the amount of the holdings must be allocated on a pro rata basis between those below and those above the threshold. The above adjustments (CA-2.4.16 to CA-2.4.18) must now be aggregated and applied to CET1a to obtain a new subtotal (CET1b). This new adjusted CET1b is used for the purpose of calculating the next adjustment.

                January 2015

            • Significant Investments in the Capital of Banking and Financial Entities that are Outside the Scope of Regulatory Consolidation

              • CA-2.4.20

                The regulatory adjustment described in Paragraph CA-2.4.21 applies to investments in the capital of banking and financial entities that are outside the scope of regulatory consolidation where the conventional bank licensee owns more than 10% of the issued common share capital of the issuing entity or where the entity is an affiliate of the conventional bank licensee. In addition:

                (a) Investments include direct, indirect and synthetic holdings of capital instruments. For example, conventional bank licensee must look through holdings of index securities to determine their underlying holdings of capital;7
                (b) Holdings in both the banking book and trading book are to be included. Capital includes common stock and all other types of cash and synthetic capital instruments (e.g. subordinated debt). It is the net long position that is to be included (i.e. the gross long position net of short positions in the same underlying exposure where the maturity of the short position either matches the maturity of the long position or has a residual maturity of at least one year);
                (c) Underwriting positions held for five working days or less can be excluded. Underwriting positions held for longer than five working days must be included; and
                (d) If the capital instrument of the entity in which the conventional bank licensee has invested does not meet the criteria for CET1, AT1, or T2 (see CA-2.1.2 (f)) of the concerned bank, the capital is to be considered common shares for the purposes of this regulatory adjustment. However, if the investment is issued out of a regulated financial entity and not included in regulatory capital of the financial entity, it is not required to be deducted.

                6 Investments in entities that are outside the scope of regulatory consolidation refers to investments in entities that have not been consolidated at all or have not been consolidated in such a way as to result in their assets being included in the calculation of consolidated risk-weighted assets of the group.

                7 If banks find it operationally burdensome to look through and monitor their exact exposure to the capital of other financial institutions as a result of their holdings of index securities, the CBB may permit banks, subject to prior CBB approval, to use a conservative estimate.

                January 2015

              • CA-2.4.21

                All investments in Paragraph CA-2.4.20 that are not common shares must be fully deducted following a corresponding deduction approach. This means the deduction must be applied to the same tier of capital for which the capital would qualify if it was issued by the conventional bank licensee itself. If the conventional bank licensee is required to make a deduction from a particular tier of capital and it does not have enough of that tier of capital to satisfy that deduction, the shortfall will be deducted from the next higher tier of capital (e.g. if a conventional bank licensee does not have enough AT1 capital to satisfy a particular deduction, the shortfall will be deducted from CET1c as applicable).

                January 2015

              • CA-2.4.22

                Investments in Paragraph CA-2.4.20 that are common shares are subject to the threshold treatment described in paragraph CA-2.4.23. The above adjustments (CA-2.4.20 to CA-2.4.21) must be aggregated and applied to CET1b to obtain a new subtotal (CET1c). This new adjusted CET1c is used for the purpose of calculating the next adjustment.

                January 2015

            • Threshold Deductions

              • CA-2.4.23

                If the total of all common equity holdings listed in Paragraph CA-2.4.20 in aggregate exceeds 10% of the conventional bank licensee's CET1c, then the amount above 10% is required to be deducted from CET1c (see Appendices CA-22 and CA-23 for examples). After this deduction, the conventional bank licensee must deduct the amount by which each of items b) and c) in Paragraph CA-2.4.23A individually exceeds 10% of its CET1c. After these individual deductions, the aggregate of the three items below which exceeds 15% of its CET1c (calculated prior to the deduction of these items but after application of all other regulatory adjustments to CET1 applied in paragraphs CA-2.4.2 to CA-2.4.21) must be deducted from CET1c. The adjustments in this Paragraph are applied to CET1c to obtain a new subtotal (CET1d). This new adjusted CET1d is used for calculating the consolidated CAR and the applicable caps on AT1 and T2 Capital. The items included in the 15% aggregate limit are subject to full disclosure.

                Amended: April 2015
                January 2015

              • CA-2.4.23A

                As of 1 January 2020, the calculation of the 15% limit will be subject to the following treatment: the sum of the three items below that remains recognised after the application of all regulatory adjustments must not exceed 15% of CET1d (See Appendix CA-3 for an example):

                (a) Significant investments in the common shares of unconsolidated banks and other financial entities as referred to in Paragraph CA-2.4.20;
                (b) Mortgage servicing rights (MSRs); and
                (c) Deferred Tax Assets (DTAs) that arise from temporary differences.
                January 2015

              • CA-2.4.24

                The amount of the three above items that are not deducted in the calculation of CET1d is risk weighted at 250% (see Paragraph CA-3.2.26).

                January 2015

            • Former Deductions from Capital

              • CA-2.4.25

                The following items receive the following risk weights:

                (a) Certain securitisation exposures outlined in Chapter CA-6: 1,250%;
                (b) Non-payment/delivery on non-DvP and non-PvP transactions (see Appendix CA-4): 1,250%;
                (c) The amount of any significant investments in commercial entities, as defined in Paragraph CM-5.11.4, which exceed the materiality thresholds is risk weighted at 800%. The materiality thresholds for these investments are: 15% of Total Capital for individual significant investments; and 60% of Total Capital for the aggregate of such investments; and
                (d) Any exposures above the large exposures limits set by the CBB in Chapter CM-5 of the CBB Rulebook: 800%.
                Amended: October 2016
                Amended: July 2015
                Amended: April 2015
                January 2015

              • CA-2.4.26

                For Subparagraphs CA-2.4.25 (c) and (d), amounts below the materiality thresholds and large exposure limits continue to be risk weighted in accordance with Chapter CA-3. Where the remaining holdings are made up of holdings carrying different risk weights, the application of the risk weighting must be allocated on a pro rata basis for those exposures that are not subject to the 800% risk weight. Appendix CA-21 gives an example of the way to calculate the risk weighted assets and the effect of the limits outlined in Subparagraphs CA-2.4.25 (c) and (d).

                Added: July 2015

        • CA-2A CA-2A Capital Conservation Buffer

          • CA-2A.1 CA-2A.1 Capital Conservation Best Practice

            • CA-2A.1.1

              This section outlines the operation of the capital conservation buffer, which is designed to ensure that banks build up capital buffers outside periods of stress which can be drawn down as losses are incurred. The requirement is based on simple capital conservation rules designed to avoid breaches of minimum capital requirements.

              January 2015

            • CA-2A.1.2

              Outside of periods of stress, conventional bank licensees must hold buffers of capital above the regulatory minimum.

              January 2015

          • CA-2A.2 CA-2A.2 The Capital Conservation Buffer (CCB) Requirement

            • CA-2A.2.1

              Conventional bank licensees are required to hold a Capital Conservation Buffer (CCB) of 2.5%, comprised of CET1 above the regulatory minimum Total Capital ratio of 10%.8 Capital distribution constraints will be imposed on a conventional bank licensee when the CCB falls below 2.5%. The constraints imposed only relate to distributions, not the operation of the conventional bank licensee.


              8 Common Equity Tier 1 must first be used to meet the minimum capital requirements (including the 8% Tier 1 and 10% Total Capital requirements if necessary), before the remainder can contribute to the capital conservation buffer.

              January 2015

            • CA-2A.2.2

              Conventional bank licensees must note that they are required to maintain a minimum consolidated Total Capital Ratio of 12.5% and a solo Total Capital Ratio of 8% regardless of whether they do or do not have AT1 or T2 Capital and therefore conventional bank licensees will be required to retain 100% of the annual net profit unless their consolidated Total Capital Ratio is above 12.5% and their solo Total capital Ratio is above 8%.

              January 2015

            • CA-2A.2.3

              Elements subject to the restriction on distributions: Items considered to be distributions include dividends and share buybacks, discretionary profit distributions on other T1 capital instruments and discretionary bonus payments to staff. Payments that do not result in a depletion of CET1, which may for example include certain scrip dividends, are not considered distributions.

              January 2015

            • Capital Conservation Plan

              • CA-2A.2.4

                Where a conventional bank licensee fails to meet the required level of capital conservation buffer, it must prepare a Capital Conservation Plan (hereinafter referred to as "Plan") clearly outlining the information mentioned in this Paragraph. The conventional bank licensee must submit this Plan to the CBB within one week of becoming aware of the shortfall (see also CA-1.2.2). The conventional bank licensee must already have prepared such a Plan on a contingency basis. The Plan must include the following:

                (a) Estimates of income and expenditure and a forecasted balance sheet;
                (b) Measures to be taken to increase the conventional bank licensee's capital ratios;
                (c) A plan and time frame for the increase of capital with the objective of meeting fully the buffer requirement; and
                (d) Any other information the CBB deems necessary to carry out the assessment required, as indicated in Paragraph CA-2A.2.5.
                January 2015

              • CA-2A.2.5

                The CBB shall review the Plan submitted by the conventional bank licensee and shall approve it provided it considers that the Plan provides a reasonable basis for conserving or raising sufficient capital that will enable the conventional bank licensee to meet the buffer requirements within a period acceptable to the CBB. While reviewing the Plan, the CBB will also evaluate whether the conventional bank licensee has deliberately reduced its CET1 so as to operate in the buffer range (i.e. below the capital conservation buffer requirement) in order to reduce its cost of capital for competitive purposes.

                January 2015

              • CA-2A.2.6

                If the Plan is not approved by the CBB, it may take one or more of the following steps, inter alia, as deemed necessary:

                (a) Ask the conventional bank licensee to revise the Plan and resubmit it within a specified time period;
                (b) Require the conventional bank licensee to raise new capital from private sources to specified levels within specified periods; or
                (c) Impose more stringent restrictions on distributions than those required by Paragraph CA-2A.2.3
                January 2015

          • CA-2A.3 CA-2A.3 Implementation Date

            • CA-2A.3.1

              The capital conservation buffer will be implemented on 1 January 2015. It will be set at 2.5% of RWAs.

              January 2015

            • CA-2A.3.2

              Conventional bank licensees must maintain prudent earnings retention policies with a view to meeting the conservation buffer at all times.

              January 2015

            • CA-2A.3.3

              [This Paragraph was deleted in April 2015.]

              Deleted: April 2015
              January 2015

            • CA-2A.3.4

              The CBB will issue rules and guidance on the countercyclical buffer in due course.

              The CBB reserves the right to use its discretion on the timing and amount of the countercyclical buffer, depending on economic conditions in the region and globally.

              January 2015

      • PART 2: PART 2: Credit Risk

        • CA-3 CA-3 Credit Risk — The Standardized Approach

          • CA-3.1 CA-3.1 Overview

            • CA-3.1.1

              This Chapter sets out the rules relating to the standardized approach to credit risk. The securitisation framework is presented in Chapter CA-6. The standardized approach makes use of external credit assessments9 as a means of calculating the risk weight for exposures to certain categories of counterparty.


              9 The notations follow the methodology used by one institution, Standard & Poor's. The use of Standard & Poor's credit ratings is an example only; those of some other external credit assessment institutions could equally well be used. The ratings used throughout this document, therefore, do not express any preferences or determinations on external assessment institutions by CBB.

              January 2015

            • CA-3.1.2

              The credit equivalent amount (CEA) of Securities Financing Transactions (SFT)10 and OTC derivatives that expose a conventional bank licensee to counterparty credit risk11 is calculated under the rules set out in Appendix CA-2.


              10 Securities Financing Transactions (SFT) are transactions such as repurchase agreements, reverse repurchase agreements, security lending and borrowing, and margin lending transactions, where the value of the transactions depends on the market valuations and the transactions are often subject to margin agreements.

              11 The counterparty credit risk is defined as the risk that the counterparty to a transaction could default before the final settlement of the transaction's cash flows. An economic loss would occur if the transactions or portfolio of transactions with the counterparty has a positive economic value at the time of default. Unlike a firm's exposure to credit risk through a loan, where the exposure to credit risk is unilateral and only the lending bank faces the risk of loss, the counterparty credit risk creates a bilateral risk of loss: the market value of the transaction can be positive or negative to either counterparty to the transaction. The market value is uncertain and can vary over time with the movement of underlying market factors.

              January 2015

            • CA-3.1.3

              In determining the risk weights in the standardised approach, conventional bank licensees must use assessments by only those external credit assessment institutions which are recognised as eligible for capital purposes by CBB in accordance with the criteria defined in Section CA-3.4.

              January 2015

            • CA-3.1.4

              Exposures must be measured at the book value as shown in the financial statements of the conventional bank licensee (normally at amortised cost or fair value after applying specific provisions or fair value adjustments as applicable) and risk-weighted taking into account eligible financial collateral as applicable (see Chapter CA-4 concerning credit risk mitigation).

              January 2015

          • CA-3.2 CA-3.2 Segregation of Claims

            • Claims on Sovereigns

              • CA-3.2.1

                Claims on governments of GCC member states (hereinafter referred to as GCC) and their central banks can be risk weighted at 0%. Claims on other sovereigns and their central banks are given a preferential risk weighting of 0% where such claims are denominated and funded in the relevant domestic currency of that sovereign/central bank (e.g. if a Bahraini bank has a claim on government of Australia and the loan is denominated and funded in Australian dollar, it will be risk weighted at 0%). Such preferential risk weight for claims on GCC/other sovereigns and their central banks will be allowed only if the relevant supervisor also allows 0% risk weighting to claims on its sovereign and central bank.

                January 2015

              • CA-3.2.2

                Claims on sovereigns other than those referred to in the Paragraph CA-3.2.1 must be assigned risk weights as follows:

                Credit Assessment AAA to AA- A+ to A- BBB+ to BBB- BB+ to B- Below B- Unrated
                Risk Weight 0% 20% 50% 100% 150% 100%
                January 2015

            • Claims on International Organisations

              • CA-3.2.3

                Claims on the Bank for International Settlements, the International Monetary Fund and the European Central Bank receive a 0% risk weight.

                January 2015

            • Claims on Non-Central Government Public Sectors Entities (PSEs)

              • CA-3.2.4

                Any claims on the Bahraini PSEs listed in Appendix CA-18 are treated as claims on the government of Bahrain and are eligible for 0% risk weighting:

                Amended: April 2016
                Added: January 2015

              • CA-3.2.4A

                In addition to the Bahraini PSEs listed in Appendix CA-18, existing exposures to the following entities which have been removed from the list of PSEs as of 1st March 2016, will be grandfathered and will remain eligible until the final maturity or sale of such exposure:

                (a) Durrat Khaleej Al Bahrain Company;
                (b) Hawar Island Development Company;
                (c) Lulu Tourism Company; and
                (d) Al Awali Real estate Company.
                Added: April 2016

              • CA-3.2.4B

                Any new claims to the entities listed under Paragraph CA-3.2.4A are subject to the normal risk weights as outlined in this Section.

                Added: April 2016

              • CA-3.2.5

                Where other supervisors also treat claims on named PSEs as claims on their sovereigns, claims to those PSEs are treated as claims on the respective sovereigns as outlined in Paragraphs CA-3.2.1 and CA-3.2.2. These PSEs must be shown on a list maintained by the concerned central bank or financial regulator. Where PSEs are not on such a list, they must be subject to the treatment outlined in Paragraph CA-3.2.6.

                January 2015

              • CA-3.2.6

                Claims on all other (foreign) PSEs (i.e. not having sovereign treatment) denominated and funded in the home currency of the sovereign must be risk weighted as allowed by their home country supervisors, provided the sovereign carries rating BBB- or above. Claims on PSEs with no explicit home country weighting or to PSEs in countries of BB+ sovereign rating and below are subject to ECAI ratings as per the following table:

                Credit Assessment AAA to AA- A+ to A- BBB+ to BBB- BB+ to B- Below B- Unrated
                Risk Weight 20% 50% 100% 100% 150% 100%
                January 2015

              • CA-3.2.7

                Claims on commercial companies owned by governments must be risk weighted as normal commercial entities unless they are in the domestic currency and covered by a government guarantee in the domestic currency that satisfies the conditions in CA-4.2 and CA-4.5 in which case they may take the risk weight of the concerned government.

                January 2015

            • Claims on Multilateral Development Banks (MDBs)

              • CA-3.2.8

                MDBs currently eligible for a 0% risk weight are: the World Bank Group comprised of the International Bank for Reconstruction and Development (IBRD) and the International Finance Corporation (IFC), the Asian Development Bank (ADB), the African Development Bank (AfDB), the European Bank for Reconstruction and Development (EBRD), the Inter-American Development Bank (IADB), the European Investment Bank (EIB), the European Investment Fund (EIF), the Nordic Investment Bank (NIB), the Caribbean Development Bank (CDB), the Islamic Development Bank (IDB), Arab Monetary Fund (AMF), the Council of Europe Development Bank (CEDB), the Arab Bank for Economic Development in Africa (ABEDA), Council of European Resettlement Fund (CERF) and the Kuwait Fund for Arab Economic Development (KFAED).

                January 2015

              • CA-3.2.9

                The claims on MDB's, which do not qualify for the 0% risk weighting, are assigned risk weights as follows:

                Banks Credit Quality Grades AAA to AA- A+ to A- BBB+ to BBB- BB+ to B- Below B- Unrated
                Risk weights 20% 50% 50% 100% 150% 50%
                January 2015

            • Claims on Banks

              • CA-3.2.10

                Claims on banks must be risk weighted as given in the following table. No claim on an unrated bank may receive a risk weight lower than that applied to claims on its sovereign of incorporation (see Guidance in Paragraph CA-3.2.11A for self-liquidating letters of credit).

                Banks Credit Quality Grades AAA to AA- A+ to A- BBB+ to BBB- BB+ to B- Below B- Unrated
                Standard risk weights 20% 50% 50% 100% 150% 50%
                Preferential risk weight 20% 20% 20% 50% 150% 20%
                January 2015

              • CA-3.2.11

                Short-term claims on locally incorporated banks may be assigned a risk weighting of 20% where such claims on the banks are of an original maturity of 3 months or less denominated and funded in either BD or US$. A preferential risk weight that is one category more favourable than the standard risk weighting may be assigned to claims on foreign banks licensed in Bahrain of an original maturity of 3 months or less denominated and funded in the relevant domestic currency (other than claims on banks that are rated below B-). Such preferential risk weight for short-term claims on banks licensed in other jurisdictions will be allowed only if the relevant supervisor also allows this preferential risk weighting to short-term claims on its banks.

                January 2015

              • CA-3.2.11A

                Self-liquidating letters of credit issued or confirmed by an unrated bank are allowed a risk weighting of 20% without reference to the risk weight of the sovereign of incorporation. All other claims will be subject to the 'sovereign floor' of the country of incorporation of the concerned issuing or confirming bank.

                January 2015

              • CA-3.2.12

                Claims with a contractual original maturity under 3 months that are expected to be rolled over (i.e. where the effective maturity is longer than 3 months) do not qualify for a preferential treatment for capital adequacy purposes.

                January 2015

            • Claims on Investment Firms

              • CA-3.2.13

                Claims on category one and category two investment firms which are licensed by the CBB are treated as claims on banks for risk weighting purposes but without the use of preferential risk weight for short-term claims. Claims on category three investment firms licensed by the CBB must be treated as claims on corporates for risk weighting purposes. Claims on investment firms in other jurisdictions will be treated as claims on corporates for risk weighting purposes. However, if the bank can demonstrate that the concerned investment firm is subject to an equivalent capital adequacy regime to this Module and is treated as a bank for risk weighting purposes by its home regulator, then claims on such investment firms may be treated as claims on banks.

                January 2015

            • Claims on Corporates, including Insurance Companies

              • CA-3.2.14

                Risk weighting for corporates including insurance companies is as follows:

                Credit assessment AAA to AA- A+ to A- BBB+ to BB- Below BB- Unrated
                Risk weight 20% 50% 100% 150% 100%
                January 2015

              • CA-3.2.15

                Risk weighting for unrated (corporate) claims will not be given a preferential RW to the concerned sovereign. Credit facilities to small/medium enterprises (SMEs) may be placed in the regulatory retail portfolio in limited cases below.

                January 2015

            • Claims included in the Regulatory Retail Portfolios

              • CA-3.2.16

                No claim on any unrated corporate, where said corporate originates from a foreign jurisdiction, may be given a risk weight lower than that assigned to a corporate within its own jurisdiction, and in no case will it be below 100%.

                January 2015

              • CA-3.2.17

                Claims included in the regulatory retail portfolio must be risk weighted at 75%, except as provided in CA-3.2.23 for past due loans.

                January 2015

              • CA-3.2.18

                To be included in the regulatory retail portfolio, claims must meet the following criteria:

                (a) Orientation — the exposure is to an individual person or persons or to a small business. A small business is a Bahrain-based business with annual turnover below BD 2mn;
                (b) Product — The exposure takes the form of any of the following: revolving credits and lines of credit (including credit cards and overdrafts), personal term loans and leases (e.g. auto leases, student loans) and small business facilities. Securities (such as bonds and equities), whether listed or not, are specifically excluded from this category. Mortgage loans will be excluded if they qualify for treatment as claims secured by residential property (see below). Loans for purchase of shares are also excluded from the regulatory retail portfolios;
                (c) Granularity — The regulatory retail portfolio is sufficiently diversified to a degree that reduces the risks in the portfolio, warranting a 75% risk weight. No aggregate exposure to one counterpart12 can exceed 0.2% of the regulatory retail portfolio; and
                (d) The maximum aggregated retail exposure to one counterpart must not exceed an absolute limit of BD 250,000.

                12 Aggregated exposure means gross amount (i.e. not taking any credit risk mitigation into account) of all forms of debt exposures (e.g. loans or commitments) that individually satisfy the three other criteria. In addition, "to one counterpart" means one or several entities that may be considered as a single beneficiary (e.g. in the case of a small business that is affiliated to another small business, the limit would apply to the bank's aggregated exposure on both businesses).

                January 2015

            • Claims Secured by Residential Property

              • CA-3.2.19

                Lending fully secured by first mortgages on residential property that is or will be occupied by the borrower, or that is leased, must carry a risk weighting of 75%.

                January 2015

              • CA-3.2.19A

                The RW for residential property may be reduced to 35% subject to meeting all of the criteria below:

                (a) The residential property is to be utilised for residential purposes only;
                (b) The residential property must be pledged as collateral to the conventional bank licensee;
                (c) There exists a legal infrastructure in the jurisdiction whereby the conventional bank licensee can enforce the repossession and liquidation of the residential property; and
                (d) The conventional bank licensee must obtain a satisfactory legal opinion that foreclosure or repossession as mentioned in (c) above is possible without any impediment.
                Amended: April 2015
                January 2015

              • CA-3.2.19B

                The RW for residential mortgage exposure granted under the Social Housing Schemes of the Kingdom of Bahrain may be reduced to 25% subject to meeting conditions, (a) and (b) in CA-3.2.19A. The reduced risk weight is subject to ensuring the compliance with the requirements for timely recognition of expected credit loss (ECL) as per the Credit Risk Management Module (Module CM).

                Amended: October 2022
                July 2019

            • Claims Secured by Commercial Real Estate

              • CA-3.2.20

                Claims secured by mortgages on commercial real estate are subject to a minimum of 100% risk weight. If the borrower is rated below BB-, the risk-weight corresponding to the rating of the borrower must be applied.

                January 2015

            • Past Due Loans

              • CA-3.2.21

                The unsecured portion of any loan (other than a qualifying residential mortgage loan) that is past due for 90 days or more, net of specific provisions (including partial write-offs), must be risk-weighted as follows:

                (a) 150% risk weight when specific provisions are less than 20% of the outstanding amount of the loan; and
                (b) 100% risk weight when specific provisions are greater than 20% of the outstanding amount of the loan.
                January 2015

              • CA-3.2.22

                For the purposes of defining the secured portion of a past due loan, eligible collateral and guarantees is the same as for credit risk mitigation purposes.

                January 2015

              • CA-3.2.23

                Past due retail loans must be excluded from the overall regulatory retail portfolio when assessing the granularity criterion, for risk-weighting purposes.

                January 2015

              • CA-3.2.24

                In the case of residential mortgage loans that qualify for lower risk weight in CA-3.2.19A, when such loans are past due for more than 90 days, they must be risk weighted at a minimum of 100% net of specific provisions.

                January 2015

            • Securitisation Tranches

              • CA-3.2.25

                Holdings of securitisation tranches are weighted according to the weightings in CA-6.4.8 from 20% to 1,250%. Please refer to Chapter CA-6 for full details.

                January 2015

            • Investments in Equities, MSRs and DTAs

              • CA-3.2.26

                Investments in listed equities must be risk weighted at 100% while equities other than listed must be risk weighted at 150% unless subject to the following treatments. The amount of any significant investments in commercial entities above the 15% and 60% Total Capital materiality thresholds (see CA-2.4.25) must be weighted at 800%. Significant investments in the common shares of unconsolidated financial entities and Mortgage Servicing Rights and Deferred Tax Assets arising from temporary differences must be risk weighted at 250% if they have not already been deducted from CET1 as required by Paragraphs CA-2.4.15 to CA-2.4.24.

                January 2015

            • Investments in Funds

              • CA-3.2.27

                Investments in funds (e.g. mutual funds, Collective Investment Undertakings etc.) must be risk weighted as follows:

                (a) If the instrument (e.g. units) is rated, it should be risk-weighted according to its external rating (for risk-weighting, it must be treated as a "claim on corporate");
                (b) If not rated, such investment should be treated as an equity investment and risk weighted accordingly (i.e. 100% for listed and 150% for unlisted);
                (c) The conventional bank licensee can apply to CBB for using the look-through approach for such investments if it can demonstrate that the look-through approach is more appropriate to the circumstances of the conventional bank licensee;
                (d) If there are no voting rights attached to investment in funds, the investment will not be subjected to consolidation, deduction or additional risk weighting requirements (in respect of large exposures or significant investments); and
                (e) For the purpose of determining the "large exposure limit" for investment in funds, the look-through approach must be used (even if the look-through approach is not used to risk weight the investment).
                January 2015

            • Large Exposures over the Limits in Module CM

              • CA-3.2.28

                The amount of any large exposures exceeding the limits set in Chapter CM-5 must be weighted at 800%.

                January 2015

            • Holdings of Real Estate

              • CA-3.2.29

                All holdings of real estate by conventional bank licensees (i.e. owned directly or by way of investments in Real Estate Companies, subsidiaries or associate companies or other arrangements such as trusts, funds or REITs) must be risk-weighted at 200%. Premises occupied by the conventional bank licensee may be weighted at 100%. Investments in Real Estate Companies are subject to the materiality thresholds for commercial companies described in Section CA-2.4 and Chapter CM-5 and therefore any holdings which amount to 15% or more of Total Capital will be subject to 800% risk weight. The holdings below the 15% threshold will be weighted at 200%.

                January 2015

            • Other Assets

              • CA-3.2.30

                Gold bullion held in own vaults or on an allocated basis to the extent backed by bullion liabilities may be treated as cash and therefore risk-weighted at 0%. In addition, cash items in the process of collection must be risk-weighted at 20%. The standard risk weight for all other assets will be 100%. Investments in regulatory capital instruments issued by banks or financial entities must be risk weighted at a minimum of 100%, unless they are deducted from regulatory capital according to the corresponding deduction approach outlined in Section CA-2.4 of this Module.

                January 2015

            • Underwriting of Non-trading Book Items

              • CA-3.2.31

                Underwritings of capital instruments issued by other banking, financial or insurance entities are covered in Subparagraphs CA-2.4.16(c) and CA-2.4.20(c). The large exposures limits of Chapter CM-5 apply for underwritings. This means the 800% risk weights will apply for underwriting exposures in excess of the limits set in Chapter CM-5. The risk weights below apply for exposures within the limits of Module CM-5. Where a conventional bank licensee has acquired assets on its balance sheet in the banking book which it is intending to place with third parties under a formal arrangement, the following risk weightings apply for no more than 90 days. Once the 90-day period has expired, the usual risk weights apply:

                (a) For holdings of private equity (non-bank), a risk weighting of 100% applies instead of the usual 150% (see CA-3.2.26); and
                (b) For holdings of Real Estate, a risk weight of 100% applies instead of the usual 200% risk weight (see CA-3.2.29).
                January 2015

          • CA-3.3 CA-3.3 Off-balance Sheet Items

            • CA-3.3.1

              Off-balance-sheet items must be converted into credit exposure equivalents applying credit conversion factors (CCFs). Counterparty risk weightings for OTC derivative transactions will not be subject to any specific ceiling.

              January 2015

            • CA-3.3.2

              Commitments with an original maturity of up to one year and commitments with an original maturity of over one year will receive a CCF of 20% and 50%, respectively.

              January 2015

            • CA-3.3.3

              Any commitments that are unconditionally cancellable at any time by the conventional bank licensee without prior notice, or that are subject to automatic cancellation due to deterioration in a borrowers' creditworthiness, will receive a 0% CCF.

              January 2015

            • CA-3.3.4

              Direct credit substitutes, e.g. general guarantees of indebtedness (including standby letters of credit serving as financial guarantees for loans and securities) and acceptances (including endorsements with the character of acceptances) must receive a CCF of 100%.

              January 2015

            • CA-3.3.5

              Sale and repurchase agreements and asset sales with recourse, where the credit risk remains with the conventional bank licensee, must receive a CCF of 100%.

              January 2015

            • CA-3.3.6

              A CCF of 100% must be applied to the lending of other banks' securities or the posting of securities as collateral by banks, including instances where these arise out of repo-style transactions (i.e. repurchase/reverse repurchase and securities lending/securities borrowing transactions). See Section CA-4.3 for the calculation of risk-weighted assets where the credit converted exposure is secured by eligible collateral.

              January 2015

            • CA-3.3.7

              Forward asset purchases, forward deposits and partly-paid shares and securities, which represent commitments with certain drawdown must receive a CCF of 100%.

              January 2015

            • CA-3.3.8

              Certain transaction-related contingent items (e.g. performance bonds, bid bonds, warranties and standby letters of credit related to particular transactions) must receive CCF of 50%.

              January 2015

            • CA-3.3.9

              Note issuance facilities and revolving underwriting facilities must receive a CCF of 50%.

              January 2015

            • CA-3.3.10

              For short-term self-liquidating trade letters of credit arising from the movement of goods, a 20% CCF must be applied to both issuing and confirming banks.

              January 2015

            • CA-3.3.11

              Where there is an undertaking to provide a commitment on an off-balance sheet item, conventional bank licensees are to apply the lower of the two applicable CCFs.

              January 2015

            • CA-3.3.12

              The credit equivalent amount of OTC derivatives and SFTs that expose a conventional bank licensee to counterparty credit risk must be calculated as per Appendix CA-2.

              January 2015

            • CA-3.3.13

              Conventional bank licensees must closely monitor securities, commodities, and foreign exchange transactions that have failed, starting the first day they fail. A capital charge to failed transactions must be calculated in accordance with CBB guidelines set forth in Appendix CA-4 (Capital treatment for failed trades and non-DvP transactions).

              January 2015

            • CA-3.3.14

              With regard to unsettled securities, commodities, and foreign exchange transactions, conventional bank licensees are encouraged to develop, implement and improve systems for tracking and monitoring the credit risk exposure arising from unsettled transactions as appropriate for producing management information that facilitates action on a timely basis.

              January 2015

            • CA-3.3.15

              Furthermore, when such transactions are not processed through a delivery-versus-payment (DvP) or payment-versus-payment (PvP) mechanism, conventional bank licensees must calculate a capital charge of up to 1,250% as set forth in Appendix CA-4.

              January 2015

          • CA-3.4 CA-3.4 External Credit Assessments

            • The Recognition Process and Eligibility Criteria

              • CA-3.4.1

                CBB will assess all External Credit Assessment Institutions (ECAI) according to the six criteria below. The CBB also refers to the IOSCO Code of Conduct Fundamentals for Credit Rating Agencies when determining ECAI eligibility. Any failings, in whole or in part, to satisfy these to the fullest extent will result in the respective ECAI's methodology and associated resultant rating not being accepted by the CBB:

                (a) Objectivity: The methodology for assigning credit assessments must be rigorous, systematic, and subject to some form of validation based on historical experience. Moreover, assessments must be subject to ongoing review and responsive to changes in financial condition. Before being recognized by the CBB, an assessment methodology for each market segment, including rigorous back testing, must have been established for an absolute minimum of one year and with a preference of three years;
                (b) Independence: An ECAI must show independence and should not be subject to political or economic pressures that may influence the rating. The assessment process should be as free as possible from any constraints that could arise in situations where the composition of the board of directors, political pressure, the shareholder structure of the assessment institution or any other aspect could be seen as creating a conflict of interest;
                (c) International access/Transparency: The individual assessments, the key elements underlining the assessments and whether the issuer participated in the assessment process should be publicly available on a non-selective basis, unless they are private assessments. In addition, the general procedures, methodologies and assumptions for arriving at assessments used by the ECAI should be publicly available;
                (d) Disclosure: An ECAI should disclose the following information: its code of conduct; the general nature of its compensation arrangements with assessed entities; its assessment methodologies, including the definition of default, the time horizon, and the meaning of each rating; the actual default rates experienced in each assessment category; and the transitions of the assessments, e.g. the likelihood of AA ratings becoming A over time;
                (e) Resources: An ECAI must have sufficient resources to carry out high quality credit assessments. These resources should allow for substantial ongoing contact with senior and operational levels within the entities assessed in order to add value to the credit assessments. Such assessments will be based on methodologies combining qualitative and quantitative approaches; and
                (f) Credibility: Credibility, to a certain extent, can derive from the criteria above. In addition, the reliance on an ECAI's external credit assessments by independent parties (investors, insurers, trading partners) may be evidence of the credibility of the assessments of an ECAI. The credibility of an ECAI will also be based on the existence of internal procedures to prevent the misuse of confidential information. In order to be eligible for recognition, an ECAI does not have to assess firms in more than one country.
                January 2015

              • CA-3.4.2

                The CBB recognises Standard and Poor's, Moody's, Fitch IBCA and Capital Intelligence as eligible ECAIs. With respect to the possible recognition of other rating agencies as eligible ECAIs, CBB will update this paragraph subject to the rating agencies satisfying the eligibility requirements. (See Appendix CA-16 for mapping of eligible ECAIs).

                Amended: April 2016
                Added: January 2015

              • CA-3.4.3

                Conventional bank licensees must use the chosen ECAIs and their ratings consistently for each type of claim, for both risk weighting and risk management purposes. Conventional bank licensees will not be allowed to "cherry-pick" the assessments provided by different eligible ECAIs and to arbitrarily change the use of ECAIs.

                January 2015

              • CA-3.4.4

                Conventional bank licensees must disclose in their annual reports the names of the ECAIs that they use for the risk weighting of their assets by type of claims, the risk weights associated with the particular rating grades as determined by CBB through the mapping process as well as the aggregated risk-weighted assets for each risk weight based on the assessments of each eligible ECAI.

                January 2015

            • Multiple Assessments

              • CA-3.4.5

                If there are two assessments by eligible ECAIs chosen by a conventional bank licensee which map into different risk weights, the higher risk weight must be applied.

                January 2015

              • CA-3.4.6

                If there are three or more assessments by eligible ECAIs chosen by a conventional bank licensee which map into different risk weights, the assessments corresponding to the two lowest risk weights must be referred to and the higher of those two risk weights must be applied.

                January 2015

            • Issuer Versus Issues Assessment

              • CA-3.4.7

                Where a conventional bank licensee invests in a particular issue that has an issue-specific assessment, the risk weight of the claim will be based on this assessment. Where the conventional bank licensee's claim is not an investment in a specific assessed issue, the following general principles apply:

                (a) In circumstances where the borrower has a specific assessment for an issued debt — but the conventional bank licensee's claim is not an investment in this particular debt — a high quality credit assessment (one which maps into a risk weight lower than that which applies to an unrated claim) on that specific debt may only be applied to the conventional bank licensee's un-assessed claim if this claim ranks pari passu or senior to the claim with an assessment in all respects. If not, the credit assessment cannot be used and the un-assessed claim will receive the risk weight for unrated claims; and
                (b) In circumstances where the borrower has an issuer assessment, this assessment typically applies to senior unsecured claims on that issuer. Consequently, only senior claims on that issuer will benefit from a high quality issuer assessment. Other un-assessed claims of a highly assessed issuer will be treated as unrated. If either the issuer or a single issue has a low quality assessment (mapping into a risk weight equal to or higher than that which applies to unrated claims), an un-assessed claim on the same counterparty will be assigned the same risk weight as is applicable to the low quality assessment.
                January 2015

              • CA-3.4.8

                Whether the conventional bank licensee intends to rely on an issuer- or an issue-specific assessment, the assessment must take into account and reflect the entire amount of credit risk exposure the conventional bank licensee has with regard to all payments owed to it.13


                13 For example, if a bank is owed both principal and interest, the assessment must fully take into account and reflect the credit risk associated with repayment of both principal and interest.

                January 2015

              • CA-3.4.9

                In order to avoid any double counting of credit enhancement factors, no recognition of credit risk mitigation techniques will be taken into account if the credit enhancement is already reflected in the issue specific rating (see Paragraph CA-4.1.5).

                January 2015

            • Domestic Currency and Foreign Currency Assessments

              • CA-3.4.10

                Where unrated exposures are risk weighted based on the rating of an equivalent exposure to that borrower, the general rule is that foreign currency ratings must be used for exposures in foreign currency. Domestic currency ratings, if separate, must only be used to risk weight claims denominated in the domestic currency.

                January 2015

              • CA-3.4.11

                However, when an exposure arises through a conventional bank licensee's participation in a loan that has been extended, or has been guaranteed against convertibility and transfer risk, by certain MDBs, its convertibility and transfer risk can be considered by CBB, on a case by case basis, to be effectively mitigated. To qualify, MDBs must have preferred creditor status recognised in the market and be included in MDB's qualifying for 0% risk rate under CA-3.2.8. In such cases, for risk weighting purposes, the borrower's domestic currency rating may be used instead of its foreign currency rating. In the case of a guarantee against convertibility and transfer risk, the local currency rating can be used only for the portion that has been guaranteed. The portion of the loan not benefiting from such a guarantee will be risk-weighted based on the foreign currency rating.

                January 2015

            • Short-Term/Long-Term Assessments

              • CA-3.4.12

                For risk-weighting purposes, short-term assessments are deemed to be issue-specific. They can only be used to derive risk weights for claims arising from the rated facility. They cannot be generalised to other short-term claims, except under the conditions of paragraph CA-3.4.14. In no event can a short-term rating be used to support a risk weight for an unrated long-term claim. Short-term assessments may only be used for short-term claims against banks and corporates. The table below provides a framework for conventional bank licensees' exposures to specific short-term facilities, such as a particular issuance of commercial paper:

                Credit assessment A-1/P-114 A-2/P-2 A-3/P-3 Others15
                Risk weight 20% 50% 100% 150%

                14 The notations follow the methodology used by Standard & Poor's and by Moody's Investors Service. The A-1 rating of Standard & Poor's includes both A-1+ and A-1-.

                15 This category includes all non-prime and B or C ratings.

                January 2015

              • CA-3.4.13

                If a short-term rated facility attracts a 50% risk-weight, unrated short-term claims cannot attract a risk weight lower than 100%. If an issuer has a short-term facility with an assessment that warrants a risk weight of 150%, all unrated claims, whether long-term or short-term, must also receive a 150% risk weight, unless the conventional bank licensee uses recognised credit risk mitigation techniques for such claims.

                January 2015

              • CA-3.4.14

                For short-term claims on conventional bank licensees, the interaction with specific short-term assessments is expected to be the following:

                (a) The general preferential treatment for short-term claims, as defined under paragraphs CA-3.2.11 and CA-3.2.12, applies to all claims on conventional bank licensees of up to three months original maturity when there is no specific short-term claim assessment;
                (b) When there is a short-term assessment and such an assessment maps into a risk weight that is more favourable (i.e. lower) or identical to that derived from the general preferential treatment, the short-term assessment should be used for the specific claim only. Other short-term claims would benefit from the general preferential treatment; and
                (c) When a specific short-term assessment for a short term claim on a conventional bank licensee maps into a less favourable (higher) risk weight, the general short-term preferential treatment for inter-bank claims cannot be used. All unrated short-term claims should receive the same risk weighting as that implied by the specific short-term assessment.
                January 2015

              • CA-3.4.15

                When a short-term assessment is to be used, the institution making the assessment needs to meet all of the eligibility criteria for recognising ECAIs as presented in Paragraph CA-3.4.1 in terms of its short-term assessment.

                January 2015

            • Level of Application of the Assessment

              • CA-3.4.16

                External assessments for one entity within a corporate group must not be used to risk weight other entities within the same group.

                January 2015

            • Unsolicited Ratings

              • CA-3.4.17

                Unsolicited ratings should be treated as unrated exposures.

                January 2015

        • CA-4 CA-4 Credit Risk — The Standardized Approach — Credit Risk Mitigation

          • CA-4.1 CA-4.1 Overarching Issues

            • Introduction

              • CA-4.1.1

                Banks use a number of techniques to mitigate the credit risks to which they are exposed. For example, exposures may be collateralised by first priority claims, in whole or in part with cash or securities, a loan exposure may be guaranteed by a third party, or a bank may buy a credit derivative to offset various forms of credit risk. Additionally banks may agree to net loans owed to them against deposits from the same counterparty. Off-balance sheet items will first be converted into on-balance sheet equivalents prior to the CRM being applied.

                January 2015

            • General Remarks

              • CA-4.1.2

                The framework set out in this sub-section of "General remarks" is applicable to all banking book exposures.

                January 2015

              • CA-4.1.3

                The comprehensive approach for the treatment of collateral (see Paragraphs CA-4.2.12 to CA-4.2.20 and CA-4.3.1 to CA-4.3.32) will also be applied to calculate the counterparty risk charges for OTC derivatives and repo-style transactions booked in the trading book.

                January 2015

              • CA-4.1.4

                No transaction in which CRM techniques are used should receive a higher capital requirement than an otherwise identical transaction where such techniques are not used.

                January 2015

              • CA-4.1.5

                The effects of CRM will not be double counted. Therefore, no additional recognition of CRM for regulatory capital purposes will be applicable on claims for which an issue-specific rating is used that already reflects that CRM. As stated in Paragraph CA-3.4.8, principal-only ratings will also not be allowed within the framework of CRM.

                January 2015

              • CA-4.1.6

                Conventional bank licensees must employ robust procedures and processes to control residual risks (see Paragraph CA-4.1.6A), including strategy; consideration of the underlying credit; valuation; policies and procedures; systems; control of roll-off risks; and management of concentration risk arising from the conventional bank licensee's use of CRM techniques and its interaction with the conventional bank licensee's overall credit risk profile.

                January 2015

              • CA-4.1.6A

                While the use of CRM techniques reduces or transfers credit risk, it simultaneously may increase other risks (residual risks). Residual risks include legal, operational, liquidity and market risks.

                January 2015

              • CA-4.1.6B

                Where residual risks are not adequately controlled, the CBB may impose additional capital charges or take supervisory actions.

                January 2015

              • CA-4.1.6C

                Conventional bank licensees must ensure that sufficient resources are devoted to the orderly operation of margin agreements with OTC derivative and securities-financing counterparties, as measured by the timeliness and accuracy of its outgoing calls and response time to incoming calls. Conventional bank licensees must have collateral management policies in place to control, monitor and report:

                (a) The risk to which margin agreements exposes them (such as the volatility and liquidity of the securities exchanged as collateral);
                (b) The concentration risk to particular types of collateral;
                (c) The reuse of collateral (both cash and non-cash) including the potential liquidity shortfalls resulting from the reuse of collateral received from counterparties; and
                (d) The surrender of rights on collateral posted to counterparties.
                January 2015

              • CA-4.1.7

                Public Disclosure Requirements (see Module PD) relating to the use of collateral must also be observed for conventional bank licensees to obtain capital relief in respect of any CRM techniques.

                January 2015

            • Legal Certainty

              • CA-4.1.8

                In order for conventional bank licensees to obtain capital relief for any use of CRM techniques, the minimum standards for legal documentation outlined in Paragraph CA-4.1.9 must be met.

                January 2015

              • CA-4.1.9

                All documentation used in collateralised transactions and for documenting on-balance sheet netting, guarantees and credit derivatives must be binding on all parties and legally enforceable in all relevant jurisdictions. Conventional bank licensees must have conducted sufficient legal review to verify this and have a well founded legal basis to reach this conclusion, and undertake such further review as necessary to ensure continuing enforceability.

                January 2015

          • CA-4.2 CA-4.2 Overview of Credit Risk Mitigation Techniques16


            16 See Appendix CA-5 for an overview of methodologies for the capital treatment of transactions secured by financial collateral under the standardised approach.

            • Collateralised Transactions

              • CA-4.2.1

                A collateralised transaction is one in which:

                (a) Conventional bank licensees have a credit exposure or potential credit exposure; and
                (b) That credit exposure or potential credit exposure is hedged in whole or in part by collateral posted by a counterparty17 or by a third party on behalf of the counterparty.

                17 In this section "counterparty" is used to denote a party to whom a bank has an on- or off-balance sheet credit exposure or a potential credit exposure. That exposure may, for example, take the form of a loan of cash or securities (where the counterparty would traditionally be called the borrower), of securities posted as collateral, of a commitment or of exposure under an OTC derivatives contract.

                January 2015

              • CA-4.2.2

                Where conventional bank licensees take eligible financial collateral (e.g. cash or securities, more specifically defined in Paragraphs CA-4.3.1 and CA-4.3.2, they are allowed to reduce their credit exposure to a counterparty when calculating their capital requirements to take account of the risk mitigating effect of the collateral.

                January 2015

            • Overall Framework and Minimum Conditions

              • CA-4.2.3

                Conventional bank licensees may opt for either the simple approach, which substitutes the risk weighting of the collateral for the risk weighting of the counterparty for the collateralised portion of the exposure (generally subject to a 20% floor), or for the comprehensive approach, which allows fuller offset of collateral against exposures, by effectively reducing the exposure amount by the value ascribed to the collateral. Conventional bank licensees may operate under either, but not both, approaches in the banking book, but only under the comprehensive approach in the trading book. Partial collateralisation is recognised in both approaches. Mismatches in the maturity of the underlying exposure and the collateral will only be allowed under the comprehensive approach.

                January 2015

              • CA-4.2.4

                However, before capital relief will be granted in respect of any form of collateral, the standards set out below in Paragraphs CA-4.2.5 to CA-4.2.8 must be met under either approach.

                January 2015

              • CA-4.2.5

                In addition to the general requirements for legal certainty set out in Paragraphs CA-4.1.8 and CA-4.1.9, the legal mechanism by which collateral is pledged or transferred must ensure that the conventional bank licensee has the right to liquidate or take legal possession of it, in a timely manner, in the event of the default, insolvency or bankruptcy (or one or more otherwise-defined credit events set out in the transaction documentation) of the counterparty (and, where applicable, of the custodian holding the collateral). Furthermore conventional bank licensees must take all steps necessary to fulfil those requirements under the law applicable to the conventional bank licensee's interest in the collateral for obtaining and maintaining an enforceable security interest, e.g. by registering it with a registrar, or for exercising a right to net or set off in relation to title transfer collateral.

                January 2015

              • CA-4.2.6

                In order for collateral to provide protection, the credit quality of the counterparty and the value of the collateral must not have a material positive correlation. For example, securities issued by the counterparty — or by any related group entity — would provide little protection and so would be ineligible.

                January 2015

              • CA-4.2.7

                Conventional bank licensees must have clear and robust procedures for the timely liquidation of collateral to ensure that any legal conditions required for declaring the default of the counterparty and liquidating the collateral are observed, and that collateral can be liquidated promptly.

                January 2015

              • CA-4.2.8

                Where the collateral is held by a custodian, conventional bank licensees must take reasonable steps to ensure that the custodian segregates the collateral from its own assets.

                January 2015

              • CA-4.2.9

                A capital requirement will be applied to a conventional bank licensee on either side of the collateralised transaction: for example, both repos and reverse repos will be subject to capital requirements. Likewise, both sides of a securities lending and borrowing transaction will be subject to explicit capital charges, as will the posting of securities in connection with a derivative exposure or other borrowing.

                January 2015

              • CA-4.2.10

                Where a conventional bank licensee, acting as agent, arranges a repo-style transaction (i.e. repurchase/reverse repurchase and securities lending/borrowing transactions) between a customer and a third party and provides a guarantee to the customer that the third party will perform on its obligations, then the risk to the conventional bank licensee is the same as if the conventional bank licensee had entered into the transaction as a principal. In such circumstances, a conventional bank licensee will be required to calculate capital requirements as if it were itself the principal.

                January 2015

            • The Simple Approach

              • CA-4.2.11

                In the simple approach the risk weighting of the collateral instrument collateralising or partially collateralising the exposure is substituted for the risk weighting of the counterparty. Details of this framework are provided in Paragraphs CA-4.3.26 to CA-4.3.29.

                January 2015

            • The Comprehensive Approach

              • CA-4.2.12

                In the comprehensive approach, when taking collateral, conventional bank licensees must calculate their adjusted exposure to a counterparty for capital adequacy purposes in order to take account of the effects of that collateral. Using haircuts and add-ons, conventional bank licensees are required to adjust both the amount of the exposure to the counterparty and the value of any collateral received in support of that counterparty to take account of possible future fluctuations in the value of either18, occasioned by market movements. This will produce volatility adjusted amounts for both exposure and collateral. Unless either side of the transaction is cash, the volatility adjusted amount for the exposure will be higher than the exposure due to the add-on and for the collateral it will be lower due to the haircut.


                18 Exposure amounts may vary where, for example, securities are being lent.

                January 2015

              • CA-4.2.13

                Additionally where the exposure and collateral are held in different currencies an additional downwards adjustment must be made to the volatility adjusted collateral amount to take account of possible future fluctuations in exchange rates.

                January 2015

              • CA-4.2.14

                Where the volatility-adjusted exposure amount is greater than the volatility-adjusted collateral amount (including any further adjustment for foreign exchange risk), conventional bank licensees must calculate their risk-weighted assets as the difference between the two multiplied by the risk weight of the counterparty. The framework for performing these calculations is set out in Paragraphs CA-4.3.3 to CA-4.3.6.

                January 2015

              • CA-4.2.15

                Conventional bank licensees must use standard haircuts given in Paragraph CA-4.3.7 unless allowed to use models under Paragraph CA-4.3.22.

                January 2015

              • CA-4.2.16

                The size of the individual haircuts and add-ons will depend on the type of instrument, type of transaction and the frequency of marking-to-market and remargining. For example, repo-style transactions subject to daily marking-to-market and to daily re-margining will receive a haircut based on a 5-business day holding period and secured lending transactions with daily mark-to-market and no re-margining clauses will receive a haircut based on a 20-business day holding period. These haircut numbers will be scaled up using the square root of time formula depending on the frequency of re-margining or marking-to-market.

                January 2015

              • CA-4.2.17

                For certain types of repo-style transactions (broadly speaking government bond repos as defined in Paragraphs CA-4.3.14 and CA-4.3.15), the CBB may allow conventional bank licensees using standard haircuts not to apply these haircuts in calculating the exposure amount after risk mitigation.

                January 2015

              • CA-4.2.18

                The effect of master netting agreements covering repo-style transactions can be recognised for the calculation of capital requirements subject to the conditions in Paragraph CA-4.3.17.

                January 2015

              • CA-4.2.19

                As an alternative to standard haircuts conventional bank licensees may, subject to approval from CBB, use VaR models for calculating potential price volatility for repo-style transactions and other similar SFTs, as set out in Paragraphs CA-4.3.22 to CA-4.3.25. Alternatively, subject to approval from the CBB's, they may also calculate, for these transactions, an expected positive exposure, as set forth in Appendix CA-2.

                January 2015

            • On-Balance Sheet Netting

              • CA-4.2.20

                Where conventional bank licensees have legally enforceable netting arrangements for loans and deposits they may calculate capital requirements on the basis of net credit exposures subject to the conditions in Paragraph CA-4.4.1.

                January 2015

            • Guarantees and Credit Derivatives

              • CA-4.2.21

                Where guarantees or credit derivatives are direct, explicit, irrevocable and unconditional, and the CBB is satisfied that conventional bank licensees fulfil certain minimum operational conditions relating to risk management processes the CBB may allow conventional bank licensees to take account of such credit protection in calculating capital requirements.

                January 2015

              • CA-4.2.22

                A range of guarantors and protection providers are recognised, as shown in Paragraph CA-4.5.7. A substitution approach will be applied. Thus only guarantees issued by or protection provided by entities with a lower risk weight than the counterparty will lead to reduced capital charges since the protected portion of the counterparty exposure is assigned the risk weight of the guarantor or protection provider, whereas the uncovered portion retains the risk weight of the underlying counterparty.

                January 2015

              • CA-4.2.23

                Detailed operational requirements are given in Paragraphs CA-4.5.1 to CA-4.5.5.

                January 2015

            • Maturity Mismatch

              • CA-4.2.24

                Where the residual maturity of the CRM is less than that of the underlying credit exposure a maturity mismatch occurs. Where there is a maturity mismatch and the CRM has an original maturity of less than one year, the CRM is not recognised for capital purposes. In other cases where there is a maturity mismatch, partial recognition is given to the CRM for regulatory capital purposes as detailed below in Paragraphs CA-4.6.1 to CA-4.6.4. Under the simple approach for collateral maturity mismatches will not be allowed.

                January 2015

            • Miscellaneous

              • CA-4.2.25

                Treatments for pools of credit risk mitigants and first- and second-to-default credit derivatives are given in Paragraphs CA-4.7.1 to CA-4.7.5.

                January 2015

          • CA-4.3 CA-4.3 Collateral

            • Eligible Financial Collateral

              • CA-4.3.1

                The following collateral instruments are eligible for recognition in the simple approach:

                (a) Cash (as well as certificates of deposit or comparable instruments issued by the lending bank) on deposit with the bank which is incurring the counterparty exposure;19,20
                (b) Gold;
                (c) Debt securities rated by a recognised external credit assessment institution where these are either:
                (i) At least BB- when issued by sovereigns or PSEs that are treated as sovereigns by the CBB;
                (ii) At least BBB- when issued by other entities (including banks and securities firms); or
                (iii) At least A-3/P-3 for short-term debt instruments;
                (d) Debt securities not rated by a recognised external credit assessment institution where these are:
                (i) Issued by a bank;
                (ii) Listed on a recognised exchange;
                (iii) Classified as senior debt;
                (iv) All rated issues of the same seniority by the issuing bank must be rated at least BBB- or A-3/P-3 by a recognised external credit assessment institution;
                (v) The bank holding the securities as collateral has no information to suggest that the issue justifies a rating below BBB- or A-3/P-3 (as applicable);
                (vi) The CBB is sufficiently confident about the market liquidity of the security;
                (e) Equities (including convertible bonds) that are included in a main index;
                (f) Undertakings for Collective Investments in Transferable Securities (UCITS) and mutual funds where:
                (i) A price for the units is publicly quoted daily; and
                (ii) The UCITS/mutual fund is limited to investing in the instruments listed in this paragraph21; and
                (g) Re-securitisations (as defined in the securitisation framework), irrespective of any credit ratings, are not eligible financial collateral.

                19 Cash funded credit linked notes issued by the bank against exposures in the banking book which fulfil the criteria for credit derivatives will be treated as cash collateralised transactions.

                20 When cash on deposit, certificates of deposit or comparable instruments issued by the lending bank are held as collateral at a third-party bank in a non-custodial arrangement, if they are openly pledged/assigned to the lending bank and if the pledge /assignment is unconditional and irrevocable, the exposure amount covered by the collateral (after any necessary haircuts for currency risk) will receive the risk weight of the third-party bank.

                21 However, the use or potential use by a UCITS/mutual fund of derivative instruments solely to hedge investments listed in this paragraph and paragraph CA-4.3.2 shall not prevent units in that UCITS /mutual fund from being eligible financial collateral.

                January 2015

              • CA-4.3.2

                The following collateral instruments are eligible for recognition in the comprehensive approach:

                (a) All of the instruments in paragraph CA-4.3.1;
                (b) Equities (including convertible bonds) which are not included in a main index but which are listed on a recognised exchange; and
                (c) UCITS/mutual funds which include such equities.
                January 2015

            • The Comprehensive Approach

              • Calculation of Capital Requirement

                • CA-4.3.3

                  For a collateralised transaction, the exposure amount after risk mitigation is calculated as follows:

                  E* = Max {0, [E x (1 + He) - C x (1 - Hc - Hfx)]}

                  where:
                  E* = The exposure value after risk mitigation
                  E = Current value of the exposure
                  He = Add-on appropriate to the exposure
                  C = The current value of the collateral received
                  Hc = Haircut appropriate to the collateral
                  Hfx = Haircut appropriate for currency mismatch between the collateral and exposure

                  January 2015

                • CA-4.3.4

                  The exposure amount after risk mitigation is multiplied by the risk weight of the counterparty to obtain the risk-weighted asset amount for the collateralised transaction.

                  January 2015

                • CA-4.3.5

                  The treatment for transactions where there is a mismatch between the maturity of the counterparty exposure and the collateral is given in Paragraphs CA-4.6.1 to CA-4.6.4.

                  January 2015

                • CA-4.3.6

                  Where the collateral is a basket of assets, the haircut on the basket will be:

                  H = ∑i ai Hi, where ai is the weight of the asset (as measured by units of currency) in the i basket and Hi the haircut applicable to that asset.

                  January 2015

              • Standard Haircuts and Add-Ons

                • CA-4.3.7

                  These are the standardised supervisory haircuts and add-ons (assuming daily mark-to market, daily re-margining and a 10-business day holding period), expressed as percentages:

                  Issue rating for debt securities Residual Maturity Sovereigns22,23 Other issuers24 Securitisation Exposures25
                  AAA to AA-/A-1 ≤1 year 0.5 1 2
                  >1 year, ≤5 years 2 4 8
                  >5 years 4 8 16
                  A+ to BBB-/ A-2/ A-3/ P-3 and Unrated bank securities ≤1 year 1 2 4
                  >1 year, ≤5 years 3 6 12
                  >5 years 6 12 24
                  BB+ to BB- All 15 Not Eligible Not Eligible
                  Main index equities 15
                  Other equities 25
                  UCITS/mutual funds Highest haircut applicable to any security in fund
                  Cash in the same currency26 0

                  22 Includes PSEs which are treated as sovereigns by the CBB.

                  23 Multilateral development banks receiving a 0% risk weight will be treated as sovereigns.

                  24 Includes PSEs which are not treated as sovereigns by CBB.

                  25 Securitisation exposures are defined as those exposures that meet the definition set forth in the securitisation framework.

                  26 Eligible cash collateral specified in Subparagraph CA-4.3.1(a).

                  January 2015

                • CA-4.3.8

                  The standard haircut for currency risk where exposure and collateral are denominated in different currencies is 8% (also based on a 10-business day holding period and daily mark-to-market).

                  January 2015

                • CA-4.3.9

                  For transactions in which the conventional bank licensee lends non-eligible instruments (e.g. non-investment grade corporate debt securities), the add-on to be applied on the exposure must be the same as the one for equity traded on a recognised exchange that is not part of a main index.

                  January 2015

              • Adjustment for Different Holding Periods and Non Daily Mark-to-market or Re-Margining

                • CA-4.3.10

                  For some transactions, depending on the nature and frequency of the revaluation and re-margining provisions, different holding periods are appropriate. The framework for collateral haircuts distinguishes between repo-style transactions (i.e. repo/reverse repos and securities lending/borrowing), "other capital-market-driven transactions" (i.e. OTC derivatives transactions and margin lending) and secured lending. In capital-market-driven transactions and repo-style transactions, the documentation contains remargining clauses; in secured lending transactions, it generally does not.

                  January 2015

                • CA-4.3.11

                  The minimum holding period for various products is summarised in the following table.

                  Transaction type Minimum holding period Condition
                  Repo-style transaction five business days daily re-margining
                  Other capital market transactions ten business days daily re-margining
                  Secured lending twenty business days daily revaluation
                  January 2015

                • CA-4.3.12

                  When the frequency of re-margining or revaluation is longer than the minimum, the minimum haircut numbers will be scaled up depending on the actual number of business days between re margining or revaluation using the square root of time formula below:

                  where:

                  H = Haircut

                  HM = Haircut under the minimum holding period

                  TM = Minimum holding period for the type of transaction

                  NR = Actual number of business days between re margining for capital market transactions or revaluation for secured transactions.

                  When a conventional bank licensee calculates the volatility on a TN day holding period which is different from the specified minimum holding period TM, the HM will be calculated using the square root of time formula:

                  TN = Holding period used by the bank for deriving HN

                  HN = Haircut based on the holding period TN

                  January 2015

                • CA-4.3.13

                  For example, for conventional bank licensees using the standard CBB haircuts, the 10-business day haircuts provided in paragraph CA-4.3.7 will be the basis and this haircut will be scaled up or down depending on the type of transaction and the frequency of re-margining or revaluation using the formula below:

                  where:

                  H = Haircut

                  H10 = 10-business day standard CBB haircut for instrument

                  NR = Actual number of business days between re-margining for capital

                  = Market transactions or revaluation for secured transactions.

                  TM = Minimum holding period for the type of transaction

                  January 2015

              • Conditions for Zero H

                • CA-4.3.14

                  For repo-style transactions where the following conditions are satisfied, and the counterparty is a core market participant, conventional bank licensees are not required to apply the haircuts specified in the comprehensive approach and may instead apply a haircut of zero. This carve-out will not be available for conventional bank licensees using the modelling approaches as described in Paragraphs CA-4.3.22 to CA-4.3.25:

                  (a) Both the exposure and the collateral are cash or a sovereign security or PSE security qualifying for a 0% risk weight in the standardised approach;
                  (b) Both the exposure and the collateral are denominated in the same currency;
                  (c) Either the transaction is overnight or both the exposure and the collateral are marked-to-market daily and are subject to daily re-margining;
                  (d) Following a counterparty's failure to re-margin, the time that is required between the last mark-to-market before the failure to re-margin and the liquidation27 of the collateral is considered to be no more than four business days;
                  (e) The transaction is settled across a settlement system proven for that type of transaction;
                  (f) The documentation covering the agreement is standard market documentation for repo-style transactions in the securities concerned;
                  (g) The transaction is governed by documentation specifying that if the counterparty fails to satisfy an obligation to deliver cash or securities or to deliver margin or otherwise defaults, then the transaction is immediately terminable; and
                  (h) Upon any default event, regardless of whether the counterparty is insolvent or bankrupt, the conventional bank licensee has the unfettered, legally enforceable right to immediately seize and liquidate the collateral for its benefit.

                  27 This does not require the bank to always liquidate the collateral but rather to have the capability to do so within the given time frame.

                  January 2015

                • CA-4.3.15

                  Core market participants include the following entities:

                  (a) Sovereigns, central banks and PSEs;
                  (b) Banks and securities firms;
                  (c) Other financial companies (including insurance companies) eligible for a 20% risk weight in the standardised approach;
                  (d) Regulated mutual funds that are subject to capital or leverage requirements;
                  (e) Regulated pension funds; and
                  (f) Recognised clearing organisations.
                  January 2015

                • CA-4.3.16

                  Where a supervisor has applied a specific carve-out to repo-style transactions in securities issued by its domestic government, then banks incorporated in Bahrain are allowed to adopt the same approach to the same transactions.

                  January 2015

              • Treatment of Repo-Style Transactions Covered under Master Netting Agreements

                • CA-4.3.17

                  The effects of bilateral netting agreements covering repo-style transactions will be recognised on a counterparty-by-counterparty basis if the agreements are legally enforceable in each relevant jurisdiction upon the occurrence of an event of default and regardless of whether the counterparty is insolvent or bankrupt. In addition, netting agreements must:

                  (a) Provide the non-defaulting party the right to terminate and close-out in a timely manner all transactions under the agreement upon an event of default, including in the event of insolvency or bankruptcy of the counterparty;
                  (b) Provide for the netting of gains and losses on transactions (including the value of any collateral) terminated and closed out under it so that a single net amount is owed by one party to the other;
                  (c) Allow for the prompt liquidation or setoff of collateral upon the event of default; and
                  (d) Be, together with the rights arising from the provisions required in (a) to (c) above, legally enforceable in each relevant jurisdiction upon the occurrence of an event of default and regardless of the counterparty's insolvency or bankruptcy.
                  January 2015

                • CA-4.3.18

                  Netting across positions in the banking and trading book will only be recognised when the netted transactions fulfil the following conditions:

                  (a) All transactions are marked to market daily28; and
                  (b) The collateral instruments used in the transactions are recognised as eligible financial collateral in the banking book.

                  28 The holding period for the haircuts will depend as in other repo-style transactions on the frequency of margining.

                  January 2015

                • CA-4.3.19

                  The formula in Paragraph CA-4.3.3 will be adapted to calculate the capital requirements for transactions with netting agreements.

                  January 2015

                • CA-4.3.20

                  For conventional bank licensees using the standard haircuts, the framework below will apply to take into account the impact of master netting agreements.

                  E* = Max {0, [(∑(E) – ∑(C)) + ∑ (ES x HS) + ∑ (EFX x HFX)]}29

                  Where:

                  E* = The exposure value after risk mitigation
                  E = Current value of the exposure
                  C = The value of the collateral received
                  ES = Absolute value of the net position in a given security
                  HS = Haircut appropriate to ES
                  EFX = Absolute value of the net position in a currency different from the settlement currency
                  HFX = Haircut appropriate for currency mismatch


                  29 The starting point for this formula is the formula in paragraph CA-4.3.3 which can also be presented as the following: E* = max {0, [(E – C) + (E x He) + (C x Hc) + (C x Hfx)]}

                  January 2015

                • CA-4.3.21

                  The net long or short position of each security included in the netting agreement will be multiplied by the appropriate haircut. All other rules regarding the calculation of haircuts stated in Paragraphs CA4.3.3 to CA-4.3.16 equivalently apply for conventional bank licensees using bilateral netting agreements for repo-style transactions.

                  January 2015

              • Use of Models

                • CA-4.3.22

                  As an alternative to the use of standard haircuts, CBB may allow conventional bank licensees to use a VaR models approach to reflect the price volatility of the exposure and collateral for repo-style transactions, taking into account correlation effects between security positions. This approach would apply to repo-style transactions covered by bilateral netting agreements on a counterparty-by-counterparty basis. At the discretion of CBB, firms are also eligible to use the VaR model approach for margin lending transactions, if the transactions are covered under a bilateral master netting agreement that meets the requirements of Paragraphs CA-4.3.17 and CA-4.3.18. The VaR models approach is available to conventional bank licensees that have received CBB's recognition for an internal market risk model under Chapter CA-14. Conventional bank licensees which have not received CBB's recognition for use of models under Chapter CA-14 can separately apply for CBB's recognition to use their internal VaR models for calculation of potential price volatility for repo-style transactions. Internal models will only be accepted when a conventional bank licensee can prove the quality of its model to CBB through the backtesting of its output using one year of historical data.

                  January 2015

                • CA-4.3.23

                  The quantitative and qualitative criteria for recognition of internal market risk models for repo-style transactions and other similar transactions are in principle the same as in Chapter CA-14. With regard to the holding period, the minimum will be 5-business days for repo-style transactions, rather than the 10-business days in the Market Risk Amendment. For other transactions eligible for the VaR models approach, the 10-business day holding period will be retained. The minimum holding period should be adjusted upwards for market instruments where such a holding period would be inappropriate given the liquidity of the instrument concerned.

                  January 2015

                • CA-4.3.24

                  The calculation of the exposure E* for banks using their internal model will be the following:

                  E* = Max {0, [(∑E – ∑c) + VaR output from internal model]}

                  In calculating capital requirements banks will use the previous business day's VaR number.

                  January 2015

                • CA-4.3.25

                  [This paragraph was deleted in January 2015.]

                  January 2015

            • The Simple Approach

              • Minimum Conditions

                • CA-4.3.26

                  For collateral to be recognised in the simple approach, the collateral must be pledged for at least the life of the exposure and it must be marked to market and revalued with a minimum frequency of six months. Those portions of claims collateralised by the market value of recognised collateral receive the risk weight applicable to the collateral instrument. The risk weight on the collateralised portion will be subject to a floor of 20% except under the conditions specified in Paragraphs CA-4.3.27 to CA-4.3.29. The remainder of the claim should be assigned to the risk weight appropriate to the counterparty. A capital requirement will be applied to conventional bank licensees on either side of the collateralised transaction: for example, both repos and reverse repos will be subject to capital requirements.

                  January 2015

            • Exceptions to the Risk Weight Floor

              • CA-4.3.27

                Transactions which fulfil the criteria outlined in Paragraph CA-4.3.14 and are with a core market participant, as defined in Paragraph CA-4.3.15, receive a risk weight of 0%. If the counterparty to the transactions is not a core market participant the transaction should receive a risk weight of 10%.

                January 2015

              • CA-4.3.28

                OTC derivative transactions subject to daily mark-to-market, collateralised by cash and where there is no currency mismatch receive a 0% risk weight. Such transactions collateralised by sovereign or PSE securities qualifying for a 0% risk weight in the standardised approach will receive a 10% risk weight.

                January 2015

              • CA-4.3.29

                The 20% floor for the risk weight on a collateralised transaction will not be applied and a 0% risk weight can be applied where the exposure and the collateral are denominated in the same currency, and either:

                (a) The collateral is cash on deposit as defined in Paragraph CA-4.3.1(a); or
                (b) The collateral is in the form of sovereign/PSE securities eligible for a 0% risk weight, and its market value has been discounted by 20%.
                January 2015

            • Collateralised OTC Derivatives Transactions

              • CA-4.3.30

                Under the Current Exposure Method, the calculation of the counterparty credit risk charge for an individual contract is as follows:

                Counterparty charge = [(RC + add-on) – CA] x r x 8%

                Where:

                RC = The replacement cost,
                Add-on = The amount for potential future exposure calculated according to paragraph 45 of Appendix CA-2.
                CA = The volatility adjusted collateral amount under the comprehensive approach prescribed in Paragraphs CA-4.3.3 to CA-4.3.16, or zero if no eligible collateral is applied to the transaction, and
                r = The risk weight of the counterparty.

                January 2015

              • CA-4.3.31

                When effective bilateral netting contracts are in place, RC is the net replacement cost and the add-on is ANet as calculated according to paragraph 50 (i) to 50 (vi) of Appendix CA-2. The haircut for currency risk (Hfx) must be applied when there is a mismatch between the collateral currency and the settlement currency. Even in the case where there are more than two currencies involved in the exposure, collateral and settlement currency, a single haircut assuming a 10-business day holding period scaled up as necessary depending on the frequency of mark-to-market must be applied.

                January 2015

              • CA-4.3.32

                As an alternative to the Current Exposure Method for the calculation of the counterparty credit risk charge, conventional bank licensees may also use the Standardised Method.

                January 2015

          • CA-4.4 CA-4.4 On-Balance Sheet Netting

            • CA-4.4.1

              Where a conventional bank licensee:

              (a) Has a well-founded legal basis for concluding that the netting or offsetting agreement is enforceable in each relevant jurisdiction regardless of whether the counterparty is insolvent or bankrupt;
              (b) Is able at any time to determine those assets and liabilities with the same counterparty that are subject to the netting agreement;
              (c) Monitors and controls its roll-off risks; and
              (d) Monitors and controls the relevant exposures on a net basis,

              it may use the net exposure of loans and deposits as the basis for its capital adequacy calculation in accordance with the formula in Paragraph CA-4.3.3. Assets (loans) are treated as exposure and liabilities (deposits) as collateral. The haircuts will be zero except when a currency mismatch exists. A 10-business day holding period will apply when daily mark-to- market is conducted and all the requirements contained in Paragraphs CA-4.3.7, CA-4.3.13, and CA-4.6.1 to CA-4.6.4 will apply.

              January 2015

          • CA-4.5 CA-4.5 Guarantees and Credit Derivatives

            • Operational Requirements

              • Operational Requirements Common to Guarantees and Credit Derivatives

                • CA-4.5.1

                  A guarantee (counter-guarantee) or credit derivative must represent a direct claim on the protection provider and must be explicitly referenced to specific exposures or a pool of exposures, so that the extent of the cover is clearly defined and incontrovertible. Other than non-payment by a protection purchaser of money due in respect of the credit protection contract it must be irrevocable; there must be no clause in the contract that would allow the protection provider unilaterally to cancel the credit cover or that would increase the effective cost of cover as a result of deteriorating credit quality in the hedged exposure30. It must also be unconditional; there should be no clause in the protection contract outside the direct control of the conventional bank licensee that could prevent the protection provider from being obliged to pay out in a timely manner in the event that the original counterparty fails to make the payment(s) due.


                  30 Note that the irrevocability condition does not require that the credit protection and the exposure be maturity matched; rather that the maturity agreed ex ante may not be reduced ex post by the protection provider. Paragraph CA-4.6.2 sets forth the treatment of call options in determining remaining maturity for credit protection.

                  January 2015

              • Additional Operational Requirements for Guarantees

                • CA-4.5.2

                  In addition to the legal certainty requirements in Paragraphs CA-4.1.8 and CA-4.1.9, in order for a guarantee to be recognised, the following conditions must be satisfied:

                  (a) On the qualifying default/non-payment of the counterparty, the conventional bank licensee may in a timely manner pursue the guarantor for any monies outstanding under the documentation governing the transaction. The guarantor may make one lump sum payment of all monies under such documentation to the conventional bank licensee, or the guarantor may assume the future payment obligations of the counterparty covered by the guarantee. The conventional bank licensee must have the right to receive any such payments from the guarantor without first having to take legal actions in order to pursue the counterparty for payment;
                  (b) The guarantee is an explicitly documented obligation assumed by the guarantor; and
                  (c) Except as noted in the following sentence, the guarantee covers all types of payments the underlying obligor is expected to make under the documentation governing the transaction, for example notional amount, margin payments etc. Where a guarantee covers payment of principal only, interests and other uncovered payments must be treated as an unsecured amount in accordance with Paragraph CA-4.5.10.
                  January 2015

              • Additional Operational Requirements for Credit Derivatives

                • CA-4.5.3

                  In order for a credit derivative contract to be recognised, the following conditions must be satisfied:

                  (a) The credit events specified by the contracting parties must at a minimum cover:
                  (i) Failure to pay the amounts due under terms of the underlying obligation that are in effect at the time of such failure (with a grace period that is closely in line with the grace period in the underlying obligation);
                  (ii) Bankruptcy, insolvency or inability of the obligor to pay its debts, or its failure or admission in writing of its inability generally to pay its debts as they become due, and analogous events; and
                  (iii) Restructuring of the underlying obligation involving forgiveness or postponement of principal, interest or fees that results in a credit loss event (i.e. charge-off, specific provision or other similar debit to the profit and loss account). When restructuring is not specified as a credit event, refer to Paragraph CA-4.5.4;
                  (b) If the credit derivative covers obligations that do not include the underlying obligation, Subparagraph (g) governs whether the asset mismatch is permissible;
                  (c) The credit derivative shall not terminate prior to expiration of any grace period required for a default on the underlying obligation to occur as a result of a failure to pay, subject to the provisions of Paragraph CA-4.6.2;
                  (d) Credit derivatives allowing for cash settlement are recognised for capital purposes insofar as a robust valuation process is in place in order to estimate loss reliably. There must be a clearly specified period for obtaining post-credit- event valuations of the underlying obligation. If the reference obligation specified in the credit derivative for purposes of cash settlement is different than the underlying obligation, Subparagraph (g) below governs whether the asset mismatch is permissible;
                  (e) If the protection purchaser's right/ability to transfer the underlying obligation to the protection provider is required for settlement, the terms of the underlying obligation must provide that any required consent to such transfer may not be unreasonably withheld;
                  (f) The identity of the parties responsible for determining whether a credit event has occurred must be clearly defined. This determination must not be the sole responsibility of the protection seller. The protection buyer must have the right/ability to inform the protection provider of the occurrence of a credit event;
                  (g) A mismatch between the underlying obligation and the reference obligation under the credit derivative (i.e. the obligation used for purposes of determining cash settlement value or the deliverable obligation) is permissible if (1) the reference obligation ranks pari passu with or is junior to the underlying obligation, and (2) the underlying obligation and reference obligation share the same obligor (i.e. the same legal entity) and legally enforceable cross-default or cross-acceleration clauses are in place; and
                  (h) A mismatch between the underlying obligation and the obligation used for purposes of determining whether a credit event has occurred is permissible if (1) the latter obligation ranks pari passu with or is junior to the underlying obligation, and (2) the underlying obligation and reference obligation share the same obligor (i.e. the same legal entity) and legally enforceable cross-default or cross-acceleration clauses are in place.
                  January 2015

                • CA-4.5.4

                  When the restructuring of the underlying obligation is not covered by the credit derivative, but the other requirements in Paragraph CA-4.5.3 are met, partial recognition of the credit derivative will be allowed. If the amount of the credit derivative is less than or equal to the amount of the underlying obligation, 60% of the amount of the hedge can be recognised as covered. If the amount of the credit derivative is larger than that of the underlying obligation, then the amount of eligible hedge is capped at 60% of the amount of the underlying obligation31.


                  31 The 60% recognition factor is provided as an interim treatment, which the CBB may refine in the future.

                  January 2015

                • CA-4.5.5

                  Only credit default swaps and total return swaps that provide credit protection equivalent to guarantees will be eligible for recognition. The following exception applies. Where a conventional bank licensee buys credit protection through a total return swap and records the net payments received on the swap as net income, but does not record offsetting deterioration in the value of the asset that is protected (either through reductions in fair value or by an addition to reserves), the credit protection will not be recognised. The treatment of first-to-default and second-to-default products is covered separately in Paragraphs CA-4.7.2 to CA-4.7.5.

                  January 2015

                • CA-4.5.6

                  Other types of credit derivatives are not eligible for recognition32.


                  32 Cash funded credit linked notes issued by the bank against exposures in the banking book which fulfil the criteria for credit derivatives will be treated as cash collateralised transactions.

                  January 2015

            • Range of Eligible Guarantors (Counter-Guarantors)/Protection Providers

              • CA-4.5.7

                Credit protection given by the following entities will be recognised:

                (a) Sovereign entities33, PSEs, banks34 and securities firms with a lower risk weight than the counterparty;
                (b) Other entities that are externally rated except where credit protection is provided to a securitisation exposure. This would include credit protection provided by parent, subsidiary and affiliate companies when they have a lower risk weight than the obligor; and
                (c) When credit protection is provided to a securitisation exposure, other entities that currently are externally rated BBB- or better and that were externally rated A- or better at the time the credit protection was provided. This would include credit protection provided by parent, subsidiary and affiliate companies when they have a lower risk weight than the obligor.

                33 This includes the Bank for International Settlements, the International Monetary Fund, the European Central Bank and the European Community, as well as those MDBs referred to in CA-3.2.8.

                34 This includes other MDBs.

                January 2015

              • CA-4.5.7A

                Credit default guarantee provided by Tamkeen is recognised as an eligible credit risk mitigant.

                Added: January 2023

            • Risk Weights

              • CA-4.5.8

                The protected portion is assigned the risk weight of the protection provider. The uncovered portion of the exposure is assigned the risk weight of the underlying counterparty.

                January 2015

              • CA-4.5.9

                Materiality thresholds on payments below which no payment is made in the event of loss are equivalent to retained first loss positions and must be deducted in full from the Total Capital of the conventional bank licensee purchasing the credit protection.

                January 2015

            • Proportional Cover

              • CA-4.5.10

                Where the amount guaranteed, or against which credit protection is held, is less than the amount of the exposure, and the secured and unsecured portions are of equal seniority, i.e. the conventional bank licensee and the guarantor share losses on a pro-rata basis capital relief will be afforded on a proportional basis: i.e. the protected portion of the exposure will receive the treatment applicable to eligible guarantees/credit derivatives, with the remainder treated as unsecured.

                January 2015

            • Tranched Cover

              • CA-4.5.11

                Where the conventional bank licensee transfers a portion of the risk of an exposure in one or more tranches to a protection seller or sellers and retains some level of risk of the loan and the risk transferred and the risk retained are of different seniority, conventional bank licensees may obtain credit protection for either the senior tranches (e.g. second loss portion) or the junior tranche (e.g. first loss portion). In this case the rules as set out in Chapter CA-6 (Credit risk — securitisation framework) will apply.

                January 2015

            • Currency Mismatches

              • CA-4.5.12

                Where the credit protection is denominated in a currency different from that in which the exposure is denominated — i.e. there is a currency mismatch — the amount of the exposure deemed to be protected will be reduced by the application of a haircut HFX, i.e.

                GA = G x (1 – HFX)

                Where:

                G = Nominal amount of the credit protection
                HFX = Haircut appropriate for currency mismatch between the credit protection and underlying obligation.

                The appropriate haircut based on a 10-business day holding period (assuming daily marking-to-market) will be applied. If a conventional bank licensee uses the standard haircuts it will be 8%. The haircuts must be scaled up using the square root of time formula, depending on the frequency of revaluation of the credit protection as described in Paragraph CA-4.3.12.

                January 2015

            • Sovereign Guarantees and Counter-guarantees

              • CA-4.5.13

                Portions of claims guaranteed by the entities detailed in Paragraph CA-3.2.1, where the guarantee is denominated in the domestic currency (and US$ in case of a guarantee provided by the Government of Bahrain and CBB) may get a 0% risk-weighting. A claim may be covered by a guarantee that is indirectly counter-guaranteed by such entities. Such a claim may be treated as covered by a sovereign guarantee provided that:

                (a) The sovereign counter-guarantee covers all credit risk elements of the claim;
                (b) Both the original guarantee and the counter-guarantee meet all operational requirements for guarantees, except that the counter-guarantee need not be direct and explicit to the original claim; and
                (c) CBB is satisfied that the cover is robust and that no historical evidence suggests that the coverage of the counter-guarantee is less than effectively equivalent to that of a direct sovereign guarantee.
                January 2015

          • CA-4.6 CA-4.6 Maturity Mismatches

            • CA-4.6.1

              For the purposes of calculating risk-weighted assets, a maturity mismatch occurs when the residual maturity of a hedge is less than that of the underlying exposure.

              January 2015

            • Definition of Maturity

              • CA-4.6.2

                The maturity of the underlying exposure and the maturity of the hedge should both be defined conservatively. The effective maturity of the underlying should be gauged as the longest possible remaining time before the counterparty is scheduled to fulfil its obligation, taking into account any applicable grace period. For the hedge, embedded options which may reduce the term of the hedge should be taken into account so that the shortest possible effective maturity is used. Where a call is at the discretion of the protection seller, the maturity will always be at the first call date. If the call is at the discretion of the protection buying bank but the terms of the arrangement at origination of the hedge contain a positive incentive for the bank to call the transaction before contractual maturity, the remaining time to the first call date will be deemed to be the effective maturity. For example, where there is a step-up in cost in conjunction with a call feature or where the effective cost of cover increases over time even if credit quality remains the same or increases, the effective maturity will be the remaining time to the first call.

                January 2015

            • Risk Weights for Maturity Mismatches

              • CA-4.6.3

                As outlined in Paragraph CA-4.2.24, hedges with maturity mismatches are only recognised when their original maturities are greater than or equal to one year. As a result, the maturity of hedges for exposures with original maturities of less than one year must be matched to be recognised. In all cases, hedges with maturity mismatches will not be recognised when they have a residual maturity of three months or less.

                January 2015

              • CA-4.6.4

                When there is a maturity mismatch with recognised credit risk mitigants (collateral, on-balance sheet netting, guarantees and credit derivatives) the following adjustment will be applied.

                Pa = P x (t – 0.25) / (T – 0.25)
                Where:

                Pa = Value of the credit protection adjusted for maturity mismatch.
                P = Credit protection (e.g. collateral amount, guarantee amount) adjusted for any haircuts.
                T = Min (T, residual maturity of the credit protection arrangement) expressed in years.
                T = Min (5, residual maturity of the exposure) expressed in years.

                January 2015

          • CA-4.7 CA-4.7 Other Items Related to the Treatment of CRM Techniques

            • Treatment of Pools of CRM Techniques

              • CA-4.7.1

                In the case where a conventional bank licensee has multiple CRM techniques covering a single exposure (e.g. a bank has both collateral and guarantee partially covering an exposure), the conventional bank licensee is required to subdivide the exposure into portions covered by each type of CRM technique (e.g. portion covered by collateral, portion covered by guarantee) and the risk-weighted assets of each portion must be calculated separately. When credit protection provided by a single protection provider has differing maturities, they must be subdivided into separate protection as well.

                January 2015

            • First-to-default Credit Derivatives

              • CA-4.7.2

                There are cases where a conventional bank licensee obtains credit protection for a basket of reference names and where the first default among the reference names triggers the credit protection and the credit event also terminates the contract. In this case, the conventional bank licensee may recognise regulatory capital relief for the asset within the basket with the lowest risk-weighted amount, but only if the notional amount is less than or equal to the notional amount of the credit derivative.

                January 2015

              • CA-4.7.3

                With regard to the conventional bank licensee providing credit protection through such an instrument, if the product has an external credit assessment from an eligible credit assessment institution, the risk weight in Paragraph CA-6.4.8 applied to securitisation tranches will be applied. If the product is not rated by an eligible external credit assessment institution, the risk weights of the assets included in the basket will be aggregated up to a maximum of 1250% and multiplied by the nominal amount of the protection provided by the credit derivative to obtain the risk-weighted asset amount.

                January 2015

            • Second-to-default Credit Derivatives

              • CA-4.7.4

                In the case where the second default among the assets within the basket triggers the credit protection, the conventional bank licensee obtaining credit protection through such a product will only be able to recognise any capital relief if first-default-protection has also be obtained or when one of the assets within the basket has already defaulted.

                January 2015

              • CA-4.7.5

                For conventional bank licensees providing credit protection through such a product, the capital treatment is the same as in Paragraph CA-4.7.3 above with one exception. The exception is that, in aggregating the risk weights, the asset with the lowest risk weighted amount can be excluded from the calculation.

                January 2015

        • CA-5 CA-5 Credit Risk — The Internal Ratings-Based Approach

          • CA-5.1

            [This Chapter was deleted in January 2015.]

            January 2015

        • CA-6 CA-6 Credit Risk — Securitisation Framework

          • CA-6.1 CA-6.1 Scope and Definitions of Transactions Covered under the Securitisation Framework

            • CA-6.1.1

              Conventional bank licensees must apply the securitisation framework for determining regulatory capital requirements on exposures arising from traditional and synthetic securitisations or similar structures that contain features common to both.

              January 2015

            • CA-6.1.1A

              A conventional bank licensee must meet all the requirements listed in the Paragraph CA-6.1.1.B below, to use any of the approaches specified in the securitisation framework. If a conventional bank licensee does not perform the level of the due diligence specified, it must risk weight the amount of the securitisation (or re-securitisation) exposure at 1,250% using the approach outlined in the Paragraphs CA-6.4.2 to CA-6.4.4.

              January 2015

            • CA-6.1.1B

              In order for a conventional bank licensee to use the securitisation framework, a conventional bank licensee must have the information specified below or risk weight the exposure at 1,250%:

              (a) A conventional bank licensee must have a comprehensive understanding of the risk characteristics of its individual securitisation exposures, whether on-balance sheet or off-balance sheet, as well as the risk characteristics of the pools underlying its securitisation exposures;
              (b) A conventional bank licensee must be able to access performance information on the underlying pools on an ongoing basis in a timely manner. Such information should include: exposure type, percentage of loans more than 30, 60 and 90 days past due, default rates, prepayment rates, loans in foreclosure, property type, occupancy, average credit score or other measures of creditworthiness, average loan-to-value ratio, and industry and geographic diversification. For re-securitisations, a conventional bank licensee must have not only information on the underlying securitisation tranches, such as the issuer name and credit quality, but also the characteristics and performance of the pools underlying the securitisation tranches; and
              (c) A conventional bank licensee must have a thorough understanding of all structural features of a securitisation transaction that would materially impact the performance of the conventional bank licensee's exposures to the transaction, such as the contractual waterfall and waterfall-related triggers, credit enhancements, liquidity enhancements, market value triggers, and deal-specific definitions of default.
              January 2015

            • CA-6.1.2

              Since securitisations may be structured in many different ways, the capital treatment of a securitisation exposure must be determined on the basis of its economic substance rather than its legal form. Similarly, CBB will look to the economic substance of a transaction to determine whether it should be subject to the securitisation framework for purposes of determining regulatory capital. Conventional bank licensees are encouraged to consult with the CBB when there is uncertainty about whether a given transaction should be considered a securitisation. For example, transactions involving cash flows from real estate (e.g. rents) may be considered specialised lending exposures, if warranted.

              January 2015

            • CA-6.1.3

              A traditional securitisation is a structure where the cash flow from an underlying pool of exposures is used to service at least two different stratified risk positions or tranches reflecting different degrees of credit risk. Payments to the investors depend upon the performance of the specified underlying exposures, as opposed to being derived from an obligation of the entity originating those exposures. The stratified/tranched structures that characterise securitisations differ from ordinary senior/subordinated debt instruments in that junior securitisation tranches can absorb losses without interrupting contractual payments to more senior tranches, whereas subordination in a senior/subordinated debt structure is a matter of priority of rights to the proceeds of liquidation.

              January 2015

            • CA-6.1.4

              A synthetic securitisation is a structure with at least two different stratified risk positions or tranches that reflect different degrees of credit risk where credit risk of an underlying pool of exposures is transferred, in whole or in part, through the use of funded (e.g. credit-linked notes) or unfunded (e.g. credit default swaps) credit derivatives or guarantees that serve to hedge the credit risk of the portfolio. Accordingly, the investors' potential risk is dependent upon the performance of the underlying pool.

              January 2015

            • CA-6.1.5

              Conventional bank licensees' exposures to a securitisation are hereafter referred to as "securitisation exposures". Securitisation exposures can include but are not restricted to the following: asset-backed securities, mortgage-backed securities, credit enhancements, liquidity facilities, interest rate or currency swaps, credit derivatives and tranched cover as described in Paragraph CA-4.5.11. Reserve accounts, such as cash collateral accounts, recorded as an asset by the originating conventional bank licensee must also be treated as securitisation exposures.

              January 2015

            • CA-6.1.5A

              A re-securitisation exposure is a securitisation exposure in which the risk associated with an underlying pool of exposures is tranched and at least one of the underlying exposures is a securitisation exposure. In addition, an exposure to one or more re-securitisation exposures is a re-securitisation exposure.

              January 2015

            • CA-6.1.5B

              Given the complexity of many securitisation transactions, licensees are encouraged to consult with the CBB when there is uncertainty about whether a particular structured credit position should be considered a re-securitisation exposure. The CBB will consider the exposure's economic substance when making a determination on whether a structured credit position is a re-securitisation exposure.

              January 2015

            • CA-6.1.5C

              Re-securitisation exposures include collateralised debt obligations (CDOs) of asset-backed securities (ABS) including, for example, a CDO backed by residential mortgage-backed securities (RMBS). Moreover, it also captures a securitisation exposure where the pool contains many individual mortgage loans and a single RMBS. This means that even if only one of the underlying exposures is a securitisation exposure, then any tranched position (such as senior or subordinated ABS) exposed to that pool is considered a re-securitisation exposure.

              January 2015

            • CA-6.1.5D

              Furthermore, when an instrument's performance is linked to one or more re-securitisation exposures, generally that instrument is a re-securitisation exposure. Thus a credit derivative providing credit protection for a CDO squared tranche is a re-securitisation exposure.

              January 2015

            • CA-6.1.5E

              The definition of re-securitisation also applies to ABCP programmes. The ratings based risk approach tables include weightings for both securitisation and re-securitisation exposures (see CA-6.4.8 onward).

              January 2015

            • CA-6.1.6

              Underlying instruments in the pool being securitised may include but are not restricted to the following: loans, commitments, asset-backed and mortgage-backed securities, corporate bonds, equity securities, and private equity investments. The underlying pool may include one or more exposures.

              January 2015

          • CA-6.2 CA-6.2 Definitions and General Terminology

            • Originating Bank

              • CA-6.2.1

                For risk-based capital purposes, a conventional bank licensee is considered to be an originator with regard to a certain securitisation if it meets either of the following conditions:

                (a) The conventional bank licensee originates directly or indirectly underlying exposures included in the securitisation; or
                (b) The conventional bank licensee serves as a sponsor of an asset-backed commercial paper (ABCP) conduit or similar programme that acquires exposures from third-party entities. In the context of such programmes, a conventional bank licensee would generally be considered a sponsor and, in turn, an originator if it, in fact or in substance, manages or advises the programme, places securities into the market, or provides liquidity and/or credit enhancements.
                January 2015

            • Asset Backed Commercial Paper (ABCP) Programme

              • CA-6.2.2

                An asset-backed commercial paper (ABCP) programme predominately issues commercial paper with an original maturity of one year or less that is backed by assets or other exposures held in a bankruptcy-remote, Special Purpose Securitisation Vehicle (SPSV).

                January 2015

            • Clean-Up Call

              • CA-6.2.3

                A clean-up call is an option that permits the securitisation exposures (e.g. asset-backed securities) to be called before all of the underlying exposures or securitisation exposures have been repaid. In the case of traditional securitisations, this is generally accomplished by repurchasing the remaining securitisation exposures once the pool balance or outstanding securities have fallen below some specified level. In the case of a synthetic transaction, the clean-up call may take the form of a clause that extinguishes the credit protection.

                January 2015

            • Credit Enhancement

              • CA-6.2.4

                A credit enhancement is a contractual arrangement in which the conventional bank licensee retains or assumes a securitisation exposure and, in substance, provides some degree of added protection to other parties to the transaction.

                January 2015

            • Credit Enhancing Interest-Only Strip

              • CA-6.2.5

                A credit-enhancing interest-only strip (I/O) is an on-balance sheet asset that (i) represents a valuation of cash flows related to future margin income, and (ii) is subordinated.

                January 2015

            • Early Amortisation

              • CA-6.2.6

                Early amortisation provisions are mechanisms that, once triggered, allow investors to be paid out prior to the originally stated maturity of the securities issued. For risk-based capital purposes, an early amortisation provision will be considered either controlled or non-controlled. A controlled early amortisation provision must meet all of the following conditions:

                (a) The conventional bank licensee must have an appropriate capital/liquidity plan in place to ensure that it has sufficient capital and liquidity available in the event of an early amortisation;
                (b) Throughout the duration of the transaction, including the amortisation period, there is the same pro-rata sharing of interest, principal, expenses, losses and recoveries based on the conventional bank licensee's and investors' relative shares of the receivables outstanding at the beginning of each month;
                (c) The conventional bank licensee must set a period for amortisation that would be sufficient for at least 90% of the total debt outstanding at the beginning of the early amortisation period to have been repaid or recognised as in default; and
                (d) The pace of repayment must not be any more rapid than would be allowed by straight-line amortisation over the period set out in criterion (c).
                January 2015

              • CA-6.2.7

                An early amortisation provision that does not satisfy the conditions for a controlled early amortisation provision must be treated as a non-controlled early amortisation provision.

                January 2015

            • Excess Spread

              • CA-6.2.8

                Excess spread is generally defined as gross finance charge collections and other income received by the trust or SPSV (specified in Paragraph CA-6.2.10) minus certificate interest, servicing fees, charge-offs, and other senior trust or SPSV expenses.

                January 2015

            • Implicit Support

              • CA-6.2.9

                Implicit support arises when a conventional bank licensee provides support to a securitisation in excess of its predetermined contractual obligation.

                January 2015

            • SPSV

              • CA-6.2.10

                An SPSV is a corporation, trust, or other entity organised for a specific purpose, the activities of which are limited to those appropriate to accomplish the purpose of the SPSV, and the structure of which is intended to isolate the SPSV from the credit risk of an originator or seller of exposures. SPSVs are commonly used as financing vehicles in which exposures are sold to a trust or similar entity in exchange for cash or other assets funded by debt issued by the trust.

                January 2015

          • CA-6.3 CA-6.3 Operational Requirements for the Recognition of Risk Transference

            • CA-6.3.1

              The following operational requirements are applicable to the standardised approach of the securitisation framework.

              January 2015

            • Operational Requirements for Traditional Securitisations

              • CA-6.3.2

                An originating bank may exclude securitised exposures from the calculation of risk weighted assets under Paragraph CA-6.4.1, only if all of the following conditions have been met. Conventional bank licensees meeting these conditions must still hold regulatory capital against any securitisation exposures they retain:

                (a) Significant credit risk associated with the securitised exposures has been transferred to third parties;
                (b) The transferor does not maintain effective or indirect control35 over the transferred exposures. The assets are legally isolated from the transferor in such a way (e.g. through the sale of assets or through sub-participation) that the exposures are put beyond the reach of the transferor and its creditors, even in bankruptcy or receivership. These conditions must be supported by an opinion provided by a qualified legal counsel;
                (c) The securities issued are not obligations of the transferor. Thus, investors who purchase the securities only have claim to the underlying pool of exposures;
                (d) The transferee is an SPSV and the holders of the beneficial interests in that entity have the right to pledge or exchange them without restriction;
                (e) Clean-up calls must satisfy the conditions set out in Paragraph CA-6.3.5; and
                (f) The securitisation does not contain clauses that (i) require the originating bank to alter systematically the underlying exposures such that the pool's weighted average credit quality is improved unless this is achieved by selling assets to independent and unaffiliated third parties at market prices; (ii) allow for increases in a retained first loss position or credit enhancement provided by the originating bank after the transaction's inception; or (iii) increase the yield payable to parties other than the originating bank, such as investors and third-party providers of credit enhancements, in response to a deterioration in the credit quality of the underlying pool.

                35 The transferor is deemed to have maintained effective control over the transferred credit risk exposures if it: (i) is able to repurchase from the transferee the previously transferred exposures in order to realise their benefits; or (ii) is obligated to retain the risk of the transferred exposures. The transferor's retention of servicing rights to the exposures will not necessarily constitute indirect control of the exposures.

                January 2015

            • Operational Requirements for Synthetic Securitisations

              • CA-6.3.3

                For synthetic securitisations, the use of CRM techniques (i.e. collateral, guarantees and credit derivatives) for hedging the underlying exposure may be recognised for risk-based capital purposes only if the conditions outlined below are satisfied:

                (a) Credit risk mitigants must comply with the requirements as set out in Chapter CA-4 of this Module;
                (b) Eligible collateral is limited to that specified in Paragraphs CA-4.3.1 and CA-4.3.2. Eligible collateral pledged by SPSVs may be recognised;
                (c) Eligible guarantors are defined in Paragraph CA-4.5.7. Conventional bank licensees may not recognise SPSVs as eligible guarantors in the securitisation framework;
                (d) Conventional bank licensees must transfer significant credit risk associated with the underlying exposure to third parties;
                (e) The instruments used to transfer credit risk may not contain terms or conditions that limit the amount of credit risk transferred, such as those provided below:
                (i) Clauses that materially limit the credit protection or credit risk transference (e.g. significant materiality thresholds below which credit protection is deemed not to be triggered even if a credit event occurs or those that allow for the termination of the protection due to deterioration in the credit quality of the underlying exposures);
                (ii) Clauses that require the originating bank to alter the underlying exposures to improve the pool's weighted average credit quality;
                (iii) Clauses that increase the conventional bank licensees' cost of credit protection in response to deterioration in the pool's quality;
                (iv) Clauses that increase the yield payable to parties other than the originating bank, such as investors and third-party providers of credit enhancements, in response to a deterioration in the credit quality of the reference pool; and
                (v) Clauses that provide for increases in a retained first loss position or credit enhancement provided by the originating bank after the transaction's inception;
                (f) An opinion must be obtained from a qualified legal counsel that confirms the enforceability of the contracts in all relevant jurisdictions; and
                (g) Clean-up calls must satisfy the conditions set out in Paragraph CA-6.3.5.
                January 2015

              • CA-6.3.4

                For synthetic securitisations, the effect of applying CRM techniques for hedging the underlying exposure are treated according to Chapter CA-4. In case there is a maturity mismatch, the capital requirement will be determined in accordance with Paragraphs CA-4.6.1 to CA-4.6.4. When the exposures in the underlying pool have different maturities, the longest maturity must be taken as the maturity of the pool. Maturity mismatches may arise in the context of synthetic securitisations when, for example, a conventional bank licensee uses credit derivatives to transfer part or all of the credit risk of a specific pool of assets to third parties. When the credit derivatives unwind, the transaction will terminate. This implies that the effective maturity of the tranches of the synthetic securitisation may differ from that of the underlying exposures. Originating banks of synthetic securitisations must treat such maturity mismatches in the following manner. A conventional bank licensee applying the standardised approach for securitisation must risk weight all retained positions that are unrated or rated below investment grade at 1,250%. For all other securitisation exposures, the conventional bank licensee must apply the maturity mismatch treatment set forth in Paragraphs CA-4.6.1 to CA-4.6.4.

                January 2015

            • Operational Requirements and Treatment of Clean-Up Calls

              • CA-6.3.5

                For securitisation transactions that include a clean-up call, no capital will be required due to the presence of a clean-up call if the following conditions are met:

                (a) The exercise of the clean-up call must not be mandatory, in form or in substance, but rather must be at the discretion of the originating bank;
                (b) The clean-up call must not be structured to avoid allocating losses to credit enhancements or positions held by investors or otherwise structured to provide credit enhancement; and
                (c) The clean-up call must only be exercisable when 10% or less of the original underlying portfolio, or securities issued remain, or, for synthetic securitisations, when 10% or less of the original reference portfolio value remains.
                January 2015

              • CA-6.3.6

                Securitisation transactions that include a clean-up call that does not meet all of the criteria stated in Paragraph CA-6.3.5 result in a capital requirement for the originating bank. For a traditional securitisation, the underlying exposures must be treated as if they were not securitised. Additionally, conventional bank licensees must not recognise in regulatory capital any gain-on-sale, as defined in Paragraph CA-6.4.3. For synthetic securitisations, the bank purchasing protection must hold capital against the entire amount of the securitised exposures as if they did not benefit from any credit protection. If a synthetic securitisation incorporates a call (other than a clean-up call) that effectively terminates the transaction and the purchased credit protection on a specific date, the conventional bank licensee must treat the transaction in accordance with Paragraph CA-6.3.4 and Paragraphs CA-4.6.1 to CA-4.6.4.

                January 2015

              • CA-6.3.7

                If a clean-up call, when exercised, is found to serve as a credit enhancement, the exercise of the clean-up call must be considered a form of implicit support provided by the conventional bank licensee and must be treated in accordance with the supervisory guidance pertaining to securitisation transactions.

                January 2015

          • CA-6.4 CA-6.4 Treatment of Securitisation Exposures

            • Calculation of Capital Requirements

              • CA-6.4.1

                Except as stated in Paragraph CA-6.3.2, conventional bank licensees are required to hold regulatory capital against all of their securitisation exposures and re-securitisation exposures, including those arising from the provision of credit risk mitigants to a securitisation transaction, investments in asset-backed securities, retention of a subordinated tranche, and extension of a liquidity facility or credit enhancement, as set forth in the remainder of this section. Repurchased securitisation exposures must be treated as retained securitisation exposures.

                January 2015

              • (i) Deduction

                • CA-6.4.2

                  [This Paragraph has been deleted in January 2015.]

                  January 2015

                • CA-6.4.3

                  Conventional bank licensees must deduct from CET1 any increase in equity capital resulting from a securitisation transaction, such as that associated with expected future margin income (FMI) resulting in a gain-on-sale. Such an increase in capital is referred to as a "gain-on-sale" for the purposes of the securitisation framework.

                  January 2015

                • CA-6.4.4

                  [This Paragraph has been deleted in January 2015.]

                  January 2015

              • (ii) Implicit Support

                • CA-6.4.5

                  When a conventional bank licensee provides implicit support to a securitisation, it must, at a minimum, hold capital against all of the exposures associated with the securitisation transaction as if they had not been securitised. Additionally, conventional bank licensees would not be permitted to recognise in regulatory capital any gain-on-sale, as defined in Paragraph CA-6.4.3. Furthermore, the conventional bank licensee is required to disclose publicly that (a) it has provided non-contractual support and (b) the capital impact of doing so.

                  January 2015

            • Operational Requirements for Use of External Credit Assessments

              • CA-6.4.6

                The following operational criteria concerning the use of external credit assessments apply in the standardised approach of the securitisation framework:

                (a) To be eligible for risk-weighting purposes, the external credit assessment must take into account and reflect the entire amount of credit risk exposure the conventional bank licensee has with regard to all payments owed to it. For example, if a conventional bank licensee is owed both principal and interest, the assessment must fully take into account and reflect the credit risk associated with timely repayment of both principal and interest;
                (b) The external credit assessments must be from an eligible ECAI as recognised by the CBB in accordance with Section CA-3.4 with the following exception. In contrast with Subparagraph CA-3.4.1(c), an eligible credit assessment must be publicly available, on a non-selective basis and free of charge. In other words, a rating must be published in an accessible form and included in the ECAI's transition matrix. Also, loss and cashflow analysis as well as sensitivity of ratings to changes in the underlying ratings assumptions must be publicly available. Consequently, ratings that are made available only to the parties to a transaction do not satisfy this requirement;
                (c) Eligible ECAIs must have a demonstrated expertise in assessing securitisations, which may be evidenced by strong market acceptance;
                (d) A conventional bank licensee must apply external credit assessments from eligible ECAIs consistently across a given type of securitisation exposure. Furthermore, a conventional bank licensee cannot use the credit assessments issued by one ECAI for one or more tranches and those of another ECAI for other positions (whether retained or purchased) within the same securitisation structure that may or may not be rated by the first ECAI. Where two or more eligible ECAIs can be used and these assess the credit risk of the same securitisation exposure differently, Paragraphs CA-3.4.5 and CA-3.4.6 will apply;
                (e) Where CRM is provided directly to an SPSV by an eligible guarantor defined in Paragraph CA-4.5.7 and is reflected in the external credit assessment assigned to a securitisation exposure(s), the risk weight associated with that external credit assessment should be used. In order to avoid any double counting, no additional capital recognition is permitted. If the CRM provider is not recognised as an eligible guarantor in Paragraph CA-4.5.7, the covered securitisation exposures should be treated as unrated; and
                (f) In the situation where a credit risk mitigant is not obtained by the SPSV but rather applied to a specific securitisation exposure within a given structure (e.g. ABS tranche), the conventional bank licensee must treat the exposure as if it is unrated and then use the CRM treatment outlined in Chapter CA-4 to recognise the hedge.
                January 2015

              • CA-6.4.6A

                A conventional bank licensee is not permitted to use any external credit assessment for risk-weighting purposes where the assessment is at least partly based on unfunded support provided by the conventional bank licensee. For example, if a conventional bank licensee buys ABCP where it provides an unfunded securitisation exposure extended to the ABCP programme (e.g. liquidity facility or credit enhancement), and that exposure plays a role in determining the credit assessment on the ABCP, the conventional bank licensee must treat the ABCP as if it were not rated. The conventional bank licensee must continue to hold capital against the other securitisation exposures it provides (e.g. against the liquidity facility and/or credit enhancement). The treatment described above is also applicable to exposures held in the trading book. A conventional bank licensee's capital requirement for such exposures held in the trading book can be no less than the amount required under the banking book treatment.

                January 2015

              • CA-6.4.6B

                Conventional bank licensees are permitted to recognise overlap in their exposures, consistent with Paragraph CA-6.4.23. For example, a conventional bank licensee providing a liquidity facility supporting 100% of the ABCP issued by an ABCP programme and purchasing (for its own account) 20% of the outstanding ABCP of that programme could recognise an overlap of 20% (100% liquidity facility + 20% CP held − 100% CP issued = 20%). If a conventional bank licensee provided a liquidity facility that covered 90% of the outstanding ABCP and purchased 20% of the ABCP, the two exposures would be treated as if 10% of the two exposures overlapped (90% liquidity facility + 20% CP held – 100% CP issued = 10%). If a conventional bank licensee provided a liquidity facility that covered 50% of the outstanding ABCP and purchased 20% of the ABCP, the two exposures would be treated as if there were no overlap.

                January 2015

            • Standardised Approach for Securitisation Exposures

              • (i) Scope

                • CA-6.4.7

                  Conventional bank licensees that apply the standardised approach to credit risk for the type of underlying exposure(s) securitised must use the standardised approach under the securitisation framework.

                  January 2015

              • (ii) Risk Weights

                • CA-6.4.8

                  The risk-weighted asset amount of a securitisation exposure is computed by multiplying the amount of the position by the appropriate risk weight determined in accordance with the following tables. For off-balance sheet exposures, conventional bank licensees must apply a CCF and then risk weight the resultant credit equivalent amount. If such an exposure is rated, a CCF of 100% must be applied.

                  Long term rating36 Securitisation Exposure Re-securitisation Exposure
                  AAA to AA– 20% 40%
                  A+ to A– 50% 100%
                  BBB+ to BBB– 100% 225%
                  BB+ to BB– 350% 650%
                  B+ and below or unrated 1,250% 1,250%
                  Short term rating Securitisation Exposure Re-securitisation Exposure
                  A-1/P-1 20% 40%
                  A-2/P-2 50% 100%
                  A-3/P-3 100% 225%
                  All other ratings or unrated 1,250% 1,250%

                  36 The rating designations used in the following tables are for illustrative purposes only and do not indicate any preference for, or endorsement of, any particular external assessment system.

                  January 2015

                • CA-6.4.9

                  The capital treatment of positions retained by originators, liquidity facilities, credit risk mitigants, and securitisations of revolving exposures are identified separately. The treatment of clean-up calls is provided in Paragraphs CA-6.3.5 to CA-6.3.7.

                  January 2015

                • Recognition of Ratings on Below-Investment Grade Exposures

                  • CA-6.4.10

                    Only third-party investors, as opposed to conventional bank licensees that serve as originators, may recognise external credit assessments that are equivalent to BB+ to BB- for risk weighting purposes of securitisation exposures.

                    January 2015

                • Originators to Apply 1,250% Risk Weight to all Below-Investment Grade Exposures

                  • CA-6.4.11

                    Originating banks as defined in paragraph CA-6.2.1 must risk weight all retained securitisation exposures rated below investment grade (i.e. BBB-) at 1,250%.

                    January 2015

              • (iii) Exceptions to General Treatment of Unrated Securitisation Exposures

                • CA-6.4.12

                  As noted in the tables above, unrated securitisation exposures must be risk weighted at 1,250% with the following exceptions: (i) the most senior exposure in a securitisation, (ii) exposures that are in a second loss position or better in ABCP programmes and meet the requirements outlined in Paragraph CA-6.4.15, and (iii) eligible liquidity facilities.

                  January 2015

                • Treatment of Unrated Most Senior Securitisation Exposures

                  • CA-6.4.13

                    If the most senior exposure in a securitisation of a traditional or synthetic securitisation is unrated, a conventional bank licensee that holds or guarantees such an exposure may determine the risk weight by applying the "look-through" treatment, provided the composition of the underlying pool is known at all times. Conventional bank licensees are not required to consider interest rate or currency swaps when determining whether an exposure is the most senior in a securitisation for the purpose of applying the "look-through" approach.

                    January 2015

                  • CA-6.4.14

                    In the look-through treatment, the unrated most senior position receives the average risk weight of the underlying exposures subject to CBB review. Where the conventional bank licensee is unable to determine the risk weights assigned to the underlying credit risk exposures, the unrated position must be risk-weighted at 1,250%.

                    January 2015

                • Treatment of Exposures in a Second Loss Position or Better in ABCP Programmes

                  • CA-6.4.15

                    A 1,250% risk weighting is not required for those unrated securitisation exposures provided by sponsoring conventional bank licensees to ABCP programmes that satisfy the following requirements:

                    (a) The exposure is economically in a second loss position or better and the first loss position provides significant credit protection to the second loss position;
                    (b) The associated credit risk is the equivalent of investment grade or better; and
                    (c) The conventional bank licensee holding the unrated securitisation exposure does not retain or provide the first loss position.
                    January 2015

                  • CA-6.4.16

                    Where these conditions are satisfied, the risk weight is the greater of (i) 100% or (ii) the highest risk weight assigned to any of the underlying individual exposures covered by the facility.

                    January 2015

                • Risk Weights for Eligible Liquidity Facilities

                  • CA-6.4.17

                    For eligible liquidity facilities as defined in Paragraph CA-6.4.19 and where the conditions for use of external credit assessments in Paragraph CA-6.4.6 are not met, the risk weight applied to the exposure's credit equivalent amount is equal to the highest risk weight assigned to any of the underlying individual exposures covered by the facility.

                    January 2015

              • (iv) Credit Conversion Factors for Off-Balance Sheet Exposures

                • CA-6.4.18

                  For risk-based capital purposes, conventional bank licensees must determine whether, according to the criteria outlined below, an off-balance sheet securitisation exposure qualifies as an 'eligible liquidity facility' or an 'eligible servicer cash advance facility'. All other off-balance sheet securitisation exposures will receive a 100% CCF.

                  January 2015

                • Eligible Liquidity Facilities

                  • CA-6.4.19

                    Conventional bank licensees are permitted to treat off-balance sheet securitisation exposures as eligible liquidity facilities if the following minimum requirements are satisfied:

                    (a) The facility documentation must clearly identify and limit the circumstances under which it may be drawn. Draws under the facility must be limited to the amount that is likely to be repaid fully from the liquidation of the underlying exposures and any seller-provided credit enhancements. In addition, the facility must not cover any losses incurred in the underlying pool of exposures prior to a draw, or be structured such that draw-down is certain (as indicated by regular or continuous draws);
                    (b) The facility must be subject to an asset quality test that precludes it from being drawn to cover credit risk exposures where the obligor is more than 90 days past due on any material risk in the banking group. In addition, if the exposures that a liquidity facility is required to fund are externally rated securities, the facility can only be used to fund securities that are externally rated investment grade at the time of funding;
                    (c) The facility cannot be drawn after all applicable (e.g. transaction-specific and programme-wide) credit enhancements from which the liquidity would benefit have been exhausted; and
                    (d) Repayment of draws on the facility (i.e. assets acquired under a purchase agreement or loans made under a lending agreement) must not be subordinated to any interests of any note holder in the programme (e.g. ABCP programme) or subject to deferral or waiver.
                    January 2015

                  • CA-6.4.20

                    Where these conditions are met, the conventional bank licensee may apply a 50% CCF to the eligible facility regardless of the maturity of the facility. However, if an external rating of the facility itself is used for risk-weighting the facility, a 100% CCF must be applied.

                    January 2015

                  • CA-6.4.21

                    [This Paragraph has been deleted in January 2012].

                    January 2015

                  • CA-6.4.22

                    [This Paragraph has been deleted in January 2012].

                    January 2015

                • Treatment of Overlapping Exposures

                  • CA-6.4.23

                    A conventional bank licensee may provide several types of facilities that can be drawn under various conditions. The same conventional bank licensee may be providing two or more of these facilities. Given the different triggers found in these facilities, it may be the case that a conventional bank licensee provides duplicative coverage to the underlying exposures. In other words, the facilities provided by a conventional bank licensee may overlap since a draw on one facility may preclude (in part) a draw under the other facility. In the case of overlapping facilities provided by the same conventional bank licensee, the conventional bank licensee does not need to hold additional capital for the overlap. Rather, it is only required to hold capital once for the position covered by the overlapping facilities (whether they are liquidity facilities or credit enhancements). Where the overlapping facilities are subject to different conversion factors, the conventional bank licensee must attribute the overlapping part to the facility with the highest conversion factor. However, if overlapping facilities are provided by different banks, each conventional bank licensee must hold capital for the maximum amount of the facility (see also Paragraph CA-6.4.6A).

                    January 2015

                • Eligible Servicer Cash Advance Facilities

                  • CA-6.4.24

                    If contractually provided for, servicers may advance cash to ensure an uninterrupted flow of payments to investors so long as the servicer is entitled to full reimbursement and this right is senior to other claims on cash flows from the underlying pool of exposures. A 0% CCF must be applied to such un-drawn servicer cash advances or facilities provided that these are unconditionally cancellable without prior notice.

                    January 2015

                • Treatment of Credit Risk Mitigation for Securitisation Exposures

                  • CA-6.4.25

                    The treatment below applies to a conventional bank licensee that has obtained a credit risk mitigant on a securitisation exposure. Credit risk mitigants include guarantees, credit derivatives, collateral and on-balance sheet netting. Collateral in this context refers to that used to hedge the credit risk of a securitisation exposure rather than the underlying exposures of the securitisation transaction.

                    January 2015

                  • CA-6.4.26

                    When a conventional bank licensee other than the originator provides credit protection to a securitisation exposure, it must calculate a capital requirement on the covered exposure as if it were an investor in that securitisation. If a conventional bank licensee provides protection to an unrated credit enhancement, it must treat the credit protection provided as if it were directly holding the unrated credit enhancement.

                    January 2015

                • Collateral

                  • CA-6.4.27

                    Eligible collateral is limited to that recognised under the standardised approach for CRM (Paragraphs CA-4.3.1 and CA-4.3.2). Collateral pledged by SPSVs may be recognised.

                    January 2015

                • Guarantees and Credit Derivatives

                  • CA-6.4.28

                    Credit protection provided by the entities listed in Paragraph CA-4.5.7 may be recognised. SPSVs cannot be recognised as eligible guarantors. A conventional bank licensee must not recognise any support provided by itself (see also Paragraph CA-6.4.6).

                    January 2015

                  • CA-6.4.29

                    Where guarantees or credit derivatives fulfil the minimum operational conditions as specified in Paragraphs CA-4.5.1 to CA-4.5.6, conventional bank licensees can take account of such credit protection in calculating capital requirements for securitisation exposures.

                    January 2015

                  • CA-6.4.30

                    Capital requirements for the guaranteed/protected portion will be calculated according to CRM for the standardised approach as specified in Paragraphs CA-4.5.8 to CA-4.5.13.

                    January 2015

                • Maturity Mismatches

                  • CA-6.4.31

                    For the purpose of setting regulatory capital against a maturity mismatch, the capital requirement will be determined in accordance with Paragraphs CA-4.6.1 to CA-4.6.4. When the exposures being hedged have different maturities, the longest maturity must be used.

                    January 2015

              • (vi) Capital Requirement for Early Amortisation Provisions

                • Scope

                  • CA-6.4.32

                    An originating bank is required to hold capital against all or a portion of the investors' interest (i.e. against both the drawn and un-drawn balances related to the securitised exposures) when:

                    (a) It sells exposures into a structure that contains an early amortisation feature; and
                    (b) The exposures sold are of a revolving nature. These involve exposures where the borrower is permitted to vary the drawn amount and repayments within an agreed limit under a line of credit (e.g. credit card receivables and corporate loan commitments).
                    January 2015

                  • CA-6.4.33

                    The capital requirement should reflect the type of mechanism through which an early amortisation is triggered.

                    January 2015

                  • CA-6.4.34

                    For securitisation structures wherein the underlying pool comprises revolving and term exposures, a conventional bank licensee must apply the relevant early amortisation treatment (outlined in Paragraphs CA-6.4.36 to CA-6.4.47) to that portion of the underlying pool containing revolving exposures.

                    January 2015

                  • CA-6.4.35

                    Conventional bank licensees are not required to calculate a capital requirement for early amortisations in the following situations:

                    (a) Replenishment structures where the underlying exposures do not revolve and the early amortisation ends the ability of the conventional bank licensee to add new exposures;
                    (b) Transactions of revolving assets containing early amortisation features that mimic term structures (i.e. where the risk on the underlying facilities does not return to the originating bank);
                    (c) Structures where a bank securitises one or more credit line(s) and where investors remain fully exposed to future draws by borrowers even after an early amortisation event has occurred; and
                    (d) The early amortisation clause is solely triggered by events not related to the performance of the securitised assets or the selling bank, such as material changes in tax laws or regulations.
                    January 2015

                • Maximum Capital Requirement

                  • CA-6.4.36

                    For a conventional bank licensee subject to the early amortisation treatment, the total capital charge for all of its positions will be subject to a maximum capital requirement (i.e. a 'cap') equal to the greater of (i) that required for retained securitisation exposures, or (ii) the capital requirement that would apply had the exposures not been securitised. In addition, conventional bank licensees must deduct the entire amount of any gain-on-sale and credit enhancing I/Os arising from the securitisation transaction in accordance with Paragraphs CA-6.4.2 to CA-6.4.4.

                    January 2015

                • Mechanics

                  • CA-6.4.37

                    The originator's capital charge for the investors' interest is determined as the product of (a) the investors' interest, (b) the appropriate CCF (as discussed below), and (c) the risk weight appropriate to the underlying exposure type, as if the exposures had not been securitised. As described below, the CCFs depend upon whether the early amortisation repays investors through a controlled or non-controlled mechanism. They also differ according to whether the securitised exposures are uncommitted retail credit lines (e.g. credit card receivables) or other credit lines (e.g. revolving corporate facilities). A line is considered uncommitted if it is unconditionally cancellable without prior notice.

                    January 2015

              • (vii) Determination of CCFs for Controlled Early Amortisation Features

                • CA-6.4.38

                  An early amortisation feature is considered controlled when the definition as specified in Paragraph CA-6.2.6 is satisfied.

                  January 2015

                • Uncommitted Retail Exposures

                  • CA-6.4.39

                    For uncommitted retail credit lines (e.g. credit card receivables) in securitisations containing controlled early amortisation features, conventional bank licensees must compare the three-month average excess spread defined in Paragraph CA-6.2.8 to the point at which the conventional bank licensee is required to trap excess spread as economically required by the structure (i.e. excess spread trapping point).

                    January 2015

                  • CA-6.4.40

                    In cases where such a transaction does not require excess spread to be trapped, the trapping point is deemed to be 4.5 percentage points.

                    January 2015

                  • CA-6.4.41

                    The conventional bank licensee must divide the excess spread level by the transaction's excess spread trapping point to determine the appropriate segments and apply the corresponding conversion factors, as outlined in the following table.

                    Controlled Early Amortisation Features

                      Uncommitted Committed
                    Retail credit lines 3-month average excess spread Credit Conversion Factor (CCF)

                    133.33% of trapping point or more
                    0% CCF

                    less than 133.33% to 100% of trapping point
                    1% CCF

                    less than 100% to 75% of trapping point
                    2% CCF

                    less than 75% to 50% of trapping point
                    10% CCF

                    less than 50% to 25% of trapping point
                    20% CCF

                    less than 25%
                    40% CCF
                    90% CCF
                    Non-retail credit lines 90% CCF 90% CCF
                    January 2015

                  • CA-6.4.42

                    Conventional bank licensees are required to apply the conversion factors set out above for controlled mechanisms to the investors' interest referred to in Paragraph CA-6.4.37.

                    January 2015

                • Other Exposures

                  • CA-6.4.43

                    All other securitised revolving exposures (i.e. those that are committed and all non-retail exposures) with controlled early amortisation features will be subject to a CCF of 90% against the off-balance sheet exposures.

                    January 2015

              • (viii) Determination of CCFs for Non-Controlled Early Amortisation Features

                • CA-6.4.44

                  Early amortisation features that do not satisfy the definition of a controlled early amortisation as specified in Paragraph CA-6.2.6 will be considered non-controlled and treated as follows.

                  January 2015

                • Uncommitted Retail Exposures

                  • CA-6.4.45

                    For uncommitted retail credit lines (e.g. credit card receivables) in securitisations containing non-controlled early amortisation features, conventional bank licensees must make the comparison described in Paragraphs CA-6.4.38 and CA-6.4.40.

                    January 2015

                  • CA-6.4.46

                    The conventional bank licensee must divide the excess spread level by the transaction's excess spread trapping point to determine the appropriate segments and apply the corresponding conversion factors, as outlined in the following table.

                    Non-Controlled Early Amortisation Features

                      Uncommitted Committed
                    Retail credit lines 3-month average excess spread
                    Credit Conversion Factor (CCF)

                    133.33% or more of trapping point
                    0% CCF

                    less than 133.33% to 100% of trapping point
                    5% CCF

                    less than 100% to 75% of trapping point
                    15% CCF

                    less than 75% to 50% of trapping point
                    50% CCF

                    less than 50% of trapping point
                    100% CCF
                    100% CCF
                    Non-retail credit lines 100% CCF 100% CCF
                    January 2015

                • Other Exposures

                  • CA-6.4.47

                    All other securitised revolving exposures (i.e. those that are committed and all non-retail exposures) with non-controlled early amortisation features will be subject to a CCF of 100% against the off-balance sheet exposures.

                    January 2015

                • [Paragraphs CA-6.4.48 to CA-6.4.88 were deleted in January 2015]

      • PART 3: PART 3: Other Risks

        • CA-7 CA-7 Operational Risk

          • CA-7.1 CA-7.1 The Measurement Methodologies

            • CA-7.1.1

              The framework outlined below presents two methods for calculating operational risk capital charges in a continuum of increasing sophistication and risk sensitivity:

              (a) The Basic Indicator Approach; and
              (b) The Standardised Approach.
              January 2015

            • CA-7.1.2

              Conventional bank licensees are encouraged to move towards standardised approach as they develop more sophisticated operational risk measurement systems and practices.

              January 2015

            • CA-7.1.3

              A conventional bank licensee will not be allowed to choose to revert to basic indicator approach once it has been approved for standardised approach without CBB's approval. However, if CBB determines that a conventional bank licensee using standardised approach no longer meets the qualifying criteria for standardised approach, it may require the conventional bank licensee to revert to basic indicator approach for some or all of its operations, until it meets the conditions specified by the CBB for returning to standardised approach.

              January 2015

            • Basic Indicator Approach

              • CA-7.1.4

                Conventional bank licensees applying the Basic Indicator Approach must hold capital for operational risk equal to the average over the previous three years of a fixed percentage (denoted alpha) of positive annual gross income. Figures for any year in which annual gross income is negative or zero must be excluded from both the numerator and denominator when calculating the average.37 The charge may be expressed as follows:
                KBIA = [∑(GI1.nα)]/n

                where:

                KBIA = the capital charge under the Basic Indicator Approach

                GI = annual gross income, where positive, over the previous three years (audited financial years)

                n = number of the previous three years for which gross income is positive

                α = 15%, relating the industry wide level of required capital to the industry wide level of the indicator.


                37 If negative gross income distorts a bank's Pillar 1 capital charge, CBB will consider appropriate supervisory action.

                January 2015

              • CA-7.1.5

                Gross income is defined as net interest income plus net non-interest income.38 This measure should: (i) be gross of any provisions (e.g. for unpaid interest); (ii) be gross of operating expenses, including fees paid to outsourcing service providers39; (iii) exclude realised profits/losses from the sale of securities in the banking book;40 and (iv) exclude extraordinary or irregular items as well as income derived from insurance.


                38 As defined under International Financial Reporting Standards as applicable in the Kingdom of Bahrain.

                39 In contrast to fees paid for services that are outsourced, fees received by banks that provide outsourcing services shall be included in the definition of gross income.

                40 Realised profits/losses from securities classified as "held to maturity" and "available for sale", which typically constitute items of the banking book, are also excluded from the definition of gross income.

                January 2015

              • CA-7.1.6

                In case of a bank with negative gross income for the previous three years, a newly licensed bank with less than 3 years of operations, or a merger, acquisition or material restructuring, the CBB shall discuss with the concerned licensed bank an alternative method for calculating the operational risk capital charge. For example, a newly licensed bank may be required to use the projected gross income in its 3-year business plan. Another approach that the CBB may consider is to require such licensed banks to observe a higher CAR.

                January 2015

              • CA-7.1.7

                Conventional bank licensees applying this approach are encouraged to comply with the principles set in Section OM-8.2 of Operational Risk Management Module.

                January 2015

            • The Standardised Approach

              • CA-7.1.8

                In the Standardised Approach, banks' activities are divided into eight business lines: corporate finance, trading & sales, retail banking, commercial banking, payment & settlement, agency services, asset management, and retail brokerage. The business lines are defined in detail in Appendix CA-9. The conventional bank licensee must meet the requirements detailed in Section OM-8.3 to qualify for the use of standardised approach.

                January 2015

              • CA-7.1.9

                Within each business line, gross income is a broad indicator that serves as a proxy for the scale of business operations and thus the likely scale of operational risk exposure within each of these business lines. The capital charge for each business line is calculated by multiplying gross income by a factor (denoted beta) assigned to that business line. Beta serves as a proxy for the industry-wide relationship between the operational risk loss experience for a given business line and the aggregate level of gross income for that business line. It should be noted that in the Standardised Approach, gross income is measured for each business line, not the whole institution, i.e. in corporate finance, the indicator is the gross income generated in the corporate finance business line. An example of calculation of gross income is provided in Appendix CA-10.

                January 2015

              • CA-7.1.10

                The total capital charge is calculated as the three-year average of the simple summation of the regulatory capital charges across each of the business lines in each year. In any given year, negative capital charges (resulting from negative gross income) in any business line can not off-set positive capital charges in other business lines. Where the aggregate capital charge across all business lines within a given year is negative, then the input to the numerator for that year will be zero.41 The total capital charge may be expressed as:

                KTSA = {∑ years 1-3 max[(GI1-8 X β1-8, 0]}/3

                where:

                KTSA = the capital charge under the Standardised Approach

                GI 1-8 = annual gross income in a given year, as defined above in the Basic Indicator Approach, for each of the eight business lines

                β1-8 = a fixed percentage, relating the level of required capital to the level of the gross income for each of the eight business lines.

                The values of the betas are detailed below.

                Business Lines Beta Factors
                Corporate Finance (β1) 18%
                Trading and Sales (β2) 18%
                Retail Banking (β3) 12%
                Commercial Banking (β4) 15%
                Payment and Settlement (β5) 18%
                Agency Services (β6) 15%
                Asset Management (β7) 12%
                Retail Brokerage (β8) 12%

                41 As under the Basic Indicator Approach, if negative gross income distorts a bank's Pillar 1 capital charge under the Standardised Approach, CBB will consider appropriate supervisory action.

                January 2015

        • CA-8 CA-8 Market Risk — Trading Book

          • CA-8.1 CA-8.1 Definition of the Trading Book

            • CA-8.1.1

              "Market risk" is defined as the risk of losses in on- and off-balance sheet positions arising from movements in market prices. The risks that are subject to the market risk capital requirement are:

              (a) Equity position risk in the trading book (see Chapter CA-10);42
              (b) Interest rate risk in trading positions in financial instruments in the trading book (see Chapter CA-9);
              (c) Foreign exchange risk (see Chapter CA-11); and
              (d) Commodities risk (see Chapter CA-12).

              42 Equity positions in the banking book are dealt with under Paragraph CA-3.2.26.

              January 2015

            • CA-8.1.2

              A trading book consists of positions in financial instruments and commodities held either with trading intent or in order to hedge other elements of the trading book, along with open foreign exchange positions in both the banking and the trading book. To be eligible for trading book capital treatment, financial instruments must either be free of any restrictive covenants on their tradability or able to be hedged completely. In addition, positions must be frequently and accurately valued, and the portfolio must be actively managed (open equity stakes in hedge funds, private equity investments, positions in a securitisation warehouse and real estate holdings do not meet the definition of the trading book, owing to significant constraints on the ability of banks to liquidate these positions and value them reliably on a daily basis. Such holdings must therefore be held in the conventional bank licensee's banking book and treated as equity holding in corporates, except real estate which must be treated as per Paragraph CA-3.2.29).

              January 2015

            • CA-8.1.3

              A financial instrument is any contract that gives rise to both a financial asset of one entity and a financial liability or equity instrument of another entity. Financial instruments include both primary financial instruments (or cash instruments) and derivative financial instruments. A financial asset is any asset that is cash, the right to receive cash or another financial asset; or the contractual right to exchange financial assets on potentially favourable terms, or an equity instrument. A financial liability is the contractual obligation to deliver cash or another financial asset or to exchange financial liabilities under conditions that are potentially unfavourable.

              January 2015

            • CA-8.1.4

              Positions held with trading intent are those held intentionally for short-term resale and/or with the intent of benefiting from actual or expected short-term price movements or to lock in arbitrage profits, and may include for example proprietary positions, positions arising from client servicing (e.g. matched principal broking) and market making. It is therefore possible that conventional bank licensees may sometimes not have a trading book as defined above. Nonetheless the conventional bank licensee's strategy and business plan must take account of the requirements of this Chapter in case a conventional bank licensee does take on positions with trading intent.

              January 2015

            • CA-8.1.5

              Conventional bank licensees must have clearly defined policies and procedures for determining which exposures to include in, and to exclude from, the trading book for purposes of calculating their regulatory capital, to ensure compliance with the criteria for trading book set forth in this Section and taking into account the conventional bank licensee's risk management capabilities and practices. The conventional bank licensee must have well-documented procedures to comply with stated policies, which must be fully documented and subject to periodic internal audit.

              January 2015

            • CA-8.1.6

              The policies and procedures referred to in Paragraph CA-8.1.5 must, at a minimum, address the following general considerations:

              (a) The activities the conventional bank licensee considers to be trading and as constituting part of the trading book for regulatory capital purposes;
              (b) The extent to which an exposure can be marked-to-market daily by reference to an active, liquid two-way market;
              (c) For exposures that are marked-to-model, the extent to which the conventional bank licensee can:
              (i) Identify the material risks of the exposure;
              (ii) Hedge the material risks of the exposure and the extent to which hedging instruments would have an active, liquid two-way market; and
              (iii) Derive reliable estimates for the key assumptions and parameters used in the model;
              (d) The extent to which the conventional bank licensee can and is required to generate valuations for the exposure that can be validated externally in a consistent manner;
              (e) The extent to which legal restrictions or other operational requirements would impede the conventional bank licensee's ability to effect an immediate liquidation of the exposure;
              (f) The extent to which the conventional bank licensee is required to, and can, actively risk manage the exposure within its trading operations; and
              (g) The extent to which the conventional bank licensee may transfer risk or exposures between the banking and the trading books and criteria for such transfers.

              The list above is not intended to provide a series of tests that a product or group of related products must pass to be eligible for inclusion in the trading book. Rather, the list provides a minimum set of key points that must be addressed by the policies and procedures for overall management of a conventional bank licensee's trading book.

              January 2015

            • CA-8.1.7

              The basic requirements for positions eligible to receive trading book capital treatment are as follows:

              (a) Clearly documented trading strategy for the position/instrument or portfolios, approved by senior management (which would include expected holding horizon);
              (b) Clearly defined policies and procedures for the active management of the position, which must include:
              (i) Positions are managed on a trading desk;
              (ii) Position limits are set and monitored for appropriateness;
              (iii) Dealers have the autonomy to enter into/manage the position within agreed limits and according to the agreed strategy;
              (iv) Positions are marked to market at least daily and when marking to model the parameters must be assessed on a daily basis;
              (v) Positions are reported to senior management as an integral part of the institution's risk management process; and
              (vi) Positions are actively monitored with reference to market information sources (assessment must be made of the market liquidity or the ability to hedge positions or the portfolio risk profiles). This would include assessing the quality and availability of market inputs to the valuation process, level of market turnover, sizes of positions traded in the market, etc.; and
              (c) Clearly defined policy and procedures to monitor the positions against the conventional bank licensee's trading strategy including the monitoring of turnover and stale positions in the conventional bank licensee's trading book.
              January 2015

            • CA-8.1.8

              When a conventional bank licensee hedges a banking book credit risk exposure using a credit derivative booked in its trading book (i.e. using an internal hedge), the banking book exposure is not deemed to be hedged for capital purposes unless the conventional bank licensee purchases from an eligible third party protection provider a credit derivative meeting the requirements of Paragraph CA-4.5.3 vis-à-vis the banking book exposure. Where such third party protection is purchased and is recognised as a hedge of a banking book exposure for regulatory capital purposes, neither the internal nor external credit derivative hedge would be included in the trading book for regulatory capital purposes.

              January 2015

            • CA-8.1.8A

              Positions in the conventional bank licensee's own regulatory capital instruments are deducted from capital (as detailed in Chapter CA-2.4). Positions in other banks', securities firms', and other financial entities' eligible regulatory capital instruments, as well as intangible assets, are subject to the treatment set down in Chapter CA-2.4.

              January 2015

            • CA-8.1.9

              Term trading-related repo-style transactions that a conventional bank licensee accounts for in its banking book may be included in the conventional bank licensee's trading book for regulatory capital purposes so long as all such repo-style transactions are included. For this purpose, trading-related repo-style transactions are defined as only those that meet the requirements of Paragraphs CA-8.1.4 and CA-8.1.7 and both legs are in the form of either cash or securities includable in the trading book.

              January 2015

            • CA-8.1.10

              Regardless of where they are booked, all repo-style transactions are subject to a banking book counterparty credit risk charge.

              January 2015

            • CA-8.1.11

              For the purposes of this framework, the correlation trading portfolio incorporates securitisation exposures and n-th-to-default credit derivatives that meet the following criteria:

              (a) The positions are neither re-securitisation positions, nor derivatives of securitisation exposures that do not provide a pro-rata share in the proceeds of a securitisation tranche (this therefore excludes options on a securitisation tranche, or a synthetically leveraged super-senior tranche); and
              (b) All reference entities are single-name products, including single-name credit derivatives, for which a liquid two-way market exists. This will include commonly traded indices based on these reference entities. A two-way market is deemed to exist where there are independent bona fide offers to buy and sell so that a price reasonably related to the last sales price or current bona fide competitive bid and offer quotations can be determined within one day and settled at such price within a relatively short time conforming to trade custom.

              Positions which reference an underlying that would be treated as a retail exposure, a residential mortgage exposure or a commercial mortgage exposure under the standardised approach to credit risk are not included in the correlation trading portfolio. Positions which reference a claim on a special purpose entity are not included either. A conventional bank licensee may also include in the correlation trading portfolio positions that hedge the positions described above and which are neither securitisation exposures nor n-th-to-default credit derivatives and where a liquid two-way market as described above exists for the instrument or its underlyings.

              January 2015

          • CA-8.2

            [This Chapter has been moved to Chapter CA-16 in January 2012]

            January 2015

          • CA-8.3 CA-8.3 Treatment of Counterparty Credit Risk in the Trading Book

            • CA-8.3.1

              Conventional bank licensees must calculate the counterparty credit risk charge for OTC derivatives, repo-style and other transactions booked in the trading book, separate from the capital charge for general market risk and specific risk.43 The risk weights to be used in this calculation must be consistent with those used for calculating the capital requirements in the banking book. Thus, conventional bank licensees must use the standardised approach risk weights in the trading book.


              43 The treatment for unsettled foreign exchange and securities trades is set forth in Paragraph CA-3.3.13.

              January 2015

            • CA-8.3.2

              In the trading book, for repo-style transactions, all instruments, which are included in the trading book, may be used as eligible collateral. Those instruments which fall outside the banking book definition of eligible collateral are subject to a haircut at the level applicable to non-main index equities listed on recognised exchanges (as noted in Paragraph CA-4.3.7). Where conventional bank licensees are applying a VaR approach to measuring exposure for repo-style transactions, they also may apply this approach in the trading book in accordance with Paragraphs CA-4.3.22 to CA-4.3.25 and Appendix CA-2.

              January 2015

            • CA-8.3.3

              The calculation of the counterparty credit risk charge for collateralised OTC derivative transactions is the same as the rules prescribed for such transactions booked in the banking book.

              January 2015

            • CA-8.3.4

              The calculation of the counterparty charge for repo-style transactions must follow the rules in Paragraphs CA-4.3.3 to CA-4.3.25 and Appendix CA-2.

              January 2015

            • Credit Derivatives

              • CA-8.3.5

                The counterparty credit risk charge for single name credit derivative transactions in the trading book must be calculated applying the following potential future exposure add-on factors:

                  Protection buyer Protection seller
                Total Return Swap    
                "Qualifying" reference obligation 5% 5%
                "Non-qualifying" reference obligation 10% 10%
                Credit Default Swap    
                "Qualifying" reference obligation 5% 5%**
                "Non-qualifying" reference obligation 10% 10%**

                There will be no difference depending on residual maturity.

                The definition of "qualifying" is the same as for the treatment of specific risk in chapter CA-9.

                ** The protection seller of a credit default swap is only subject to the add-on factor where it is subject to closeout upon the insolvency of the protection buyer while the underlying is still solvent. Add-on must then be capped to the amount of unpaid premiums.

                January 2015

              • CA-8.3.6

                Where the credit derivative is a first to default transaction, the add-on is determined by the lowest credit quality underlying in the basket, i.e. if there are any non-qualifying items in the basket, the non-qualifying reference obligation add-on is used. For second and subsequent to default transactions, underlying assets must continue to be allocated according to the credit quality, i.e. the second lowest credit quality determines the add-on for a second to default transaction etc.

                January 2015

        • CA-9 CA-9 Market Risk — Interest Rate Risk — (STA)

          • CA-9.1 CA-9.1 Introduction

            • CA-9.1.1

              This Chapter describes the standardised approach for the measurement of the interest rate risk in the conventional bank licensee's trading book, in order to determine the capital requirement for this risk. The interest rate exposure captured includes exposure arising from interest-bearing and discounted financial instruments, derivatives which are based on the movement of interest rates, foreign exchange forwards, and interest rate exposure embedded in derivatives which are based on non-interest rate related instruments.

              January 2015

            • CA-9.1.2

              For the guidance of the conventional bank licensees, and without being exhaustive, the following list includes financial instruments in the trading book to which interest rate risk capital requirements will apply, irrespective of whether or not the instruments carry coupons:

              (a) Bonds/loan stocks, debentures etc;
              (b) Non-convertible preference shares;
              (c) Convertible securities such as preference shares and bonds, which are treated as debt instruments44;
              (d) Mortgage backed securities and other securitised assets45;
              (e) Certificates of Deposit;
              (f) Treasury bills, local authority bills, banker's acceptances;
              (g) Commercial paper;
              (h) Euronotes, medium term notes, etc;
              (i) Floating rate notes, FRCDs etc;
              (j) Foreign exchange forward positions;
              (k) Derivatives based on the above instruments and interest rates; and
              (l) Interest rate exposure embedded in other financial instruments.

              44 See Section CA-10.1 for an explanation of the circumstances in which convertible securities should be treated as equity instruments. In other circumstances, they should be treated as debt instruments.

              45 Traded mortgage securities and mortgage derivative products possess unique characteristics because of the risk of pre-payment. It is possible that including such products within the standardised methodology as if they were similar to other securitised assets may not capture all the risks of holding positions in them. Banks which have traded mortgage securities and mortgage derivative products should discuss their proposed treatment with the CBB and obtain the CBB's prior written approval for it.

              January 2015

            • CA-9.1.3

              A security which is the subject of a repurchase or securities lending agreement must be treated as if it were still owned by the lender of the security, i.e. it is treated in the same manner as other securities positions.

              January 2015

            • CA-9.1.4

              The minimum capital requirement is expressed in terms of two separately calculated charges, one applying to the "specific risk" of each security, whether it is a short or a long position, and the other to the interest rate risk in the portfolio (termed "general market risk") where long and short positions in different securities or instruments can be offset. The conventional bank licensees must, however, determine the specific risk capital charge for the correlation trading portfolio as follows: The conventional bank licensee computes (i) the total specific risk capital charges that would apply just to the net long positions from the net long correlation trading exposures combined, and (ii) the total specific risk capital charges that would apply just to the net short positions from the net short correlation trading exposures combined. The larger of these total amounts is then the specific risk capital charge for the correlation trading portfolio.

              January 2015

            • CA-9.1.4A

              [This Paragraph was deleted in January 2015.]

              January 2015

            • CA-9.1.5

              The specific risk capital requirement recognises that individual instruments may change in value for reasons other than shifts in the yield curve of a given currency. The general risk capital requirement reflects the price change of these products caused by parallel and non-parallel shifts in the yield curve, as well as the difficulty of constructing perfect hedges.

              January 2015

            • CA-9.1.6

              There is general market risk inherent in all interest rate risk positions. This may be accompanied by one or more out of specific interest rate risk, counterparty risk, equity risk and foreign exchange risk, depending on the nature of the position. Conventional bank licensees must consider carefully which risks are generated by each individual position. It should be recognised that the identification of the risks will require the application of the appropriate level of technical skills and professional judgment.

              January 2015

            • CA-9.1.7

              Conventional bank licensees which have the intention and capability to use internal models for the measurement of general interest rate risk and, hence, for the calculation of the capital requirement, must seek the prior written approval of the CBB for those models. The CBB's detailed rules for the recognition and use of internal models are included in Chapter CA-14. Conventional bank licensees which do not use internal models must adopt the standardised approach to calculate the interest rate risk capital requirement, as set out in detail in this Chapter.

              January 2015

          • CA-9.2 CA-9.2 Specific Risk Calculation

            • CA-9.2.1

              The capital charge for specific risk is designed to protect against a movement in the price of an individual instrument, owing to factors related to the individual issuer.

              January 2015

            • CA-9.2.2

              In measuring the specific risk for interest rate related instruments, a conventional bank licensee may net, by value, long and short positions (including positions in derivatives) in the same debt instrument to generate the individual net position in that instrument. Instruments will be considered to be the same where the issuer is the same, they have an equivalent ranking in a liquidation, and the currency, the coupon and the maturity are the same.

              January 2015

            • CA-9.2.3

              The specific risk capital requirement is determined by weighting the current market value of each individual net position, whether long or short, according to its allocation among the following broad categories:

              Categories External credit assessment Specific risk capital charge
              Government (including GCC governments) AAA to AA-

              A+ to BBB-








              BB+ to B-

              Below B-

              Unrated
              0%

              0.25% (residual term to final maturity 6 months or less)

              1.00% (residual term to final maturity greater than 6 and up to and including 24 months)

              1.60% (residual term to final maturity exceeding 24 months)

              8.00%

              12.00%

              8.00%
              Qualifying   0.25% (residual term to final maturity 6 months or less)

              1.00% (residual term to final maturity greater than 6 and up to and including 24 months)

              1.60% (residual term to final maturity exceeding 24 months)
              Other Similar to credit risk charges under the standardised approach, e.g.:

              BB+ to BB-

              Below BB-

              Unrated
              8.00%

              12.00%

              8.00%
              January 2015

            • CA-9.2.4

              When the government paper is denominated in the domestic currency and funded by the conventional bank licensee in the same currency, a 0% specific risk charge may be applied.

              January 2015

            • CA-9.2.5

              Central "government" debt instruments include all forms of government paper, including bonds, treasury bills and other short-term instruments.

              January 2015

            • CA-9.2.6

              However the CBB reserves the right to apply a specific risk weight to securities issued by certain foreign governments, especially to securities denominated in a currency other than that of the issuing government.

              January 2015

            • CA-9.2.7

              The "qualifying" category includes securities issued by or fully guaranteed by public sector entities and multilateral development banks (refer to Paragraph CA-3.2.8), plus other securities that are:

              (a) Rated investment grade by at least two internationally recognised credit rating agencies (to be agreed with the CBB);
              (b) Deemed to be of comparable investment quality by the reporting bank, provided that the issuer is rated investment grade by at least two internationally recognised credit rating agencies (to be agreed with the CBB);
              (c) Rated investment grade by one credit rating agency and not less than investment grade by any internationally recognised credit rating agencies (to be agreed with the CBB); or
              (d) Unrated (subject to the approval of the CBB), but deemed to be of comparable investment quality by the reporting bank and where the issuer has securities listed on a recognised stock exchange, may also be included.
              January 2015

            • Specific Risk Rules for Unrated Debt Securities

              • CA-9.2.8

                Unrated securities may be included in the "qualifying" category when they are (subject to CBB's approval) unrated, but deemed to be of comparable investment quality by the reporting bank, and the issuer has securities listed on a recognised stock exchange.

                January 2015

            • Specific Risk Rules for Non-qualifying Issuers

              • CA-9.2.9

                Instruments issued by a non-qualifying issuer receive the same specific risk charge as a non-investment grade corporate borrower under the standardised approach for credit risk under Chapter CA-4.

                January 2015

              • CA-9.2.10

                However, since this may in certain cases considerably underestimate the specific risk for debt instruments which have a high yield to redemption relative to government debt securities, CBB will have the discretion, on a case by case basis:

                (a) To apply a higher specific risk charge to such instruments; and/or
                (b) To disallow offsetting for the purposes of defining the extent of general market risk between such instruments and any other debt instruments.
                January 2015

              • CA-9.2.11

                In that respect, securitisation exposures subject to the securitisation framework set forth in Chapter CA-6 (e.g. equity tranches that absorb first loss), as well as securitisation exposures that are unrated liquidity lines or letters of credit must be subject to a capital charge that is no less than the charge set forth in the securitisation framework.

                January 2015

            • Specific Risk Rules for Positions Covered under the Securitisation Framework

              • CA-9.2.11A

                The specific risk of securitisation positions as defined in Paragraphs CA-6.1.1 to CA-6.1.6 which are held in the trading book is to be calculated according to the method used for such positions in the banking book unless specified otherwise below. To that effect, the risk weight has to be calculated as specified below and applied to the net positions in securitisation instruments in the trading book. The total specific risk capital charge for the correlation trading portfolio is to be computed according to Paragraph CA-9.2.17, and the total specific risk capital charge for securitisation exposures is to be computed according to Paragraph CA-9.1.4.

                January 2015

              • CA-9.2.11B

                The specific risk capital charges for positions covered under the standardised approach for securitisation exposures are defined in the table below. These charges must be applied by conventional bank licensees using the standardised approach for credit risk. For positions with long-term ratings of B+ and below and short-term ratings other than A-1/P-1, A-2/P-2, A-3/P-3, a 1,250% risk weighting as defined in Paragraph CA-6.4.8 is required. A 1,250% weighting is also required for unrated positions with the exception of the circumstances described in Paragraphs CA-6.4.12 to CA-6.4.16. The operational requirements for the recognition of external credit assessments outlined in Paragraph CA-6.4.6 apply.

                January 2015

            • Specific Risk Capital Charges under the Standardised Approach Based on External Credit Ratings

              External Credit Assessment AAA to AA- A-1/P-1 A+ to A- A-2/P-2 BBB+ BBB- A-3/P-3 BB+ to BB- Below BB- and below A-3/P-3 or unrated
              Securitisation Exposures 1.6% 4% 8% 28% Deduction
              Re-securitisation Exposures 3.2% 8% 18% 52% Deduction
              January 2015

              • CA-9.2.11C

                The specific risk capital charges for unrated positions under the securitisation framework as defined in Paragraphs CA-6.1.1 to CA-6.1.6 must be calculated as set out below, subject to CBB approval. The capital charge can be calculated as 12% of the weighted average risk weight that would be applied to the securitised exposures under the standardised approach, multiplied by a concentration ratio. If the concentration ratio is 12.5 or higher the position has to be deducted from capital as defined in Paragraph CA-6.4.2. This concentration ratio is equal to the sum of the nominal amounts of all the tranches divided by the sum of the nominal amounts of the tranches junior to or pari passu with the tranche in which the position is held including that tranche itself.

                The resulting specific risk capital charge must not be lower than any specific risk capital charge applicable to a rated more senior tranche. If a conventional bank licensee is unable to determine the specific risk capital charge as described above or prefers not to apply the treatment described above to a position, it must deduct that position from capital.

                January 2015

              • CA-9.2.11D

                A position subject to deduction according to Paragraphs CA-9.2.11B to CA-9.2.11C may be excluded from the calculation of the capital charge for general market risk.

                January 2015

              • CA-9.2.11E

                [This Paragraph was deleted in January 2015.]

                January 2015

            • Specific Risk Capital Charges for Positions Hedged by Credit Derivatives

              • CA-9.2.12

                Full allowance will be recognised when the values of two legs (i.e. long and short) always move in the opposite direction and broadly to the same extent. This would be the case in the following situations:

                (a) The two legs consist of completely identical instruments; or
                (b) A long cash position is hedged by a total rate of return swap (or vice versa) and there is an exact match between the reference obligation and the underlying exposure (i.e. the cash position)46.

                In these cases, no specific risk capital requirement applies to both sides of the position.


                46 The maturity of the swap itself may be different from that of the underlying exposure.

                January 2015

              • CA-9.2.13

                An 80% offset will be recognised when the value of two legs (i.e. long and short) always moves in the opposite direction but not broadly to the same extent. This would be the case when a long cash position is hedged by a credit default swap or a credit linked note (or vice versa) and there is an exact match in terms of the reference obligation, the maturity of both the reference obligation and the credit derivative, and the currency to the underlying exposure. In addition, key features of the credit derivative contract (e.g. credit event definitions, settlement mechanisms) should not cause the price movement of the credit derivative to materially deviate from the price movements of the cash position. To the extent that the transaction transfers risk (i.e. taking account of restrictive payout provisions such as fixed payouts and materiality thresholds), an 80% specific risk offset will be applied to the side of the transaction with the higher capital charge, while the specific risk requirement on the other side will be zero.

                January 2015

              • CA-9.2.14

                Partial allowance will be recognised when the value of the two legs (i.e. long and short) usually moves in the opposite direction. This would be the case in the following situations:

                (a) The position is captured in Paragraph CA-9.2.12 under (b), but there is an asset mismatch between the reference obligation and the underlying exposure. Nonetheless, the position meets the requirements in Paragraph CA-4.5.3 (g);
                (b) The position is captured in Paragraph CA-9.2.12 under (a) or CA-9.2.13 but there is a currency or maturity mismatch47 between the credit protection and the underlying asset; or
                (c) The position is captured in Paragraph CA-9.2.13 but there is an asset mismatch between the cash position and the credit derivative. However, the underlying asset is included in the (deliverable) obligations in the credit derivative documentation.

                47 Currency mismatches should feed into the normal reporting of foreign exchange risk.

                January 2015

              • CA-9.2.15

                In each of these cases in Paragraphs CA-9.2.12 to CA-9.2.14, the following rule applies. Rather than adding the specific risk capital requirements for each side of the transaction (i.e. the credit protection and the underlying asset) only the higher of the two capital requirements will apply.

                January 2015

              • CA-9.2.16

                In cases not captured in Paragraphs CA-9.2.12 to CA-9.2.14, a specific risk capital charge must be assessed against both sides of the position.

                January 2015

              • CA-9.2.17

                An n-th-to-default credit derivative is a contract where the payoff is based on the n-th asset to default in a basket of underlying reference instruments. Once the n-th default occurs the transaction terminates and is settled:

                (a) The capital charge for specific risk for a first-to-default credit derivative is the lesser of (1) the sum of the specific risk capital charges for the individual reference credit instruments in the basket, and (2) the maximum possible credit event payment under the contract. Where a conventional bank licensee has a risk position in one of the reference credit instruments underlying a first-to-default credit derivative and this credit derivative hedges the conventional bank licensee's risk position, the conventional bank licensee is allowed to reduce with respect to the hedged amount both the capital charge for specific risk for the reference credit instrument and that part of the capital charge for specific risk for the credit derivative that relates to this particular reference credit instrument. Where a conventional bank licensee has multiple risk positions in reference credit instruments underlying a first-to-default credit derivative this offset is allowed only for that underlying reference credit instrument having the lowest specific risk capital charge;
                (b) The capital charge for specific risk for an n-th-to-default credit derivative with n greater than one is the lesser of (1) the sum of the specific risk capital charges for the individual reference credit instruments in the basket but disregarding the (n-1) obligations with the lowest specific risk capital charges; and (2) the maximum possible credit event payment under the contract. For n-th-to-default credit derivatives with n greater than 1 no offset of the capital charge for specific risk with any underlying reference credit instrument is allowed;
                (c) If a first or other n-th-to-default credit derivative is externally rated, then the protection seller must calculate the specific risk capital charge using the rating of the derivative and apply the respective securitisation risk weights as specified in Paragraph CA-9.2.11B; and
                (d) The capital charge against each net n-th-to-default credit derivative position applies irrespective of whether the conventional bank licensee has a long or short position, i.e. obtains or provides protection.
                January 2015

          • CA-9.3 CA-9.3 General Market Risk Calculation

            • CA-9.3.1

              The capital requirements for general market risk are designed to capture the risk of loss arising from changes in market interest rates, i.e. the risk of parallel and non-parallel shifts in the yield curve. A choice between two principal methods of measuring the general market risk is permitted, a "maturity" method and a "duration" method. In each method, the capital charge is the sum of the following four components:

              (a) The net short or long position in the whole trading book;
              (b) A small proportion of the matched positions in each time-band (the "vertical disallowance");
              (c) A larger proportion of the matched positions across different time-bands (the "horizontal disallowance"); and
              (d) A net charge for positions in options, where appropriate (see Chapter CA-13).
              January 2015

            • CA-9.3.2

              Separate maturity ladders must be used for each currency and capital charges must be calculated for each currency separately and then summed, by applying the prevailing foreign exchange spot rates, with no off-setting between positions of opposite sign.

              January 2015

            • CA-9.3.3

              In the case of those currencies in which the value and volume of business is insignificant, separate maturity ladders for each currency are not required. Instead, the conventional bank licensee may construct a single maturity ladder and slot, within each appropriate time-band, the net long or short position for each currency. However, these individual net positions are to be summed within each time-band, irrespective of whether they are long or short positions, to arrive at the gross position figure for the time-band.

              January 2015

            • CA-9.3.4

              A combination of the two methods (referred to under Paragraph CA-9.3.1) is not permitted.

              January 2015

          • CA-9.4 CA-9.4 Maturity Method

            • CA-9.4.1

              A worked example of the maturity method is included in Appendix CA-11. The various time-bands and their risk weights, relevant to the maturity method, are illustrated in Subparagraph CA-9.4.2(a).

              January 2015

            • CA-9.4.2

              The steps in the calculation of the general market risk for interest rate positions, under this method, are set out below:

              (a) Individual long or short positions in interest-rate related instruments, including derivatives, are slotted into a maturity ladder comprising thirteen time-bands (or fifteen time-bands in the case of zero-coupon and deep-discount instruments, defined as those with a coupon of less than 3%), on the following basis:
              (i) Fixed rate instruments are allocated according to their residual term to maturity (irrespective of embedded puts and calls), and whether their coupon is below 3%;
              (ii) Floating rate instruments are allocated according to the residual term to the next repricing date;
              (iii) Positions in derivatives, and all positions in repos, reverse repos and similar products are decomposed into their components within each time band. Derivative instruments are covered in greater detail in Sections CA-9.6 to CA-9.9;
              (iv) Opposite positions of the same amount in the same issues (but not different issues by the same issuer), whether actual or notional, can be omitted from the interest rate maturity framework, as well as closely matched swaps, forwards, futures and FRAs which meet the conditions set out in Section CA-9.8. In other words, these positions are netted within their relevant time-bands; and
              (v) The CBB's advice must be sought on the treatment of instruments that deviate from the above structures, or which may be considered sufficiently complex to warrant the CBB's attention.
              January 2015

            • Maturity Method: Time-Bands and Risk Weights

                Coupon 3% or more Coupon < 3% Risk weight
              Zone 1 1 month or less 1 month or less 0.00%
              1 to 3 months 1 to 3 months 0.20%
              3 to 6 months 3 to 6 months 0.40%
              6 to 12 months 6 to 12 months 0.70%
              Zone 2 1 to 2 years 1 to 1.9 years 1.25%
              2 to 3 years 1.9 to 2.8 years 1.75%
              3 to 4 years 2.8 to 3.6 years 2.25%
              Zone 3 4 to 5 years 3.6 to 4.3 years 2.75%
              5 to 7 years 4.3 to 5.7 years 3.25%
              7 to 10 years 5.7 to 7.3 years 3.75%
              10 to 15 years 7.3 to 9.3 years 4.50%
              15 to 20 years 9.3 to 10.6 years 5.25%
              > 20 years 10.6 to 12 years 6.00%
                12 to 20 years 8.00%
                > 20 years 12.50%
              (b) The market values of the individual long and short net positions in each maturity band are multiplied by the respective risk weighting factors given in Subparagraph CA-9.4.2(a);
              (c) Matching of positions within each maturity band (i.e. vertical matching) is done as follows:
              (i) Where a maturity band has both weighted long and short positions, the extent to which the one offsets the other is called the matched weighted position. The remainder (i.e. the excess of the weighted long positions over the weighted short positions, or vice versa, within a band) is called the unmatched weighted position for that band;
              (d) Matching of positions, across maturity bands, within each zone (i.e. horizontal matching — level 1), is done as follows:
              (i) Where a zone has both unmatched weighted long and short positions for various bands, the extent to which the one offsets the other is called the matched weighted position for that zone. The remainder (i.e. the excess of the weighted long positions over the weighted short positions, or vice versa, within a zone) is called the unmatched weighted position for that zone;
              (e) Matching of positions, across zones (i.e. horizontal matching — level 2), is done as follows:
              (i) The unmatched weighted long or short position in zone 1 may be offset against the unmatched weighted short or long position in zone 2. The extent to which the unmatched weighted positions in zones 1 and 2 are offsetting is described as the matched weighted position between zones 1 and 2;
              (ii) After step (i) above, any residual unmatched weighted long or short position in zone 2 may be matched by offsetting the unmatched weighted short or long position in zone 3. The extent to which the unmatched positions in zones 2 and 3 are offsetting is described as the matched weighted position between zones 2 and 3;

              The calculations in steps (i) and (ii) above may be carried out in reverse order (i.e. zones 2 and 3, followed by zones 1 and 2).
              (iii) After steps (i) and (ii) above, any residual unmatched weighted long or short position in zone 1 may be matched by offsetting the unmatched weighted short or long position in zone 3. The extent to which the unmatched positions in zones 1 and 3 are offsetting is described as the matched weighted position between zones 1 and 3;
              (f) Any residual unmatched weighted positions, following the matching within and between maturity bands and zones as described above, will be summed; and
              (g) The general interest rate risk capital requirement is the sum of:
              (i) Matched weighted positions in all maturity bands x 10%;
              (ii) Matched weighted positions in zone 1 x 40%;
              (iii) Matched weighted positions in zone 2 x 30%;
              (iv) Matched weighted positions in zone 3 x 30%;
              (v) Matched weighted positions between zones 1 & 2 x 40%;
              (vi) Matched weighted positions between zones 2 & 3 x 40%;
              (vii) Matched weighted positions between zones 1 & 3 x 100%; and
              (viii) Residual unmatched weighted positions x 100%.

              Item (i) is referred to as the vertical disallowance, items (ii) through (iv) as the first set of horizontal disallowances, and items (v) through (vii) as the second set of horizontal disallowances.
              January 2015

          • CA-9.5 CA-9.5 Duration Method

            • CA-9.5.1

              The duration method is an alternative approach to measuring the exposure to parallel and non-parallel shifts in the yield curve, and recognises the use of duration as an indicator of the sensitivity of individual positions to changes in market yields. Under this method, conventional bank licensees may use a duration-based system for determining their general interest rate risk capital requirements for traded debt instruments and other sources of interest rate exposures including derivatives. A worked example of the duration method is included in Appendix CA-12. The various time-bands and assumed changes in yield, relevant to the duration method, are illustrated below.

              January 2015

            • Duration Method: Time-Bands and Assumed Changes in Yield

                Time-band Assumed change in yield
              Zone 1 1 month or less 1.00
              1 to 3 months 1.00
              3 to 6 months 1.00
              6 to 12 months 1.00
              Zone 2 1 to 1.9 years 0.90
              1.9 to 2.8 years 0.80
              2.8 to 3.6 years 0.75
              Zone 3 3.6 to 4.3 years 0.75
              4.3 to 5.7 years 0.70
              5.7 to 7.3 years 0.65
              7.3 to 9.3 years 0.60
              9.3 to 10.6 years 0.60
              10.6 to 12 years 0.60
              12 to 20 years 0.60
              > 20 years 0.60
              January 2015

            • CA-9.5.2

              Conventional bank licensees must notify the CBB of the circumstances in which they elect to use this method. Once chosen, the duration method must be consistently applied, in accordance with the requirements of Section CA-9.3.

              January 2015

            • CA-9.5.3

              Where a conventional bank licensee has chosen to use the duration method, it is possible that it will not be suitable for certain instruments. In such cases, the conventional bank licensee must seek the advice of the CBB or obtain approval for application of the maturity method to the specific category(ies) of instruments, in accordance with the provisions of Section CA-9.3.

              January 2015

            • CA-9.5.4

              The steps in the calculation of the general market risk for interest rate positions, under this method, are set out below:

              (a) The conventional bank licensee must determine the Yield-to-Maturity (YTM) for each individual net position in fixed rate and floating rate instruments, based on the current market value. The basis of arriving at individual net positions is explained in Section CA-9.4. The YTM for fixed rate instruments is determined without any regard to whether the instrument is coupon bearing, or whether the instrument has any embedded options. In all cases, YTM for fixed rate instruments is calculated with reference to the final maturity date and, for floating rate instruments, with reference to the next repricing date;
              (b) The conventional bank licensee must calculate, for each debt instrument, the modified duration (M) on the basis of the following formula:

              M = D / (1+r)

              where,

              D (duration) =


              r = YTM % per annum expressed as a decimal
              C = Cash flow at time t
              t = time at which cash flows occur, in years
              m = time to maturity, in years
              (c) Individual net positions, at current market value, are allocated to the time-bands illustrated in Paragraph CA-9.5.1, based on their modified duration;
              (d) The conventional bank licensee must then calculate the modified duration-weighted position for each individual net position by multiplying its current market value by the modified duration and the assumed change in yield;
              (e) Matching of positions within each time band (i.e. vertical matching) is done as follows:
              (i) Where a time band has both weighted long and short positions, the extent to which the one offsets the other is called the matched weighted position. The remainder (i.e. the excess of the weighted long positions over the weighted short positions, or vice versa, within a band) is called the unmatched weighted position for that band;
              (f) Matching of positions, across time bands, within each zone (i.e. horizontal matching - level 1), is done as follows:
              (i) Where a zone has both unmatched weighted long and short positions for various bands, the extent to which the one offsets the other is called the matched weighted position for that zone. The remainder (i.e. the excess of the weighted long positions over the weighted short positions, or vice versa, within a zone) is called the unmatched weighted position for that zone;
              (g) Matching of positions, across zones (i.e. horizontal matching -level 2), is done as follows:
              (i) The unmatched weighted long or short position in zone 1 may be offset against the unmatched weighted short or long position in zone 2. The extent to which the unmatched weighted positions in zones 1 and 2 are offsetting is described as the matched weighted position between zones 1 and 2;
              (ii) After step (i) above, any residual unmatched weighted long or short position in zone 2 may be matched by offsetting the unmatched weighted short or long position in zone 3. The extent to which the unmatched positions in zones 2 and 3 are offsetting is described as the matched weighted position between zones 2 and 3;

              The calculations in steps (i) and (ii) above may be carried out in reverse order (i.e. zones 2 and 3, followed by zones 1 and 2); and
              (iii) After steps (a) and (b) above, any residual unmatched weighted long or short position in zone 1 may be matched by offsetting the unmatched weighted short or long position in zone 3. The extent to which the unmatched positions in zones 1 and 3 are offsetting is described as the matched weighted position between zones 1 and 3;
              (h) Any residual unmatched weighted positions, following the matching within and between maturity bands and zones as described above, will be summed; and
              (i) The general interest rate risk capital requirement is the sum of:
              (i) Matched weighted positions in all maturity bands x 5%;
              (ii) Matched weighted positions in zone 1 x 40%;
              (iii) Matched weighted positions in zone 2 x 30%;
              (iv) Matched weighted positions in zone 3 x 30%;
              (v) Matched weighted positions between zones 1 & 2 x 40%;
              (vi) Matched weighted positions between zones 2 & 3 x 40%;
              (vii) Matched weighted positions between zones 1 & 3 x 100%; and
              (viii) Residual unmatched weighted positions x 100%.

              Item (i) is referred to as the vertical disallowance, items (ii) through (iv) as the first set of horizontal disallowances, and items (v) through (vii) as the second set of horizontal disallowances.
              January 2015

          • CA-9.6 CA-9.6 Derivatives

            • CA-9.6.1

              Conventional bank licensees which propose to use internal models to measure the interest rate risk inherent in derivatives must seek the prior written approval of the CBB for applying those models. The use of internal models to measure market risk, and the CBB's rules applicable to them, are discussed in detail in Chapter CA-14.

              January 2015

            • CA-9.6.2

              Where a conventional bank licensee, with the prior written approval of the CBB, uses an interest rate sensitivity model, the output of that model is used, by the duration method, to calculate the general market risk as described in Section CA-9.5.

              January 2015

            • CA-9.6.3

              Where a conventional bank licensee does not propose to use models, it must use the techniques described in the following Paragraphs, for measuring the market risk on interest rate derivatives. The measurement system must include all interest rate derivatives and off-balance-sheet instruments in the trading book which react to changes in interest rates (e.g. forward rate agreements, other forward contracts, bond futures, interest rate and cross-currency swaps, options and forward foreign exchange contracts). Where a conventional bank licensee has obtained the approval of the CBB for the use of non-interest rate derivatives models, the embedded interest rate exposures must be incorporated in the standardised measurement framework described in Sections CA-9.7 to CA-9.9.

              January 2015

            • CA-9.6.4

              Derivative positions attract specific risk only when they are based on an underlying instrument or security. For instance, where the underlying exposure is an interest rate exposure, as in a swap based upon inter-bank rates, there is no specific risk, but only counterparty risk. A similar treatment applies to FRAs, forward foreign exchange contracts and interest rate futures. However, for a swap based on a bond yield, or a futures contract based on a debt security or an index representing a basket of debt securities, the credit risk of the issuer of the underlying bond generates a specific risk capital requirement. Future cash flows derived from positions in derivatives generate counterparty risk requirements related to the counterparty in the trade, in addition to position risk requirements (specific and general market risk) related to the underlying security.

              January 2015

            • CA-9.6.5

              A summary of the rules for dealing with interest rate derivatives (other than options) is set out in Section CA-9.9. The treatment of options, being a complex issue, is dealt with in detail in Chapter CA-13.

              January 2015

          • CA-9.7 CA-9.7 Calculation of Derivative Positions

            • CA-9.7.1

              The derivatives must be converted to positions in the relevant underlying and become subject to specific and general market risk charges as described in Sections CA-9.2 and CA-9.3, respectively. For the purpose of calculation by the standard formulae, the amounts reported are the market values of the principal amounts of the underlying or of the notional underlying. For instruments where the apparent notional amount differs from the effective notional amount, conventional bank licensees must use the latter.

              January 2015

            • CA-9.7.2

              The remaining Paragraphs in this Section include the guidelines for the calculation of positions in different categories of interest rate derivatives. Conventional bank licensees which need further assistance in the calculation, particularly in relation to complex instruments, should contact the CBB in writing.

              January 2015

            • Forward Foreign Exchange Contracts

              • CA-9.7.3

                A forward foreign exchange position is decomposed into legs representing the paying and receiving currencies. Each of the legs is treated as if it were a zero coupon bond, with zero specific risk, in the relevant currency and included in the measurement framework as follows:

                (a) If the maturity method is used, each leg is included at the notional amount; and
                (b) If the duration method is used, each leg is included at the present value of the notional zero coupon bond.
                January 2015

            • Deposit Futures and FRAs

              • CA-9.7.4

                Deposit futures, forward rate agreements and other instruments where the underlying is a money market exposure is split into two legs as follows:

                (a) The first leg represents the time to expiry of the futures contract, or settlement date of the FRA as the case may be;
                (b) The second leg represents the time to expiry of the underlying instrument;
                (c) Each leg is treated as a zero coupon bond with zero specific risk; and
                (d) For deposit futures, the size of each leg is the notional amount of the underlying money market exposure. For FRAs, the size of each leg is the notional amount of the underlying money market exposure discounted to present value, although in the maturity method, the notional amount may be used without discounting.

                For example, under the maturity method, a single 3-month Euro$ 1,000,000 deposit futures contract expiring in 3 months' time has one leg of $ 1,000,000 representing the 8 months to contract expiry, and another leg of $ 1,000,000 in the 11 months' time-band representing the time to expiry of the deposit underlying the futures contract.

                January 2015

            • Bond Futures and Forward Bond Transactions

              • CA-9.7.5

                Bond futures, forward bond transactions and the forward leg of repos, reverse repos and other similar transactions must apply the two-legged approach. A forward bond transaction is one where the settlement is for a period other than the prevailing norm for the market:

                (a) The first leg is a zero coupon bond with zero specific risk. Its maturity is the time to expiry of the futures or forward contract. Its size is the cash flow on maturity discounted to present value, although in the maturity method, the cash flow on maturity may be used without discounting;
                (b) The second leg is the underlying bond. Its maturity is that of the underlying bond for fixed rate bonds, or the time to the next reset for floating rate bonds. Its size is as set out in (c) and (d) below;
                (c) For forward bond transactions, the underlying bond and amount is used at the present spot price;
                (d) For bond futures, the principal amounts for each of the two legs is reckoned as the futures price times the notional underlying bond amount;
                (e) Where a range of deliverable instruments may be delivered to fulfil a futures contract (at the option of the "short"), then the following rules are used to determine the principal amount, taking account of any conversion factors defined by the exchange:
                (i) The "long" may use one of the deliverable bonds, or the notional bond on which the contract is based, as the underlying instrument, but this notional long leg may not be offset against a short cash position in the same bond; and
                (ii) The "short" may treat the notional underlying bond as if it were one of the deliverable bonds, and it may be offset against a short cash position in the same bond;
                (f) For futures contracts based on a corporate bond index, the positions is included at the market value of the notional underlying portfolio of securities;
                (g) A repo (or sell-buy or stock lending) involving exchange of a security for cash must be represented as a cash borrowing — i.e. a short position in a government bond with maturity equal to the repo and coupon equal to the repo rate. A reverse repo (or buy-sell or stock borrowing) must be represented as a cash loan — i.e. a long position in a government bond with maturity equal to the reverse repo and coupon equal to the repo rate. These positions are referred to as "cash legs"; and
                (h) It should be noted that, where a security owned by the conventional bank licensee (and included in its calculation of market risk) is repo'd, it continues to contribute to the conventional bank licensee's interest rate or equity position risk calculation.
                January 2015

            • Swaps

              • CA-9.7.6

                Swaps are treated as two notional positions in government securities with the relevant maturities:

                (a) Interest rate swaps are decomposed into two legs, and each leg is allocated to the maturity band equating to the time remaining to repricing or maturity. For example, an interest rate swap in which a conventional bank licensee is receiving floating rate interest and paying fixed is treated as a long position in a floating rate instrument of maturity equivalent to the period until the next interest fixing and a short position in a fixed rate instrument of maturity equivalent to the residual life of the swap;
                (b) For swaps that pay or receive a fixed or floating interest rate against some other reference price, e.g. a stock index, the interest rate component must be slotted into the appropriate repricing or maturity category, with the equity component being included in the equity risk measurement framework as described in Chapter CA-10;
                (c) For cross currency swaps, the separate legs are included in the interest rate risk measurement for the currencies concerned, as having a fixed/floating leg in each currency. Alternatively, the two parts of a currency swap transaction are split into forward foreign exchange contracts and treated accordingly;
                (d) Where a swap has a deferred start, and one or both legs have been fixed, then the fixed leg(s) is sub-divided into the time to the commencement of the leg and the actual swap leg with fixed or floating rate. A swap is deemed to have a deferred start when the commencement of the interest rate calculation periods is more than two business days from the transaction date, and one or both legs have been fixed at the time of the commitment. However, when a swap has a deferred start and neither leg has been fixed, there is no interest rate exposure, albeit there is counterparty exposure; and
                (e) Where a swap has a different structure from those discussed above, it may be necessary to adjust the underlying notional principal amount, or the notional maturity of one or both legs of the transaction.
                January 2015

              • CA-9.7.7

                Conventional bank licensees with large swap books may use alternative formulae for these swaps to calculate the positions to be included in the maturity or duration ladder. One method would be to first convert the cash flows required by the swap into their present values. For this purpose, each cash flow must be discounted using the zero coupon yields, and a single net figure for the present value of the cash flows entered into the appropriate time-band using procedures that apply to zero or low coupon (less than 3%) instruments. An alternative method is to calculate the sensitivity of the net present value implied by the change in yield used in the duration method (as set out in Section CA-9.5), and allocate these sensitivities into the appropriate time-bands.

                January 2015

              • CA-9.7.8

                Conventional bank licensees which propose to use the approaches described in Paragraph CA-9.7.7, or any other similar alternative formulae, must obtain the prior written approval of the CBB.

                January 2015

              • CA-9.7.9

                The CBB will consider the following factors before approving any alternative methods for calculating the swap positions:

                (a) Whether the systems proposed to be used are accurate;
                (b) Whether the positions calculated fully reflect the sensitivity of the cash flows to interest rate changes and are entered into the appropriate time-bands; and
                (c) Whether the positions are denominated in the same currency.
                January 2015

          • CA-9.8 CA-9.8 Netting of Derivative Positions

            • Permissible Offsetting of Fully Matched Positions for Both Specific and General Market Risk

              • CA-9.8.1

                Conventional bank licensees may exclude from the interest rate risk calculation, altogether, the long and short positions (both actual and notional) in identical instruments with exactly the same issuer, coupon, currency and maturity. A matched position in a future or a forward and its corresponding underlying may also be fully offset, albeit the leg representing the time to expiry of the future is included in the calculation.

                January 2015

              • CA-9.8.2

                When the future or the forward comprises a range of deliverable instruments, offsetting of positions in the futures or forward contract and its underlying is only permitted in cases where there is a readily identifiable underlying security which is most profitable for the trader with a short position to deliver. The price of this security, sometimes called the "cheapest-to-deliver", and the price of the future or forward contract must, in such cases, move in close alignment. No offsetting is allowed between positions in different currencies. The separate legs of cross-currency swaps or forward foreign exchange contracts are treated as notional positions in the relevant instruments and included in the appropriate calculation for each currency.

                January 2015

            • Permissible Offsetting of Closely Matched Positions for General Market Risk Only

              • CA-9.8.3

                For the purpose of calculation of the general market risk, in addition to the permissible offsetting of fully matched positions as described in Paragraph CA-9.8.1, opposite positions giving rise to interest rate exposure can be offset if they relate to the same underlying instruments, are of the same nominal value and are denominated in the same currency and, in addition, fulfil the following conditions:

                (a) For futures:
                Offsetting positions in the notional or underlying instruments to which the futures contract relates must be for identical products and mature within seven days of each other;
                (b) For swaps and FRAs:
                The reference rate (for floating rate positions) must be identical and the coupons must be within 15 basis points of each other; and
                (c) For swaps, FRAs and forwards:
                The next interest fixing date or, for fixed coupon positions or forwards, the residual maturity must correspond within the following limits:
                •   Less than one month:
                same day;
                •   Between one month and one year:
                within 7 days;
                •   Over one year:
                within 30 days.
                January 2015

          • CA-9.9 CA-9.9 Calculation of Capital Charge for Derivatives

            • CA-9.9.1

              After calculating the derivatives positions, taking account of the permissible offsetting of matched positions, as explained in Section CA-9.8, the capital charges for specific and general market risk for interest rate derivatives are calculated in the same manner as for cash positions, as described earlier in this Chapter.

              January 2015

            • Summary of Treatment of Interest Rate Derivatives

              Instrument Specific risk charge* General market risk charge
              Exchange-traded futures    
              - Government** debt security
              No Yes, as two positions
              - Corporate debt security
              Yes Yes, as two positions
              - Index on interest rates (e.g. LIBOR)
              No Yes, as two positions
              - Index on basket of debt securities
              Yes Yes, as two positions
              OTC forwards    
              - Government** debt security
              No Yes, as two positions
              - Corporate debt security
              Yes Yes, as two positions
              - Index on interest rates
              No Yes, as two positions
              FRAs No Yes, as two positions
              Swaps    
              - Based on inter-bank rates
              No Yes, as two positions
              - Based on Government** bond yields
              No Yes, as two positions
              - Based on corporate bond yields
              Yes Yes, as two positions
              Forward foreign exchange
              No Yes, as one position in each currency
              Options   Either (a) or (b) as below (see chapter CA-13 for a detailed description):
              - Government** debt security
              - Corporate debt security
              - Index on interest rates
              - FRAs, swaps
              No

              Yes

              No

              No
              (a) Carve out together with the associated hedging positions, and use:
              -simplified approach; or
              -scenario analysis; or
              -internal models (see chapter CA-14).
              (b) General market risk charge according to the delta-plus method (gamma and vega should receive separate capital charges).
              * This is the specific risk charge relating to the issuer of the instrument. Under the credit risk rules, there remains a separate capital charge for the counterparty risk.

              ** As defined in Section CA-9.2.
              January 2015

        • CA-10 CA-10 Market Risk — Equity Position Risk — (STA)

          • CA-10.1 CA-10.1 Introduction

            • CA-10.1.1

              This Chapter sets out the minimum capital requirements to cover the risk of holding or taking positions in equities in the conventional bank licensee's trading book.

              January 2015

            • CA-10.1.2

              For the guidance of the conventional bank licensees, and without being exhaustive, the following list includes financial instruments in the trading book, including forward positions, to which equity position risk capital requirements apply:

              (a) Common stocks, whether voting or non-voting;
              (b) Depository receipts (which should be included in the measurement framework in terms of the underlying shares);
              (c) Convertible preference securities (non-convertible preference securities are treated as bonds);
              (d) Convertible debt securities which convert into equity instruments and are, therefore, treated as equities (see Paragraph CA-10.1.3 below);
              (e) Commitments to buy or sell equity securities; and
              (f) Derivatives based on the above instruments.
              January 2015

            • CA-10.1.3

              Convertible debt securities must be treated as equities where:

              (a) The first date at which the conversion may take place is less than three months ahead, or the next such date (where the first date has passed) is less than a year ahead; and
              (b) The convertible is trading at a premium of less than 10%, where the premium is defined as the current marked-to-market value of the convertible less the marked-to-market value of the underlying equity, expressed as a percentage of the latter.

              In other instances, convertibles must be treated as either equity or debt securities, based reasonably on their market behaviour.

              January 2015

            • CA-10.1.4

              For instruments that deviate from the structures described in Paragraphs CA-10.1.2 and CA-10.1.3, or which could be considered complex, each conventional bank licensees must agree on a written policy statement with the CBB about the intended treatment, on a case-by-case basis. In some circumstances, the treatment of an instrument may be uncertain, for example bonds whose coupon payments are linked to equity indices. The position risk of such instruments must be broken down into its components and allocated appropriately between the equity, interest rate and foreign exchange risk categories. Advice must be sought from the CBB in cases of doubt, particularly when a conventional bank licensee is trading an instrument for the first time.

              January 2015

            • CA-10.1.5

              Where equities are part of a forward contract, a future or an option (i.e. a quantity of equities to be received or delivered), any interest rate or foreign currency exposure from the other leg of the contract must be included in the measurement framework as described in Chapters CA-9 and CA-11, respectively.

              January 2015

            • CA-10.1.6

              As with interest rate related instruments, the minimum capital requirement for equities is expressed in terms of two separately calculated charges, one applying to the "specific risk" of holding a long or short position in an individual equity, and the other to the "general market risk" of holding a long or short position in the market as a whole.

              January 2015

            • CA-10.1.7

              Conventional bank licensees must follow the standardised approach to calculate the equity position risk capital requirement, as set out in detail in this Chapter.

              January 2015

          • CA-10.2 CA-10.2 Calculation of Equity Positions

            • CA-10.2.1

              A conventional bank licensee may net long and short positions in the same equity instrument, arising either directly or through derivatives, to generate the individual net position in that instrument. For example, a future in a given equity may be offset against an opposite cash position in the same equity, albeit the interest rate risk arising out of the future must be calculated separately in accordance with the rules set out in Chapter CA-9.

              January 2015

            • CA-10.2.2

              A conventional bank licensee may net long and short positions in one tranche of an equity instrument against another tranche only where the relevant tranches:

              (a) Rank pari passu in all respects; and
              (b) Become fungible within 180 days, and thereafter the equity instruments of one tranche can be delivered in settlement of the other tranche.
              January 2015

            • CA-10.2.3

              Positions in depository receipts may only be netted against positions in the underlying stock if the stock is freely deliverable against the depository receipt. If a conventional bank licensee takes a position in depository receipts against an opposite position in the underlying equity in different markets (i.e. arbitrage), it may offset the position provided that any costs on conversion are fully taken into account. Furthermore, the foreign exchange risk arising out of these positions must be included in the measurement framework as set out in Chapter CA-11.

              January 2015

            • CA-10.2.4

              More detailed guidance on the treatment of equity derivatives is set out in Section CA-10.5.

              January 2015

            • CA-10.2.5

              Equity positions, arising either directly or through derivatives, must be allocated to the country in which each equity is listed. Where an equity is listed in more than one country, the conventional bank licensee must discuss the appropriate country allocation with the CBB.

              January 2015

          • CA-10.3 CA-10.3 Specific Risk Calculation

            • CA-10.3.1

              Specific risk is defined as the conventional bank licensee's gross equity positions (i.e. the sum of all long equity positions and of all short equity positions), and is calculated for each country or equity market. For each national market in which the conventional bank licensee holds equities, it must sum the market values of its individual net positions as determined in accordance with Section CA-10.2, irrespective of whether they are long or short positions, to produce the overall gross equity position for that market.

              January 2015

            • CA-10.3.2

              The capital charge for specific risk is 8%.

              January 2015

          • CA-10.4 CA-10.4 General Risk Calculation

            • CA-10.4.1

              The general market risk is the difference between the sum of the long positions and the sum of the short positions (i.e. the overall net position) in each national equity market. In other words, to calculate the general market risk, the conventional bank licensee must sum the market value of its individual net positions for each national market, as determined in accordance with Section CA-10.2, taking into account whether the positions are long or short.

              January 2015

            • CA-10.4.2

              The general market equity risk measure is 8% of the overall net position in each national market.

              January 2015

          • CA-10.5 CA-10.5 Equity Derivatives

            • CA-10.5.1

              For the purpose of calculating the specific and general market risk by the standardised approach, equity derivative positions must be converted into notional underlying equity positions, whether long or short. All equity derivatives and off-balance-sheet positions which are affected by changes in equity prices must be included in the measurement framework. This includes futures and swaps on both individual equities and on stock indices.

              January 2015

            • CA-10.5.2

              The following guidelines apply to the calculation of positions in different categories of equity derivatives. Conventional bank licensees which need further assistance in the calculation, particularly in relation to complex instruments, must contact the CBB:

              (a) Futures and forward contracts relating to individual equities must be included in the calculation at current market prices;
              (b) Futures relating to stock indices must be included in the calculation, at the marked-to-market value of the notional underlying equity portfolio, i.e. as a single position based on the sum of the current market values of the underlying instruments;
              (c) Equity swaps are treated as two notional positions. For example, an equity swap in which a conventional bank licensee is receiving an amount based on the change in value of one particular equity or stock index, and paying a different index is treated as a long position in the former and a short position in the latter. Where one of the swap legs involves receiving/paying a fixed or floating interest rate, that exposure must be slotted into the appropriate time-band for interest rate related instruments as set out in Chapter CA-9. The stock index leg must be covered by the equity treatment as set out in this Chapter; and
              (d) Equity options and stock index options are either "carved out" together with the associated underlying instruments, or are incorporated in the general market risk measurement framework, described in this Chapter, based on the delta-plus method. The treatment of options, being a complex issue, is dealt with in detail in Chapter CA-13.
              January 2015

            • CA-10.5.3

              A summary of the treatment of equity derivatives is set out in Paragraph CA-10.5.8.

              January 2015

            • Specific Risk on Positions in Equity Indices

              • CA-10.5.4

                Positions in highly liquid equity indices whether they arise directly or through derivatives, attract a 2% capital charge in addition to the general market risk, to cover factors such as execution risk.

                January 2015

              • CA-10.5.5

                For positions in equity indices not regarded as highly liquid, the specific risk capital charge is the highest specific risk charge that would apply to any of its components, as set out in Section CA-10.3.

                January 2015

              • CA-10.5.6

                In the case of the futures-related arbitrage strategies set out below, the specific risk capital charge described above may be applied to only one index with the opposite position exempt from a specific risk capital charge. The strategies are as follows:

                (a) Where a conventional bank licensee takes an opposite position in exactly the same index, at different dates or in different market centres; and
                (b) Where a conventional bank licensee takes opposite positions in contracts at the same date in different but similar indices, provided the two indices contain at least 90% common components.
                January 2015

              • CA-10.5.7

                Where a conventional bank licensee engages in a deliberate arbitrage strategy, in which a futures contract on a broad-based index matches a basket of stocks, it is allowed to carve out both positions from the standardised methodology on the following conditions:

                (a) The trade has been deliberately entered into, and separately controlled; and
                (b) The composition of the basket of stocks represents at least 90% of the index when broken down into its notional components.

                In such a case, the minimum capital requirement is limited to 4% (i.e. 2% of the gross value of the positions on each side) to reflect divergence and execution risks. This applies even if all of the stocks comprising the index are held in identical proportions. Any excess value of the stocks comprising the basket over the value of the futures contract or vice versa is treated as an open long or short position.

                January 2015

            • Counterparty Risk

              • CA-10.5.8

                Derivative positions may also generate counterparty risk exposure related to the counterparty in the trade, in addition to position risk requirements (specific and general) related to the underlying instrument, e.g. counterparty risk related to OTC trades through margin payments, fees payable or settlement exposures. The credit risk capital requirements apply to such counterparty risk exposure.

                January 2015

            • Summary of Treatment of Equity Derivatives

              Instrument Specific risk charge* General market risk charge
              Exchange-traded or OTC futures    
              - Individual equity Yes Yes, as underlying
              - Index Yes
              (see CA-10.5)
              Yes, as underlying
              Options    
              - Individual equity

              - Index
              Yes

              Yes
              Either (a) or (b) as below (Chapter CA-13 for a detailed description):
              (a) Carve out together with the associated hedging positions, and use:
              - simplified approach; or
              - scenario analysis; or
              - internal models (Chapter CA-15).
              (b) General market risk charge according to the delta-plus method (gamma and vega should receive separate capital charges).
              * This is the specific risk charge relating to the issuer of the instrument. Under the credit risk rules, there remains a separate capital charge for the counterparty risk.
              January 2015

        • CA-11 CA-11 Market Risk — Foreign Exchange Risk — (STA)

          • CA-11.1 CA-11.1 Introduction

            • CA-11.1.1

              A conventional bank licensee which holds net open positions (whether long or short) in foreign currencies is exposed to the risk that exchange rates may move against it. The open positions may be either trading positions or, simply, exposures caused by the conventional bank licensee's overall assets and liabilities.

              January 2015

            • CA-11.1.2

              This Chapter describes the standardised method for calculation of the conventional bank licensee's foreign exchange risk, and the capital required against that risk. The measurement of the foreign exchange risk involves, as a first step, the calculation of the net open position in each individual currency including gold48 and, as a second step, the measurement of the risks inherent in the conventional bank licensee's mix of long and short positions in different currencies.


              48 Positions in gold must be treated as if they were foreign currency positions, rather than as commodity positions, because the volatility of gold is more in line with that of foreign currencies and most banks manage it in similar manner to foreign currencies.

              January 2015

            • CA-11.1.3

              The open positions and the capital requirements are calculated with reference to the entire business, i.e. the banking and trading books combined.

              January 2015

            • CA-11.1.4

              The open positions are calculated with reference to the conventional bank licensee's base currency, which will be either BD or US$.

              January 2015

            • CA-11.1.5

              Conventional bank licensees which have the intention and capability to use internal models for the measurement of their foreign exchange risk and, hence, for the calculation of the capital requirement, must obtain the prior written approval of the CBB for those models. The CBB's detailed rules for the recognition and use of internal models are included in chapter CA-14. Conventional bank licensees which do not use internal models must follow the standardised approach, as set out in detail in this Chapter.

              January 2015

            • CA-11.1.6

              In addition to foreign exchange risk, positions in foreign currencies may be subject to interest rate risk and credit risk which must be treated separately.

              January 2015

            • CA-11.1.7

              For the purposes of calculating "Foreign Exchange Risk" only, positions in those GCC currencies which are pegged to US$, are treated as positions in US$.

              January 2015

          • CA-11.2 CA-11.2 De Minimis Exemptions

            • CA-11.2.1

              A conventional bank licensee doing negligible business in foreign currencies and which does not take foreign exchange positions for its own account may, at the discretion of the CBB evidenced by the CBB's prior written approval, be exempted from calculating the capital requirements on these positions.

              January 2015

            • CA-11.2.1A

              The CBB is likely to be guided by the following criteria in deciding to grant exemption to any conventional bank licensee under Paragraph CA-11.2.1:

              (a) The conventional bank licensee's holdings or taking of positions in foreign currencies, including gold, defined as the greater of the sum of the gross long positions and the sum of the gross short positions in all foreign currencies and gold, does not exceed 100% of its Total Capital; and
              (b) The conventional bank licensee's overall net open position, as defined in Paragraph CA-11.3.1, does not exceed 2% of its Total Capital as defined in Chapter CA-2.
              January 2015

            • CA-11.2.2

              The criteria listed in Paragraph CA-11.2.1A are only intended to be guidelines, and a conventional bank licensee will not automatically qualify for exemptions upon meeting them. The CBB may also, in its discretion, fix a minimum capital requirement for a conventional bank licensee which is exempted from calculating its foreign exchange risk capital requirement, to cover the risks inherent in its foreign currency business.

              January 2015

            • CA-11.2.3

              The CBB may, at a future date, revoke an exemption previously granted to a conventional bank licensee, if the CBB is convinced that the conditions on which the exemption was granted no longer exist.

              January 2015

          • CA-11.3 CA-11.3 Calculation of Net Open Positions

            • CA-11.3.1

              A conventional bank licensee's exposure to foreign exchange risk in any currency is its net open position in that currency, which is calculated by summing the following items:

              (a) The net spot position in the currency (i.e. all asset items less all liability items, including accrued interest, other income and expenses, denominated in the currency in question, assets are included gross of provisions for bad and doubtful debts, except in cases where the provisions are maintained in the same currency as the underlying assets);
              (b) The net forward position in the currency (i.e. all amounts to be received less all amounts to be paid under forward foreign exchange contracts, in the concerned currency, including currency futures and the principal on currency swaps not included in the spot position);
              (c) Guarantees and similar off-balance-sheet contingent items that are certain to be called and are likely to be irrecoverable where the provisions, if any, are not maintained in the same currency;
              (d) Net future income/expenses not yet accrued but already fully hedged by forward foreign exchange contracts may be included provided that such anticipatory hedging is part of the conventional bank licensee's formal written policy and the items are included on a consistent basis;
              (e) Profits (i.e. the net value of income and expense accounts) held in the currency in question;
              (f) Specific provisions held in the currency in question where the underlying asset is in a different currency, net of assets held in the currency in question where a specific provision is held in a different currency; and
              (g) The net delta-based equivalent of the total book of foreign currency options (subject to a separately calculated capital charge for gamma and vega as described in Chapter CA-13, alternatively, options and their associated underlying positions are dealt with by one of the other methods described in Chapter CA-13).
              January 2015

            • CA-11.3.2

              All assets and liabilities, as described in Paragraph CA-11.3.1, must be included at closing mid-market spot exchange rates. Marked-to-market items must be included on the basis of the current market value of the positions. However, conventional bank licensees which base their normal management accounting on net present values must use the net present values of each position, discounted using current interest rates and valued at current spot rates, for measuring their forward currency and gold positions.

              January 2015

            • CA-11.3.3

              Net positions in composite currencies, such as the SDR, may either be broken down into the component currencies according to the quotas in force and included in the net open position calculations for the individual currencies, or treated as a separate currency. In any case, the mechanism for treating composite currencies must be consistently applied.

              January 2015

            • CA-11.3.4

              For calculating the net open position in gold, the conventional bank licensee must first express the net position (spot plus forward) in terms of the standard unit of measurement (i.e. ounces or grams) and, then, convert it at the current spot rate into the base currency.

              January 2015

            • CA-11.3.5

              Forward currency and gold positions must be valued at current spot market exchange rates. Applying forward exchange rates is inappropriate as it will result in the measured positions reflecting current interest rate differentials, to some extent.

              January 2015

            • CA-11.3.6

              Where gold is part of a forward contract (i.e. quantity of gold to be received or to be delivered), any interest rate or foreign currency exposure from the other leg of the contract must be reported as set out in Chapter CA-9 or Section CA-11.1, respectively.

              January 2015

            • Structural Positions

              • CA-11.3.7

                Positions of a structural, i.e. non-dealing, nature as set out below, may be excluded from the calculation of the net open currency positions:

                (a) Positions are taken deliberately in order to hedge, partially or totally, against the adverse effects of exchange rate movements on the conventional bank licensee's CAR;
                (b) Positions related to items that are deducted from the conventional bank licensee's capital when calculating its capital base in accordance with the rules and guidelines in this Module, such as investments in non-consolidated subsidiaries; and
                (c) Retained profits held for payout to parent.
                January 2015

              • CA-11.3.7A

                The CBB will consider approving the exclusion of the above positions for the purpose of calculating the capital requirement, only if the following conditions are met:

                (a) The conventional bank licensee provides adequate documentary evidence to the CBB which establishes the fact that the positions proposed to be excluded are, indeed, of a structural, i.e. non-dealing, nature and are merely intended to protect the conventional bank licensee's CAR. For this purpose, the CBB may ask for written representations from the conventional bank licensee's management or directors; and
                (b) Any exclusion of a position is consistently applied, with the treatment of the hedge remaining the same for the life of the associated assets or other items.
                January 2015

            • Derivatives

              • CA-11.3.8

                A currency swap is treated as a combination of a long position in one currency and a short position in the second currency.

                January 2015

              • CA-11.3.9

                There are a number of alternative approaches to the calculation of the foreign exchange risk in options. As stated in Section CA-11.1, with the CBB's prior written approval, a conventional bank licensee may choose to use internal models to measure the options risk. Extra capital charges will apply to those option risks that the conventional bank licensee's internal model does not capture. The standardised framework for the calculation of options risks and the resultant capital charges is described, in detail, in Chapter CA-13. Where, as explained in Paragraph CA-11.3.1, the option delta value is incorporated in the net open position, the capital charges for the other option risks are calculated separately.

                January 2015

          • CA-11.4 CA-11.4 Calculation of the Overall Net Open Positions

            • CA-11.4.1

              The net long or short position in each currency is converted, at the spot rate, into the reporting currency. The overall net open position is measured by aggregating the following:

              (a) The sum of the net short positions or the sum of the net long positions, whichever is greater; plus
              (b) The net position (short or long) in gold, regardless of sign.
              January 2015

            • CA-11.4.2

              Where the conventional bank licensee is assessing its foreign exchange risk on a consolidated basis, it may be technically impractical in the case of some marginal operations to include the currency positions of a foreign branch or subsidiary of the conventional bank licensee. In such cases, the internal limit for that branch/subsidiary, in each currency, may be used as a proxy for the positions. The branch/subsidiary limits must be added, without regard to sign, to the net open position in each currency involved. When this simplified approach to the treatment of currencies with marginal operations is adopted, the conventional bank licensee must adequately monitor the actual positions of the branch/subsidiary against the limits, and revise the limits, if necessary, based on the results of the ex-post monitoring.

              January 2015

          • CA-11.5 CA-11.5 Calculation of the Capital Charge

            • CA-11.5.1

              The capital charge is 8% of the overall net open position.

              January 2015

            • CA-11.5.2

              The table below illustrates the calculation of the overall net open position and the capital charge:

              January 2015

            • Example of the Calculation of the Foreign Exchange Overall Net Open Position and the Capital Charge

              • CA-11.5.3

                GBP EURO CA$ US$ JPY Gold
                +100 +150 +50 -180 -20 -20
                +300 -200 20
                The capital charge is 8% of the higher of either the sum of the net long currency positions or the sum of the net short positions (i.e. 300) and of the net position in gold (i.e. 20) = 320 x 8% = 25.6
                January 2015

        • CA-12 CA-12 Market Risk — Commodities Risk — (STA)

          • CA-12.1 CA-12.1 Introduction

            • CA-12.1.1

              This Chapter sets out the minimum capital requirements to cover the risk of holding or taking positions in commodities, including precious metals, but excluding gold (which is treated as a foreign currency according to the methodology explained in Chapter CA-11).

              January 2015

            • CA-12.1.2

              The commodities position risk and the capital charges are calculated with reference to the entire business of a conventional bank licensee, i.e., the banking and trading books combined.

              January 2015

            • CA-12.1.3

              The price risk in commodities is often more complex and volatile than that associated with currencies and interest rates. Commodity markets may also be less liquid than those for interest rates and currencies and, as a result, changes in supply and demand can have a more dramatic effect on price and volatility. Conventional bank licensees need also to guard against the risk that arises when a short position falls due before the long position. Owing to a shortage of liquidity in some markets, it might be difficult to close the short position and the conventional bank licensee might be "squeezed by the market". All these market characteristics, of commodities, can make price transparency and the effective hedging of risks more difficult.

              January 2015

            • CA-12.1.4

              For spot or physical trading, the directional risk arising from a change in the spot price is the most important risk. However, conventional bank licensees applying portfolio strategies involving forward and derivative contracts are exposed to a variety of additional risks, which may well be larger than the risk of a change in spot prices (directional risk). These include:

              (a) 'Basis risk', i.e., the risk that the relationship between the prices of similar commodities alters through time;
              (b) 'Interest rate risk', i.e., the risk of a change in the cost of carry for forward positions and options; and
              (c) 'Forward gap risk', i.e., the risk that the forward price may change for reasons other than a change in interest rates.
              January 2015

            • CA-12.1.5

              The capital charges for commodities risk envisaged by the rules within this Chapter are intended to cover the risks identified in Paragraph CA-12.1.4. In addition, however, conventional bank licensees face credit counterparty risk on over-the-counter derivatives, which must be incorporated into their credit risk capital requirements. Furthermore, the funding of commodities positions may well open a conventional bank licensee to interest rate or foreign exchange risk which is captured within the measurement framework set out in Chapters CA-9 and CA-11, respectively.49


              49 Where a commodity is part of a forward contract (i.e.. a quantity of commodity to be received or to be delivered), any interest rate or foreign exchange risk from the other leg of the contract must be captured, within the measurement framework set out in Chapters CA-9 and CA-11, respectively. However, positions which are purely of a stock financing nature (i.e., a physical stock has been sold forward and the cost of funding has been locked in until the date of the forward sale) may be omitted from the commodities risk-calculation although they will be subject to the interest rate and counterparty risk capital requirements.

              January 2015

            • CA-12.1.6

              Conventional bank licensees which have the intention and capability to use internal models for the measurement of their commodities risks and, hence, for the calculation of the capital requirement, must seek the prior written approval of the CBB for those models. The CBB's detailed rules for the recognition and use of internal models are included in Chapter CA-14. It is essential that the internal models methodology captures the directional risk, forward gap and interest rate risks, and the basis risk which are defined in Paragraph CA-12.1.4. It is also particularly important that models take proper account of market characteristics, notably the delivery dates and the scope provided to traders to close out positions.

              January 2015

            • CA-12.1.7

              Conventional bank licensees which do not propose to use internal models must adopt either the maturity ladder approach or the simplified approach to calculate their commodities risk and the resultant capital charges. Both these approaches are described in Sections CA-12.3 and CA-12.4, respectively.

              January 2015

          • CA-12.2 CA-12.2 Calculation of Commodities Positions

            • Netting

              • CA-12.2.1

                Conventional bank licensees must first express each commodity position (spot plus forward) in terms of the standard unit of measurement (i.e., barrels, kilograms, grams etc.). Long and short positions in a commodity are reported on a net basis for the purpose of calculating the net open position in that commodity. For markets which have daily delivery dates, any contracts maturing within ten days of one another may be offset. The net position in each commodity is then converted, at spot rates, into the conventional bank licensee's reporting currency.

                January 2015

              • CA-12.2.2

                Positions in different commodities cannot be offset for the purpose of calculating the open positions as described in Paragraph CA-12.2.1 above. However, where two or more sub-categories50 of the same category are, in effect, deliverable against each other, netting between those sub-categories is permitted. Furthermore, if two or more sub-categories of the same category are considered as close substitutes for each other, and minimum correlation of 0.9 between their price movements is clearly established over a minimum period of one year, the conventional bank licensee may, with the prior written approval of the CBB, net positions in those sub-categories. Conventional bank licensees which wish to net positions based on correlations, in the manner discussed above, must satisfy the CBB of the accuracy of the method which it proposes to adopt.


                50 Commodities can be grouped into clans, families, sub-groups and individual commodities. For example, a clan might be Energy Commodities, within which Hydro-Carbons is a family with Crude Oil being a sub-group and West Texas Intermediate, Arabian Light and Brent being individual commodities.

                January 2015

            • Derivatives

              • CA-12.2.3

                All commodity derivatives and off-balance-sheet positions which are affected by changes in commodity prices must be included in the measurement framework for commodities risks. This includes commodity futures, commodity swaps, and options where the "delta plus" method is used51. In order to calculate the risks, commodity derivatives are converted into notional commodities positions and assigned to maturities as follows:

                (a) Futures and forward contracts relating to individual commodities must be incorporated in the measurement framework as notional amounts of barrels, kilograms etc., and must be assigned a maturity with reference to their expiry date;
                (b) Commodity swaps where one leg is a fixed price and the other one is the current market price, must be incorporated as a series of positions equal to the notional amount of the contract, with one position corresponding to each payment on the swap and slotted into the maturity time-bands accordingly. The positions would be long positions if the conventional bank licensee is paying fixed and receiving floating, and short positions if vice versa. (If one of the legs involves receiving/paying a fixed or floating interest rate, that exposure must be slotted into the appropriate repricing maturity band for the calculation of the interest rate risk, as described in Chapter CA-9); and
                (c) Commodity swaps where the legs are in different commodities must be incorporated in the measurement framework of the respective commodities separately, without any offsetting. Offsetting will only be permitted if the conditions set out in Paragraphs CA-12.2.1 and CA-12.2.2 are met.

                51 For banks applying other approaches to measure options risks, all Options and the associated underlying instruments must be excluded from both the maturity ladder approach and the simplified approach. The treatment of options is described, in detail, in Chapter CA-13.

                January 2015

          • CA-12.3 CA-12.3 Maturity Ladder Approach

            • CA-12.3.1

              A worked example of the maturity ladder approach is set out in Appendix CA-13 and the table in Paragraph CA-12.3.2 illustrates the maturity time-bands of the maturity ladder for each commodity.

              January 2015

            • CA-12.3.2

              The steps in the calculation of the commodities risk by the maturity ladder approach are:

              (a) The net positions in individual commodities, expressed in terms of the standard unit of measurement, are first slotted into the maturity ladder. Physical stocks are allocated to the first time-band. A separate maturity ladder is used for each commodity as defined in Section CA-12.2 earlier in this Chapter. The net positions in commodities are calculated as explained in Section CA-12.2;
              (b) Long and short positions in each time-band are matched. The sum of the matched long and short positions is multiplied first by the spot price of the commodity, and then by a spread rate of 1.5% for each time-band as set out in the table below. This represents the capital charge in order to capture forward gap and interest rate risk within a time-band (which, together, are sometimes referred to as curvature/spread risk);

              Time-bands52
              0 – 1 months
              1 – 3 months
              3 – 6 months

              6 – 12 months
              1 – 2 years
              2 – 3 years
              over 3 years
              (c) The residual (unmatched) net positions from nearer time-bands are then carried forward to offset opposite positions (i.e. long against short, and vice versa) in time-bands that are further out. However, a surcharge of 0.6% of the net position carried forward is added in respect of each time-band that the net position is carried forward, to recognise that such hedging of positions between different time-bands is imprecise. The surcharge is in addition to the capital charge for each matched amount created by carrying net positions forward, and is calculated as explained in step (b) above; and
              (d) At the end of step (c) above, there will be either only long or only short positions, to which a capital charge of 15% applies. The CBB recognises that there are differences in volatility between different commodities, but has, nevertheless, decided that one uniform capital charge for open positions in all commodities apply in the interest of simplicity of the measurement, and given the fact that conventional bank licensees normally run rather small open positions in commodities. Conventional bank licensees must submit, in writing, details of their commodities business, to enable the CBB to evaluate whether the models approach should be adopted by the conventional bank licensee, to capture the market risk on this business.

              52 For instruments, the maturity of which is on the boundary of two maturity time-bands, the instrument must be placed into the earlier maturity band. For example, instruments with a maturity of exactly one year are placed into the 6 to 12 months time-band.

              January 2015

          • CA-12.4 CA-12.4 Simplified Approach

            • CA-12.4.1

              By the simplified approach, the capital charge of 15% of the net position, long or short, in each commodity is applied to capture directional risk. Net positions in commodities are calculated as explained in Section CA-12.2.

              January 2015

            • CA-12.4.2

              An additional capital charge equivalent to 3% of the conventional bank licensee's gross positions, long plus short, in each commodity is applied to protect the conventional bank licensee against basis risk, interest rate risk and forward gap risk. In valuing the gross positions in commodity derivatives for this purpose, conventional bank licensees must use the current spot price.

              January 2015

        • CA-13 CA-13 Market Risk — Treatment of Options — (STA)

          • CA-13.1 CA-13.1 Introduction

            • CA-13.1.1

              It is recognised that the measurement of the price risk of options is inherently a difficult task, which is further complicated by the wide diversity of conventional bank licensees' activities in options. The CBB has decided that the following approaches must be adopted to the measurement of options risks:

              (a) Conventional bank licensees which solely use purchased options are permitted to use the simplified (carve-out) approach described later in this Chapter; and
              (b) Conventional bank licensees which also write options must use either the delta-plus (buffer) approach or the scenario approach, or alternatively use a comprehensive risk management model. The CBB's detailed rules for the recognition and use of internal models are included in Chapter CA-14.
              January 2015

            • CA-13.1.2

              The scenario approach and the internal models approach are generally regarded as more satisfactory for managing and measuring options risk, as they assess risk over a range of outcomes rather than focusing on the point estimate of the 'Greek' risk parameters as in the delta-plus approach. The more significant the level and/or complexity of the conventional bank licensee's options trading activities, the more the conventional bank licensee will be expected to use a sophisticated approach to the measurement of options risks. The CBB will monitor the conventional bank licensees' options trading activities, and the adequacy of the risk measurement framework adopted.

              January 2015

            • CA-13.1.3

              Where written option positions are hedged by perfectly matched long positions in exactly the same options, no capital charge for market risk is required in respect of those matched positions.

              January 2015

          • CA-13.2 CA-13.2 Simplified Approach (Carve-Out)

            • CA-13.2.1

              In the simplified approach, positions for the options and the associated underlying (hedges), cash or forward, are entirely omitted from the calculation of capital charges by the standardised methodology and are, instead, "carved out" and subject to separately calculated capital charges that incorporate both general market risk and specific risk. The capital charges thus generated are then added to the capital charges for the relevant risk category, i.e., interest rate related instruments, equities, foreign exchange and commodities as described in Chapters CA-9, CA-10, CA-11 and CA-12 respectively.

              January 2015

            • CA-13.2.2

              The capital charges for the carved out positions are as set out in the table below. As an example of how the calculation would work, if a conventional bank licensee holds 100 shares currently valued at $ 10 each, and also holds an equivalent put option with a strike price of $11, the capital charge would be as follows:
              [$ 1,000 x 16%53] minus [($ 11 – $ 10)54 x 100] = $ 60

              A similar methodology applies to options whose underlying is a foreign currency, an interest rate related instrument or a commodity.


              53 8% specific risk plus 8% general market risk.

              54 The amount the option is "in the money".

              January 2015

            • Simplified Approach: Capital Charges

              Position Treatment
              Long cash and long put

              or


              Short cash and long call (i.e., hedged positions)
              The capital charge is:

              [Market value of underlying instrument55 x Sum of specific and general market risk charges56 for the underlying] minus [Amount, if any, the option is in the money57]

              The capital charge calculated as above is bounded at zero, i.e., it cannot be a negative number.
              Long call

              or


              Long put
              (i.e., naked option positions)
              The capital charge is the lesser of:
              i) Market value of the underlying instrument x Sum of specific and general market risk charges for the underlying; and
              ii) Market value of the option58.

              55 In some cases such as foreign exchange, it may be unclear which side is the "underlying instrument"; this must be taken to be the asset which would be received if the option were exercised. In addition, the nominal value must be used for items where the market value of the underlying instrument could be zero, e.g., caps and floors, swaptions etc.

              56 Some options (e.g., where the underlying is an interest rate, a currency or a commodity) bear no specific risk, but specific risk is present in the case of options on certain interest rate related instruments (e.g., options on a corporate debt security or a corporate bond index — see Chapter CA-9 for the relevant capital charges), and in the case of options on equities and stock indices (see Chapter CA-10 for the relevant capital charges). The capital charge for currency options is 8% and for options on commodities is 15%.

              57 For options with a residual maturity of more than six months, the strike price must be compared with the forward, not the current, price. A bank unable to do this must take the "in the money" amount to be zero.

              58 Where the position does not fall within the trading book options on certain foreign exchange and commodities positions not belonging to the trading book), it is acceptable to use the book value instead of the market value.

              January 2015

          • CA-13.3 CA-13.3 Delta-Plus Method (Buffer Approach)

            • CA-13.3.1

              Conventional bank licensees which write options are allowed to include delta-weighted option positions within the standardised methodology set out in Chapters CA-9 through CA-12. Each option must be reported as a position equal to the market value of the underlying multiplied by the delta. The delta must be calculated by an adequate model with appropriate documentation of the process and controls, to enable the CBB to review such models, if considered necessary. A worked example of the delta-plus method is set out in Appendix CA-14.

              January 2015

            • CA-13.3.2

              Since delta does not sufficiently cover the risks associated with options positions, there will be additional capital buffers to cover gamma (which measures the rate of change of delta) and vega (which measures the sensitivity of the value of an option with respect to a change in volatility), in order to calculate the total capital charge. The gamma and vega buffers must be calculated by an adequate exchange model or the conventional bank licensee's proprietary options pricing model, with appropriate documentation of the process and controls, to enable the CBB to review such models, if considered necessary.

              January 2015

            • Treatment of Delta

              • CA-13.3.3

                The treatment of the delta-weighted positions, for the calculation of the capital charges arising from delta risk, is summarised in Paragraphs CA-13.3.4 to CA-13.3.9.

                January 2015

            • Where the Underlying is a Debt Security or an Interest Rate

              • CA-13.3.4

                The delta-weighted option positions are slotted into the interest rate time-bands as set out in Chapter CA-9. A two-legged approach must be used as for other derivatives, as explained in Chapter CA-9, requiring one entry at the time the underlying contract takes effect and a second at the time the underlying contract matures. A few examples to elucidate the two-legged treatment are set out below:

                (a) A bought call option on a June three-month interest rate future will, in April, be considered, on the basis of its delta-equivalent value, to be a long position with a maturity of five months and a short position with a maturity of two months;
                (b) A written option with the same underlying as in (a) above, will be included in the measurement framework as a long position with a maturity of two months and a short position with a maturity of five months; and
                (c) A two months call option on a bond future where delivery of the bond takes place in September will be considered in April, as being long the bond and short a five months deposit, both positions being delta-weighted.
                January 2015

              • CA-13.3.5

                Floating rate instruments with caps or floors are treated as a combination of floating rate securities and a series of European-style options. For example, the holder of a three-year floating rate bond indexed to six-month LIBOR with a cap of 10% must treat it as:

                (a) A debt security that reprices in six months; and
                (b) A series of five written call options on an FRA with a reference rate of 10%, each with a negative sign at the time the underlying FRA takes effect and a positive sign at the time the underlying FRA matures.
                January 2015

              • CA-13.3.6

                The rules applying to closely matched positions, set out in Paragraph CA-9.8.2, also apply in this respect.

                January 2015

            • Where the Underlying is an Equity Instrument

              • CA-13.3.7

                The delta-weighted positions are incorporated in the measure of market risk described in Chapter CA-10. For purposes of this calculation, each national market is treated as a separate underlying.

                January 2015

            • Options on Foreign Exchange and Gold Positions

              • CA-13.3.8

                The net delta-based equivalent of the foreign currency and gold options are incorporated in the measurement of the exposure for the respective currency or gold position, as described in Chapter CA-11.

                January 2015

            • Options on Commodities

              • CA-13.3.9

                The delta-weighted positions are incorporated in the measurement of the commodities risk by the simplified approach or the maturity ladder approach, as described in Chapter CA-12.

                January 2015

            • Calculation of the Gamma and Vega Buffers

              • CA-13.3.10

                As explained in Paragraph CA-13.3.2, in addition to the above capital charges to cover delta risk, conventional bank licensees are required to calculate additional capital charges to cover the gamma and vega risks. The additional capital charges are calculated as follows:

                Gamma

                (a) For each individual option position (including hedge positions), a gamma impact is calculated according to the following formula derived from the Taylor series expansion:

                Gamma impact = 0.5 x Gamma x VU

                where VU = variation of the underlying of the option, calculated as in (b) below;
                (b) VU is calculated as follows:
                (i) For interest rate options59, where the underlying is a bond, the market value of the underlying is multiplied by the risk weights set out in Section CA-9.4. An equivalent calculation is carried out where the underlying is an interest rate, based on the assumed changes in yield as set out in the table in Section CA-9.5;
                (ii) For options on equities and equity indices, the market value of the underlying is multiplied by 8%;
                (iii) For foreign exchange and gold options, the market value of the underlying is multiplied by 8%; and
                (iv) For commodities options, the market value of the underlying is multiplied by 15%;
                (c) For the purpose of the calculation of the gamma buffer, the following positions are treated as the same underlying:
                (i) For interest rates, each time-band as set out in the table in Section CA-9.4. Positions must be slotted into separate maturity ladders by currency. Conventional bank licensees using the duration method must use the time-bands as set out in the table in Section CA-9.5;
                (ii) For equities and stock indices, each individual national market;
                (iii) For foreign currencies and gold, each currency pair and gold; and
                (iv) For commodities, each individual commodity as defined in Section CA-12.2;
                (d) Each option on the same underlying will have a gamma impact that is either positive or negative. These individual gamma impacts are summed, resulting in a net gamma impact for each underlying that is either positive or negative. Only those net gamma impacts that are negative are included in the capital calculation;
                (e) The total gamma capital charge is the sum of the absolute value of the net negative gamma impacts calculated for each underlying as explained in (d) above;

                Vega

                (f) For volatility risk (vega), conventional bank licensees are required to calculate the capital charges by multiplying the sum of the vegas for all options on the same underlying, as defined above, by a proportional shift in volatility of ±25%; and
                (g) The total vega capital charge is the sum of the absolute value of the individual vega capital charges calculated for each underlying.
                January 2015

                59 For interest rate and equity options, the present set of rules do not attempt to capture specific risk when calculating gamma capital Charges. See Section CA-13.4 for an explanation of the CBB's views on this subject.

              • CA-13.3.11

                The capital charges for delta, gamma and vega risks described in Paragraphs CA-13.3.1 through CA-13.3.10 are in addition to the specific risk capital charges which are determined separately by multiplying the delta-equivalent of each option position by the specific risk weights set out in Chapters CA-9 through CA-12.

                January 2015

              • CA-13.3.12

                To summarise, capital requirements for, say OTC options, applying the delta-plus method are as follows:

                (a) Counterparty risk capital charges (on purchased options only), calculated in accordance with the credit risk rules (see also Appendix CA-2); PLUS
                (b) Specific risk capital charges (calculated as explained in Paragraph CA-13.3.11); PLUS
                (c) Delta risk capital charges (calculated as explained in Paragraphs CA-13.3.3 through CA-13.3.9); PLUS
                (d) Gamma and vega capital buffers (calculated as explained in Paragraph CA-13.3.10).
                January 2015

          • CA-13.4 CA-13.4 Scenario Approach

            • CA-13.4.1

              As stated in Section CA-13.1, conventional bank licensees which have a significant level of options trading activities, or have complex options trading strategies, must use more sophisticated methods for measuring and monitoring the options risks. Conventional bank licensees with the appropriate capability will be permitted, with the prior approval of the CBB, to base the market risk capital charge for options portfolios and associated hedging positions on scenario matrix analysis. Before giving its approval, the CBB will closely review the accuracy of the analysis that is constructed. Furthermore, like in the case of internal models, the conventional bank licensees' use of scenario analysis as part of the standardised methodology will also be subject to external validation, and to those of the qualitative standards listed in Chapter CA-14 which are appropriate given the nature of the business.

              January 2015

            • CA-13.4.2

              The scenario matrix analysis involves specifying a fixed range of changes in the option portfolio's risk factors and calculating changes in the value of the option portfolio at various points along this "grid" or "matrix". For the purpose of calculating the capital charge, the conventional bank licensee must revalue the option portfolio using matrices for simultaneous changes in the option's underlying rate or price and in the volatility of that rate or price. A different matrix is set up for each individual underlying as defined in Section CA-13.3. As an alternative, in respect of interest rate options, conventional bank licensees which are significant traders in such options are permitted to base the calculation on a minimum of six sets of time- bands. When applying this alternative method, not more than three of the time-bands as defined in Chapter CA-9 must be combined into any one set.

              January 2015

            • CA-13.4.3

              The first dimension of the matrix involves a specified range of changes in the option's underlying rate or price. The CBB has set the range, for each risk category, as follows:

              (a) Interest rate related instruments — The range for interest rates is consistent with the assumed changes in yield set out in Section CA-9.5. Those conventional bank licensees applying the alternative method of grouping time-bands into sets, as explained in Paragraph CA-13.4.2, must use, for each set of time-bands, the highest of the assumed changes in yield applicable to the individual time-bands in that group. If, for example, the time-bands 3 to 4 years, 4 to 5 years and 5 to 7 years are combined, the highest assumed change in yield of these three bands would be 0.75 which would be applicable to that set;
              (b) For equity instruments, the range is ±8%;
              (c) For foreign exchange and gold, the range is ±8%; and
              (d) For commodities, the range is ±15%.

              For all risk categories, at least seven observations (including the current observation) must be used to divide the range into equally spaced intervals.

              January 2015

            • CA-13.4.4

              The second dimension of the matrix entails a change in the volatility of the underlying rate or price. A single change in the volatility of the underlying rate or price equal to a shift in volatility of ±25% is applied.

              January 2015

            • CA-13.4.5

              The CBB will closely monitor the need to reset the parameters for the amounts by which the price of the underlying instrument and volatility must be shifted to form the rows and columns of the scenario matrix. The parameters set, as above, only reflect general market risk (see Paragraphs CA-13.4.10 to CA-13.4.12).

              January 2015

            • CA-13.4.6

              After calculating the matrix, each cell contains the net profit or loss of the option and the underlying hedge instrument. The general market risk capital charge for each underlying is then calculated as the largest loss contained in the matrix.

              January 2015

            • CA-13.4.7

              In addition to the capital charge calculated as above, the specific risk capital charge is determined separately by multiplying the delta-equivalent of each option position by the specific risk weights set out in Chapters CA-9 through CA-12.

              January 2015

            • CA-13.4.8

              To summarise, capital requirements for, say OTC options, applying the scenario approach are as follows:

              (a) Counterparty risk capital charges (on purchased options only), calculated in accordance with the credit risk rules (see also Appendix CA-2); PLUS
              (b) Specific risk capital charges (calculated as explained in Paragraph CA-13.4.7); PLUS
              (c) Directional and volatility risk capital charges (i.e., the worst case loss from a given scenario matrix analysis).
              January 2015

            • CA-13.4.9

              Conventional bank licensees doing business in certain classes of complex exotic options (e.g. barrier options involving discontinuities in deltas etc.), or in options at the money that are close to expiry, are required to use either the scenario approach or the internal models approach, both of which can accommodate more detailed revaluation approaches. The CBB expects the concerned conventional bank licensees to work with it closely to produce an agreed method, within the framework of these rules. If a conventional bank licensee uses scenario matrix analysis, it must be able to demonstrate that no substantially larger loss could fall between the nodes.

              January 2015

            • CA-13.4.10

              In drawing up the delta-plus and the scenario approaches, the CBB's present set of rules do not attempt to capture specific risk other than the delta-related elements (which are captured as explained in Paragraphs CA-13.4.7 and CA-13.4.11). The CBB recognises that introduction of those other specific risk elements will make the measurement framework much more complex. On the other hand, the simplifying assumptions used in these rules will result in a relatively conservative treatment of certain options positions.

              January 2015

            • CA-13.4.11

              In addition to the options risks described earlier in this Chapter, the CBB is conscious of the other risks also associated with options, e.g., rho or interest rate risk (the rate of change of the value of the option with respect to the interest rate) and theta (the rate of change of the value of the option with respect to time). While not proposing a measurement system for those risks at present, the CBB expects conventional bank licensees undertaking significant options business, at the very least, to monitor such risks closely. Additionally, conventional bank licensees are permitted to incorporate rho into their capital calculations for interest rate risk, if they wish to do so.

              January 2015

            • CA-13.4.12

              The CBB will closely review the treatment of options for the calculation of market risk capital charges, particularly in the light of the aspects described in Paragraphs CA-13.4.10 and CA-13.4.11.

              January 2015

        • CA-14 CA-14 Market Risk — Use of Internal Models

          • CA-14.1 CA-14.1 Introduction

            • CA-14.1.1

              As stated in Chapter CA-1, as an alternative to the standardised approach to the measurement of market risks (which is described in Chapters CA-9 through CA-13), and subject to the explicit prior approval of the CBB, conventional bank licensees will be allowed to use risk measures derived from their own internal models.

              January 2015

            • CA-14.1.2

              This Chapter describes the seven sets of conditions that should be met before a conventional bank licensee is allowed to-use the internal models approach, namely:

              (a) General criteria regarding the adequacy of the risk management system;
              (b) Qualitative standards for internal oversight of the use of models, notably by senior management;
              (c) Guidelines for specifying an appropriate set of market risk factors (i.e., the market rates and prices that affect the value of a conventional bank licensee's positions);
              (d) Quantitative standards setting out the use of common minimum statistical parameters for measuring risk;
              (e) Guidelines for stress testing;
              (f) Validation procedures for external oversight of the use of models; and
              (g) Rules for conventional bank licensees which use a mixture of the internal models approach and the standardised approach.
              January 2015

            • CA-14.1.3

              The standardised methodology, described in Chapters CA-9 through CA-13, uses a "building-block" approach in which the specific risk and the general market risk arising from debt and equity positions are calculated separately. The focus of most internal models is a conventional bank licensee's general market risk exposure, typically leaving specific risk (i.e., exposures to specific issuers of debt securities and equities) to be measured largely through separate credit risk measurement systems. Conventional bank licensees applying models are subject to separate capital charges for the specific risk not captured by their models, which must be calculated by the standardised methodology.

              January 2015

            • CA-14.1.4

              While the models recognition criteria described in this chapter are primarily intended for comprehensive Value-at-Risk (VaR) models, nevertheless, the same set of criteria will be applied, to the extent that it is appropriate, to other pre-processing or valuation models the output of which is fed into the standardised measurement system, e.g., interest rate sensitivity models (from which the residual positions are fed into the duration ladders) and option pricing models (for the calculation of the delta, gamma and vega sensitivities).

              January 2015

            • CA-14.1.5

              As a number of strict conditions are required to be met before internal models can be recognised by the CBB, including external validation. Conventional bank licensees that are contemplating applying internal models must submit their detailed written proposals for the CBB's approval.

              January 2015

            • CA-14.1.6

              As the model approval process will encompass a review of both the model and its operating environment, it is not the case that a commercially produced model which is recognised for one conventional bank licensee will automatically be recognised for another bank.

              January 2015

          • CA-14.2 CA-14.2 General Criteria

            • CA-14.2.1

              The CBB will give its approval for the use of internal models to measure market risks only if, in addition to the detailed requirements described later in this chapter, it is satisfied that the following general criteria are met:

              (a) That the conventional bank licensee's risk management system is conceptually sound and is implemented with integrity;
              (b) That the conventional bank licensee has, in the CBB's view, sufficient numbers of staff skilled in the use of sophisticated models not only in the trading area but also in the risk control, audit and the back office areas;
              (c) That the conventional bank licensee's models have, in the CBB's judgement, a proven track record of reasonable accuracy in measuring risk. The CBB recognises that the use of internal models is, for most banks in Bahrain, a relatively new development and, therefore, it is difficult to establish a track record of reasonable accuracy. The CBB, therefore, will require a period of initial monitoring and live testing of a conventional bank licensee's internal model before it is used for supervisory capital purposes; and
              (d) That the conventional bank licensee regularly conducts stress tests as outlined in Section CA-14.7 and conducts back-testing as described in Section CA-14.6.
              January 2015

          • CA-14.3 CA-14.3 Qualitative Standards

            • CA-14.3.1

              In order to ensure that conventional bank licensees using models have market risk management systems that are conceptually sound and implemented with integrity, the CBB has set the following qualitative criteria that conventional bank licensees are required to meet before they are permitted to use the models-based approach for calculating capital charge. Apart from influencing the CBB's decision to permit a conventional bank licensee to use internal models, where such permission is granted, the extent to which the conventional bank licensee meets the qualitative criteria will further influence the level at which the CBB will set the multiplication factor for that conventional bank licensee, referred to in Section CA-14.5. Only those conventional bank licensees whose models, in the CBB's judgement, are in full compliance with the qualitative criteria will be eligible for application of the minimum multiplication factor of 3. The qualitative criteria include the following:

              (a) The conventional bank licensee must have an independent risk management unit that is responsible for the design and implementation of the conventional bank licensee's risk management system. The unit must produce and analyse daily reports on the output of the conventional bank licensee's risk measurement model, including an evaluation of the relationship between the measures of risk exposure and the trading limits. This unit must be independent from the business trading units and must report directly to the senior management of the conventional bank licensee;
              (b) The independent risk management unit must conduct a regular back-testing programme, i.e. an ex-post comparison of the risk measure generated by the model against the actual daily changes in portfolio value over longer periods of time, as well as hypothetical changes based on static positions. See CA-14.5.1 (j);
              (c) The unit must also conduct the initial and on-going validation of the internal model. Further guidance on validation of internal models is given in Section CA-14.12;
              (d) The board of directors and senior management of the conventional bank licensee must be actively involved in the risk management process and must regard such process as an essential aspect of the business to which significant resources need to be devoted. In this regard, the daily reports prepared by the independent risk management unit must be reviewed by a level of management with sufficient seniority and authority to enforce both reductions of positions taken by individual traders and reductions in the conventional bank licensee's overall risk exposure;
              (e) The conventional bank licensee's internal model must be closely integrated into the day-to-day risk management process of the conventional bank licensee. Its output must, accordingly, be an integral part of the process of planning, monitoring and controlling the conventional bank licensee's market risk profile;
              (f) The risk measurement system must be used in conjunction with the internal trading and exposure limits. In this regard, the trading limits must be related to the conventional bank licensee's risk measurement model in a manner that is consistent over time and that is well-understood by both traders and senior management;
              (g) A routine and rigorous programme of stress testing, along the general lines set out in Section CA-14.6, must be in place as a supplement to the risk analysis based on the day-to-day output of the conventional bank licensee's s risk measurement model. The results of stress testing must be reviewed periodically by senior management and must be reflected in the policies and limits set by management and the board of directors. Where stress tests reveal particular vulnerability to a given set of circumstances, prompt steps must be taken to manage those risks appropriately (e.g., by hedging against that outcome or reducing the size of the conventional bank licensee's exposures);
              (h) The conventional bank licensee must have a routine in place for ensuring compliance with a documented set of internal policies, controls and procedures concerning the operation of the risk measurement system. The conventional bank licensee's risk measurement system must be well documented, for example, through a risk management manual that describes the basic principles of the risk management system and that provides an explanation of the empirical techniques used to measure market risk; and
              (i) An independent review of the risk measurement system must be carried out regularly in the conventional bank licensee's own internal auditing process. This review must include both the activities of the business trading units and of the independent risk management unit. A review, by the internal auditor, of the overall risk management process must take place at regular intervals (ideally not less than once every six months) and must specifically address, at a minimum:
              (i) The adequacy of the documentation of the risk management system and process;
              (ii) The organisation of the risk management unit;
              (iii) The integration of market risk measures into daily risk management;
              (iv) The approval process for risk pricing models and valuation systems used by front- and back-office personnel;
              (v) The validation of any significant changes in the risk measurement process;
              (vi) The scope of market risks captured by the risk measurement model;
              (vii) The integrity of the management information system;
              (viii) The accuracy and completeness of position data;
              (ix) The verification of the consistency, timeliness and reliability of data sources used to run internal models, including the independence of such data sources;
              (x) The accuracy and appropriateness of volatility and correlation assumptions;
              (xi) The accuracy of valuation and risk transformation calculations; and
              (xii) The verification of the model's accuracy through frequent back-testing as described in (b) above and in Appendix CA-15.
              January 2015

          • CA-14.4 CA-14.4 Specification of Market Risk Factors

            • CA-14.4.1

              An important part of a conventional bank licensee's internal market risk measurement system is the specification of an appropriate set of market risk factors, i.e. the market rates and prices that affect the value of the conventional bank licensee's trading positions. The risk factors contained in a market risk measurement system must be sufficient to capture the risks inherent in the conventional bank licensee's portfolio of on- and off-balance-sheet trading positions. Conventional bank licensees must follow the CBB's guidelines, set out below, for specifying the risk factors for their internal models. Where a conventional bank licensee has difficulty in specifying the risk factors for any currency or market within a risk category, in accordance with the following guidelines, the conventional bank licensee must immediately contact the CBB. The CBB will review and discuss the specific circumstances of each such case with the concerned bank, and will decide alternative methods of calculating the risks which are not captured by the conventional bank licensee's model:

              (a) Factors that are deemed relevant for pricing must be included as risk factors in the value-at-risk model. Where a risk factor is incorporated in a pricing model but not in the value-at-risk model, the conventional bank licensees must justify this omission to the satisfaction of the CBB. In addition, the value-at-risk model must capture nonlinearities for options and other relevant products (e.g. mortgage backed securities, tranched exposures or n-th-to-default credit derivatives), as well as correlation risk and basis risk (e.g. between credit default swaps and bonds). Moreover, the CBB has to be satisfied that proxies are used which show a good track record for the actual position held (i.e. an equity index for a position in an individual stock).
              (b) For interest rates:
              (i) There must be a set of risk factors corresponding to interest rates in each currency in which the conventional bank licensee has interest-rate-sensitive on- or off-balance-sheet positions;
              (ii) The risk measurement system must model the yield curve using one of a number of generally accepted approaches, for example, by estimating forward rates of zero coupon yields. The yield curve must be divided into various maturity segments in order to capture variation in the volatility of rates along the yield curve; there will typically be one risk factor corresponding to each maturity segment. For material exposures to interest rate movements in the major currencies and markets, conventional bank licensees must model the yield curve using a minimum of six factors. However, the number of risk factors used must ultimately be driven by the nature of the conventional bank licensee's trading strategies. For instance, a conventional bank licensee which has a portfolio of various types of securities across many points of the yield curve and which engages in complex arbitrage strategies would require a greater number of risk factors to capture interest rate risk accurately;
              (iii) The risk measurement system must incorporate separate risk factors to capture spread risk (e.g. between bonds and swaps). A variety of approaches may be used to capture the spread risk arising from less than perfectly correlated movements between government and other fixed-income interest rates, such as specifying a completely separate yield curve for non-government fixed-income instruments (for instance, swaps or municipal securities) or estimating the spread over government rates at various points along the yield curve;
              (c) For exchange rates (which includes gold):
              (i) The risk measurement system should incorporate risk factors corresponding to the individual foreign currencies in which the conventional bank licensee's positions are denominated. Since the value-at-risk figure calculated by the risk measurement system will be expressed in the conventional bank licensee's reporting currency, any net position denominated in a currency other than the reporting currency will introduce a foreign exchange risk. Thus, there must be risk factors corresponding to the exchange rate between the reporting currency and each other currency in which the conventional bank licensee has a significant exposure;
              (d) For equity prices:
              (i) There must be risk factors corresponding to each of the equity markets in which the conventional bank licensee holds significant positions;
              (ii) At a minimum, there must be a risk factor that is designed to capture market-wide movements in equity prices (e.g., a market index). Positions in individual securities or in sector indices may be expressed in "beta-equivalents" relative to this market-wide index;
              (iii) A somewhat more detailed approach would be to have risk factors corresponding to various sectors of the overall equity market (for instance, industry sectors or cyclical and non-cyclical sectors). As above, positions in individual stocks within each sector could be expressed in "beta-equivalents" relative to the sector index;
              (iv) The most extensive approach would be to have risk factors corresponding to the volatility of individual equity issues; and
              (v) The sophistication and nature of the modelling technique for a given market must correspond to the conventional bank licensee's exposure to the overall market as well as its concentration in individual equity issues in that market; and
              (e) For commodity prices:
              (i) There must be risk factors corresponding to each of the commodity markets in which the conventional bank licensee holds significant positions (also see Section CA-12.1);
              (ii) For conventional bank licensees with relatively limited positions in commodity-based instruments, a straightforward specification of risk factors is acceptable. Such a specification would likely entail one risk factor for each commodity price to which the conventional bank licensee is exposed. In cases where the aggregate positions are reasonably small, it may be acceptable to use a single risk factor for a relatively broad sub-category of commodities (for instance, a single risk factor for all types of oil). However, conventional bank licensees which propose to use this simplified approach must obtain the prior written approval of the CBB; and
              (iii) For more active trading, the model must also take account of variation in the "convenience yield" between derivatives positions such as forwards and swaps and cash positions in the commodity.
              January 2015

          • CA-14.5 CA-14.5 Quantitative Standards

            • CA-14.5.1

              The following minimum quantitative standards apply for the purpose of calculating the capital charge:

              (a) "Value-at-risk" must be computed on a daily basis;
              (b) In calculating the value-at-risk, a 99th percentile, one-tailed confidence interval must be used;
              (c) In calculating the value-at-risk, an instantaneous price shock equivalent to a 10-day movement in prices must be used, i.e., the minimum "holding period" is ten trading days. Conventional bank licensees may use value-at-risk numbers calculated according to shorter holding periods scaled up to ten days, for example, by the square root of time (for the treatment of options, also see (h) below). A conventional bank licensee using this approach must justify the reasonableness of its approach to the satisfaction of the CBB during the annual model review process performed by the external auditor;
              (d) The minimum historical observation period (sample period) for calculating value-at-risk is one year. For conventional bank licensees which use a weighting scheme or other methods for the historical observation period, the "effective" observation period must be at least one year (i.e., the weighted average time lag of the individual observations cannot be less than 6 months), and the method results in a capital charge at least equivalent to a one year observation period.

              The CBB may, as an exceptional case, require a conventional bank licensee to calculate its value-at-risk applying a shorter observation period if, in the CBB's judgement, this is justified by a significant upsurge in price volatility;
              (e) Conventional bank licensees must update their data sets no less frequently than once every week and must also reassess them whenever market prices are subject to material changes. The updating process must be flexible enough to allow for more frequent updates;
              (f) No particular type of model is prescribed by the CBB. So long as each model used captures all the material risks run by the conventional bank licensee, as set out in Section CA-14.4, conventional bank licensees is free to use models based, for example, on variance-covariance matrices, historical simulations, or Monte Carlo simulations;
              (g) Conventional bank licensees must have discretion to recognise empirical correlations within broad risk categories (i.e., interest rates, exchange rates, equity prices and commodity prices, including related options volatilities in each risk factor category). Conventional bank licensees are not permitted to recognise empirical correlations across broad risk categories without the prior approval of the CBB. Conventional bank licensees may apply, on a case-by-case basis, for empirical correlations across broad risk categories to be recognised by the CBB, subject to its satisfaction with the soundness and integrity of the conventional bank licensee's system for measuring those correlations;
              (h) Conventional bank licensees' models must accurately capture the unique risks associated with options within each of the broad risk categories. The following criteria apply to the measurement of options risk:
              (i) Conventional bank licensees' models must capture the non-linear price characteristics of options positions;
              (ii) Conventional bank licensees must ultimately move towards the application of a full 10-day price shock to options positions or positions that display option-like characteristics. In the interim period, conventional bank licensees may adjust their capital measure for options risk through other methods, e.g., periodic simulations or stress testing;
              (iii) Each conventional bank licensee's risk measurement system must have a set of risk factors that captures the volatilities of the rates and prices underlying the option positions, i.e., vega risk. Conventional bank licensees with relatively large and/or complex options portfolios must have detailed specifications of the relevant volatilities. This means that conventional bank licensees must measure the volatilities of options positions broken down by different maturities;
              (i) In addition, a conventional bank licensee must calculate a 'stressed value-at-risk' measure. This measure is intended to replicate a value-at-risk calculation that would be generated on the conventional bank licensee's current portfolio if the relevant market factors were experiencing a period of stress; and must therefore be based on the 10-day, 99th percentile, one-tailed confidence interval value-at-risk measure of the current portfolio, with model inputs calibrated to historical data from a continuous 12-month period of significant financial stress relevant to the conventional bank licensee's portfolio. The period used must be approved by the CBB and regularly reviewed. As an example, for many portfolios, a 12-month period relating to significant losses in 2007/2008 would adequately reflect a period of such stress, although other periods relevant to the current portfolio must be considered by the conventional bank licensee;
              (j) As no particular model is prescribed under Subparagraph (f), different techniques might need to be used to translate the model used for value-at-risk into one that delivers a stressed value-at-risk. For example, conventional bank licensees must consider applying anti-thetic data, or applying absolute rather than relative volatilities to deliver an appropriate stressed value-at-risk. The stressed value-at-risk must be calculated at least weekly;
              (k) Each conventional bank licensee must meet, on a daily basis, a capital requirement expressed as the sum of:
              (i) The higher of (1) its previous day's value-at-risk number measured according to the parameters specified in this Section (VaRt-1); and (2) an average of the daily value-at-risk measures on each of the preceding sixty business days (VaR avg), multiplied by a multiplication factor (mc); plus.
              (ii) The higher of (1) its latest available stressed-value-at-risk number calculated according to (i) above (sVaRt-1); and (2) an average of the stressed value-at-risk numbers calculated according to (i) above over the preceding sixty business days (sVaRavg), multiplied by a multiplication factor (ms).

              Therefore, the capital requirement (c) is calculated according to the following formula:

              c =max {VaRt-1; mc · VaRavg} + max { sVaRt-1; ms · sVaRavg};
              (l) The multiplication factors mc and ms is set by the CBB, separately for each individual conventional bank licensee, on the basis of the CBB's assessment of the quality of the conventional bank licensee's risk management system, subject to an absolute minimum of 3 for mc and an absolute minimum of 3 for ms. Conventional bank licensees must add to these factors set by the CBB, a "plus" directly related to the ex-post performance of the model, thereby introducing a built-in positive incentive to maintain the predictive quality of the model. The plus will range from 0 to 1 based on the outcome of the conventional bank licensee's back-testing. The back-testing results applicable for calculating the plus are based on value-at-risk only and not stressed value-at-risk. If the back-testing results are satisfactory and the conventional bank licensee meets all of the qualitative standards referred in Section CA-14.3 above, the plus factor could be zero. Appendix 15 presents in detail the approach to be followed for back-testing and the plus factor. Conventional bank licensees must strictly comply with this approach; and
              (m) As stated earlier in Section CA-14.1, conventional bank licensees applying models are also subject to a capital charge to cover specific risk (as defined under the standardised approach) of interest rate related instruments and equity instruments. The manner in which the specific risk capital charge is to be calculated is set out in Section CA-14.10.
              January 2015

          • CA-14.6 CA-14.6 Back-Testing

            • CA-14.6.1

              The contents of this Section outline the key requirements as set out in Appendix 15. The appendix presents in detail the approach to be followed for back-testing by the conventional bank licensees.

              January 2015

            • Key Requirements

              • CA-14.6.2

                The contents of this Section lay down recommendations for carrying out back-testing procedures in order to determine the accuracy and robustness of conventional bank licensee's internal models for measuring market risk capital requirements. These back-testing procedures typically consist of a periodic comparison of the conventional bank licensee's daily value-at-risk measures with the subsequent daily profit or loss ("trading outcome"). The procedure involves calculating and identifying the number of times over the prior 250 business days that observed daily trading losses exceed the conventional bank licensee's one-day, 99% confidence level VaR estimate (so-called "exceptions").

                January 2015

              • CA-14.6.3

                Based on the number of exceptions identified from the back-testing procedures, the conventional bank licensees will be classified into three exception categories for the determination of the "scaling factor" to be applied to the conventional bank licensees' market risk measure generated by its internal models. The three categories, termed as zones and distinguished by colours into a hierarchy of responses, are listed below:

                (a) Green zone;
                (b) Yellow zone; and
                (c) Red zone.
                January 2015

              • CA-14.6.4

                The green zone corresponds to back-testing results that do not themselves suggest a problem with the quality or accuracy of a conventional bank licensee's internal model. The yellow zone encompasses results that do raise questions in this regard, but where such a conclusion is not definitive. The red zone indicates a back-testing result that almost certainly indicates a problem with a conventional bank licensee's risk model.

                January 2015

              • CA-14.6.5

                The corresponding "scaling factors" applicable to conventional bank licensees falling into respective zones based on their back-testing results are shown in Table 2 of Appendix CA-15.

                January 2015

          • CA-14.7 CA-14.7 Stress Testing

            • CA-14.7.1

              Conventional bank licensees that use the internal models approach for calculating market risk capital requirements must have in place a rigorous and comprehensive stress testing programme. Stress testing to identify events or influences that could greatly impact the conventional bank licensee is a key component of a conventional bank licensee's assessment of its capital position.

              January 2015

            • CA-14.7.2

              Conventional bank licensees' stress scenarios must cover a range of factors that can create extraordinary losses or gains in trading portfolios, or make the control of risk in those portfolios very difficult. These factors include low-probability events in all major types of risks, including the various components of market, credit and operational risks. Stress scenarios must shed light on the impact of such events on positions that display both linear and non-linear characteristics (i.e., options and instruments that have option-like characteristics).

              January 2015

            • CA-14.7.3

              Conventional bank licensees' stress tests must be both of a quantitative and qualitative nature, incorporating both market risk and liquidity aspects of market disturbances. Quantitative criteria must identify plausible stress scenarios to which conventional bank licensees could be exposed. Qualitative criteria must emphasise that two major goals of stress testing are to evaluate the capacity of the conventional bank licensee's capital to absorb potential large losses and to identify steps the conventional bank licensee can take to reduce its risk and conserve capital. This assessment is integral to setting and evaluating the conventional bank licensee's management strategy and the results of stress testing must be routinely communicated to senior management and, periodically, to the conventional bank licensee's board of directors.

              January 2015

            • CA-14.7.4

              Conventional bank licensees must combine the use of stress scenarios as advised under Subparagraphs (a), (b) and (c) by the CBB, with stress tests developed by the conventional bank licensees themselves to reflect their specific risk characteristics. The CBB may ask conventional bank licensees to provide information on stress testing in three broad areas, as follows:

              (a) Scenarios requiring no simulation by the bank:

              Conventional bank licensees must have information on the largest losses experienced during the reporting period available for review by the CBB. This loss information will be compared with the level of capital that results from a conventional bank licensee's internal measurement system. For example, it could provide the CBB with a picture of how many days of peak day losses would have been covered by a given value-at-risk estimate;
              (b) Scenarios requiring simulation by the bank:

              Conventional bank licensees must subject their portfolios to a series of simulated stress scenarios and provide the CBB with the results. These scenarios could include testing the current portfolio against past periods of significant disturbance, for example, the 9/11 attacks on the USA, the 1987 equity market crash, the Exchange Rate Mechanism crises of 1992 and 1993 or the fall in the international bond markets in the first quarter of 1994, the 1998 Russian financial crisis, the 2000 bursting of the technology stock bubble or the 2007/2008 sub-prime crisis, incorporating both the large price movements and the sharp reduction in liquidity associated with these events. A second type of scenario would evaluate the sensitivity of the conventional bank licensee's market risk exposure to changes in the assumptions about volatilities and correlations. Applying this test would require an evaluation of the historical range of variation for volatilities and correlations and evaluation of the conventional bank licensee's current positions against the extreme values of the historical range. Due consideration must be given to the sharp variation that, at times, has occurred in a matter of days in periods of significant market disturbance. For example, the above-mentioned situations involved correlations within risk factors approaching the extreme values of 1 and -1 for several days at the height of the disturbance; and
              (c) Scenarios developed by the bank to capture the specific characteristics of its portfolio:

              In addition to the general scenarios prescribed by the CBB under Subparagraphs (a) and (b), each conventional bank licensee must also develop its own stress scenarios which it identifies as most adverse based on the characteristics of its portfolio (e.g., any significant political or economic developments that may result in a sharp move in oil prices). Conventional bank licensees must provide the CBB with a description of the methodology used to identify and carry out the scenarios as well as with a description of the results derived from these stress tests.
              January 2015

            • CA-14.7.5

              Once a stress scenario has been identified, it must be used for conducting stress tests at least once every quarter, as long as the scenario continues to be relevant to the conventional bank licensee's portfolio.

              January 2015

            • CA-14.7.6

              The results of all stress tests must be reviewed by senior management within 15 days from the time they are available, and must be promptly reflected in the policies and limits set by management and the board of directors. Moreover, if the testing reveals particular vulnerability to a given set of circumstances, the CBB requires the conventional bank licensee to take prompt steps to manage those risks appropriately (e.g., by hedging against that outcome or reducing the size of its exposures).

              January 2015

            • CA-14.7.7

              Conventional bank licensees must conduct, at least weekly, a set of pre-determined stress-tests for the correlation trading portfolio encompassing shocks to default rates, recovery rates, credit spreads, and correlations. Appendix CA-19 provides guidance on the stress testing that must be undertaken to satisfy this requirement.

              January 2015

          • CA-14.8 CA-14.8 External Validation of Models

            • CA-14.8.1

              Before granting its approval for the use of internal models by a conventional bank licensee, the CBB requires that the models be validated by both the internal and external auditors of the conventional bank licensee. The CBB will review the validation procedures performed by the internal and external auditors, and may independently carry out further validation procedures.

              January 2015

            • CA-14.8.2

              The internal validation procedures to be carried out by the internal auditor are set out in Section CA-14.3. As stated in that Section, the internal auditor's review of the overall risk management process must take place at regular intervals (not less than once every six months). The internal auditor must make a report to senior management and the board of directors, in writing, of the results of the validation procedures. The report must be made available to the CBB for its review.

              January 2015

            • CA-14.8.3

              The validation of the models by the external auditor must include, at a minimum, the following steps:

              (a) Verifying and ensuring that the internal validation processes described in Section CA-14.3 are operating satisfactorily;
              (b) Ensuring that the formulae used in the calculation process as well as for the pricing of options and other complex instruments are validated by a qualified unit, which in all cases must be independent from the trading area;
              (c) Checking and ensuring that the structure of the internal models is adequate with respect to the conventional bank licensee's activities and geographical coverage;
              (d) Checking the results of the conventional bank licensee's back-testing of its internal measurement system (i.e., comparing value-at-risk estimates with actual profits and losses) to ensure that the model provides a reliable measure of potential losses over time; and
              (e) Making sure that data flows and processes associated with the risk measurement system are transparent and accessible.
              January 2015

            • CA-14.8.4

              The external auditor must carry out their validation/review procedures, at a minimum, once every year. Based on the above procedures, the external auditor must make a report, in writing, on the accuracy of the conventional bank licensee's models, including all significant findings of their work. The report must be addressed to the senior management and/or the board of directors of the conventional bank licensee, and a copy of the report must be made available to the CBB. The mandatory annual review by the external auditor must be carried out during the third quarter of the calendar year, and the CBB expects to receive their final report by 30 September of each year. The results of additional validation procedures carried out by the external auditor at other times during the year must be made available to the CBB promptly.

              January 2015

            • CA-14.8.5

              Conventional bank licensees are required to ensure that external auditors and the CBB's representatives are in a position to have easy access, whenever they judge it necessary and under appropriate procedures, to the models' specifications and parameters as well as to the results of, and the underlying inputs to, their value-at-risk calculations.

              January 2015

          • CA-14.9 CA-14.9 Letter of Model Recognition

            • CA-14.9.1

              As stated in Section CA-14.1, conventional bank licensees which propose to use internal models for the calculation of their market risk capital requirements must submit their detailed proposals, in writing, to the CBB. The CBB will review these proposals, and upon ensuring that the conventional bank licensee's internal models meet all the criteria for recognition set out earlier in this Chapter, and after satisfying itself with the results of validation procedures carried out by the internal and external auditors and/or by itself, will issue a letter of model recognition to the conventional bank licensees.

              January 2015

            • CA-14.9.2

              The letter of model recognition is specific. It will set out the products covered, the method for calculating capital requirements on the products and the conditions of model recognition. In the case of preprocessing models, the conventional bank licensee will also be told how the output of recognised models must feed into the processing of other interest rate, equity, foreign exchange and commodities risk. The conditions of model recognition may include additional reporting requirements. The CBB's prior written approval must be obtained for any modifications proposed to be made to the models previously recognised by the CBB. In cases where a conventional bank licensee proposes to apply the model to new but similar products, it must obtain the CBB's prior approval. In some cases, the CBB may be able to give provisional approval for the model to be applied to a new class of products, in others it will be necessary to revisit the conventional bank licensee.

              January 2015

            • CA-14.9.3

              The CBB may withdraw its approval granted for any conventional bank licensee's model if it believes that the conditions based on which the approval was granted are no longer valid or have changed significantly.

              January 2015

          • CA-14.10 CA-14.10 Combination of Internal Models and the Standardised Methodology

            • CA-14.10.1

              Unless a conventional bank licensee's exposure to a particular risk factor is insignificant, the internal models approach, in principle, require conventional bank licensees to have an integrated risk measurement system that captures the broad risk factor categories (i.e., interest rates, exchange rates (which includes gold), equity prices and commodity prices, with related options volatilities being included in each risk factor category). Thus, conventional bank licensees which start to use models for one or more risk factor categories, over a reasonable period of time, must extend the models to all their market risks.

              January 2015

            • CA-14.10.2

              A conventional bank licensee which has obtained the CBB's approval for the use of one or more models is no longer able to revert to measuring the risk measured by those models according to the standardised methodology (unless the CBB withdraws its approval for the model(s), as explained in Section CA-14.9). However, what constitutes a reasonable period of time for an individual conventional bank licensee which uses a combination of internal models and the standardised methodology to move to a comprehensive model, will be decided by the CBB after taking into account the relevant circumstances of the conventional bank licensee.

              January 2015

            • CA-14.10.3

              Notwithstanding the goal of moving to comprehensive internal models as set out in Paragraph CA-14.10.1, for conventional bank licensees which, for the time being, will be applying a combination of internal models and the standardised methodology, the following conditions apply:

              (a) Each broad risk factor category must be assessed by applying a single approach (either internal models or the standardised approach), i.e., no combination of the two methods will, in principle, be permitted within a risk factor category or across a conventional bank licensee's different entities for the same type of risk;
              (b) All of the criteria laid down in this Chapter apply to the models being used;
              (c) Conventional bank licensees may not modify the combination of the two approaches which they are applying, without justifying to the CBB that they have a valid reason for doing so, and obtaining the CBB's prior written approval;
              (d) No element of market risk may escape measurement, i.e. the exposure for all the various risk factors, whether calculated according to the standardised approach or internal models, would have to be captured; and
              (e) The capital charges assessed under the standardised approach and under the models approach must be aggregated applying the simple sum method.
              January 2015

          • CA-14.11 CA-14.11 Treatment of Specific Risk

            • CA-14.11.1

              The conventional bank licensee is allowed to include its securitisation exposures and n-th-to-default credit derivatives in the trading book in its value-at-risk measure. Notwithstanding, it is still required to hold additional capital for these products according to the standardised measurement methodology.

              [Paragraphs CA-14.11.1A to CA-14.11.12 were deleted in January 2015.]

              January 2015

          • CA-14.12 CA-14.12 Model Validation Standards

            • CA-14.12.1

              It is important that conventional bank licensees have processes in place to ensure that their internal models have been adequately validated by suitably qualified parties independent of the development process to ensure that they are conceptually sound and adequately capture all material risks. This validation must be conducted when the model is initially developed and when any significant changes are made to the model. The validation must also be conducted on a periodic basis but especially where there have been any significant structural changes in the market or changes to the composition of the portfolio which might lead to the model no longer being adequate. More extensive model validation is particularly important where specific risk is also modelled and is required to meet the further specific risk criteria. As techniques and best practices evolve, conventional bank licensees must avail themselves of these advances. Model validation must not be limited to back-testing, but must, at a minimum, also include the following:

              (a) Tests to demonstrate that any assumptions made within the internal model are appropriate and do not underestimate risk. This may include the assumption of the normal distribution, the use of the square root of time to scale from a one day holding period to a 10 day holding period or where extrapolation or interpolation techniques are used, or pricing models;
              (b) Further to the regulatory back-testing programmes, testing for model validation must use hypothetical changes in portfolio value that would occur were end-of-day positions to remain unchanged. It therefore excludes fees, commissions, bid-ask spreads, net interest income and intra-day trading. Moreover, additional tests are required, which may include, for instance:
              (i) Testing carried out using hypothetical changes in portfolio value that would occur were end-of-day positions to remain unchanged. It therefore excludes fees, commissions, bid-ask spreads, net interest income and intra-day trading;
              (ii) Testing carried out for longer periods than required for the regular back-testing programme (e.g. 3 years). The longer time period generally improves the power of the back-testing. A longer time period may not be desirable if the VaR model or market conditions have changed to the extent that historical data is no longer relevant;
              (iii) Testing carried out using confidence intervals other than the 99 percent interval required under the quantitative standards; and
              (iv) Testing of portfolios below the overall bank level; and
              (c) The use of hypothetical portfolios to ensure that the model is able to account for particular structural features that may arise, for example:
              (i) Where data histories for a particular instrument do not meet the quantitative standards and where the conventional bank licensee has to map these positions to proxies, then the conventional bank licensee must ensure that the proxies produce conservative results under relevant market scenarios;
              (ii) Ensuring that material basis risks are adequately captured. This may include mismatches between long and short positions by maturity or by issuer; and
              (iii) Ensuring that the model captures concentration risk that may arise in an undiversified portfolio.
              January 2015

          • CA-14.13 Principles for Calculating the Incremental Risk Charge (IRC)

            This section was deleted with effect from January 2015 as it is no longer required.

            January 2015

        • CA-15 CA-15 Leverage Ratio and Gearing Requirements

          • CA-15.1 CA-15.1 Rationale and Objective

            • CA-15.1.1

              The requirements in this Chapter are applicable to Bahraini conventional bank licensees.

              Amended: October 2018
              January 2015

            • Scope and Factors Leading to Leverage

              • CA-15.1.2

                The use of non-equity funds to fund assets is referred to as financial leverage. It allows a financial institution to increase the potential returns on its equity capital, with an associated increase in the riskiness of the equity capital and its exposure to losses since the non-equity funds are either not, or only partially risk-absorbent. Consequently, leverage is commonly accomplished through the use of borrowed funds, debt capital or derivative instruments, etc. It is common for banks to engage in leverage by borrowing to fund asset growth, with the aim of increasing their return on equity.

                Added: October 2018

              • CA-15.1.3

                The leverage ratio serves as a supplementary measure to the risk-based capital requirements of the rest of this Module. The leverage ratio is a simple, transparent ratio and is intended to achieve the following objectives:

                (a) To constrain the build-up of leverage in the banking sector, helping avoid destabilising deleveraging processes which can damage the broader financial system and the economy;
                (b) To reinforce the risk-based requirements with a simple, non-risk based "backstop" measure; and
                (c) To serve as a broad measure of both the on and off-balance sheet sources of bank leverage and, thus, its risk profile.
                Added: October 2018

          • CA-15.2 CA-15.2 Definition, Calculation and Scope of the Leverage Ratio

            • Leverage Ratio Requirement and Computational Details

              • CA-15.2.1

                Bahraini conventional bank licensees must meet a 3% leverage ratio minimum requirement at all times, calculated on a consolidated basis.

                Added: October 2018

              • CA-15.2.2

                The leverage ratio is expressed as a percentage as follows:

                Tier One Capital
                Total Exposures

                The Numerator is Tier One Capital described in Paragraph CA-1.1.2. The Denominator is Total Exposures described in Section CA-15.3.

                Added: October 2018

              • CA-15.2.3

                The leverage ratio framework follows the same scope of regulatory consolidation for Tier One Capital and Total Exposures as is used in CA-B.1.2A, except as described in CA-15.2.4 below.

                Added: October 2018

              • CA-15.2.4

                Where a banking, financial, insurance or commercial entity is outside the scope of regulatory consolidation, only the investment in the capital of such entities (i.e. only the carrying value of the investment, as opposed to the underlying assets and other exposures of the investee) is to be included in the total exposures measure. However, investments in the capital of such entities that are deducted from Tier One Capital must also be deducted from the exposures measure for the purpose of the leverage ratio calculation.

                Added: October 2018

              • CA-15.2.5

                Bahraini conventional bank licensees identified as DSIBs must also meet a leverage ratio buffer requirement of 50% of HLA buffer (currently set at 1.5%), consistent with the capital measure required to meet the requirements of Module DS.

                Added: October 2018

          • CA-15.3 CA-15.3 Exposure Measure

            • General Measurement Principles

              • CA-15.3.1

                Total Exposures for the purpose of CA-15.2.2 is the sum of the following exposures:

                (a) On-balance sheet exposures;
                (b) Derivative exposures;
                (c) Securities financing transactions; and
                (d) Off-balance sheet items as identified in this Section.
                Added: October 2018

              • CA-15.3.2

                For purposes of Paragraph CA-15.3.1 the exposure measures should be consistent with financial statements where appropriate.

                Added: October 2018

            • On-balance Sheet Exposures

              • CA-15.3.3

                On-balance sheet exposures include all on-balance assets in their exposure measure, including on balance sheet derivatives' collateral and collateral for Securities Financing Transactions (SFTs), with the exception of SFT assets and on-balance sheet derivatives that are covered in Paragraphs CA-15.3.13 to CA-15.3.23 and CA-15.3.24 to CA-15.3.42 respectively.

                Added: October 2018

              • CA-15.3.4

                On-balance sheet assets must be measured using their accounting balance sheet values (i.e. unweighted) less deductions for associated specific provisions. On-balance sheet, non-derivative exposures are net of specific provisions and valuation adjustments (e.g. credit valuation adjustments under IFRS).

                Added: October 2018

              • CA-15.3.5

                Items (such as goodwill) that are deducted completely from Tier One Capital must be deducted from Total Exposures.

                Added: October 2018

              • CA-15.3.6

                According to the treatment outlined in Paragraphs CA-2.4.20 to CA-2.4.24, where a financial entity is not included in the regulatory scope of consolidation in CA-B.1.2A, only the investment in the capital of such entities (i.e. only the carrying value of the investment, as opposed to the underlying assets and other exposures of the investee) is to be included in the leverage ratio exposure measure. The amount of any investment in the capital of that entity that is totally or partially deducted from CET1 or from AT1 capital of the Bahraini conventional bank licensee following the corresponding deduction approach in Paragraphs CA-2.4.20 to CA-2.4.26 must be excluded from the leverage ratio measure.

                Added: October 2018

              • CA-15.3.7

                Unless specified differently below, Bahraini conventional bank licensees must not take into account physical guarantees or credit risk mitigation techniques to reduce the leverage ratio exposure measure, nor may banks net assets and liabilities.

                Added: October 2018

              • CA-15.3.8

                Any item deducted from Tier 1 capital according to Module CA and regulatory adjustments other than those related to liabilities must be deducted from the leverage ratio exposure measure. Two examples follow:

                a) Where a banking, financial or insurance entity is not included in the regulatory scope of consolidation as set out in Section CA-2.4, the amount of any investment in the capital of that entity that is totally or partially deducted from Common Equity Tier 1 (CET1) capital or from Additional Tier 1 capital of the bank following the corresponding deduction approach therein must also be deducted from the leverage ratio exposure measure; and
                b) Prudent valuation adjustments (PVAs) for exposures to less liquid positions, other than those related to liabilities, that are deducted from Tier 1 capital as per Paragraph CA-16.1.11A must be deducted from the leverage ratio exposure measure.
                Added: October 2018

              • CA-15.3.9

                Gains/losses on fair valued liabilities or accounting value adjustments on derivative liabilities due to changes in the bank's own credit risk are not deducted from the leverage ratio exposure measure.

                Added: October 2018

              • CA-15.3.10

                Netting of loans and deposits is not allowed.

                Added: October 2018

              • CA-15.3.11

                For the purpose of the leverage ratio exposure measure, Bahraini conventional bank licensees using trade date accounting must reverse out any offsetting between cash receivables for unsettled sales and cash payables for unsettled purchases of financial assets that may be recognised under the applicable accounting framework, but may offset between those cash receivables and cash payables (regardless of whether such offsetting is recognised under the applicable accounting framework) if the following conditions are met:

                a) The financial assets bought and sold that are associated with cash payables and receivables are fair valued through income and included in the bank's regulatory trading book (See CA-8.1.5); and
                b) The transactions of the financial assets are settled on a delivery-versus-payment (DVP) basis.

                Bahraini conventional bank licensees using settlement date accounting will be subject to the treatment set out in Paragraphs CA-15.3.43 to CA-15.3.45 and Paragraphs CA-15.5.7 to CA-15.5.16.

                Added: October 2018

              • CA-15.3.12

                For purposes of the leverage ratio exposure measure, where a cash pooling arrangement entails a transfer at least on a daily basis of the credit and/or debit balances of the individual participating customer accounts into a single account balance, the individual participating customer accounts are deemed to be extinguished and transformed into a single account balance upon the transfer provided the bank is not liable for the balances on an individual basis upon the transfer. Thus, the basis of the leverage ratio exposure measure for such a cash pooling arrangement is the single account balance and not the individual participating customer accounts. When the transfer of credit and/or debit balances of the individual participating customer accounts does not occur daily, for purposes of the leverage ratio exposure measure, extinguishment and transformation into a single account balance is deemed to occur and this single account balance may serve as the basis of the leverage ratio exposure measure provided all of the following conditions are met:

                a) in addition to providing for the several individual participating customer accounts, the cash pooling arrangement provides for a single account, into which the balances of all individual participating customer accounts can be transferred and thus extinguished;
                b) the Bahraini conventional bank licensees: (i) has a legally enforceable right to transfer the balances of the individual participating customer accounts into a single account so that the bank is not liable for the balances on an individual basis, and (ii) at any point in time, the bank must have the discretion and be in a position to exercise this right;
                c) the Bahraini conventional bank licensee's supervisor does not deem as inadequate the frequency by which the balances of individual participating customer accounts are transferred to a single account;
                d) there are no maturity mismatches among the balances of the individual participating customer accounts included in the cash pooling arrangement or all balances are either overnight or on demand; and
                e) the Bahraini conventional bank licensee charges or pays interest and/or fees based on the combined balance of the individual participating customer accounts included in the cash pooling arrangement.

                In the event the abovementioned conditions are not met, the individual balances of the participating customer accounts must be reflected separately in the leverage ratio exposure measure.

                Added: October 2018

            • Securities Financing Transaction Exposures (SFTs)

              • CA-15.3.13

                Traditional securitisations must be excluded by the originating bank if the securitisation meets the operational requirements for the recognition of risk transference set out in CA-6, Credit Risk Securitisation Framework. Banks meeting these conditions must include any retained securitisation exposure in the leverage ratio exposure.

                Added: October 2018

              • CA-15.3.14

                SFTs included in the exposure measure must be according to the treatment described in CA-15.3.19 below.

                Added: October 2018

              • CA-15.3.15

                For purpose of Paragraph CA-15.3.13, the treatment recognises that secured lending and borrowing in the form of SFTs is an important source of leverage, and ensures consistent international implementation by providing a common measure for dealing with the main differences in the operative accounting frameworks.

                Added: October 2018

              • CA-15.3.16

                For SFT assets subject to novation and cleared through Qualifying Central Counterparties, "gross SFT assets recognised for accounting purposes" are replaced by the final contractual exposure, given that pre-existing contracts have been replaced by new legal obligations through the novation process.

                Added: October 2018

              • CA-15.3.17

                Gross SFT assets must not recognise any accounting netting of cash payables against cash receivables.

                Added: October 2018

              • CA-15.3.18

                Bahraini conventional bank licensees and supervisors should be particularly vigilant to transactions and structures that have the result of inadequately capturing banks' sources of leverage. Examples of concerns that might arise in such leverage ratio exposure measure minimising transactions and structures may include: securities financing transactions where exposure to the counterparty increases as the counterparty's credit quality decreases or securities financing transactions in which the credit quality of the counterparty is positively correlated with the value of the securities received in the transaction (i.e. the credit quality of the counterparty falls when the value of the securities falls); banks that normally act as principal but adopt an agency model to transact in derivatives and SFTs in order to benefit from the more favourable treatment permitted for agency transactions under the leverage ratio framework; collateral swap trades structured to mitigate inclusion in the leverage ratio exposure measure; or use of structures to move assets off the balance sheet. This list of examples is by no means exhaustive. Where supervisors are concerned that such transactions are not adequately captured in the leverage ratio exposure measure or may lead to a potentially destabilising deleveraging process, they should carefully scrutinise these transactions and consider a range of actions to address such concerns. Supervisory actions may include requiring enhancements in banks' management of leverage, imposing operational requirements (e.g. additional reporting to supervisors) and/or requiring that the relevant exposure is adequately capitalised through a Pillar 2 capital charge. These examples of supervisory actions are merely indicative and by no means exhaustive.

                Added: October 2018

            • General Treatment (Bank Acting as Principal)

              • CA-15.3.19

                The sum of the amounts in subparagraphs (a) and (b) are to be included in the leverage ratio exposure measure:

                (a) Gross SFT assets recognized for accounting purposes (i.e. with no recognition of accounting netting), adjusted as follows:
                (i) Excluding from the exposure measure the value of any securities received under an SFT, where the Bahraini conventional bank licensee has recognised the securities as an asset on its balance sheet; and
                (ii) Cash payables and cash receivables in SFTs with the same counterparty may be measured net if the following criteria are met:
                (A) Transactions have the same explicit final settlement date but which can be unwound at any time by either party to the transaction are not eligible;
                (B) The right to set off the amount owed to the counterparty with the amount owed by the counterparty is legally enforceable both currently in the normal course of business and in the event of: (i) default; (ii) insolvency; and (iii) bankruptcy; and
                (C) The counterparties intend to settle net, settle simultaneously, or the transactions are subject to a settlement mechanism that results in the functional equivalent of net settlement, that is, the cash flows of the transactions are equivalent, in effect, to a single net amount on the settlement date. To achieve such equivalence, both transactions are settled through the same settlement system and the settlement arrangements are supported by cash and/or intraday credit facilities intended to ensure that settlement of both transactions will occur by the end of the business day any issues arising from securities legs of the SFTs do not result in the unwinding of net cash settlement24; and
                (b) A measure of Counterparty Credit Risk calculated as the current exposure without an add-on for Potential Future Exposure (PFE), calculated as follows:
                (i) Where a qualifying Master Netting Agreement25(MNA) is in place, the current exposure (E*) is the greater of zero and the total fair value of securities and cash lent to a counterparty for all transactions included in the qualifying MNA (SEi), less the total fair value of cash and securities received from the counterparty for those transactions (SCi). This is illustrated in the following formula:
                E* = max {0, [SEi – SCi]}; and
                (ii) Where no qualifying MNA is in place, the current exposure for transactions with a counterparty must be calculated on a transaction by transaction basis; that is, each transaction is treated as its own netting set, as shown in the following formula:
                Ei* = max {0, [Ei – Ci]}
                (ii) Ei* may be set to zero if (i) Ei is the cash lent to a counterparty, (ii) this transaction is treated as its own netting set and (iii) the associated cash receivable is not eligible for the netting treatment in Paragraph CA-15.3.20.
                (iii) For the purposes of the above, the term "counterparty" includes not only the counterparty of the bilateral repo transactions but also triparty repo agents that receive collateral in deposit and manage the collateral in the case of triparty repo transactions. Therefore, securities deposited at triparty repo agents are included in "total value of securities and cash lent to a counterparty" (E) up to the amount effectively lent to the counterparty in a repo transaction. However, excess collateral that has been deposited at triparty agents but that has not been lent out may be excluded.
                Added: October 2018

                24 This latter condition ensures that any issues arising from the securities leg of the SFTs do not interfere with the completion of the net settlement of the cash receivables and payables. If there is a failure of the securities leg of a transaction in such a mechanism at the end of the settlement window for settlement in the settlement mechanism, then this transaction and its matching cash leg must be split out from the netting set and treated gross.

                25 A "qualifying" MNA is one that meets the requirements under Paragraphs CA-15.6.14 and 15.

            • Sale Accounting Transactions

              • CA-15.3.20

                Leverage may remain with the lender of the security in a SFT whether or not sale accounting is achieved under IFRS. As such, where sale accounting is achieved for a SFT under IFRS, the Bahraini conventional bank licensee must reverse all sales-related accounting entries, and then calculate its exposure as if the SFT had been treated as a financing transaction (i.e. the Bahraini conventional bank licensee must include the sum of amounts in Subparagraphs CA-15.3.19 (a) and (b) for such a SFT) for the purposes of determining its exposure measure.

                Added: October 2018

            • Bank Acting as Agent

              • CA-15.3.21

                A Bahraini conventional bank licensee acting as agent in a SFT generally provides an indemnity or guarantee to only one of the two parties involved, and only for the difference between the value of the security or cash its customer has lent and the value of collateral the borrower has provided. In this situation, the bank is exposed to the counterparty of its customer for the difference in values rather than to the full exposure to the underlying security or cash of the transaction (as is the case where the bank is one of the principals in the transaction).

                Added: October 2018

              • CA-15.3.22

                Where a Bahraini conventional bank licensee acting as agent in a SFT provides an indemnity or guarantee to a customer or counterparty for any difference between the value of the security or cash the customer has lent and the value of collateral the borrower has provided, then the Bahraini conventional bank licensee will be required to calculate its exposure measure by applying only Subparagraph 15.3.19(b).26

                Added: October 2018

                26 Where, in addition to the conditions in Paragraphs CA-15.3.21 to 15.3.23, a bank acting as an agent in a SFT does not provide an indemnity or guarantee to any of the involved parties, the bank is not exposed to the SFT and therefore need not recognise those SFTs in its exposure measure.

              • CA-15.3.23

                A Bahraini conventional bank licensee acting as agent in a SFT and providing an indemnity or guarantee to a customer or counterparty will be considered eligible for the exceptional treatment set out in paragraph CA-15.3.22 only if the Bahraini conventional bank licensee's exposure to the transaction is limited to the guaranteed difference between the value of the security or cash its customer has lent and the value of the collateral the borrower has provided. In situations where the Bahraini conventional bank licensees is further economically exposed (i.e. beyond the guarantee for the difference) to the underlying security or cash in the transaction,27 a further exposure equal to the full amount of the security or cash must be included in the exposure measure.

                Added: October 2018

                27 For example, due to the bank managing collateral received in the bank's name or on its own account rather than on the customer's or borrower's account (e.g. by on-lending or managing unsegregated collateral, cash or securities).

            • Derivative Exposures

              • CA-15.3.24

                Exposures to derivatives are included in the leverage ratio exposure by means of two components:

                (a) Replacement cost (RC); and
                (b) Potential Future Exposure (PFE).
                Added: October 2018

              • CA-15.3.25

                Bahraini conventional bank licensees must calculate their exposures associated with all derivative transactions including where a Bahraini conventional bank licensee sells protection using a credit derivative, as the replacement cost (RC)28 for the current exposure plus an add-on for PFE, as described in Paragraph CA-15.3.26. If the derivative exposure is covered by an eligible bilateral netting contract as specified in this Section 15.4, the treatment in Chapter CA-4 may be applied29. Written credit derivatives are subject to an additional treatment, as set out in Paragraphs CA-15.3.37 to CA-15.3.39.

                Added: October 2018

                28 If there is no accounting measure of exposure for certain derivative instruments because they are held (completely) off-balance sheet, the bank must use the sum of positive fair values of these derivatives as the replacement cost.

                29 Cross-product netting is not permitted in determining the leverage ratio exposure.

              • CA-15.3.26

                For derivative transactions not covered by an eligible bilateral netting contract as specified in Paragraphs CA-15.4.1 to CA-15.4.3, the amount to be included in the exposure measure is determined as follows:

                Exposure measure = alpha * (RC+PFE)
                where
                alpha = 1.4
                RC = the replacement cost of the contract (obtained by marking to market), where the contract has a positive value. RC is determined in accordance with CA-15.3.27
                PFE = an amount for PFE calculated in accordance with CA-15.3.28.
                Added: October 2018

              • CA-15.3.27

                The replacement cost of a transaction or netting set is measured as follows:

                RC = max {V - CVMr, + CVMp, 0}

                where (i) V is the market value of the individual derivative transaction or of the derivative transactions in a netting set; (ii) CVMr is the cash variation margin received that meets the conditions set out in Paragraph CA-15.3.33 and for which the amount has not already reduced the market value of the derivative transaction V under the bank's operative accounting standard; and (iii) CVMp is the cash variation margin provided by the bank and that meets the same conditions.

                Added: October 2018

              • CA-15.3.28

                The potential future exposure (PFE) for derivative exposures must be calculated mathematically as follows:

                PFE = multiplier*AddOn aggregate

                For the purposes of the leverage ratio framework, the multiplier is fixed at one. Moreover, when calculating the add-on component, for all margined transactions the maturity factor set out in CA-15.3.29 below may be used. Further, as written options create an exposure to the underlying, they must be included in the leverage ratio exposure measure by applying the treatment described herein, even if certain written options are permitted the zero exposure at default (EAD) treatment allowed in the risk-based framework.

                Added: October 2018

              • CA-15.3.29

                The minimum time risk horizons include:

                a) The lesser of one year and remaining maturity of the derivative contract for unmargined transactions, floored at ten business days. Therefore, the adjusted notional at the trade level of an unmargined transaction must be multiplied by:



                where Mi is the transaction i remaining maturity floored by 10 business days
                b) For margined transactions, the minimum margin period of risk is determined as follows:
                — At least ten business days for non-centrally-cleared derivative transactions subject to daily margin agreements.
                — Five business days for centrally cleared derivative transactions subject to daily margin agreements that clearing members have with their clients.
                — 20 business days for netting sets consisting of 5,000 transactions that are not with a central counterparty.
                — Doubling the margin period of risk for netting sets with outstanding disputes. Therefore, the adjusted notional at the trade level of a margined transaction should be multiplied by:



                where i MPOR is the margin period of risk appropriate for the margin agreement containing the transaction i.
                Added: October 2018

            • Bilateral Netting

              • CA-15.3.30

                When an eligible bilateral netting contract is in place (see Paragraphs CA-15.4.1 to CA-15.4.3), the RC for the set of derivative exposures covered by the contract will be the net replacement cost and the add-on will be ANet as calculated in Paragraphs CA-15.3.27 and CA-15.3.28.

                Added: October 2018

            • Treatment of Related Collateral

              • CA-15.3.31

                Collateral received in connection with derivative contracts has two countervailing effects on leverage:

                (a) It reduces counterparty exposure; but
                (b) It can also increase the economic resources at the disposal of the Bahraini conventional bank licensees, as the bank can use the collateral to leverage itself.
                Added: October 2018

              • CA-15.3.32

                Collateral received in connection with derivative contracts does not necessarily reduce the leverage inherent in a Bahraini conventional bank licensee's derivatives position, which is generally the case if the settlement exposure arising from the underlying derivative contract is not reduced. As a general rule, collateral received may not be netted against derivative exposures whether or not netting is permitted under IFRS or in Chapter CA-4. Hence, when calculating the exposure amount by applying Paragraphs CA-15.3.25 to CA-15.3.27, a Bahraini conventional bank licensee must not reduce the exposure amount by any collateral received from the counterparty.

                Added: October 2018

              • CA-15.3.33

                With regard to collateral provided, Bahraini conventional bank licensees must gross up their exposure measure by the amount of any derivatives collateral provided where the provision of that collateral has reduced the value of their balance sheet assets under IFRS.

                Added: October 2018

            • Treatment of Cash Variation Margin

              • CA-15.3.34

                In the treatment of derivative exposures for the purpose of the leverage ratio, the cash portion of variation margin exchanged between counterparties may be viewed as a form of pre-settlement payment, if the following conditions are met:

                (a) For trades not cleared through a qualifying central counterparty (QCCP) the cash received by the recipient counterparty is not segregated;
                (b) Variation margin is calculated and exchanged on a daily basis based on mark-to-market valuation of derivatives positions;
                (c) The cash variation margin is received in the same currency as the currency of settlement of the derivative contract;
                (d) Variation margin exchanged is the full amount that would be necessary to fully extinguish the mark-to-market exposure of the derivative subject to the threshold and minimum transfer amounts applicable to the counterparty; and
                (e) Derivatives transactions and variation margins are covered by a single master netting agreement (MNA)30, 31 between the legal entities that are the counterparties in the derivatives transaction. The MNA must explicitly stipulate that the counterparties agree to settle net any payment obligations covered by such a netting agreement, taking into account any variation margin received or provided if a credit event occurs involving either counterparty. The MNA must be legally enforceable and effective in all relevant jurisdictions, including in the event of default and bankruptcy or insolvency.
                Added: October 2018

                30 A Master MNA may be deemed to be a single MNA for this purpose.

                31 To the extent that the criteria in this paragraph include the term "master netting agreement", this term should be read as including any "netting agreement" that provides legally enforceable rights of offsets. This is to take account of the fact that for netting agreements employed by CCPs, no standardisation has currently emerged that would be comparable with respect to OTC netting agreements for bilateral trading.

              • CA-15.3.35

                If the conditions in Paragraph CA-15.3.34 are met, the cash portion of variation margin received may be used to reduce the replacement cost portion of the leverage ratio exposure measure, and the receivables assets from cash variation margin provided may be deducted from the leverage ratio exposure measure as follows:

                (a) In the case of cash variation margin received, the receiving bank may reduce the replacement cost (but not the PFE component) of the exposure amount of the derivative asset by the amount of cash received if the positive mark-to-market value of the derivative contract(s) has not already been reduced by the same amount of cash variation margin received under the Bahraini conventional bank licensee's operative accounting standard; and
                (b) In the case of cash variation margin provided to a counterparty, the posting Bahraini conventional bank licensee may deduct the resulting receivable from its leverage ratio exposure measure, where the cash variation margin has been recognised as an asset under the Bahraini conventional bank licensee's operative accounting framework and instead include the cash variation margin in the calculation of derivative replacement cost.
                Added: October 2018

            • Add-on Factors for Determining PFE

              • CA-15.3.36

                The following add-on factors apply to financial derivatives, based on residual maturity:

                Added: October 2018

              • CA-15.3.37

                Add-ons must be based on effective rather than apparent notional amounts. In the event that the stated notional amount is leveraged or enhanced by the structure of the transaction, Bahraini conventional bank licensees must use the effective notional amount when determining PFE.

                Added: October 2018

            • Treatment of Clearing Services

              • CA-15.3.38

                Where a Bahraini conventional bank licensee acting as clearing member (CM)32 offers clearing services to clients, the clearing member's trade exposures33 to the central counterparty (CCP) that arise when the clearing member is obligated to reimburse the client for any losses suffered due to changes in the value of its transactions in the event that the CCP defaults, must be captured by applying the same treatment that applies to any other type of derivatives transactions. However, if the clearing member, based on the contractual arrangements with the client, is not obligated to reimburse the client for any losses suffered due to changes in the value of its transactions in the event that a QCCP defaults, the clearing member need not recognise the resulting trade exposures to the QCCP in the leverage ratio exposure measure.

                Added: October 2018

                32 For the purposes of this Paragraph, a clearing member (CM) is defined as a member of, or a direct participant in, a CCP that is entitled to enter into a transaction with the CCP, regardless of whether it enters into trades with a CCP for its own hedging, investment or speculative purposes or whether it also enters into trades as a financial intermediary between the CCP and other market participants.

                33 "Trade exposure" includes initial margin irrespective of whether or not it is posted in a manner that makes it remote from the insolvency of the CCP.

              • CA-15.3.39

                Where a client enters directly into a derivatives transaction with the CCP and the CM guarantees the performance of its clients' derivative trade exposures to the CCP, the Bahraini conventional bank licensee acting as the clearing member for the client to the CCP must calculate its related leverage ratio exposure resulting from the guarantee as a derivative exposure as set out in Paragraphs CA-15.3.24 to CA-15.3.36, as if it had entered directly into the transaction with the client, including with regard to the receipt or provision of cash variation margin.

                Added: October 2018

            • Additional Treatment for Written Credit Derivatives

              • CA-15.3.40

                In addition to the CCR exposure arising from the fair value of the contracts, written credit derivatives create a notional credit exposure arising from the creditworthiness of the reference entity. Written credit derivatives must be treated consistently with cash instruments (e.g. loans, bonds) for the purposes of the exposure measure.

                Added: October 2018

              • CA-15.3.41

                In order to capture the credit exposure to the underlying reference entity, in addition to the above CCR treatment for derivatives and related collateral, the effective notional amount referenced by a written credit derivative is to be included in the exposure measure. The effective notional amount of a written credit derivative may be reduced by any negative change in fair value amount that has been incorporated into the calculation of Tier 1 capital with respect to the written credit derivative. The resulting amount may be further reduced by the effective notional amount of a purchased credit derivative on the same reference name,34, 35provided:

                (a) The credit protection purchased is on a reference obligation which ranks pari passu with or is junior to the underlying reference obligation of the written credit derivative in the case of single name credit derivatives;36
                (c) The remaining maturity of the credit protection purchased is equal to or greater than the remaining maturity of the written credit derivative;
                (d) the credit protection purchased through credit derivatives is not from a counterparty whose credit quality is highly correlated with the value of the reference obligation; in the event that the effective notional amount of a written credit derivative is reduced by any negative change in fair value reflected in the bank's Tier 1 capital, the effective notional amount of the offsetting credit protection purchased through credit derivatives must also be reduced by any resulting positive change in fair value reflected in Tier 1 capital; and
                (e) the credit protection purchased through credit derivatives is not included in a transaction that has been cleared on behalf of a client (or that has been cleared by the bank in its role as a clearing services provider in a multi-level client services structure as referenced in CA-15.3.38 and for which the effective notional amount referenced by the corresponding written credit derivative is excluded from the leverage ratio exposure measure according to this paragraph.
                Added: October 2018

                34 Two reference names are considered identical only if they refer to the same legal entity. For single-name credit derivatives, protection purchased that references a subordinated position may offset protection sold on a more senior position of the same reference entity as long as a credit event on the senior reference asset would result in a credit event on the subordinated reference asset. Protection purchased on a pool of reference entities may offset protection sold on individual reference names if the protection purchased is economically equivalent to buying protection separately on each of the individual names in the pool (this would, for example, be the case if a bank were to purchase protection on an entire securitisation structure). If a bank purchases protection on a pool of reference names, but the credit protection does not cover the entire pool (i.e. the protection covers only a subset of the pool, as in the case of an nth-to-default credit derivative or a securitisation tranche), then offsetting is not permitted for the protection sold on individual reference names. However, such purchased protections may offset sold protections on a pool provided the purchased protection covers the entirety of the subset of the pool on which protection has been sold. In other words, offsetting may only be recognised when the pool of reference entities and the level of subordination in both transactions are identical.

                35 The effective notional amount of a written credit derivative may be reduced by any negative change in fair value reflected in the bank's Tier 1 capital provided the effective notional amount of the offsetting purchased credit protection is also reduced by any resulting positive change in fair value reflected in Tier 1 capital. Where a bank buys credit protection through a total return swap (TRS) and records the net payments received as net income, but does not record offsetting deterioration in the value of the written credit derivative (either through reductions in fair value or by an addition to reserves) reflected in Tier 1 capital, the credit protection will not be recognised for the purpose of offsetting the effective notional amounts related to written credit derivatives.

                36 For tranched products, the purchased protection must be on a reference obligation with the same level of seniority.

              • CA-15.3.42

                For the purposes of CA-15.3.40, the term "written credit derivative" refers to a broad range of credit derivatives through which a bank effectively provides credit protection and is not limited solely to credit default swaps and total return swaps. For example, all options where the bank has the obligation to provide credit protection under certain conditions qualify as "written credit derivatives". The effective notional amount of such options sold by the bank may be offset by the effective notional amount of options by which the bank has the right to purchase credit protection which fulfils the conditions of CA-15.3.41. For example, the condition of same or more conservative material terms as those in the corresponding written credit derivatives can be considered met only when the strike price of the underlying purchased credit protection is equal to or lower than the strike price of the underlying sold credit protection.

                Added: October 2018

              • CA-15.3.43

                Since written credit derivatives are included in the exposure measure at their effective notional amounts, and are also subject to add-on amounts for PFE, the exposure measure for written credit derivatives may be overstated. Bahraini conventional bank licensees must deduct the individual PFE add-on amount relating to a written credit derivative (which is not offset according to Paragraph CA-15.3.41 and whose effective notional amount is included in the exposure measure) from their gross add-on in Paragraphs CA-15.3.25 to CA-15.3.27.

                Added: October 2018

              • CA-15.3.44

                Where a bank buys credit protection through a total return swap (TRS) and records the net payments received as net income, but does not record offsetting deterioration in the value of the written credit derivative (either through reductions in fair value or by an addition to reserves) reflected in Tier 1 capital, the credit protection will not be recognised for the purpose of offsetting the effective notional amounts related to written credit derivatives.

                Added: October 2018

            • Off-balance Sheet Items (OBS)

              • CA-15.3.45

                OBS items include commitments (including liquidity facilities), whether or not unconditionally cancellable, direct credit substitutes, acceptances, standby letters of credit and trade letters of credit. If the OBS item is treated as a derivative exposure for the purpose of the accounting, then the item must be measured as a derivative exposure for the purpose of leverage ratio exposure.

                Added: October 2018

              • CA-15.3.46

                In the risk-based capital framework, OBS items are converted under the standardised approach into credit exposure equivalents through the use of credit conversion factors (CCFs). For the purpose of determining the exposure amount of OBS items for the leverage ratio, the CCFs set out in CA-15.4 must be applied to the notional amount.

                Added: October 2018

              • CA-15.3.47

                In addition, specific and general provisions set aside against OBS exposures that have decreased Tier 1 capital may be deducted from the credit exposure equivalent amount of those exposures (i.e. the exposure amount after the application of the relevant CCF). However, the resulting total off-balance sheet equivalent amount for OBS exposures cannot be less than zero.

                Added: October 2018

          • CA-15.4 CA-15.4 Additional Detail for Computation Purposes

            • Bilateral Netting

              • CA-15.4.1

                For the purpose of the leverage ratio measure, bilateral netting is allowed subject to the following conditions:

                (a) Bahraini conventional bank licensees may net transactions subject to novation under which any obligation between a bank and its counterparty to deliver a given currency on a given value date is automatically amalgamated with all other obligations for the same currency and value date, legally substituting one single amount for the previous gross obligations; or
                (b) Bahraini conventional bank licensees may also net transactions subject to any legally valid form of bilateral netting not covered in (a), including other forms of novation.
                Added: October 2018

              • CA-15.4.2

                In both cases in CA-15.5.1 (a) and (b), a Bahraini conventional bank licensee will need to satisfy the CBB that it has:

                (a) A netting contract or agreement with the counterparty that creates a single legal obligation, covering all included transactions, such that the Bahraini conventional bank licensee would have either a claim to receive or obligation to pay only the net sum of the positive and negative mark-to-market values of included individual transactions in the event a counterparty fails to perform due to any of the following: default, bankruptcy, liquidation or similar circumstances;
                (b) Written and reasoned legal opinions that, in the event of a legal challenge, the relevant courts and administrative authorities would find the Bahraini conventional bank licensee's exposure to be such a net amount under:
                (i) The law of the home jurisdiction in which the counterparty is incorporated and, if the foreign branch of a counterparty is involved, then also under the law of jurisdiction in which the branch is located;
                (ii) The law that governs the individual transactions; and
                (iii) The law that governs any contract or agreement necessary to effect the netting.
                The CBB must be satisfied that the netting is enforceable under the laws of each of the relevant jurisdictions; and
                (c) Procedures in place to ensure that the legal characteristics of netting arrangements are kept under review in the light of possible changes in relevant law.
                Added: October 2018

              • CA-15.4.3

                Contracts containing walkaway clauses are not eligible for netting for the purpose of calculating the leverage ratio requirements. A walkaway clause is a provision that permits a non-defaulting counterparty to make only limited payments, or no payment at all, to the estate of a defaulter, even if the defaulter is a net creditor.

                Added: October 2018

            • Securities Financing Transaction Exposures 37

              • CA-15.4.4

                Where a qualifying master netting agreement is in place, the effects of bilateral netting agreements for SFTs are recognised on a counterparty by counterparty basis if the agreements are legally enforceable in each relevant jurisdiction upon the occurrence of an event of default and regardless of whether the counterparty is insolvent or bankrupt. In addition, netting agreements must:

                (a) Provide the non-defaulting party with the right to terminate and close out in a timely manner all transactions under the agreement upon an event of default, including in the event of insolvency or bankruptcy of the counterparty;
                (b) Provide for the netting of gains and losses on transactions (including the value of any collateral) terminated and closed out under it so that a single net amount is owed by one party to the other;
                (c) Allow for the prompt liquidation or setoff of collateral upon the event of default; and
                (d) Be, together with the rights arising from provisions required in (a) and (c) above, legally enforceable in each relevant jurisdiction upon the occurrence of an event of default regardless of the counterparty's insolvency or bankruptcy.
                Added: October 2018

                37 The provisions related to qualifying master netting agreements (MNAs) for SFTs are intended for the calculation of the counterparty add-on of the exposure measure of SFTs.

              • CA-15.4.5

                Netting across positions held in the banking book and trading book can only be recognised when the netted transactions fulfil the following conditions:

                (a) All transactions are marked to market daily; and
                (b) The collateral instruments used in the transactions are recognised as eligible financial collateral in the banking book.
                Added: October 2018

            • Off-balance Sheet Items

              • CA-15.4.6

                For the purpose of the leverage ratio, OBS items must be converted into credit exposure equivalents through the use of credit conversion factors (CCFs).

                Added: October 2018

              • CA-15.4.7

                For the purpose of Paragraph CA-15.4.6, commitments include any contractual arrangement that has been offered by the bank and accepted by the client to extend credit, purchase assets or issue credit substitutes.

                Added: October 2018

              • CA-15.4.8

                Direct credit substitutes, e.g. general guarantees of indebtedness (including standby letters of credit serving as financial guarantees for loans and securities) and acceptances (including endorsements with the character of acceptances) receive a CCF of 100%.

                Added: October 2018

              • CA-15.4.9

                The exposure amount associated with unsettled financial asset purchases where regular-way unsettled trades are accounted for at settlement date, a 100% CCF applies.

                Added: October 2018

              • CA-15.4.10

                Forward asset purchases, forward deposits and partly paid shares and securities, which represent commitments with certain drawdown, will receive a CCF of 100%.

                Added: October 2018

              • CA-15.4.11

                The following transaction-related contingent items — performance bonds, bid bonds, warranties and standby letters of credit related to particular transactions, receive a CCF of 50%.

                Added: October 2018

              • CA-15.4.12

                Note issuance facilities (NIFs), and revolving underwriting facilities (RUFs) receive a CCF of 50%.

                Added: October 2018

              • CA-15.4.13

                A 40% CCF will be applied to commitments, regardless of the maturity of the underlying facility, unless they qualify for a lower CCF.

                Added: October 2018

              • CA-15.4.14

                A 20% CCF will be applied to both the issuing and confirming banks of short-term38 self-liquidating trade letters of credit arising from the movement of goods (e.g. documentary credits collateralised by the underlying shipment).

                Added: October 2018

                38 That is, with a maturity below one year. For further details see Basel Committee on Banking Supervision, Treatment of trade finance under the Basel capital framework, October 2011, www.bis.org/publ/bcbs205.pdf.

              • CA-15.4.15

                A 10% CCF will be applied to commitments that are unconditionally cancellable at any time by the bank without prior notice, or that effectively provide for automatic cancellation due to deterioration in a borrower's creditworthiness.

                Added: October 2018

              • CA-15.4.16

                The CBB shall evaluate various factors in the jurisdiction, which may constrain banks' ability to cancel the commitment in practice, and consider applying a higher CCF to certain commitments as appropriate.

                Added: October 2018

              • CA-15.4.17

                Where there is an undertaking to provide a commitment on an off-balance sheet item, banks are to apply the lower of the two applicable CCFs.39

                Added: October 2018

                39 For example, if a bank has a commitment to open short-term self-liquidating trade letters of credit arising from the movement of goods, a 20% CCF will be applied (instead of a 40% CCF); and if a bank has an unconditionally cancellable commitment to issue direct credit substitutes, a 10% CCF will be applied (instead of a 100% CCF).

              • CA-15.4.18

                All off-balance sheet securitisation exposures, except an eligible liquidity facility or an eligible servicer cash advance facility as set out in Paragraphs CA-6.4.18 and CA-6.4.20 of this Module, receive a CCF of 100% conversion factor. All eligible liquidity facilities receive a CCF of 50%. Undrawn servicer cash advances or facilities that are unconditionally cancellable without prior notice are eligible for a 10% CCF.

                Added: October 2018

          • CA-15.5 CA-15.5 Effective Date and Transitional Arrangements

            • CA-15.5.1

              Bahraini Conventional Bank Licensees shall implement the requirements of this Module with effect from 30th June 2019. Quarterly reporting of leverage ratio to the CBB and in public disclosures shall commence with reference to the quarter ending on 30th June 2019.

              Added: October 2018

          • CA-15.6 CA-15.6 Additional Requirements

            • CA-15.6.1

              A higher ratio may be required for any Bahraini conventional bank licensee if warranted by its risk profile or circumstances. The CBB may use stress testing as a complementing tool to adjust the leverage ratio requirement at the macro- and/or individual Bahraini conventional bank licensee-level.

              Added: October 2018

            • CA-15.6.2

              The leverage ratio can be used for both micro- and macro prudential surveillance; for example, as a macro prudential tool, a consistent leverage ratio can be applied for all Bahraini conventional bank licensees as an indicator for monitoring vulnerability. As a micro prudential tool, it can be used as a trigger for increased surveillance or capital requirements for specific licensees under the supervisory review process.

              Added: October 2018

          • CA-15.7 CA-15.7 Gearing

            • CA-15.7.1

              The content of this Section is applicable to all retail branches of foreign banks.

              Amended: October 2022
              Added: October 2018

            • Measurement

              • CA-15.7.2

                The gearing ratio is measured as the ratio of deposit liabilities against the bank's capital and reserves. Deposit liabilities includes ‘deposits from banks’ (excluding deposits from head office) and ‘deposits from non-banks’ as reported in Section A Balance Sheet of the PIR. Capital and reserves refers to the aggregate amount of the capital items reported in Section A Balance Sheet of the PIR i.e. ‘total capital items’.

                Amended: October 2022
                Added: October 2018

              • CA-15.7.3

                [This Paragraph was deleted in October 2022].

                Deleted: October 2022
                Added: October 2018

              • CA-15.7.4

                [This Paragraph was deleted in October 2022]

                Deleted: October 2022
                Added: October 2018

              • CA-15.7.5

                [This Paragraph was deleted in October 2022]

                Deleted: October 2022
                Added: October 2018

            • Gearing Limit

              • CA-15.7.6

                Deposit liabilities must not exceed 20 times the respective bank's capital and reserves at all times (i.e. capital and reserves must be 5% or above of the deposit liabilities).

                Amended: October 2022
                Added: October 2018

        • CA-16 CA-16 Prudent Valuation Guidance

          • CA-16.1 CA-16.1 Prudent Valuation Guidance

            • CA-16.1.1

              This Section provides conventional bank licensees with guidance on prudent valuation for positions that are accounted for at fair value, whether they are in the trading book or in the banking book. This guidance is especially important for positions without actual market prices or observable inputs to valuation, as well as less liquid positions which, although they will not be excluded from the trading book solely on grounds of lesser liquidity, raise supervisory concerns about prudent valuation. The valuation guidance set forth below is not intended to require conventional bank licensees to change valuation procedures for financial reporting purposes. The CBB will assess a conventional bank licensee's valuation procedures for consistency with this guidance. One factor in the CBB's assessment of whether a conventional bank licensee must take a valuation adjustment for regulatory purposes under Paragraphs CA-16.1.11A to CA-16.1.13 is the degree of consistency between the conventional bank licensee's valuation procedures and these guidelines.

              January 2015

            • CA-16.1.2

              A framework for prudent valuation practices must at a minimum include the following:

              January 2015

            • Systems and Controls

              • CA-16.1.3

                Conventional bank licensees must establish and maintain adequate systems and controls sufficient to give management and CBB the confidence that their valuation estimates are prudent and reliable. These systems must be integrated with other risk management systems within the organisation (such as credit analysis). Such systems must include:

                (a) Documented policies and procedures for the process of valuation. This includes clearly defined responsibilities of the various areas involved in the determination of the valuation, sources of market information and review of their appropriateness, guidelines for the use of unobservable inputs reflecting the conventional bank licensee's assumptions of what market participants would use in pricing position, frequency of independent valuation, timing of closing prices, procedures for adjusting valuations, end of the month and ad-hoc verification procedures; and
                (b) Clear and independent (i.e. independent of front office) reporting lines for the department accountable for the valuation process. The reporting line must ultimately be to a main board executive director.
                January 2015

            • Valuation Methodologies

              • Marking to Market

                • CA-16.1.4

                  Marking-to-market is at least the daily valuation of positions at readily available close out prices that are sourced independently. Examples of readily available close out prices include exchange prices, screen prices, or quotes from several independent reputable brokers.

                  January 2015

                • CA-16.1.5

                  Conventional bank licensees must mark-to-market as much as possible. The more prudent side of bid/offer must be used unless the institution is a significant market maker in a particular position type and it can close out at mid-market. Conventional bank licensees must maximise the use of relevant observable inputs and minimise the use of unobservable inputs when estimating fair value using a valuation technique. However, observable inputs or transactions may not be relevant, such as in a forced liquidation or distressed sale, or transactions may not be observable, such as when markets are inactive. In such cases, the observable data must be considered, but may not be determinative.

                  January 2015

              • Marking to Model

                • CA-16.1.6

                  Only where marking-to-market is not possible must conventional bank licensees mark-to-model, but this must be demonstrated to be prudent. Marking-to-model is defined as any valuation which has to be benchmarked, extrapolated or otherwise calculated from a market input.

                  January 2015

                • CA-16.1.7

                  When marking to model, an extra degree of conservatism is appropriate. The CBB will consider the following in assessing whether a mark-to-model valuation is prudent:

                  (a) Senior management should be aware of the elements of the trading book or of other fair-valued positions which are subject to mark to model and should understand the materiality of the uncertainty this creates in the reporting of the risk/performance of the business;
                  (b) Market inputs should be sourced, to the extent possible, in line with market prices (as discussed above). The appropriateness of the market inputs for the particular position being valued should be reviewed regularly;
                  (c) Where available, generally accepted valuation methodologies for particular products should be used as far as possible;
                  (d) Where the model is developed by the institution itself, it should be based on appropriate assumptions, which have been assessed and challenged by suitably qualified parties independent of the development process. The model should be developed or approved independently of the front office. It should be independently tested. This includes validating the mathematics, the assumptions and the software implementation;
                  (e) There should be formal change control procedures in place and a secure copy of the model should be held and periodically used to check valuations;
                  (f) Risk management should be aware of the weaknesses of the models used and how best to reflect those in the valuation output;
                  (g) The model should be subject to periodic review to determine the accuracy of its performance (e.g. assessing continued appropriateness of the assumptions, analysis of P&L versus risk factors, comparison of actual close out values to model outputs); and
                  (h) Valuation adjustments should be made as appropriate, for example, to cover the uncertainty of the model valuation (see also valuation adjustments in Paragraphs CA-16.1.10 to CA-16.1.13).
                  January 2015

              • Independent Price Verification

                • CA-16.1.8

                  Independent price verification is distinct from daily mark-to-market. It is the process by which market prices or model inputs are regularly verified for accuracy. While daily marking-to-market may be performed by dealers, verification of market prices or model inputs must be performed by a unit independent of the dealing room, at least monthly (or, depending on the nature of the market/trading activity, more frequently). It need not be performed as frequently as daily mark-to-market, since the objective, i.e. independent, marking of positions, should reveal any error or bias in pricing, which should result in the elimination of inaccurate daily marks.

                  January 2015

                • CA-16.1.9

                  Independent price verification entails a higher standard of accuracy in that the market prices or model inputs are used to determine profit and loss figures, whereas daily marks are used primarily for management reporting in between reporting dates. For independent price verification, where pricing sources are more subjective, e.g. only one available broker quote, prudent measures such as valuation adjustments may be appropriate.

                  January 2015

              • Valuation Adjustments

                • CA-16.1.10

                  As part of their procedures for marking to market, conventional bank licensees must establish and maintain procedures for considering valuation adjustments. Conventional bank licensees using third-party valuations must consider whether valuation adjustments are necessary. Such considerations are also necessary when marking to model.

                  January 2015

                • CA-16.1.11

                  The CBB requires the following valuation adjustments/reserves to be formally considered at a minimum: unearned credit spreads, close-out costs, operational risks, early termination, investing and funding costs, and future administrative costs and, where appropriate, model risk.

                  January 2015

              • Adjustment to the Current Valuation of Less Liquid Positions for Regulatory Capital Purposes

                • CA-16.1.11A

                  Conventional bank licensees must establish and maintain procedures for judging the necessity of and calculating an adjustment to the current valuation of less liquid positions for regulatory capital purposes. This adjustment may be in addition to any changes to the value of the position required for financial reporting purposes and must be designed to reflect the illiquidity of the position. The CBB requires conventional bank licensees to consider the need for an adjustment to a position's valuation to reflect current illiquidity whether the position is marked to market using market prices or observable inputs, third-party valuations or marked to model.

                  January 2015

                • CA-16.1.11B

                  'Less liquid positions' would generally involve positions in OTC financial instruments or commodities which are not listed or which are not traded through a central counterparties (such as NYSE Euronext or Chicago Mercantile Exchange) or which do not have readily available secondary market prices or observable inputs to valuation.

                  January 2015

            • CA-16.1.12

              Bearing in mind that the assumptions made about liquidity in the market risk capital charge may not be consistent with the conventional bank licensee's ability to sell or hedge out less liquid positions, where appropriate, conventional bank licensees must take an adjustment to the current valuation of these positions, and review their continued appropriateness on an on-going basis. Reduced liquidity may have arisen from market events. Additionally, close-out prices for concentrated positions and/or stale positions must be considered in establishing the adjustment. Conventional bank licensees must consider all relevant factors when determining the appropriateness of the adjustment for less liquid positions. These factors may include, but are not limited to, the amount of time it would take to hedge out the position/risks within the position, the average volatility of bid/offer spreads, the availability of independent market quotes (number and identity of market makers), the average and volatility of trading volumes (including trading volumes during periods of market stress), market concentrations, the aging of positions, the extent to which valuation relies on marking-to-model, and the impact of other model risks not included in Paragraph CA-16.1.11A.

              January 2015

            • CA-16.1.12A

              For complex products including, but not limited to, securitisation exposures and n-th-to-default credit derivatives, conventional bank licensees must explicitly assess the need for valuation adjustments to reflect two forms of model risk: the model risk associated with using a possibly incorrect valuation methodology; and the risk associated with using unobservable (and possibly incorrect) calibration parameters in the valuation model.

              January 2015

            • CA-16.1.13

              The adjustment to the current valuation of less liquid positions made under Paragraph CA-16.1.12 must impact Tier 1 regulatory capital and may exceed those valuation adjustments made under financial reporting standards and Paragraphs CA-16.1.10 and CA-16.1.11.

              January 2015

    • CM Credit Risk Management (Effective June 2022)

      • CM-A CM-A Introduction

        • CM-A.1 CM-A.1 Purpose

          • Executive Summary

            • CM-A.1.1

              The purpose of this Module is to provide the Central Bank of Bahrain’s (CBB’s) Directive concerning requirements relevant to the key elements of a sound credit risk management system which it expects conventional bank licensees to observe.

              Added: June 2022

            • CM-A.1.2

              This Module must be read in conjunction with other parts of the Rulebook, mainly:

              (a) High-level Controls;
              (b) Capital Adequacy;
              (c) Liquidity Risk;
              (d) Operational Risk;
              (e) Interest Rate Risk in the Banking Book;
              (f) Reputational Risk;
              (g) Credit Risk;
              (h) Stress Testing; and
              (i) Internal Capital Adequacy Assessment Process (‘ICAAP’).
              Added: June 2022

          • Legal Basis

            • CM-A.1.3

              This Module contains the CBB’s Directive (as amended from time-to-time) relating to credit risk management in conventional bank licensees and is issued under powers available to the CBB under Article 38 of the of the Central Bank of Bahrain and Financial Institutions Law (Decree No. 64 of 2006) (“CBB Law”). This Module is applicable to all conventional bank licensees. Branches of foreign bank licensees shall comply with the requirements in this Module unless stated otherwise under relevant paragraphs of the Module.

              Added: June 2022

            • CM-A.1.4

              For an explanation of the CBB’s rule-making powers and different regulatory instruments, see Section UG-1.1.

              Added: June 2022

        • CM-A.2 CM-A.2 Module History

          • CM-A.2.1

            This Module was first issued in July 2004. Changes made subsequently to this Module are annotated with the calendar quarter date in which the change was made as detailed in the table below. Chapter UG 3 provides further details on Rulebook maintenance and version control.

            Added: June 2022

          • CM-A.2.2

            Summary of Changes

            Module Ref. Change Date Description of Changes
            CM 8 1/1/2005 Revised Consumer Finance Limits.
            CMA-2 1/1/2005 Revised Key Requirements to reflect CM 8 above.
            CM 8.3 1/7/2005 Revised definition of 'consumer loan'.
            CM 3.2 1/10/2005 Role of internal audit becomes a rule.
            CM 8.4 1/10/2005 Clarifications re non-compliant facilities.
            CM-A.1 10/2007 New Rule CM-A.1.3 introduced, categorising this Module as a Directive.
            CM-5 10/2007 New Requirement to follow the ‘Code of Best practice on Consumer Credit and Charging’.
            CM-1.2 10/2007 Membership of CRB.
            CM-3.1 04/2008 Guidance concerning material interest as shareholder for write-offs.
            CM-5.6 04/2008 New Refund and prepayment requirements.
            CM-2.7 10/2009 New reporting arrangements for exposures of connected counterparties.
            CM-2.7 01/2010 Revised reference for LE reporting.
            CM-A.1.3 01/2011 Clarified legal basis.
            CM-5 01/2011 Changes made to incorporate Basel Core Principle 5 and new large exposure requirements along with a consistency alignment of Volume One and Volume Two.
            CM-A.1.1, CM-A.2.4 04/2011 Corrected typo.
            CM-2.3.1(c), CM-2.6.1 04/2011 Corrected cross reference.
            CM 07/2011 Various minor amendments to clarify Rules and have consistent language.
            CM-2.5.9 07/2011 Amended the definition of connected counterparties.
            CM-5.5.9 and CM-5.5.10 10/2011 Corrected elements of APR formula.
            CM-5.5.12 10/2011 Paragraph deleted as it does not reflect current practice on residual interest.
            CM-2.5.1.E 01/2012 Amended definition of qualifying holdings.
            CM-2.6 01/2012 Clarified and amended the Rules on temporary exposures.
            CM-2.10.3 01/2012 Clarified the Rule on future increases in qualifying holdings.
            CM-5.4.9 01/2012 Changed Rule to Guidance.
            CM-2.6.2 04/2012 Clarified Rules on temporary exposures.
            CM-A.2.8 07/2012 Updated reference to Bahrain Association of Banks.
            CM-2.5.6 07/2012 Clarified the definition of 'controlling interest'.
            CM-2.5.7A 07/2012 CBB prior approval required for excess over limits to connected counterparties.
            CM-2.5.9 07/2012 Minor correction.
            CM-2.10.3 07/2012 Amendment made to be in line with updated definition of qualifying holdings.
            CM-5.5.4 07/2012 Minor typo corrected.
            CM-5.5 10/2012 This Section was deleted and requirements are now included in Section BC-4.3.
            CM-A.2.10 01/2013 Clarified Rule related to the write-off of a credit facility.
            CM-2.5.11 07/2013 Clarified Rule on the amount that must be deducted from the capital base where exposure exceeds the limit stipulated.
            CM-5.6.2 07/2013 Clarified the type of mortgages on which the CBB imposes a ceiling on early repayment fees and/or charges.
            CM-1.2.4 10/2013 Amended to reflect the expanded scope of activities of the Credit Reference Bureau and the membership requirements.
            CM-5.4.4 10/2013 Updated reference to Eskan Bank to reflect new name.
            CM-1.2.4 01/2014 Clarified Rule to apply to credit facilities to residents in Bahrain.
            CM-A.2, CM-4.3 and CM-5 04/2014 Added cross references and corrected terminology to link to Glossary terms.
            CM-6.1 04/2014 Clarified Rules on staff loans.
            CM-5.2.4 04/2014 Reference updated for the code of best practice on consumer credit and charging.
            CM-2.10.2A 07/2014 Added a guidance Paragraph to clarify the treatment of investments in commercial entities which are otherwise not connected to the bank.
            CM-A.2 and CM-5 01/2015 Corrected to be aligned with updated requirements under Module CA.
            CM-2.3.2 01/2015 Added reference to transactions subject to the Regulation on close-out netting under a market contract.
            CM-2.5.1B 01/2015 Corrected cross reference.
            CM-2.5.1E 04/2015 Deleted cross reference as not applicable.
            CM-2.6.2B and CM-2.10.10 04/2015 Corrected reference to consolidated Total Capital to be in line with Module CA.
            CM-2.7.1 04/2015 Added reference to Appendix BR-19 for reporting the financial details of each large exposure.
            CM-2.10.3 04/2015 Clarified language on the treatment of significant investments over the thresholds outlined in Paragraph CA-2.4.25.
            CM-2.7.1, CM-2.7.1A and CM-2.7.1B 07/2015 Clarified the reporting requirements of exposures.
            CM-2.5.11 10/2015 Clarified limits on large exposures.
            CM-3.1 10/2015 Amended Rules on write-offs.
            CM-2.5.1E 10/2016 Amended definition of major investment.
            CM-2.5.3 10/2016 Added “Limits to Significant Investments” new Section reference.
            CM-2.10.2 10/2016 Major investments defined.
            CM-2.10.2A 10/2016 Paragraph moved to CM-5.11.4.
            CM-2.10.3 10/2016 Amended and split into CM-5.10.3 A, B, C & D.
            CM-2.10.3D 10/2016 Amended Rule.
            CM-2.10.6 10/2016 Moved to new section 5.11.
            CM-2.10.7 10/2016 Moved to new section 5.11.
            CM-2.10.8 10/2016 Moved to new section 5.11.
            CM-2.10.10 10/2016 Amended 'Acquisitions' to be 'Investments'.
            CM-2.11 10/2016 New Section 'Limits on Significant Investments'.
            CM-3.1.1 10/2016 Amended the Write-offs Section.
            CM-5.4.5 10/2016 Amendments to clarify the Rule.
            CM-A2.2A
            CM-2.5.3A
            01/2017 Added a new requirement on Large Exposures.
            CM-2.5.5A
            CM-2.5.9B
            01/2017 Added Paragraphs on closely related counterparties and connected counterparties.
            CM-4.5 07/2017 Added new Section on 'Country and Transfer Risks'.
            CM-8.6.2 04/2018 Deleted Paragraph on "Early Repayment Fees/Charges".
            CM-8.4.10 10/2019 Amended Paragraph on non-compliant facilities.
            CM-5.6.2D 01/2020 Amended Paragraph on approval of the banks policies and procedures.
            CM-1.2.6 07/2020 Added a new Paragraph on CRB members requirements.
            CM-1.2.7 07/2020 Added a new Paragraph on compliance with CBB Law.
            Full Module CM 07/2021 Revised CM Module to incorporate various changes in qualitative requirements in line with Basel Committee on Banking Supervision standards and best practices
            CM-5.4.9 01/2022 Amended Paragraph on submission of technically non-compliant facilities report.
            CM-6.1.1 01/2022 Deleted Paragraph.
            CM-6.1.2 01/2022 Amended Paragraph.
            CM-6.1.3 01/2022 Deleted Paragraph.
            CM-6.1.4 01/2022 Deleted Paragraph.
            CM-1.2.29 10/2022 Amended Paragraph on CBB’s prior approval of country and transfer risks policy.
            CM-1.8.5 10/2022 Amended Paragraph on submission and CBB review of ECL recognition policy statement.
            CM-2.5.9 10/2022 Amended Paragraph on large exposure policy statement.
            CM-2.6.2 10/2022 Amended Paragraph on exempt exposures to parties not connected to the Bank.
            CM-2.8.1 10/2022 Amended Paragraph on submission of large exposure policy statement to CBB for approval.
            CM-1.8.22A 01/2023 Added a new Paragraph on the recognition of credit default guarantees provided by Tamkeen.
            CM-1.10 01/2023 Deleted Section on Provisions against Sovereign Debt.
            CM-4.1.3(d) 01/2023 Amended reference.
            CM-5.3.1 01/2023 Added a new Sub-paragraph on the excluded credit facilities from consumer finance requirements.
            CM-1.8.10 04/2023 Amended Paragraph on the identification of Non-performing Exposures.
            CM-1.8.15 04/2023 Amended Paragraph on re-categorisation of non-performing exposures as performing.
            CM-1.8.15A 04/2023 Added a new Paragraph on re-categorisation.
            CM-1.8.18A 04/2023 Added a new Paragraph on Re-categorisation of Non-performing Exposures as Performing requirements.
            CM-1.8.27 04/2023 Amended Paragraph on restructured accounts.
            CM-6 04/2023 Added a new Appendix CM-6 on re-categorisation of exposures.

          • Effective Date

            • CM-A.2.3

              The requirements in this amended Module are effective from 30th June 2022 on which date the existing Module CM will become redundant and any exemptions allowed under the existing Module will be subject to grandfathering requirements with the approval of CBB.

              Added: June 2022

      • CM-1 CM-1 Credit Risk Management Requirements

        • CM-1.1 CM-1.1 Overview

          • CM-1.1.1

            Credit risk is the likelihood that a counterparty of the licensee will not meet its obligations in accordance with the agreed terms. The magnitude of the credit risk depends on the likelihood of default by the counterparty, and on the potential value of the licensee's contracts with the customer at the time of default. Credit risk largely arises in assets shown on the balance sheet, but it can also show-up off the balance sheet in a variety of contingent obligations.

            Added: June 2022

          • CM-1.1.2

            The effective management of credit risk is a critical component of a comprehensive approach to risk management and is essential to the long-term success of any banking organisation.

            Added: June 2022

          • CM-1.1.3

            The lack of continuous loan supervision and effective internal controls, or the failure to identify abuse and fraud are also sources of risk. The overall lending policy of the licensee should be monitored by a Credit Committee, composed of officers with adequate seniority and experience.

            Added: June 2022

          • CM-1.1.4

            Although specific credit risk management practices may differ among banks depending upon the nature and complexity of their credit activities, a comprehensive credit risk management program shall specifically address the following areas (i) establishing an appropriate credit risk environment; (ii) operating under a sound credit granting process; (iii) maintaining an appropriate credit administration, measurement and monitoring process; and (iv) ensuring adequate controls over credit risk. These practices should also be applied in conjunction with sound practices related to the assessment of asset quality, the adequacy of provisions and reserves, and the disclosure of credit risk.

            Added: June 2022

        • CM-1.2 CM-1.2 Credit Risk Management Framework

          • CM-1.2.1

            Conventional bank licensees must establish a credit risk management unit (CRMU) within their organisational structure which will be responsible for identification, assessment, measurement, monitoring and controlling of credit risk inherent in the entire credit portfolios, as well as credit risk in individual credit exposures. The credit risk management framework must consider the relationship between credit risk and other risks.

            Added: June 2022

          • CM-1.2.2

            The CRMU must be independent and must ensure that it undertakes the credit risk management activities with no influence from business functions responsible for credit underwriting.

            Added: June 2022

          • CM-1.2.3

            The CRMU should not have management or financial responsibility related to credit operational business line or revenue generating functions.

            Added: June 2022

          • The Role of the Board of Directors

            • CM-1.2.4

              The Board of Directors of the conventional bank licensee is responsible for ensuring that the licensee has an effective CRMU and for approving and regularly reviewing, at least every two years, its credit risk policies, credit risk appetite and limits framework. Amendments made to such documents must also be approved by the Board. The Board may delegate some of its functions, such as approval of policies, amendments to policies and periodic reviews to a designated Board committee.

              Added: June 2022

            • CM-1.2.5

              Effective credit risk management is imperative to optimise the licensee’s risk-adjusted rate of return by maintaining credit risk exposure within acceptable parameters. A risk appetite statement is a written articulation of the aggregated level and types of risk exposures that the licensee will accept, or avoid, in order to achieve its business objectives.

              Added: June 2022

            • CM-1.2.6

              The Board must ensure that the credit risk policies cover all activities of the conventional bank licensee in which it incurs credit risk. The Board must also determine that the licensee’s capital level is adequate for the risks assumed throughout the entire organisation or group.

              Added: June 2022

            • CM-1.2.7

              The credit risk policy must document the licensee’s willingness to grant credit based on exposure type (commercial, consumer, real estate etc.), economic sector, geographical location, product, currency, maturity and anticipated profitability. This might also include the identification of target markets and the overall characteristics that the conventional bank licensee would want to achieve in its credit portfolio (including levels of diversification and concentration tolerances).

              Added: June 2022

            • CM-1.2.8

              The Board must ensure that the credit risk appetite framework delineates the delegated powers, lines of responsibility and accountability over credit risk management decisions, and must clearly define authorised instruments, hedging strategies and risk-taking opportunities.

              Added: June 2022

            • CM-1.2.9

              The Board must assess whether the conventional bank licensee is operating within the boundaries of the credit risk appetite and limits framework approved by the Board.

              Added: June 2022

            • CM-1.2.10

              The Board must ensure that it receives adequate management information reports and exception reports to meet its oversight requirements to monitor adherence to the licensee’s risk tolerance/appetite/limits. The Board must regularly evaluate whether it is receiving the right balance of detail and quantitative versus qualitative information.

              Added: June 2022

            • CM-1.2.11

              The Board must approve the structure in which the conventional bank licensee will organise its credit-granting functions, including independent review of the credit granting process and the overall portfolio.

              Added: June 2022

            • CM-1.2.12

              For branches of foreign bank licensees where no Board/Audit Committee exists, all references to the Board/Audit Committee should be interpreted as the Group Chief Risk Officer or equivalent person who has direct access or reports to the Board or Audit Committee of the parent bank, unless alternative structures that satisfy the primary objectives of such oversight are in place.

              Added: June 2022

          • The Role of the Senior Management

            • CM-1.2.13

              Senior management of the conventional bank licensee is responsible for developing, implementing and approving sound credit risk procedures in accordance with credit risk policies approved by the Board.

              Added: June 2022

            • CM-1.2.14

              Senior management must determine that the staff involved in any credit relationship, whether established or new, basic or complex, have the necessary knowledge, skill sets, experience and are fully capable of ensuring the relationship meets the highest standards and in compliance with the licensee’s policies and procedures.

              Added: June 2022

            • CM-1.2.15

              Senior management must ensure that risk monitoring systems are in place for effectively undertaking the activities of credit risk management.

              Added: June 2022

          • Credit Risk Policy and Procedures

            • CM-1.2.16

              A properly documented credit risk policy is an essential element of, and a prerequisite for, the credit risk management process. Consistent with the Board's objectives, it assists licensee’s management in the maintenance of proper credit standards and the avoidance of unnecessary risks. Additionally, periodic internal assessment should be undertaken by the internal audit. In the case of branches of foreign banks, the credit policy, limits and the procedures are normally those that are approved by the Head Office/Regional Office.

              Added: June 2022

            • CM-1.2.17

              Senior management, based on the approved credit risk policy, must develop credit risk procedures for identifying, measuring, monitoring and controlling credit risk. The procedures must address credit risk in all of the conventional bank licensee’s activities, and at both the individual credit and portfolio levels.

              Added: June 2022

            • CM-1.2.18

              Explicit guidelines in the credit risk policy provide the basis for effective credit risk management. A sound credit risk policy should consider which types of credit products and borrowers the licensee is looking for, and the underwriting standards the licensee will utilize.

              Added: June 2022

            • CM-1.2.19

              Conventional bank licensee’s credit risk framework must address all credit and credit risk related activities throughout the credit lifecycle covering matters of significance including, but not limited to:

              (a) Organisation and reporting structure of the credit risk function/activities;
              (b) Delegation of authority;
              (c) Role of credit committee and Board risk committee;
              (d) Designated markets and products;
              (e) Credit limit framework;
              (f) Desirable pricing levels and criteria;
              (g) Policy on country and transfer risks;
              (h) Credit granting criteria and authorisation procedures for the advancement of credit, including exceptions to set criteria and limits;
              (i) Credit risk analysis, reviews and credit risk ratings;
              (j) Assessment of concentration;
              (k) Large exposure policy;
              (l) Lending to connected counterparties;
              (m) Problem credit identification, remediation and administration;
              (n) Policies and procedures on write-offs and recoveries;
              (o) Monitoring and reporting.
              Added: June 2022

            • CM-1.2.20

              Conventional bank licensees must operate within sound, well-defined credit-granting criteria. These criteria must include a clear indication of the licensee’s target market and a thorough understanding of the borrower or counterparty, as well as the purpose and structure of the credit and its source of repayment. In addition, the criteria must set out who is eligible for credit and for how much, what types of credit are available, and under what terms and conditions the credit may be granted.

              Added: June 2022

            • CM-1.2.21

              In the case of branches of foreign bank licensees, the credit policies, credit limits and the procedures are those that are approved by the Head Office/Regional office.

              Added: June 2022

          • Effectiveness of Internal Control System

            • CM-1.2.22

              An effective internal control system for credit risk assessment and measurement is essential to enable senior management to carry out its duties. An effective internal control system must include:

              (a) Measures to comply with applicable laws, regulations and internal policies and procedures;
              (b) Measures to provide oversight of the integrity of information used and to reasonably ensure that the allowances reflected in the licensee’s financial statements and its supervisory reports are prepared in accordance with the applicable accounting framework and relevant supervisory guidance;
              (c) Well-defined credit risk assessment and measurement processes that are independent from (while taking appropriate account of) the lending function and include:
              (i) An effective credit risk rating/ scoring system that is consistently applied, accurately grades differing credit risk characteristics, identifies changes in credit risk on a timely basis, and prompts appropriate action;
              (ii) An effective process which ensures that all relevant/reasonable and supportable information, including forward-looking information, is appropriately considered in assessing and measuring expected credit loss (‘ECL’). This includes maintaining appropriate reports, details of reviews performed and identification and descriptions of the roles and responsibilities of the personnel involved;
              (iii) An assessment policy that ensures ECL measurement occurs not just at the individual lending exposure level, but also when necessary to appropriately measure ECL at the collective portfolio level by grouping exposures based on identified shared credit risk characteristics;
              (iv) An effective model validation process to ensure that the credit risk assessment and measurement models, including ECL models, are able to generate accurate, consistent and unbiased predictive estimates on an ongoing basis. This includes establishing policies and procedures which set out the accountability and reporting structure of the model validation process, internal standards for assessing and approving changes to the models and reporting of the outcome of the model validation (see also Paragraph CM-1.4.10);
              (v) Clear formal communication and coordination among the licensee’s credit risk staff, financial reporting staff, senior management, the Board and others who are involved in the credit risk assessment and measurement process for an ECL accounting framework, as applicable (e.g. evidenced by written policies and procedures, management reports and committee minutes); and
              (d) An internal audit function that independently evaluates the effectiveness of the licensee’s credit risk management framework, and in particular, assessment and measurement systems, models and processes, including the credit risk rating system. Refer to HC-6.5.
              Added: June 2022

            • CM-1.2.23

              Conventional bank licensees must ensure that the credit risk policy establishes the objectives that guide the licensee’s credit-granting activities.

              Added: June 2022

            • CM-1.2.24

              The credit risk policy must give recognition to the goals of credit quality, earnings quality and sustainability and growth. Conventional bank licensees, regardless of their size, must determine the acceptable risk/reward trade-off for their activities, factoring in the cost of capital.

              Added: June 2022

            • CM-1.2.25

              The credit risk appetite/limits framework of conventional bank licensees must take into consideration the cyclical aspects of the economy and the resulting shifts in the composition and quality of the overall credit portfolio. The credit granting criteria must be periodically assessed and amended and it must be viable in the long-run and through various economic cycles. The credit risk procedures must be reviewed at least once every three years or more frequently as may be necessary if there are changes in internal or regulatory requirements.

              Added: June 2022

            • CM-1.2.26

              The credit granting criteria must be designed and implemented within the context of internal and external factors, such as the licensee’s market position, trade area, staff capabilities and technology.

              Added: June 2022

            • CM-1.2.27

              Conventional bank licensees must have a clearly defined credit risk appetite statement which is implemented through comprehensive policies and procedures for limiting and controlling credit risk. Conventional bank licensees must also establish credit limits in a meaningful manner for different types of exposures, both on and off-balance sheet.

              Added: June 2022

            • CM-1.2.28

              Bahraini conventional bank licensees must consider the results of stress testing in the overall limit setting and monitoring process. Such stress testing must take into consideration economic cycles, interest rates and other market movements and liquidity conditions.

              Added: June 2022

          • Country and Transfer Risks

            • CM-1.2.29

              Conventional bank licensees must set out their policy on country and transfer risks within their Board approved credit risk policy. Such policy must include:

              (a) the risk appetite/tolerance levels for country and transfer risks;
              (b) country exposure limits;
              (c) basis and frequency for periodic reviews and assessments;
              (d) the criteria for downgrading a country exposure from Stage 1 to Stages 2 or 3, and related provisioning policy; and
              (e) the policy for recategorization of exposure to a higher grade.
              Amended: October 2022
              Added: June 2022

            • CM-1.2.30

              Country risk is the exposure to a loss in cross-border lending, caused by events in the country to which the licensee has exposure and includes all forms of lending whether to the government, a bank, a private enterprise or an individual. Country risk is therefore a broader concept than sovereign risk, which is restricted to the risk of lending to the government of a sovereign nation. Transfer risk, on the other hand, represents the risk of loss due to repatriation or remittance restrictions imposed by a foreign government that make it impossible to remit, fully or partially, the proceeds of debt owed to the licensee.

              Added: June 2022

            • CM-1.2.31

              In the case of exposure to borrowers, conventional bank licensees must examine any associated country and transfer risks keeping in view factors such as domicile of the counterparty, the legal structure of the counterparty, the existence of special purpose vehicles, conduits and/ or other related factors that may affect the transferability of proceeds of repayment.

              Added: June 2022

            • CM-1.2.32

              Branches of foreign bank licensees must satisfy the CBB that equivalent arrangements are in place at the parent entity level, otherwise a policy is required in line with Paragraph CM-1.2.28.

              Added: June 2022

            • CM-1.2.33

              Branches of foreign bank licensees are normally subject to country limits that are set at a global level by the head office or by the regional office. The branch should be able to demonstrate that it is subject to limits imposed on it by the head office or regional office as appropriate.

              Added: June 2022

        • CM-1.3 CM-1.3 Credit Granting

          • CM-1.3.1

            The limits framework must ensure that the granting of credit exceeding certain predetermined levels receives prompt management attention. An appropriate limit system must assist the management in initiating discussion about opportunities and risks, in controlling credit risk exposures and monitoring actual risk taking against predetermined credit risk tolerances.

            Added: June 2022

          • CM-1.3.2

            Conventional bank licensees must receive sufficient information to enable a comprehensive assessment of the true risk profile of the borrower or counterparty. Depending on the type of credit exposure and the nature of the credit relationship to date, the factors to be considered and documented in approving credits must include:

            (a) The purpose of the credit and sources of repayment;
            (b) The current risk profile (including the nature and aggregate amounts of risks) of the borrower or counterparty and collateral and its sensitivity to economic and market developments;
            (c) The borrower’s repayment history and current capacity to repay, based on historical financial trends and future cash flow projections, under various scenarios;
            (d) For commercial credits, the borrower’s business expertise and the status of the borrower’s economic sector and its position within that sector;
            (e) The proposed terms and conditions of the credit, including covenants designed to limit changes in the future risk profile of the borrower;
            (f) The legal structure of the entity to which credit is granted and any associated implications; and
            (g) Where applicable, the adequacy and enforceability of collateral or guarantees, including under various scenarios.
            Added: June 2022

          • CM-1.3.3

            Conventional bank licensees need to understand to whom they are granting credit. As such, prior to entering into any new credit relationship, the licensee must become familiar with the borrower or counterparty and be confident that they are dealing with an individual or organisation of sound repute and creditworthiness. In particular, strict policies must be in place to avoid association with individuals involved in fraudulent activities and other crimes.

            Added: June 2022

          • CM-1.3.4

            Conventional bank licensees must perform their due diligence at the solo entity level to which there is a credit exposure. In evaluating the repayment capacity of the solo entity, licensees can take into account the support of the group and also the potential for the solo entity to be adversely impacted by problems in the group.

            Added: June 2022

          • CM-1.3.5

            In considering potential credit, conventional bank licensees must recognise the necessity of establishing provisions for identified and expected losses and hold adequate capital to absorb unexpected losses. The licensee must factor these considerations into credit-granting decisions, as well as into the overall portfolio risk management process.

            Added: June 2022

          • CM-1.3.6

            Where actual or potential conflicts of interest exist within the conventional bank licensee, internal confidentiality arrangements (e.g. ‘Chinese walls’) must be established and maintained to ensure that there is no hindrance to the licensee in obtaining all relevant information from the borrower.

            Added: June 2022

          • CM-1.3.7

            In order to maintain a sound credit portfolio, conventional bank licensee must have an established formal transaction evaluation and approval process for the granting of credit. Approvals must be made in accordance with the licensee’s written guidelines and granted by the appropriate level of management. There must be a clear audit trail documenting that the approval process was complied with and identifying the individual(s) and/or committee(s) providing input, as well as making the credit decision. Conventional bank licensees must invest in appropriate credit decision making tools and resources so that they are able to make sound credit decisions consistent with their credit risk strategy and meet competitive time, pricing and structuring pressures.

            Added: June 2022

          • CM-1.3.8

            Each credit proposal must be subject to careful analysis by an experienced credit analyst with expertise commensurate with the size and complexity of the transaction. An effective evaluation process establishes minimum requirements for the information on which the analysis is to be based.

            Added: June 2022

          • CM-1.3.9

            Conventional bank licensees must have in place a Board approved policy regarding the information and documentation needed to approve new credits, renew existing credits and/or change the terms and conditions of previously approved credits. The information received will be the basis for any internal evaluation or rating assigned to the credit, and its accuracy and adequacy is critical to the management making appropriate judgments about the acceptability of the credit.

            Added: June 2022

          • CM-1.3.10

            Credit risk officers must have the experience, knowledge and background to exercise prudent judgment in assessing, approving and managing credit risks. The licensee’s credit-granting approval process must establish accountability for decisions taken and designate who has the final or ultimate authority to approve credits or changes in credit terms.

            Added: June 2022

          • CM-1.3.11

            All extensions of credit must be made on an arm’s-length basis. In particular, credits to connected counterparties must be authorised only under exceptional circumstances. Such credits must be monitored with particular care and other appropriate steps taken to control or mitigate the risks of non-arm’s length lending.

            Added: June 2022

          • CM-1.3.12

            Transactions with connected counterparties must be subject to the approval of the Board of Directors (excluding Board members with conflict of interest).

            Added: June 2022

          • Credit Reference Requirements

            • CM-1.3.13

              Conventional bank licensees which provide credit facilities to natural and legal persons in Bahrain must become members of the Bahrain Credit Reference Bureau (‘BCRB’). All enquiries for new or additional credit facilities in Bahrain must be submitted to the BCRB. BCRB members must meet the following requirements and incorporate them into their policies and procedures:

              (a) Establish an electronic monitoring system to detect, monitor and maintain records and a log of all access to BCRB data by the BCRB member’s employees;
              (b) Conduct a monthly internal audit on the access logs to identify unauthorised access to BCRB data by any employee without securing customer consent and report to the CBB any observed violation of Article 68 (bis (2)) of CBB Law;
              (c) Require the sign off of a BCRB member’s designated employee on their legal obligations concerning the confidentiality of BCRB data and that any violation of Article 68 (bis (2)) of CBB Law would subject them to an enforcement action in accordance with CBB Law; and
              (d) Cover compliance with the above requirements in the performance appraisal of relevant employees.
              Added: June 2022

            • CM-1.3.14

              Failure to comply with Article 68 (bis (2)) of the CBB Law and Paragraph CM-1.3.13 may result in an enforcement action taken against the BCRB member, as well as the relevant employee in accordance with CBB Law. Additionally, all BCRB members must abide by the agreed Code of Practice of the BCRB (see Appendix CM-3). Any breaches to the code will be subject to enforcement action by the CBB.

              Added: June 2022

          • Name-lending

            • CM-1.3.15

              Conventional bank licensees must avoid providing finance to counterparties without collateral or without adequate credit risk analysis performed on the basis of reliable audited financial statements to properly analyse the obligor’s ability to repay.

              Added: June 2022

            • CM-1.3.16

              Some licensees indulge in ‘name-lending’ which refers to the practice of lending to businesses and individuals merely on the basis of their ‘name’ or ‘reputation’ in the market. In such instances, the licensee, typically, does not receive audited financial statements and other relevant information to conduct a proper credit risk analysis, nor does it receive collateral to support the credit granting decision. The CBB prohibits licensees from engaging in such activities in order to minimise their credit risk and reputational risk.

              Added: June 2022

        • CM-1.4 CM-1.4 Credit Risk Measurement and Monitoring

          • CM-1.4.1

            Conventional bank licensees must have methodologies that enable them to quantify the risk involved in exposures to individual borrowers or counterparties. Conventional bank licensees must also be able to analyse credit risk at the product and portfolio level, in order to identify any particular sensitivities or concentrations. The measurement of credit risk must take account of the following:

            (a) The specific nature of the credit and its contractual and financial conditions (maturity, reference rate, etc.);
            (b) The exposure profile until maturity in relation to potential market movements;
            (c) The existence of collateral or guarantees; and
            (d) The potential for default based on the internal risk rating.

            The analysis of credit risk data must be undertaken at an appropriate frequency, with the results reviewed against relevant limits.

            Added: June 2022

          • CM-1.4.2

            Conventional bank licensees must use measurement techniques that are appropriate to the complexity and level of the risks involved in their activities, based on robust data and subject to periodic validation.

            Added: June 2022

          • CM-1.4.3

            Conventional bank licensees must monitor actual exposures against established limits. It is important that licensees have an MIS in place to ensure that exposures approaching risk limits are brought to the attention of senior management. All exposures must be included in a risk limit measurement system. Conventional bank licensee’s information system must be able to aggregate credit exposures to individual borrowers and counterparties and report on exceptions to credit risk limits in a meaningful way and on a timely basis.

            Added: June 2022

          • CM-1.4.4

            Conventional bank licensees must take into consideration potential future changes in economic conditions when assessing individual credits and their credit portfolios and must assess their credit risk exposures under stressful conditions.

            Added: June 2022

          • CM-1.4.5

            An important element of sound credit risk management involves discussing what could potentially go wrong with individual credits and within the various credit portfolios and factoring this information into the analysis of the adequacy of capital and provisions. The supervisory guidance on accounting for expected credit losses has been provided in Section CM-1.8.

            Added: June 2022

          • Credit Rating /Scoring

            • CM-1.4.6

              Conventional bank licensees must have in place a Board approved policy to develop, review and implement an internal risk rating system. Such a system must be able to assign a credit risk rating or scoring to obligors that accurately reflects the obligors’ risk profile and likelihood of loss.

              Added: June 2022

            • CM-1.4.7

              Conventional bank licensees must assign risk ratings or scoring in a consistent manner to enable the licensee to classify obligors by risk ratings or scoring and have a clearer understanding of the overall risk profile of its portfolio. The licensee’s credit risk policy must define the various risk grades of its rating system. Criteria for assigning risk grades and the circumstances under which deviations from the criteria are permitted must be set. The credit risk policy must also define the roles of different parties involved in the rating process.

              Added: June 2022

            • CM-1.4.8

              The credit risk rating/scoring process must appropriately group credit exposures on the basis of shared credit risk characteristics.

              Added: June 2022

            • CM-1.4.9

              Conventional bank licensees’ credit exposures must be grouped according to shared credit risk characteristics, so that changes in the level of credit risk respond to the impact of changing conditions on a common range of credit risk drivers. This includes considering the effect on the group’s credit risk in response to changes in forward-looking information, including macroeconomic factors. The licensee must review the appropriateness of the grouping implemented upon initial recognition based on similar credit risk characteristics, at regular intervals, at least annually, to ensure that the relevant characteristics and their impact on the level of credit risk of the different groupings have not changed over time.

              Added: June 2022

            • CM-1.4.10

              Conventional bank licensees must validate their risk rating or scoring system and ascertain its applicability to their portfolio prior to implementation. An external independent party, other than the external auditor, with necessary expertise in model validation, must conduct the validation of the risk rating/scoring and ECL models every three years and upon development of the model, and also when there are material changes to the portfolio, rating/scoring model or model parameters (See also Paragraph CM-1.2.22 (c)).

              Added: June 2022

            • CM-1.4.11

              Conventional bank licensees that use a judgmental rating or scoring system must ensure that each rating is unique, well-defined and distinct from other ratings in the rating scale. The relevant risk factors and weights employed in the rating/scoring methodology must be appropriate for the risk profile of the obligors in different market segments, such as corporations, small and medium-sized enterprises (‘SMEs’), and financial institutions.

              Added: June 2022

            • CM-1.4.12

              Risk ratings must be assigned at the inception of lending and updated at least on an annual basis. Additionally, conventional bank licensee must review the ratings or scoring as and when adverse events occur. Risk ratings or risk scores assigned to various obligors must be reviewed by the licensee’s personnel that are independent of those involved in loan origination. As part of its portfolio monitoring, the licensee must generate reports on credit exposures by risk rating/scores. Trend and migration analysis between risk ratings /scores must also be conducted to detect changes in the credit quality of the portfolio.

              Added: June 2022

            • CM-1.4.13

              The licensee may establish target limits for risk grades to highlight concentration in particular rating bands. The analysis of the portfolio by risk ratings is meaningful only when the licensee’s rating or scoring system is able to consistently assign similar ratings or scores to obligors with similar risk profiles.

              Added: June 2022

            • CM-1.4.14

              After the credit facility has been granted, its performance must be monitored at regular intervals. This includes an appropriate periodic review of financial statements, a reassessment of collateral and update of appraisals, and attentive monitoring of conditions in the borrower's industry. Credit supervision constitutes the first line of detection of difficulties and provides the licensee with an opportunity to address problems before losses are sustained. The loan review must ensure that the credit files are complete and that all loan approvals and other necessary documents relating to the obligor are available.

              Added: June 2022

            • CM-1.4.15

              Conventional bank licensees must perform regular credit reviews. The purpose of a credit review is to verify that credits are granted in accordance with the licensee’s credit risk policy and to provide an independent judgment of asset quality. Conventional bank licensees must conduct credit reviews with updated information on the obligor’s financial and business conditions, as well as the conduct of the account. Exceptions noted must be evaluated for impact on the obligor’s creditworthiness.

              Added: June 2022

            • CM-1.4.16

              Credit reviews must also be conducted on a consolidated group basis to factor in the business connections among connected entities. The performance of the underlying assets in the case of securitisation exposures must also be included in the credit reviews.

              Added: June 2022

            • CM-1.4.17

              Credit reviews must be performed and documented at least once a year other than for facilities subject to collective assessments. For Stage 2 and 3 accounts (See Paragraph CM-1.8.23), however, more frequent reviews must be conducted. Procedures must also be instituted to ensure that reviews are conducted at the appropriate frequency. A process to approve deferment of credit reviews must also be put in place. For consumer loans, annual credit reviews of individual obligors are only needed if significant and a portfolio analysis does not identify credit risk related issues or problems. However, credit exceptions and deterioration must be monitored and reported.

              Added: June 2022

          • Credit risk stress testing

            • CM-1.4.18

              Stress testing must involve identifying possible events or future changes in economic and other conditions that could have unfavourable effects on the conventional bank licensee’s credit exposures and assessing its ability to withstand such changes. Three areas that the licensee could usefully examine are: (i) economic or industry downturns; (ii) market risk events; and (iii) liquidity conditions. Stress testing can range from relatively simple alterations in assumptions about one or more financial, structural or economic variables, to the use of highly sophisticated financial models.

              Added: June 2022

            • CM-1.4.19

              Stress tests are to be performed by adjusting the parameters and then recalculating credit losses, for example:

              (a) Unfavourable changes (increases/decreases, depending on portfolio composition) in the underlying interest rate by a certain number of basis points; and
              (b) Unfavourable changes (increases/decreases, depending on portfolio composition) in crucial exchange rates by a certain percentage.
              Added: June 2022

            • CM-1.4.20

              In undertaking credit risk stress tests, licensees should consider counterparty-based and credit facility-based risk factors and scenarios that help estimate credit losses after modelling a change in probability of default (‘PD’) and/or loss given default (‘LGD’) or exposure at default (‘EAD’). Stress testing programmes should consider:

              (a) The inclusion of the licensee’s individual credit portfolio composition and compile a list of the credit products in use;
              (b) Identify the decisive risk factors for each individual credit product and develop a basis for prioritising the factors by relevance and to group those risk factors which influence each other strongly under normal conditions or in crisis situations for the development of stress tests;
              (c) Analyse the prevailing social, economic, and political conditions and filter as many potential crisis situations as possible and relevant;
              (d) Use of in-house as well as external expertise, as appropriate, and ensure that the stress tests attain the necessary level acceptance.
              Added: June 2022

            • CM-1.4.21

              The approaches towards modelling stress tests include the following elements considered individually and on a combined basis as appropriate and with varying severity:

              (a) Downgrading all borrowers by one rating class;
              (b) Increasing default probabilities by a certain percentage;
              (c) Increasing LGD by a certain percentage;
              (d) Increasing EAD by a certain percentage for variable credit products (justification: customers are likely to utilize credit lines more heavily in crisis situations, for example);
              (e) Assumption of negative credit spread developments (e.g. parallel shifts in term structures of interest rates) for bonds;
              (f) Modelling of input factors (e.g. balance sheet indicators).
              Added: June 2022

            • CM-1.4.22

              Additionally, the impact of macroeconomic risk factors such as fluctuations in interest rates and/or exchange rates etc. on the following illustrative general conditions may be considered:

              (a) Stress tests for specific industries or regions;
              (b) Downgrading all borrowers in one or more crisis-affected industries; and
              (c) Downgrading all borrowers in one or more crisis-affected regions.
              Added: June 2022

            • CM-1.4.23

              If the licensee uses risk models (such as credit portfolio models or credit pricing models), it is necessary to perform stress tests which show whether the assumptions underlying the risk models will also be fulfilled in crisis situations. Only then will the models be able to provide the appropriate guidance in crisis situations.

              Added: June 2022

            • CM-1.4.24

              Conventional bank licensees should also examine political risk factors when significant parts of the credit portfolio consist of borrowers from politically unstable countries. Due to the complex interrelationships involved, however, developing plausible stress tests for political risk factors involves far more effort than designing tests for macroeconomic risk factors. It is, therefore, advisable to call in specialists to develop stress tests for political risk factors in order to assess the relevant effects on financial and macroeconomic conditions.

              Added: June 2022

            • CM-1.4.25

              The output of the stress tests must be reviewed periodically by senior management and appropriate action taken in cases where the results exceed agreed tolerances. The output must also be incorporated into the process for assigning and updating policy and limits.

              Added: June 2022

            • CM-1.4.26

              Conventional bank licensees must attempt to identify the types of situations, such as economic downturns, both in the whole economy or in particular sectors, higher than expected levels of delinquencies and defaults, or the combinations of credit and market events that could produce substantial losses or liquidity problems.

              Added: June 2022

        • CM-1.5 CM-1.5 Credit Administration and Collateral Management

          • CM-1.5.1

            Conventional bank licensees must have in place a system for the ongoing administration of their various credit risk exposures.

            Added: June 2022

          • CM-1.5.2

            In developing their credit administration areas, conventional bank licensees must ensure:

            (a) The efficiency and effectiveness of credit administration operations, including monitoring documentation, contractual requirements, legal covenants, collateral etc.;
            (b) The accuracy and timeliness of information provided in management information systems (‘MIS’);
            (c) Adequate segregation of duties;
            (d) The adequacy of controls over all ‘back office’ procedures; and
            (e) Compliance with prescribed policy and procedures, as well as applicable laws and regulations.
            Added: June 2022

          • CM-1.5.3

            For the various components of credit administration to function appropriately, senior management must understand and demonstrate that it recognises the importance of this element of monitoring and controlling credit risk.

            Added: June 2022

          • CM-1.5.4

            The credit files must include all information necessary to ascertain the current financial condition of the borrower or counterparty, as well as sufficient information to track the decisions made and the history of the credit. For example, the credit files must include current financial statements, financial analyses and internal rating documentation, internal memoranda, reference letters and appraisals.

            Added: June 2022

          • CM-1.5.5

            Conventional bank licensees must develop and implement comprehensive procedures and information systems to monitor the condition of individual credits and single obligors across the licensee’s various portfolios. These procedures need to define the criteria for identifying and reporting potential problem credits and other transactions to ensure that they are subject to more frequent monitoring, as well as possible corrective action, classification and/or provisioning.

            Added: June 2022

          • Collateral Requirements

            • CM-1.5.6

              When the loan decision is primarily based on collateral value, independent and timely appraisals of the collateral by a third party valuation expert must be undertaken, and the licensee must ensure that the collateral value is sufficiently higher than the exposure amount.

              Added: June 2022

            • CM-1.5.7

              The requirement in Paragraph CM-1.5.6 shall not apply to publicly traded instruments that are provided as collateral for which daily fair value is available from independent sources.

              Added: June 2022

            • CM-1.5.8

              Conventional bank licensees can utilise the transaction structure, collateral and guarantees to help mitigate risks (both identified and inherent) in individual credits, but transactions must be entered into primarily on the strength of the borrower’s repayment capacity. Collateral cannot be a substitute for a comprehensive assessment of the borrower or counterparty, nor can it compensate for insufficient information. It must be recognised that any credit enforcement action (e.g. foreclosure proceedings) can eliminate the profit margin on the transaction. In addition, conventional bank licensees need to be mindful that the value of collateral may well be impaired by the factors that have led to the diminished recoverability of the credit. Conventional bank licensees must have a policy covering the acceptability of various forms of collateral, procedures for the ongoing valuation of such collateral, and a process to ensure that the collateral is, and continues to be, enforceable and realisable. With regard to guarantees, conventional bank licensees must evaluate the level of coverage being provided in relation to the credit-quality and legal capacity of the guarantor. Licensees must be careful when making assumptions about implied support from third parties, such as the government.

              Added: June 2022

            • CM-1.5.9

              The value of the collateral must be updated periodically. In adverse market conditions and in the case of collateral that support Stage 2 and 3 credit exposures, the valuations must be conducted at least annually. If the exposure is backed by inventory or goods located in the obligor’s premises, additional measures must be in place to physically inspect and verify the existence and valuation of the collateral.

              Added: June 2022

            • CM-1.5.10

              Since expected credit loss (ECL) provisions are dependent on the recoverable value of collateral held, conventional bank licensees must obtain appropriate valuations of the collateral. The licensee must have a reliable and timely collateral valuation system which must include factors such as the legal enforceability of claims on collateral, ease of realisation of collateral, effects of currency and maturity mismatches, and be based on current market conditions.

              Added: June 2022

        • CM-1.6 CM-1.6 Non-Performing Loans Management

          • CM-1.6.1

            Conventional bank licensees must ensure that their credit policy contains policy on non-performing loans (‘NPLs’). Such policy must outline the approach they would take to deal with NPLs in line with the Board approved risk appetite framework including tolerance levels for NPLs for different portfolios. Responsibility for such credit must be assigned to a specialised workout section.

            Added: June 2022

          • CM-1.6.2

            To formulate and execute a fit-for-purpose policy on NPLs, conventional bank licensees must complete an assessment of the following elements as a minimum:

            (a) The internal capabilities to effectively manage, i.e. maximise recoveries and reduce NPLs over a defined time horizon;
            (b) The external conditions and operating environment; and
            (c) The capital implications of NPLs
            Added: June 2022

          • CM-1.6.3

            Conventional bank licensees must include, at a minimum, clearly defined quantitative targets for NPLs (where relevant, including targets for foreclosed assets), which must be approved by the senior management. The combination of these targets must lead to a concrete reduction, gross and net (of provisions), of NPL exposures, at least in the medium-term.

            Added: June 2022

          • CM-1.6.4

            While expectations about changes in macroeconomic conditions can play a role in determining target levels (if based on reliable external forecasts), they should not be the sole driver for the established NPL reduction targets. Targets should be established at least along the following dimensions:

            (a) By time horizons, i.e. short-term (indicative 1 year), medium-term (indicative 3 years) and possibly long-term;
            (b) By main portfolios (e.g. retail mortgage, retail consumer, retail small businesses and professionals, SMEs, large corporates and commercial real estate);
            (c) By implementation option chosen to drive the projected reduction, e.g. cash recoveries from hold strategy, collateral repossessions, recoveries from legal proceedings, revenues from sale of NPLs or write-offs.
            Added: June 2022

          • CM-1.6.5

            When the NPL levels exceed the thresholds under the Board approved Risk Appetite Framework, the conventional bank licensee must develop an NPL operational plan which clearly defines how the licensee will effectively reduce the level of NPLs over a time horizon of at least 1 to 3 years (depending on the type of operational measures required).

            Added: June 2022

          • CM-1.6.6

            Conventional bank licensees must fully understand and examine:

            (a) Scale and drivers of the NPL problem:
            (i) The size and evolution of NPL portfolio on an appropriate level of granularity, which requires appropriate portfolio classification as outlined in Section 1.8;
            (ii) The drivers of NPL in-flows and out-flows, by portfolio where relevant; and
            (iii) Other potential correlations and causations.
            (b) Outcomes of NPL actions taken in the past:
            (i) Types and nature of actions implemented, including forbearance measures; and
            (ii) The success of the implementation of those activities and related drivers, including the effectiveness of forbearance treatments.
            (c) Operational capacities (processes, tools, data quality, IT/automation, staff/expertise, decision-making, internal policies, and any other relevant areas for the implementation of the strategy) for the different process steps involved, including, but not limited to:
            (i) Early warning and detection/recognition of NPLs;
            (ii) Forbearance;
            (iii) Provisioning;
            (iv) Collateral valuations;
            (v) Recovery/legal process/foreclosure;
            (vi) Management of foreclosed assets (if relevant); and
            (vii) Reporting and monitoring of NPLs and effectiveness of NPL workout solutions.
            Added: June 2022

          • Capital Implications of NPLs

            • CM-1.6.7

              Capital levels and their projected trends are important inputs towards determining the scope of NPL reduction actions available to licensees. Conventional bank licensees should dynamically model the capital implications of the different elements of their policy on NPLs, ideally under different economic scenarios. Those implications should also be considered in conjunction with the risk appetite framework as well as the internal capital adequacy assessment process (‘ICAAP’).

              Added: June 2022

            • CM-1.6.8

              Where capital buffers are slim and profitability low, conventional bank licensees must include suitable actions in their capital planning, ICAAP and recovery plans which will enable effective management and sustainable clean-up of NPLs.

              Added: June 2022

            • CM-1.6.9

              Conventional bank licensees should also identify medium and long-term options for NPL reductions.

              Added: June 2022

            • CM-1.6.10

              A strong level of monitoring and oversight by risk management function in respect of the formulation and implementation of the NPL strategy (including the NPL operational plan) must also be ensured.

              Added: June 2022

            • CM-1.6.11

              Conventional bank licensees must write-off loans which are deemed to be uncollectable in a timely manner.

              Added: June 2022

        • CM-1.7 CM-1.7 Credit Risk Reporting

          • CM-1.7.1

            Conventional bank licensees must have an effective MIS that captures all on and off-balance sheet credit exposures.

            Added: June 2022

          • CM-1.7.2

            The MIS must enable the senior management to identify any concentrations of risk within the credit portfolio.

            Added: June 2022

          • CM-1.7.3

            The MIS must comprehensively cover reporting of NPLs, including but not limited to the following:

            (a) NPL related KPIs and performance against the KPIs;
            (b) Forbearance activity levels;
            (c) Early warning indicators;
            (d) Liquidation, foreclosure, provisions for impairment and write offs; and
            (e) Risk adjusted returns and capital implications.
            Added: June 2022

          • CM-1.7.4

            The MIS must be able to aggregate all such credit exposures to a single borrower and also aggregate exposures to groups of accounts under common ownership or control. This data must be aggregated in an accurate and timely manner and monitored as part of the licensee’s credit risk management process.

            Added: June 2022

          • CM-1.7.5

            The MIS must provide the Board and senior management with timely and forward-looking information on credit risk management to support them in identifying emerging concerns on credit risk as well as in managing credit stress events. The MIS must be fit for the purpose of supporting the licensee’s day-to-day monitoring of compliance with established policies, procedures and limits.

            Added: June 2022

          • CM-1.7.6

            Risk management reports must be accurate and precise to ensure that conventional bank licensees’ Board and senior management can rely, with confidence, on the aggregated information to make critical decisions about risk.

            Added: June 2022

          • CM-1.7.7

            To ensure the accuracy of the reports, conventional bank licensees must maintain, at a minimum, the following:

            (a) Defined requirements and processes to reconcile reports to risk data;
            (b) Automated and manual edit and reasonableness checks, including an inventory of the validation rules that are applied to quantitative information. The inventory must include explanations of the conventions used to describe any mathematical or logical relationships that must be verified through these validations or checks; and
            (c) Integrated procedures for identifying, reporting and explaining data errors or weaknesses in data integrity via exception reports.
            Added: June 2022

          • CM-1.7.8

            Risk management reports to the Board and senior management must provide a forward-looking assessment of risk and must not just rely on current and past data. The reports must contain forecasts or scenarios for key market variables and the effects on the licensee, so as to inform the Board and senior management of the likely trajectory of the licensee’s capital and risk profile in the future.

            Added: June 2022

          • CM-1.7.9

            Conventional bank licensees must develop an inventory and classification of risk data items which includes a reference to the concepts used to elaborate the reports.

            Added: June 2022

          • CM-1.7.10

            The credit risk reports must be clear and useful. Reports must reflect an appropriate balance between detailed data, qualitative discussion, explanation and recommended conclusions. Interpretation and explanations of the data, including observed trends, must be clear.

            Added: June 2022

          • CM-1.7.11

            Conventional bank licensees must confirm periodically with the recipients that the information aggregated and reported is relevant and appropriate, in terms of both quantity and quality, to the governance and decision-making process.

            Added: June 2022

          • CM-1.7.12

            Conventional bank licensees must assess, periodically, the purpose of each report, adequacy of the scope of the information in the reporting and MIS and set requirements for how quickly the reports need to be produced in both normal and stress/crisis situations. The licensee must routinely test its ability to produce accurate reports within established timeframes, particularly in stress/crisis situations.

            Added: June 2022

        • CM-1.8 CM-1.8 Classification and Provisioning

          • CM-1.8.1

            The objective of this section is to set out the requirements and supervisory guidance on the assessment and measurement of expected credit losses and allowances (together referred to as ‘ECL’). The supervisory guidance is intended to supplement the guidance under the applicable accounting framework and, where relevant, ensure consistency in application of definitions and other areas of estimates and judgment that are expected to be common across the banking sector. The term ‘allowances’ includes allowances/provisions on loans, loan commitments, financial guarantees and similar contracts.

            Added: June 2022

          • CM-1.8.2

            In applying these instructions, conventional bank licensees must make sure that consistent accounting policies are applied at group level including subsidiaries and branches outside Bahrain. If the supervisory and accounting standards applied at the licensee’s outside branches or subsidiaries (such as NPL norms) are in conflict with these instructions, the licensee must notify CBB accordingly.

            Added: June 2022

          • Governance

            • CM-1.8.3

              Conventional bank licensees’ Board of Directors (or equivalent) and senior management are responsible for ensuring that the licensee has appropriate credit risk practices, including an effective system of internal control, to consistently determine adequate ECL in accordance with the licensee’s stated policies and procedures, the applicable accounting framework and relevant supervisory guidance.

              Added: June 2022

            • CM-1.8.4

              Conventional bank licensees must adopt, document and adhere to sound policies, procedures and controls for assessing and measuring ECL on all lending exposures. The measurement of allowances must build upon those robust methodologies and result in the appropriate and timely recognition of ECL in accordance with the applicable accounting framework.

              Added: June 2022

            • CM-1.8.5

              Conventional bank licensees must have in place a detailed and clear policy statement pertaining to ECL recognition. The policy statement must be approved by the Board of Directors, including at the time of any periodic changes. The policy statement must be comprehensive and must include, but not be limited to, the following components:

              (a) Definition of default (including consideration of cross defaults and restructured/renegotiated/rescheduled facilities in such assessment);
              (b) Portfolio segmentation, detailing the level at which PD and LGD will be measured;
              (c) For collectively evaluated exposures, a description of the basis for creating groups of portfolios with shared credit risk characteristics;
              (d) Qualitative and quantitative staging criteria, including criteria for qualifying as low credit risk assets and triggers for both forward and backward transition between Stages 1 to 3 (CM-1.8.24);
              (e) Source of internal data sets, minimum period of internal data repository and when external data sets will be used as reliable proxies in assessment of required impairment allowances;
              (f) Identify and document the ECL assessment and measurement methods (such as a loss rate method, PD/LGD modelling methods, prepayment and cure rate models or any another method) to be applied to each exposure, segment or portfolio;
              (g) Methodology for conversion from through-the-cycle (‘TTC’) to point-in-time (‘PIT’) PDs and variables considered for making forward-looking adjustments to PIT PDs, including use of macroeconomic factors;
              (h) Determine the extent to which the value of collateral and other credit risk mitigants will be used for LGD calculations (including the use of liquidation haircuts and, where available, forecasting of collateral values);
              (i) Policy for specific cash shortfall assessment for Stage 3 accounts (NPL provisions);
              (j) Document the methods and frequency used to validate models for ECL measurement (e.g. back tests, quantitative and qualitative validation tests). Models, input data and systems used to develop PD, LGD and other components of ECL must be subject to internal and external validation as required under CM-1.4.10; and
              (k) Include a process for evaluating the appropriateness of significant inputs and assumptions in the ECL assessment and measurement method chosen. It is expected that the basis for inputs and assumptions used in the estimation process will generally be consistent from period-to-period. Where the basis of use of inputs and assumptions changes, the rationale must be documented.
              Amended: October 2022
              Added: June 2022

          • Definition of Default / Impairment

            • CM-1.8.6

              Default for the purpose of this Module and impairment in the context of credit risk exposure of an obligor as per IFRS 9 is considered to have occurred with regard to a particular obligor when either or both of the following events have taken place:

              (a) The licensee considers that the obligor is unlikely to pay its credit obligations in full (i.e. principal, interest, fees or any other amount), without taking actions such as realising security (if held).
              (b) The obligor is past due for 90 days or more on any credit obligation to the licensee. In case of overdrafts, the customer will be considered as being past due once an advised limit has been breached or the customer has been advised of a limit smaller than the current outstanding amount.
              Added: June 2022

            • CM-1.8.7

              The elements to be taken as indications of unlikeliness to pay must include, but not be limited to, the following:

              (a) The licensee puts the interest on the credit obligation on non-accrual status;
              (b) The licensee makes a charge-off or account-specific provision resulting from a significant perceived decline in credit quality subsequent to the licensee taking on the exposure;
              (c) The licensee sells the credit obligation at a material credit-related economic loss;
              (d) The licensee consents to a distressed restructuring of the credit obligation where this is likely to result in a diminished financial obligation caused by the material forgiveness, or postponement, of repayment instalments;
              (e) The licensee has filed for the obligor’s bankruptcy or a similar order in respect of the obligor’s credit obligation to the licensee; or
              (f) The obligor has sought or has been placed in bankruptcy or similar protection where this would avoid, or delay, repayment of the credit obligation to the licensee.
              Added: June 2022

            • CM-1.8.8

              For the purpose of CM-1.8.7, distressed restructuring refers to situations when a licensee grants a concession that it would not otherwise consider, irrespective of whether the concession is at the discretion of the licensee or otherwise. Forgiveness means reduction in repayment amount or interest. Postponement could include grace periods or changes in instalments leading to delayed maturity.

              Added: June 2022

          • Identification of Non-performing Exposures

            • CM-1.8.9

              Non-performing exposures must always be categorised for the whole exposure, including when non-performance relates to only a part of the exposure, for instance, unpaid interest. For off-balance sheet exposures, such as loan commitments or financial guarantees, the whole exposure is the entire uncancellable nominal amount. All non-performing exposures will be classified as Stage 3 for the purpose of ECL calculations.

              Added: June 2022

            • CM-1.8.10

              The following exposures are considered as non-performing:

              (a) All exposures, including purchased or originated credit impaired (POCI), that are in default or impaired under Paragraph CM-1.8.6, where applicable;
              (b) All exposures that have experienced a downward adjustment to their valuation due to deterioration of their creditworthiness and classified as Stage 3 according to the applicable accounting framework;
              (c) [This Subparagraph was deleted in April 2023]; and
              (d) All other exposures that are not in default or impaired but nevertheless:
              (i) Relate to a counterparty that has other exposures that are past due for 90 days or more; and
              (ii) Where there is evidence that full repayment based on the contractual terms, original or, when applicable, modified (e.g. repayment of principal and interest) is unlikely without the licensee’s realisation of collateral, whether or not the exposure is current and regardless of the number of days the exposure is past due.
              Amended: April 2023
              Added: June 2022

            • CM-1.8.11

              The existence of collateral or guarantees must have no direct influence on the categorisation of an exposure as non-performing or its past due status, including the counting of past-due days and the determination of the exposure as non-performing, once the overdue days threshold has been met. However, conventional bank licensees may consider the collateral when assessing a borrower’s economic incentive (both positive and negative) to repay under the unlikeliness to repay criteria. Any recourse by the licensee must not be considered in this judgment. When the relevant criteria are met, the exposure must be categorised as non-performing even if the collateral value exceeds the amount of the past-due exposure.

              Added: June 2022

            • CM-1.8.12

              The classification of an exposure as non-performing must be applied as follows:

              (a) When any one of the material exposures to a non-retail counterparty is categorised as non-performing, all exposures to that counterparty must be categorised as non-performing (i.e. cross-default across obligor);
              (b) In the case of exposures to a retail counterparty, the definition of default may be applied at the level of a particular facility rather than at the level of the obligor. This would be appropriate when the licensee considers the risk of each product and source of repayments having different characteristics for each transaction. In the case of a retail counterparty with more than one exposure from the licensee, it must consider the non-performing or performing status of the other exposures when deciding about the status of a given exposure; and
              (c) In the case of exposures to a group, non-performing status can be applied at the counterparty level. This assumes that the licensee has a separate credit review and rating assigned for each counterparty within the group. At the same time, the licensee must consider the non-performing or performing status of the other group entities when deciding about the status of any of the group entities.
              Added: June 2022

            • CM-1.8.13

              For the purpose of CM-1.8.12 (a), where a single facility which represents 25% or more of the aggregate exposure to the obligor is non-performing a cross default is deemed to have occurred and, accordingly, all exposures to that obligor will be considered non-performing.

              Added: June 2022

            • CM-1.8.14

              With reference to Sub-Paragraph CM-1.8.12 (b), however, a default by a borrower on one retail obligation may not require the licensee to treat all other obligations to the licensee as defaulted and non-performing. In these cases, conventional bank licensees must carefully consider the categorisation and staging status of other exposures to the same counterparty (i.e. cross-product default). For example, if a customer has a retail personal loan and an auto loan with the licensee, a default on the personal loan must be considered when assessing the stage classification of the auto loan.

              Added: June 2022

          • Re-categorisation of Non-performing Exposures as Performing

            • CM-1.8.15

              A Stage 3 exposure can be moved to Stage 2 or Stage 1 when all the following criteria are met simultaneously:

              (a) The counterparty does not have any exposures that are past due for 90 days or more (see also Paragraph CM-1.8.6);
              (b) Repayments have been made when due in accordance with Appendix CM-6.
              However, if the repayments are not clearly reflective of improvement in the counterparty’s financial position, a longer re-payment history or higher number of instalments must be assessed by the licensee before re-categorisation of the exposure to a ‘performing’ status;
              (c) The counterparty’s financial situation has improved so that the full repayment of the exposure is likely, according to the original or, when applicable, modified conditions. This must usually require a credit review process that evaluates the borrower’s current capacity to repay, clarity on the source of cash flow available for debt repayments, improvements in the level of indebtedness and compliance with various debt covenants imposed by the licensee. Repayments through liquidation or enforcement of collateral is generally not considered as an improvement in the financial health of the borrower; and
              (d) The exposure is not considered to be in ‘default’ or ‘impaired’ according to the applicable accounting and risk management frameworks.
              Amended: April 2023
              Added: June 2022

            • CM-1.8.15A

              Stage 2 exposures can be moved to Stage 1 after the cooling-off period, specified in Appendix CM-6, has passed and the counterparty’s financial situation indicates it to be equivalent to that of a ‘very low credit risk’ exposure.

              Added: April 2023

            • CM-1.8.16

              Conventional bank licensee must clearly articulate and document policies in respect of the counting of days past due, in particular in respect of the re-ageing of the facilities and the granting of extensions, deferrals, renewals and rewrites to existing accounts. At a minimum, the re-ageing policy must include:

              (a) Approval authorities and reporting requirements;
              (b) Minimum age of a facility before it is eligible for re-ageing;
              (c) Delinquency levels of facilities that are eligible for re-ageing;
              (d) Maximum number of re-ageing allowed per facility; and
              (e) A reassessment of the borrower’s capacity to repay.
              Added: June 2022

            • CM-1.8.17

              For the purpose of CM-1.8.16, re-aging occurs when the licensee changes the tenor or due dates of the credit when rescheduling or restructuring a facility.

              Added: June 2022

            • CM-1.8.18

              Non-performing exposures in the following situations must not be re-categorised as performing without meeting the conditions set forth in CM-1.8.15:

              (a) Partial write-off of an existing non-performing exposure (i.e. when the licensee writes-off part of a non-performing exposure that it deems to be uncollectible);
              (b) Repossession of collateral on a non-performing exposure; or
              (c) Extension or granting of forbearance measures to an exposure that is already identified as non-performing.

              The re-categorisation of a non-performing exposure as performing must be made on the same level (i.e. obligor or transaction approach) as when the exposure was originally categorised as non-performing.

              Added: June 2022

            • CM-1.8.18A

              Non-performing POCI exposures may be re-categorised as performing subject to meeting the conditions stipulated in Paragraphs CM-1.8.15 to CM-1.8.18.

              Added: April 2023

            • CM-1.8.19

              Conventional bank licensees must have the necessary tools to ensure a robust estimate and timely recognition of ECL. Information on historical loss experience or the impact of current conditions may not fully reflect the credit risk in lending exposures. In this context, the licensee must use its experienced credit judgment to thoroughly incorporate the expected impact of all reasonable and supportable forward-looking information, including macroeconomic factors, on its estimate of ECL. The licensee’s use of its experienced credit judgment must be documented in the licensee’s credit risk methodology and subject to appropriate oversight.

              Added: June 2022

            • CM-1.8.20

              Applying the concepts of ECL could vary for each licensee depending on its underwriting criteria, loss history, terms of collateral and a number of other variables, both entity-specific and external. Reasonable and supportable information will not present itself, but would rather require management to determine what is relevant and practical, without undue costs or efforts, to actively gather, analyse and process to make required credit risk assessments to support the ECL process. Licensees will need to adopt an appropriate risk assessment methodology which is commensurate with the size, complexity, structure, economic significance and risk profile of their portfolio. This means that, in general, the larger and more complex a portfolio or institution, the more its risk infrastructure should capture relevant and reliable information and trends that would support the development of a sophisticated approach to determine a risk based ECL. Conversely, for smaller and simpler portfolios or institutions, a less sophisticated approach may be adopted to align with the risk management infrastructure and processes within the licensee.

              Added: June 2022

            • CM-1.8.21

              Regardless of the size of the licensee or prominence of the portfolio, the approach adopted by the licensee should comply with the specific requirements of this section and applicable accounting standards. It is not necessary that every licensee or every portfolio within the bank would apply the same level of sophistication. However, licensees will need to periodically assess whether their approach continues to be appropriate and relevant in light of changing circumstances with the aim of improving its level of estimation over time.

              Added: June 2022

          • Measurement Requirements

            • CM-1.8.22

              The credit impairment assessment under IFRS 9 is based on an expected loss approach, i.e. it is not necessary for a loss event to occur before an ECL is recognised. As a result, all financial assets are generally expected to attract an ECL. For the purpose of Section CM 1.8, any direct credit exposures to the government of Bahrain (or exposures explicitly guaranteed by the government of Bahrain) are exempted from the application of the expected credit loss model.

              Added: June 2022

            • CM-1.8.22A

              For the purpose of Section CM-1.8, the portion of the exposure that is explicitly guaranteed by Tamkeen is exempted from the application of the expected credit loss model.

              Added: January 2023

            • CM-1.8.23

              IFRS 9 requires a three-stage approach to recognise and measure ECL at each reporting date, which is based on changes observed in credit quality of financial assets since origination. The standards prescribe two measures of ECL to be carried by licensees:

              (a) Twelve-month ECL: The expected credit losses that result from default events that are possible within 12 months after the reporting date. It is not the expected cash shortfalls over the 12-month period, but the entire credit loss on an asset weighted by the probability that the loss will occur in the next 12 months; and
              (b) Life-time ECL: The expected credit losses that result from all possible default events over the life of the financial instrument.
              Added: June 2022

            • CM-1.8.24

              The below staging classification must represent migration in credit quality and dictates the level of ECL to be recognised. The following must be followed:

              Staging Description ECL measure
              Stage 1 Performing assets with no significant deterioration in credit risk since origination or with very low credit risk. 12-month ECL
              Stage 2 Performing assets that have exhibited significant increase in credit risk since origination. Life-time ECL
              Stage 3 Non-performing assets that are considered credit impaired. Life-time ECL
              Added: June 2022

            • CM-1.8.25

              The staging classification should normally apply to the entire balance of an outstanding facility because if a problem exists with one credit, it normally applies to the whole facility and not just the payment or individual credit which may be overdue. This is a conservative approach, which will alert bank management and the Board to the full extent of a potential problem.

              Added: June 2022

          • Regulatory Treatment of Accounting Provisions

            • CM-1.8.26

              With reference to CM-1.8.24, the ECL provisions assessed on a collective basis (‘CP’) relating to Stage 1 and Stage 2 exposures are used for the purposes of regulatory adjustments under Paragraph CA-2.1.8.

              Added: June 2022

          • Restructured Accounts, Forbearance and Modifications

            • CM-1.8.27

              Conventional bank licensees must report restructured accounts to the CBB on a quarterly basis until the satisfactory performance of the account, under revised terms, and the counterparty has resolved its financial difficulty. All NPL accounts restructured must be classified as non-performing and must be subject to the requirements of the Paragraph CM-1.8.15 to CM-1.8.18. A Stage 3 or Stage 2 exposure that is restructured must be re-categorised in accordance with Appendix CM-6.

              Amended: April 2023
              Added: June 2022

            • CM-1.8.28

              Forbearance, including synonyms such as ‘restructuring’ occurs when (a) a counterparty is experiencing financial difficulty in meeting its financial commitments; and (b) the licensee grants a concession that it would not otherwise consider, irrespective of whether the concession is at the discretion of the licensee and/or the counterparty. A concession is at the discretion of the counterparty (debtor) when the initial contract allows the counterparty (debtor) to change the terms of the contract in its own favour (embedded forbearance clauses) due to financial difficulty. When such concessions are granted, the facility is ‘restructured’.

              Added: June 2022

            • CM-1.8.29

              The following list provides examples of possible indicators of financial difficulty. In particular, financial difficulty can be identified even in the absence of arrears on an exposure:

              (a) A counterparty is currently past due on any of its material exposures.
              (b) A counterparty is not currently past due, but it is probable that the counterparty will be past due on any of its material exposures in the foreseeable future without the concession, for instance, when there has been a pattern of delinquency in payments on its material exposures.
              (c) A counterparty’s outstanding securities have been delisted, are in the process of being delisted, or are under threat of being delisted from an exchange due to noncompliance with the listing requirements or for financial reasons.
              (d) On the basis of actual performance, estimates and projections that encompass the counterparty’s current capabilities, the licensee forecasts that all the counterparty’s committed/available cash flows will be insufficient to service all of its loans or debt securities (both interest and principal) in accordance with the contractual terms of the existing agreement for the foreseeable future.
              (e) A counterparty’s existing exposures are categorised as exposures that have already evidenced difficulty in the counterparty’s ability to repay in accordance with the supervisory categorisation scheme in force or the credit categorisation scheme within the licensee's internal credit rating system.
              (f) A counterparty is in non-performing status or would be categorised as nonperforming without the concessions.
              (g) The counterparty cannot obtain funds from sources other than the existing banks at an effective interest rate equal to the current market interest rate for similar loans or debt securities for a non-troubled counterparty.
              Added: June 2022

            • CM-1.8.30

              Concessions are special contractual terms and conditions that a lender would not extend or consider under normal market conditions.

              Added: June 2022

            • CM-1.8.31

              Licensees should distinguish between restructured loans and rescheduled loans where no concessions have been granted to a performing customer in response to changes in market conditions provided that at the time of rescheduling the loans have been serviced normally, the ability of the borrower to service is not in doubt and where there is reasonable assurance that the borrower will be able to service all future principal and interest payments on the loans in accordance with the revised repayment terms.

              Added: June 2022

            • CM-1.8.32

              Conventional bank licensees must disclose in their public disclosures their policies and definitions that are integral to the estimation of ECL. Quantitative and qualitative disclosures, taken together, must communicate to users the main assumptions/inputs used to develop ECL estimates.

              Added: June 2022

        • CM-1.9 CM-1.9 Provisioning Policies of Branches of Foreign Bank Licensees

          • CM-1.9.1

            Specific provisions for impaired assets (i.e. Stage 3 accounts) and, where applicable, collective provisions (i.e. Stage 1 and Stage 2) representing ECL on performing exposures of branches of foreign bank licensees must be maintained in the books of the Bahrain branch.

            Added: June 2022

          • CM-1.9.2

            If a branch of foreign bank licensee which is a wholesale bank licensee is not able to meet the requirement in Paragraph CM-1.9.1, the branch's head office must advise the CBB, on an annual basis and in writing, whether an equivalent or higher amount of specific and collective provisions related to the exposures of its Bahrain branch are being maintained by the head office. In all cases, the branch must maintain and make available all underlying details of such provision calculations at the request of its external auditors and the CBB. The provisions maintained at the head office in relation to exposures of the branch must be disclosed in the financial statements of the branch submitted to the CBB.

            Added: June 2022

          • CM-1.9.3

            In addition, the CBB may contact the licensee’s home supervisor, on a regular or ad hoc basis, in order to obtain information about the adequacy of the provisioning for such assets or may require the licensee to provide additional comfort or assurance, e.g. through external auditors, that such provisions are indeed set aside properly.

            Added: June 2022

        • CM-1.10 CM-1.10 [This Section was deleted in January 2023]

          • CM-1.10.1

            [This Paragraph was deleted in January 2023].

            Deleted: January 2023
            Added: June 2022

          • CM-1.10.2

            [This Paragraph was deleted in January 2023].

            Deleted: January 2023
            Added: June 2022

          • CM-1.10.3

            [This Paragraph was deleted in January 2023].

            Deleted: January 2023
            Added: June 2022

          • CM-1.10.4

            [This Paragraph was deleted in January 2023].

            Deleted: January 2023
            Added: June 2022

      • CM-2 CM-2 The Monitoring and Control of Large Exposures

        • CM-2.1 CM-2.1 Overview

          • CM-2.1.1

            The CBB’s directives on large exposures for licensees in Bahrain are issued as part of the CBB’s measures to encourage licensees to mitigate risk concentrations and to design the licensees’ large exposure framework so that the maximum possible loss the licensee could incur, if a single counterparty or group of connected counterparties were to suddenly fail, would not endanger the licensee’s survival as a going concern.

            Added: June 2022

          • CM-2.1.2

            The contents of this Chapter apply in full to all Bahraini conventional bank licensees on a consolidated basis.

            Added: June 2022

          • CM-2.1.3

            The application of the large exposures framework at the consolidated level implies that the licensee must consider all exposures to third parties across the relevant regulatory consolidation group and compare the aggregate of those exposures with the group’s consolidated total capital.

            Added: June 2022

          • CM-2.1.4

            Bahraini conventional bank licensees must report large exposures through the PIR forms (see Module CA).

            Added: June 2022

        • CM-2.2 CM-2.2 Exposures Undertaken by Overseas Conventional Bank Licensees

          • CM-2.2.1

            The CBB may, if circumstances so require and on a case-by-case basis, apply the full or part of the requirements of this Chapter to branches of foreign bank licensees.

            Added: June 2022

        • CM-2.3 CM-2.3 Measure of Exposure

          • CM-2.3.1

            For the purpose of the banking book and the trading book, the measure of exposure, net of specific provisions, reflects the maximum loss that will arise should a counterparty fail, or the loss that may arise due to exposures relating to concentration per product, asset classes, collateral, segments, country, region, currencies, market, etc. In certain cases (particularly derivatives), the measure of an exposure may be larger than that used in published financial statements. Consistent with this, an exposure encompasses the amount at risk arising from the licensee’s:

            (a) Claims on a counterparty, including actual and potential claims which would arise from the drawing down in full of undrawn advised facilities (whether revocable/irrevocable, conditional or unconditional) which the licensee has committed itself to provide, and claims which the licensee has committed itself to purchase or guarantee/underwrite. In the case of undrawn facilities (including overdrafts), the advised limit must be included in the measure of exposure (after deduction of any provisions). In the case of loans, the net outstanding balance to be repaid, as shown in the books of the licensee, must be included in the measure of exposure after deduction of any provisions. These claims would include, but are not limited to:
            (i) Loans and other credit facilities (including overdrafts) whether or not drawn;
            (ii) Exposures arising through lease agreements;
            (iii) Margin held with exchanges or counterparties;
            (iv) Claims under derivative contracts such as futures, forwards, options, swaps and similar contracts on interest rates, foreign currencies, equities, securities, commodities or indexes;
            (v) Claims arising in the course of settlement of securities transactions;
            (vi) Receivables, such as fees or commissions;
            (vii) Claims arising in the case of forward sales and purchases of financial instruments in the trading or banking books;
            (viii) Amounts outstanding under sale and repurchase agreements, forward asset purchase agreements, buyback agreements, stock borrowing/lending or similar transactions;
            (ix) Bonds, bills or other non-equity financial instruments; and
            (x) Underwriting exposures for bonds, bills, or other non-equity financial instruments.
            (b) Contingent liabilities arising in the normal course of business, and those contingent liabilities which would arise from the drawing-down in full of undrawn advised facilities (whether revocable or irrevocable, conditional or unconditional) which the licensee has committed itself to provide. In the case of an undrawn overdraft, letter of credit (‘L/C’) or similar facility, the advised limit must be included in the measure of exposure. Such liabilities may include:
            (i) Direct credit substitutes (including guarantees, standby letters of credit, bills accepted but not held by the reporting bank, and endorsements creating payable obligations);
            (ii) Claims sold with recourse (i.e. where the credit risk remains with the reporting bank);
            (iii) Transaction-related contingents not having the character of direct credit substitutes (e.g. performance bonds, bid bonds, transaction-related L/Cs etc.);
            (iv) Undrawn documentary letters of credit issued or confirmed;
            (v) Credit derivatives sold (where the licensee is providing credit protection); and
            (vi) Asset value guarantees (where the licensee provides protection on exit price or realisable value of a non-financial asset).
            (c) Any other assets or transactions whose value depends wholly or mainly on a counterparty performing its obligations, or whose value depends upon that counterparty’s financial soundness, but which do not represent a claim on the counterparty. Such assets or transactions include:
            (i) Equities and other capital instruments;
            (ii) Equity warrants, options, or equity derivatives where the reporting bank is obtaining credit protection; and
            (iii) Underwriting or purchase commitments for equities.
            (d) Investments transactions in trading book (e.g. index positions, securitisations, investments in hedge funds or investment funds) must be calculated by applying the same rules as for similar instruments in the banking book (see Paragraph CM-2.3.27 to CM-2.3.41). The amount invested in a particular structure may be assigned to the structure itself, defined as a distinct counterparty to the counterparties corresponding to the underlying assets, or to the unknown client.
            Added: June 2022

          • CM-2.3.2

            Where the licensee has a legally enforceable netting arrangement in place for loans and deposits, it may calculate the exposure values for large exposures in accordance with Section CA-4.4.

            Added: June 2022

          • Eligible Credit Risk Mitigation (‘CRM’) Techniques

            • CM-2.3.3

              Bahraini conventional bank licensee must recognise an eligible CRM technique in the calculation of an exposure whenever it has used this technique to calculate the risk-based capital requirements under Chapter CA-4. Eligible credit risk mitigation techniques for large exposures are those that meet the minimum requirements and eligibility criteria for the recognition of unfunded credit protection and financial collateral that qualify under Chapter CA-4. Other forms of collaterals, e.g. receivables, commercial and residential real estate are not eligible to reduce exposure values for large exposure purposes unless the title deeds, in the case of real estate, are held in the name of the licensee and it is able to demonstrate that it has the ability to realise the value of the collateral.

              Added: June 2022

            • CM-2.3.4

              In accordance with Paragraph CA-4.6.3, hedges with maturity mismatches are recognised only when their original maturities are equal to or greater than 1 year and the residual maturity of a hedge is not less than 3 months.

              Added: June 2022

            • CM-2.3.5

              If there is a maturity mismatch in respect of credit risk mitigants (collateral, on balance sheet netting, guarantees and credit derivatives) recognised under Paragraph CA-4.6.3, the adjustment of the credit protection for the purpose of calculating large exposures must be calculated according to CA-4.6.4.

              Added: June 2022

            • CM-2.3.6

              Bahraini conventional bank licensee must reduce the value of the exposure to the original counterparty by the amount of eligible CRM technique recognised under Chapter CA-4. The recognised amount is:

              (a) The value of the protected portion in the case of unfunded credit protection;
              (b) The value of the portion of the claim collateralised by the market value of the recognised financial collateral when the licensee uses the simple approach under Section CA-4.2; and
              (c) The value of the collateral adjusted after applying the required haircuts, in the case of financial collateral when the licensee applies the comprehensive approach (see Section CA-4.3).
              Added: June 2022

            • CM-2.3.7

              The exposure value for instruments that give rise to counterparty credit risk and are not securities financing transactions, must be the exposure at default according to the standardised approach for the purpose of computing capital adequacy (See Module CA).

              Added: June 2022

            • CM-2.3.8

              Off-balance sheet items must be converted into credit exposure equivalents through the use of credit conversion factors (‘CCFs’) by applying the CCFs set-out in Section CA-3.3, with a floor of 10 percent.

              Added: June 2022

            • CM-2.3.9

              Instruments such as swaps, futures, forwards and credit derivatives must be converted into positions following Section CA-3.3. These instruments are decomposed into their individual legs.

              Added: June 2022

            • CM-2.3.10

              For credit derivatives that represent sold protection, the exposure to the referenced name must be the amount due in cases where the referenced name triggers the instrument, minus the absolute value of the credit protection. For credit-linked notes, the protection seller needs to consider positions both in the bond of the note issuer and in the underlying referenced by the note.

              Added: June 2022

            • CM-2.3.11

              The measures of exposure values of options for this Chapter differ from the exposure value used for purposes of Chapter CA-4. The exposure value must be based on the change(s) in option prices that would result from a default of the respective underlying instrument. The exposure value for a simple long call option is its market value and for a short put option is the strike price of the option minus its market value. In cases involving short-call or long-put options, a default of the underlying would lead to a profit (i.e. a negative exposure) instead of a loss, resulting in an exposure of the option’s market value in the former case and equal the strike price of the option minus its market value in the latter case. The resulting positions will, in all cases, be aggregated with those from other exposures. After aggregation, negative net exposures must be set to zero.

              Added: June 2022

            • CM-2.3.12

              In case of syndicated facilities initially underwritten by the licensee, the nominal amount would include only the licensee’s share of the syndication and any amounts for which binding commitments from other financial institutions are not available or have not been sold down. Where a binding commitment is available, that amount would be excluded in calculation of the large exposures. See Section CM-2.6 for exemptions.

              Added: June 2022

          • Offsetting Long and Short Positions in the Trading Book

            • CM-2.3.13

              Bahraini conventional bank licensee’s exposure arising from securities’ trading operations is calculated as its net long position in a particular security (a short position in one security issue may not be offset against a long position in another issue made by the same issuer). The licensee’s ‘net long position’ in a security refers to its commitment to buy that security together with its current holdings of the same security, less its commitment to sell these securities.

              Added: June 2022

            • CM-2.3.14

              Positions in the same issue (two issues are defined as the same if the issuer, coupon, currency and maturity are identical) may only be offset for the purpose of calculating large exposure.

              Added: June 2022

            • CM-2.3.15

              Positions in different issues from the same counterparty may be offset only when the short position is junior to the long position, or if the positions are of the same seniority.

              Added: June 2022

            • CM-2.3.16

              For positions hedged by credit derivatives, the hedge may be recognised provided the underlying of the hedge and the position hedged fulfil the provision of Paragraph CM-2.3.15.

              Added: June 2022

            • CM-2.3.17

              When the result of the offsetting is a net short position with a single counterparty, this net exposure need not be considered as an exposure for the purpose of this Chapter.

              Added: June 2022

            • CM-2.3.18

              In order to determine the relative seniority of positions, securities may be allocated into broad buckets of degrees of seniority (for example, ‘equity’, ‘subordinated debt’ and ‘senior debt’).

              Added: June 2022

            • CM-2.3.19

              When the credit protection takes the form of a Credit Default Swap (‘CDS’) and either the CDS provider or the referenced entity is not a financial entity, the amount to be assigned to the credit protection provider is not the amount by which the exposure to the original counterparty is reduced but, instead, the counterparty credit risk exposure calculated in accordance with Module CA .

              Added: June 2022

            • CM-2.3.20

              Bahraini conventional bank licensee must add any exposure to any single counterparty arising in the trading book to any other exposures to that counterparty that lie in the banking book to calculate its total exposure to that counterparty.

              Added: June 2022

            • CM-2.3.21

              Netting across the banking and the trading books is not permitted.

              Added: June 2022

          • Covered Bonds

            • CM-2.3.22

              Covered bonds are bonds issued by a bank or mortgage institutions and are subject by law to special public supervision designed to protect bond-holders. Proceeds deriving from the issue of these bonds must be invested in conformity with the law in assets which, during the whole period of the validity of the bonds, are capable of covering claims attached to the bonds and which, in the event of the failure of the issuer, would be used on a priority basis for the reimbursement of the principal and payment of the accrued interest.

              Added: June 2022

            • CM-2.3.23

              A covered bond satisfying the conditions set out in Paragraph CM-2.3.24, may be assigned an exposure value of no less than 20 percent of the nominal value of the licensee’s covered bond holding. Other covered bonds must be assigned an exposure equal to 100 percent of the nominal value of the licensee’s covered bond holding. The counterparty to which the exposure value is assigned is the issuing bank.

              Added: June 2022

            • CM-2.3.24

              To be eligible to be assigned an exposure value of less than 100 percent, a covered bond must satisfy all the following conditions:

              (a) It must meet the general definition set out in CM-2.3.22.
              (b) The pool of underlying assets must exclusively consist of one or more of the following:
              (i) Claims on, or guaranteed by, sovereigns, their central banks, public sector entities or multilateral development banks;
              (ii) Claims secured by mortgages on residential real estate that would qualify for a 35 percent or lower risk-weight under Section CA-3.2 and have a loan-to-value ratio of 80 percent or lower;
              (iii) Claims secured by commercial real estate that would qualify for the 100 percent or lower risk-weight under Section CA-3.2 and with a loan-to-value ratio of 60 percent or lower; and/or
              (iv) Claims on, or guaranteed by banks that qualify for a 30 percent or lower risk weight. However, such assets cannot exceed 15 percent of covered bond issuances; and
              (c) The nominal value of the pool of assets assigned to the covered bond instrument(s) by its issuer must exceed its nominal outstanding value by at least 10 percent. The value of the pool of assets for this purpose does not need to be that outlined by the legislative framework. However, if the legislative framework does not stipulate a requirement of at least 10 percent, the issuing bank needs to publicly disclose on a regular basis that their cover pool meets the 10 percent requirement in practice. In addition to the primary assets listed under this Sub-paragraph, the additional collateral may include substitution assets (cash or short-term liquid and secure assets held in substitution of the primary assets to top up the cover pool for management purposes) and derivatives entered into for the purposes of hedging the risks arising in the covered bond program.
              Added: June 2022

            • CM-2.3.25

              In order to calculate the required maximum loan-to-value for residential real estate and commercial real estate referred to in Paragraph CM-2.3.24, the following requirements must be met:

              (a) Legal Enforceability: Any claim on a collateral taken must be legally enforceable in all relevant jurisdictions, and any claim on collateral must be properly filed on a timely basis. Collateral interests must reflect a perfected lien (i.e. all legal requirements for establishing the claim have been fulfilled). In addition to this, the collateral agreement and the legal process underpinning it must be such that they allow the licensee to realise the value of the collateral within a reasonable timeframe; and
              (b) Frequent Revaluation: The licensee must monitor the value of the collateral on a frequent basis and, at a minimum, once a year. More frequent monitoring is suggested where the market is subject to significant changes in conditions. Statistical methods of evaluation (e.g. reference to house price indices, sampling) may be used to update estimates or to identify collateral that may have declined in value and that may need reappraisal. A qualified professional must evaluate the property when information indicates that the value of the collateral may have declined materially relative to general market prices, or when a credit event, such as a default, occurs.
              Added: June 2022

            • CM-2.3.26

              The conditions set out in Paragraph CM-2.3.24 must be satisfied at the inception of the covered bond and throughout its remaining maturity.

              Added: June 2022

          • Collective Investment Undertakings, Securitisation Vehicles and Other Structures

            • CM-2.3.27

              Bahraini conventional bank licensees must consider exposures even when a structure lies between the licensee and the exposures, that is, even when the licensee invests in structures through an entity which itself has exposures to assets (‘underlying assets’). Bahraini conventional bank licensees must assign the exposure amount, i.e. the amount invested in a particular structure, to specific counterparties following the approach described in Paragraphs CM-2.3.28 to CM-2.3.35. The structures include funds, securitisations and other structures with underlying assets.

              Added: June 2022

            • CM-2.3.28

              Bahraini conventional bank licensee may assign the exposure amount to the structure itself, defined as a distinct counterparty, if it can demonstrate that the licensee’s exposure amount to each underlying asset of the structure is smaller than 1 percent of total consolidated capital, considering only those exposures to underlying assets that result from the investment in the structure itself, and using the exposure value calculated according to Paragraphs CM-2.3.34 and CM-2.3.35. In this case, the licensee is not required to look through the structure to identify the underlying assets.

              Added: June 2022

            • CM-2.3.29

              Bahraini conventional bank licensees must look through the structure to identify those underlying assets for which the underlying exposure value is equal to or above 1 percent of total consolidated capital. In this case, the counterparty corresponding to each of the underlying assets must be identified so that these underlying exposures can be added to any other direct or indirect exposure to the same counterparty. The licensee’s exposure amount to the underlying assets that are below 1 percent of the licensee’s total consolidated capital may be assigned to the structure itself (i.e. partial Look-Through-Approach (‘LTA’) is permitted).

              Added: June 2022

            • CM-2.3.30

              If a Bahraini conventional bank licensee is unable to identify the underlying assets of a structure where the total amount of its exposure does not exceed 1 percent of its Total consolidated capital, the licensee must:

              (a) Assign the total exposure amount of its investment to the structure; or
              (b) Assign this total exposure amount to the unknown client.
              Added: June 2022

            • CM-2.3.31

              Bahraini conventional bank licensees must aggregate all ‘unknown exposures’ as if they are related to a single counterparty (the unknown client), to which the large exposure limit would apply.

              Added: June 2022

            • CM-2.3.32

              When a LTA is not required, according to Paragraph CM-2.3.28, a Bahraini conventional bank licensee must, nevertheless, be able to demonstrate that regulatory arbitrage considerations have not influenced the decision whether to look through or not – e.g. that the licensee has not circumvented the large exposure limit by investing in several individually immaterial transactions with identical underlying assets.

              Added: June 2022

            • CM-2.3.33

              If the LTA need not be applied, Bahraini conventional bank licensee’s exposure to the structure must be the nominal amount it invests in the structure.

              Added: June 2022

            • CM-2.3.34

              When the LTA is required, the exposure value assigned to a counterparty is equal to the pro rata share that the licensee holds in the structure multiplied by the value of the underlying asset in the structure. Thus, the licensee holding a 1 percent share of a structure that invests in 20 assets each with a value of 5, must assign an exposure of 0.05 to each of the counterparties. An exposure to a counterparty must be added to any other direct or indirect exposures the licensee has to that counterparty.

              Added: June 2022

            • CM-2.3.35

              When the LTA is required, the exposure value to a counterparty is measured for each tranche within the structure, assuming a pro rata distribution of losses amongst investors in a single tranche. To compute the exposure value to the underlying asset, the licensee must:

              (a) Consider the lower of the value of the tranche in which the licensee invests and the nominal value of each underlying asset included in the underlying portfolio of assets; and
              (b) Apply the pro rata share of the licensee’s investment in the tranche to the value determined in the first step above.
              Added: June 2022

          • Identification of Additional Risks

            • CM-2.3.36

              Bahraini conventional bank licensees must identify third parties that may constitute an additional risk factor inherent in a structure itself rather than in the underlying assets. This third party could be a risk factor for more than one structure that the licensee invests in. Examples of roles played by third parties include originator, fund manager, liquidity provider and credit protection provider.

              Added: June 2022

            • CM-2.3.37

              Bahraini conventional bank licensees should connect their investments in those structures with a common risk factor, to form a group of connected counterparties. In such cases, the manager would be regarded as a distinct counterparty so that the sum of the licensee’s investments in all of the funds managed by this manager would be subject to the large exposure limit, with the exposure value being the total value of the different investments. In other cases, the identity of the manager may not comprise of an additional risk factor – for example, if the legal framework governing the regulation of particular funds requires separation between the legal entity that manages the fund, and the legal entity that has custody of the fund’s assets.

              Added: June 2022

            • CM-2.3.38

              In the case of structured finance products, the liquidity provider or sponsor of short-term programmes (asset-backed commercial paper – ‘ABCP’, or conduits and structured investment vehicles – ‘SIVs’) may warrant consideration as an additional risk factor (with the exposure value being the amount invested). Similarly, in synthetic deals, the protection providers (sellers of protection by means of CDS/guarantees) may be an additional source of risk and a common factor for interconnecting different structures (in this case, the exposure value would correspond to the percentage value of the underlying portfolio).

              Added: June 2022

            • CM-2.3.39

              Bahraini conventional bank licensees may add their investments in a set of structures associated with a third party that constitutes a common risk factor to other exposures (such as a loan) it has to that third party. Whether the exposures to such structures must be added to any other exposures to the third party, would again depend on a case-by-case consideration of the specific features of the structure and on the role of the third party. In the example of the fund manager, adding together the exposures may not be necessary because potentially fraudulent behaviour may not necessarily affect the repayment of a loan.

              Added: June 2022

          • Identification of Additional Risks

            • CM-2.3.40

              It is conceivable that the licensee may consider multiple third parties to be potential drivers of additional risk. In this case, the licensee should assign the exposure resulting from the investment in the relevant structures to each of the third parties.

              Added: June 2022

            • CM-2.3.41

              The requirement set out in Paragraph CM-2.3.36 to recognise a structural risk inherent in the structure instead of the risk stemming from the underlying exposures is independent of whatever the general assessment of additional risks concludes.

              Added: June 2022

          • Exposures to Central Counterparties

            • CM-2.3.42

              Exposures to qualified central counterparties (‘QCCPs’) related to clearing activities are exempted from the requirements of this Chapter.

              Added: June 2022

            • CM-2.3.43

              In the case of non-QCCPs, Bahraini conventional bank licensees must measure their exposure as a sum of both the clearing exposures described in Paragraph CM-2.3.45 and the non-clearing exposures described in Paragraph CM-2.3.48 and must respect the general large exposure limit of 15 percent of Total consolidated capital.

              Added: June 2022

            • CM-2.3.44

              The concept of closely related counterparties referred to in CM-2.5.4 does not apply in the context of exposures to centralised counterparties (‘CCPs’) that are specifically related to clearing activities.

              Added: June 2022

          • Identification of Additional Risks

            • CM-2.3.45

              Bahraini conventional bank licensees must identify exposures to a CCP related to clearing activities and sum together these exposures. Exposures related to clearing activities are listed in the table below, together with the exposure value to be used:

              Trade Exposures The exposure value of trade exposures must be calculated using the exposure measures prescribed in this Chapter for the respective type of exposures.
              Segregated Initial Margin The exposure value is 0.
              Non-segregated Initial Margin The exposure value is the nominal amount of initial margin posted.
              Pre-funded Default Fund Contributions Nominal amount of the funded contribution.
              Unfunded Default Fund Contributions The exposure value is 0.
              Equity Stakes The exposure value is the nominal amount.
              Added: June 2022

            • CM-2.3.46

              Regarding exposures subject to clearing services (the licensee acting as a clearing member or being a client of a clearing member), the licensee must determine the counterparty to which exposures must be assigned by applying the provisions of Module CA.

              Added: June 2022

            • CM-2.3.47

              Bahraini conventional bank licensees must apply a risk weight of 2 percent to their trade exposure to the CCP in respect of OTC derivatives, exchange-traded derivative transactions, securities financing transactions (SFTs) and long-settlement transactions, where the licensee acts as a clearing member of a CCP for its own purposes. Where the clearing member offers clearing services to clients, the 2 percent risk weight also applies to the clearing member’s trade exposure to the CCP that arises when the clearing member is obligated to reimburse the client for any losses suffered due to changes in the value of its transactions in the event that the CCP defaults.

              Added: June 2022

            • CM-2.3.48

              Other types of exposures that are not directly related to clearing services provided by the CCP, such as funding facilities, credit facilities, guarantees, etc. must be measured according to the rules set out in this Chapter as for any other type of counterparty. These exposures will be added together and be subjected to the large exposure limit.

              Added: June 2022

        • CM-2.4 CM-2.4 Identity of Counterparty

          • CM-2.4.1

            For the purposes of measuring exposures, the counterparty will generally be the person from whom the concerned funds are receivable (in the case of fees and commissions etc.), the borrower (customer) in the case of credit facilities; the person guaranteed; the issuer of a security in the case of a security held; or the party with whom a contract was made in the case of a derivative contract.

            Added: June 2022

          • CM-2.4.2

            Where a third party has provided an eligible guarantee, and subject to the guaranteed licensee’s policy statement not stating otherwise, the guaranteed licensee must recognise an exposure to the third-party guarantor, rather than the person guaranteed (see Chapter CA-4 for full conditions relating to the recognition of guarantees for regulatory purposes).

            Added: June 2022

        • CM-2.5 CM-2.5 Limits for Large Exposures

          • Definitions and Aggregate Limit on Large Exposures

            • CM-2.5.1

              A ‘large exposure’ is any exposure to a counterparty or a group of closely related counterparties which is greater than, or equal to, 10 percent of the reporting Bahraini conventional bank licensee’s Total Consolidated capital but excluding intragroup exposures.

              Added: June 2022

            • CM-2.5.2

              CBB requires that any large exposure, as defined in Paragraph CM-2.5.1, must have a prior approval by the Bahraini conventional bank licensee's Board of Directors unless the exposure was incurred within the specific borrower limits for which the licensee has prior Board approval.

              Added: June 2022

          • Single Exposure Limit to a counterparty – 15 Percent

            • CM-2.5.3

              A Bahraini conventional bank licensee may not incur an exposure to an individual counterparty or a group of closely related counterparties (not connected to the reporting licensee) which is 15 percent or more of the reporting licensee’s Total consolidated capital without the prior written approval of the CBB. Where this limit has been exceeded, the excess amount must be risk-weighted at 800 percent.

              Added: June 2022

          • Closely related counterparties – Criteria

            • CM-2.5.4

              In order for the licensee to establish the existence of a group of closely related counterparties, it must assess the relationship amongst counterparties by referring to one or more of the following criteria:

              (a) Control relationship: One of the counterparties, directly or indirectly, has control over the other(s) based on the following:
              (i) Where one entity owns 50% or more of the voting rights of another entity.
              (ii) Where one entity is deemed to have control by virtue of voting agreements (e.g. control of a majority of voting rights pursuant to an agreement with other shareholders).
              (iii) Where one entity exercises significant influence on the appointment or dismissal of an entity’s board and/or senior management, such as the right to appoint or remove a majority of such persons, or the fact that a majority of such persons have been appointed solely as a result of the exercise of an individual entity’s voting rights.
              (iv) Where one entity has significant influence on the board or senior management, e.g. an entity has the power, pursuant to a contract or otherwise, to exercise a controlling influence over the management or policies of another entity (e.g. through consent rights over key decisions).
              ; or
              (b) Economic interdependence: If one of the counterparties were to experience financial problems, in particular funding or repayment difficulties, the other(s), as a result, would also be likely to encounter funding or repayment difficulties.
              Added: June 2022

            • CM-2.5.5

              Bahraini conventional bank licensees are also expected to refer to criteria specified in IFRS for further qualitative guidance when determining control.

              Added: June 2022

            • CM-2.5.6

              Bahraini conventional bank licensees must assess the control relationship using the following criteria:

              (a) Voting agreements (e.g. control of a majority of voting rights pursuant to an agreement with other shareholders);
              (b) Significant influence on the appointment or dismissal of an entity’s administrative, management or supervisory body, such as the right to appoint or remove a majority of members in those bodies, or the fact that a majority of members have been appointed solely as a result of the exercise of an individual entity’s voting rights;
              (c) Significant influence on senior management, e.g. an entity has the power, pursuant to a contract or otherwise, to exercise a controlling influence over the management or policies of another entity (e.g. through consent rights over key decisions).
              Added: June 2022

            • CM-2.5.7

              The CBB will exercise its discretion in applying the definition of closely related counterparties on a case-by-case basis if it finds, during its onsite or offsite supervisory review, any linkage of such counterparties.

              Added: June 2022

            • CM-2.5.8

              In establishing closely related counterparty relationships based on economic interdependence (CM-2.5.4 (b)), licensees must consider, at a minimum, the following qualitative criteria:

              (a) Where 50 percent or more of one counterparty’s gross receipts or gross expenditures (on an annual basis) are derived from transactions with the other counterparty (e.g. the owner of a residential/commercial property and the tenant who pays a significant part of the rent);
              (b) Where one counterparty has fully or partly guaranteed the exposure of the other counterparty, or is liable by other means, and the exposure is so significant that the guarantor is likely to default if a claim occurs;
              (c) Where a significant part of one counterparty’s production/output is sold to another counterparty, which cannot easily be replaced by other customers;
              (d) When the expected source of funds to repay each loan one counterparty makes to another is the same and the counterparty does not have another source of income from which the loan may be fully repaid;
              (e) Where it is likely that the financial problems of one counterparty would cause difficulties for the other counterparties in terms of full and timely repayment of liabilities;
              (f) Where the insolvency or default of one counterparty is likely to be associated with the insolvency or default of the other(s); and
              (g) When two or more counterparties rely on the same source for the majority of their funding and, in the event of the common provider’s default, an alternative provider cannot be found. In this case, the funding problems of one counterparty are likely to spread to another due to a one-way or two-way dependence on the same main funding source.
              Added: June 2022

          • Limit on Exposures to connected counterparties – 25 Percent Aggregate

            • CM-2.5.9

              Exposures to connected counterparties of Bahraini conventional bank licensees may be justified only when undertaken for the clear commercial advantage of the licensee, when negotiated and agreed on an arm’s-length basis, and when included in the Large Exposures Policy statement.

              Amended: October 2022
              Added: June 2022

            • CM-2.5.10

              A Bahraini conventional bank licensee may not exceed the individual or aggregate limits for exposures to connected counterparties shown in Paragraph CM-2.5.15, without the prior written approval of the CBB.

              Added: June 2022

            • CM-2.5.11

              The licensee may not undertake exposures to its own external auditor. In this context, ‘external auditor’ refers to the firm/partnership, the partners, the directors and the managers of the audit firm.

              Added: June 2022

            • CM-2.5.12

              For the purpose of this Module, ‘connected counterparties’ include legal and natural persons connected with the Bahraini conventional bank licensee, including, in particular; controllers of the licensee (and Board members, senior management and key staff of the controller, the controller’s appointed Board representatives, subsidiaries and associated companies of controllers including their Board members, senior management and key staff), approved persons of the licensee, as defined by Module LR-1A, and their close family members (as defined by IFRS – IAS 24); associated companies not mentioned hereinabove, unconsolidated subsidiaries and members of the Shari’a Supervisory Board (‘SSB’), if any.

              Added: June 2022

            • CM-2.5.13

              Equity participations in, and credit exposures to, consolidated banking and financial subsidiaries (see CA-2.3.1(c)) need not be included in exposures to connected counterparties for the sake of the table in CM-2.5.15. Equity participations in, and credit or financing exposures to, unconsolidated subsidiaries are included in the definition of exposure in order to understand the degree of support the parent is supplying to its unconsolidated subsidiaries on a day-to-day basis.

              Added: June 2022

            • CM-2.5.14

              The CBB will exercise its discretion in applying the definition of connected counterparties of the licensee on a case-by-case basis, if it finds during its onsite or offsite supervisory review any linkage of such counterparties.

              Added: June 2022

            • CM-2.5.15

              Exposures (both on and off-balance sheet) to all connected counterparties of Bahraini conventional bank licensees listed below, when taken together, may not exceed 25 percent of the Total consolidated capital. Where any of these limits have been exceeded, the excess amount must be risk-weighted at 800 percent.

              Connected Counterparties Individual Limit Aggregate Limit
              Controllers and their close family members as defined in IFRS, and Board members, senior management and key staff of the controller, the controller’s appointed Board representatives, subsidiaries and associated companies of controllers including their Board members, senior management and key staff 0% 0%
              Approved persons (and their close family members as defined in IFRS) and members of the SSB 10% 25%
              Associated companies not mentioned hereinabove, other connected counterparties not mentioned above, and unconsolidated subsidiaries 15%
              Total (including senior management and others) 25%
              Added: June 2022

          • Deductions from Total Capital

            • CM-2.5.16

              The CBB will closely examine all exposures to ‘connected counterparties’ and will deduct them from the licensee’s consolidated total capital if they are, in the CBB's opinion, of the nature of a capital investment, or provision of long-term working capital, or are made on particularly concessionary terms.

              Added: June 2022

            • CM-2.5.17

              Reciprocal cross-holdings of capital between the licensee and its controllers (see GR-5) which artificially inflate the capital of licensee concerned are not permitted. Any cross-holdings that occur, due to acquisitions or takeovers, must be deducted from the concerned licensee’s total capital (see also CA-2).

              Added: June 2022

            • CM-2.5.18

              Any other form of lending to connected counterparties outside the scope of the above will be dealt with by the CBB on a case-by-case basis.

              Added: June 2022

            • CM-2.5.19

              Bahraini conventional bank licensees must perform valuations of collaterals covering large exposures to ensure that collaterals are, and continue to be, enforceable and realisable at least on an annual basis when market conditions are adverse.

              Added: June 2022

        • CM-2.6 CM-2.6 Exempt Exposures

          • Exempt Exposures to Parties not Connected to the Bank

            • CM-2.6.1

              Certain types of exposure are exempt from the 15 percent exposure limit set out in CM-2.5.3, but commitment to such exposures must be reported to the CBB on a quarterly basis using the Form PIR provided in Appendix BR-5.

              Added: June 2022

            • CM-2.6.2

              These exemptions fall into the following categories and are subject, in each case, to the policy statement:

              (a) Short term interbank exposures, with original maturities of 3 months or less to parties not connected to the reporting licensee;
              (b) Exposures to GCC governments and their public sector entities that are not connected to the reporting licensee and do not operate on a commercial basis, as set out in the guidelines to the PIR (see Module CA).
              (c) Exposures secured by cash or GCC government securities or guarantees;
              (d) Exposures to central governments who are members of the Organisation for Economic Cooperation and Development (‘OECD’) or exposures secured by OECD central government securities/guarantees;
              (e) Pre-notified exposures which are covered by a guarantee from the licensee’s parent (see Paragraphs CM-2.6.9 to CM-2.6.12); and
              (f) Sukuk or other securities issued or exposure to / exposure guaranteed by the Islamic Development Bank or any of its subsidiaries and other multilateral development banks, such as IMF, World Bank, Arab Monetary Fund, Asian Development Bank, African Development Bank, European Bank of Reconstruction and Development.
              Amended: October 2022
              Added: June 2022

            • CM-2.6.3

              Where two or more entities that are outside the scope of sovereign exemption are controlled by or are economically dependent on an entity that falls within the scope of the sovereign exemption referred to in paragraph CM-2.6.2, and are closely related, those entities need not be deemed to constitute a group of closely related counterparties pursuant to paragraph CM-2.5.4. Additionally, consistent with Module CA, where other supervisors also treat claims on named PSEs as claims on their sovereigns, claims to those PSEs are treated as claims on the respective sovereigns.

              Added: June 2022

            • CM-2.6.4

              If a Bahraini conventional bank licensee has an exposure to any entity noted in Paragraph CM-2.6.2 which is hedged by a credit derivative, the licensee will have to recognise an exposure to the counterparty providing the credit protection, as prescribed in Paragraphs CM-2.4.2 and CM-2.3.16, notwithstanding the fact that the original exposure is exempted.

              Added: June 2022

          • Exempt Exposures to Connected Counterparties

            • CM-2.6.5

              Exposures to subsidiaries which are always fully consolidated on a line-by-line basis for all supervisory purposes are exempt from the limits in this Module on a consolidated basis. However, licensees must observe the CBB's solo capital adequacy requirements in Module CA.

              Added: June 2022

            • CM-2.6.6

              Exposures to unconsolidated subsidiaries (normally non-financial and outside the scope of regulatory consolidation) are not exempt from the limits in this Module and are included under the limits for exposures to associates, related parties and unconsolidated subsidiaries (See Paragraph CM-2.5.14).

              Added: June 2022

            • CM-2.6.7

              Bahraini conventional bank licensees may apply to the CBB to take on a treasury role on behalf of the group as a whole (provided that the group is subject to consolidated supervision by its home supervisor). The CBB's policy regarding the taking on of a treasury role includes exposures arising from a central risk management function. Such exposures must be approved by the CBB before they may be exempted.

              Added: June 2022

            • CM-2.6.8

              In the above scenario (Paragraph CM-2.6.7), for example, exposures of more than 15% of Total Consolidated Capital to a parent bank from a subsidiary bank may be permitted where they constitute short term lending of excess liquid funds.

              Added: June 2022

          • Exposures Undertaken by a Subsidiary Bank

            • CM-2.6.9

              Where exposures undertaken by a Bahrain subsidiary of an overseas bank are guaranteed by its parent bank, the Bahrain subsidiary bank may be deemed to have an exposure to its parent bank.

              Added: June 2022

            • CM-2.6.10

              Under the terms of this Module (see Sub-Paragraph CM-2.6.2(f)), such indirect exposures to a parent bank may be exempted from the limits on large exposures if the CBB is satisfied that:

              (a) Such exposures have been pre-notified to the CBB for the CBB's approval and are entered into within the terms of a policy agreed by the parent bank;
              (b) There are guarantees in place from the parent bank to protect the subsidiary should the exposure become impaired or require to be written off; and
              (c) In the case of licensees which are the Bahrain subsidiaries of overseas licensees, the supervisory authority of the parent bank has approved the exposures that can be undertaken by the Bahrain subsidiary.
              Added: June 2022

            • CM-2.6.11

              In the case of a Bahrain incorporated bank’s subsidiary in Bahrain, in order for an exposure exceeding 15% of Total Capital to be acceptable in the subsidiary, the Bahrain parent bank must at all times have the capacity to take on the exposure to the third party, without itself exceeding the limit of 15% of its own Total Capital. Also, the total exposure of the banking group to the customer must be within 15% of the parent bank’s consolidated Total Capital.

              Added: June 2022

            • CM-2.6.12

              The CBB will need to be satisfied that adequate control systems are in place to ensure that risks taken in the group as a whole are properly monitored and controlled.

              Added: June 2022

        • CM-2.7 CM-2.7 Reporting of Exposures

          • CM-2.7.1

            Conventional bank licensees are required to report their 25 largest exposures to banks as well as their 25 largest exposures to non-banks to the CBB on a quarterly basis using the Form PIR provided in Appendix BR-5.

            Added: June 2022

          • CM-2.7.2

            Bahraini conventional bank licensees must report the financial details of each large exposure, as defined under Paragraph CM-2.5.1 in Appendix BR-19, as required under Paragraph BR-3.1.10.

            Added: June 2022

          • CM-2.7.3

            Bahraini conventional bank licensees must report all their exposures to connected counterparties on a monthly basis using the form provided in Appendix BR-11, as required under Paragraph BR-4.3.4.

            Added: June 2022

          • CM-2.7.4

            Bahraini conventional bank licensees are required to adopt policies and set internal limits, which will not lead to the exposure limit(s) referred to above being exceeded as a matter of course.

            Added: June 2022

          • CM-2.7.5

            For some licensees, the CBB may determine it prudent to set lower large exposure limits than the ones given in this Module.

            Added: June 2022

          • CM-2.7.6

            Should any licensee incur or plans to incur an exposure to an individual counterparty (other than an exempt exposure) which results in or may result in it exceeding any of the limits set out above, this must be reported immediately to the CBB for its consideration. Where the exposure or counterparty is not exempt, action must be taken to immediately bring the exposure back within applicable limits as soon as possible.

            Added: June 2022

        • CM-2.8 CM-2.8 Policy Statements

          • CM-2.8.1

            The CBB requires each Bahraini conventional bank licensee to set out its policy and internal limits on large exposures, including limits for differing types of exposures, to individual customers, banks, corporates, countries, regions, products, asset classes, collateral, currencies, markets, commodities, connected counterparties and economic sectors, in a policy statement which must be formally approved by the Board of Directors. Furthermore, licensees must not implement significant changes to this policy without the prior approval of the Board.

            Amended: October 2022
            Added: June 2022

          • CM-2.8.2

            The necessary control systems to give effect to the licensee’s policy on large exposures must be clearly specified and monitored by its Board.

            Added: June 2022

          • CM-2.8.3

            Bahraini conventional bank licensees are required to implement appropriate internal systems and controls to monitor the size of their total consolidated capital on a daily basis to ensure that the limits detailed in this Module are not exceeded.

            Added: June 2022

        • CM-2.9 CM-2.9 Concentrations in Geographic, Economic and Market Sectors

          • CM-2.9.1

            The extent to which a licensee may be prudently exposed to a particular geographic, economic and market sectors will vary considerably, depending upon the characteristics and strategy of the licensee, and the sector concerned.

            Added: June 2022

          • CM-2.9.2

            Concentrations should also be recognised in not just geographic and economic sectors but also in markets (e.g. individual stock exchanges). The CBB will not apply common maximum percentages to licensees’ sectoral or market exposures but, instead, will continue to monitor such exposures on an individual and general basis.

            Added: June 2022

          • CM-2.9.3

            Bahraini conventional bank licensees must specify in their policy statements how they define geographic, economic and market sectors, and what limits apply to different sectors.

            Added: June 2022

          • CM-2.9.4

            Exposures and limits for sectors must be reviewed at least quarterly by the Board of Directors.

            Added: June 2022

          • CM-2.9.5

            Bahraini conventional bank licensees which have over 10 percent of their risk-adjusted assets in market risk (i.e. the trading book) must also set market risk concentration limits.

            Added: June 2022

        • CM-2.10 CM-2.10 Major Investments

          • Prior approval for Major Investments

            • CM-2.10.1

              Bahraini conventional bank licensees must obtain the CBB’s prior written approval before making an investment in another commercial or financial entity (whether incorporated inside or outside of Bahrain) which falls within the definition of a major investment. Additionally, the CBB’s prior approval must be obtained for any subsequent increases in the licensee’s ownership in excess of 5% of similar exposure. Where the increase is due to a revaluation or change in capital of the licensee, a written notification outlining the percentage increase and reasons for the increase must be provided to the CBB.

              Added: June 2022

            • CM-2.10.2

              In assessing a proposed major investment, the CBB will take into account the impact of such investment on the risk profile of the licensee. See Appendix CM-5 for criteria for assessment.

              Added: June 2022

            • CM-2.10.3

              A major investment is defined as either of the following:

              (a) An investment in the capital instruments of another entity (whether financial or commercial) by a Bahraini conventional bank licensee which is equivalent to or more than 10% of the Bahraini conventional bank licensee’s consolidated Tier 1 capital; or
              (b) An investment in the capital instruments of a non-financial entity (commercial entity) which is equivalent to or more than 10 percent of the issued common share capital of the commercial entity.
              Added: June 2022

            • CM-2.10.4

              Any major investments by a Bahraini conventional bank licensee in the capital instruments of another entity must be included in the measure of an ‘exposure’ for the purposes of this Chapter, i.e. such major investments must be aggregated with all other facilities to a client for the purpose of calculating the level of ‘large exposures’. Where a percentage ownership increase results in the licensee exceeding the single large exposure limit, the 800 percent risk-weight rule must be applied (see CM-2.5).

              Added: June 2022

            • CM-2.10.5

              The CBB reserves the right to require Bahraini conventional bank licensees to dispose of any major investments acquired without its prior approval. Where a ‘major investment’ is acquired without the approval of the CBB, the entire value of the holding must be deducted from the consolidated total capital of the concerned licensee. Approval will not be given for ‘major investments’ in entities incorporated in jurisdictions where secrecy constraints exist, or there are restrictions on the passage of information to the bank (other than customer confidentiality requirements imposed by financial regulators).

              Added: June 2022

            • CM-2.10.6

              If the licensee’s close links with another entity prevent effective supervision of the licensee (or bank group), the CBB may refuse or revoke a license, or require the licensee to sell or otherwise dispose of entities within its corporate group, or to restructure the licensee.

              Added: June 2022

          • Limits of major investments

            • CM-2.10.7

              The total amount of the licensee’s investments in commercial entities, other than associated companies considered under CM-2.5.14, may not exceed the limits set forth below:

              Limits on major investments in commercial entities* Individual Limit** Aggregate Limit**
              Major investments by retail conventional bank licensees 15% 30%
              Major investments by wholesale conventional bank licensees undertaking commercial banking business 40%
              Major investments by wholesale conventional bank licensees undertaking investment banking business 70%

              *Exposure for this purpose includes investment in capital instruments and any other exposure to the subject entity
              ** Limits expressed as a percentage of Total Tier 1 Capital.

              Added: June 2022

      • CM-3 CM-3 Loans to Employees

        • CM-3.1 CM-3.1 Loans to Employees

          • CM-3.1.1

            The CBB’s prior written consent must be obtained for any loan to an employee where the amount of this loan, either singly or when added to an existing loan(s) outstanding to that employee at that date, would be equal to or in excess of BD 100,000, or its equivalent in foreign currency. Conventional bank licensees must notify the CBB in writing of any senior employee who fails to discharge his repayment obligations.

            Added: June 2022

          • CM-3.1.2

            Where a conventional bank licensee seeks the CBB’s prior approval, as required under Paragraph CM-3.1.1, in its request it must confirm that the employee loan is in line with the licensee’s Board-approved policy. The request must also confirm that the licensee has made an internal assessment and evaluation when reaching the decision to grant the employee loan and that all necessary internal approvals have been obtained. The licensee must also obtain the necessary credit reference information from the Bahrain Credit Reference Bureau.

            Added: June 2022

          • CM-3.1.3

            Conventional bank licensees must ensure that the provisions of relevant laws (including, specifically, the Bahrain Labour Law) are observed at all times in this regard.

            Added: June 2022

      • CM-4 CM-4 Write-off – Credit Facility

        • CM-4.1 CM-4.1 Write-offs

          • CM-4.1.1

            Bahraini conventional bank licensees must notify the CBB of any write-off of an exposure of an amount in excess of BD 100,000, or its equivalent in foreign currency.

            Added: June 2022

          • CM-4.1.2

            Such notification should be accompanied by documentary evidence showing, beyond reasonable doubt, that the customer does not possess the resources to fulfil the outstanding obligation.

            Added: June 2022

          • CM-4.1.3

            Bahraini conventional bank licensees must obtain the CBB’s written no-objection before writing-off any of the following:

            (a) Exposures to, or exposures guaranteed by, any approved person of the licensee or any other CBB licensee;
            (b) Exposures to controllers, subsidiaries, associates and SSB members of the licensee;
            (c) Exposures to any business entity for which the licensee, or any of its approved persons, is a related party, such as a Board member, a shareholder owning 5 percent or more, a person assuming a managerial role, a guarantor, a SSB member, etc.; and
            (d) Exposures to any controller of another CBB licensee (as defined in Resolution No. (16) of 2021 with respect to promulgating the Regulation Pertaining to Control in Banks).
            Amended: January 2023
            Added: June 2022

          • CM-4.1.4

            Branches of foreign bank licensees must obtain the CBB’s written no-objection before writing off the exposures listed in CM-4.1.3 from (a) to (d) except for (b).

            Added: June 2022

          • CM-4.1.5

            Bahraini conventional bank licensees must notify the CBB of any applicable exposures outlined in Paragraph CM-4.1.3 that are classified as NPLs.

            Added: June 2022

          • CM-4.1.6

            In order to comply with Sub-paragraphs CM-4.1.3 (a) and (d), conventional bank licensees should refer to the CBB register on the CBB website, which contains a list of approved persons and controllers of all CBB licensees.

            Added: June 2022

      • CM-5 CM-5 Consumer Finance

        • CM-5.1 CM-5.1 Overview

          • CM-5.1.1

            This Chapter sets out various requirements regarding the provision of consumer finance within the Kingdom of Bahrain by the CBB licensees. The aim of these requirements is to encourage:

            (a) Prudent lending by licensees providing consumer finance; and
            (b) The transparent disclosure of the full costs and terms on which licensees offer consumer finance.
            Added: June 2022

        • CM-5.2 CM-5.2 The CBB’s Approach to Consumer Finance

          • CM-5.2.1

            Conventional bank licensees are reminded of their obligation to implement a sound internal controls framework, including an effective credit culture (as outlined in Section CM-1.2).

            Added: June 2022

          • CM-5.2.2

            Conventional bank licensees which offer consumer finance facilities to residents of Bahrain must follow the Code of Best Practice on Consumer Credit attached as Appendix CM-2 in Part B of the Rulebook. Failure to adhere to the Code may result in enforcement action as outlined in Module EN.

            Added: June 2022

          • CM-5.2.3

            Conventional bank licensees are also reminded of their obligations to display and communicate charges and APRs clearly (as outlined in Section BC-4.3).

            Added: June 2022

          • CM-5.2.4

            The measures presented in this Chapter should be viewed as minimum standards, rather than best practice. They are aimed at encouraging prudent lending and full, frank and fair disclosures. These measures should be read in conjunction with the ‘Code of Best Practice on Consumer Credit and Charging’ which was agreed jointly between the CBB and the Bahrain Association of Banks (see Appendix CM-2).

            Added: June 2022

          • Ongoing Effort by the CBB

            • CM-5.2.5

              The CBB supervisors and examiners will also focus on licensees’ implementation of the ‘Code of Best Practice on Consumer Credit and Charging’ in their ongoing supervision of licensees, to monitor and encourage sound lending practices and disclosure standards.

              Added: June 2022

        • CM-5.3 CM-5.3 Definition of Consumer Finance

          • CM-5.3.1

            Consumer finance is the provision of any form of credit facility to an individual excluding:

            (a) Any loan secured by a first charge on residential property to an individual, where the borrower lives in, or intends to live in the property;
            (b) Any credit facility secured by cash or investments, where the security provided more than covers the principal of the credit facility;
            (c) The provision of any form of credit to an individual for business purposes where the facility is to be repaid from the business activities of the borrower; and
            (d) Any credit facility awarded based on eligibility as per the Social Insurance Organisation’s Pension Commutation Scheme.
            Amended: January 2023
            Added: June 2022

          • CM-5.3.2

            For the purposes of the Rulebook, ‘credit facility’ includes personal overdraft facilities, credit cards, consumer loans or other financing facilities. ‘Consumer loans’ are defined as loans for a fixed period to individuals for non-business purposes.

            Added: June 2022

        • CM-5.4 CM-5.4 Maximum Limits

          • Total Repayments Ratio

            • CM-5.4.1

              Licensees may only provide a new consumer facility (or renew, extend or otherwise modify an existing consumer facility) for an amount so that the borrower’s total monthly repayments on all their consumer finance commitments do not exceed 50 percent of their monthly gross income. This limit may only be exceeded in the circumstances described in Paragraphs CM-5.4.6 and CM-5.4.9.

              Added: June 2022

            • CM-5.4.2

              When reviewing an applicant for a consumer facility, licensees may only take into consideration regular income. A spouse’s income may only be taken into consideration when the credit facility would be in joint names, so that the spouse would also be legally liable for the obligation incurred.

              Added: June 2022

            • CM-5.4.3

              Notwithstanding the above limit, licensees must review, in detail, an applicant’s personal financial standing and ability to service their obligations. Where a spouse’s income is being taken into consideration, their individual circumstances must also be similarly assessed. In many cases, these reviews may require consumer finance repayments to be kept significantly below 50 percent of monthly gross income.

              Added: June 2022

            • CM-5.4.4

              Licensees must enquire as to applicants’ sources of income, their credit history, their regular outgoings and other financial commitments, including potential liabilities such as guarantees. Particular attention must be paid to housing costs (such as payments for social housing schemes). A person’s regular income, net of consumer finance repayments and other financial obligations, must remain sufficient for that person to support himself and any dependents. Licensees must also take into account likely future trends in income and outgoings, and the impact this may have on the 50 percent ratio.

              Added: June 2022

            • CM-5.4.5

              When factoring in credit cards into the repayment limit in Paragraph CM-5.4.1 above, licensees must include 5 percent of the credit limits available on these facilities. If the amounts outstanding (including interest) under such facilities exceed their limit, then the full amount outstanding must be included in the repayments ratio calculation. Charge cards are not included under this definition.

              Added: June 2022

            • CM-5.4.6

              In the case of high earners – defined for these purposes as persons earning more than BHD 3,000 per month – the 50 percent limit may be relaxed, provided that the licensee has undertaken the review required in Paragraph CM-5.4.4 and is satisfied that the borrower can comfortably support a higher facility service ratio.

              Added: June 2022

            • CM-5.4.7

              The review undertaken to satisfy requirements, as outlined in Paragraph CM-5.4.4, must be documented and made available to the CBB’s examiners upon request. The documentation must include all relevant information used to support the decision to extend credit facilities. In the case of high earners who are granted a facility in excess of the 50 percent limit, the documentation must also include a written statement, signed by an appropriate member of management, explaining the justification for relaxing the limit.

              Added: June 2022

          • Maximum Tenor Limit

            • CM-5.4.8

              The maximum tenor for instalment consumer finance is 7 years. In the case of any restructuring of a consumer finance facility repayable in instalments, the stated final maturity must be within 7 years from the date of the original facility. The tenor may not be extended more than twice during the period of the agreement and in any case not extended beyond the 7-year duration.

              Added: June 2022

          • Non-compliant Facilities

            • CM-5.4.9

              Where a customer’s monthly gross income falls (e.g. due to redundancy, disability or a similar event outside the control of the customer), the licensee must identify such accounts as ‘technically non-compliant’. If a customer requests an extension to the tenor of the facility due to reduced income, then the licensee may increase the term to assist the customer. The licensee must take account of the 50 percent limit outlined in Paragraph CM-5.4.1. Such facilities must also be identified as ‘technically non-compliant’.

              Added: June 2022

        • CM-5.5 CM-5.5 Refunds and Prepayments

          • Refund/Adjustment of Insurance Premium on Financing Prepayments and Top-Ups

            • CM-5.5.1

              Conventional bank licensees must refund/adjust proportionately the insurance premium charged on individual credit facilities when the customer either requests for a top up or prepayment of the credit facility as per the prescribed formula below:

              Added: June 2022

      • CM-6 CM-6 Independent Assessments

        • CM-6.1 CM-6.1 Independent assessments

          • CM-6.1.1

            [This Paragraph was deleted in January 2022].

            Added: June 2022

          • CM-6.1.2

            The independent reviews of the credit risk management framework and compliance with Module CM undertaken in accordance with Paragraphs HC-6.6.33 and HC-6.6.34 must cover the following:

            (a) The adequacy of internal systems and procedures for identifying, measuring, monitoring and mitigating credit risk;
            (b) The appropriateness of the procedures, processes, systems and tools for controlling credit risk;
            (c) The credit risk rating and scoring model governance;
            (d) The integrity and usefulness of management information reports on credit risk; and
            (e) The adherence to credit risk appetite and limits framework, credit risk policies and procedures and compliance with this Module.
            Added: June 2022

          • CM-6.1.3

            [This Paragraph was deleted in January 2022].

            Added: June 2022

          • CM-6.1.4

            [This Paragraph was deleted in January 2022].

            Added: June 2022

      • CM-5 CM-5 APPENDIX

        • Appendix CM-5 CBB Illustrative Criteria for Assessment of Major Investments by Bahraini Conventional Bank Licensees

          In assessing any proposed major investments mentioned above, the CBB will take into account the following points:

          (a) The amount of the proposed major investment relative to the existing consolidated total capital of the licensee;
          (b) Existing capital adequacy ratios on a consolidated basis and forecast ratios after the major investment has gone ahead;
          (c) The adequacy of information flows from the investee company to the concerned bank;
          (d) Experience, and fit and proper matters relating to the senior personnel associated with the proposed major investment;
          (e) Risks associated with the proposed major investment;
          (f) Disclosure and exchange of (supervisory) information (in the case of a foreign major investment);
          (g) Adequacy of host supervision (in the case of a foreign major investment);
          (h) Current investments and concentrations in exposures of the concerned bank.
          (i) The compliance of the concerned bank with the CBB’s rules and regulations (e.g. reporting issues), and the adequacy of internal systems and controls;
          (j) The extent of holdings by any other shareholders (holding 5 percent or more of the capital of the concerned entity) or controllers of the concerned entity;
          (k) Whether the proposed activities are in line with the memorandum and articles of association (‘MOA’ and ‘AOA’) of the licensee;
          (l) The accounting treatment of the proposed major investment;
          (m) Whether the major investment relates to a closely-linked party, connected party, or controller in any way;
          (n) The existence of secrecy laws or constraints over supervisory access to the premises, assets, books and records of the concerned entity in which a ‘major investment is being acquired;
          (o) The impact and extent of goodwill and intangibles upon the capital adequacy and balance sheet of the licensee on a consolidated basis; and
          (p) The licensee’s existing and forecast liquidity position (as a result of the major investment) and how the major investment is to be funded (e.g. by the issuance of new capital or sale of other investments).
          Added: June 2022

      • CM-6 CM-6 Appendix

        • Appendix CM-6 Re-categorisation of Exposures

          Retail Exposures (natural persons and micro, small and medium enterprises (MSMEs)

          Repayment frequency Performance terms No. of continuous repayments done (cooling-off period)
              Stage 3 to Stage 2 Stage 3 to Stage 1 Stage 2 to Stage 1
          Monthly Original   3 instalments/months 3 instalments/months
          Restructured 3 instalments/months   3 instalments/months
          Quarterly Original   2 instalments/6 months 2 instalments/6 months
          Restructured 2 instalments/6 months   2 instalments/6 months
          Semi-annual Original   2 instalment/12 months 2 instalment/12 months
          Restructured 2 instalment/12 months   2 instalment/12 months
          Annual Original   1 instalment/12 months 1 instalment/12 months
          Restructured 1 instalment/12 months   1 instalment/12 months

          Corporate Exposures (legal persons excluding MSMEs)

          Repayment frequency Performance terms No. of continuous repayments done (cooling-off period)
              Stage 3 to Stage 2 Stage 3 to Stage 1 Stage 2 to Stage 1
          Monthly Original   6 instalments/months 6 instalments/months
          Restructured 6 instalments/months   6 instalments/months
          Quarterly Original   2 instalments/6 months 2 instalments/6 months
          Restructured 2 instalments/6 months   2 instalments/6 months
          Semi-annual Original   2 instalment/12 months 2 instalment/12 months
          Restructured   2 instalment/12 months 2 instalment/12 months
          Annual Original   1 instalment/12 months 1 instalment/12 months
          Restructured   1 instalment/12 months 1 instalment/12 months

          Note: The above re-categorisation assumes that a corporate re-rating exercise prior to the upgrade also confirms a satisfactory credit rating and no other SICR triggers or conditions exist that prevent the upward transition.

          Added: April 2023

    • OM Operational Risk Management

      • OM-A OM-A Introduction

        • OM-A.1 OM-A.1 Purpose

          • Executive Summary

            • OM-A.1.1

              The Operational Risk Management Module sets out the Central Bank of Bahrain's ('CBB's') rules and guidance to Conventional Bank licensees operating in Bahrain on establishing parameters and control procedures to monitor and mitigate operational risks. The contents of this Module apply to all Conventional banks, except where noted in individual Chapters.

              Added: January 2020

            • OM-A.1.2

              This Module provides support for certain other parts of the Rulebook, mainly:

              (a) Principles of Business;
              (b) High-level Controls;
              (c) Reputational Risk;
              (d) Internal Capital Adequacy Assessment Process ('ICAAP'); and
              (e) Stress Testing.
              Added: January 2020

          • Legal Basis

            • OM-A.1.3

              This Module contains the CBB's Directive, as amended from time to time, relating to Operational Risk Management and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). The Directive in this Module is applicable to all Conventional bank licensees (including their approved persons).

              Added: January 2020

            • OM-A.1.4

              For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

              Added: January 2020

        • OM-A.2 OM-A.2 Module History

          • OM-A.2.1

            This Module was first issued in July 2004 as part of Volume one of the CBB Rulebook. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made; Chapter UG-3 provides further details on Rulebook maintenance and version control.

            Added: January 2020

          • OM-A.2.2

            The changes made to this Module are detailed in the table below:

            Summary of Changes

            Module Ref. Change Date Description of Changes
            OM-5.1 01/04/05 Physical security measures.
            OM-4.2 01/10/05 Succession planning for locally incorporated banks.
            OM-5.1 01/10/05 Clarification of security manager role for smaller banks and deletion of requirement for cash trays.
            OM-B & OM-1.2 01/04/06 Minor amendments concerning roles of Board and management and editing of OM B.
            OM-5.1.15-OM-5.1.24 01/04/06 New security requirements for ATM security arrangements and reporting of security related complaints.
            OM-A.2.1-OM-A.2.6 01/10/07 Purpose (expanded)
            OM-A.2.1-OM-A.2.6 01/10/07 Key Requirements (deleted)
            OM-5.1-OM-5.9 01/10/07 Business Continuity Planning (expanded)
            OM-7 01/10/07 New Books and Records Chapter transferred from Module GR
            OM-8 01/04/08 Basel II Qualitative Operational Risk Requirements
            OM 01/2011 Various minor amendments to ensure consistency in CBB Rulebook.
            OM-A.1.3 and OM-A.1.4 01/2011 Clarified legal basis.
            OM-7.1.4 04/2011 This paragraph was deleted as Ministerial Order 23 does not apply to CBB licensees.
            OM-7.3.4 04/2011 Clarified retention period of records for promotional schemes.
            OM 07/2011 Various minor amendments to clarify Rules and have consistent language.
            OM-2.4 07/2011 Amended CBB reporting requirements regarding succession planning.
            OM-3.1.7 07/2011 Paragraph deleted as no longer applicable since standard conditions and licensing criteria document has now been incorporated as part of Volume 1.
            OM-6.2 10/2011 Added new Section on internet security.
            OM-7.1.7 10/2011 Corrected typo.
            OM-A.1.3 01/2012 Updated legal basis.
            OM-2.1.4 01/2012 Corrected cross reference.
            OM-3.2.2 04/2012 Deleted last sentence of Paragraph as it repeats the requirement under Paragraph OM-3.3.1
            OM-6.2.2 04/2012 Clarified penetration testing interval for internet security.
            OM-1.1.4 10/2012 Amended to reflect updated version of Basel Committee document.
            OM-3.2.6, OM-5.2.1, OM-5.4.8, OM-8 10/2012 Amended to reflect the Basel June 2011 paper on Principles for the Sound Management of Operational Risk.
            OM-6.2 07/2013 Amended reporting requirements related to internet security measures.
            OM-6.2.1 10/2013 Amended Rule to apply to all banks.
            OM-3.7.2 10/2015 Clarified Rule on internal audit outsourcing.
            OM-6 04/2016 Updated ATM security measures for banks.
            OM-3.9 07/2016 Added new Section dealing with outsourcing of functions containing customer information.
            OM-5.10 10/2016 Added new Section on Cyber Security Risk Management
            OM-6.1.1 10/2016 Added implementation deadline date
            OM-6.4.3 10/2016 Corrected cross references
            OM-6.4.4 10/2016 Corrected cross references
            OM-6.4.5 10/2016 Corrected cross references
            OM-6.6 10/2016 Added new Section on Cyber Security Measures
            OM-3.9.2 01/2017 Amended Paragraph on customer information
            OM-3.9.6 01/2017 Added new guidance paragraph on customer information
            OM-6.4.22 04/2017 ATM requirement on Solid Wall deleted.
            OM-6.4.23 04/2017 ATM requirement on Solid Wall deleted.
            OM-6.3.1 07/2017 Clarified requirements on compliance date.
            OM-6.3.2A 07/2017 Added new paragraph on Prohibition of Double Swiping.
            OM-6.3.2B 07/2017 Added new paragraph on Prohibition of Double Swiping.
            OM-6.3.2C 07/2017 Added new paragraph on Prohibition of Double Swiping.
            OM-6.3.2D 07/2017 Added new paragraph on Prohibition of Double Swiping.
            OM-6.3.2E 07/2017 Added new paragraph on Prohibition of Double Swiping.
            OM-6.4.21 07/2017 Deleted paragraph.
            OM-7.2.1 07/2017 Amended paragraph according to the Legislative Decree No. (28) of 2002.
            OM-7.2.2 07/2017 Deleted paragraph.
            OM-3.1.2 10/2017 Amended paragraph to allow the utilization of cloud services.
            OM-3.1.5A 10/2017 Added a new paragraph on outsourcing requirements.
            OM-3.2.3 10/2017 Amended paragraph.
            OM-3.3.1 10/2017 Amended paragraph.
            OM-3.3.2 10/2017 Amended paragraph.
            OM-3.3.3 10/2017 Amended paragraph.
            OM-3.3.4 10/2017 Amended paragraph.
            OM-3.3.5 10/2017 Added a new paragraph on outsourcing.
            OM-3.4.1 10/2017 Amended paragraph.
            OM-3.4.2(b) 10/2017 Amended sub-paragraph.
            OM-3.4.3 10/2017 Deleted paragraph.
            OM-3.4.5 10/2017 Amended paragraph.
            OM-3.5.1(a) 10/2017 Amended sub-sub-paragraph no. (5).
            OM-3.5.1(c) 10/2017 Amended sub-sub-paragraphs no. (2) and (3).
            OM-3.5.1(e) 10/2017 Amended sub-sub-paragraph no. (3).
            OM-3.8.3 10/2017 Amended paragraph.
            OM-3.9.1 10/2017 Amended paragraph.
            OM-3.9.2 10/2017 Amended paragraph on third party outsourcing of functions.
            OM-3.9.3 10/2017 Amended paragraph.
            OM-3.9.4) 10/2017 Amended paragraph.
            OM-3.9.4(b) 10/2017 Amended sub-paragraph.
            OM-3.9.4(d) 10/2017 Deleted sub-paragraph.
            OM-3.9.5 10/2017 Deleted paragraph.
            OM-3.9.7 10/2017 Added a new paragraph for security measures related to cloud services.
            OM-6.4.6 10/2017 Amended paragraph to include ancillary service providers.
            OM-6.3.1A 04/2018 Added a new Paragraph on card (EMV) compliance.
            OM-6.3.1B 04/2018 Added a new Paragraph on "provision of cash withdrawal and payment services through various channels".
            OM-6.3.2 04/2018 Amended Paragraph to mention "Conventional bank licensees".
            OM-3.9.2 07/2018 Amended Paragraph to include call centres.
            OM-3.9.2A 07/2018 Added new Paragraph on customer notification.
            OM-6.4.15A 10/2018 Added a new Paragraph on drive-thru ATMs.
            OM-6.4.20A 10/2018 Added a new Paragraph on drive-thru ATMs.
            OM Module 01/2020 Entire Module revised for better alignment with the principles and guidance from Basel Committee on Banking Supervision.
            OM-5.2.1A 07/2020 Added a new Paragraph on contactless payments.
            OM-5.1.2A & OM-5.1.2B 10/2020 Added new Paragraphs on fraudulent phishing attempts measures.
            OM-2.8.5 01/2021 Deleted Subparagraph (a).
            OM-3.1.2(f) 01/2021 Amended Subparagraph on electronic fraud.
            OM-3.3.11 01/2021 Added a new Paragraph on electronic fraud awareness.
            OM-5.1.5 04/2021 Amended Paragraph.
            OM-5.5 07/2021 New enhanced Section.
            Appendix C 07/2021 Added a new Appendix - Cyber security Control Guidelines
            OM-1.6.1 01/2022 Deleted Paragraph.
            OM-1.6.2 01/2022 Deleted Paragraph.
            OM-1.6.3 01/2022 Amended Paragraph.
            OM-1.6.4 – OM-1.6.6 01/2022 Deleted Paragraphs.
            OM-5.3.2 01/2022 Amended Paragraph.
            OM-5.3.3 – OM-5.3.11 01/2022 Deleted Paragraphs.
            OM-1.3.17(g) 04/2022 Amended Subparagraph on vacation policy.
            OM-5.5.57 04/2022 Amended Paragraph on cyber security incident reporting.
            OM-5.5.58 04/2022 Amended Paragraph on submission period of the cyber security incident report.
            OM-5.5.61 04/2022 Deleted reference to BR.
            OM-2 07/2022 Replaced Chapter OM-2 with new Outsourcing Requirements.
            OM-5.3.25 10/2022 Added a new Paragraph on compliance with the physical security requirements for ATM installations.
            OM-5.5.21 10/2022 Amended Paragraph on email domains requirements.
            OM-5.5.21A 10/2022 Added a new Paragraph on additional domains requirements.
            OM-2.1.7(v) 04/2023 Amended Subparagraph on the outsourcing coordinator.
            OM-2.1.7(viii) 04/2023 Added a new Subparagraph on outsourcing the internal audit function.
            OM-5.2.1 – OM-5.2.1A 04/2023 Amended contactless payment amount permitted where no pin or authentication is required.

      • OM-B OM-B Scope of Application

        • OM-B.1 OM-B.1 Scope of Application

          • Bahraini Conventional Bank Licensees

            • OM-B.1.1

              Bahraini conventional bank licensees must comply with all requirements included in this Module.

              Added: January 2020

            • OM-B.1.2

              The Framework for operational risk management and the structure of governance process for operational risk management chosen by an individual bank will depend on a range of factors, including its nature, size, complexity and risk profile.

              Added: January 2020

          • Branches of foreign bank licensees

            • OM-B.1.3

              In the case of branches of foreign bank licensees, while the requirements of this Module apply, it is recognised that certain activities and tasks relating to operational risk management function or unit might be conducted at the head office or a regional office. Additionally, in the case of branches, it is likely that oversight of the branch, from an operational risk perspective, is also exercised at the head office/regional office.

              Added: January 2020

            • OM-B.1.4

              Branches of foreign bank licensees must document the risk assessments which, at a minimum, include the identified risk events by risk type or category, the key risk indicators (KRIs) and key control indicators (KCIs). In addition, the branch must record losses arising from failures of people, processes, systems, internal and external frauds.

              Added: January 2020

            • OM-B.1.5

              Branches of foreign bank licensees must seek the CBB's approval for the operational risk management activities undertaken by their head/regional office and demonstrate to the CBB that there are effective high-level controls for management of operational risk for activities undertaken out of the Bahrain branch.

              Added: January 2020

            • OM-B.1.6

              For the purposes of such CBB approval, the branch must perform a mapping or a gap analysis of the requirements in this Module with practices undertaken at the head office or regional office, whichever applicable, and at the branch as appropriate.

              Added: January 2020

      • OM-1 OM-1 General Requirements

        • OM-1.1 OM-1.1 Operational Risk Management Framework

          • Overview

            • OM-1.1.1

              This chapter contains the requirements relating to operational risk management. It sets out the requirements for an appropriate risk management environment. Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems including internal frauds, or from external events including external frauds. This definition includes legal and Shari'a non-compliance risks, but excludes strategic and reputational risk. Legal risk is the risk arising from the potential that unenforceable contracts, lawsuits or adverse judgments may disrupt or otherwise negatively affect the operations or financial condition of a bank. As legal risk is one type of operational risk, banks should ensure that all requirements included in this Module are also applied to the management of legal risks requirement.

              Added: January 2020

            • OM-1.1.2

              Operational risk is inherent in all types of bank activities, and can result in substantial losses. Sound operational risk governance, therefore, relies upon three lines of defence:

              (a) Business line management;
              (b) An independent operational risk management unit; and
              (c) Internal Audit and functions that provide independent assurance.
              Added: January 2020

            • OM-1.1.3

              All new products and services must be reviewed for operational risks prior to their implementation. A bank's internal auditors play an important role in controlling operational risks and should include operational risk in the scope of internal audits.

              Added: January 2020

            • OM-1.1.4

              Shari'a non-compliance is a unique risk for Licensees offering shari'a-complaint products and services through Islamic windows resulting from non-compliance with the rules and principles of Shari'a. It is crucial to identify the Shari'a non-compliance risk inherent in different kinds of Shari'a-compliant contracts, and to outline a set of variables that help to estimate the likelihood and severity of Shari'a non-compliance risk. Refer to Appendix B for Shari'a requirements on financing contracts.

              Added: January 2020

          • Establishing a Strong Risk Culture

            • OM-1.1.5

              The Board of Directors must take the lead in establishing a strong operational risk management culture in the bank that supports and provides appropriate standards and incentives for effectively managing operational risk and for promoting professional and responsible behaviour.

              Added: January 2020

            • OM-1.1.6

              For branches of foreign bank licensees, all references in this Module to the board of directors should be interpreted as the Head Office/Regional Office unless such responsibility is formally delegated to a committee at the branch level.

              Added: January 2020

          • Operational Risk Management Framework

            • OM-1.1.7

              Conventional bank licensees must develop, implement and maintain an Operational Risk Management Framework (ORMF) that is fully integrated into the bank's overall risk management processes. The ORMF must consider a range of factors, including the nature, size, complexity and risk profile of the bank.

              Added: January 2020

            • OM-1.1.8

              The Board of Directors and senior management should understand the nature and complexity of the risks inherent in the portfolio of bank products, services and activities. This is particularly important for operational risk, given that operational risk is inherent in all business products, activities, processes and systems.

              Added: January 2020

            • OM-1.1.9

              A bank must ensure that its ORMF is appropriate at inception and that it keeps pace with the rate of growth of, or changes to, products, activities, processes and systems. The ORMF must be comprehensively and appropriately documented.

              Added: January 2020

            • OM-1.1.10

              At minimum, the ORMF documentation must:

              (a) Identify the governance structures used to manage operational risk, including roles, responsibilities, reporting lines and accountabilities;
              (b) Identify policy for approval of policies by the Board;
              (c) Describe the risk assessment processes and tools and how they are used;
              (d) Describe the bank's accepted operational risk appetite and tolerance (see Paragraphs OM-1.2.2 to OM-1.2.4), and the approach to setting thresholds or limits for inherent and residual risk, and approved risk mitigation strategies;
              (e) Establish risk reporting and Management Information Systems ('MIS');
              (f) Provide a common taxonomy of operational risk terms to ensure consistency of risk identification, exposure rating and risk management objectives; and
              (g) Provide for appropriate independent review and assessment of operational risk.
              Added: January 2020

        • OM-1.2 OM-1.2 Operational Risk Governance

          • OM-1.2.1

            The Board of Directors must:

            (a) Establish, approve and regularly review the operational risk management policy;
            (b) Ensure that senior management establish, approve and regularly review supporting policies, procedures, systems and processes in line with the nature and scope of the operational risks inherent in the bank's products, services and activities, and implement comprehensive, dynamic oversight and control environments that are fully integrated into, or coordinated with, the overall ORMF for managing all risks across the bank; and
            (c) Ensure that the bank's ORMF is subject to effective independent review (See Paragraph OM-1.6.1).
            Added: January 2020

          • Risk appetite

            • OM-1.2.2

              The Board of Directors must approve and review the risk appetite and tolerance statement for operational risk that articulates the nature, the types and levels of operational risk that the bank is willing to assume.

              Added: January 2020

            • OM-1.2.3

              When approving and reviewing the risk appetite and tolerance statement, the Board of Directors should consider all relevant risks, the bank's level of risk aversion, its current financial condition and the bank's strategic direction. The Board of Directors should approve appropriate thresholds or limits for specific operational risks.

              Added: January 2020

            • OM-1.2.4

              In addition to the review of material operational risks and limits, the Board should also consider changes in the external environment, material increases in business or activity volumes, the quality of the control environment, the effectiveness of risk management and mitigation strategies, loss experience, and the frequency, volume and nature of limit breaches.

              Added: January 2020

            • OM-1.2.5

              The board must monitor management adherence to the risk appetite and tolerance statement and provide for timely detection and remediation of breaches.

              Added: January 2020

            • OM-1.2.6

              Senior management is responsible for consistently implementing and maintaining throughout the organisation, the policy, procedures, processes and systems for managing operational risk in all of the bank's products, activities, processes and systems.

              Added: January 2020

            • OM-1.2.7

              Banks must establish, commensurate with its nature, size and complexity, an Operational Risk Management Unit (ORMU), independent of the risk generating business lines, which is responsible for the design, maintenance and ongoing development of the ORMF within the bank. The ORMU must be adequately staffed with skilled resources.

              Added: January 2020

            • OM-1.2.8

              Senior management is responsible for establishing and maintaining effective channels for internal review of operational risk issues, as well as ensuring adequate resolution processes. These should include systems to report, track and, when necessary, escalate issues to ensure resolution. Banks should be able to demonstrate that the three lines of defence (as highlighted in Paragraph OM-1.1.2) approach is operating satisfactorily and to explain how the Board and senior management ensure that this approach is implemented and operating in an appropriate and acceptable manner.

              Added: January 2020

            • OM-1.2.9

              Senior management must translate the ORMF into specific processes and procedures that can be implemented and verified within the different business units. Senior management must clearly assign authority, responsibility and reporting relationships to encourage and maintain this accountability, and ensure that the necessary resources are available to manage operational risk in-line with the bank's risk appetite and tolerance statement. Furthermore, senior management must ensure that the management oversight process is appropriate for the risks inherent in a business unit's activity.

              Added: January 2020

            • OM-1.2.10

              Senior management should ensure that staff responsible for managing operational risk, coordinate and communicate effectively with staff responsible for managing credit, market, liquidity and other risks, as well as with those in the bank who are responsible for the procurement of external services, such as insurance risk transfer and outsourcing arrangements. Failure to do so could result in significant gaps or overlaps in a bank's overall risk management programme.

              Added: January 2020

            • OM-1.2.11

              The Head of the ORMU must be of sufficient stature within the bank to perform his duties effectively, ideally evidenced by a title commensurate with other risk management units, such as credit, market and liquidity risk.

              Added: January 2020

            • OM-1.2.12

              Senior management must ensure that bank activities are conducted by staff with the necessary experience, qualifications, technical capabilities and access to resources. Staff responsible for monitoring and enforcing compliance with the bank's risk policies must be independent from the units they oversee.

              Added: January 2020

            • OM-1.2.13

              Senior management must ensure that an appropriate level of operational risk training is available at all levels throughout the organisation. The training that is provided must reflect the seniority, role and responsibilities of the individuals for whom it is intended.

              Added: January 2020

            • OM-1.2.14

              A bank's risk governance structure should be commensurate with the nature, size, operational complexity and risk profile of its activities. When designing the operational risk governance structure, a bank should take the following into consideration:

              (a) Committee structure;
              (b) Committee composition; and
              (c) Committee operation.
              Added: January 2020

            • OM-1.2.15

              Sound industry practice is for Operational Risk Committees (or the Risk Committee) to include a combination of members with expertise in business activities and financial, as well as risk managers.

              Added: January 2020

            • OM-1.2.16

              Committee meetings should be held at appropriate frequencies, with adequate time and resources to permit productive discussion and decision-making. Records of committee meetings should be adequate to permit review and evaluation of committee effectiveness.

              Added: January 2020

        • OM-1.3 OM-1.3 Identification, Measurement, Monitoring and Control

          • OM-1.3.1

            As part of an effective ORMF, banks must have policies, procedures and system for the identification, measurement, monitoring, mitigating and controlling of the operational risk inherent in all products, services, activities, processes and systems.

            Added: January 2020

          • OM-1.3.2

            Risk identification and assessment are fundamental characteristics of an effective ORMF. Effective risk identification considers both internal factors (such as the bank's structure, the nature of the bank's activities, the quality of the bank's human resources, organisational changes and employee turnover) and external factors (such as changes in the broader environment and the industry and advances in technology). Sound risk assessment allows the bank to better understand its risk profile and allocate risk management resources and strategies most effectively. Banks may use the classification categories contained in Appendix A for determining and classifying operational risk events.

            Added: January 2020

          • OM-1.3.3

            Examples of tools that may be used for identifying and assessing operational risk include:

            (a) Audit Findings: While audit findings primarily focus on control weaknesses and vulnerabilities, they can also provide insight into inherent risk due to internal or external factors;
            (b) Internal Loss Data Collection and Analysis: Internal operational loss data provides meaningful information for assessing a bank's exposure to operational risk and the effectiveness of internal controls. Analysis of loss events can provide insight into the causes of large losses and information on whether control failures are isolated or systematic. Banks may also find it useful to capture and monitor operational risk contributions to credit and market risk related losses in order to obtain a more complete view of their operational risk exposure;
            (c) External Data Collection and Analysis: External data elements consist of gross operational loss amounts, dates, recoveries, and relevant causal information for operational loss events occurring at organisations other than the bank. External loss data can be compared with internal loss data, or used to explore possible weaknesses in the control environment or consider previously unidentified risk exposures;
            (d) Risk Assessments: In a risk assessment, often referred to as a Risk Self-Assessment ('RSA'), a bank assesses the processes underlying its operations against a library of potential threats and vulnerabilities and considers their potential impact. A similar approach, Risk Control Self-Assessments ('RCSA'), typically evaluates inherent risk (the risk before controls are considered), the effectiveness of the control environment, and residual risk (the risk exposure after controls are considered). Scorecards build on RCSAs by weighting residual risks to provide a means of translating the RCSA output into metrics that give a relative ranking of the control environment;
            (e) Business Process Mapping: Business process mappings identify the key steps in business processes, activities and organisational functions. They also identify the key risk points in the overall business process. Process maps can reveal individual risks, risk interdependencies, and areas of control or risk management weakness. They also can help prioritise subsequent management action;
            (f) Risk and Performance Indicators: Risk and performance indicators are risk metrics and/or statistics that provide insight into a bank's risk exposure. Risk indicators, often referred to as Key Risk Indicators ('KRIs'), are used to monitor the main drivers of exposure associated with key risks. Performance indicators, often referred to as Key Performance Indicators ('KPIs'), provide insight into the status of operational processes, which may in turn provide insight into operational weaknesses, failures, and potential loss. Risk and performance indicators are often paired with escalation triggers to warn when risk levels approach or exceed thresholds or limits and prompt mitigation plans;
            (g) Scenario Analysis: Scenario analysis is a process of obtaining expert opinion of business line and risk managers to identify potential operational risk events and assess their potential outcome. Scenario analysis is an effective tool to consider potential sources of significant operational risk and the need for additional risk management controls or mitigation solutions. Given the subjectivity of the scenario process, a robust governance ORMF is essential to ensure the integrity and consistency of the process;
            (h) Measurement: Banks may find it useful to quantify their exposure to operational risk by using the output of the risk assessment tools as inputs into a model that estimates operational risk exposure. The results of the model can be used in an economic capital process and can be allocated to business lines to link risk and return; and
            (i) Comparative Analysis: Comparative analysis consists of comparing the results of the various assessment tools to provide a more comprehensive view of the bank's operational risk profile. For example, comparison of the frequency and severity of internal data with RCSAs can help the bank determine whether self-assessment processes are functioning effectively. Scenario data can be compared to internal and external data to gain a better understanding of the severity of the bank's exposure to potential risk events.
            Added: January 2020

          • OM-1.3.4

            Banks should ensure that the internal pricing and performance measurement mechanisms appropriately take into account operational risk measures commensurate with the nature, size and complexity of its business operations.

            Added: January 2020

          • New Products, Process and Change Management

            • OM-1.3.5

              In general, a bank's operational risk exposure is increased when a bank engages in new activities or develops new products; enters unfamiliar markets; implements new business processes or technology systems; and/or engages in businesses that are geographically distant from the head office. Moreover, the level of risk may escalate when new products, activities, procedures, processes, or systems transition from an introductory level to a level that represents material sources of revenue or business-critical operations.

              Added: January 2020

            • OM-1.3.6

              A bank must have a policy and procedures for review and approval of new products, services, activities, procedures, processes and systems. The review and approval process must consider, as appropriate, the following:

              (a) Inherent and residual risks;
              (b) Changes to the bank's operational risk profile and appetite and tolerance;
              (c) The necessary controls, risk management processes and risk mitigation strategies;
              (d) Changes to relevant risk thresholds or limits; and
              (e) The procedures and metrics to measure, monitor, and manage the risk.
              Added: January 2020

            • OM-1.3.7

              The approval process must also ensure that adequate and well trained human resources and appropriate technology infrastructure are in place before new products, services, activities, procedures, processes or systems are introduced. The implementation of new products, activities, procedures, processes and systems must be monitored in order to identify any material differences to the expected operational risk profile, and to manage any unexpected risks.

              Added: January 2020

            • OM-1.3.8

              The use of technology-related products, services, activities, processes and delivery channels exposes a bank to strategic, operational and reputational risks, and the possibility of material financial loss. Consequently, a bank should have an integrated approach to identifying, measuring, monitoring and managing technology risks. Sound technology risk management uses the same precepts as operational risk management and includes:

              (a) Governance and oversight controls that ensure technology, including outsourcing arrangements, is aligned with, and supportive of, the bank's business objectives;
              (b) Policy and procedures that facilitate identification and assessment of risk;
              (c) Establishment of a risk appetite and tolerance statement, as well as performance expectations to assist in controlling and managing risk;
              (d) Implementation of an effective control environment and the use of risk transfer strategies that mitigate risk; and
              (e) Monitoring processes that test for compliance with policy thresholds or limits
              Added: January 2020

          • Monitoring and Reporting

            • OM-1.3.9

              Senior management must implement a process to regularly monitor operational risk profiles and material exposures to losses. Appropriate reporting mechanisms must be in place at the board, senior management, and business line levels that support proactive management of operational risk.

              Added: January 2020

            • OM-1.3.10

              Banks must ensure that the operational risk reports are comprehensive, accurate, consistent and actionable across business lines and products.

              Added: January 2020

            • OM-1.3.11

              Reporting should be timely, and the bank must be able to produce reports in both normal and stressed market conditions. The frequency of reporting must reflect the risks involved and the pace and nature of changes in the operating environment. The results of these monitoring activities must be included in regular management and Board reports. Reports generated by (and/or for) supervisory authorities must also be reported internally to senior management and the Board, where appropriate.

              Added: January 2020

            • OM-1.3.12

              Operational risk reports may contain internal financial, operational, and compliance indicators, as well as external market or environmental information about events and conditions that are relevant to decision-making. Operational risk reports should include:

              (a) Breaches of the bank's risk appetite and tolerance statement, as well as thresholds or limits;
              (b) Details of recent significant internal operational risk events and losses; and
              (c) Relevant external events and any potential impact on the bank and operational risk capital.
              Added: January 2020

            • OM-1.3.13

              Data capture and risk reporting processes should be analysed periodically with a view to continuously enhancing risk management performance, as well as advancing risk management policy, procedures and practices.

              Added: January 2020

          • Controls and mitigation

            • OM-1.3.14

              Banks must have a strong control environment that utilises policies, procedures, processes and systems; appropriate internal controls; and appropriate risk mitigation and/or transfer strategies.

              Added: January 2020

            • OM-1.3.15

              Strong internal controls are a critical aspect of operational risk management, and the banks should establish clear lines of management responsibility and accountability for implementing a strong control environment. The control environment should provide appropriate independence/separation of duties between the operational risk management unit, business lines and support functions.

              Added: January 2020

            • OM-1.3.16

              An effective internal control environment also requires appropriate segregation of duties. Assignments that establish conflicting duties for individuals, or a team without dual controls or other countermeasures may enable concealment of losses, errors or inappropriate actions. Therefore, areas of potential conflicts of interest must be identified, minimised, and subject to careful independent monitoring and review.

              Added: January 2020

            • OM-1.3.17

              In addition to segregation of duties and dual controls, banks should ensure that other traditional internal controls are in place, as appropriate, to address operational risk. Examples of these controls include:

              (a) Clearly established authorities and/or processes for approval;
              (b) Close monitoring of adherence to assigned risk limits or thresholds;
              (c) Safeguards for access to, and use of, bank assets and records;
              (d) Appropriate staffing level and training to maintain expertise;
              (e) Ongoing processes to identify business lines or products where returns appear to be out of line with reasonable expectations;
              (f) Regular verification and reconciliation of transactions and accounts; and
              (g) A vacation policy in line with Bahrain Labour Law.
              Amended: April 2022
              Added: January 2020

            • OM-1.3.18

              Internal control consists of five interrelated components:

              (a) Control environment: The Board of Directors and senior management are responsible for promoting high ethical and integrity standards, and for establishing a culture within the organisation that emphasises and demonstrates to all levels of personnel the importance of internal controls. All personnel at a banking organisation need to understand their role in the internal controls process and be fully engaged in the process;
              (b) Risk assessment: An effective internal control system requires that the material risks that could adversely affect the achievement of the bank's goals are being recognised and continually assessed. This assessment should cover all risks facing the bank and the consolidated banking organisation (that is, credit risk, country and transfer risk, market risk, profit rate risk, liquidity risk, operational risk, legal risk and reputational risk). Internal controls may need to be revised to appropriately address any new or previously uncontrolled risks;
              (c) Control activities: Control activities should be an integral part of the daily activities of a bank. An effective internal control system requires that an appropriate control structure is set up, with control activities defined at every business level. These should include: Top level reviews; appropriate activity controls for different departments or divisions; physical controls; checking for compliance with exposure limits and follow-up on non-compliance; a system of approvals and authorisations; and a system of verification and reconciliation;
              (d) Information and communication: An effective internal control system requires that there are adequate and comprehensive internal financial, operational and compliance data, as well as external market information about events and conditions that are relevant to decision-making. Information should be reliable, timely, accessible, and provided in a consistent format. It requires that there are reliable information systems in place that cover all significant activities of the bank. These systems, including those that hold and use data in an electronic form, must be secure, monitored independently and supported by adequate contingency arrangements. It also requires effective channels of communication to ensure that all staff fully understand and adhere to policy and procedures affecting their duties and responsibilities and that other relevant information is reaching the appropriate personnel; and
              (e) Monitoring activities: The overall effectiveness of the bank's internal controls should be monitored on an ongoing basis. Monitoring of key risks should be part of the daily activities of the bank, as well as periodic evaluations by the business lines and internal audit. There should be an effective and comprehensive internal audit of the internal control system carried out by operationally independent, appropriately-trained and competent staff. The Internal Audit function, as part of the monitoring of the system of internal controls, should report directly to the Board of Directors or its Audit Committee, and to senior management. Internal control deficiencies, whether identified by business line, Internal Audit, or other control personnel, should be reported in a timely manner to the appropriate management level and addressed promptly. Material internal control deficiencies should be reported to senior management and the Board of Directors.
              Added: January 2020

            • OM-1.3.19

              Control processes and procedures should be established and banks should have a system in place for ensuring compliance with a documented set of internal policies concerning the risk management system. Principal elements of this could include, for example:

              (a) Top-level reviews of the bank's progress towards the stated objectives;
              (b) Verifying compliance with management controls;
              (c) Review of the treatment and resolution of instances of non-compliance;
              (d) Evaluation of required approvals and authorisations to ensure accountability to an appropriate level of management; and
              (e) Tracking reports for approved exceptions to thresholds or limits, management overrides and other deviations from policy.
              Added: January 2020

            • OM-1.3.20

              Effective use and sound implementation of technology can contribute to the control environment. For example, automated processes are less prone to error than manual processes. However, automated processes introduce risks that should be addressed through sound technology governance and infrastructure risk management programmes.

              Added: January 2020

            • OM-1.3.21

              Management must ensure the bank has a sound technology infrastructure that:

              (a) Meets current and long-term business requirements by providing sufficient capacity for normal activity levels, as well as peaks during periods of market stress;
              (b) Ensures data and system integrity, security, and availability; and
              (c) Supports integrated and comprehensive risk management.
              Added: January 2020

            • OM-1.3.22

              Mergers and acquisitions resulting in fragmented and disconnected infrastructure, cost-cutting measures or inadequate investment can undermine a bank's ability to aggregate and analyse information across risk dimensions or the consolidated enterprise, manage and report risk on a business line or legal entity basis, or oversee and manage risk in periods of high growth. Management should make appropriate capital investment or otherwise provide for a robust infrastructure at all times, particularly before mergers are consummated, high growth strategies are initiated, or new products are introduced.

              Added: January 2020

            • OM-1.3.23

              In those circumstances where internal controls do not adequately address risk and exiting the risk is not a reasonable option, management can complement controls by seeking to transfer the risk to another party such as through insurance. The Board of directors should determine the maximum loss exposure the bank is willing, and has the financial capacity to assume, and should perform a regular review of the bank's risk and insurance management programme.

              Added: January 2020

            • OM-1.3.24

              Because risk transfer is an imperfect substitute for sound controls and risk management programmes, banks should view risk transfer tools as complementary to, rather than a replacement for, thorough internal operational risk control. Having mechanisms in place to quickly identify, recognise and rectify distinct operational risk errors can greatly reduce exposures. Careful consideration also needs to be given to the extent to which risk mitigation tools such as insurance truly reduce risk, transfer the risk to another business sector or area, or create a new risk (e.g. counterparty risk).

              Added: January 2020

        • OM-1.4 OM-1.4 Succession Planning

          • OM-1.4.1

            Succession planning is an essential precautionary measure for a bank if its leadership stability, and hence ultimately its financial stability, is to be protected. Succession planning is especially critical for smaller institutions, where management teams tend to be smaller and possibly reliant on a few key individuals.

            Added: January 2020

          • OM-1.4.2

            The CBB requires conventional bank licensees to document their Board-approved succession plans for their senior management team and have these ready at any time for onsite inspection by CBB.

            Added: January 2020

        • OM-1.5 OM-1.5 Public Disclosure

          • OM-1.5.1

            A bank must have a formal disclosure policy approved by the Board of Directors that addresses the bank's approach for determining what operational risks disclosures it will make and the internal controls over the disclosure process. In addition, banks must implement a process for assessing the appropriateness of their disclosures, including the verification and frequency of them.

            Added: January 2020

          • OM-1.5.2

            A bank's public disclosure of relevant operational risk management information can lead to transparency and the development of better industry practice through market discipline. The amount and type of disclosure should be commensurate with the size, risk profile and complexity of a bank's operations, and evolving industry practice. See also Chapter HC-8 and Chapter PD-1 on disclosure requirements.

            Added: January 2020

          • OM-1.5.3

            A bank must disclose its ORMF in a manner that will allow stakeholders to determine whether the bank identifies, assesses, monitors and controls/mitigates operational risk effectively.

            Added: January 2020

          • OM-1.5.4

            A bank's disclosures must be consistent with how senior management and the Board of Directors assess and manage the operational risks of the bank.

            Added: January 2020

        • OM-1.6 OM-1.6 Independent Review

          • OM-1.6.1

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: January 2020

          • OM-1.6.2

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: January 2020

          • OM-1.6.3

            The independent review of the operational risk management framework undertaken in accordance with Paragraphs HC-6.6.33 and HC-6.6.34 must cover the following:

            (i) Governance, the role of the board and senior management and ORMU in operational risk management;
            (ii) The existence of operational risk appetite/tolerances or thresholds and approved documented policies, procedures and processes including tools for risk identification and assessment;
            (iii) Register of risks covering risk events, KRIs, KRDs, KCIs and risk mitigation techniques;
            (iv) Policies to ensure the bank are in compliance with the requirements under this Module for outsourcing arrangements including cloud outsourcing, electronic banking, security arrangements and business continuity management.
            Amended: January 2022
            Added: January 2020

          • OM-1.6.4

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: January 2020

          • OM-1.6.5

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: January 2020

          • OM-1.6.6

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: January 2020

      • OM-2 OM-2 Outsourcing Requirements

        • OM-2.1 OM-2.1 Outsourcing Arrangements

          • OM-2.1.1

            This Chapter sets out the CBB’s approach to outsourcing by licensees. It also sets out various requirements that licensees must address when considering outsourcing an activity or function.

            Amended: July 2022
            Added: January 2020

          • OM-2.1.2

            In the context of this Chapter, ‘outsourcing’ means an arrangement whereby a third party performs on behalf of a licensee an activity which commonly would have been performed internally by the licensee. Examples of services that are typically outsourced include data processing, cloud services, customer call centres and back-office related activities.

            Amended: July 2022
            Added: January 2020

          • OM-2.1.3

            In the case of branches of foreign entities, the CBB may consider a third-party outsourcing arrangement entered into by the licensee’s head office/regional office or other offices of the foreign entity as an intragroup outsourcing, provided that the head office/regional office submits to the CBB a letter of comfort which includes, but is not limited to, the following conditions:

            i. The head office/regional office declares its ultimate responsibility of ensuring that adequate control measures are in place; and
            ii. The head office/regional office is responsible to take adequate rectification measures, including compensation to the affected customers, in cases where customers suffer any loss due to inadequate controls applied by the third-party service provider.
            Amended: July 2022
            Added: January 2020

          • OM-2.1.4

            The licensee must not outsource the following functions:

            (i) Compliance;
            (ii) AML/CFT;
            (iii) Financial control;
            (iv) Risk management; and
            (v) Business line functions offering regulated services directly to the customers (refer to Regulation No. (1) of 2007 and its amendments for the list of CBB regulated services).
            Amended: July 2022
            Added: January 2020

          • OM-2.1.5

            For the purposes of Paragraph OM-2.1.4, certain support activities, processes and systems under these functions may be outsourced (e.g. call centres, data processing, credit recoveries, cyber security, e-KYC solutions) subject to compliance with Paragraph OM-2.1.7. However, strategic decision-making and managing and bearing the principal risks related to these functions must remain with the licensee.

            Amended: July 2022
            Added: January 2020

          • OM-2.1.6

            Branches of foreign entities may be allowed to outsource to their head office, the risk management function stipulated in Subparagraph OM-2.1.4 (iv), subject to CBB’s prior approval.

            Amended: July 2022
            Added: January 2020

          • OM-2.1.7

            Licensees must comply with the following requirements:

            (i) Prior CBB approval is required on any outsourcing to a third-party outside Bahrain (excluding cloud data services). The request application must:
            a. include information on the legal and technical due diligence, risk assessment and detailed compliance assessment; and
            b. be made at least 30 calendar days before the licensee intends to commit to the arrangement.
            (ii) Post notification to the CBB, within 5 working days from the date of signing the outsourcing agreement, is required on any outsourcing to an intragroup entity within or outside Bahrain or to a third-party within Bahrain, provided that the outsourced service does not require a license, or to a third-party cloud data services provider inside or outside Bahrain.
            (iii) Licensees must have in place sufficient written requirements in their internal policies and procedures addressing all strategic, operational, logistical, business continuity and contingency planning, legal and risks issues in relation to outsourcing.
            (iv) Licensees must sign a service level agreement (SLA) or equivalent with every outsourcing service provider. The SLA must clearly address the scope, rights, confidentiality and encryption requirements, reporting and allocation of responsibilities. The SLA must also stipulate that the CBB, external auditors, internal audit function, compliance function and where relevant the Shari’a coordination and implementation and internal Shari’a audit functions of the licensee have unrestricted access to all relevant information and documents maintained by the outsourcing service provider in relation to the outsourced activity.
            (v) Licensees must designate an approved person to act as coordinator for monitoring and assessing the outsourced arrangement to ensure compliance with the licensee’s internal policies and applicable laws and regulations.
            (vi) Licensee must submit to the CBB any report by any other regulatory authority on the quality of controls of an outsourcing service provider immediately after its receipt or after coming to know about it.
            (vii) Licensee must inform its normal supervisory point of contact at the CBB of any material problems encountered with the outsourcing service provider if they remain unresolved for a period of three months from its identification date.
            (viii) Where the internal audit function is fully or partially outsourced, licensees must ensure that:
            i. The use of external experts does not compromise the independence and objectivity of the internal audit function;
            ii. The outsourcing service provider has not been previously engaged in a consulting or external audit engagement with the licensee unless a one year “cooling-off” period has elapsed;
            iii. The outsourcing service provider must not provide consulting services to the licensee during the engagement period; and
            iv. Adequate oversight is maintained over the outsourcing service provider to ensure that it complies with the licensee’s internal audit charter, policy and applicable laws and regulations.
            Amended: April 2023
            Amended: July 2022
            Added: January 2020

          • OM-2.1.8

            For the purpose of Subparagraph OM-2.1.7 (iv), licensees as part of their assessments may use the following:

            a) Independent third-party certifications on the outsourcing service provider’s security and other controls;
            b) Third-party or internal audit reports of the outsourcing service provider; and
            c) Pooled audits organized by the outsourcing service provider, jointly with its other clients.

            When conducting on-site examinations, licensees should ensure that the data of the outsourcing service provider’s other clients is not negatively impacted, including impact on service levels, availability of data and confidentiality.

            Added: July 2022

          • OM-2.1.9

            For the purpose of Subparagraph OM-2.1.7 (i), the CBB will provide a definitive response to any prior approval request for outsourcing within 10 working days of receiving the request complete with all the required information and documents.

            Added: July 2022

        • OM-2.2 [This Section was deleted in July 2022]

        • OM-2.3 [This Section was deleted in July 2022]

        • OM-2.4 [This Section was deleted in July 2022]

        • OM-2.5 [This Section was deleted in July 2022]

        • OM-2.6 [This Section was deleted in July 2022]

        • OM-2.7 [This Section was deleted in July 2022]

        • OM-2.8 [This Section was deleted in July 2022]

      • OM-3 OM-3 Electronic Money and Electronic Banking Activities

        • OM-3.1 OM-3.1 Board and Management Oversight

          • OM-3.1.1

            This section sets out the requirements related to systems risk management and controls relevant to services offered through electronic banking activities and electronic funds transfer. Such services are prone to technical complexity, operational and security issues.

            Added: January 2020

          • OM-3.1.2

            The Board of Directors, or a designated Board Committee and senior management must establish effective management oversight over the risks associated with activities involving e-banking and electronic funds transfer. The licensee must establish policies and procedures to manage these risks which include but are not be limited to the following:

            (a) The development and/or acquisition of the technology solutions;
            (b) Testing of application program interfaces;
            (c) Standards of communication and access and security of communication sessions, such as PCI-DSS compliance for cards;
            (d) Authentication of the users;
            (e) Processes and measures that protect customer data confidentiality consistent with Law No. 30 of 2018, Personal Data Protection Law (PDPL) issued on 12 July 2018;
            (f) The use of enhanced fraud monitoring of movements in customers’ accounts to guard against electronic frauds using various tools and measures, such as limits on value, volume and velocity; and
            (g) Security policy and risk management controls.
            Amended: January 2021
            Added: January 2020

          • OM-3.1.3

            The Board of Directors and senior management must ensure they possess the required competence, experience and skills to oversee, review and approve the key aspects of the licensee's security control process.

            Added: January 2020

          • OM-3.1.4

            The Board of Directors and senior management must establish a comprehensive and ongoing due diligence and oversight process for managing the licensee's outsourcing relationships and other third-party dependencies supporting e-banking.

            Added: January 2020

        • OM-3.2 OM-3.2 Secure Authentication

          • OM-3.2.1

            Licensees must take appropriate measures to authenticate the identity and authorisation of customers with whom it conducts business.

            Added: January 2020

          • OM-3.2.2

            Licensees must use predefined transaction authentication methods that promote non-repudiation and establish accountability for the transactions. Licensees must establish detailed procedures to effectively identify the person originating electronic funds transfer transactions and for 'call backs' when appropriate to avoid frauds in electronic fund transfers.

            Added: January 2020

          • OM-3.2.3

            The term 'authentication' as used in this Module refers to the techniques, procedures and processes used to verify the identity and authorisation of prospective and established customers.

            a) Identification refers to the procedures, techniques and processes used to establish the identity of a customer;
            b) Authorisation refers to the procedures, techniques and processes used to determine that a customer or an employee has legitimate access to the bank account or the authority to conduct associated transactions on that account.
            Added: January 2020

          • OM-3.2.4

            Licensees must have in place a strong customer authentication process for its e-banking activities which ensure the following:

            (a) no information on any of the elements of the strong customer authentication process can be derived from the disclosure of the authentication code;
            (b) it is not possible to generate a new authentication code based on the knowledge of any other code previously generated; and
            (c) the authentication code cannot be forged.
            Added: January 2020

          • OM-3.2.5

            The CBB will consider application of quantitative thresholds below which the strong customer authentication requirements may be simplified on a case-to-case basis.

            Added: January 2020

          • OM-3.2.6

            Licensees must establish adequate security features for customer authentication including the use of the following three elements:

            (a) an element categorised as knowledge (something only the user knows), such as length or complexity of the pin or password;
            (b) an element categorised as possession (something only the user possesses) such as algorithm specifications, key length and information entropy, and
            (c) for the devices and software that read, elements categorised as inherence (something the user is), i.e. algorithm specifications, biometric sensor and template protection features.
            Added: January 2020

        • OM-3.3 OM-3.3 Other Systems and Controls

          • OM-3.3.1

            Licensees must ensure that appropriate measures are in place to promote adequate segregation of duties within electronic funds transfer and e-banking systems, databases and applications.

            Added: January 2020

          • OM-3.3.2

            Licensees must ensure that proper authorisation controls and access privileges are in place for electronic funds transfer and e-banking systems, databases and applications.

            Added: January 2020

          • OM-3.3.3

            Licensees must ensure that appropriate measures are in place to protect the data integrity of all transactions, records and information.

            Added: January 2020

          • OM-3.3.4

            Licensees must ensure that clear audit trails exist for all electronic funds transfer and e-banking transactions.

            Added: January 2020

          • OM-3.3.5

            Licensees must establish and document the log retention requirements, including the identification of the source of each request, time synchronization of all related systems and all meta-data related to each request.

            Added: January 2020

          • OM-3.3.6

            Licensees must take appropriate measures to preserve the confidentiality of information. Measures taken to preserve confidentiality must be commensurate with the sensitivity of the information being transmitted and/or stored in databases.

            Added: January 2020

          • OM-3.3.7

            Licensees must ensure that adequate information is provided on their websites to allow potential customers to make an informed conclusion about the licensee's identity and regulatory status of the licensee prior to entering into e-banking transactions.

            Added: January 2020

          • OM-3.3.8

            Licensees must take appropriate measures to ensure adherence to customer privacy requirements applicable to the jurisdictions to which the licensee is providing e-banking products and services.

            Added: January 2020

          • OM-3.3.9

            Licensees must have effective capacity, business continuity and contingency planning processes to help ensure the availability of e-banking systems and services.

            Added: January 2020

          • OM-3.3.10

            Licensees must develop appropriate incident response plans to manage, contain and minimise problems arising from unexpected events, including internal and external attacks, that may hamper the provision of e-banking systems and services.

            Added: January 2020

          • OM-3.3.11

            Licensees must have in place customer awareness communications, pre and post onboarding process, using video calls, short videos or pop-up messages, to alert and warn natural persons applying to open current or saving accounts, credit, debit or prepaid cards or digital wallets about the risk of electronic frauds, and emphasise the need to secure their personal account details and not share them with anyone, online or offline.

            Added: January 2021

      • OM-4 OM-4 Business Continuity Management

        • OM-4.1 OM-4.1 Introduction

          • OM-4.1.1

            All businesses may experience serious disruptions to their business operations. These disruptions may be caused by external events such as flooding, power failure or terrorism, or by internal factors such as human error or a serious computer breakdown. The probability of some events may be small, but the potential consequences may be massive, whereas other events may be more frequent and with shorter time horizons.

            Added: January 2020

          • OM-4.1.2

            The purpose of a Business Continuity Plan ('BCP') is to minimize the operational, financial, legal, reputational, and other material consequences arising from a disruption. The objectives of a good BCP are:

            (a) To minimise financial loss to the licensee;
            (b) To continue to serve customers and counterparties in the financial markets; and
            (c) To mitigate the negative effects that disruptions can have on a licensee's reputation, operations, liquidity, credit quality, its market position, and its ability to remain in compliance with applicable laws and regulations.
            Added: January 2020

          • Scope and Key Elements of a Business Continuity Management (BCM)

            • OM-4.1.3

              The requirements of this Chapter apply to all licensees.

              Added: January 2020

            • OM-4.1.4

              Branches of foreign banks may apply alternative arrangements to those specified in this module, where they are subject to comprehensive BCM arrangements implemented by their head office or other member of their group, provided that:

              (a) They have notified the CBB in writing what alternative arrangements will apply;
              (b) They have satisfied the CBB that these alternative arrangements are equivalent to the measures contained in this chapter, or are otherwise suitable; and
              (c) The CBB has agreed in writing to these alternative arrangements being used.
              Added: January 2020

        • OM-4.2 OM-4.2 General Requirements

          • OM-4.2.1

            To ensure an ability to operate on an ongoing basis and limit losses in the event of severe business disruption all Conventional bank licensees must establish a comprehensive framework for business continuity management (BCM) and must maintain a business continuity plan (BCP) appropriate to the scale and complexity of their operations. A BCP must address the following key areas:

            (a) Data back up and recovery (hard copy and electronic);
            (b) Continuation of all critical systems, activities, and counterparty impact;
            (c) Financial and operational assessments;
            (d) Alternate communication arrangements between the licensee and its customers and its employees;
            (e) Alternate physical location of employees;
            (f) Communications with and reporting to the CBB and any other relevant regulators; and
            (g) Ensuring customers' prompt access to their funds in the event of a disruption.
            Added: January 2020

          • OM-4.2.2

            Effective BCM framework must incorporate policy, procedures and tools required to manage the risk of major operational disruptions. The BCP must be comprehensive, limited not just to disruption of business premises and information technology facilities, but covering all other critical areas, which affect the continuity of critical business operations or services (e.g. liquidity, human resources and others).

            Added: January 2020

          • OM-4.2.3

            Licensees must notify the CBB promptly if there are events that lead to activating their BCP. They must also provide regular progress reports, as agreed with the CBB, until the BCP is deactivated.

            Added: January 2020

          • OM-4.2.4

            The CBB expects licensees to plan for how they may cope with the complete destruction of buildings and surrounding infrastructure in which their key offices, installations, counterparties or service providers are located. The loss of key personnel, and a situation where back-up facilities might need to be used for an extended period of time are important factors in effective BCPs.

            Added: January 2020

          • OM-4.2.5

            Licensees may find it useful to consider two-tier plans: one to deal with near-term problems; this should be fully developed and able to be put into immediate effect. The other, which might be in paper form; should deal with a longer-term scenario (e.g. how to accommodate processes that might not be critical immediately but would become so over time).

            Added: January 2020

        • OM-4.3 OM-4.3 Board and Senior Management Responsibilities

          • Establishment of a Policy, Processes & Responsibilities

            • OM-4.3.1

              A licensee's Board of Directors and Senior Management are collectively responsible for a bank's business continuity. The Board must approve the policies, while senior management must approve procedures and processes for a licensee's BCP.

              Added: January 2020

            • OM-4.3.2

              Licensees must establish a Crisis Management Team (CMT) to develop, maintain and test their BCP, as well as to respond to and manage the various stages of a crisis. The CMT must comprise members of senior management and heads of major support functions (e.g. building facilities, IT, corporate communications and human resources).

              Added: January 2020

            • OM-4.3.3

              Licensees must establish (and document as part of the BCP) individuals' responsibilities in helping prepare for and manage a crisis; and the process by which a disaster is declared and the BCP initiated (and later terminated).

              Added: January 2020

          • Monitoring and Reporting

            • OM-4.3.4

              The CMT must submit regular reports to the Board and senior management on recovery and response activities in the event of major operational disruptions and also on the results of the testing of the BCP (refer to section OM-4.9). Major changes must be developed by CMT, reported to senior management, and endorsed by the Board.

              Added: January 2020

            • OM-4.3.5

              The Chief Executive of a licensee must sign a formal annual statement submitted to the Board on whether the response and recovery strategies adopted are still valid and whether the documented BCP is properly tested and maintained. The annual statement must be included in the BCM documentation and will be reviewed as part of the CBB's on-site examinations.

              Added: January 2020

        • OM-4.4 OM-4.4 Developing a Business Continuity Plan

          • Impact Analysis

            • OM-4.4.1

              Licensees' BCPs must be based on (i) a business impact analysis (ii) an operational impact analysis, and (iii) a financial impact analysis. These analyses must be comprehensive, including all business functions and departments, not just IT or data processing.

              Added: January 2020

            • OM-4.4.2

              The key objective of a Business Impact Analysis is to identify the different kinds of risk to business continuity and to quantify the operational and financial impact of disruptions on a licensee's ability to conduct its critical business processes.

              Added: January 2020

            • OM-4.4.3

              A typical business impact analysis is normally comprised of two stages. The first is to identify and prioritise the critical business processes that must be continued in the event of a disaster. The first stage should take account of the impact on customers and reputation, the legal implications and the financial cost associated with downtime. The second stage is a time-frame assessment. This aims to determine how quickly the licensee needs to resume critical business processes identified in stage one.

              Added: January 2020

            • OM-4.4.4

              Operational impact analysis focuses on the firm's ability to maintain communications with customers and to retrieve key activity records. It identifies the organizational implications associated with the loss of access, loss of utility, or loss of a facility. It highlights which functions may be interrupted by an outage, and the consequences to the public and customer of such interruptions.

              Added: January 2020

            • OM-4.4.5

              A Financial Impact Analysis identifies the financial losses that (both immediate and also consequent to the event) arise out of an operational disruption.

              Added: January 2020

          • Risk Assessment

            • OM-4.4.6

              In developing a BCP, licensees must consider realistic threat scenarios that may (potentially) cause disruptions to their business processes.

              Added: January 2020

            • OM-4.4.7

              Licensees should analyse a threat by focusing on its impact on the business processes, rather than on the source of a threat. Certain scenarios can be viewed purely in terms of business disruption in specific work areas, systems or facilities. The scenarios should be sufficiently comprehensive to avoid the BCPs becoming too basic and thereby avoiding steps that could improve the resiliency of the licensee to disruptions.

              Added: January 2020

            • OM-4.4.8

              BCPs must take into account different types of likely or plausible scenarios to which the bank may be vulnerable considering both the control (pre-event) measures and response (post-event) measures. In particular, the following specific scenarios must at a minimum, be considered in the BCP:

              (a) Utilities are not available (power, telecommunications);
              (b) Critical buildings are not available or specific facilities are not accessible;
              (c) Software and live data are not available or are corrupted;
              (d) Vendor assistance or (outsourced) service providers are not available;
              (e) Critical documents or records are not available;
              (f) Critical personnel are not available; and
              (g) Significant equipment malfunctions (hardware or telecom).
              Added: January 2020

            • OM-4.4.9

              Licensees must distinguish between threats with a higher probability of occurrence and a lower impact to the business process (e.g. brief power interruptions) to those with a lower probability and higher impact (e.g. a terrorist bomb).

              Added: January 2020

            • OM-4.4.10

              As a starting point, licensees must perform a "gap analysis". This gap analysis is a methodical comparison of what types of plans the licensee requires in order to maintain, resume or recover critical business operations or services in the event of a disruption, versus what the existing BCP provides. Management and the Board can address the areas that need development in the BCP, using the gap analysis.

              Added: January 2020

        • OM-4.5 OM-4.5 Recovery Levels & Objectives

          • OM-4.5.1

            The BCM framework must include strategies and procedures to maintain, resume and recover critical business operations or services. The plan must differentiate between critical and non-critical functions. The BCM policy must clearly describe the types of events that would lead up to the formal declaration of a business disruption and the process for activating the BCP.

            Added: January 2020

          • OM-4.5.2

            The BCM policy must clearly identify alternate sites for different operations, the total number of recovery personnel, workspace requirements, and applications and technology requirements. Office facilities and records requirements must also be identified.

            Added: January 2020

          • OM-4.5.3

            Licensees should take note that they might need to cater for processing volumes that exceed those under normal circumstances. The interdependency among critical services is another major consideration in determining the recovery strategies and priority. For example, the resumption of the front office operations is highly dependent on the recovery of the middle office and back office support functions.

            Added: January 2020

          • OM-4.5.4

            Individual critical business and support functions must establish Recovery Time Objectives (RTO), Recovery Point Objectives (RPO) and Maximum Tolerable Period of Disruption (MTPD) with respect to the bank's recovery programme. RTOs, RPOs and MTPDs must be approved by the senior management prior to proceeding to the development of the BCP.

            Added: January 2020

          • List of Contacts and Responsibilities

            • OM-4.5.5

              The BCM framework must consider a communication strategy, established procedures for communication, methodology for transmitting, writing and reading of relevant information designed for each business unit where appropriate, the nature of information a list of all key resources charged with the tasks and the full listing of employees and relevant stakeholders. The list must include personal contact information on each key employee such as their home address, home telephone number, and cell phone or pager number so they may be contacted in case of a disaster or other emergency.

              Added: January 2020

            • OM-4.5.6

              The BCM policy must contain all the necessary process steps to complete each critical business operation or service. Each process must be explained in sufficient detail to allow another employee to perform the job in case of a disaster.

              Added: January 2020

          • Alternate Sites for Business and Technology Recovery

            • OM-4.5.7

              Most business continuity efforts are dependent on the availability of an alternate site (i.e. recovery site) for successful execution. The alternate site may be either an external site available through an agreement with a commercial vendor or a site within the Licensee's real estate portfolio. A useable, functional alternate site is an integral component of BCP.

              Added: January 2020

            • OM-4.5.8

              Licensees must examine the extent to which key business functions are concentrated in the same or adjacent locations and the proximity of the alternate sites to primary sites. Alternate sites must be sufficiently remote from, and do not depend upon the same physical infrastructure components as a licensee's primary business location. This minimises the risk of both sites being affected by the same disaster (e.g. they must be on separate or alternative power grids and telecommunication circuits).

              Added: January 2020

            • OM-4.5.9

              Licensees' alternate sites must be readily accessible and available for occupancy (i.e. 24 hours a day, 7 days a week) within the time requirement specified in their BCP. Should the BCP so require, the alternate sites must have pre-installed workstations, power, telephones and ventilation, and sufficient space. Appropriate physical access controls such as access control systems and security guards must be implemented in accordance with Licensee's security policy.

              Added: January 2020

            • OM-4.5.10

              Other than the establishment of alternate sites, licensees should also pay particular attention to the transportation logistics for relocation of operations to alternate sites. Consideration should be given to the impact a disaster may have on the transportation system (e.g. closures of roads). Some staff may have difficulty in commuting from their homes to the alternate sites. Other logistics, such as how to re-route internal and external mail to alternate sites should also be considered. Moreover, pre-arrangement with telecommunication companies for automated telephone call diversion from the primary work locations to the alternate sites should be considered.

              Added: January 2020

            • OM-4.5.11

              Alternate sites for technology recovery (i.e. back-up data centres), which may be separate from the primary business site, should have sufficient technical equipment (e.g. workstations, servers, printers, etc.) of appropriate model, size and capacity to meet recovery requirements as specified by licensees' BCPs. The sites should also have adequate telecommunication (including bandwidth) facilities and pre-installed network connections as specified by their BCP to handle the expected voice and data traffic volume.

              Added: January 2020

            • OM-4.5.12

              Licensees should avoid placing excessive reliance on external vendors in providing BCP support, particularly where a number of institutions are using the services of the same vendor (e.g. to provide back-up facilities or additional hardware). Licensees should satisfy themselves that such vendors do actually have the capacity to provide the services when needed and the contractual responsibilities of the vendors should be clearly specified. Licensees should recognise that outsourcing a business operation does not transfer the associated business continuity management responsibilities.

              Added: January 2020

            • OM-4.5.13

              The contractual terms should include the lead-time and capacity that vendors are committed to deliver in terms of back-up facilities, technical support or hardware. The vendor should be able to demonstrate its own recoverability including the specification of another recovery site in the event that the contracted site becomes unavailable.

              Added: January 2020

            • OM-4.5.14

              Certain licensees may rely on a reciprocal recovery arrangement with other institutions to provide recovery capability (e.g. Cheque sorting and cash handling). Licensees should, however, note that such arrangements are often not appropriate for prolonged disruptions or an extended period of time. This arrangement could also make it difficult for Licensees to adequately test their BCP. Any reciprocal recovery agreement should therefore be subject to proper risk assessment and documentation by licensees, and formal approval by the Board.

              Added: January 2020

        • OM-4.6 OM-4.6 Detailed Procedures for the BCP

          • OM-4.6.1

            Once the recovery levels and recovery objectives for individual business lines and support functions are determined, the development of the detailed BCP should commence. The objective of the detailed BCP is to provide detailed guidance and procedures in a crisis situation, of how to recover critical business operations or services identified in the Business Impact Analysis stage, and to ultimately return to operations as usual.

            Added: January 2020

          • Crisis Management Process

            • OM-4.6.2

              A BCM framework must include a Crisis Management Plan (CMP) that serves as a documented guidance to assist the CMT in dealing with a crisis situation to avoid spill over effects to the business as a whole. The overall CMP, at a minimum, must contain the following:

              (a) A process for ensuring early detection of an emergency or a disaster situation and prompt notification to the CMT about the incident;
              (b) A process for the CMT to assess the overall impact of the crisis situation on the licensee and to make quick decisions on the appropriate responses for action (i.e. staff safety, incident containment and specific crisis management procedures);
              (c) Arrangements for safe evacuation from business locations (e.g. directing staff to a pre-arranged emergency assembly area, taking attendance of all employees and visitors at the time and tracking missing people through different means immediately after the disaster);
              (d) Clear criteria for activation of the BCP and/or alternate sites;
              (e) A process for gathering updated status information for the CMT (e.g. ensuring that regular conference calls are held among key staff from relevant business and support functions to report on the status of the recovery process);
              (f) A process for timely internal and external communications; and
              (g) A process for overseeing the recovery and restoration efforts of the affected facilities and the business services.
              Added: January 2020

            • OM-4.6.3

              If CMT members need to be evacuated from their primary business locations, the licensee should set up a command centre to provide the necessary workspace and facilities for the CMT. Command centres should be sufficiently distanced from the licensee's primary business locations to avoid being affected by the same disaster.

              Added: January 2020

          • Business Resumption

            • OM-4.6.4

              Each relevant business and support function must assign at least one member to be a part of the CMT to carry out the business resumption process for the relevant business and supported function. Appropriate recovery personnel with the required knowledge and skills must be assigned to the team.

              Added: January 2020

            • OM-4.6.5

              Generally, the business resumption process consists of three major phases:

              (a) The mobilisation phase — This phase aims to notify the recovery teams (e.g. via a call-out tree) and to secure the resources (e.g. recovery services provided by vendors) required to resume business services.
              (b) The alternate processing phase — This phase emphasizes the resumption of the business and service delivery at the alternate site and/or in a different way than the normal process. This may entail record reconstruction and verification, establishment of new controls, alternate manual processes, and different ways of dealing with customers and counterparties; and
              (c) The full recovery phase — This phase refers to the process for moving back to a permanent site after a disaster. This phase may be as difficult and critical to the business as the process to activate the business resumption process.
              Added: January 2020

            • OM-4.6.6

              For the first two phases above, clear responsibilities should be established and activities prioritised. A recovery tasks checklist should be developed and included in the BCM framework.

              Added: January 2020

          • Technology Recovery

            • OM-4.6.7

              Business resumption very often relies on the recovery of technology resources that include applications, hardware equipment and network infrastructure as well as electronic records. The technology requirements that are needed during recovery for individual business and support functions should be specified when the recovery strategies for the functions are determined.

              Added: January 2020

            • OM-4.6.8

              Licensees should pay attention to Heat, Ventilation and Air Conditioning (HVAC) requirements and resilience of critical technology equipment and facilities such as the uninterruptible power supply (UPS) and the computer cooling systems. Such equipment and facilities should be subject to continuous monitoring and periodic maintenance and testing.

              Added: January 2020

            • OM-4.6.9

              Appropriate personnel must be assigned with the responsibility for technology recovery. Alternative personnel need to be identified as back up for key technology recovery personnel in the case of the latter unavailability to perform the recovery process.

              Added: January 2020

          • Disaster Recovery Models

            • OM-4.6.10

              There are various disaster recovery models that can be adopted by licensees to handle prolonged disruptions. The traditional model is an "active/back-up" model, which is widely used by many organizations. This traditional model is based on an "active" operating site with a corresponding alternate site (back-up site), both for data processing and for business operations.

              Added: January 2020

            • OM-4.6.11

              A split operations model, which is increasingly being used by major institutions, operates with two or more widely separated active sites for the same critical operations, providing inherent back up for each other (e.g. branches). Each site has the capacity to take up some or all of the work of another site for an extended period of time. This strategy can provide nearly immediate resumption capacity and is normally able to handle the issue of prolonged disruptions.

              Added: January 2020

            • OM-4.6.12

              The split operations model may incur higher operating costs, in terms of maintaining excess capacity at each site and added operating complexity. It may also be difficult to maintain appropriately trained staff and the split operations model can pose technological issues at multiple sites.

              Added: January 2020

            • OM-4.6.13

              The question of what disaster recovery model to adopt is for individual licensees' judgment based on the risk assessment of their business environment and the characteristics of their own operations.

              Added: January 2020

        • OM-4.7 OM-4.7 Vital Records Management

          • OM-4.7.1

            Each BCM framework must clearly identify information deemed vital for the recovery of critical business and support functions in the event of a disaster as well as the relevant protection measures to be taken for protecting vital information. Licensees must refer to Chapter OM-6 when identifying vital information for business continuity. Vital information includes information stored on both electronic and non-electronic media.

            Added: January 2020

          • OM-4.7.2

            Copies of vital records must be stored off-site as soon as possible after creation. Back-up vital records must be readily accessible for emergency retrieval. Access to back-up vital records must be adequately controlled to ensure that they are reliable for business resumption purposes. For certain critical business operations or services, licensees must consider the need for instantaneous data back up to ensure prompt system and data recovery. There must be clear procedures indicating how and in what priority vital records are to be retrieved or recreated in the event that they are lost, damaged or destroyed.

            Added: January 2020

        • OM-4.8 OM-4.8 Other Policies Standards, and Processes

          • Employee Awareness and Training Plan

            • OM-4.8.1

              Licensees must implement an awareness plan and business continuity training for employees to ensure that all employees are continually aware of their responsibilities and know how to remain in contact and what to do in the event of a crisis.

              Added: January 2020

            • OM-4.8.2

              Key employees should be involved in the business continuity development process, as well as periodic training exercises. Cross training should be utilised to anticipate restoring operations in the absence of key employees. Employee training should be regularly scheduled and updated to address changes to the BCP.

              Added: January 2020

          • Public Relations & Communication Planning

            • OM-4.8.3

              Licensees must develop an awareness program and formulate a formal strategy for communication with key external parties (e.g. CBB and other regulators, investors, customers, counterparties, business partners, service providers, the media and other stakeholders) and provide for the type of information to be communicated. The strategy needs to set out all the parties the licensee must communicate to in the event of a disaster. This will ensure that consistent and up-to-date messages are conveyed to the relevant parties. During a disaster, ongoing and clear communication is likely to assist in maintaining the confidence of customers and counterparties as well as the public in general.

              Added: January 2020

            • OM-4.8.4

              The BCM framework must clearly indicate who may speak to the media and other key external parties, and have pre-arrangements for redirecting external communications to designated staff during a disaster. Important contact numbers and e-mail addresses of key external parties must be kept in a readily accessible manner (e.g. in wallet cards or licensees' intranet).

              Added: January 2020

            • OM-4.8.5

              Licensees may find it helpful to prepare draft press releases as part of their BCP. This will save the CMT time in determining the main messages to convey in a chaotic situation. Important conversations with external parties should be properly logged for future reference.

              Added: January 2020

            • OM-4.8.6

              With reference to internal communication, the BCP should set out how the status of recovery can be promptly and consistently communicated to all staff, parent bank, head office, branches and subsidiaries (where appropriate). This may entail the use of various communication channels (e.g. broadcasting of messages to mobile phones of staff, Licensees websites, e-mails, intranet and instant messaging).

              Added: January 2020

          • Insurance and other Risk Mitigating Measures

            • OM-4.8.7

              Licensees must have proper insurance coverage to reduce the financial losses that they may face during a disaster. Licensees must regularly review the adequacy and coverage of their insurance policies in reducing any foreseeable risks caused by disasters (e.g. loss of offices, critical IT facilities and equipment).

              Added: January 2020

          • Government and Community

            • OM-4.8.8

              Licensees may need to coordinate with community and government officials and the media to ensure the successful implementation of the BCP. This establishes proper protocol in case a city- wide or region- wide event impacts the licensee's operations. During the recovery phase, facilities access, power, and telecommunications systems should be coordinated with various entities to ensure timely resumption of operations. Facilities access should be coordinated with the police and fire department and, depending on the nature and extent of the disaster.

              Added: January 2020

          • Disclosure Requirements

            • OM-4.8.9

              Licensees must disclose how their BCP addresses the possibility of a future significant business disruption and how the licensee will respond to events of varying scope. Licensees must also state whether they plan to continue business during disruptions and the planned recovery time. In all cases, BCP disclosures must be reviewed and updated to address changes to the BCP.

              Added: January 2020

            • OM-4.8.10

              The licensees might make these disclosures on their websites, or through mailing to key external parties upon request.

              Added: January 2020

        • OM-4.9 OM-4.9 Maintenance, Testing and Review

          • Testing & Rehearsal

            • OM-4.9.1

              A BCP is not complete if it has not been subject to proper testing. Testing is needed to ensure that the BCP is operable. Testing verifies the awareness of staff and the preparedness of differing departments/functions of the bank.

              Added: January 2020

            • OM-4.9.2

              Licensees must test their BCPs at least annually. Senior management must participate in the annual testing and demonstrate their awareness of what they are required to do in the event of the BCP being involved. Also, the recovery and alternate personnel must participate in testing rehearsals to familiarise themselves with their responsibilities and the back-up facilities and remote sites (where applicable).

              Added: January 2020

            • OM-4.9.3

              All of the BCP's related risks and assumptions must be reviewed for relevancy and appropriateness as part of the annual planning of testing. The scope of testing must be comprehensive enough to cover the major components of the BCP as well as coordination and interfaces among important parties. A testing of particular components of the BCP or a fully integrated testing must be decided or depending on the situation. The following points must be included in the annual testing:

              (a) Staff evacuation and communication arrangements (e.g. call-out trees) must be validated;
              (b) The alternate sites for business and technology recovery must be activated;
              (c) Important recovery services provided by vendors or counterparties must form part of the testing scope;
              (d) Licensees must consider testing the linkage of their back up IT systems with the primary and backup systems of service providers;
              (e) If back up facilities are shared with other parties (e.g. subsidiaries of the licensee), the licensee needs to verify whether all parties can be accommodated concurrently; and
              (f) Recovery of vital records must be performed as part of the testing.
              Added: January 2020

            • OM-4.9.4

              Formal testing reviews of the BCP must be performed to assess the thoroughness and effectiveness of the testing. Specifically, a post-mortem review report must be prepared at the completion of the testing stage for formal sign-off by Licensees' senior management. If the testing results indicate weaknesses or gaps in the BCP, the plan and recovery strategies must be updated to remedy the situation.

              Added: January 2020

          • Periodic Maintenance and Updating of a BCP

            • OM-4.9.5

              Licensees must have formal procedures to keep their BCP updated with respect to any changes to their business. In the event of a plan having been activated, an assessment process must be carried out once normal operations are restored to identify areas for improvement. If vendors are needed to provide vital recovery services, there must be formal processes for regular annual assessment of the appropriateness of the relevant service level agreements.

              Added: January 2020

            • OM-4.9.6

              Individual business and support functions, with the assistance of the CMT, must review their business impact analysis and recovery strategy on an annual basis. This aims to confirm the validity of, or whether updates are needed to, the BCP requirements (including the technical specifications of equipment of the alternate sites) for the changing business and operating environment.

              Added: January 2020

            • OM-4.9.7

              The contact information for key staff, counterparties, customers and service providers must be updated as soon as possible when notification of changes is received.

              Added: January 2020

            • OM-4.9.8

              Significant internal changes (e.g. merger or acquisitions, business re-organisation or departure of key personnel) must be reflected in the plan immediately and reported to senior management.

              Added: January 2020

            • OM-4.9.9

              Copies of the BCP document must be stored at locations separate from the primary site. A summary of key steps to be taken in an emergency situation must be made available to senior management and other key personnel.

              Added: January 2020

          • Audit and Independent Review

            • OM-4.9.10

              The internal audit function of a licensee or its external auditors must conduct periodic reviews of the BCP to determine whether the plan remains realistic and relevant, and whether it adheres to the policies and standards of the licensee. This review must include assessing the adequacy of business process identification, threat scenario development, business impact analysis and risk assessments, the written plan, testing scenarios and schedules.

              Added: January 2020

            • OM-4.9.11

              Significant findings and recommendations must be brought to the attention of the Board and Senior Management within three months of the completion of the review. Furthermore, Senior Management and the Board must ensure that any gaps or shortcomings reported to them are addressed in an appropriate and timely manner.

              Added: January 2020

      • OM-5 OM-5 Security Measures for Banks

        • OM-5.1 OM-5.1 Security Measures for Retail Banks

          • General Requirement

            • OM-5.1.1

              Retail banks must maintain up to date Payment Card Industry Data Security Standards (PCI-DSS) certification. Failure to comply with this requirement will trigger a supervisory response, which may include formal enforcement measures, as set out in Module EN (Enforcement).

              Added: January 2020

            • OM-5.1.2

              In order to maintain up to date PCI-DSS certification, retail banks will be periodically audited by PCI authorised companies for compliance. Licensees are asked to make certified copies of such documents available if requested by the CBB.

              Added: January 2020

            • OM-5.1.2A

              Conventional retail bank licensees must take appropriate measures to counter fraudulent phishing attempts (such as through telephone or WhatsApp calls, SMS or WhatsApp messages, emails and other media) that request customers to provide sensitive personal information that can lead to frauds. The licensees must also enhance their surveillance and monitoring systems to detect suspicious account activity caused by such fraudulent attempts on a timely basis.

              Added: October 2020

            • OM-5.1.2B

              Conventional retail bank licensees must raise customer awareness about fraudulent phishing messages by launching extensive customer alert campaigns through media and social media channels. Customers must be warned of such attempts and advised to only use the licensee’s official website, telephone or other channels for communication with it.

              Added: October 2020

          • External Measures

            • OM-5.1.3

              All head offices/main offices are required to maintain Ministry of Interior ("MOI") guards on a 24 hours basis. For branches that satisfy the criteria mentioned in Paragraphs OM-5.1.4 to OM-5.1.16 below, they may maintain MOI guards during opening hours only. Furthermore, banks will be allowed to replace MOI armed guards with private security guards subject to the approval of the MOI. Training and approval of private security guards will be given by the MOI.

              Added: January 2020

            • OM-5.1.4

              Public entrances to head offices/main offices and branches must be protected by steel rolling shutters, or the external doors must be of solid steel or a similar solid material of equivalent strength and resistance to fire. Other external entrances must have steel doors or be protected by steel rolling shutters. Preferably, all other external entrances must have the following security measures:

              (a) Magic eye;
              (b) Locking device (key externally and handle internally);
              (c) Door closing mechanism;
              (d) Contact sensor with alarm for prolonged opening time; and
              (e) Multifactor or combination access control system (e.g. access card and key slot or swipe card and password).
              Added: January 2020

            • OM-5.1.5

              External windows must have security measures such as anti-blast films and movement detectors. For ground floor windows, banks must add steel grills fastened into the wall.

              Amended: April 2021
              Added: January 2020

            • OM-5.1.6

              Branch alarm systems must have the following features:

              (a) PIR motion detectors
              (b) Door sensors
              (c) Anti vibration/movement sensors on vaults
              (d) External siren
              (e) The intrusion detection system must be linked to the bank's (i.e. head office) monitoring unit and also the MOI Central Monitoring Unit.
              Added: January 2020

          • Internal Measures

            • OM-5.1.7

              Teller counters must be screened off from customers by a glass screen of no less than 1 meter in height from the counter work surface or 1.4 meters from the floor.

              Added: January 2020

            • OM-5.1.8

              All areas where cash is handled must be screened off from customers and other staff areas.

              Added: January 2020

            • OM-5.1.9

              Access to teller areas must be restricted to authorised staff only. The design of the teller area must not allow customers to pass through it.

              Added: January 2020

            • OM-5.1.10

              Panic alarm systems for teller staff must be installed. The choice between silent or audible panic alarms is left to individual banks. Kick bars and/or hold up buttons must be spread throughout the teller and customer service areas and the branch manager's office. The panic alarm must be linked to the MOI Central Monitoring Unit.

              Added: January 2020

          • Cash Safety

            • OM-5.1.11

              Cash, precious metals and bearer instruments must be kept in fireproof cabinets/safes. These cabinets/safes must be located in strong rooms.

              Added: January 2020

            • OM-5.1.12

              Strong rooms must be made of reinforced solid concrete, or reinforced block work. Doors to strong rooms must be steel and have a steel shutter fitted. Dual locking devices must be installed in strong room doors. Strong room doors must be located out of the sight of customers.

              Added: January 2020

            • OM-5.1.13

              Strong rooms must not contain any other openings except the entry door and where necessary, an air conditioning outlet. The air conditioning outlet must be protected with a steel grill.

              Added: January 2020

          • CCTV Network Systems

            • OM-5.1.14

              All head offices/main offices and branches must have a CCTV network and alarm system which are connected to a central monitoring unit located in the head office/main office, along with a Video Monitoring System (VMS) and to the MOI Central Monitoring Unit.

              Added: January 2020

            • OM-5.1.15

              At a minimum, CCTV cameras must cover the following areas:

              (a) Main entrance;
              (b) Other external doors;
              (c) Any other access points (e.g. ground floor windows);
              (d) The banking hall;
              (e) Tellers' area;
              (f) Strong room entrance; and
              (g) ATMs (by way of internal or external cameras) Refer to Section OM-5.3 for specific CCTV requirements related to ATMs.
              Added: January 2020

            • OM-5.1.16

              Notices of CCTV cameras in operation must be put up for the attention of the public. CCTV records must be maintained for a minimum 45-day period. The transmission rate (in terms of the number of frames per second) must be high enough to make for effective monitoring. Delayed transmission of pictures to the Central Monitoring Unit is not acceptable. The CCTV system must be operational 24 hours per day.

              Added: January 2020

          • Training and Other Measures

            • OM-5.1.17

              Banks must establish the formal position of security manager. This person will be responsible for ensuring all bank staff are given annual, comprehensive security training. Banks must produce a security manual or procedures for staff, especially those dealing directly with customers. For banks with three or more branches, this position must be a formally identified position. For banks with one or two branches, the responsibilities of this position may be added to the duties of a member of management.

              Added: January 2020

            • OM-5.1.18

              The security manager must maintain records on documented security related complaints by customers and take corrective action or make recommendations for action on a timely basis. Actions and recommendations must also be documented.

              Added: January 2020

            • OM-5.1.19

              Banks must consider safety and security issues when selecting premises for new branches. Key security issues include prominence of location (i.e. Is the branch on a main street or a back street?), accessibility for emergency services, and assessment of surrounding premises (in terms of their safety or vulnerability), and the number of entrances to the branch. All banks are required to hold an Insurance Blanket Bond (which includes theft of cash in its cover).

              Added: January 2020

        • OM-5.2 OM-5.2 Payment and ATM cards, Wallets and Point of Sale infrastructure

          • Europay, MasterCard and Visa (EMV) Compliance

            • OM-5.2.1

              All cards (debit, credit, charge, prepaid, etc.) issued by licensees in the Kingdom of Bahrain must be EMV compliant. Moreover, all ATMs, CDMs, POS, etc. must be EMV compliant for accepting cards issued in the Kingdom of Bahrain. In this context, EMV compliant means using chip and online PIN authentication. However, contactless card payment transactions, where no PIN verification is required, are permitted for small amounts i.e. up to BD50 per transaction, provided that Conventional bank licensees bear full responsibility in case of fraud occurrence.

              Amended: April 2023
              Added: January 2020

            • OM-5.2.1A

              Where contactless payments use Consumer Device Cardholder Verification Method (CDCVM) for payment authentication and approval, then the authentication required for transactions above BD50 limit mentioned in Paragraph OM-5.2.1 is not applicable given that the customer has already been authenticated by his device using PIN, biometric or other authentication methods. This is only applicable where debit/credit card of the customer has already been tokenized in the payment application.

              Amended: April 2023
              Added: July 2020

          • Provision of Cash Withdrawal and Payment Services through Various Channels

            • OM-5.2.2

              Conventional bank licensees are allowed to provide cash withdrawal and payment services using various channels, including but not limited to, contactless, cardless, QR code, e-wallets, biometrics (iris recognition, facial recognition, fingerprint, voiceprint, etc.), subject to explicit consent from the customers using established methods described in OM-3.2 and enrolling them through a registration process for each channel and service, wherein customers' acceptance of products/services terms and conditions are documented and customers are properly authenticated. Such enrolment process must allow an opt-out option if the customer does not want to use a channel for which he has enrolled.

              Added: January 2020

          • Geolocation Limitations

            • OM-5.2.3

              All Conventional bank licensees issuing debit, prepaid and/or credit cards must ensure that all Bahrain issued cards enable each customer to maintain a list of 'approved' countries for card ATM/Point of Sale (POS) transactions. Customers must be allowed to determine those countries in which their cards must not be accepted as well as countries or merchant categories in which a card transaction would require a further level of authorisation, (for example, 2-way SMS).

              Added: January 2020

          • Prohibition of Double Swiping

            • OM-5.2.4

              Double swiping of cards by merchants is not allowed, and all card acquirer licensees must ensure that the merchants concerned must comply with this requirement.

              Added: January 2020

            • OM-5.2.5

              For the purpose of Paragraph OM-5.2.4, card acquirer licensee means a CBB licensee that enters into a contractual relationship with a merchant and the payment card issuer, under a card payment scheme, for accepting and processing payment card transactions. Card acquirers include three-party payment card network operators, who have outsourced their acquiring services to third party service providers.

              Added: January 2020

            • OM-5.2.6

              For the purpose of Paragraph OM-5.2.4, double swiping means swiping of a payment card by a merchant at the POS terminal/ECR for the second time, resulting in capturing and storing of payment cardholder data and sensitive authentication data encoded on the magnetic stripe of a customer's payment card, after the merchant received the required card payment authorisation response.

              Added: January 2020

            • OM-5.2.7

              All card acquirer licensees must include the following clause into the merchant agreements entered into with all their merchants: "Pursuant to the CBB directions and instructions, the merchant shall stop double swiping of a payment card at a merchant's point-of-sale (POS) terminal/electronic cash register (ECR) to capture or store cardholder and sensitive authentication data encoded on the magnetic stripe of a customer's payment card, after the merchant received the required card payment authorisation response. The merchant asserts its full compliance with the obligation contained in this clause and understands that any breach of this clause will expose the merchant to mandatory contractual and/or legal disciplinary actions by the relevant regulator and/or concerned Ministry."

              Added: January 2020

            • OM-5.2.8

              All card acquirer licensees must:

              (i) Educate the concerned merchants on the regulatory requirement and monitor the implementation of this requirement; and
              (ii) Educate and facilitate, where necessary, any merchant that has a valid business need to have cardholder data or non-sensitive information, to transmit such data/information through an integration option.
              Added: January 2020

          • Integration of Hardware Components

            • OM-5.2.9

              If the Automated Teller Machines (ATM) environment permits access to internal areas where account data is processed and/or stored (e.g., for service or maintenance), these areas must be effectively protected from access by unauthorised persons to mitigate the risk associated with attaching/inserting malicious additional components, especially those which may be designed to capture sensitive data. Banks must encrypt account data or secure access to such data by effective physical barriers such as strong walls, doors, and mechanical locks.

              Added: January 2020

            • OM-5.2.10

              All entry to sensitive areas must be recorded, including the name of the persons accessing the area; the date; and the time of access to and exit from the area. CCTV cameras must be installed, and used to record all activities within the ATM environment.

              Added: January 2020

            • OM-5.2.11

              Banks are required to implement best industry practice in respect of hardware and software development and integration, including but not limited to formal specification, test plans, and documentation. Hardware and software should only be introduced to the environment following a successful programme of testing.

              Added: January 2020

            • OM-5.2.12

              All test plans and the outcomes of these plans must be retained by the bank for a minimum of five years from the date of testing and be available on request to the CBB or their authorised representatives. Examples of instances in which a detailed testing process must be undertaken prior to installation and integration of components include, but are not limited to, secure card readers or EPPs. In all instances the applicable standards relating to Payment Card Industry (PCI), PIN Transaction Security (PTS), and Point of Interaction (POI) requirements must be fully complied with.

              Added: January 2020

            • OM-5.2.13

              Banks must ensure that the integration of Secure Card Readers, (SCRs) and, if applicable, any mechanism protecting the SCRs and any anti skimming devices are properly implemented and fully comply with the guidelines provided by the device vendor. SCRs must be PCI Security Standards Council approved and fully comply with all PCI standards at all times.

              Added: January 2020

            • OM-5.2.14

              Banks must ensure that all ATMs, including offsite ATMs, are equipped with mechanisms which prevent skimming attacks. There must be no known or demonstrable way to disable or defeat the above-mentioned mechanisms, or to install an external or internal skimming device.

              Added: January 2020

          • ATM Software

            • OM-5.2.15

              Banks must ensure that their ATM software security measures comply with the following:

              (a) Access to sensitive services is controlled by requiring authentication. Entering or exiting sensitive services must not reveal or otherwise compromise the security of sensitive information;
              (b) ATM software must include controls which are designed to prevent unauthorised modification of the software configuration, including the operating system, drivers, libraries, and individual applications. Software configuration includes the software platform, configuration data, applications loaded to and executed by the platform, and the associated data. The mechanisms must also ensure the integrity of third-party applications, using a controlled process to install such controls;
              (c) Access to all elements of the ATM environment must be strictly controlled to ensure an effective segregation of functions and an effective segregation of responsibilities exists for all personnel;
              (d) The logging data must be stored in a way that data cannot be changed under any circumstances, and deleted only after authorisation by a member of bank staff who has specific responsibility delegated by the CEO;
              (e) Software is protected and stored in a manner which precludes unauthorised modification; and
              (f) Loading of software into ATMs is performed by a person who has the requisite knowledge and skills, and who has been nominated and authorised by a senior manager in the bank to undertake these tasks.
              Added: January 2020

            • OM-5.2.16

              ATMs must incorporate dedicated tampering protection capabilities.

              Added: January 2020

          • ATM Application Management

            • OM-5.2.17

              Banks must ensure that their ATM application management complies with the following:

              (a) The display of a cardholder PIN must be obfuscated on the ATM display and must not be in 'clear' mode;
              (b) Sensitive information must not be present any longer or used more often than strictly necessary. The ATM must automatically clear its internal buffers when either the transaction is completed, or the ATM has timed out whilst awaiting a response from the cardholder or host; and
              (c) Prevent the display or disclosure of cardholder account information such as the account number, ID number, address and other personal details etc. on the ATM screen, printed on receipts, or audio transcripts for visually impaired cardholders.
              Added: January 2020

        • OM-5.3 OM-5.3 ATM Security Measures: Physical Security for Retail Banks

          • Record Keeping

            • OM-5.3.1

              Banks must record the details of the site risk assessments and retain such records for a period of five years from the date of the ATM installation, or whatever other period required by the Ministry of the Interior or the CBB from time to time, whichever is the longer.

              Added: January 2020

          • Installation of an Off-site ATM in Bahrain

            • OM-5.3.2

              Banks must notify the CBB in writing if they install a new off-site ATM or remove/terminate any of its off-site ATMs.

              Amended: January 2022
              Added: January 2020

            • OM-5.3.3

              [This Paragraph has been deleted in January 2022].

              Deleted: January 2022
              Added: January 2020

          • General Criteria

            • OM-5.3.4

              [This Paragraph has been deleted in January 2022].

              Deleted: January 2022
              Added: January 2020

            • OM-5.3.5

              [This Paragraph has been deleted in January 2022].

              Deleted: January 2022
              Added: January 2020

            • OM-5.3.6

              [This Paragraph has been deleted in January 2022].

              Deleted: January 2022
              Added: January 2020

            • OM-5.3.7

              [This Paragraph has been deleted in January 2022].

              Deleted: January 2022
              Added: January 2020

            • OM-5.3.8

              [This Paragraph has been deleted in January 2022].

              Deleted: January 2022
              Added: January 2020

            • OM-5.3.9

              [This Paragraph has been deleted in January 2022].

Deleted: January 2022
Added: January 2020

  • OM-5.3.10

    [This Paragraph has been deleted in January 2022].

    Deleted: January 2022
    Added: January 2020

  • OM-5.3.11

    [This Paragraph has been deleted in January 2022].

    Deleted: January 2022
    Added: January 2020

  • OM-5.3.12

    The CBB may, at its sole discretion, require an off-site ATM to be removed/terminated and decommissioned at any time.

    Added: January 2020

  • ATM Alarms

    • OM-5.3.13

      In addition to alarming the premises, banks must alarm the ATM itself, in a way which activates audibly when the ATM is under attack. The system must be monitored by remote signaling to an appropriate local police response designated by the Ministry of Interior. In doing so, banks must consider the following:

      (a) The design of the system must ensure that the ATM has a panic alarm installed;
      (b) The design of the system must give an immediate, system controlled warning of an attack on the ATM, and all ATMs must be fitted with fully operational fraud detection and inhibiting devices;
      (c) A maintenance record must be kept for the alarm detection system and routine maintenance must be conducted in accordance with at least the manufacturer's recommendations. The minimum must be two planned maintenance visits and tests every 6 months; and
      (d) The alarm system must be monitored from an Alarm Receiving Centre 24 hours daily. It must automatically generate an alarm signal if the telephone/internet line fails or is cut.
      Added: January 2020

  • Closed-circuit Television (CCTV)

    • OM-5.3.14

      Banks must ensure that ATMs are equipped with Closed-circuit television (CCTV). The location of camera installation must be carefully chosen to ensure that images of the ATM are recorded, however keypad entries must not be recorded. The camera must support the detection of the attachment of alien devices to the fascia (external body) and possess the ability to generate an alarm for remote monitoring if the camera is blocked or otherwise disabled. There must be sensors to detect and alert the bank if the camera has been blocked or tampered with.

      Added: January 2020

    • OM-5.3.15

      For the purposes of Paragraph OM-5.3.14, the location of camera installation in drive-thru ATMs must be carefully chosen to ensure that the images of the vehicle number plates are clearly captured during both daytime and nighttime.

      Added: January 2020

    • OM-5.3.16

      As a minimum, CCTV activity must be recorded (preferably in digital format) and, where risk dictates, remotely monitored by a third party Alarm Receiving Centre.

      Added: January 2020

    • OM-5.3.17

      When an ATM is located in an area where a public CCTV system operates, the deployer or agent must liaise with the agency responsible for the CCTV system to include the ATM site in any preset automatic camera settings or to request regular sweeps of the site. The CCTV system must not be able to view the ATM keypad thereby preventing observation of PIN entry.

      Added: January 2020

    • OM-5.3.18

      Banks must ensure that the specifications of CCTV cameras meet the following minimum requirements:

      (a) Analogue Cameras:
      Resolution — Minimum 700 TVL

      Lens — Vari-focal lenses from 2.8 to 12mm

      Sensitivity — Minimum 0.5 Luminance (Lux) without Infrared (IR), 0 Lux with IR

      IR — At least 10 to 20 meters (Camera that detects motion)
      (b) IP Cameras:
      Resolution — 2 MP — 1080 p

      Lens — Vari-focal lenses from 2.8 to 12mm

      Sensitivity — Minimum 0.5 Lux without IR, 0 Lux with IR

      IR — At least 10 to 20 meters
      Added: January 2020

    • OM-5.3.19

      Banks must ensure that the following network requirements are met for connecting the Banks CCTV system to MOI Control room:

      (a) The minimum speed of the upload should be 2 Mbps for each node (ATM's and branches);
      (b) Speed/storage limit threshold must not be applied in a manner which permits a network delay; and
      (c) Access must be restricted to authorised personnel.
      Added: January 2020

  • ATM Lighting

    • OM-5.3.20

      Banks must ensure that adequate and effective lighting is operational at all times within the ATM environment. The standard of the proposed lighting must be agreed with the Ministry of the Interior and other relevant authorities, and tested at least once every three months to ensure that the lighting is in good working order.

      Added: January 2020

    • OM-5.3.21

      Banks must ensure that adequate and effective lighting is operational within drive-thru ATMs to enable the CCTV cameras to capture the vehicle number plates during both daytime and nighttime.

      Added: January 2020

  • Fire Alarm

    • OM-5.3.22

      Banks must ensure that effective fire alarm and fire defense measures, such as a sprinkler, are installed and functioning for all ATMs. These alarms must be linked to the "General Directorate of Civil Defense" in Bahrain.

      Added: January 2020

  • Cash Replenishment

    • OM-5.3.23

      All cash movements between branches, to and from the CBB and to off-site ATMs must be performed by specialised service providers.

      Added: January 2020

  • ATM Service/Maintenance

    • OM-5.3.24

      Banks must maintain a list of all maintenance, replenishment and inspection visits by staff or other authorised parties.

      Added: January 2020

    • OM-5.3.25

      The CBB shall conduct inspections of ATM installations and any non-compliance with the physical security requirements stipulated in this Chapter may lead to suspension of the subject ATMs and trigger other enforcement measures set out in Module EN.

      Added: October 2022

  • OM-5.4 OM-5.4 ATM Security Measures: Additional Measures for Retail Banks

    • OM-5.4.1

      Banks may ensure the adequacy and effectiveness of external security measures throughout the ATM environment through the additional security measures outlined in this Section.

      Added: January 2020

    • Sounders and Flashing Warning Lights

      • OM-5.4.2

        Banks should ensure that street-based ATMs are installed with an audible alarm sounder, and a visual flashing warning light, to indicate when the ATM is under attack.

        Added: January 2020

    • Armored Anti-Bandit Shroud

      • OM-5.4.3

        Banks should obtain and act upon advice provided by the Ministry of Interior in respect of protecting the ATM installation with an armored anti-bandit shroud which is placed around the ATM to prevent any bombing or other physical attempts to damage the ATM.

        Added: January 2020

  • OM-5.5 OM-5.5 Cyber Security Risk Management

    • Role of the Board

      • OM-5.5.1 OM-5.5.1

        The Board of conventional bank licensees must ensure that the licensee has a robust cyber security risk management policy to comprehensively manage the licensee’s cyber security risk and vulnerabilities. The Board must approve the policy and establish clear ownership, decision-making and management accountability for risks associated with cyber-attacks and related risk management and recovery processes. Cyber security must be an item for discussion at Board or Board sub-committee meetings.

        Amended: July 2021
        Added: January 2020

        • OM-5.5.4

          Boards should receive comprehensive reports, in every Board meeting, covering cyber security issues such as the following:

          a. Key Risk Indicators/ Key Performance Indicators;
          b. Status reports on overall cyber security control maturity levels;
          c. Status of staff Information Security awareness;
          d. Updates on latest internal or relevant external cyber security incidents; and
          e. Results from penetration testing exercises.
          Amended: July 2021
          Added: January 2020

        • OM-5.5.2 OM-5.5.2

          The Board of conventional bank licensees must ensure that the cyber security risk management framework encompasses, at a minimum, the following components:

          a) Cyber security strategy;
          b) Cyber security policy; and
          c) Cyber security risk management approach, tools and methodology and, an organization-wide security awareness program.
          Amended: July 2021
          Added: January 2020

          • OM-5.5.5

            The Board must evaluate and approve the cyber security risk management framework for scope coverage, adequacy and effectiveness every three years or when there are significant changes to the risk environment, taking into account emerging cyber threats and cyber security controls.

            Amended: July 2021
            Added: January 2020

          • OM-5.5.3 OM-5.5.3

            The cyber security risk management framework must be developed in accordance with the National Institute of Standards and Technology (NIST) Cyber security framework which is summarized in Appendix C – Cyber security Control Guidelines. At the broader level, the Cyber security framework should be consistent with the licensee’s risk management framework.

            Amended: July 2021
            Added: January 2020

            • OM-5.5.6

              Conventional bank licensees must establish a cyber security risk function, independent of the information technology (IT) department, which must report to an independent risk management function or an equivalent function within the licensee. The cyber security risk management function must monitor and report on the status and maturity of relevant cyber security controls. Branches of foreign bank licensees must be governed under a framework of cyber security risk management policies which ensure that an adequate level of oversight is exercised by the regional office or head office.

              Amended: July 2021
              Added: January 2020

            • OM-5.5.7

              The Board should ensure that appropriate resources are allocated to the cyber security risk management function for implementing the cyber security framework.

              Added: July 2021

            • OM-5.5.8

              The Board must ensure that the cyber security risk management function is headed by suitably qualified Chief Information Security Officer (CISO), with appropriate authority to implement the Cyber Security strategy.

              Added: July 2021

            • OM-5.5.9

              The Board should establish a cyber security committee that is headed by an independent senior manager from a control function (like CFO / CRO), with appropriate authority to approve policies and frameworks needed to implement the cyber security strategy, and act as a governance committee for the cyber security function. Membership of this committee should include senior management members from business functions, IT, Risk and Compliance.

              Added: July 2021

    • Role of Senior Management

      • OM-5.5.10

        The senior management must be responsible for the following activities:

        (a) Create the overall cyber security risk management framework and adequately oversee its implementation;
        (b) Formulate a bank-wide cyber security strategy and cyber security policy;
        (c) Implement and consistently maintain an integrated, bank-wide, cyber security risk management framework, and ensure sufficient resource allocation;
        (d) Monitor the effectiveness of the implementation of cyber security risk management practices and coordinate cyber security activities with internal and external risk management entities;
        (e) Provide quarterly or more frequent reports to the Board on the current situation with respect to cyber threats and cyber security risk treatment;
        (f) Prepare quarterly or more frequent reports on all cyber incidents (internal and external) and their implications on the licensee; and
        (g) Ensure that processes for identifying the cyber security risk levels across the organisation are in place and annually evaluated.
        Added: July 2021

      • OM-5.5.11

        The senior management must ensure that:

        (a) The licensee has identified clear internal ownership and classification for all information assets and data;
        (b) The licensee has maintained an inventory of the information assets and data which is reviewed and updated regularly;
        (c) The cyber security staff are adequate to manage the licensee’s cyber security risks and facilitate the performance and continuous improvement of all relevant cyber security controls;
        (d) It provides and requires cyber security staff to attend regular cyber security update and training sessions (for example Security+, CEH, CISSP, CISA, CISM) to stay abreast of changing cyber security threats and countermeasures.
        Added: July 2021

      • OM-5.5.12

        With respect to Subparagraph OM-5.5.11(a), data classification entails analyzing the data the licensee retains, determining its importance and value, and then assigning it to a category. When classifying data, the following aspects of the policy should be determined:

        a) Who has access to the data;
        b) How the data is secured;
        c) How long the data is retained (this includes backups);
        d) What method should be used to dispose of the data;
        e) Whether the data needs to be encrypted; and
        f) What use of the data is appropriate.

        The general guideline for data classification is that the definition of the classification should be clear enough so that it is easy to determine how to classify the data. In other words, there should be little (if any) overlap in the classification definitions. The owner of data (i.e. the relevant business function) should be involved in such classification.

        Added: July 2021

    • Cyber Security Strategy

      • OM-5.5.13

        A bank-wide cyber security strategy must be defined and documented to include:

        (a) The position and importance of cyber security at the licensee;
        (b) The primary cyber security threats and challenges facing the licensee;
        (c) The licensee’s approach to cyber security risk management;
        (d) The key elements of the cyber security strategy including objectives, principles of operation and implementation approach;
        (e) Scope of risk identification and assessment, which must include the dependencies on third party service providers;
        (f) Approach to planning response and recovery activities; and
        (g) Approach to communication with internal and external stakeholders including sharing of information on identified threats and other intelligence among industry participants.
        Added: July 2021

      • OM-5.5.14

        The cyber security strategy should be communicated to the relevant stakeholders and it should be revised as necessary and, at least, once every three years. Appendix C provides cyber security control guidelines that can be used as reference to support the licensee’s cyber security strategy and cyber security policy.

        Added: July 2021

    • Cyber Security Policy

      • OM-5.5.15

        Conventional bank licensees must implement a written cyber security policy setting forth its policies for the protection of its electronic systems and client data stored on those systems, which must be reviewed and approved by the licensee’s board of directors or senior management, as appropriate, at least annually. The cyber security policy areas including but not limited to the following must be addressed:

        (a) Definition of the key cyber security activities within the licensee, the roles, responsibilities, delegated powers and accountability for these activities;
        (b) A statement of the licensee’s overall cyber risk tolerance as aligned with the licensee’s business strategy. The cyber risk tolerance statement should be developed through consideration of the various impacts of cyber threats including customer impact, service downtime, potential negative media publicity, potential regulatory penalties, financial loss, and others;
        (c) Definition of main cyber security processes and measures and the approach to control and assessment;
        (d) Policies and procedures (including process flow diagrams) for all relevant cyber security functions and controls including the following:
        (a) Asset management (Hardware and software);
        (b) Incident management (Detection and response);
        (c) Vulnerability management;
        (d) Configuration management;
        (e) Access management;
        (f) Third party management;
        (g) Secure application development;
        (h) Secure change management;
        (i) Cyber training and awareness;
        (j) Cyber resilience (business continuity and disaster planning); and
        (k) Secure network architecture.
        Added: July 2021

    • Approach, Tools and Methodology

      • OM-5.5.16

        Conventional bank licensees must ensure that the cyber security policy is effectively implemented through a consistent risk-based approach using tools and methodologies that are commensurate with the size and risk profile of the licensee. The approach, tools and methodologies must cover all cyber security functions and controls defined in the cyber security policy.

        Added: July 2021

      • OM-5.5.17

        Licensees should establish and maintain plans, policies, procedures, process and tools (“playbooks”) that provide well-defined, organised approaches for cyber incident response and recovery activities, including criteria for activating the measures set out in the plans and playbooks to expedite the organisation’s response time. Plans and playbooks should be developed in consultation with business lines to ensure business recovery objectives are met, and are approved by senior management before broadly shared across the licensee. They should be reviewed and updated regularly to incorporate improvements and/or changes in the organisation. Licensees may enlist external subject matter experts to review complex and technical content in the playbook, where appropriate. A number of plans and playbooks should be developed for specific purposes (e.g. response, recovery, contingency, communication) that align with the overall cyber security strategy.

        Added: July 2021

    • Prevention Controls

      • OM-5.5.18

        A conventional bank licensee must develop and implement preventive measures across all relevant technologies to minimise the licensee’s exposure to cyber security risk. Such preventive measures must include, at a minimum, the following:

        (a) Deployment of End Point Protection (EPP) and Endpoint Detection and Response including anti-virus software and anti-malware programs to detect, prevent, and isolate malicious code;
        (b) Data leakage prevention solutions to detect and prevent confidential data from leaving the licensee’s technology environment;
        (c) Use of firewalls for network segmentation including use of Web Application Firewalls (WAF) for filtering and monitoring HTTP traffic between a web application and the Internet, and access control lists to limit unauthorized system access between network segments;
        (d) Rigorous security testing at software development stage as well as after deployment to limit the number of vulnerabilities;
        (e) Use of Privileged Access Management (PAM) to secure, control, manage and monitor privileged access to critical assets;
        (f) Use of a secure email gateway to limit email based cyber attacks such as malware attachments, malicious links, and phishing scams (for example use of Microsoft Office 365 Advanced Threat Protection tools for emails);
        (g) Use of a Secure Web Gateway to limit browser based cyber-attacks, malicious websites and enforce organization policies;
        (h) Creating a list of whitelisted applications and application components (libraries, configuration files, etc.) that are authorized to be present or active on the organization’s systems;
        (i) Use of mobile device management solutions including implementing Bring Your Own Device “BYOD” security policies to secure all mobile devices with any access to bank systems, applications, and networks through security measures such as encryption, remote wipe capabilities, and password enforcement; and
        (j) Network access control to secure physical network ports against connection to computers which are unauthorised to connect to the licensee’s network or which do not meet the minimum security requirements defined for licensee computer systems; and
        (k) Identity and access management solutions to limit the exploitation and monitor the use of privileged and non-privileged accounts.
        Added: July 2021

      • OM-5.5.19

        Conventional bank licensees must set up anti-spam and anti-spoofing measures to authenticate the licensee’s mail server and to prove to ISPs, mail services and other receiving mail servers that senders are truly authorized to send the email. Examples of such measures include:

        • SPF “Sender Policy Framework”;
        • DKIM “Domain Keys Identified Mail”; and
        • DMARC “Domain-based Message Authentication, Reporting and Conformance”.
        Added: July 2021

      • OM-5.5.20

        Conventional bank licensees should subscribe to one of the Cyber Threat Intelligence services in order to stay abreast of emerging cyber threats, cybercrime actors and state of the art tools and security measures.

        Added: July 2021

      • OM-5.5.21

        Licensees must use a single unified private email domain or its subdomains for communication with customers to prevent abuse by third parties. Licensees must not utilise third-party email provider domains for communication with customers. The email domains must comply with the requirements with respect to SPF, DKIM and DMARC in this Module. With respect to URLs or other clickable links in communications with customers, licensees must comply with the following requirements:

        (a) Limit the use of links in SMS and other short messages (such as WhatsApp) to messages sent as a result of customer request or action. Examples of such customer actions include verification links for customer onboarding, payment links for customer-initiated transactions etc;
        (b) Refrain from using shortened links in communication with customers;
        (c) Implement one or more of the following measures for links sent to customers:
        i. ensure customers receive clear instructions in communications sent with the links;
        ii. prior notification to the customer such as through a phone call informing the customer to expect a link from the licensee;
        iii. provision of transaction details such as the transaction amount and merchant name in the message sent to the customer with the link;
        iv. use of other verification measures like password or biometric authentication; and
        (d) Create customer awareness campaigns to educate their customers on the risk of fraud related to links they receive in SMS, short messages and emails with clear instructions to customers that licensees will not send clickable links in SMS, emails and other short messages to request information or payments unless it is as a result of customer request or action.
        Amended: October 2022
        Added: July 2021

      • OM-5.5.21A

        For the purpose of Paragraph OM-5.5.21, subject to CBB’s approval, licensees may be allowed to use additional domains for email communications with customers under certain circumstances. Examples of such circumstances include emails sent to customers by:

        (a) Head/regional office of a licensee; and
        (b) Third-party service providers subject to prior arrangements being made with customers. Examples of such third-party services include informational subscription services (e.g. Bloomberg) and document management services (e.g. DocuSign).
        Added: October 2022

    • Cyber Risk Identification and Assessments

      • OM-5.5.22

        Conventional bank licensees must conduct periodic assessments of cyber threats. For the purpose of analysing and assessing current cyber threats relevant to the licensee, it should take into account the factors detailed below:

        (a) Cyber threat entities including cyber criminals, cyber activists, insider threats;
        (b) Methodologies and attack vectors across various technologies including cloud, email, websites, third parties, physical access, or others as relevant;
        (c) Changes in the frequency, variety, and severity of cyber threats relevant to the region;
        (d) Dark web surveillance to identify any plot for cyber attacks;
        (e) Examples of cyber threats from past cyber attacks on the licensee if available; and
        (f) Examples of cyber threats from recent cyber attacks on other organisations.
        Added: July 2021

      • OM-5.5.23

        Conventional bank licensees must conduct periodic assessments of the maturity, coverage, and effectiveness of all cyber security controls. Cyber security control assessment must include an analysis of the controls’ effectiveness in reducing the likelihood and probability of a successful attack.

        Added: July 2021

      • OM-5.5.24

        Licensees should ensure that the periodic assessments of cyber threats and cyber security controls cover all critical technology systems. A risk treatment plan should be developed for all residual risks which are considered to be above the licensee’s risk tolerance levels.

        Added: July 2021

      • OM-5.5.25

        Conventional bank licensees must conduct regular technical assessments to identify potential security vulnerabilities for systems, applications, and network devices. The vulnerability assessments must be comprehensive and cover internal technology, external technology, and connections with third parties. Preferably monthly assessments are conducted for internal technology and weekly or more frequent assessments for external public facing services and systems.

        Added: July 2021

      • OM-5.5.26

        With respect to Paragraph OM-5.5.25, external technology refers to the licensee’s public facing technology such as websites, apps and external servers. Connections with third parties includes any API or other connections with fintech companies, technology providers, outsourcing service providers etc.

        Added: July 2021

      • OM-5.5.27

        Conventional bank licensees must have in place vulnerability and patch management processes which include remediation processes to ensure that the vulnerabilities identified are addressed and that security patches are applied where relevant within a timeframe that is commensurate with the risks posed by each vulnerability.

        Added: July 2021

      • OM-5.5.28

        All licensees must perform penetration testing of their systems, applications, and network devices to verify the robustness of the security controls in place at least twice a year. These tests must be used to simulate real world cyber-attacks on the technology environment and must:

        (a) Follow a risk-based approach based on an internationally recognized methodology, such as National Institute of Standards and Technology “NIST” and Open Web Application Security Project “OWASP”;
        (b) Include both Grey Box and Black Box testing in its scope;
        (c) Be conducted by qualified and experienced security professionals who are certified in providing penetration testing services;
        (d) Be performed by internal and external independent third parties which should be changed at least every two years; and
        (e) Be performed on either the production environment or on non-production exact replicas of the production environment.
        Added: July 2021

      • OM-5.5.29

        CBB may require additional red teaming exercises to be performed as needed. A red team is a group of ethical hackers with varying backgrounds, that would test the organization's blue team's threat response activity. The red team may attack 3 fronts: cyber, social (attack on people's behavior) and physical (attack on an organization's physical facility and or 3rd party premises). A red teaming exercise is like a penetration test in many ways but more targeted. The goal is not to find as many vulnerabilities as possible. The goal is to test the organization's detection and response capabilities. The red team will try to get in and access sensitive information in any way possible, as quietly as possible.

        Added: July 2021

      • OM-5.5.30

        Where licensees have been required to conduct a red teaming exercise the results of such an exercise must be provided to CBB within one month of the completion of the exercise together with a comprehensive plan to address any observed weaknesses.

        Added: July 2021

    • Cyber Incident Detection and Management

      • OM-5.5.31

        Conventional bank licensees must implement cyber security incident management processes to ensure timely detection, response and recovery for cyber security incidents. This includes implementing a Security Information & Event Management “SIEM” system.

        Added: July 2021

      • OM-5.5.32

        Licensees should consider the adequacy of the SIEM, keeping in view it should receive data on a real time basis from all relevant systems, applications, and network devices including operational and business systems. The monitoring system should be capable of identifying indicators of cyber incidents and initiate alerts, reports, and response activities based on the defined cyber security incident management process.

        Added: July 2021

      • OM-5.5.33

        Licensees should retain the logs and other information from the SIEM for detecting cyber incidents, including "low-and-slow" attacks, in order to facilitate incident investigations, for 5 years or longer.

        Added: July 2021

      • OM-5.5.34

        Once a cyber incident is detected, licensees should activate their containment measures, processes and technologies best suited to each type of cyber incident to prevent a cyber incident from inflicting further damage. This may involve, after considering the costs, business impact and operational risks, shutting down or isolating all or affected parts of their systems and networks as deemed necessary for containment and diagnosis.

        Added: July 2021

      • OM-5.5.35

        Conventional bank licensees must establish a Security Operations Centre (SOC) that is tailored to the needs of the licensee to detect, identify, investigate and respond to cyber incidents that could impact the licensee’s infrastructure, services and customers. Capabilities for log collection and monitoring SIEM must be built into the SOC. The SOC must maintain the licensee’s asset inventory and network diagrams.

        Added: July 2021

      • OM-5.5.36

        Conventional bank licensees must regularly identify, test, review and update current cyber security risk scenarios and the corresponding response plan. This is to ensure that the scenarios and response plan remain relevant and effective, taking into account changes in the operating environment, systems or the emergence of new cyber security threats. If any gaps are identified, the SIEM system must be updated with new use cases and rule sets which are capable of detecting the current cyber incident scenarios.

        Added: July 2021

      • OM-5.5.37

        The cyber incident scenario tests should include high-impact-low-probability events and scenarios that may result in failure. Common cyber incident scenarios include distributed denial of service (DDoS) attacks, system intrusion, data exfiltration and system disruption. Licensees should regularly use threat intelligence to update the scenarios so that they remain current and relevant. Licensees should periodically review current cyber incident scenarios for the purpose of assessing the licensee’s ability to detect and respond to these scenarios if they were to occur.

        Added: July 2021

      • OM-5.5.38

        Conventional bank licensees must ensure that critical cyber security incidents detected are escalated to an incident response team, management and the Board, in accordance with the licensee’s business continuity plan and crisis management plan, and that an appropriate response is implemented promptly. See also Paragraph OM-5.5.57 for the requirement to report to CBB.

        Added: July 2021

      • OM-5.5.39

        Conventional bank licensees should clearly define the roles, responsibilities and accountabilities for cyber incident detection and response activities to one or more named individuals that meet the pre-requisite role requirements. Potential conflicts of interest are minimised by ensuring a separation of implementation and oversight roles where possible. The roles should include:

        Incident Owner: An individual that is responsible for handling the overall cyber incident detection and response activities according to the incident type and services affected. The Incident Owner is delegated appropriate authority to manage the mitigation or preferably, removal of all impacts due to the incident.
        Spokesperson: An individual, from External Communications Unit or another suitable department, that is responsible for managing the communications strategy by consolidating relevant information and views from subject matter experts and the organisation’s management to update the internal and external stakeholders with consistent information.
        Record Keeper: An individual that is responsible for maintaining an accurate record of the cyber incident throughout its different phases, as well as documenting actions and decisions taken during and after a cyber incident. The record serves as an accurate source of reference for after-action reviews to improve future cyber incident detection and response activities.
        Added: July 2021

      • OM-5.5.40

        For the purpose of managing a critical cyber incident, the licensee should operate a situation room, and should include in the incident management procedure a definition of the authorities and responsibilities of staff members, internal and external reporting lines, communication channels, tools and detailed working procedures. The situation room or a war room is a physical room or a virtual room where relevant members of the management gather to handle a crisis in the most efficient manner possible.

        Added: July 2021

      • OM-5.5.41

        Licensees should record and document in an orderly manner the incidents that have been handled and the actions that were taken by the relevant functions. In particular, the licensee should maintain an "incident log" in which all the notifications, decisions and actions taken, in relation to cyber incidents, are documented, as close as possible to the time of their occurrence. It should also include the status of the issue whether it is open or has been resolved and person in charge of resolving the issue/incident. The logs should be stored and preserved in a secure and legally admissible manner.

        Added: July 2021

      • OM-5.5.42

        Licensees should utilise pre-defined taxonomy for classifying cyber incidents according to, for example, the type of incident, threat actors, threat vectors and repercussions; and a pre-established severity assessment framework to help gauge the severity of the cyber incident. For example, taxonomies that can be used when describing cyber incidents:

        (a) Describe the cause of the cyber incident (e.g. process failure, system failure, human error, external event, malicious action);
        (b) Describe whether the cyber incident due to a third-party service provider;
        (c) Describe the attack vector (e.g. malware, virus, worm, malicious hyperlink);
        (d) Describe the delivery channel used (e.g. e-mail, web browser, removable storage media);
        (e) Describe the impact (e.g. service degradation/disruption, service downtime, potential impact to customers, data leakage, unavailability of data, data destruction/corruption, tarnishing of reputation);
        (f) Describe the type of incident (e.g. zero-day attack, exploiting a known vulnerability, isolated incident);
        (g) Describe the intent (e.g. malicious, theft, monetary gain, fraud, political, espionage, opportunistic);
        (h) Describe the threat actor (e.g. script kiddies, amateur, criminal syndicate, hacktivist, nation state);

        The cyber incident severity may be classified as:

        (a) Severity 1 incident has or will cause a serious disruption or degradation of critical service(s) and there is potentially high impact on public confidence in the licensee.
        (b) Severity 2 incident has or will cause some degradation of critical services and there is medium impact on public confidence in the licensee.
        (c) Severity 3 incident has little or no impact to critical services and there is no visible impact on public confidence in the licensee.
        Added: July 2021

      • OM-5.5.43

        Licensees should determine the effects of the cyber incident on customers and to the wider banking system as a whole and report the results of such an assessment to CBB if it is determined that the cyber incident may have a systemic impact. Licensees may also share non-sensitive information on cyber incidents, effective cyber security strategies and risk management practices through malware information sharing platforms (MISP). Technical information, such as Indicators of Compromise (IoCs) or vulnerabilities exploited can be shared through MISP.

        Added: July 2021

      • OM-5.5.44

        Licensees should establish metrics to measure the impact of a cyber incident and to report to management the performance of response activities. Examples include:

        1. Metrics to measure impact of a cyber incident:
        (a) Duration of unavailability of critical functions and services;
        (b) Number of stolen records or affected accounts;
        (c) Volume of customers impacted;
        (d) Amount of lost revenue due to business downtime, including both existing and future business opportunities;
        (e) Percentage of service level agreements breached.
        2. Performance metrics for incident management:
        (a) Volume of incidents detected and responded via automation;
        (b) Dwell time (i.e. the duration a threat actor has undetected access until completely removed);
        (c) Recovery Point objectives (RPO) and recovery time objectives (RTO) satisfied.
        Added: July 2021

    • Recovery

      • OM-5.5.45

        Conventional bank licensees must identify the critical systems and services within its operating environment that must be recovered on a priority basis in order to provide certain minimum level of services during the downtime and determine how much time the licensee will require to return to full service and operations.

        Added: July 2021

      • OM-5.5.46

        Critical incidents are defined as incidents that trigger the BCP and the crisis management plan. Critical systems and services are those whose failure can have material impact on any of the following elements:

        a) Financial situation;
        b) Reputation;
        c) Regulatory, legal and contractual obligations; and
        d) Operational aspects and delivery of key products and services.
        Added: July 2021

      • OM-5.5.47

        Conventional bank licensees must define a program for recovery activities for timely restoration of any capabilities or services that were impaired due to a cyber security incident. Licensees must establish recovery time objectives (“RTOs”), i.e. the time in which the intended process is to be covered, and recovery point objectives (“RPOs”), i.e. point to which information used must be restored to enable the activity to operate on resumption”. Licensees must also consider the need for communication with third party service providers, customers and other relevant external stakeholders as may be necessary.

        Added: July 2021

      • OM-5.5.48

        Conventional bank licensees must ensure that all critical systems are able to recover from a cyber security breach within the licensee’s defined RTO in order to provide important services or some level of minimum services for a temporary period of time.

        Added: July 2021

      • OM-5.5.49

        Licensees should validate that recovered assets are free of compromise, fully functional and meet the security requirements before returning the systems to normal business operations. This includes performing checks on data to ensure data integrity. In some cases, licensees may need to use backup data kept in a disaster recovery site or plan for the reconstruction of data from external stakeholders such as business partners and customers.

        Added: July 2021

      • OM-5.5.50

        Conventional bank licensees must define a program for exercising the various response mechanisms, taking into account the various types of exercises such as attack simulations, "war games" and "table top" exercises, and with reference to the relevant stakeholders such as technical staff, crisis management team, decision-makers and spokespersons.

        Added: July 2021

      • OM-5.5.51

        Conventional bank licensees must define the mechanisms for ensuring accurate, timely and actionable communication of cyber incident response and recovery activities with the internal stakeholders, including to the board or designated committee of the board.

        Added: July 2021

      • OM-5.5.52

        A conventional bank licensee must ensure its business continuity plan is comprehensive and includes a recovery plan for its systems, operations and services arising from a cyber security incident.

        Added: July 2021

    • Cyber Security Insurance

      • OM-5.5.53

        Conventional bank licensees must arrange to seek cyber risk insurance cover from a suitable insurer, following a risk-based assessment of cyber security risk is undertaken by the respective licensee and independently verified by the insurance company. The insurance policy may include some or all of the following types of coverage, depending on the risk assessment outcomes:

        (a) Crisis management expenses, such as costs of notifying affected parties, costs of forensic investigation, costs incurred to determine the existence or cause of a breach, regulatory compliance costs, costs to analyse the insured’s legal response obligations;
        (b) Claim expenses such as costs of defending lawsuits, judgments and settlements, and costs of responding to regulatory investigations; and
        (c) Policy also provides coverage for a variety of torts, including invasion of privacy or copyright infringement. First-party coverages may include lost revenue due to interruption of data systems resulting from a cyber or denial of service attack and other costs associated with the loss of data collected by the insured.
        Added: July 2021

    • Training and Awareness

      • OM-5.5.54

        Conventional bank licensees must evaluate improvement in the level of awareness and preparedness to deal with cyber security risk to ensure the effectiveness of the training programmes implemented.

        Added: July 2021

      • OM-5.5.55

        The licensee must ensure that all employees receive adequate training on a regular basis, in relation to cyber security and the threats they could encounter, such as through testing employee reactions to simulated cyber attack scenarios. All relevant employees must be informed on the current cyber security breaches and threats. Additional training should be provided to ‘higher risk staff’.

        Added: July 2021

      • OM-5.5.56

        The conventional bank licensees must ensure that role specific cyber security training is provided on a regular basis to relevant staff including:

        (a) Executive board and senior management;
        (b) Cyber security roles;
        (c) IT staff; and
        (d) Any high-risk staff as determined by the licensee.
        Added: July 2021

    • Reporting to CBB

      • OM-5.5.57

        Upon occurrence or detection of any cyber security incident, whether internal or external, that compromises customer information or disrupts critical services that affect operations, conventional bank licensees must contact the CBB, immediately (within one hour), on 17547477 and submit Section A of the Cyber Security Incident Report (Appendix OM-1) to CBB’s cyber incident reporting email, incident.retail@cbb.gov.bh (for retail banks) or incident.wholesale@cbb.gov.bh (for wholesale banks), within two hours.

        Amended: April 2022
        Added: July 2021

      • OM-5.5.58

        Following the submission referred to in Paragraph OM-5.5.57, the licensee must submit to CBB Section B of the Cyber Security Incident Report (Appendix OM-1) within 10 calendar days of the occurrence of the cyber security incident. Licensees must include all relevant details in the report, including the full root cause analysis of the cyber security incident, its impact on the business operations and customers, and all measures taken by the licensee to stop the attack, mitigate its impact and to ensure that similar events do not recur. In addition, a weekly progress update must be submitted to CBB until the incident is fully resolved.

        Amended: April 2022
        Added: July 2021

      • OM-5.5.59

        With regards to the submission requirement mentioned in Paragraph OM-5.5.58, the licensee should submit the report with as much information as possible even if all the details have not been obtained yet.

        Added: July 2021

      • OM-5.5.60

        The comprehensive cyber security incident report referred to in Paragraph OM-5.5.58 should include the following details:

        (a) Date and time of discovery of the incident;
        (b) Time elapsed from detection to restoration of critical services;
        (c) Who discovered the incident (e.g. third-party service provider, customer, employee);
        (d) Type of cyber incident (e.g. DDoS, malware, intrusion/unauthorised access, hardware/firmware failure, system software bugs;)
        (e) Impact of the incident (e.g. impact to availability of services, loss of confidential information) including financial, legal and reputational impact and to which group of stakeholders (e.g. retail and corporate customers, settlement institutions, service providers);
        (f) Affected systems and technical details of the incident (e.g. source IP address and post, IOCs, tactics, techniques, procedures (TTPs));
        (g) Root cause analysis; and
        (h) Actions taken:
        • Escalation steps taken;
        • Stakeholders informed;
        • Response and recovery activities;
        • Lessons learnt.
        Added: July 2021

      • OM-5.5.61

        The penetration testing report as per Paragraph OM-5.5.28, along with the steps taken to mitigate the risks must be maintained by the licensee for a five year period from the date of the report and must be provided to CBB within two months following the end of the month where the testing took place, i.e. for a June test, the report must be submitted at the latest by 31st August and for a December test, by 28th February.

        Amended: April 2022
        Added: July 2021

  • OM-6 OM-6 Books and Records

    • OM-6.1 OM-6.1 General Requirements

      • OM-6.1.1

        The requirements in Section OM-6.1 apply to Bahraini Conventional bank licensees, with respect to the business activities of the whole bank (whether booked in Bahrain or in a foreign branch). The requirements in Section OM-6.1 also apply to overseas Conventional bank licensees, but only with respect to the business booked in their branch in Bahrain.

        Added: January 2020

      • OM-6.1.2

        With reference to Articles 59 and 60 of the CBB Law, all Conventional bank licensees must maintain books and records (whether in electronic or hard copy form) sufficient to produce financial statements and show a complete record of the business undertaken by a licensee. These records must be retained for at least 10 years according to Article 60 of the CBB Law.

        Added: January 2020

      • OM-6.1.3

        OM-6.1.2 includes accounts, books, files and other records (e.g. trial balance, general ledger, nostro/vostro statements, reconciliations and list of counterparties). It also includes records that substantiate the value of the assets, liabilities and off-balance sheet activities of the licensee (e.g. client activity files and valuation documentation).

        Added: January 2020

      • OM-6.1.4

        Unless otherwise agreed with the CBB in writing, records must be kept in either English or Arabic; or else accompanied by a certified English or Arabic translation. Records must be kept current. The records must be sufficient to allow an audit of the licensee's business or an on-site examination of the licensee by the CBB.

        Added: January 2020

      • OM-6.1.5

        If a licensee wishes to retain certain records in a language other than English or Arabic without translation, the licensee should write to the CBB, explaining which types of records it wishes to keep in a foreign language, and why systematically translating these may be unreasonable. Generally, only loan contracts or similar original transaction documents may be kept without translation. Where exemptions are granted by CBB, the licensee is nonetheless asked to confirm that it will make available certified translations of such documents, if requested by CBB for an inspection or other supervisory purpose.

        Added: January 2020

      • OM-6.1.6

        Translations produced in compliance with Rule OM-6.1.5 may be undertaken in-house, by an employee or contractor of the licensee, provided they are certified by an appropriate officer of the licensee.

        Added: January 2020

      • OM-6.1.7

        Records must be accessible at any time from within the Kingdom of Bahrain, or as otherwise agreed with the CBB in writing.

        Added: January 2020

      • OM-6.1.8

        Where older records have been archived, or in the case of records relating to overseas branches of Bahraini Conventional banks, the CBB may accept that records be accessible within a reasonably short time frame (e.g. within 5 business days), instead of immediately. The CBB may also agree similar arrangements for overseas Conventional banks, as well as Bahraini Conventional banks, where elements of record retention and management have been centralised in another group company, whether inside or outside of Bahrain.

        Added: January 2020

      • OM-6.1.9

        All original account opening documentation, due diligence and transaction documentation should normally be kept in Bahrain, if the business is booked in Bahrain. However, where a licensee books a transaction in Bahrain, but the transaction documentation is handled entirely by another (overseas) branch or affiliate of the licensee, the relevant transaction documentation may be held in the foreign office, provided electronic or hard copies are retained in Bahrain; the foreign office is located in a FATF member state; and the foreign office undertakes to provide the original documents should they be required.

        Added: January 2020

      • OM-6.1.10

        Licensees should also note that to perform effective consolidated supervision of a group (or sub-group), the CBB needs to have access to financial information from foreign operations of a licensee, in order to gain a full picture of the financial condition of the group: see Module BR (CBB Reporting), regarding the submission of consolidated financial data. If a licensee is not able to provide to the CBB full financial information on the activities of its branches and subsidiaries, it should notify the CBB of the fact, to agree alternative arrangements: these may include requiring the group to restructure or limit its operations in the jurisdiction concerned.

        Added: January 2020

      • OM-6.1.11

        In the case of Bahraini Conventional banks with branch operations overseas, where local record-keeping requirements are different, the higher of the local requirements or those contained in this Chapter must be followed.

        Added: January 2020

    • OM-6.2 OM-6.2 Transaction Records

      • OM-6.2.1

        Conventional bank licensees must keep completed transaction records for as long as they are relevant for the purposes for which they were made (with a minimum period in all cases of five years from the date when the transaction was completed — see Module Section FC-7.1). Records of completed transactions must be kept whether in hard copy or electronic format, for at least five years from the date of the transaction as per the Legislative Decree No. (54) of 2018 with respect to Electronic Transactions "The Electronic Communications and Transactions Law" and its amendments.

        Added: January 2020

      • OM-6.2.2

        Rule OM-6.2.1 applies to all transactions entered into by a Bahraini Conventional bank licensee, whether booked in Bahrain or in an overseas branch. With respect to overseas Conventional bank licensees, it applies only to transactions booked in the Bahrain branch.

        Added: January 2020

      • OM-6.2.3

        In the case of overseas Conventional bank licensees, Rule OM-6.2.1 therefore only applies to business booked in the Bahrain branch, not in the rest of the company.

        Added: January 2020

    • OM-6.3 OM-6.3 Other Records

      • Corporate Records

        • OM-6.3.1

          Conventional bank licensees must maintain the following records in original form or in hard copy at their premises in Bahrain:

          (a) Internal policies, procedures and operating manuals;
          (b) Corporate records, including minutes of shareholders', Directors' and management meetings;
          (c) Correspondence with the CBB and records relevant to monitoring compliance with CBB requirements;
          (d) Reports prepared by the Conventional bank licensee's internal and external auditors; and
          (e) Employee training manuals and records.
          Added: January 2020

        • OM-6.3.2

          In the case of Bahrain Conventional bank licensees, these requirements apply to the licensee as a whole, including any overseas branches. In the case of overseas Conventional bank licensees, all the requirements of Chapter OM-6 are limited to the business booked in their branch in Bahrain and the records of that branch (see Rule OM-6.1.1). They are thus not required to hold copies of shareholders' and Directors' meetings, except where relevant to the branch's operations.

          Added: January 2020

      • Customer Records

        • OM-6.3.3

          Record-keeping requirements with respect to customer records, including customer identification and due diligence records, are contained in Module FC (Financial Crime). These requirements address specific requirements under the Amiri Decree Law No. 4 of 2001, the standards promulgated by the Financial Action Task Force, as well as to the best practice requirements of the Basel Committee Core Principles methodology, and its paper on "Customer due diligence for banks".

          Added: January 2020

      • Promotional Schemes

        • OM-6.3.4

          Conventional bank licensees must maintain all material related to promotional schemes as outlined in Section BC-1.1 for a minimum period of 5 years.

          Added: January 2020

  • Appendix A Loss Event Type Classification

    Appendix A

    Event-Type Category (Level 1) Definition Categories (Level 2) Activity Examples (Level 3)
    Internal Fraud Losses due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity/discrimination events, which involves at least one internal party. Unauthorised Activity
    •   Transactions not reported (intentional)
    •   Transaction type unauthorised (w/monetary loss)
    •   Mismarking of position (intentional)
    Theft and Fraud
    •   Fraud/credit fraud/worthless deposits
    •   Theft/extortion/embezzlement/robbery
    •   Misappropriation of assets
    •   Malicious destruction of assets, forgery, check kiting and smuggling
    •   Account take-over/impersonation/etc.
    •   Tax non-compliance/evasion (wilful)
    •   Bribes/kickbacks
    •   Insider trading (not on firm's account)
    External fraud Losses due to acts of a type intended to defraud, misappropriate property or circumvent the law, by a third party. Theft and Fraud
    •   Theft/robbery
    •   Forgery and check kiting
    Systems Security
    •   Hacking damage
    •   Theft of information (w/monetary loss)
    Employment Practices and Workplace Safety Losses arising from acts inconsistent with employment, health or safety laws or agreements, from payment of personal injury claims, or from diversity/discrimination events. Employee Relations
    •   Compensation, benefit, termination issues
    •   Organised labour activity
    Safe Environment
    •   General liability (slip and fall, etc.)
    •   Employee health & safety rules events
    •   Workers compensation
    Diversity and Discrimination
    •   All discrimination types
    Clients, Products and Business Practices Losses arising from an unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements), or from the nature or design of a product. Suitability, Disclosure and Fiduciary
    •   Fiduciary breaches/guideline violations
    •   Suitability/disclosure issues (KYC, etc.)
    •   Retail customer disclosure violations
    •   Breach of privacy
    •   Aggressive sales
    •   Account churning
    •   Misuse of confidential information
    •   Lender liability
        Improper Business or Market Practices
    •   Antitrust
    •   Improper trade/market practices
    •   Market manipulation
    •   Insider trading (on firm's account)
    •   Unlicensed activity
    •   Money laundering
    Product Flaws
    •   Product defects (unauthorised, etc.)
    •   Model errors
    Selection, Sponsorship and Exposure
    •   Failure to investigate client per guidelines
    •   Exceeding client exposure limits
    Advisory Activities
    •   Disputes over performance of advisory activities
    Damage to Physical Assets Losses arising from loss or damage to physical assets from natural disaster or other events. Disasters and other events
    •   Natural disaster losses
    •   Human losses from external sources (terrorism, vandalism)
    Business disruption and system failures Losses arising from disruption of business or system failures. Systems
    •   Hardware
    •   Software
    •   Telecommunications
    •   Utility outage/disruptions
    Execution, Delivery and Process Management Losses from failed transaction processing or process management, from relations with trade counterparties and vendors. Transaction Capture, Execution and Maintenance
    •   Miscommunication
    •   Data entry, maintenance or loading error
    •   Missed deadline or responsibility
    •   Model/system misoperation
    •   Accounting error/entity attribution error
    •   Other task misperformance
    •   Delivery failure
    •   Collateral management failure
    •   Reference data Maintenance
    Monitoring and Reporting
    •   Failed mandatory reporting obligation
    •   Inaccurate external report (loss incurred)
    Customer Intake and Documentation
    •   Client permissions/disclaimers missing
    •   Legal documents missing/incomplete
    Customer/Client Account Management
    •   Unapproved access given to accounts
    •   Incorrect client records (loss incurred)
    •   Negligent loss or damage of client assets
    Trade Counterparties
    •   Non-client counterparty misperformance
    •   Misc. non-client counterparty disputes
    Vendors and suppliers
    •   Outsourcing
    •   Vendor disputes

    Appendix B

    Set out below are examples of Shariah requirements that are to be complied with by the banks in respect of the financing contracts. The list is for guidance purposes and not conclusive and may vary according to the views of the various Shariah Supervisory Board (SSB):

    (a) Murabahah and Ijarah contracts
    •   The asset is in existence at the time of sale or lease or, in case of Ijarah, the lease contract should be preceded by acquisition of the usufruct of the asset except if the asset was agreed upon based on a general specification.
    •   The asset is legally owned by the bank when it is offered for sale.
    •   The asset is intended to be used by the buyer/lessee for activities or businesses permissible by Shariah; if the asset is leased back to its owner in the first lease period, it should not lead to contract of 'inah, by varying the rent or the duration.
    •   There is no late payment, penalty fee or increase in price in exchange for extending or rescheduling the date of payment of accounts receivable or lease receivable, irrespective of whether the debtor is solvent or insolvent.
    (b) Salam and Istisna' contracts
    •   A sale and purchase contract cannot be inter-dependent and inter-conditional on each other, such as Salam and Parallel Salam; Istisna' and Parallel Istisna'.
    •   It is not allowed to stipulate a penalty clause in respect of delay in delivery of a commodity that is purchased under Salam contract, however it is allowed under Istisna' or Parallel Istisna'.
    •   The subject-matter of an Istisna' contract may not physically exist upon entering into the contract.
    (c) Musharakah and Mudarabah contracts
    •   The capital of the bank is to be invested in Shariah compliant investments or business activities.
    •   A partner in Musharakah cannot guarantee the capital of another partner or a Midrib guarantees the capital of the Mudarabah.
    •   The purchase price of other partner's share in a Musharakah with a binding promise to purchase can only be set as per the market value or as per the agreement at the date of buying. It is not permissible, however, to stipulate that the share be acquired at its face value.
    Added: January 2020

  • Appendix B

  • Appendix C – Cyber Security Control Guidelines

    The Control Guidelines consists of five Core tasks which are defined below. These Functions are not intended to form a serial path or lead to a static desired end state. Rather, the Functions should be performed concurrently and continuously to form an operational culture that addresses the dynamic cyber security risk.

    Identify – Develop a bank-wide understanding to manage cyber security risk to systems, people, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Cyber Security Risk Management Framework. Understanding the business context, the resources that support critical functions, and the related cyber security risks enables a bank to focus and prioritize its efforts, consistent with its risk management strategy and business needs.

    Protect – Develop and implement appropriate safeguards to ensure delivery of critical services. The Protect Function supports the ability to limit or contain the impact of a potential cyber security incident.

    Detect – Develop and implement appropriate activities to identify the occurrence of a cyber security incident. The Detect Function enables timely discovery of cyber security events.

    Respond – Develop and implement appropriate activities to take action regarding a detected cyber security incident. The Respond Function supports the ability to contain the impact of a potential cyber security incident.

    Recover – Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cyber security incident. The Recover Function supports timely recovery to normal operations to reduce the impact from a cyber security incident.

    Below is a listing of the specific cyber security activities that are common across all critical infrastructure sectors:

    IDENTIFY

    Asset Management: The data, personnel, devices, systems, and facilities that enable the bank to achieve business purposes are identified and managed consistent with their relative importance to organizational objectives and the bank’s risk strategy.

    1. Physical devices and systems within the bank are inventoried.
    2. Software platforms and applications within the bank are inventoried.
    3. Communication and data flows are mapped.
    4. External information systems are catalogued.
    5. Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value.
    6. Cyber security roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established.

    Business Environment: The bank’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cyber security roles, responsibilities, and risk management decisions.

    1. Priorities for the bank’s mission, objectives, and activities are established and communicated.
    2. Dependencies and critical functions for delivery of critical services are established.
    3. Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations).

    Governance: The policies, procedures, and processes to manage and monitor the bank’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cyber security risk.

    1. Bank’s cyber security policy is established and communicated.
    2. Cyber security roles and responsibilities are coordinated and aligned with internal roles and external partners.
    3. Legal and regulatory requirements regarding cyber security, including privacy and civil liberties obligations, are understood and managed.
    4. Governance and risk management processes address cyber security risks.

    Risk Assessment: The bank understands the cyber security risk to bank’s operations (including mission, functions, image, or reputation), bank’s assets, and individuals.

    1. Asset vulnerabilities are identified and documented.
    2. Cyber threat intelligence is received from information sharing forums and sources.
    3. Threats, both internal and external, are identified and documented.
    4. Potential business impacts and likelihoods are identified.
    5. Threats, vulnerabilities, likelihoods, and impacts are used to determine risk.
    6. Risk responses are identified and prioritized.

    Risk Management Strategy: The bank’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.

    1. Risk management processes are established, managed, and agreed to by bank’s stakeholders.
    2. The bank’s risk tolerance is determined and clearly expressed.
    3. The bank’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis.

    Third Party Risk Management: The bank’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing third party risk. The bank has established and implemented the processes to identify, assess and manage supply chain risks.

    1. Cyber third party risk management processes are identified, established, assessed, managed, and agreed to by the bank’s stakeholders.
    2. Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber third party risk assessment process.
    3. Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an bank’s cyber security program.
    4. Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations.
    5. Response and recovery planning and testing are conducted with suppliers and third-party providers.

    PROTECT

    Identity Management, Authentication and Access Control: Access to physical and logical assets and associated facilities is limited to authorized users, processes, and devices, and is managed consistent with the assessed risk of unauthorized access to authorized activities and transactions.

    1. Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes.
    2. Physical access to assets is managed and protected.
    3. Remote access is managed.
    4. Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties
    5. Network integrity is protected (e.g., network segregation, network segmentation).
    6. Identities are proofed and bound to credentials and asserted in interactions
    7. Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks).

    Awareness and Training: The bank’s personnel and partners are provided cyber security awareness education and are trained to perform their cyber security-related duties and responsibilities consistent with related policies, procedures, and agreements.

    1. All users are informed and trained on a regular basis.
    2. Bank’s security awareness programs are updated at least annually to address new technologies, threats, standards, and business requirements.
    3. Privileged users understand their roles and responsibilities.
    4. Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities.
    5. The Board and senior management understand their roles and responsibilities.
    6. Physical and cyber security personnel understand their roles and responsibilities.
    7. Software development personnel receive training in writing secure code for their specific development environment and responsibilities.

    Data Security: Information and records (data) are managed consistent with the bank’s risk strategy to protect the confidentiality, integrity, and availability of information.

    1. Data-at-rest classified as critical or confidential is protected through strong encryption.
    2. Data-in-transit classified as critical or confidential is protected through strong encryption.
    3. Assets are formally managed throughout removal, transfers, and disposition
    4. Adequate capacity to ensure availability is maintained.
    5. Protections against data leaks are implemented.
    6. Integrity checking mechanisms are used to verify software, firmware, and information integrity.
    7. The development and testing environment(s) are separate from the production environment.
    8. Integrity checking mechanisms are used to verify hardware integrity.

    Information Protection Processes and Procedures: Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational units), processes, and procedures are maintained and used to manage protection of information systems and assets.

    1. A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality).
    2. A System Development Life Cycle to manage systems is implemented
    3. Configuration change control processes are in place.
    4. Backups of information are conducted, maintained, and tested.
    5. Policy and regulations regarding the physical operating environment for bank’s assets are met.
    6. Data is destroyed according to policy.
    7. Protection processes are improved.
    8. Effectiveness of protection technologies is shared.
    9. Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed.
    10. Response and recovery plans are tested.
    11. Cyber security is included in human resources practices (e.g., deprovisioning, personnel screening).
    12. A vulnerability management plan is developed and implemented.

    Maintenance: Maintenance and repairs of information system components are performed consistent with policies and procedures.

    1. Maintenance and repair of bank’s assets are performed and logged, with approved and controlled tools.
    2. Remote maintenance of bank’s assets is approved, logged, and performed in a manner that prevents unauthorized access.

    Protective Technology: Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.

    1. Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.
    2. Removable media is protected and its use restricted according to policy.
    3. The principle of least functionality is incorporated by configuring systems to provide only essential capabilities.
    4. Communications and control networks are protected.
    5. Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations.

    DETECT

    Anomalies and Events: Anomalous activity is detected and the potential impact of events is understood.

    1. A baseline of network operations and expected data flows for users and systems is established and managed.
    2. Detected events are analyzed to understand attack targets and methods.
    3. Event data are collected and correlated from multiple sources and sensors
    4. Impact of events is determined.
    5. Incident alert thresholds are established.

    Security Continuous Monitoring: The information system and assets are monitored to identify cyber security events and verify the effectiveness of protective measures.

    1. The network is monitored to detect potential cyber security events.
    2. The physical environment is monitored to detect potential cyber security events
    3. Personnel activity is monitored to detect potential cyber security events.
    4. Malicious code is detected.
    5. Unauthorized mobile code is detected.
    6. External service provider activity is monitored to detect potential cyber security events.
    7. Monitoring for unauthorized personnel, connections, devices, and software is performed.
    8. Vulnerability scans are performed at least quarterly.

    Detection Processes: Detection processes and procedures are maintained and tested to ensure awareness of anomalous events.

    1. Roles and responsibilities for detection are well defined to ensure accountability.
    2. Detection activities comply with all applicable requirements.
    3. Detection processes are tested.
    4. Event detection information is communicated.
    5. Detection processes are continuously improved.

    RESPOND

    Response Planning: Response processes and procedures are executed and maintained, to ensure response to detected cyber security incidents. Response plan is executed during or after an incident.

    Communications: Response activities are coordinated with internal and external stakeholders.

    1. Personnel know their roles and order of operations when a response is needed.
    2. Incidents are reported consistent with established criteria.
    3. Information is shared consistent with response plans.
    4. Coordination with internal and external stakeholders occurs consistent with response plans.
    5. Voluntary information sharing occurs with external stakeholders to achieve broader cyber security situational awareness.
    6. Incident response exercises and scenarios across departments are conducted at least annually.

    Analysis: Analysis is conducted to ensure effective response and support recovery activities.

    1. Notifications from detection systems are investigated.
    2. The impact of the incident is understood.
    3. Forensics are performed.
    4. Incidents are categorized consistent with response plans.
    5. Processes are established to receive, analyze and respond to vulnerabilities disclosed to the bank from internal and external sources (e.g. internal testing, security bulletins, or security researchers).

    Mitigation: Activities are performed to prevent expansion of an event, mitigate its effects, and resolve the incident.

    1. Incidents are contained.
    2. Incidents are mitigated.
    3. Newly identified vulnerabilities are mitigated or documented as accepted risks.

    Improvements: The response activities are improved by incorporating lessons learned from current and previous detection/response activities.

    1. Response plans incorporate lessons learned.
    2. Response strategies are updated.

    RECOVER

    Recovery Planning: Recovery processes and procedures are executed and maintained to ensure restoration of systems or assets affected by cyber security incidents. Recovery plan is executed during or after a cyber security incident.

    Improvements: Recovery planning and processes are improved by incorporating lessons learned into future activities.

    1. Recovery plans incorporate lessons learned.
    2. Recovery strategies are updated.

    Communications: Restoration activities are coordinated with internal and external parties (e.g. coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors).

    1. Public relations are managed.
    2. Reputation is repaired after an incident.
    3. Recovery activities are communicated to internal and external stakeholders as well as executive and management teams.
    Added: July 2021

  • FC FC Financial Crime

    • FC-A FC-A Introduction

      • FC-A.1 FC-A.1 Purpose

        • Executive Summary

          • FC-A.1.1

            This Module applies, to all conventional bank licensees, a comprehensive framework of Rules and Guidance aimed at combating money laundering and terrorist financing. In so doing, it helps implement the FATF Recommendations on combating money laundering and financing of terrorism and proliferation, issued by the Financial Action Task Force (FATF), and the requirements of the Basel Committee 'Customer Due Diligence for Banks' paper, that are relevant to conventional bank licensees. (Further information on these can be found in Chapter FC-10.)

            Amended: October 2014
            October 07

          • FC-A.1.2

            The Module requires conventional bank licensees to have effective anti-money laundering ('AML') policies and procedures, in addition to measures for combating the financing of terrorism ('CFT'). The Module contains detailed requirements relating to customer due diligence, reporting and the role and duties of the Money Laundering Reporting Officer (MLRO). Furthermore, examples of suspicious activity are provided, to assist conventional bank licensees monitor transactions and fulfil their reporting obligations under Bahrain law.

            October 07

        • Legal Basis

          • FC-A.1.3

            This Module contains the Central Bank of Bahrain's ('CBB') Directive (as amended from time to time) regarding the combating money laundering and terrorism financing and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). The Directive in this Module is applicable to all conventional bank licensees.

            Amended: January 2022
            Amended: January 2011
            October 07

          • FC-A.1.4

            For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

            October 07

      • FC-A.2 FC-A.2 Module History

        • Changes to the Module

          • FC-A.2.1

            This Module was first issued in July 2004 by the BMA as part of the conventional principles volume. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG-3 provides further details on Rulebook maintenance and version control.

            October 07

          • FC-A.2.2

            When the CBB replaced the BMA in September 2006, the provisions of this Module remained in force. Volume 1 was updated in October 2007 to reflect the switch to the CBB; however, new calendar quarter dates were only issued where the update necessitated changes to actual requirements.

            October 07

          • FC-A.2.3

            A list of recent changes made to this Module is detailed in the table below:

            Module Ref.Change DateDescription of Changes
            FC-1.11.101/01/06New text for syndicated business
            FC-1.1.3, FC-1.2.8, FC-1.2.11, FC-3.1.401/01/06Correction of minor typos
            FC-A.110/2007Updated to reflect new CBB Law: new Rule FC-A.1.3 introduced Categorising this Module as a Directive.
            FC-5.3.110/2007Updated new e-mail address for the Compliance Directorate.
            FC-7.1.110/2007Guidance on customer instructions moved from OM-7.1
            FC-1.11.1 & FC-4.3.504/2008Minor guidance changes
            FC-1.6.5–607/2009New authorization requirement in respect of transfers of funds to and from foreign countries on behalf of charities.
            FC-4.1.410/2009Appointment of Deputy MLRO to require CBB prior approval.
            FC-A.1.301/2011Clarified legal basis.
            FC-1.6.4, FC-4.2.101/2011Corrected name of Compliance Directorate.
            FC-1.10A01/2011Added Section on Enhanced due diligence: cross border cash transactions equal to an above BD 6,000 by courier.
            FC-4.3.5 and FC-4.3.601/2011Corrected minor typo.
            FC-4.1.610/2011Clarified requirements for MLRO.
            FC-4.310/2011Amended Section to allow for CBB-approved consultancy firm to do required sample testing and report under Paragraph FC-4.3.1.
            FC-4.3.5 and FC-4.3.601/2012Amended to reflect the addition of approved consultancy firm.
            FC-1.601/2013Added requirement dealing with sport associations registered with the Bahrain Olympic Committee (BOC).
            FC-1.11.101/2013Updated reference to Bahrain Bourse ('BHB').
            FC-1.1.10 to FC-1.1.16, and FC-1.3.410/2013Amended and updated due diligence requirements, including requirements in dealing with non-resident accounts.
            FC-1.1.13 to FC-1.1.13C04/2014Added requirements regarding the opening of accounts for non-residents or companies under formation.
            FC10/2014Updated to reflect February 2012 update to FATF Recommendations
            FC-1.507/2016Aligned definition of PEPs with FATF and moved to Glossary.
            FC-4.1.107/2016Deleted reference for Appendix FC-4 as requirements are covered under Form 3.
            FC-5.2.307/2016Updated instructions for STR.
            FC-B.2.410/2016Deleted reference to Module PCD
            FC-1.2.9A01/2017Added guidance paragraph on CR printing
            FC-8.2.1AA04/2017Implementing and complying with the United Nations Security Council resolutions requirement.
            FC-1.1.2B10/2017Amended paragraph on CDD requirements.
            FC-1.1.13D — FC-1.1.13H10/2017Added guidance paragraphs on opening accounts for companies under formation.
            FC-1.2.710/2017Amended paragraph.
            FC-1.2.8A10/2017Added new paragraph on legal entities or legal arrangements CDD.
            FC-1.1210/2017Added new Section on Simplified CDD: For entities Operating under Regulatory Sandbox.
            FC-2.2.10 — FC-2.2.1110/2017Amended paragraphs on On-going CDD and Transaction Monitoring.
            FC-4.1.3A10/2017Added paragraph on combining the MLRO or DMLRO position with any other position within the licensee.
            FC-B.2.401/2018Amended paragraph.
            FC-1.8.101/2018Amended paragraph.
            FC-1.9.101/2018Amended paragraph.
            FC-1.11.101/2018Deleted sub-paragraph (g).
            FC-5.2.601/2018Amended paragraph.
            FC-8.1.401/2018Amended paragraph.
            FC-8.2.201/2018Deleted paragraph.
            FC-1.1.207/2018Deleted sub-paragraph (g).
            FC-1.10A07/2018Amended Section title deleting the threshold.
            FC-1.10A.207/2018Amended Paragraph deleting the threshold.
            FC-1.11.307/2018Deleted Paragraph.
            FC-1.11.807/2018Deleted Paragraph.
            FC-1.12.1007/2018Amended Paragraph number (f).
            FC-4.3.2C10/2018Amended Paragraph and changed from Guidance to Rule.
            FC-1.11.101/2019Amended references.
            FC-4.3.2 - FC-4.3.501/2019Amended references.
            FC-7.1.201/2019Amended references.
            FC-1.6.1A07/2019Amended Paragraph (GOYS changed to Ministry of Youth & Sport Affairs).
            FC-1.6.207/2019Amended Paragraph (GOYS changed to Ministry of Youth & Sport Affairs).
            FC-1.6.2A07/2019Added a new Paragraph on opening additional bank accounts for Clubs and Youth Centres.
            FC-1.6.507/2019Amended Paragraph on Fund Transfers.
            FC-1.3.410/2019Amended Paragraph on enhanced due diligence measures for non-GCC account holders.
            FC-3.2.410/2019Amended authority name.
            FC-4.2.110/2019Amended authority name
            FC-5.2.310/2019Amended authority name.
            FC-5.3.210/2019Amended authority address.
            FC-8.2.1AA10/2019Defined 'without delay'.
            FC-1.1.101/2020Amended Paragraph on procedures approval.
            FC-1.2.101/2020Added a new sub-Paragraph.
            FC-3.2.401/2020Amended Paragraph.
            FC-4.2.1(d)01/2020Amended sub-Paragraph.
            FC-4.3.501/2020Amended Paragraph on report submission date.
            FC-5.2.301/2020Amended Paragraph.
            FC-2.1.3 & FC-2.1.404/2020Added new Paragraphs on KPIs compliance with AML/CFT requirements.
            FC-1.1.1401/2021Amended Paragraph on account opening for non-residents.
            FC-3.1.10A01/2021Added a new Paragraph on rejecting payment transactions.
            FC-6.1.6A01/2021Added a new Paragraph on requirements to hire new employees.
            FC-1.1.1404/2021Amended Paragraph.
            FC-A.1.301/2022Amended Paragraph to replace financial crime with money laundering and terrorism financing
            FC-C01/2022New chapter on risk-based approach (RBA)
            FC-1.101/2022Amendments to general requirements to introduce additional rules for non-resident customers, amendments to customers onboarded prior to full completion of customer due diligence, digital onboarding etc.
            FC-1.201/2022Amendments to recognise E-KYC and electronic documents law.
            FC-1.301/2022Amendments to introduce additional guidance in enhanced due diligence requirements.
            FC-1.401/2022Amendments to introduce detailed requirements for digital onboarding and related requirements.
            FC-1.501/2022Amendments relating to digital onboarding of Bahraini PEPs.
            FC-1.11.7A01/2022Added a new Paragraph on not applying simplified CDD in situations where the licensee has identified high ML/TF/PF risks.
            FC-1.1201/2022Deleted Section on simplified due diligence requirements relating to Regulatory Sandbox since they will be covered separately in the Regulatory Sandbox Framework.
            FC-4.3.1B01/2022Amended Paragraph.
            FC-4.3.201/2022Amended Paragraph.
            FC-4.3.501/2022Amended Paragraph.
            FC-4.3.601/2022Deleted Paragraph.
            FC-6.1.6A01/2022Deleted Paragraph.
            FC-1.1.14A07/2022Added a new Paragraph on opening accounts for Bahraini national not physically present in Bahrain through a digital onboarding process.
            FC-C.2.301/2023Minor amendment to Paragraph.
            FC-1.1.1401/2023Amended Paragraph on opening accounts for non-residents.
            FC-1.1.14B01/2023Added a new Paragraph on opening accounts for non-residents with golden visa.
            FC-8.2.4(c)01/2023Added a new Sub-paragraph on reporting any frozen assets or actions taken.
            FC-1.1.12A10/2023Amended Sub-Paragraph on the enhanced diligence for the non-resident accounts.
            FC-1.1.12E10/2023Deleted Paragraph.
            FC-1.1.1410/2023Deleted Paragraph.
            FC-1.1.14A10/2023Deleted Paragraph.
            FC-1.1.14B10/2023Deleted Paragraph.
            FC-1.1.1710/2023Added a new Paragraph on CDD and Customer onboarding requirements.
            FC-1.1310/2023Added a new Section on reliance on third parties for customer due diligence.
            FC-1.101/2024Amended Section on the general requirements for companies under formation and new arrivals.
            FC-1.2.101/2024Amended Paragraph on customer due diligence.

        • Evolution of the Module

          • FC-A.2.4

            Prior to the introduction of Volume 1 (Conventional Banks) of the CBB Rulebook, the BMA had issued various circulars containing requirements covering different aspects of financial crime. These requirements were consolidated into Version 01 of this Module. Some of these requirements remain in their original form; others have since been updated. These circulars and their original location in this Module are listed below:

            Circular Ref. Date ofIssue Module Ref.(Version 01) Circular Subject
            BC/17/97 10 Nov 1997 FC-B.1 Money Laundering
            OG/308/89 14 Oct 1989 FC-B.1 Money Laundering
            EDBC/6/01 14 Oct 2001 FC-1, FC-4 — FC-7 Re: Money Laundering Regulation
            BC/1/02 27 Jan 2002 FC-3 FATF Special Recommendations on Terrorism Financing
            BC/3/00 5 Mar 2000 FC-1.5 Re: Accounts for Charity Organisations
            October 07

    • FC-B FC-B Scope of Application

      • FC-B.1 FC-B.1 License Categories

        • FC-B.1.1

          This Module applies to all conventional bank licensees, including branches of banks incorporated outside of Bahrain, and Bahrain-incorporated subsidiaries of overseas groups.

          October 07

        • FC-B.1.2

          The requirements of this Module are in addition to and supplement the requirements contained in Decree Law No. (4) of 2001 with respect to the prevention and prohibition of the laundering of money: this Law was subsequently updated, with the issuance of Decree Law No. 54 of 2006 with respect to amending certain provisions of Decree No. 4 of 2001 (collectively, 'the AML Law'). The AML Law imposes obligations generally in relation to the prevention of money laundering and the combating of the financing of terrorism, to all persons resident in Bahrain. All conventional bank licensees are therefore under the statutory obligations of that Law, in addition to the more specific requirements contained in this Module. Nothing in this Module is intended to restrict the application of the AML Law (a copy of which is contained in Part B of Volume 1 (conventional banks), under 'Supplementary Information'). Also included in Part B is a copy of Decree Law No. 58 of 2006 with respect to the protection of society from terrorism activities ('the anti-terrorism law').

          October 07

      • FC-B.2 FC-B.2 Overseas Subsidiaries and Branches

        • FC-B.2.1

          Conventional bank licensees must apply the requirements in this Module to all their branches and subsidiaries operating both in the Kingdom of Bahrain and in foreign jurisdictions. Where local standards differ, the higher standard must be followed. Conventional bank licensees must pay particular attention to procedures in branches or subsidiaries in countries that do not or insufficiently apply the FATF Recommendations and do not have adequate AML/CFT procedures, systems and controls (see also Section FC-8.1).

          Amended: October 2014
          October 07

        • FC-B.2.2

          Where another jurisdiction's laws or regulations prevent a conventional bank licensee (or any of its foreign branches or subsidiaries) from applying the same standards contained in this Module or higher, the licensee must immediately inform the CBB in writing.

          October 07

        • FC-B.2.3

          In such instances, the CBB will review alternatives with the conventional bank licensee. Should the CBB and the licensee be unable to reach agreement on the satisfactory implementation of this Module in a foreign subsidiary or branch, the conventional bank licensee may be required by CBB to cease the operations of the subsidiary or branch in the foreign jurisdiction in question.

          October 07

        • FC-B.2.4

          Financial groups (e.g. a bank with at least one financial entity as a subsidiary) must implement groupwide programmes against money laundering and terrorist financing, including policies and procedures for sharing information within the group for AML/CFT purposes, which must also be applicable, and appropriate to, all branches and subsidiaries of the financial group. These must include:

          (a) The development of internal policies, procedures and controls, including appropriate compliance management arrangements, and adequate screening procedures to ensure high standards when hiring employees;
          (b) An ongoing employee training programme;
          (c) An independent audit function to test the system;
          (d) Policies and procedures for sharing information required for the purposes of CDD and money laundering and terrorist financing risk management;
          (e) The provision at group-level compliance, audit, and/or AML/CFT functions of customer, account and transaction information from branches and subsidiaries when necessary for AML/CFT purposes; and
          (f) Adequate safeguards on the confidentiality and use of information exchanged.
          Amended: January 2018
          Amended: October 2016
          Added: October 2014

    • FC-C: FC-C: Risk Based Approach

      • FC-C.1 FC-C.1 Risk Based Approach

        • FC-C.1.1

          A conventional bank licensee must implement Risk Based Approach (RBA) in establishing an AML/CFT/CPF program and conduct ML/TF/PF risk assessments prior to and during the establishment of a business relationship and, on an ongoing basis, throughout the course of its relationship with the customer. The licensee must establish and implement policies, procedures, tools and systems commensurate with the size, nature and complexity of its business operations to support its RBA.

          Added: January 2022

        • FC-C.1.2

          A conventional bank licensee must perform enhanced measures where higher ML/TF/PF risks are identified to effectively manage and mitigate those higher risks.

          Added: January 2022

        • FC-C.1.3

          A conventional bank licensee must maintain and regularly review and update the documented risk assessment. The risk management and mitigation measures implemented by a licensee must be commensurate with the identified ML/TF/PF risks.

          Added: January 2022

        • FC-C.1.4

          Conventional bank licensees must allocate adequate financial, human and technical resources and expertise to effectively implement and take appropriate preventive measures to mitigate ML/TF/PF risks.

          Added: January 2022

      • FC-C.2 FC-C.2 Risk Assessment

        • FC-C.2.1

          A conventional bank licensee must ensure that it takes measures to identify, assess, monitor, manage and mitigate ML/TF/PF risks to which it is exposed and that the measures taken are commensurate with the nature, scale and complexities of its activities. The risk assessment must enable the licensee to understand how, and to what extent, it is vulnerable to ML/TF/PF.

          Added: January 2022

        • FC-C.2.2

          In the context of the risk assessment, “proliferation financing risk” refers to the potential breach, non-implementation or evasion of the targeted financial sanctions obligations referred to in FATF Recommendation 7.

          Added: January 2022

        • FC-C.2.3

          The risk assessment must be properly documented, regularly updated and communicated to the conventional bank licensee’s senior management. Licensees must have in place policies, controls and procedures, which are approved by senior management, to enable them to manage and mitigate the risks that have been identified. In conducting its risk assessments, the licensee must consider quantitative and qualitative information obtained from the relevant internal and external sources to identify, manage and mitigate these risks. This must include consideration of the risk and threat assessments using, national risk assessments, sectorial risk assessments, crime statistics, typologies, risk indicators, red flags, guidance and advisories issued by inter-governmental organisations, national competent authorities and the FATF, and AML/CFT/CPF mutual evaluation and follow-up reports by the FATF or associated assessment bodies.

          Amended: January 2023
          Added: January 2022

        • FC-C.2.4

          A conventional bank licensee must assess country/geographic risk, customer/investor risk, product/ service/ transactions risk and distribution channel risk taking into consideration the appropriate factors in identifying and assessing the ML/TF/PF risks, including the following:

          a) The nature, scale, diversity and complexity of its business, products and target markets;
          b) Products, services and transactions that inherently provide more anonymity, ability to pool underlying customers/funds, cash-based, face-to-face, non-face-to-face, domestic or cross-border;
          c) The volume and size of its transactions, nature of activity and the profile of its customers;
          d) The proportion of customers identified as high risk;
          e) Its target markets and the jurisdictions it is exposed to, either through its own activities or the activities of customers, especially jurisdictions with relatively higher levels of corruption or organised crime, and/or deficient AML/CFT/CPF controls and listed by FATF;
          f) The complexity of the transaction chain (e.g. complex layers of intermediaries and sub intermediaries or distribution channels that may anonymise or obscure the chain of transactions) and types of distributors or intermediaries;
          g) The distribution channels, including the extent to which the licensee deals directly with the customer and the extent to which it relies (or is allowed to rely) on third parties to conduct CDD and the use of technology; and
          h) Internal audit, external audit or regulatory inspection findings.
          Added: January 2022

        • Country/Geographic risk

          • FC-C.2.5

            Country/geographic area risk, in conjunction with other risk factors, provides useful information as to potential ML/TF/PF risks. Factors that may be considered as indicators of higher risk include:

            (a) Countries identified by credible sources, such as mutual evaluation or detailed assessment reports or published follow-up reports, as not having adequate AML/CFT/CPF systems;
            (b) Countries or geographic areas identified by credible sources as providing funding or support for terrorist activities, or that have designated terrorist organisations operating within their country;
            (c) Countries identified by credible sources as having significant levels of corruption or organized crime or other criminal activity, including source or transit countries for illegal drugs, human trafficking and smuggling and illegal gambling;
            (d) Countries subject to sanctions, embargoes or similar measures issued by international organisations such as the United Nations Organisation; and
            (e) Countries identified by credible sources as having weak governance, law enforcement, and regulatory regimes, including countries identified by the FATF statements as having weak AML/CFT/CPF regimes, and for which financial institutions should give special attention to business relationships and transactions.
            Added: January 2022

        • Customer/Investor risk

          • FC-C.2.6

            Categories of customers which may indicate a higher risk include:

            (a) The business relationship is conducted in unusual circumstances (e.g. significant unexplained geographic distance between the financial institution and the customer).
            (b) Non-resident customers;
            (c) Legal persons or arrangements that are personal asset-holding vehicles;
            (d) Companies that have nominee shareholders or shares in bearer form;
            (e) Businesses that are cash-intensive;
            (f) The ownership structure of the company appears unusual or excessively complex given the nature of the company’s business;
            (g) Customer is sanctioned by the relevant national competent authority for non-compliance with the applicable AML/CFT/CPF regime and is not engaging in remediation to improve its compliance;
            (h) Customer is a PEP or customer’s family members, or close associates are PEPs (including where a beneficial owner of a customer is a PEP);
            (i) Customer resides in or whose primary source of income originates from high-risk jurisdictions;
            (j) Customer resides in countries considered to be uncooperative in providing beneficial ownership information; customer has been mentioned in negative news reports from credible media, particularly those related to predicate offences for AML/CFT/CPF or to financial crimes;
            (k) Customer’s transactions indicate a potential connection with criminal involvement, typologies or red flags provided in reports produced by the FATF or national competent authorities;
            (l) Customer is engaged in, or derives wealth or revenues from, a high-risk cash-intensive business;
            (m) The number of STRs and their potential concentration on particular client groups;
            (n) Customers who have sanction exposure; and
            (o) Customer has a non-transparent ownership structure.
            Added: January 2022

        • Product/Service/Transactions risk

          • FC-C.2.7

            An overall risk assessment should include determining the potential risks presented by product, service, transaction or the delivery channel of the conventional bank licensee. A licensee should assess, using a RBA, the extent to which the offering of its product, service, transaction or the delivery channel presents potential vulnerabilities to placement, layering or integration of criminal proceeds into the financial system.

            Added: January 2022

          • FC-C.2.8

            Determining the risks of product, service, transaction or the delivery channel offered to customers may include a consideration of their attributes, as well as any associated risk mitigation measures. Products and services that may indicate a higher risk include:

            (a) Private banking;
            (b) Anonymous transactions (which may include cash);
            (c) Non-face-to-face business relationships or transactions;
            (d) Payment received from unknown or un-associated third parties;
            (e) Products or services that may inherently favour anonymity or obscure information about underlying customer transactions;
            (f) The geographical reach of the product or service offered, such as those emanating from higher risk jurisdictions;
            (g) Products with unusual complexity or structure and with no obvious economic purpose;
            (h) Products or services that permit the unrestricted or anonymous transfer of value (by payment or change of asset ownership) to an unrelated third party, particularly those residing in a higher risk jurisdiction; and
            (i) Use of new technologies or payment methods not used in the normal course of business by the conventional bank licensee.
            Added: January 2022

        • Distribution Channel Risk

          • FC-C.2.9

            A customer may request transactions that pose an inherently higher risk to the conventional bank licensee. Factors that may be considered as indicators of higher risk include:

            (a) A request is made to transfer funds to a higher risk jurisdiction/country/region without a reasonable business purpose provided; and
            (b) A transaction is requested to be executed, where the licensee is made aware that the transaction will be cleared/settled through an unregulated entity.
            Added: January 2022

          • FC-C.2.10

            A conventional bank licensee should analyse the specific risk factors, which arise from the use of intermediaries and their services. Intermediaries’ involvement may vary with respect to the activity they undertake and their relationship with the licensees. Licensees should understand who the intermediary is and perform a risk assessment on the intermediary prior to establishing a business relationship. Licensees and intermediaries should establish clearly their respective responsibilities for compliance with applicable regulation.

            Added: January 2022

    • FC-1 FC-1 Customer Due Diligence Requirements

      • FC-1.1 FC-1.1 General Requirements

        • Verification of Identity and Source of Funds

          • FC-1.1.1

            Conventional bank licensees must establish effective systematic internal procedures for establishing and verifying the identity of their customers and the source of their funds. Such procedures must be set out in writing and approved by the licensee's senior management and must be strictly adhered to.

            Amended: January 2020
            Amended: October 2014
            October 07

          • FC-1.1.2

            Conventional bank licensees must implement the customer due diligence measures outlined in Chapters 1, 2 and 3 when:

            (a) Establishing business relations with a new or existing customer;
            (b) A change to the signatory or beneficiary of an existing account or business relationship is made;
            (c) A significant transaction takes place;
            (d) There is a material change in the way that the bank account is operated or in the manner in which the business relationship is conducted;
            (e) Customer documentation standards change substantially;
            (f) The conventional bank licensee has doubts about the veracity or adequacy of previously obtained customer due diligence information;
            (g) [This Sub-paragraph was deleted in July 2018];
            (h) Carrying out wire transfers irrespective of amount; or
            (i) There is a suspicion of money laundering or terrorist financing.
            Amended: July 2018
            October 07

          • FC-1.1.2A

            Conventional bank licensees must understand, and as appropriate, obtain information on the purpose and intended nature of the business relationship.

            Added: October 2014

          • FC-1.1.2B

            Conventional bank licensees must conduct ongoing due diligence on the business relationship, including:

            a) Scrutinizing transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution's knowledge of the customer, their business and risk profile, including, where necessary, the source of funds; and
            b) Ensuring that documents, data or information collected under the CDD process is kept up-to-date and relevant, by undertaking reviews of existing records, particularly for higher risk categories of customers.
            Amended: October 2017
            Added: October 2014

          • FC-1.1.2C

            A conventional bank licensee must also review and update the customers’ risk profile based on their level of ML/TF/PF risk upon onboarding and regularly throughout the life of the relationship. The risk management and mitigation measures implemented by a licensee must be commensurate with the risk profile of the customer or type of customer.

            Added: January 2022

          • FC-1.1.3

            For the purposes of this Module, 'customer' includes counterparties such as financial markets counterparties, except where financial institutions are acting as principals where simplified due diligence measures may sometimes apply. These simplified measures are set out in Section FC 1.11.

            October 07

          • FC-1.1.4

            The CBB's specific minimum standards to be followed with respect to verifying customer identity and source of funds are contained in Section FC-1.2. Enhanced requirements apply under certain high-risk situations: these requirements are contained in Sections FC-1.3 to FC-1.8 inclusive. Additional requirements apply where a conventional bank licensee is relying on a professional intermediary to perform certain parts of the customer due diligence process: these are detailed in Section FC-1.9. Simplified customer due diligence measures may apply in defined circumstances: these are set out in Section FC-1.11.

            October 07

        • Verification of Third Parties

          • FC-1.1.5

            Conventional bank licensees must obtain a signed statement, in hard copy or through digital means from all new customers confirming whether or not the customer is acting on his own behalf or not. This undertaking must be obtained prior to conducting any transactions with the customer concerned.

            Amended: January 2022
            October 07

          • FC-1.1.6

            Where a customer is acting on behalf of a third party, the conventional bank licensee must also obtain a signed statement from the third party, confirming they have given authority to the customer to act on their behalf. Where the third party is a legal person, the conventional bank licensee must have sight of the original Board resolution (or other applicable document) authorising the customer to act on the third party's behalf, and retain a certified copy.

            October 07

          • FC-1.1.7

            Conventional bank licensees must establish and verify the identity of the customer and (where applicable) the party/parties on whose behalf the customer is acting, including the Beneficial Owner of the funds. Verification must take place in accordance with the requirements specified in this Chapter.

            October 07

          • FC-1.1.8

            Where financial services are provided to a minor or other person lacking full legal capacity, the normal identification procedures as set out in this Chapter must be followed. In the case of minors, licensees must additionally verify the identity of the parent(s) or legal guardian(s). Where a third party on behalf of a person lacking full legal capacity wishes to open an account, the licensee must establish the identity of that third party as well as the intended account holder.

            October 07

        • Anonymous and Nominee Accounts

          • FC-1.1.9

            Conventional bank licensees must not establish or keep anonymous accounts or accounts in fictitious names. Where conventional bank licensees maintain a nominee account, which is controlled by or held for the benefit of another person, the identity of that person must be disclosed to the conventional bank licensee and verified by it in accordance with the requirements specified in this Chapter.

            October 07

        • Timing of Verification

          • FC-1.1.10

            Conventional bank licensees must not commence a business relationship or undertake a transaction with a customer before completion of the relevant customer due diligence measures specified in Chapters 1, 2 and 3. However, verification may be completed after receipt of funds in the case of: Bahrain companies under formation which are being registered with the Ministry of Industry and Commerce; or newly arrived persons in Bahrain who are taking up employment or residence.

            Amended: January 2024
            Amended: January 2022
            Amended: October 2014
            Amended: October 2013
            October 07

          • FC-1.1.10A

            Conventional bank licensees must ensure they adopt adequate risk management procedures and perform risk assessments with respect to the conditions under which a customer may utilise the business relationship prior to verification.

            Added: Jan 2024

        • Companies under Formation

          • FC-1.1.10B

            Conventional bank licensees may open a bank account for the purpose of injection of initial capital (bank account for depositing capital) for a company under formation. No transfers or disbursement of funds must take place from such bank account until all the CDD requirements have been fully met.

            Added: Jan 2024

          • FC-1.1.10C

            Conventional bank licensees should only deny a request for opening accounts due to serious reasons or in case of suspicions arising from AML/CFT risk assessments. An example of a serious reason includes the detection of the fact that one of the shareholders of the company under formation appears in local, regional or international sanction lists.

            Added: Jan 2024

          • FC-1.1.10D

            Conventional bank licensees may open a separate bank account for the purpose of payment of formation expenses under conditions to be agreed with the customer.

            Added: Jan 2024

          • FC-1.1.10E

            All bank accounts of the company under formation must be closed and funds returned (see Paragraph FC-1.1.11) or suspended if the final CR is not received and the customer has not completed the customer due diligence requirements within a period of six months from the date of opening the account. The six-month period may be extended subject to a bilateral arrangement between the licensee and the customer.

            Added: Jan 2024

          • FC-1.1.10F

            For the purposes of account mentioned in Paragraph FC-1.1.10Dconventional bank licensees should follow the guidance below:

            (a) Licensees should receive from the customer, information regarding the nature of transactions, volume and prospective vendors during the formation stages;
            (b) Licensees may agree with the customer a limit for maximum payments to be made out of this account;
            (c) Licensees should ensure that payments from such accounts are only through EFTS; and
            (d) Licensees should integrate their systems with Sijilat system of the Ministry of Industry and Commerce for real-time access to allow opening of accounts in a timely and efficient manner.
            Added: Jan 2024

        • New Arrivals

          • FC-1.1.10G

            In the case of newly arrived persons in Bahrain who are taking up employment or residence, an account may be opened after undertaking initial customer due diligence and obtaining and verifying the identity information of the customer. However, no transfers or disbursement of funds must take place from such bank account until all the CDD requirements have been fully met.

            Added: Jan 2024

          • FC-1.1.10H

            In complying with the requirements of Paragraph FC-1.1.10G, examples of serious reasons for denying the request for opening an account may include failure to provide a valid passport. It may also include instances where a potential customer’s conduct or activity appears suspicious, or the customer’s name appears in one of the local, regional or international sanction lists.

            Added: Jan 2024

        • Incomplete Customer Due Diligence

          • FC-1.1.11

            Where a conventional bank licensee is unable to comply with the requirements specified in Chapters 1, 2 and 3, it must consider whether: it should freeze any funds received and file a suspicious transaction report; or to terminate the relationship; or not proceed with the transaction; or to return the funds to the counterparty in the same method as received.

            Amended: October 2013
            October 07

          • FC-1.1.12

            See also Chapter FC-5, which covers the filing of suspicious transaction reports. Regarding the return of funds to the counterparty, if funds are received in cash, funds should be returned in cash. If funds are received by wire transfer, they should be returned by wire transfer.

            Amended: October 2013
            October 07

        • Non-Resident Accounts

          • FC-1.1.12A

            Conventional retail bank licensees that open bank accounts or otherwise transact or deal with non-resident customers must have documented criteria for acceptance of business from such persons. For non-resident customers, conventional retail bank licensees must ensure the following:

            (a) Ensure there is a viable economic reason for the business relationship;
            (b) Perform enhanced due diligence where required in accordance with Paragraph FC-1.1.17;
            (c) Obtain and document the country of residence for tax purposes where relevant;
            (d) Obtain evidence of banking relationships in the country of residence;
            (e) Obtain the reasons for dealing with licensee in Bahrain;
            (f) Obtain an indicative transaction volume and/or value of incoming funds; and
            (g) Test that the persons are contactable without unreasonable delays.
            Amended: October 2023
            Added: January 2022

          • FC-1.1.12B

            Conventional retail bank licensees that open bank accounts or otherwise transact or deal with non-resident customers must have documented approved policies in place setting out the products and services which will be offered to non-resident customers. Such policy document must take into account a comprehensive risk assessment covering all risks associated with the products and services offered to non-residents. The licensee must also have detailed procedures to address the risks associated with the dealings with non-resident customers including procedures and processes relating to authentication, genuineness of transactions and their purpose.

            Added: January 2022

          • FC-1.1.12C

            Conventional bank licensees must not accept non-residents customers from high risk jurisdictions subject to a call for action by FATF.

            Added: January 2022

          • FC-1.1.12D

            Conventional bank licensees must take adequate precautions and risk mitigation measures before onboarding non-resident customers from high risk jurisdictions. The licensees must establish detailed assessments and criteria that take into consideration FATF mutual evaluations, FATF guidance, the country national risk assessments (NRAs) and other available guidance on onboarding and retaining non-resident customers from the following high risk jurisdictions:

            (a) Jurisdictions under increased monitoring by FATF;
            (b) Countries upon which United Nations sanctions have been imposed except those referred to in Paragraph FC-1.1.12C; and
            (c) Countries that are the subject of any other sanctions.
            Added: January 2022

          • FC-1.1.12E

            [This Paragraph was deleted in October 2023].

            Added: January 2022
            Deleted: October 2023

          • FC-1.1.12F

            All conventional bank licensees must establish systems and measures that are proportional to the risk relevant to each jurisdiction and this must be documented. Such a document must show the risks, mitigation measures for each jurisdiction and for each non-resident customer.

            Added: January 2022

          • FC-1.1.12G

            All conventional bank licensees must establish a comprehensive documented policy and procedures describing also the tools, methodology and systems that support the licensee’s processes for:

            (a) The application of RBA;
            (b) Customer due diligence;
            (c) Ongoing transaction monitoring; and
            (d) Reporting in relation to their transactions or dealings with nonresident customers.
            Added: January 2022

          • FC-1.1.12H

            Conventional bank licensees must ensure that only official/government documents are accepted for the purpose of information in Subparagraphs FC-1.2.1 (a) to (f) in the case of non-resident customers.

            Added: January 2022

          • FC-1.1.13

            [This Paragraph was deleted in January 2024].

            Deleted: January 2024
            Amended: January 2022
            Amended: April 2014
            Added: October 2013

          • FC-1.1.13A

            [This Paragraph was deleted in January 2024].

            Deleted: January 2024
            Added: April 2014
             

          • FC-1.1.13B

            [This Paragraph was deleted in January 2024].

            Deleted: January 2024
            Added: April 2014
             

          • FC-1.1.13C

            [This Paragraph was deleted in January 2024].

            Deleted: January 2024
            Added: April 2014
             

          • FC-1.1.13D

            [This Paragraph was deleted in January 2024].

            Deleted: January 2024
            Added: October 2017
             

          • FC-1.1.13E

            [This Paragraph was deleted in January 2024].

            Deleted: January 2024
            Added: October 2017
             

          • FC-1.1.13F

            [This Paragraph was deleted in January 2024].

            Deleted: January 2024
            Added: October 2017

          • FC-1.1.13G

            [This Paragraph was deleted in January 2024].

            Deleted: January 2024
            Added: October 2017

          • FC-1.1.13H

            [This Paragraph was deleted in January 2024].

            Deleted: January 2024
            Added: October 2017

          • FC-1.1.14

            [This Paragraph was deleted in October 2023].

            Deleted: October 2023
            Amended: January 2023
            Amended: April 2021
            Amended: January 2021
            Added: October 2013

          • FC-1.1.14A

            [This Paragraph was deleted in October 2023].

            Added: July 2022
            Deleted: October 2023

          • FC-1.1.14B

            [This Paragraph was deleted in October 2023].

            Added: January 2023
            Deleted: October 2023

          • FC-1.1.15

            Where a non-resident account is opened, the customer must be informed by the conventional bank licensee of any services which may be restricted or otherwise limited, as a result of their non-resident status.

            Added: October 2013

          • FC-1.1.16

            For purposes of Paragraph FC-1.1.15, examples of limitations or restrictions for non-resident accounts may include limitations on banking services being offered including the granting of loans or other facilities, including credit cards or cheque books.

            Added: October 2013

          • FC-1.1.17

            Conventional bank licensees must follow the below CDD and customer onboarding requirements:

              Enhanced Due Diligence Digital Onboarding
            Bahrainis and GCC nationals (wherever they reside) and expatriates resident in Bahrain No Yes
            Others Yes Yes
            Added: October 2023

      • FC-1.2 FC-1.2 Face-to-face Business

        • Natural Persons

          • FC-1.2.1

            If the customer is a natural person, conventional bank licensees must identify the person’s identity and obtain the following information before providing financial services of any kind:

            (a) Full legal name and any other names used;
            (b) Full permanent address (i.e. the residential address of the customer; a post office box is insufficient);
            (c) Date of birth;
            (d) Nationality;
            (e) Passport number (if the customer is a passport holder);
            (f) Current CPR or Iqama number (for residents of Bahrain or GCC states) or government issued national identification proof;
            (g) Telephone/fax number and email address (where applicable);
            (h) Occupation or public position held (where applicable);
            (i) Employer's name and address (if self-employed, the nature of the self-employment);
            (j) Type of account, and nature and volume of anticipated business dealings with the conventional bank licensee;
            (k) Signature of the customer(s);
            (l) Source of funds;
            (m) Reason for opening the account; and
            (n) Place of birth.
            Amended: January 2024
            Amended: January 2022
            Amended: January 2020
            October 07

          • FC-1.2.1A

            Conventional bank licensees obtaining the information and customer signature electronically using digital applications must comply with the applicable laws governing the onboarding/business relationship including but not limited to the Electronic Transactions Law (Law No. 54 of 2018) for the purposes of obtaining signatures as required in Subparagraph FC-1.2.1 (k) above.

            Added: January 2022

          • FC-1.2.2

            See Part B, Volume 1 (Conventional Banks), for Guidance Notes on source of funds (FC-1.2.1 (1)) and requirements for residents of Bahrain (FC-1.2.1 (c) & (f)).

            October 07

          • FC-1.2.2A

            Conventional retail bank licensees must verify the information in Paragraph FC-1.2.1 (a) to (f) by the following methods; at least one of the copies of the identification documents mentioned in (a) and (b) below must include a clear photograph of the customer:

            (a) Confirmation of the date of birth and legal name, by use of the national E-KYC application and if this is not practical, obtaining a copy of a current valid official original identification document (e.g. birth certificate, passport, national identity card, CPR or Iqama); and
            (b) Confirmation of the permanent residential address by use of the national E-KYC application and if this is not practical, obtaining a copy of a recent utility bill, bank statement or similar statement from another licensee or financial institution, or some form of official correspondence or official documentation card, such as national identity card or CPR, from a public/governmental authority, or a tenancy agreement or record of home visit by an official of the conventional bank licensee.
            Added: January 2022

          • FC-1.2.3

            Conventional wholesale bank licensees must verify the information in Paragraph FC-1.2.1 (a) to (f) by the following methods below; at least one of the copies of the identification documents mentioned in (a) and (b) below must include a clear photograph of the customer:

            (a) Confirmation of the date of birth and legal name, by taking a copy of a current valid official original identification document (e.g. birth certificate, passport, national identity card, CPR or Iqama);
            (b) Confirmation of the permanent residential address by taking a copy of a recent utility bill, bank statement or similar statement from another licensee or financial institution, or some form of official correspondence or official documentation card, such as CPR, from a public/governmental authority, or a tenancy agreement or record of home visit by an official of the conventional bank licensee; and
            (c) Where appropriate, direct contact with the customer by phone, letter or email to confirm relevant information, such as residential address information.
            Amended: January 2022
            October 07

          • FC-1.2.4

            Any document copied or obtained for the purpose of identification verification in a face-to-face customer due diligence process must be an original. An authorised official of the licensee must certify the copy, by writing on it the words 'original sighted', together with the date and his signature. Equivalent measures must be taken for electronic copies.

            Amended: January 2022
            October 07

          • FC-1.2.5

            Identity documents which are not obtained by an authorised official of the licensee in original form (e.g. due to a customer sending a copy by post following an initial meeting) must instead be certified (as per FC-1.2.4) by one of the following from a GCC or FATF member state:

            (a) A lawyer;
            (b) A notary;
            (c) A chartered/certified accountant;
            (d) An official of a government ministry;
            (e) An official of an embassy or consulate; or
            (f) An official of another licensed financial institution or of an associate company of the licensee.
            October 07

          • FC-1.2.6

            The individual making the certification under FC-1.2.5 must give clear contact details (e.g. by attaching a business card or company stamp). The conventional bank licensee must verify the identity of the person providing the certification through checking membership of a professional organisation (for lawyers or accountants), or through checking against databases/websites, or by direct phone or email contact.

            October 07

        • Legal Entities or Legal Arrangements (such as trusts)

          • FC-1.2.7

            If the customer is a legal entity or a legal arrangement such as a trust, the conventional bank licensee must obtain and record the following information from original identification documents, databases or websites, in hard copy or electronic form, to identify the customer and to take reasonable measures to verify its identity, legal existence and structure:

            (a) The entity's full name and other trading names used;
            (b) Registration number (or equivalent);
            (c) Legal form and proof of existence;
            (d) Registered address and trading address (where applicable);
            (e) Type of business activity;
            (f) Date and place of incorporation or establishment;
            (g) Telephone, fax number and email address;
            (h) Regulatory body or listing body (for regulated activities such as financial services and listed companies);
            (hh) The names of the relevant persons having a senior management position in the legal entity or legal arrangement;
            (i) Name of external auditor (where applicable);
            (j) Type of account, and nature and volume of anticipated business dealings with the conventional bank licensee; and
            (k) Source of funds.
            Amended: October 2017
            October 07

          • FC-1.2.8

            The information provided under FC-1.2.7 must be verified by obtaining certified copies of the following documents, as applicable (depending on the legal form of the entity):

            (a) Certificate of incorporation and/or certificate of commercial registration or trust deed;
            (b) Memorandum of association;
            (c) Articles of association;
            (d) Partnership agreement;
            (e) Board resolution seeking the banking services (only necessary in the case of private or unlisted companies);
            (f) Identification documentation of the authorised signatories to the account (certification not necessary for companies listed in a GCC/FATF state);
            (g) Copy of the latest financial report and accounts, audited where possible (audited copies do not need to be certified); and
            (h) List of authorised signatories of the company for the account and a Board resolution (or other applicable document) authorising the named signatories or their agent to operate the account (resolution only necessary for private or unlisted companies).
            Amended: October 2014
            Amended: January 2012
            October 07

          • FC-1.2.8A

            For customers that are legal persons, conventional bank licensees must identify and take reasonable measures to verify the identity of beneficial owners through the following information:

            (a) The identity of the natural person(s) who ultimately have a controlling ownership interest in a legal person, and
            (b) To the extent that there is doubt under (a) as to whether the person(s) with the controlling ownership interest is the beneficial owner(s), or where no natural person exerts control of the legal person or arrangement through other means; and
            (c) Where no natural person is identified under (a) or (b) above, the identity of the relevant natural person who holds the position of senior managing official.
            Added: October 2017

          • FC-1.2.9

            Documents obtained to satisfy the requirements in FC-1.2.8 above must be certified in the manner specified in FC-1.2.4 to FC-1.2.6.

            October 07

          • FC-1.2.9A

            For the purpose of Paragraph FC-1.2.8(a), the requirement to obtain a certified copy of the commercial registration, may be satisfied by obtaining a commercial registration abstract printed directly from the Ministry of Industry, Commerce and Tourism's website, through "SIJILAT Commercial Registration Portal".

            Added: January 2017

          • FC-1.2.10

            The documentary requirements in FC-1.2.8 above do not apply in the case of FATF/GCC listed companies: see Section FC-1.11 below. Also, the documents listed in FC-1.2.8 above are not exhaustive: for customers from overseas jurisdictions, documents of an equivalent nature may be produced as satisfactory evidence of a customer's identity.

            October 07

          • FC-1.2.11

            Licensees must also obtain and document the following due diligence information. These due diligence requirements must be incorporated in the licensee's new business procedures:

            (a) Enquire as to the structure of the legal entity or trust sufficient to determine and verify the identity of the ultimate beneficial owner of the funds, the ultimate provider of funds (if different), and the ultimate controller of the funds (if different);
            (b) Ascertain whether the legal entity has been or is in the process of being wound up, dissolved, struck off or terminated;
            (c) Obtain the names, country of residence and nationality of Directors or partners (only necessary for private or unlisted companies);
            (d) Require, through new customer documentation or other transparent means, updates on significant changes to corporate ownership and/or legal structure;
            (e) Obtain and verify the identity of shareholders holding 20% or more of the issued capital (where applicable). The requirement to verify the identity of these shareholders does not apply in the case of FATF/GCC listed companies;
            (f) In the case of trusts or similar arrangements, establish the identity of the settlor(s), trustee(s), and beneficiaries (including making such reasonable enquiries as to ascertain the identity of any other potential beneficiary, in addition to the named beneficiaries of the trust); and
            (g) Where a licensee has reasonable grounds for questioning the authenticity of the information supplied by a customer, conduct additional due diligence to confirm the above information.
            October 07

          • FC-1.2.12

            For the purposes of Paragraph FC-1.2.11, acceptable means of undertaking such due diligence might include taking bank references; visiting or contacting the company by telephone; undertaking a company search or other commercial enquiries; accessing public and private databases (such as stock exchange lists); making enquiries through a business information service or credit bureau; confirming a company's status with an appropriate legal or accounting firm; or undertaking other enquiries that are commercially reasonable.

            October 07

          • FC-1.2.13

            Where a licensee is providing investment management services to a regulated mutual fund, and is not receiving investors' funds being paid into the fund, it may limit its CDD to confirming that the administrator of the fund is subject to FATF-equivalent customer due diligence measures (see FC-1.9 for applicable measures). Where there are reasonable grounds for believing that investors' funds being paid into the fund are not being adequately verified by the administrator, then the licensee should consider terminating its relationship with the fund.

            October 07

      • FC-1.3 FC-1.3 Enhanced Customer Due Diligence: General Requirements

        • FC-1.3.1

          Enhanced customer due diligence must be performed on those customers identified as having a higher risk profile, and additional inquiries made or information obtained in respect of those customers.

          October 07

        • FC-1.3.2

          Licensees should examine, as far as reasonably possible, the background and purpose of all complex, unusual large transactions, and all unusual patterns of transactions, which have no apparent economic or lawful purpose. Where the risks of money laundering or terrorist financing are higher, licensees should conduct enhanced CDD measures, consistent with the risks identified. In particular, they should increase the degree and nature of monitoring of the business relationship, in order to determine whether those transactions or activities appear unusual or suspicious. The additional inquiries or information referred to in Paragraph FC-1.3.1 include:

          (a) Obtaining additional information on the customer (e.g. occupation, volume of assets, information available through public databases, internet, etc.), and updating more regularly the identification data of customer and beneficial owner;
          (b) Obtaining additional information on the intended nature of the business relationship;
          (c) Obtaining information on the source of funds or source of wealth of the customer;
          (d) Obtaining information on the reasons for intended or performed transactions;
          (e) Obtaining the approval of senior management to commence or continue the business relationship;
          (f) Conducting enhanced monitoring of the business relationship, by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination;
          (g) Taking specific measures to identify the source of the first payment in this account and applying RBA to ensure that there is a plausible explanation in any case where the first payment was not received from the same customer’s account;
          (h) Obtaining evidence of a person's permanent address through the use of a credit reference agency search, or through independent governmental database or by home visit;
          (i) Obtaining a personal reference (e.g. by an existing customer of the conventional bank licensee);
          (j) Obtaining another licensed entity's reference and contact with the concerned licensee regarding the customer;
          (k) Obtaining documentation outlining the customer's source of wealth;
          (l) Obtaining additional documentation outlining the customer's source of income; and
          (m) Obtaining additional independent verification of employment or public position held.
          Amended: January 2022
          October 07

        • FC-1.3.3

          In addition to the general rule contained in Paragraph FC-1.3.1 above, special care is required in the circumstances specified in Sections FC-1.4 to FC-1.9 inclusive.

          October 07

        • FC-1.3.4

          Additional enhanced due diligence measures for non-resident account holders may include the following:

          (a) References provided by a regulated bank from a FATF country;
          (b) Certified copies of bank statements for a recent 3-month period; or
          (c) References provided by a known customer of the conventional bank licensee.
          Amended: October 2019
          Added: October 2013

      • FC-1.4 FC-1.4 Enhanced Customer Due Diligence: Non face-to-face Business and New Technologies

        • FC-1.4.1

          Conventional bank licensees must establish specific procedures for verifying customer identity where no face-to-face contact takes place.

          October 07

        • FC-1.4.2

          Where no face-to-face contact takes place, conventional bank licensees must take additional measures (to those specified in Section FC-1.2), in order to mitigate the potentially higher risk associated with such business. In particular, conventional bank licensees must take measures:

          (a) To ensure that the customer is the person they claim to be; and
          (b) To ensure that the address provided is genuinely the customer's.
          October 07

        • FC-1.4.3

          There are a number of checks that can provide a conventional bank licensee with a reasonable degree of assurance as to the authenticity of the applicant. They include:

          (a) Telephone contact with the applicant on an independently verified home or business number;
          (b) With the customer's consent, contacting an employer to confirm employment, via phone through a listed number or in writing;
          (c) Salary details appearing on recent bank statements;
          (d) Independent verification of employment (e.g.: through the use of a national E-KYC application, or public position held;
          (e) Carrying out additional searches (e.g. internet searches using independent and open sources) to better inform the customer risk profile;
          (f) Carrying out additional searches focused on financial crime risk indicator (i.e. negative news);
          (g) Evaluating the information provided with regard to the destination of fund and the reasons for the transaction;
          (h) Seeking and verifying additional information from the customer about the purpose and intended nature of the transaction or the business relationship; and
          (i) Increasing the frequency and intensity of transaction monitoring.
          Amended: January 2022
          October 07

        • FC-1.4.4

          Financial services provided using digital channels or internet pose greater challenges for customer identification and AML/CFT purposes. Conventional bank licensees must identify and assess the money laundering or terrorist financing risks relevant to any new technology or channel and establish procedures to prevent the misuse of technological developments in money laundering or terrorist financing schemes. Specifically, licensees which provide electronic and internet banking services to their customers, must establish systems or programmes to monitor, detect and highlight unusual transactions. The risk assessments must be consistent with the requirements in Section FC-C-2.

          Amended: January 2022
          October 07

        • FC-1.4.5

          Conventional bank licensees must identify and assess the money laundering or terrorist financing risks that may arise in relation to:

          (a) The development of new products and new business practices, including new delivery mechanisms; and
          (b) The use of new or developing technologies for both new and pre-existing products.
          Added: October 2014

        • FC-1.4.6

          For purposes of Paragraph FC-1.4.5, such a risk assessment consistent with the requirements in Section FC-C.2 and must take place prior to the launch of the new products, business practices or the use of new or developing technologies. Conventional bank licensees must take appropriate measures to manage and mitigate those risks.

          Amended: January 2022
          Added: October 2014

        • Enhanced Monitoring

          • FC-1.4.7

            Customers on boarded digitally must be subject to enhanced on-going account monitoring measures.

            Added: January 2022

          • FC-1.4.8

            The CBB may require a licensee to share the details of the enhanced monitoring and the on-going monitoring process for non face-to-face customer relationships.

            Added: January 2022

        • Licensee’s digital ID applications

          • FC-1.4.9

            Conventional bank licensees may use its digital ID applications that use secure audio-visual real time (live video conferencing/live photo selfies) communication means to identify the natural person.

            Added: January 2022

          • FC-1.4.10

            Conventional bank licensees must maintain a document available upon request for the use of its digital ID applications that includes all the following information:

            (a) A description of the nature of products and services for which the proprietary digital ID application is planned to be used with specific references to the rules in this Module for which it will be used;
            (b) A description of the systems and IT infrastructure that are planned to be used;
            (c) A description of the technology and applications that have the features for facial recognition or biometric recognition to authenticate independently and match the face and the customer identification information available with the licensee. The process and the features used in conjunction with video conferencing include, among others, face recognition, three-dimensional face matching techniques etc.;
            (d) “Liveness” checks created in the course of the identification process;
            (e) A description of the governance arrangements related to this activity including the availability of specially trained personnel with sufficient level of seniority; and
            (f) Record keeping arrangements for electronic records to be maintained and the relative audit.
            Added: January 2022

          • FC-1.4.11

            Conventional bank licensees that intend to use its digital ID application to identify the customer and verify identity information must meet the following additional requirements:

            (a) The digital ID application must make use of secure audio visual real time (live video conferencing /live photo selfies) technology to (i) identify the customer, (ii) verify his/her identity, and also (iii) ensure the data and documents provided are authentic;
            (b) The picture/sound quality must be adequate to facilitate unambiguous identification;
            (c) The digital ID application must include or be combined with capability to read and decrypt the information stored in the identification document’s machine readable zone (MRZ) for authenticity checks from independent and reliable sources;
            (d) Where the MRZ reader is with an outsourced provider, the licensee must ensure that such party is authorized to carry out such services and the information is current and up to date and readily available such that the licensee can check that the decrypted information matches the other information in the identification document;
            (e) The digital ID application has the features for allowing facial recognition or biometric recognition that can authenticate and match the face and the customer identification documents independently;
            (f) The digital ID solution has been tested by an independent expert covering the governance and control processes to ensure the integrity of the solution and underlying methodologies, technology and processes and risk mitigation. The report of the expert’s findings must be retained and available upon request;
            (g) The digital ID application must enable an ongoing process of retrieving and updating the digital files, identity attributes, or data fields which are subject to documented access rights and authorities for updating and changes; and
            (h) The digital ID application must have the geo-location features which must be used by the licensee to ensure that it is able to identify any suspicious locations and to make additional inquiries if the location from which a customer is completing the onboarding process does not match the location of the customer based on the information and documentation submitted.
            Added: January 2022

          • FC-1.4.12

            Conventional bank licensees using its digital ID application must establish and implement an approved policy which lays down the governance, control mechanisms, systems and procedures for the CDD which include:

            (a) A description of the nature of products and services for which customer due diligence may be conducted through video conferencing or equivalent electronic means;
            (b) A description of the systems, controls and IT infrastructure planned to be used;
            (c) Governance mechanism related to this activity;
            (d) Specially trained personnel with sufficient level of seniority; and
            (e) Record keeping arrangements for electronic records to be maintained and the relative audit trail.
            Added: January 2022

          • FC-1.4.13

            Conventional bank licensees must ensure that the information referred to in Paragraph FC-1.2.1 is collected in adherence to privacy laws and other applicable laws of the country of residence of the customer.

            Added: January 2022

          • FC-1.4.14

            Conventional bank licensees must ensure that the information referred to in Subparagraphs FC-1.2.1 (a) to (f) is obtained prior to commencing the digital verification such that:

            (a) The licensee can perform its due diligence prior to the digital interaction/communication and can raise targeted questions at such interaction/communication session; and
            (b) The licensee can verify the authenticity, validity and accuracy of such information through digital means (See Paragraph FC.1.4.16 below) or by use of the methods mentioned in Paragraph FC-1.2.3 and /or FC-1.4.3 as appropriate.
            Added: January 2022

          • FC-1.4.15

            The licensee must also obtain the customer’s explicit consent to record the session and capture images as may be needed.

            Added: January 2022

          • FC-1.4.16

            Conventional bank licensees must verify the information in Paragraph FC-1.2.1 (a) to (f) by the following methods below:

            (a) Confirmation of the date of birth and legal name by digital reading and authenticating current valid passport or other official original identification using machine readable zone (MRZ) or other technology which has been approved under paragraph FC-1.4.9, unless the information was verified using national E-KYC application;
            (b) Performing real time video calls with the applicant to identify the person and match the person’s face and /other features through facial recognition or bio-metric means with the office documentation, (e.g. passport, CPR);
            (c) Matching the official identification document, (e.g. passport, CPR) and related information provided with the document captured/displayed on the live video call; and
            (d) Confirmation of the permanent residential address by, unless the information was verified using national E-KYC application capturing live, the recent utility bill, bank statement or similar statement from another licensee or financial institution, or some form of official correspondence or official documentation card, such as national identity card or CPR, from a public/governmental authority, or a tenancy agreement or record of home visit by an official of the conventional bank licensee.
            Added: January 2022

          • FC-1.4.17

            For the purposes of Paragraph FC-1.4.16, actions taken for obtaining and verifying customer identity could include:

            (a) Collection: Present and collect identity attributes and evidence, either in person and/or online (e.g., by filling out an online form, sending a selfie photo, uploading photos of documents such as passport or driver’s license, etc.);
            (b) Certification: Digital or physical inspection to ensure the document is authentic and its data or information is accurate (for example, checking physical security features, expiration dates, and verifying attributes via other services);
            (c) De-duplication: Establish that the identity attributes and evidence relate to a unique person in the ID system (e.g., via duplicate record searches, biometric recognition and/or deduplication algorithms);
            (d) Verification: Link the individual to the identity evidence provided (e.g., using biometric solutions like facial recognition and liveness detection); and
            (e) Enrolment in identity account and binding: Create the identity account and issue and link one or more authenticators with the identity account (e.g., passwords, one-time code (OTC) generator on a smartphone, etc.). This process enables authentication.
            Added: January 2022

          • FC-1.4.18

            Not all elements of a digital ID system are necessarily digital. Some elements of identity proofing and enrolment can be either digital or physical (documentary), or a combination, but binding and authentication must be digital.

            Added: January 2022

          • FC-1.4.19

            Sufficient controls must be put in place to safeguard the data relating to customer information collected through the video conference and due regard must be paid to the requirements of the Personal Data Protection Law (PDPL). Additionally, controls must be put in place to minimize the increased impersonation fraud risk in such non face-to-face relationship where there is a chance that customer may not be who he claims he is.

            Added: January 2022

        • Overseas branches

          • FC-1.4.20

            Where conventional bank licensees intend to use a digital ID application in a foreign jurisdiction in which it operates, it must ensure that the digital ID application meets with the requirements under Paragraph FC-B.2.1.

            Added: January 2022

      • FC-1.5 FC-1.5 Enhanced Customer Due Diligence: Politically Exposed Persons ('PEPs')

        • FC-1.5.1

          Conventional bank licensees must have appropriate risk management systems to determine whether a customer or beneficial owner is a Politically Exposed Person ('PEP'), both at the time of establishing business relations and thereafter on a periodic basis. Conventional bank licensees must utilise publicly available databases and information to establish whether a customer is a PEP.

          Amended: July 2016
          Amended: October 2014
          October 07

        • FC-1.5.2

          Conventional bank licensees must establish a client acceptance policy with regard to PEPs, taking into account the reputational and other risks involved. Senior management approval must be obtained before a PEP is accepted as a customer. Licensees must not accept a non-Bahraini PEP as a customer based on customer due diligence undertaken using digital ID applications.

          Amended: January 2022
          Added: October 2007

        • FC-1.5.3

          Where an existing customer is a PEP, or subsequently becomes a PEP, enhanced monitoring and customer due diligence measures must include:

          (a) Analysis of complex financial structures, including trusts, foundations or international business corporations;
          (b) A written record in the customer file to establish that reasonable measures have been taken to establish both the source of wealth and the source of funds;
          (c) Development of a profile of anticipated customer activity, to be used in on-going monitoring;
          (d) Approval of senior management for allowing the customer relationship to continue; and
          (e) On-going account monitoring of the PEP's account by senior management (such as the MLRO).
          October 07

        • FC-1.5.3A

          In cases of higher risk business relationships with such persons, mentioned in Paragraph FC-1.5.1, conventional bank licensees must apply, at a minimum, the measures referred to in (b), (d) and (e) of Paragraph FC-1.5.3.

          Added: October 2014

        • FC-1.5.3B

          The requirements for all types of PEP must also apply to family or close associates of such PEPs.

          Added: October 2014

        • FC-1.5.3C

          For the purpose of Paragraph FC-1.5.3B, 'family' means spouse, father, mother, sons, daughters, sisters and brothers. 'Associates' are persons associated with a PEP whether such association is due to the person being an employee or partner of the PEP or of a firm represented or owned by the PEP, or family links or otherwise.

          Added: October 2014

        • FC-1.5.4

          [This Paragraph was deleted in July 2016 and the definition moved to the Glossary under Part B.]

          Deleted: July 2016
          Amended: October 2014
          October 07

      • FC-1.6 FC-1.6 Enhanced Due Diligence: Charities, Clubs and Other Societies

        • FC-1.6.1

          Financial services must not be provided to charitable funds and religious, sporting, social, cooperative and professional and other societies, until an original certificate authenticated by the relevant Ministry confirming the identities of those purporting to act on their behalf (and authorising them to obtain the said service) has been obtained.

          Amended: October 2014
          Amended: January 2013
          October 07

        • FC-1.6.1A

          For the purpose of Paragraph FC-1.6.1, for clubs and societies registered with the Ministry of Youth and Sport Affairs, conventional bank licensees must contact the Ministry to clarify whether the account may be opened in accordance with the rules of the Ministry. In addition, in the case of sport associations registered with the Bahrain Olympic Committee (BOC), conventional bank licensees must contact BOC to clarify whether the account may be opened in accordance with the rules of BOC.

          Amended: July 2019
          Added: January 2013

        • FC-1.6.2

          Conventional bank licensees are reminded that clubs and societies registered with the Ministry of Youth and Sport Affairs may only have one account with banks in Bahrain.

          Amended: July 2019
          Amended: January 2013
          October 07

        • FC-1.6.2A

          Pursuant to Article (20) of the Consolidated Financial Regulations for Sports Clubs issued in 2005, Conventional bank licensees must not change or open additional bank accounts for Clubs and Youth Centres without obtaining the prior approval of the Ministry of Youth and Sport Affairs.

          Added: July 2019

        • FC-1.6.3

          Charities should be subject to enhanced transaction monitoring by banks. Conventional bank licensees should develop a profile of anticipated account activity (in terms of payee countries and recipient organisations in particular).

          Amended: January 2013
          October 07

        • FC-1.6.4

          Conventional bank licensees must provide a monthly report of all payments and transfers of BD3,000 (or equivalent in foreign currencies) and above, from accounts held by charities registered in Bahrain. The report must be submitted to the CBB's Compliance Directorate Unit (see FC-5.3 for contact address), giving details of the amount transferred, account name, number and beneficiary name account and bank details. Conventional bank licensees must ensure that such transfers are in accordance with the spending plans of the charity (in terms of amount, recipient and country).

          Amended: January 2013
          Amended: January 2011
          October 07

        • FC-1.6.5

          Article 20 of Decree Law No. 21 of 1989 (issuing the Law of Social and Cultural Societies and Clubs and Private Organizations Operating in the Area of Youth and Sport and Private Institutions) provides that Conventional bank licensees must not accept or process any incoming or outgoing fund transfers in any form (wire transfer, cheques, etc.) from or to any foreign association on behalf of charity and non-profit organisations, societies and clubs licensed by the Ministry of Labour and Social Development or the Ministry of Youth and Sport Affairs without the prior approval of the relevant Ministry.

          Amended: July 2019
          Amended: October 2014
          Added July 09

        • FC-1.6.6

          The receipt of a Ministry letter mentioned in FC-1.6.5 above does not exempt the concerned bank from conducting normal CDD measures as outlined in other parts of this Module.

          Added July 09

      • FC-1.7 FC-1.7 Enhanced Due Diligence: 'Pooled Funds'

        • FC-1.7.1

          Where conventional bank licensees receive pooled funds managed by professional intermediaries (such as investment and pension fund managers, stockbrokers and lawyers or authorised money transferors), they must apply CDD measures contained in Section FC-1.9 to the professional intermediary. In addition, conventional bank licensees must verify the identity of the beneficial owners of the funds where required as shown in Paragraphs FC-1.7.2 or FC-1.7.3 below.

          October 07

        • FC-1.7.2

          Where funds pooled in an account are not co-mingled (i.e. where there are 'sub-accounts' attributable to each beneficiary), all beneficial owners must be identified by the conventional bank licensee, and their identity verified in accordance with the requirements in Section FC-1.2.

          Amended: October 2014
          October 07

        • FC-1.7.3

          For accounts held by intermediaries resident in Bahrain, where such funds are co-mingled, the conventional bank licensee must make a reasonable effort (in the context of the nature and amount of the funds received) to look beyond the intermediary and determine the identity of the beneficial owners or underlying clients, particularly where funds are banked and then transferred onward to other financial institutions (e.g. in the case of accounts held on behalf of authorised money transferors). Where, however, the intermediary is subject to equivalent regulatory and money laundering regulation and procedures (and, in particular, is subject to the same due diligence standards in respect of its client base) the CBB will not insist upon all beneficial owners being identified provided the conventional bank licensee has undertaken reasonable measures to determine that the intermediary has engaged in a sound customer due diligence process, consistent with the requirements in Section FC-1.8.

          Amended: October 2014
          October 07

        • FC-1.7.4

          For accounts held by intermediaries from foreign jurisdictions, the intermediary must be subject to requirements to combat money laundering and terrorist financing consistent with the FATF Recommendations and the intermediary must be supervised for compliance with those requirements. The bank must obtain documentary evidence to support the case for not carrying out customer due diligence measures beyond identifying the intermediary. The bank must satisfy itself that the intermediary has identified the underlying beneficiaries and has the systems and controls to allocate the assets in the pooled accounts to the relevant beneficiaries. The due diligence process contained in Section FC-1.8 must be followed.

          Amended: October 2014
          October 07

        • FC-1.7.5

          Where the intermediary is not empowered to provide the required information on beneficial owners (e.g. lawyers bound by professional confidentiality rules) or where the intermediary is not subject to the same due diligence standards referred to above, a bank must not permit the intermediary to open an account or allow the account to continue to operate, unless specific permission has been obtained in writing from the CBB.

          October 07

      • FC-1.8 FC-1.8 Enhanced Due Diligence for Correspondent Banking Relationships

        • FC-1.8.1

          Conventional bank licensees which intend to act as correspondent banks must gather sufficient information (e.g. through a questionnaire) about their respondent banks to understand the nature of the respondent's business. Factors to consider to provide assurance that satisfactory measures are in place at the respondent bank include:

          (a) Information about the respondent bank's ownership structure and management;
          (b) Major business activities of the respondent and its location (i.e. whether it is located in a FATF compliant jurisdiction) as well as the location of its parent (where applicable);
          (c) Where the customers of the respondent bank are located;
          (d) The respondent's AML/CFT controls;
          (e) The purpose for which the account will be opened;
          (f) Confirmation that the respondent bank has verified the identity of any third party entities that will have direct access to the correspondent banking services without reference to the respondent bank (e.g. in the case of 'payable through' accounts);
          (g) The extent to which the respondent bank performs on-going due diligence on customers with direct access to the account, and the condition of bank regulation and supervision in the respondent's country (e.g. from published FATF reports). Banks should take into account the country where the respondent bank is located and whether that country abides by the FATF Recommendations when establishing correspondent relationships with foreign banks. Banks should obtain where possible copies of the relevant laws and regulations concerning AML/CFT and satisfy themselves that respondent banks have effective customer due diligence measures consistent with the FATF Recommendations;
          (h) Confirmation that the respondent bank is able to provide relevant customer identification data on request to the correspondent bank; and
          (i) Whether the respondent bank has been subject to a money laundering or terrorist financing investigation.
          Amended: January 2018
          Amended: October 2014
          Amended: April 2011
          October 07

        • FC-1.8.2

          Conventional bank licensees must implement the following additional measures, prior to opening a correspondent banking relationship:

          (a) Complete a signed statement that outlines the respective responsibilities of each institution in relation to money laundering detection and monitoring responsibilities; and
          (b) Ensure that the correspondent banking relationship has the approval of senior management.
          Amended: April 2011
          October 07

        • FC-1.8.3

          Conventional bank licensees must refuse to enter into or continue a correspondent banking relationship with a bank incorporated in a jurisdiction in which it has no physical presence and which is unaffiliated with a regulated financial group (i.e. 'shell banks', see Section FC-1.10). Banks must pay particular attention when entering into or continuing relationships with respondent banks located in jurisdictions that have poor KYC standards or have been identified by the FATF as being 'non-cooperative' in the fight against money laundering/terrorist financing.

          October 07

      • FC-1.9 FC-1.9 Introduced Business from Professional Intermediaries

        • FC-1.9.1

          A conventional bank licensee may only accept customers introduced to it by other financial institutions or intermediaries, if it has satisfied itself that the financial institution or intermediary concerned is subject to FATF-equivalent measures and customer due diligence measures. Where conventional bank licensees delegate part of the customer due diligence measures to another financial institution or intermediary, the responsibility for meeting the requirements of Chapters 1 and 2 remains with the conventional bank licensee, not the third party.

          Amended: January 2018
          October 07

        • FC-1.9.2

          Conventional bank licensees may only accept introduced business if all of the following conditions are satisfied:

          (a) The customer due diligence measures applied by the introducer are consistent with those required by the FATF Recommendations;
          (b) A formal agreement is in place defining the respective roles of the licensee and the introducer in relation to customer due diligence measures. The agreement must specify that the customer due diligence measures of the introducer will comply with the FATF Recommendations;
          (c) The introducer immediately provides all necessary information required in Paragraph FC-1.2.1 or FC-1.2.7 and FC-1.1.2A pertaining to the customer's identity, the identity of the customer and beneficial owner of the funds (where different), the purpose of the relationship and, where applicable, the party/parties on whose behalf the customer is acting; also, the introducer has confirmed that the conventional bank licensee will be allowed to verify the customer due diligence measures undertaken by the introducer at any stage; and
          (d) Written confirmation is provided by the introducer confirming that all customer due diligence measures required by the FATF Recommendations have been followed and the customer's identity established and verified. In addition, the confirmation must state that any identification documents or other customer due diligence material can be accessed by the conventional bank licensee and that these documents will be kept for at least five years after the business relationship has ended.
          Amended: October 2014
          October 07

        • FC-1.9.3

          The conventional bank licensee must perform periodic reviews ensuring that any introducer on which it relies is in compliance with the FATF Recommendations. Where the introducer is resident in another jurisdiction, the conventional bank licensee must also perform periodic reviews to verify whether the jurisdiction is in compliance with the FATF Recommendations.

          Amended: October 2014
          October 07

        • FC-1.9.4

          Should the conventional bank licensee not be satisfied that the introducer is in compliance with the requirements of the FATF Recommendations, the licensee must conduct its own customer due diligence on introduced business, or not accept further introductions, or discontinue the business relationship with the introducer.

          Amended: October 2014
          October 07

      • FC-1.10 FC-1.10 Shell Banks

        • FC-1.10.1

          Conventional bank licensees must not establish business relations with banks, which have no physical presence or 'mind and management' in the jurisdiction in which they are licensed and which is unaffiliated with a regulated financial group ('shell banks'). Banks must not knowingly establish relations with banks that have relations with shell banks.

          October 07

        • FC-1.10.2

          Conventional bank licensees must make a suspicious transaction report to the Anti-Money Laundering Unit and the Compliance Directorate if they are approached by a shell bank or an institution they suspect of being a shell bank.

          October 07

      • FC-1.10A FC-1.10A Enhanced Due Diligence: Cross Border Cash Transactions by Courier

        Amended: July 2018

        • FC-1.10A.1

          The cross-border movement of cash funds warrants special attention under the FATF Recommendations where transactions are large in value (Recommendation 12), in addition to the general requirement under Recommendation 32 to verify monitor, declare and keep records of all cross-border transfers of cash. Cash shipments are therefore subject to inspection and investigation procedures by the Customs Directorate of the Kingdom of Bahrain. There are also certain specific legal measures mentioned below which are relevant to cross-border cash shipments. Under Article 4 of Decree Law No. 4 of 2001, licensees of the CBB are required to comply with the CBB's Rules and Regulations concerning the prevention and prohibition of money laundering, which include regulations concerning the cross-border movement of cash. Also, licensees' attention is drawn to the disclosure provisions of Decree Law No 54 of 2006 and Ministerial Order No 6 of 2008 with respect to cross-border transportation of funds (see Part B of the Rulebook for Decree Law No 54). Licensees are also reminded of the rules of the unified customs arrangements of the Gulf Cooperation Council as laid out in Decree Law No 10 of 2002. With respect to the above Law No. 4 of 2001 and the concerned parts of other legislation mentioned above, all money changers must implement the enhanced measures below in respect of all cash received from foreign countries or sold/transferred to foreign countries.

          Amended: October 2014
          Adopted: January 2011

        • FC-1.10A.2

          Cash coming into Bahrain via courier (whether a representative of a Bahrain money changer or a foreign institution) must be accompanied by original documentation stating the source of funds and identity of the originator of the funds. Furthermore, the documentation must state the full name and address of the beneficiary of the funds. This documentation must be signed in original by (a representative) of the originator of the cash. This means that where a courier is importing cash via any customs point of entry (e.g. via the Causeway or the Airport), the aforementioned courier must carry original documentation which clearly shows the source of funds and identity of the originator of the funds and the intended beneficiaries' names and address.

          Amended: July 2018
          Adopted: January 2011

        • FC-1.10A.3

          In the case of incoming cash, the courier must carry original documentation signed by the originator stating whether the cash shipment is for local use or for onward transmission.

          Adopted: January 2011

        • FC-1.10A.4

          If the imported cash is for onward transmission, the original documentation must provide the full name and address of the final beneficiaries, as well as the local recipient (e.g. the bank).

          Adopted: January 2011

        • FC-1.10A.5

          Failure to provide complete and detailed original signed documentation by the originator of the funds referred to in Paragraph FC-1.10A.2 may cause the cash shipment to be blocked, whereupon the blocking costs will be borne by the concerned money changer in Bahrain. Licensees are also reminded of the penalties and enforcement measures in Law No. 4 of 2001, Decree Law No. 54 of 2006, Ministerial Order No. 7 of 2001 issued by the Minister of Finance and National Economy, the rules of the unified customs arrangements of the Gulf Cooperation Council as laid out in Decree Law No. 10 of 2002 and the CBB Law No. 64 of 2006.

          Adopted: January 2011

      • FC-1.11 FC-1.11 Simplified Customer Due Diligence

        • FC-1.11.1

          Conventional bank licensees may apply simplified customer due diligence measures, as described in Paragraphs FC-1.11.2 to FC-1.11.7, if:

          (a) The customer is the Central Bank of Bahrain ('CBB'), the Bahrain Bourse ('BHB') or a licensee of the CBB;
          (b) The customer is a Ministry of a Gulf Cooperation Council ('GCC') or Financial Action Task Force ('FATF') member state government, a company in which a GCC or FATF government is a majority shareholder, or a company established by decree in the GCC;
          (c) The customer is a company listed on a GCC or FATF member state stock exchange (where the FATF state stock exchange has equivalent disclosure standards to those of the BHB);
          (d) The customer is a financial institution whose entire operations are subject to AML/CFT requirements consistent with the FATF Recommendations and it is supervised by a financial services supervisor in a FATF or GCC member state for compliance with those requirements;
          (e) The customer is a financial institution which is a subsidiary of a financial institution located in a FATF or GCC member state, and the AML/CFT requirements applied to its parent also apply to the subsidiary;
          (f) The customer is a borrower in a syndicated transaction where the agent bank is a financial institution whose entire operations are subject to AML/CFT requirements consistent with the FATF Recommendations and it is supervised by a financial services supervisor in a FATF or GCC member state for compliance with those requirements; or
          (g) [This sub-paragraph was deleted in January 2018].
          Amended: January 2019
          Amended: January 2018
          Amended: October 2014
          Amended: April 2013
          Amended: January 2013
          Amended: April 2008
          October 07

        • FC-1.11.2

          For customers falling under categories a-f specified in Paragraph FC-1.11.1, the information required under Paragraph FC-1.2.1 (for natural persons) or FC-1.2.7 (for legal entities or legal arrangements such as trusts) must be obtained. However, the verification and certification requirements in Paragraphs FC-1.2.3 and FC-1.2.8, and the due diligence requirements in Paragraph FC-1.2.11, may be dispensed with. Where the account is a correspondent banking relationship, enhanced due diligence applies. Refer to Section FC-1.8.

          October 07

        • FC-1.11.3

          [This Paragraph was deleted in July 2018.]

          Deleted: July 2018

        • FC-1.11.4

          Conventional bank licensees wishing to apply simplified due diligence measures as allowed for under Paragraph FC-1.11.1 must retain documentary evidence supporting their categorisation of the customer.

          October 07

        • FC-1.11.5

          Examples of such documentary evidence may include a printout from a regulator's website, confirming the licensed status of an institution, and internal papers attesting to a review of the AML/CFT measures applied in a jurisdiction.

          October 07

        • FC-1.11.6

          Conventional bank licensees may use authenticated SWIFT messages as a basis for confirmation of the identity of a financial institution under FC-1.11.1 (d) and (e) where it is dealing as principal. For customers coming under Paragraph FC-1.11.1 (d) and (e), conventional bank licensees must also obtain and retain a written statement from the parent institution of the subsidiary concerned, confirming that the subsidiary is subject to the same AML/CFT measures as its parent.

          October 07

        • FC-1.11.7

          Simplified customer due diligence measures must not be applied where a conventional bank licensee knows, suspects, or has reason to suspect, that the applicant is engaged in money laundering or terrorism financing or that the transaction is carried out on behalf of another person engaged in money laundering or terrorism financing.

          October 07

        • FC-1.11.7A

          Simplified customer due diligence measures must not be applied in situations where the licensee has identified high ML/TF/PF risks.

          Added: January 2022

        • FC-1.11.8

          [This Paragraph was deleted in July 2018.]

          Deleted: July 2018

      • FC-1.12 FC-1.12 [This Section has been deleted and moved to the CBB Regulatory Sandbox Framework in January 2022]

        • General Requirements

          • FC-1.12.1

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: October 2017

          • FC-1.12.2

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: October 2017

          • FC-1.12.3

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: October 2017

          • FC-1.12.4

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: October 2017

        • Face to Face Business

          • FC-1.12.5

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: October 2017

          • FC-1.12.6

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: October 2017

          • FC-1.12.7

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: October 2017

          • FC-1.12.8

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: October 2017

          • FC-1.12.9

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: October 2017

          • FC-1.12.10

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Amended: July 2018
            Added: October 2017

          • FC-1.12.11

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: October 2017

        • Non Face To Face Business and Technologies

          • FC-1.12.12

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: October 2017

          • FC-1.12.13

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: October 2017

          • FC-1.12.14

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: October 2017

      • FC-1.13 Reliance on Third Parties for Customer Due Diligence

        • FC-1.13.1

          Licensees are permitted to rely on third parties to perform elements of CDD measures and recordkeeping requirements stipulated in Chapter FC-1 related to customer and beneficial owner identity, verification of their identity and information on the purpose and intended nature of the business relationship with the licensee, subject to complying with the below:

          (a) Licensees remain ultimately responsible for CDD measures;
          (b) Licensees immediately obtain the relevant CDD information from the third party upon onboarding clients;
          (c) There is an agreement with the third party for the arrangement with clear contractual terms on the obligations of the third party;
          (d) The third party without delay makes available the relevant documentation relating to the CDD requirements upon request;
          (e) Licensees ensure that the third party is a financial institution that is regulated and supervised for, and has measures in place for compliance with, CDD and recordkeeping requirements in line with FATF Recommendations 10 and 11; and
          (f) For third parties based abroad, licensees must consider the information available on the level of country risk.
          Added: October 2023

        • FC-1.13.2

          Where a licensee relies on a third-party that is part of the same financial group, the licensee can consider that:

          (a) The requirements under Subparagraphs FC-1.13.1 (d) and (e) are complied with through its group programme, provided the group satisfies the following conditions:
          (i) The group applies CDD and record keeping requirements consistent with FATF Recommendations 10, 11 and 12 and has in place internal controls in accordance with FATF Recommendation 18; and
          (ii) The implementation of CDD, record keeping and AML/CFT measures are supervised at a group level by a financial services regulatory authority for compliance with AML/CFT requirements consistent with standards set by the FATF.
          (b) The requirement under Subparagraph FC-1.13.1 (f) is complied with if the country risk is adequately mitigated by the group’s AML/CFT policies.
          Added: October 2023

        • FC-1.13.3

          This Section does not apply to outsourcing or agency arrangements in which the outsourced entity applies the CDD measures on behalf of the delegating licensee, in accordance with its procedures.

          Added: October 2023

    • FC-2 FC-2 AML / CFT Systems and Controls

      • FC-2.1 FC-2.1 General Requirements

        • FC-2.1.1

          Conventional bank licensees must implement programmes against money laundering and terrorist financing which establish and maintain appropriate systems and controls for compliance with the requirements of this Module and which limit their vulnerability to financial crime. These systems and controls must be documented, and approved and reviewed annually by the Board of the licensee. The documentation, and the Board's review and approval, must be made available upon request to the CBB.

          Amended: October 2014
          October 07

        • FC-2.1.2

          The above systems and controls, and associated documented policies and procedures, should cover standards for customer acceptance, on-going monitoring of high-risk accounts, staff training and adequate screening procedures to ensure high standards when hiring employees.

          October 07

        • FC-2.1.3

          Conventional bank licensees must incorporate Key Performance Indicators (KPIs) to ensure compliance with AML/CFT requirements by all staff. The performance against the KPIs must be adequately reflected in their annual performance evaluation and in their remuneration (See also Paragraph HC-5.4.9A).

          Added: April 2020

        • FC-2.1.4

          In implementing the policies, procedures and monitoring tools for ensuring compliance with Paragraph FC-2.1.3, conventional bank licensees should consider the following:

          (a) The business policies and practices should be designed to reduce incentives for staff to expose the conventional bank licensee to AML/CFT compliance risk;
          (b) The performance measures of departments/divisions/units and personnel should include measures to address AML/CFT compliance obligations;
          (c) AML/CFT compliance breaches and deficiencies should be attributed to the relevant departments/divisions/units and personnel within the organisation as appropriate;
          (d) Remuneration and bonuses should be adjusted for AML/CFT compliance breaches and deficiencies; and
          (e) Both quantitative measures and human judgement should play a role in determining any adjustments to the remuneration and bonuses resulting from the above.
          Added: April 2020

      • FC-2.2 FC-2.2 On-going Customer Due Diligence and Transaction Monitoring

        • Risk Based Monitoring

          • FC-2.2.1

            Conventional bank licensees must develop risk-based monitoring systems appropriate to the complexity of their business, their number of clients and types of transactions. These systems must be configured to identify significant or abnormal transactions or patterns of activity. Such systems must include limits on the number, types or size of transactions undertaken outside expected norms; and must include limits for cash and non-cash transactions.

            October 07

          • FC-2.2.2

            Conventional bank licensees' risk-based monitoring systems should therefore be configured to help identify:

            (a) Transactions which do not appear to have a clear purpose or which make no obvious economic sense;
            (b) Significant or large transactions not consistent with the normal or expected behaviour of a customer; and
            (c) Unusual patterns of activity (relative to other customers of the same profile or of similar types of transactions, for instance because of differences in terms of volumes, transaction type, or flows to or from certain countries), or activity outside the expected or regular pattern of a customer's account activity.
            October 07

        • Automated Transaction Monitoring

          • FC-2.2.3

            Conventional bank licensees must consider the need to include automated transaction monitoring as part of their risk-based monitoring systems to spot abnormal or unusual flows of funds. In the absence of automated transaction monitoring systems, all transactions above BD 6,000 must be viewed as 'significant' and be captured in a daily transactions report for monitoring by the MLRO or a relevant delegated official, and records retained by the conventional bank licensee for five years after the date of the transaction.

            October 07

          • FC-2.2.4

            CBB would expect larger conventional bank licensees to include automated transaction monitoring as part of their risk-based monitoring systems. See also Chapters FC-4 and FC-7, regarding the responsibilities of the MLRO and record-keeping requirements.

            October 07

        • Unusual Transactions or Customer Behaviour

          • FC-2.2.5

            Where a conventional bank licensee's risk-based monitoring systems identify significant or abnormal transactions (as defined in FC-2.2.2 and FC-2.2.3), it must verify the source of funds for those transactions, particularly where the transactions are above the transactions threshold of BD 6,000. Furthermore, conventional bank licensees must examine the background and purpose to those transactions and document their findings.

            Amended: January 2022
            Added: October 07

          • FC-2.2.6

            The investigations required under FC-2.2.5 must be carried out by the MLRO (or relevant delegated official). The documents relating to these findings must be maintained for five years from the date when the transaction was completed (see also FC-7.1.1 (b)).

            October 07

          • FC-2.2.7

            Conventional bank licensees must consider instances where there is a significant, unexpected or unexplained change in customer activity.

            October 07

          • FC-2.2.8

            When an existing customer closes one account and opens another, the conventional bank licensee must review its customer identity information and update its records accordingly. Where the information available falls short of the requirements contained in Chapter FC-1, the missing or out of date information must be obtained and re-verified with the customer.

            October 07

          • FC-2.2.9

            Once identification procedures have been satisfactorily completed and, as long as records concerning the customer are maintained in line with Chapters FC-1 and FC-7, no further evidence of identity is needed when transactions are subsequently undertaken within the expected level and type of activity for that customer, provided reasonably regular contact has been maintained between the parties and no doubts have arisen as to the customer's identity.

            October 07

        • On-going Monitoring

          • FC-2.2.10

            Conventional bank licensees must take reasonable steps to:

            (a) Scrutinize transactions undertaken throughout the course of that relationship to ensure that transactions being conducted are consistent with the conventional bank licensee's knowledge of the customer, their business risk and risk profile; and
            (b) Ensure that they receive and maintain up-to-date and relevant copies of the identification documents specified in Chapter FC-1, by undertaking reviews of existing records, particularly for higher risk categories of customers. Conventional bank licensees must require all customers to provide up-to-date identification documents in their standard terms and conditions of business.
            Amended: October 2017
            October 07

          • FC-2.2.11

            Conventional bank licensees must review and update their customer due diligence information at least every three years, particularly for higher risk categories of customers. If, upon performing such a review, copies of identification documents are more than 12 months out of date, the conventional bank licensee must take steps to obtain updated copies as soon as possible.

            Amended: October 2017
            October 07

    • FC-3 FC-3 Money Transfers and Alternative Remittances

      • FC-3.1 FC-3.1 Electronic Transfers

        • Outward Transfers

          • FC-3.1.1

            Conventional bank licensees must include all required originator information and required beneficiary information details with the accompanying electronic transfers of funds they make on behalf of their customers. Non-routine transfers must not be batched, if batching increases the risks of money laundering or terrorist financing. This obligation does not apply where the transfer is made by a bank acting as principal or acting on behalf of another bank as principal such as in the case of payment of spot FX transactions.

            Amended: October 2014
            October 07

          • FC-3.1.2

            [This Paragraph has been deleted in October 2014 and its contents moved to Paragraph FC-3.1.5.]

            Deleted: October 2014

          • FC-3.1.3

            [This paragraph has been deleted in October 2014 and its contents moved to Paragraph FC-3.1.10.]

            Deleted: October 2014

        • Inward Transfers

          • FC-3.1.4

            Banks must:

            (a) Maintain records (in accordance with Chapter FC-7 of this Module) of all originator information received with an inward transfer; and
            (b) Carefully scrutinise inward transfers which do not contain originator information (i.e. full name, address and account number or a unique customer identification number). Licensees must presume that such transfers are 'suspicious transactions' and pass them to the MLRO for review for determination as to possible filing of an STR, unless (a), the originating institution is able to promptly (i.e. within two business days) advise the licensee in writing of the originator information upon the licensee's request; or (b) the originating institution and the licensee are acting on their own behalf (as principals).
            Amended: October 2014
            Amended: April 2011
            October 07

        • Cross-Border Wire Transfers

          • FC-3.1.5

            Information accompanying all wire transfers must always contain:

            (a) The name of the originator;
            (b) The originator account number or IBAN where such an account is used to process the transaction;
            (c) The originator's address, or national identity number, or customer identification number, or date and place of birth;
            (d) The name of the beneficiary; and
            (e) The beneficiary account number where such an account is used to process the transaction.
            Added: October 2014

          • FC-3.1.6

            In the absence of an account, a unique transaction reference number should be included which permits traceability of the transaction.

            Added: October 2014

          • FC-3.1.7

            Where several individual cross-border wire transfers from a single originator are bundled in a batch file for transmission to beneficiaries, they may be exempted from the requirements of Paragraph FC-3.1.5 in respect of originator information, provided that they include the originator's account number or unique transaction reference number (as described in Paragraph FC-3.1.6), and the batch file contains required and accurate originator information, and full beneficiary information, that is fully traceable within the beneficiary country.

            Added: October 2014

        • Domestic Wire Transfers

          • FC-3.1.8

            Information accompanying domestic wire transfers must also include originator information as indicated for cross-border wire transfers, unless this information can be made available to the beneficiary financial institution and the CBB by other means. In this latter case, the originating financial institution need only include the account number or a unique transaction reference number, provided that this number or identifier will permit the transaction to be traced back to the originator or the beneficiary.

            Added: October 2014

          • FC-3.1.9

            For purposes of Paragraph FC-3.1.8, the information should be made available by the originating financial institution within three business days of receiving the request either from the beneficiary financial institution or from the CBB.

            Added: October 2014

          • FC-3.1.10

            It is not necessary for the recipient institution to pass the originator information on to the beneficiary. The obligation is discharged simply by notifying the beneficiary financial institution of the originator information at the time the transfer is made.

            Added: October 2014

        • Rejecting Payment Transactions

          • FC-3.1.10A

            Licensees have the right to reject (i.e. reverse) any payment transaction where it has come to their knowledge that the relevant customer did not actually initiate the transaction instruction. The fund-transmitting licensees must file a Suspicious Transactions Report for such cases.

            Added: January 2021

        • Responsibilities of Originating, Intermediary and Beneficiary Banks

          • Originating Bank

            • FC-3.1.11

              The originating bank must ensure that wire transfers contain required and accurate originator information, and required beneficiary information.

              Added: October 2014

            • FC-3.1.12

              The originating bank must maintain all originator and beneficiary information collected in accordance with Paragraph FC-7.1.1.

              Added: October 2014

            • FC-3.1.13

              The originating bank must not execute the wire transfer if it does not comply with the requirements of Paragraphs FC-3.1.11 andFC-3.1.12}.

              Added: October 2014

          • Intermediary Bank

            • FC-3.1.14

              For cross-border wire transfers, banks processing an intermediary element of such chains of wire transfers must ensure that all originator and beneficiary information that accompanies a wire transfer is retained with it.

              Added: October 2014

            • FC-3.1.15

              Where technical limitations prevent the required originator or beneficiary information accompanying a cross-border wire transfer from remaining with a related domestic wire transfer, a record must be kept, for at least five years, by the receiving intermediary bank of all the information received from the originating bank or another intermediary bank.

              Added: October 2014

            • FC-3.1.16

              An intermediary bank must take reasonable measures to identify cross-border wire transfers that lack required originator information or required beneficiary information. Such measures must be consistent with straight-through processing.

              Added: October 2014

            • FC-3.1.17

              An intermediary bank must have effective risk-based policies and procedures for determining:

              (a) When to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information; and
              (b) The appropriate follow-up action.
              Added: October 2014

          • Beneficiary Bank

            • FC-3.1.18

              A beneficiary bank must take reasonable measures to identify cross-border wire transfers that lack required originator or required beneficiary information. Such measures may include post-event monitoring or real-time monitoring where feasible.

              Added: October 2014

            • FC-3.1.19

              For wire transfers, a beneficiary bank must verify the identity of the beneficiary, if the identity has not been previously verified, and maintain this information in accordance with Paragraph FC-7.1.1.

              Added: October 2014

            • FC-3.1.20

              A beneficiary bank must have effective risk-based policies and procedures for determining:

              (a) When to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information; and
              (b) The appropriate follow-up action.
              Added: October 2014

      • FC-3.2 FC-3.2 Remittances on behalf of Money or Value Transfer Service (MVTS) Providers

        • FC-3.2.1

          Whenever a conventional bank licensee uses the services of Authorised Money or Value Transfer Service Providers to effect the transfer of funds for a customer to a person or organisation in another country, that licensee must, in respect of the amount so transferred, maintain records of:

          (a) The identity of its customer(s) in accordance with Chapters FC-1 and FC-7 of this Module; and
          (b) The exact amount transferred for each such customer (particularly where a single transfer is effected for more than one customer).
          Amended: October 2014
          Amended: April 2011
          October 07

        • FC-3.2.1A

          For purposes of this Section, money or value transfer service (MVTS) refers to financial services that involve the acceptance of cash, cheques, other monetary instruments or other stores of value and the payment of a corresponding sum in cash or other form to a beneficiary by means of a communication, message, transfer, or through a clearing network to which the MVTS provider belongs. Transactions performed by such services can involve one or more intermediaries and a final payment to a third party, and may include new payment methods.

          Added: October 2014

        • FC-3.2.2

          Conventional bank licensees must be able to produce this information for inspection immediately upon request by the CBB.

          October 07

        • FC-3.2.3

          Conventional bank licensees must not transfer funds for customers to a person or organisation in another country by any means other than through an authorised MVTS provider. Where a licensee is found to be in contravention of this rule, the Central Bank will not hesitate to impose sanctions upon that licensee (and in serious cases may revoke that licensee's license).

          Amended: October 2014
          October 07

        • FC-3.2.4

          In the case of an authorised MVTS provider that controls both the ordering and the beneficiary side of a wire transfer, the authorised MVTS provider:

          (a) Must take into account all the information from both the ordering and beneficiary sides in order to determine whether an STR has to be filed; and
          (b) Must file an STR in any country affected by the suspicious wire transfer, and make relevant transaction information available to the Financial Intelligence Directorate.
          Amended: January 2020
          Amended: October 2019
          Added: October 2014

    • FC-4 FC-4 Money Laundering Reporting Officer (MLRO)

      • FC-4.1 FC-4.1 Appointment of MLRO

        • FC-4.1.1

          Conventional bank licensees must appoint a Money Laundering Reporting Officer ('MLRO') who is an approved person. The MLRO must be approved by CBB prior to his appointment. The licensee must submit to the CBB a completed Form 3, in accordance with Chapter LR-1A.

          Amended: July 2016
          October 07

        • FC-4.1.2

          The position of MLRO must not be combined with functions that create potential conflicts of interest, such as an internal auditor or business line head. The position of MLRO may not be outsourced.

          October 07

        • FC-4.1.3

          Subject to Paragraph FC-4.1.2, however, the position of MLRO may otherwise be combined with other functions in the conventional bank licensee, such as that of Compliance Officer, in cases where the volume and geographical spread of the business is limited and, therefore, the demands of the function are not likely to require a full time resource. Paragraph FC-4.1.6 requires that the MLRO is a Director or employee of the licensee, so the function may not be outsourced to a third party employee.

          October 07

        • FC-4.1.3A

          For the purpose of Paragraphs FC-4.1.2 and FC-4.1.3 above, conventional bank licensees must clearly state in the Application for Approved Person Status — Form 3 — when combining the MLRO or DMLRO position with any other position within the conventional bank licensee.

          Added: October 2017

        • FC-4.1.4

          Conventional bank licensees must appoint at least one deputy MLRO (or more depending on the scale and complexity of the licensee's operations) to act for the MLRO in his absence. The position of Deputy MLRO is a controlled function and the DMLRO is an approved person. The DMLRO must be approved by CBB prior to his appointment. The DMLRO must satisfy the conditions outlined in Subparagraphs FC-4.1.6 (d) to (g).

          Amended: July 2016
          Amended: October 2009
          October 2007

        • FC-4.1.5

          Conventional bank licensees should note that although the MLRO may delegate some of his functions, either within the licensee or even possibly (in the case of larger groups) to individuals performing similar functions for other group entities, that the responsibility for compliance with the requirements of this Module remains with the licensee and the designated MLRO.

          October 07

        • FC-4.1.6

          So that he can carry out his functions effectively, conventional bank licensees must ensure that their MLRO:

          (a) Is a member of senior management of the licensee;
          (b) Has a sufficient level of seniority within the conventional bank licensee, has the authority to act without interference from business line management and has direct access to the Board and senior management (where necessary);
          (c) Has sufficient resources, including sufficient time and (if necessary) support staff, and has designated a replacement to carry out the function should the MLRO be unable to perform his duties;
          (d) Has unrestricted access to all transactional information relating to any financial services provided by the conventional bank licensee to a customer, or any transactions conducted by the conventional bank licensee on behalf of that customer;
          (e) Is provided with timely information needed to identify, analyse and effectively monitor customer accounts;
          (f) Has access to all customer due diligence information obtained by the conventional bank licensee; and
          (g) Is resident in Bahrain.
          Amended: October 2011
          October 2007

        • FC-4.1.7

          [This Paragraph is left blank].

          Added: July 2012

        • FC-4.1.8

          In addition, conventional bank licensees must ensure that their MLRO is able to:

          (a) Monitor the day-to-day operation of its policies and procedures relevant to this Module; and
          (b) Respond promptly to any reasonable request for information made by the Anti-Money Laundering Unit or the CBB.
          October 07

        • FC-4.1.9

          If the position of MLRO falls vacant, the conventional bank licensee must appoint a permanent replacement (after obtaining CBB approval), within 120 calendar days of the vacancy occurring. Pending the appointment of a permanent replacement, the licensee must make immediate interim arrangements (including the appointment of an acting MLRO) to ensure continuity in the MLRO function's performance. These interim arrangements must be approved by the CBB.

          October 07

      • FC-4.2 FC-4.2 Responsibilities of the MLRO

        • FC-4.2.1

          The MLRO is responsible for:

          (a) Establishing and maintaining the conventional bank licensee's AML/CFT policies and procedures;
          (b) Ensuring that the licensee complies with the AML Law and any other applicable AML/CFT legislation and regulations;
          (c) Ensuring day-to-day compliance with the licensee's own internal AML/CFT policies and procedures;
          (d) Acting as the conventional bank licensee's main point of contact in respect of handling internal suspicious transaction reports from the licensee's staff (refer to Section FC-5.1) and as the main contact for the Financial Intelligence Directorate, the CBB and other concerned bodies regarding AML/CFT;
          (e) Making external suspicious transactions reports to the Financial Intelligence Directorate and the Compliance Directorate (refer to Section FC-5.2);
          (f) Taking reasonable steps to establish and maintain adequate arrangements for staff awareness and training on AML/CFT matters (whether internal or external), as per Chapter FC-5;
          (g) Producing annual reports on the effectiveness of the licensee's AML / CFT controls, for consideration by senior management, as per Paragraph FC-4.3.3;
          (h) On-going monitoring of what may, in his opinion, constitute high-risk customer accounts; and
          (i) Ensuring that the conventional bank licensee maintains all necessary CDD, transactions, STR and staff training records for the required periods (refer to Section FC-7.1).
          Amended: October 2020
          Amended: October 2019
          Amended: October 2014
          Amended: January 2011
          October 07

      • FC-4.3 FC-4.3 Compliance Monitoring

        • Annual Compliance Review

          • FC-4.3.1

            Conventional bank licensees must take appropriate steps to identify and assess their money laundering and terrorist financing risks (for customers, countries or geographic areas; and products, services, transactions or delivery channels). They must document those assessments in order to be able to demonstrate their basis, keep these assessments up to date, and have appropriate mechanisms to provide risk assessment information to the CBB. The nature and extent of any assessment of money laundering and terrorist financing risks must be appropriate to the nature and size of the business.

            Added: October 2014

          • FC-4.3.1A

            Conventional bank licensees should always understand their money laundering and terrorist financing risks, but the CBB may determine that individual documented risk assessments are not required, if the specific risks inherent to the sector are clearly identified and understood.

            Added: October 2014

          • FC-4.3.1B

            A conventional bank licensee must review the effectiveness of its AML/CFT procedures, systems and controls at least once each calendar year. The review must cover the conventional bank licensee and its branches and subsidiaries both inside and outside the Kingdom of Bahrain. A conventional bank licensee must monitor the implementation of those controls and enhance them if necessary. The scope of the review must include:

            (a) A report, containing the number of internal reports made in accordance with Section FC-5.1, a breakdown of all the results of those internal reports and their outcomes for each segment of the licensee's business, and an analysis of whether controls or training need to be enhanced;
            (b) A report, indicating the number of external reports made in accordance with Section FC-5.2 and, where a conventional bank licensee has made an internal report but not made an external report, noting why no external report was made;
            (c) A sample test of compliance with this Module's customer due diligence requirements; and
            (d) A report as to the quality of the conventional bank licensee's anti-money laundering procedures, systems and controls, and compliance with the AML Law and this Module.
            Amended: January 2022
            Amended: October 2014
            October 07

          • FC-4.3.2

            The reports listed under Paragraph FC-4.3.1B (a) and (b) must be made by the MLRO. The sample testing and report required under Paragraph FC-4.3.1B (c) and (d) must be made by the licensee's external auditor or a consultancy firm approved by the CBB.

            Amended: January 2022
            Amended: January 2019
            Amended: October 2011
            October 2007

          • FC-4.3.2A

            In order for a consultancy firm to be approved by the CBB for the purposes of Paragraph FC-4.3.2, such firm should provide the CBB's Compliance Directorate with:

            (a) A sample AML/CFT report prepared for a financial institution;
            (b) A list of other AML/CFT related work undertaken by the firm;
            (c) A list of other audit/review assignments undertaken, specifying the nature of the work done, date and name of the licensee; and
            (d) An outline of any assignment conducted for or in cooperation with an international audit firm.
            Added: October 2011

          • FC-4.3.2B

            The firm should indicate which personnel (by name) will work on the report (including, where appropriate, which individual will be the team leader) and demonstrate that all such persons have appropriate qualifications in one of the following areas:

            (a) Audit;
            (b) Accounting;
            (c) Law; or
            (d) Banking/Finance.
            Added: October 2011

          • FC-4.3.2C

            Conventional bank licensees must ensure that the personnel conducting the review are qualified, skilled and have adequate experience to conduct such a review. At least two persons working on the report (one of whom should be the team leader) must have:

            (a) A minimum of 5 years professional experience dealing with AML/CFT issues; and
            (b) Formal AML/CFT training.
            Amended: October 2018
            Added: October 2011

          • FC-4.3.2D

            Submission of a curriculum vitae for all personnel to be engaged on the report is encouraged for the purposes of evidencing the above requirements.

            Added: October 2011

          • FC-4.3.2E

            Upon receipt of the above required information, the CBB Compliance Directorate will assess the firm and communicate to it whether it meets the criteria required to be approved by the CBB for this purpose. The CBB may also request any other information it considers necessary in order to conduct the assessment.

            Added: October 2011

          • FC-4.3.3

            The reports listed under Paragraph FC-4.3.1B must be submitted to the licensee's Board, for it to review and commission any required remedial measures, and copied to the licensee's senior management.

            Amended: January 2019
            Amended: October 2014
            October 07

          • FC-4.3.4

            The purpose of the annual compliance review is to assist a licensee's Board and senior management to assess, amongst other things, whether internal and external reports are being made (as required under Chapter FC-5), and whether the overall number of such reports (which may otherwise appear satisfactory) does not conceal inadequate reporting in a particular segment of the licensee's business (or, where relevant, in particular branches or subsidiaries). Conventional bank licensees should use their judgement as to how the reports listed under Paragraph FC-4.3.1B (a) and (b) should be broken down in order to achieve this aim (e.g. by branches, departments, product lines, etc).

            Amended: January 2019
            October 07

          • FC-4.3.5

            Conventional bank licensees must instruct their appointed firm to produce the report referred to in Paragraph FC-4.3.1B (c) and (d). The report must be submitted to the Compliance Directorate at the CBB by the 30th of June of the following year. The findings of this review must be received and acted upon by the licensee.

            Amended: January 2022
            Amended: January 2020
            Amended: January 2019
            Amended: January 2012
            Amended: January 2011
            Amended: April 2008
            October 07

          • FC-4.3.6

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Amended: January 2012
            Amended: January 2011
            October 07

    • FC-5 FC-5 Suspicious Transaction Reporting

      • FC-5.1 FC-5.1 Internal Reporting

        • FC-5.1.1

          Conventional bank licensees must implement procedures to ensure that staff who handle customer business (or are managerially responsible for such staff) make a report promptly to the MLRO if they know or suspect that a customer (or a person on whose behalf a customer may be acting) is engaged in money laundering or terrorism financing, or if the transaction or the customer's conduct otherwise appears unusual or suspicious. These procedures must include arrangements for disciplining any member of staff who fails, without reasonable excuse, to make such a report.

          October 07

        • FC-5.1.2

          Where conventional bank licensees' internal processes provide for staff to consult with their line managers before sending a report to the MLRO, such processes must not be used to prevent reports reaching the MLRO, where staff have stated that they have knowledge or suspicion that a transaction may involve money laundering or terrorist financing.

          October 07

      • FC-5.2 FC-5.2 External Reporting

        • FC-5.2.1

          Conventional bank licensees must take reasonable steps to ensure that all reports made under Section FC-5.1 are considered by the MLRO (or his duly authorised delegate). Having considered the report and any other relevant information the MLRO (or his duly authorised delegate), if he still suspects that a person has been engaged in money laundering or terrorism financing, or the activity concerned is otherwise still regarded as suspicious, must report the fact promptly to the relevant authorities. Where no report is made, the MLRO must document the reasons why.

          October 07

        • FC-5.2.2

          To take reasonable steps, as required under Paragraph FC-5.2.1, conventional bank licensees must:

          (a) Require the MLRO to consider reports made under Section FC-5.1.1 in the light of all relevant information accessible to or reasonably obtainable by the MLRO;
          (b) Permit the MLRO to have access to any information, including know your customer information, in the conventional bank licensee's possession which could be relevant; and
          (c) Ensure that where the MLRO, or his duly authorised delegate, suspects that a person has been engaged in money laundering or terrorist financing, a report is made by the MLRO which is not subject to the consent or approval of any other person.
          October 07

        • FC-5.2.3

          Reports to the relevant authorities made under Paragraph FC-5.2.1 must be sent to the Financial Intelligence Directorate at the Ministry of Interior and the CBB's Compliance Directorate using the Suspicious Transaction Report Online System (Online STR system). STRs in paper format will not be accepted.

          Amended: January 2020
          Amended: October 2019
          Amended: July 2016
          Amended: October 2014
          October 07

        • FC-5.2.4

          Conventional bank licensees must report all suspicious transactions or attempted transactions. This reporting requirement applies regardless of whether the transaction involves tax matters.

          October 07

        • FC-5.2.5

          Conventional bank licensees must retain all relevant details of STRs submitted to the relevant authorities for at least five years.

          Amended: October 2014
          October 07

        • FC-5.2.6

          In accordance with the AML Law, conventional bank licensees, their Directors, officers and employees:

          (a) Must not warn or inform ('tipping off') their customers, the beneficial owner or other subjects of the STR when information relating to them is being reported to the relevant authorities; and
          (b) In cases where conventional bank licensees form a suspicion that transactions relate to money laundering or terrorist financing, they must take into account the risk of tipping-off when performing the CDD process. If the conventional bank licensee reasonably believes that performing the CDD process will tip-off the customer or potential customer, it may choose not to pursue that process, and must file an STR.
          Amended: January 2018
          October 07

      • FC-5.3 FC-5.3 Contacting the Relevant Authorities

        • FC-5.3.1

          Reports made by the MLRO or his duly authorised delegate under Section FC-5.2 must be sent electronically using the Suspicious Transaction Reporting Online System (Online STR system).

          Amended: October 2014
          October 07

        • FC-5.3.2

          The relevant authorities are:

          Financial Intelligence Directorate (FID)
          Ministry of Interior
          P.O. Box 26698
          Manama, Kingdom of Bahrain
          Telephone: + 973 17 749397
          Fax: + 973 17 715502
          E-mail: bahrainfid@moipolice.bh

          Director of Compliance Directorate
          Central Bank of Bahrain
          P.O. Box 27
          Manama, Kingdom of Bahrain
          Telephone: 17 547107
          Fax: 17 535673
          E-mail: Compliance@cbb.gov.bh

          Amended: October 2019
          Added: October 2014

    • FC-6 FC-6 Staff Training and Recruitment

      • FC-6.1 FC-6.1 General Requirements

        • FC-6.1.1

          A conventional bank licensee must take reasonable steps to provide periodic training and information to ensure that staff who handle customer transactions, or are managerially responsible for such transactions, are made aware of:

          (a) Their responsibilities under the AML Law, this Module, and any other relevant AML / CFT laws and regulations;
          (b) The identity and responsibilities of the MLRO and his deputy;
          (c) The potential consequences, both individual and corporate, of any breach of the AML Law, this Module and any other relevant AML / CFT laws or regulations;
          (d) The conventional bank licensee's current AML/CFT policies and procedures;
          (e) Money laundering and terrorist financing typologies and trends;
          (f) The type of customer activity or transaction that may justify an internal STR;
          (g) The conventional bank licensee's procedures for making internal STRs; and
          (h) Customer due diligence measures with respect to establishing business relations with customers.
          October 07

        • FC-6.1.2

          The information referred to in Paragraph FC-6.1.1 must be brought to the attention of relevant new employees of conventional bank licensees, and must remain available for reference by staff during their period of employment.

          October 07

        • FC-6.1.3

          Relevant new employees must be given AML/CFT training within three months of joining a conventional bank licensee.

          October 07

        • FC-6.1.4

          Conventional bank licensees must ensure that their AML/CFT training for relevant staff remains up-to-date, and is appropriate given the licensee's activities and customer base.

          October 07

        • FC-6.1.5

          The CBB would normally expect AML/CFT training to be provided to relevant staff at least once a year.

          October 07

        • FC-6.1.6

          Conventional bank licensees must develop adequate screening procedures to ensure high standards when hiring employees. These procedures must include controls to prevent criminals or their associates from being employed by conventional bank licensees.

          Amended: October 2014
          October 07

        • FC-6.1.6A

          [This Paragraph was deleted in January 2022].

          Deleted: January 2022
          Added: January 2021

    • FC-7 FC-7 Record-Keeping

      • FC-7.1 FC-7.1 General Requirements

        • CDD and Transaction Records

          • FC-7.1.1

            Conventional bank licensees must comply with the record-keeping requirements contained in the AML Law. Conventional bank licensees must therefore retain adequate records (including accounting and identification records), for the following minimum periods:

            (a) For customers, in relation to evidence of identity and business relationship records (such as application forms, account files and business correspondence, including the results of any analysis undertaken (e.g. enquiries to establish the background and purpose of complex, unusual large transactions)), for at least five years after the customer relationship has ceased; and
            (b) For transactions, in relation to documents (including customer instructions in the form of letters, faxes or emails) enabling a reconstitution of the transaction concerned, for at least five years after the transaction was completed.
            Amended: October 2014
            October 07

        • Compliance Records

          • FC-7.1.2

            Conventional bank licensees must retain copies of the reports produced for their annual compliance review, as specified in Paragraph FC-4.3.1B, for at least five years. Conventional bank licensees must also maintain for 5 years reports made to, or by, the MLRO made in accordance with Sections FC-5.1 and FC-5.2, and records showing how these reports were dealt with and what action, if any, was taken as a consequence of those reports.

            Amended: January 2019
            Amended: October 2014
            October 07

        • Training Records

          • FC-7.1.3

            Conventional bank licensees must maintain for at least five years, records showing the dates when AML/CFT training was given, the nature of the training, and the names of the staff that received the training.

            October 07

        • Access

          • FC-7.1.4

            All records required to be kept under this Section must be made available for prompt and swift access by the relevant authorities or other authorised persons.

            October 07

          • FC-7.1.5

            Conventional bank licensees are also reminded of the requirements contained in Chapter OM-7 (Books and Records).

            October 07

    • FC-8 FC-8 NCCT Measures and Terrorist Financing

      • FC-8.1 FC-8.1 Special Measures for Non-Cooperative Countries or Territories ('NCCTs')

        • FC-8.1.1

          Conventional bank licensees must give special attention to any dealings they may have with entities or persons domiciled in countries or territories which are:

          (a) Identified by the FATF as being 'non-cooperative'; or
          (b) Notified to conventional bank licensees from time to time by the CBB.
          October 07

        • FC-8.1.2

          Whenever transactions with such parties have no apparent economic or visible lawful purpose, their background and purpose must be re-examined and the findings documented. If suspicions remain about the transaction, these must be reported to the relevant authorities in accordance with Section FC-5.2.

          October 07

        • FC-8.1.3

          Conventional bank licensees must apply enhanced due diligence measures to business relationships and transactions with natural and legal persons, and financial institutions, from countries where such measures are called for by the FATF. The type of enhanced due diligence measures applied must be effective and proportionate to the risks.

          Added: October 2014

        • FC-8.1.4

          With regard to jurisdictions identified as NCCTs or those which in the opinion of the CBB, do not have adequate AML/CFT systems, the CBB reserves the right to:

          (a) Refuse the establishment of subsidiaries or branches or representative offices of financial institutions from such jurisdictions;
          (b) Limit business relationships or financial transactions with such jurisdictions or persons in those jurisdictions;
          (c) Prohibit financial institutions from relying on third parties located in such jurisdictions to conduct elements of the CDD process;
          (d) Require financial institutions to review and amend, or if necessary terminate, correspondent relationships with financial institutions in such jurisdictions;
          (e) Require increased supervisory examination and/or external audit requirements for branches and subsidiaries of financial institutions based in such jurisdictions; or
          (f) Require increased external audit requirements for financial groups with respect to any of their branches and subsidiaries located in such jurisdictions.
          Amended: January 2018
          Added: October 2014

      • FC-8.2 FC-8.2 Terrorist Financing

        • FC-8.2.1AA

          Conventional bank licensees must implement and comply with United Nations Security Council resolutions relating to the prevention and suppression of terrorism and terrorist financing. Conventional bank licensees must freeze, without delay, the funds or other assets of, and to ensure that no funds or other assets are made available, directly or indirectly, to or for the benefit of, any person or entity either (i) designated by, or under the authority of, the United Nations Security Council under Chapter VII of the Charter of the United Nations, including in accordance with resolution 1267(1999) and its successor resolutions as well as Resolution 2178(2014) or (ii) designated as pursuant to Resolution 1373(2001).

          Amended: October 2019
          Added: April 2017

        • FC-8.2.1

          Conventional bank licensees must comply in full with any rules or regulations issued by the CBB in connection with the provisions of the UN Security Council Anti-terrorism Resolution No. 1373 of 2001 ('UNSCR 1373'), including the rules in this Chapter.

          October 07

        • FC-8.2.2

          [This Paragraph was deleted in January 2018].

          Deleted: January 2018
          October 07

        • FC-8.2.3

          A copy of UNSCR 1373 is included in Part B of Volume 1 (Conventional Banks), under 'Supplementary Information'.

          October 07

        • FC-8.2.4

          Conventional bank licensees must report to the CBB details of:

          (a) Funds or other financial assets or economic resources held with them which may be the subject of Article 1, Paragraphs c) and d) of UNSCR 1373;
          (b) All claims, whether actual or contingent, which the conventional bank licensee has on persons and entities which may be the subject of Article 1, Paragraphs c) and d) of UNSCR 1373; and
          (c) All assets frozen or actions taken in compliance with the prohibition requirements of the relevant UNSCRs, including attempted transactions.
          Amended: January 2023
          October 07

        • FC-8.2.5

          For the purposes of Paragraph FC-8.2.4, 'funds or other financial resources' includes (but is not limited to) shares in any undertaking owned or controlled by the persons and entities referred to in Article 1, Paragraph c) and d) of UNSCR 1373, and any associated dividends received by the licensee.

          October 07

        • FC-8.2.6

          All reports or notifications under this Section must be made to the CBB's Compliance Directorate.

          October 07

        • FC-8.2.7

          See Section FC-5.3 for the Compliance Directorate's contact details.

          October 07

      • FC-8.3 FC-8.3 Designated Persons and Entities

        • FC-8.3.1

          Without prejudice to the general duty of all conventional bank licensees to exercise the utmost care when dealing with persons or entities who might come under Article 1, Paragraphs (c) and (d) of UNSCR 1373, conventional bank licensees must not deal with any persons or entities designated by the CBB as potentially linked to terrorist activity.

          Amended: October 2014
          October 07

        • FC-8.3.2

          The CBB from time to time issues to licensees lists of designated persons and entities believed linked to terrorism. Licensees are required to verify that they have no dealings with these designated persons and entities, and report back their findings to the CBB. Names designated by CBB include persons and entities designated by the United Nations, under UN Security Council Resolution 1267 ('UNSCR 1267').

          October 07

        • FC-8.3.3

          Conventional bank licensees must report to the relevant authorities, using the procedures contained in Section FC-5.2, details of any accounts or other dealings with designated persons and entities, and comply with any subsequent directions issued by the relevant authorities.

          October 07

    • FC-9 FC-9 Enforcement Measures

      • FC-9.1 FC-9.1 Regulatory Penalties

        • FC-9.1.1

          Without prejudice to any other penalty imposed by the CBB Law, the Decree Law No. 4 or the Penal Code of the Kingdom of Bahrain, failure by a licensee to comply with this Module or any direction given hereunder shall result in the levying by the CBB, without need of a court order and at the CBB's discretion, of a fine of up to BD 20,000.

          October 07

        • FC-9.1.2

          Module EN provides further information on the assessment of financial penalties and the criteria taken into account prior to imposing such fines (reference to Paragraph EN-5.1.4). Other enforcement measures may also be applied by CBB in response to a failure by a licensee to comply with this Module; these other measures are also set out in Module EN.

          October 07

        • FC-9.1.3

          The CBB will endeavour to assist conventional bank licensees to interpret and apply the rules and guidance in this Module. Conventional bank licensees may seek clarification on any issue by contacting the Compliance Directorate (see Section FC-5.3 for contact details).

          October 07

        • FC-9.1.4

          Without prejudice to the CBB's general powers under the law, the CBB may amend, clarify or issue further directions on any provision of this Module from time to time, by notice to its licensees.

          October 07

    • FC-10 FC-10 AML / CFT Guidance and Best Practice

      • FC-10.1 FC-10.1 Guidance Provided by International Bodies

        • FATF: Recommendations

          • FC-10.1.1

            The FATF Recommendations (see www.fatf-gafi.org) together with their associated interpretative notes and best practices papers issued by the Financial Action Task Force (FATF) provide the basic framework for combating money laundering activities and the financing of terrorism. FATF Recommendations 2, 8–12, 14–21, 26–27, 32–35, 37 and 40 and the AML/CFT Methodology are specifically relevant to the banking sector.

            Amended: October 2014
            October 07

          • FC-10.1.2

            The relevant authorities in Bahrain believe that the principles established by these Recommendations should be followed by licensees in all material respects, as representing best practice and prudence in this area.

            Amended: October 2014
            October 07

        • Basel Committee: Statement on Money Laundering and Customer Due Diligence for Banks

          • FC-10.1.3

            In December 1988, the Basel Committee on Banking Supervision issued a 'Statement of Principles' followed by the Customer Due Diligence for Banks paper in October 2001 (with attachment dated February 2003 – see www.bis.org/publ/) with which internationally active banks of member states are expected to comply. These papers cover identifying customers, avoiding suspicious transactions, and co-operating with law enforcement agencies.

            October 07

          • FC-10.1.4

            The CBB supports the above papers and the desirability of all conventional bank licensees adhering to their requirements and guidance.

            October 07

  • TC TC Training and Competency

    • TC-A TC-A Introduction

      • TC-A.1 TC-A.1 Purpose

        • Executive Summary

          • TC-A.1.1

            This Module presents requirements that have to be met by conventional bank licensees with respect to training and competency of individuals undertaking controlled functions (as defined in Paragraph LR-1A.1.2)

            October 2013

          • TC-A.1.2

            Module TC provides Rules and Guidance to conventional bank licensees to ensure satisfactory levels of competence, in terms of an individual's knowledge, skills, experience and professional qualifications. Conventional bank licensees, are required to demonstrate that individuals undertaking controlled functions are sufficiently competent, and are able to undertake their respective roles and responsibilities.

            October 2013

          • TC-A.1.3

            The Rules build upon Principles 3 and 9 of the Principles of Business (see Module PB (Principles of Business)). Principle 3 (Due Skill, Care and Diligence) requires conventional bank licensees and approved persons to observe high standards of integrity and fair dealing, and to be honest and straightforward in its dealings with clients. Principle 9 (Adequate Resources) requires conventional bank licensees to maintain adequate human, financial and other resources sufficient to run its business in an orderly manner.

            October 2013

          • TC-A.1.4

            Condition 4 of the Central Bank of Bahrain's ('CBB') Licensing Conditions (Chapter LR-2.4) and Chapter LR-1A (Approved Persons) of Module LR impose further requirements. To satisfy Condition 4 of the CBB's Licensing Conditions, a conventional bank licensee's staff, taken together, must collectively provide a sufficient range of skills and experience to manage the affairs of the licensee in a sound and prudent manner (LR-2.4). This condition specifies that conventional bank licensees must ensure their employees meet any training and competency requirements specified by the CBB. Chapter LR-1A (Approved Persons) of Module LR sets forth the 'fit and proper' requirements in relation to competence, experience and expertise required by approved persons; this Chapter specifies various factors that the CBB takes into account when reaching such a decision.

            October 2013

        • Legal Basis

          • TC-A.1.5

            This Module contains the CBB's Directive (as amended from time to time) relating to training and competency and is issued under the powers available to the CBB under Articles 38 and 65(b) of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). The Directive in this Module is applicable to all conventional bank licensees (including their approved persons).

            October 2013

          • TC-A.1.6

            For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

            October 2013

      • TC-A.2 TC-A.2 Module History

        • Evolution of the Module

          • TC-A.2.1

            This Module was first issued in October 2013. Any material changes that are subsequently made to this Module are annotated with the calendar quarter date in which the change is made; Chapter UG-3 provides further details on Rulebook maintenance and version control.

            October 2013

          • TC-A.2.2

            A list of recent changes made to this Module is provided below:

            Module Ref. Change Date Description of Changes
            Appendix TC-1 01/2014 Added Chartered Financial Analyst as possible qualification for heads of other functions.
            TC-B.1.4 07/2014 Clarified scope of application.
            Appendix TC-1 10/2015 Added securities market regulation certification as other relevant certification for heads of other functions.
            TC-2.3.3 04/2017 Amended Paragraph on exception to the grandfathering Rule.
                 

    • TC-B TC-B Scope of Application

      • TC-B.1 TC-B.1 Scope

        • TC-B.1.1

          This Module applies to all CBB conventional bank licensees authorised in the Kingdom. It covers the training and competency requirements for staff occupying controlled functions (See Chapter TC-1).

          October 2013

        • TC-B.1.2

          Module TC, unless otherwise stated, applies in full to both retail and wholesale conventional bank licensees licensed in Bahrain. In the case of an overseas conventional bank licensee, the application of this Module is restricted to its Bahrain operations.

          October 2013

        • TC-B.1.3

          Persons authorised by the CBB as approved persons prior to the issuance of Module TC need not reapply for authorisation.

          October 2013

        • TC-B.1.4

          The requirements of this Module apply to approved persons holding controlled functions, including board members, in connection with the conventional bank licensee's regulated banking services, or under a contract of service.

          Amended: July 2014
          October 2013

        • TC-B.1.5

          In the case of outsourcing arrangements, the conventional bank licensee should refer to the competency requirements, outlined in Appendix TC-1 for controlled functions, for assessing the suitability of the outsourcing provider.

          October 2013

        • TC-B.1.6

          Conventional bank licensees must satisfy the CBB that individuals performing a controlled function for it or on its behalf are suitable and competent to carry on that controlled function.

          October 2013

        • TC-B.1.7

          In implementing this Module, conventional bank licensees must ensure that individuals recruited to perform controlled functions:

          (a) Hold suitable qualifications and experience appropriate to the nature of the business;
          (b) Remain competent for the work they do; and
          (c) Are appropriately supervised.
          October 2013

    • TC-1 TC-1 Requirements for Controlled Functions

      • TC-1.1 TC-1.1 Controlled Functions

        • TC-1.1.1

          Individuals occupying controlled functions (refer to Paragraphs LR-1A.1.5 to 1A.1.16) in a conventional bank licensee must be qualified and suitably experienced for their specific roles and responsibilities. The controlled functions are those of:

          (a) Board Member;
          (b) Chief Executive or General Manager and their Deputies;
          (c) Chief Financial Officer and/or Financial Controller;
          (d) Head of Risk Management;
          (e) Head of Internal Audit;
          (f) Head of Shari'a Review;
          (g) Compliance Officer;
          (h) Money Laundering Reporting Officer;
          (i) Deputy Money Laundering Reporting Officer; and
          (j) Heads of other Functions.
          October 2013

        • TC-1.1.2

          A conventional bank licensee must take reasonable steps to ensure that individuals holding controlled functions are sufficiently knowledgeable about their respective fields of work to be able to guide and supervise operations that fall under their responsibilities.

          October 2013

        • TC-1.1.3

          Competence must be assessed on the basis of experience and relevant qualifications described in Appendix TC-1 as a minimum. However, the CBB reserves the right to impose a higher level of qualifications as it deems necessary.

          October 2013

        • Board Member

          • TC-1.1.4

            Board members collectively are responsible for the business performance and strategy of the conventional bank licensee, as outlined in more details in Section HC-1.2.

            October 2013

          • TC-1.1.5

            When taken as a whole, the board of directors of a conventional bank licensee must be able to demonstrate that it has the necessary skills and expertise, as outlined in Paragraph HC-1.2.10.

            October 2013

        • Chief Executive or General Manager

          • TC-1.1.6

            The chief executive or general manager and their deputies (as appropriate) are responsible for the executive management and performance of the conventional bank licensee within the framework or delegated authorities set by the Board. The scope of authority of the CEO and deputies is outlined in more detail in Subparagraph HC-6.3.2 (a).

            October 2013

        • Chief Financial Officer/ Head of Financial Control

          • TC-1.1.7

            The chief financial officer/head of financial control is responsible for directing the bank's financial function, including ensuring that the relevant accounting treatment is applied to all of the activities of the bank in a timely manner. The scope of authority of the CFO/ Head of Financial Control is outlined in more detail in Subparagraph HC-6.3.2(b).

            October 2013

        • Head of Risk Management

          • TC-1.1.8

            Heads of risk management are responsible for the management and control of all risk exposures arising from the activities of the conventional bank licensee.

            October 2013

        • Head of Internal Audit

          • TC-1.1.9

            Heads of internal audit are responsible for providing independent and objective review on the adequacy and effectiveness of the holistic internal control environment within the conventional bank licensee. The duties of the head of internal audit are outlined in more detail in Subparagraph HC-6.3.2 (d).

            October 2013

        • Head of Shari'a Review

          • TC-1.1.10

            The head of Shari'a review in a conventional bank licensee, dealing with Islamic products and services, is responsible for the examination of the extent of a conventional bank licensee's compliance, in all its activities, with the Shari'a. This examination includes contracts, agreements, policies, products, transactions memorandum and articles of association, financial statements, reports (especially internal audit and central bank inspection), circulars, etc. The objective of the Shari'a review is to ensure that the activities carried out by a conventional bank licensee do not contravene the Shari'a.

            October 2013

        • Compliance Officer

          • TC-1.1.11

            In accordance with Paragraph LR-1A.1.12, an employee of appropriate standing must be designated by the conventional bank licensee for the position of compliance officer. The duties of the compliance officer, include:

            (a) Having responsibility for oversight of the conventional bank licensee's compliance with the requirements of the CBB and other applicable laws and regulations;
            (b) Raising awareness and providing training for the conventional bank licensee's staff on compliance issues; and
            (c) Reporting to the conventional bank licensee's Board in respect of that responsibility.
            October 2013

        • Money Laundering Reporting Officer (MLRO) or Deputy Money Laundering Reporting Officer (DMLRO)

          • TC-1.1.12

            The attributes and responsibilities of the MLRO/DMLRO are described more fully in Paragraphs FC-4.1.6 and FC-4.2.1.

            October 2013

        • Heads of other Functions

          • TC-1.1.13

            Heads of other functions, where risk acquisition or control is involved, are responsible for tracking specific functional performance goals in addition to identifying, managing, and reporting critical organisational issues upstream. Certain functions require dealing directly with clients while others do not. Both categories of functions, however, require specific qualifications and experience to meet the objectives as well as compliance requirements of the conventional bank licensee.

            October 2013

          • TC-1.1.14

            For purposes of Paragraph TC-1.1.13, conventional bank licensees should contact the CBB should they require further clarification on whether a specific position falls under the definition of "Heads of other Functions".

            October 2013

      • TC-1.2 TC-1.2 Continuous Professional Development Training ("CPD")

        • CPD

          • TC-1.2.1

            All individuals holding controlled functions in a conventional bank licensee must undergo a minimum of 15 hours of CPD per annum.

            October 2013

          • TC-1.2.2

            A conventional bank licensee must ensure that an approved person undertaking a controlled function undergoes appropriate annual review and assessment of performance.

            October 2013

          • TC-1.2.3

            The level of supervision should be proportionate to the level of competence demonstrated by the approved person. Supervision will include, as appropriate:

            (a) Reviewing and assessing work on a regular basis; and
            (b) Coaching and assessing performance against the competencies necessary for the role.
            October 2013

          • TC-1.2.4

            Supervisors of approved persons should have technical knowledge and relevant managerial skills.

            October 2013

        • Record Keeping

          • TC-1.2.5

            A conventional bank licensee should, for a minimum period of five years, retain records of:

            (a) The annual training plan for each controlled function;
            (b) Materials used to conduct in-house training courses;
            (c) List of participants attending such in-house training courses; and
            (d) Results of evaluations conducted at the end of such training courses.
            October 2013

    • TC-2 TC-2 General Requirements

      • TC-2.1 TC-2.1 Recruitment and Assessing Competence

        • Recruitment and Appointment

          • TC-2.1.1

            If a conventional bank licensee recruits or promotes an individual to undertake a controlled function, it must first file Form 3 (Approved Persons) with the CBB and obtain the express written approval of the CBB for that person to occupy the desired position. In its application, the conventional bank licensee must demonstrate to the CBB that full consideration has been given to the qualifications and core competencies for controlled functions in Appendix TC-1. (See Article 65(b) of the CBB Law and Paragraph LR-2.3.1).

            October 2013

          • TC-2.1.2

            Conventional bank licensees should refer to Module LR (Licensing Requirements) providing detailed requirements on the appointment of individuals occupying controlled functions (approved persons).

            October 2013

          • TC-2.1.3

            A conventional bank licensee proposing to recruit an individual has to satisfy itself, of his/her relevant qualifications and experience. The conventional bank licensee should:

            (a) Take into account the knowledge and skills required for the role, in addition to the nature and the level of complexity of the controlled function; and
            (b) Take reasonable steps to obtain sufficient information about the individual's background, experience, training and qualifications.
            October 2013

        • Record Keeping

          • TC-2.1.4

            A conventional bank licensee must make and retain records of its recruitment procedures for a minimum period of five years. Such procedures should be designed to adequately take into account proof of the candidates' knowledge and skills and their previous activities and training.

            October 2013

          • TC-2.1.5

            In addition to recruitment procedures in Paragraph TC-2.1.4, the conventional bank licensee must retain the recruitment records of approved persons for a minimum period of five years following termination of their services or employment with the bank. Such records must include, but are not limited to, the following:

            (a) Results of the initial screening;
            (b) Results of any employment tests;
            (c) Results and details of any interviews conducted;
            (d) Background and references checks; and
            (e) Details of any professional qualifications.
            October 2013

        • Assessing Competence

          • TC-2.1.6

            Conventional bank licensees must not allow an individual to undertake or supervise controlled functions unless that individual has been assessed by the conventional bank licensee as competent in accordance with this Section.

            October 2013

          • TC-2.1.7

            In determining an individual's competence, conventional bank licensees may assess if the person is fit and proper in accordance with Chapter LR-1A.

            October 2013

          • TC-2.1.8

            Conventional bank licensees must assess individuals as competent when they have demonstrated the ability to apply the knowledge and skills required to perform a specific controlled function.

            October 2013

          • TC-2.1.9

            The assessment of competence will be dependent on the nature and the level of complexity of the controlled function. Such assessment of competence of new personnel may take into account the fact that an individual has been previously assessed as competent in a similar controlled function with another conventional bank licensee.

            October 2013

          • TC-2.1.10

            If a conventional bank licensee assesses an individual as competent in accordance with Paragraph TC-2.1.8 to perform a specific controlled function, it does not necessarily mean that the individual is competent to undertake other controlled functions.

            October 2013

          • TC-2.1.11

            A conventional bank licensee should use methods of assessment that are appropriate to the controlled function and to the individual's role.

            October 2013

        • Record Keeping

          • TC-2.1.12

            A conventional bank licensee must, for a minimum period of five years, make and retain updated records of:

            (a) The criteria applied in assessing the ongoing and continuing competence; and
            (b) How and when the competence decision was arrived at.
            October 2013

          • TC-2.1.13

            For purposes of Paragraph TC-2.1.12, the record keeping requirements apply to both current employees as well as to employees following termination of their services or employment with the bank, for a minimum period of five years.

            October 2013

      • TC-2.2 TC-2.2 Training and Maintaining Competence

        • TC-2.2.1

          A conventional bank licensee must annually determine the training needs of individuals undertaking controlled functions. It must develop a training plan to address these needs and ensure that training is planned, appropriately structured and evaluated.

          October 2013

        • TC-2.2.2

          The assessment and training plan described in Paragraph TC-2.2.1 should be aimed at ensuring that the relevant approved person maintains competence in the controlled function. An individual can develop skills and gain experience in a variety of ways. These could include on-the-job learning, individual study, and other methods. In almost every situation, and for most individuals, it is likely that competence will be developed most effectively by a mixture of training methods.

          October 2013

        • TC-2.2.3

          The training plan of conventional bank licensees must include a programme for continuous professional development training ('CPD') for their approved persons.

          October 2013

        • TC-2.2.4

          Approved persons may choose to fulfil their CPD requirements by attending courses, workshops, conferences and seminars at local or foreign training institutions.

          October 2013

        • TC-2.2.5

          The annual training required under Paragraph TC-2.2.1 must also include the quarterly updates, if any, to the CBB Volume 1 (Conventional Banks) Rulebook, in areas relevant to each controlled function.

          October 2013

        • TC-2.2.6

          Conventional bank licensees should maintain appropriate training records for each individual. Licensees should note how the relevant training relates to and supports the individual's role. Training records may be reviewed during supervisory visits to assess the conventional bank licensee's systems and to review how the conventional bank licensee ensures that its staff are competent and remain competent for their roles.

          October 2013

        • Maintaining Competence

          • TC-2.2.7

            A conventional bank licensee must make appropriate arrangements to ensure that approved persons maintain competence.

            October 2013

          • TC-2.2.8

            A conventional bank licensee should ensure that maintaining competence for an approved person takes into account:

            (a) Application of technical knowledge;
            (b) Application and development of skills; and
            (c) Any market changes and changes to products, legislation and regulation.
            October 2013

          • TC-2.2.9

            A conventional bank licensee may utilise the CPD schemes of relevant professional bodies to demonstrate compliance with Paragraph TC-2.2.1. In-house training, seminars, conferences, further qualifications, product presentations, computer-based training and one-to-one tuition may also be considered to demonstrate compliance with Paragraph TC-2.2.1.

            October 2013

        • Record Keeping

          • TC-2.2.10

            A conventional bank licensee must, for a minimum period of five years, make and retain records of:

            (a) The criteria applied in assessing continuing competence;
            (b) The annual assessment of competence; and
            (c) Record of CPD hours undertaken by each approved person.
            October 2013

      • TC-2.3 TC-2.3 Transitional Period

        • TC-2.3.1

          The requirements of this Module for conventional bank licensees are effective from the issuance date of this Module.

          October 2013

        • TC-2.3.2

          New applications for approved persons are subject to the requirements of this Module (See Paragraph TC-B.1.4).

          October 2013

        • TC-2.3.3

          Approved persons occupying controlled functions at the time this Module is issued will be grandfathered and not subject to the requirements of this Module, with the exception of CPD requirements in paragraph TC-1.2.1 and paragraphs BR-1.1.3(m) and BR-1.2.3(g). However, should the approved person move to another controlled function, Paragraph TC-2.3.4 will apply.

          Amended: April 2017
          October 2013

        • TC-2.3.4

          In instances, where an approved person in one conventional bank licensee moves to another conventional bank licensee and occupies the same function, the CBB will exercise its discretion on whether to grandfather such approved person from the required qualifications and competencies outlined in Appendix TC-1 into the new conventional bank licensee. The grandfathering criteria used by the CBB will include a comparison of the scope and size of both positions. This will also apply in instances where an approved person in one conventional bank licensee moves from one department to another within the same conventional bank licensee.

          October 2013

    • Appendix TC-1 Qualifications and Core Competencies

      Role Core Competencies How can competence be demonstrated?
      Board Member Board members should have:
      (a) Sufficient experience to demonstrate sound business decision-making; and
      (b) A good understanding of the industry and its regulatory environment.
      Competence is demonstrated by:
      (a)
      (i) Holding a Bachelor's Degree; and
      (ii) A minimum experience of 7 years in business and/or government/quasi government of which at least 4 years at a senior management level; OR
      (b) A minimum experience of 10 years in business.
      Chief Executive or General Manager and their Deputies The Chief Executive or General Manager and their Deputies should have:
      (a) A clear understanding of the role and responsibilities associated with this position;
      (b) A good understanding of banking business and the wider industry and its regulatory environment;
      (c) Relevant experience and qualifications associated with such executive responsibilities; and
      (d) The necessary professional and leadership capabilities which qualify him for this position.
      This person should have a minimum experience of 15 years in the banking sector of which at least 7 years at a senior management level in a bank. He/she should hold a relevant academic/professional qualification, preferably MBA, Masters in finance/accounting/economics or masters in any other subject, or preferably other qualification related to banking, accounting or finance.
      Chief Financial Officer/ Head of Financial Control The Chief Financial Officer/ Head of Financial Control should have:
      (a) A clear understanding of the role and responsibilities associated with the position;
      (b) A good understanding of banking business and the wider industry and its regulatory environment;
      (c) The relevant experience and qualifications to fulfill his responsibilities; and
      (d) A good knowledge and understanding of international accounting standards and how they are applied in a business context, including IFRS, and where appropriate AAOIFI.
      The Chief Financial Officer/ Head of Financial Control should have a minimum of 10 years of practical experience in a bank and of which at least 7 years in a finance function of a bank. Experience of external audit on banks will also be counted as part of the minimum experience requirements. He/she should:
      (a) Hold a relevant academic/professional qualification, preferably MBA, Masters in finance/accounting/economics or masters in any other subject, or preferably other qualification related to banking, accounting or finance; and
      (b) Have relevant certification(s) specific to this role. Such certifications may include but are not limited to:
      (i) The Association of Chartered Certified Accountants (ACCA); or
      (ii) Certified Public Accountant (CPA); or
      (iii) Similar designation with a valid current practicing certificate.
      Chief Risk Officer/ Head of Risk Management The Chief Risk Officer/Head of Risk Management should have:
      (a) An appropriate level of experience and standing to demonstrate suitable independence from other functions within the bank;
      (b) A clear understanding of the role and responsibilities associated with the position;
      (c) A good understanding of banking business and the wider industry and its regulatory environment; and
      (d) The relevant experience and qualifications to fulfill his responsibilities.
      The Chief Risk Officer/Head of Risk Management should have a minimum of 7 years of practical experience in a bank and of which at least 5 years in a risk management position. He/she should:
      (a) Hold a degree from a university at bachelor level or higher or a relevant professional qualification; and
      (b) Have relevant certification(s) specific to this role. Such certifications may include but are not limited to:
      (i) Institute of Risk Management qualifications (IRM); or
      (ii) Financial Risk Manager (FRM); or
      (iii) Professional Risk Manager (PRM); or
      (iv) Other relevant qualifications.
      Head of Internal Audit The Head of Internal Audit should have:
      (a) An appropriate level of experience and standing to demonstrate suitable independence from other functions within the bank;
      (b) A clear understanding of the role and responsibilities associated with the Internal Audit function;
      (c) A good understanding of banking business and the wider industry and its regulatory environment;
      (d) The relevant accounting and auditing experience and qualifications to fulfill his responsibilities; and
      (e) A demonstrable knowledge and understanding of the Standards for the Professional Practice of Internal Audit.
      The Head of Internal audit should have a minimum experience of 7 years in a bank of which at least 5 years of that experience should have been in an internal audit role. He/she should:
      (a) Hold a university degree preferably in accounting or banking and finance or finance or a relevant professional qualification; and
      (b) Have relevant certification(s) specific to this role. Such certifications may include but are not limited to Chartered Internal Auditor (CIA) by the Institute of Internal Auditors.
      Head of Shari'a Review A Head of Shari'a Review should:
      (a) Have appropriate level of knowledge in Islamic Finance and Shari'a principles;
      (b) Have a good understanding of the banking industry and possess good knowledge of economics and finance; and
      (c) Understand how to interpret financial statements.
      The Head of Shari'a Review should have a minimum of 5 years relevant experience in a bank or financial institution dealing with Islamic products and services. He/she should:
      (a)Hold a bachelor's degree in Shari'a, which includes study in Usul Fiqh (the origin of Islamic law) and/or Fiqh Muamalat (Islamic jurisprudence) or;
      (b) Hold a university degree in banking and finance together with a qualification in Shari'a review.
      Compliance Officer A Compliance Officer should have:
      (a) An appropriate level of experience and standing to demonstrate suitable independence from other functions within the bank; and
      (b) A thorough understanding of the industry and its applicable regulatory requirements.
      The Compliance Officer should have a minimum of 5 years relevant experience in a bank, financial institution or financial regulator He/she should:
      (a) Hold a degree from a university at bachelor level or higher or a relevant professional qualification in compliance; and
      (b) Have relevant certification(s) specific to this role. Such certifications may include but are not limited to:
      (i) International Diploma in Compliance offered by the International Compliance Association; and/or
      (ii) International Advanced Certificate in Compliance and Financial Crime offered by the International Compliance Association; and/or
      (iii) Any other relevant professional qualification deemed suitable by the CBB. These may include qualifications in areas related to the license.
      Money Laundering Reporting Officer (MLRO)/ Deputy Money Laundering Reporting Officer (DMLRO) The MLRO and DMLRO should:
      (a) Understand the business of the bank and how the Anti Money Laundering framework applies to it;
      (b) Demonstrate independence from bank staff who deal directly with customer; and
      (c) Have a thorough knowledge of the financial industry and be familiar with relevant FATF and applicable domestic regulatory requirements.
      An MLRO should have a minimum experience of 5 years in the banking industry of which at least 3 years of experience in anti-money laundering or anti-money laundering related role. The DMLRO should have a minimum of 2 years experience in the banking industry of which at least 1 year experience in an anti-money laundering or anti- money laundering related role. The MLRO/ DMLRO should:
      (a) Hold a degree from a university at bachelor level or higher or a relevant professional qualification; and
      (b) Have relevant certification(s) specific to this role. Such certifications may include but are not limited to:
      (i) Certified Anti-Money Laundering Specialist Examination (ACAMS) ; and/ or
      (ii) Diploma in Anti-Money Laundering offered by the International Compliance Association; and/ or
      (iii) International Diploma in Financial Crime Prevention offered by International Compliance Association; and/or
      (iv) International Advanced Certificate in Compliance and Financial Crime offered by the International Compliance Association.
      Heads of Other Functions Heads of Other Functions should have:
      (a) A clear understanding of the role and responsibilities associated with the function;
      (b) A good understanding of banking business and the wider industry and its regulatory environment; and
      (c) The relevant experience and qualifications to fulfill his responsibilities.
      A senior manager responsible for a specialist function should have a minimum experience of 7 years in the banking/financial industry of which at least 5 years of experience in the same function that he/she will be heading. He/she should:
      (a) Hold a relevant academic/professional qualification, preferably MBA, Masters in finance/accounting/economics or masters in any other subject, and preferably other qualification related to banking/accounting; and
      (b) Have other relevant certification(s) specific to this role. Such certifications may, depending on the function being fulfilled, include but are not limited to:
      (i) Chartered Financial Analyst (CFA);
      (ii) Certificate in Securities and Financial Derivatives;
      (iii) Certificate in Investment Management;
      (iv) Professional Certification in Accounting;
      (v) Equivalent certificates or qualifications;
      (vi) Advanced Diploma in Banking/ Islamic Finance or Financial Advisory Program from the BIBF or other institutions; and/or
      (vii) Securities Market Regulation Certification.
      Amended: October 2015
      Amended: January 2014
      October 2013

  • ICCAP ICCAP Internal Capital Adequacy Assessment Process

    • IC-A IC-A Introduction

      • IC-A.1 IC-A.1 Purpose

        • Executive Summary

          • IC-A.1.1

            The Internal Capital Adequacy Assessment Process ('ICAAP') Module sets out the CBB's requirements relating to banks' obligations under Pillar 2 with respect to ICAAP for assessing their overall capital adequacy in relation to their risk profile It seeks to encourage banks to develop and use better risk management techniques in identifying, monitoring and managing their risks, and to ensure that a licensee has a rigorous process in place for determining the adequacy of its capital to support all risks to which it is exposed.

            July 2018

          • IC-A.1.2

            This Module must be read in conjunction with other parts of the Rulebook, mainly:

            (a) Principles of Business;
            (b) High-level Controls;
            (c) Credit Risk;
            (d) Market Risk;
            (e) Operational Risk;
            (f) Liquidity Risk;
            (g) Reputational Risk;
            (h) Interest Rate Risk in the Banking Book ('IRRBB');
            (i) Capital Adequacy; and
            (j) Stress Testing.
            July 2018

        • Legal Basis

          • IC-A.1.3

            This Module contains the Central Bank of Bahrain's ('CBB') Directive (as amended from time-to-time) relating to ICAAP and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). The Directive in this Module is an important component of the CBB's Supervisory Review Process and is applicable to all Bahraini conventional bank licensees (including their approved persons).

            July 2018

          • IC-A.1.4

            For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

            July 2018

      • IC-A.2 IC-A.2 Module History

        • Evolution of the Module

          • IC-A.2.1

            This Module is issued in July 2018 as part of Volume One of the CBB Rulebook. All requirements in this Module are effective from the date of issuance. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made. Chapter UG-3 provides further details on Rulebook maintenance and version control.

            July 2018

          • IC-A.2.2

            The most recent changes made to this Module are detailed in the table below:

            Summary of Changes

            Module Ref. Change Date Description of Changes
            IC-1.5.14 07/2021 Added a new Paragraph on submission of the recovery plan annually.
            IC-1.2.2 01/2022 Amended Paragraph.
            IC-1.5.10 01/2022 Amended Paragraph.
            IC-1.6.1 01/2022 Amended Paragraph.
            IC-1.6.1 04/2022 Amended reference to HC module.

    • IC-1.1 IC-1.1 Overview

      • IC-1.1.1

        A thorough and comprehensive ICAAP is a vital component of a strong risk management framework. The ICAAP should assist in determining the optimum level of capital that is needed to adequately support the nature and level of the bank's risk profile. Nevertheless, if the required economic capital determined under the requirements of this Module falls below risk based regulatory capital determined under Module CA, the latter shall be maintained.

        July 2018

      • IC-1.1.2

        While the CBB recognises that increased capital is not a substitute for proper controls and risk management processes, higher regulatory capital requirements may be required to buffer banks against the higher risk of unexpected losses resulting from inadequate controls or risk management weaknesses.

        July 2018

      • IC-1.1.3

        The CBB may intervene at an early stage, to prevent capital levels of banks from falling below the appropriate levels required to support the risk characteristics of the bank, and to require swift remedial action by the bank if the appropriate level of capital is not maintained or restored by the bank.

        July 2018

      • IC-1.1.4

        Further to the requirements in CA-A.1.5 of Module CA the CBB may set a target capital adequacy ratio ('CAR') for each bank, subject to its specific risk profile rating as determined, based on the CBB's supervisory risk assessment methodology.

        July 2018

    • IC-1.2 IC-1.2 General Requirements

      • ICAAP Framework

        • IC-1.2.1

          Bahraini conventional bank licensees must develop an ICAAP Framework commensurate with the nature, size, complexity and scale of the bank's activities that includes, but is not limited to:

          (a) An appropriate ICAAP policy, procedures and limits for risk management;
          (b) A description of the process and governance arrangements, including the roles and responsibilities for the Board and senior management, with respect to the design and implementation of the ICAAP Framework;
          (c) The bank's risk appetite statement and capital adequacy objectives;
          (d) Comprehensive and timely identification, measurement, mitigation, controlling, monitoring and reporting of risks;
          (e) A process to relate the bank's capital to its risk profile and for allocation of appropriate capital charges for material risks;
          (f) A process to reconcile, where relevant, the historical amounts used to prudential and financial reporting sources; and
          (g) A process of internal controls and independent review.
          July 2018

        • IC-1.2.2

          The ICAAP Framework, and amendments on it, must be submitted to the CBB.

          Amended: January 2022
          Added: July 2018

      • ICAAP Report /Document

        • IC-1.2.3

          Bahraini conventional bank licensees must develop an ICAAP Report and maintain capital levels that are commensurate with their risk profiles and control environments.

          July 2018

        • IC-1.2.4

          The ICAAP Report must be prepared on an annual basis and submitted to the CBB on 31st May of each year.

          July 2018

        • IC-1.2.5

          Bahraini conventional bank licensees must ensure that the outcome of the ICAAP is is forward looking (i.e. considers a minimum of 3-years projections) and not a static capital target. Banks must ensure that the ICAAP covers the following:

          (a) All material risks and potential vulnerability to its business and operational environment;
          (b) Capital requirements, benign and adverse forward-looking environment; and considers capital buffers during benign conditions to help meet any surge in capital demand under adverse conditions;
          (c) A business plan and evaluattion of short-term and long-term capital needs;
          (d) Rigorous stress-testing and scenario analysis that identifies possible events or changes in market conditions that could adversely impact the bank; and
          (e) Results of stress tests and analyses are incorporated, where applicable, into the capital adequacy assessment.
          July 2018

    • IC-1.3 IC-1.3 Board and Senior Management Oversight

      • IC-1.3.1

        The ultimate responsibility for ensuring that there is a robust ICAAP and a sound risk management framework; setting capital targets that are commensurate with the banks' risk profile and control environment; and ensuring that banks set aside adequate capital to support the risks beyond the regulatory minimum requirements, rests with the Board and senior management of the licensees.

        July 2018

      • IC-1.3.2

        Responsibilities of the Board include:

        (a) Ensuring adequate capital management policies are in place; the Board must also review and approve these policies on an annual basis;
        (b) Understanding the material risks that are impacting the business, and also having an awareness of emerging risks and vulnerabilities;
        (c) Reviewing and approving the capital plan and corresponding capital actions;
        (d) Defining the risk appetite/risk tolerance of the bank;
        (e) Ensuring that the bank has a sound risk management framework in place;
        (f) Ensuring that the accountability and lines of authority are clearly delineated and effectively communicated throughout the organization;
        (g) Ensuring that the bank implements adequate infrastructure and controls to measure, monitor and mitigate risk effectively; and
        (h) Ensuring that the bank has adequate capital proportionate to its risk profile under normal and adverse conditions.
        July 2018

      • IC-1.3.3

        Responsibilities of the senior management include:

        (a) Ensuring that bank personnel involved in ICAAP activities have the adequate skills, including complex financial risk management skills, and that employees are adequately enabled through training.
        (b) Ensuring that they have adequate understanding of the material risks that are impacting the business, as well as an awareness of emerging risks and vulnerabilities;
        (c) Ensuring effective implementation of relevant policies, procedures, systems and controls;
        (d) Communicating the internal controls and written policies and procedures throughout the bank; and
        (e) Monitoring risk exposures in accordance with the risk appetite and limits approved by the Board.
        (f) Ensuring that the Board receives adequate information pertaining to risk management and capital management, under both normal and stressed business conditions; and
        (g) Monitoring and reporting of status against ICAAP to the Board.
        July 2018

      • IC-1.3.4

        The roles and responsibilities of Risk Management, Financial Control and Compliance in relation to ICAAP must be clearly documented in the related policies and procedures.

        July 2018

    • IC-1.4 IC-1.4 Comprehensive Assessment of Risk

      • IC-1.4.1

        Bahraini conventional bank licensees must ensure that their identifies and assesses all material risks and addresses the following:

        (a) Credit risk, market risk and operational risk, captured under Pillar;
        (b) Risks that are not taken into account by Pillar 1 (e.g. IRRBB, liquidity risk, reputational risk, strategic risk and concentration risk); and
        (c) External factors outside the direct control of the licensees, including changes in regulations, accounting rules and the economic environment (e.g. business cycle effects).
        July 2018

      • IC-1.4.2

        For each of the material risks identified in the ICAAP, banks must ensure that the risk management framework (in HC-6.6.2) is comprehensively addressed.

        July 2018

      • IC-1.4.3

        Bahraini conventional bank licensees must ensure that their risk management infrastructure allows for aggregation of exposures and risk measures across business lines.

        July 2018

    • IC-1.5 IC-1.5 Capital Planning

      • IC-1.5.1

        Bahraini conventional bank licensees must develop a comprehensive Capital Planning Policy which clearly articulates the guidelines for capital planning, capital usage, capital distribution (i.e. issuing dividends, share buy-back, etc.), determining capital composition and capital-raising mechanisms under different conditions.

        July 2018

      • IC-1.5.2

        Bahraini conventional bank licensees must state their objectives in deciding how much capital to hold. Banks must ensure that the capital objectives go beyond the regulatory minimum to support risks and to take into account the following considerations:

        (a) Level of creditworthiness of the bank to be achieved in markets, that is higher than that indicated by the minimum regulatory capital requirements;
        (b) Fluctuations in capital adequacy ratios, as a result of changes in type and volume of activities and risk exposures in the normal course of business;
        (c) Cost of capital-raising, especially in situations where capital injections need to be carried out quickly, or at a time when market conditions are unfavourable;
        (d) Potential breach of the minimum regulatory capital requirements and regulatory actions in such an event;
        (e) Risks arising from the features of the jurisdictions and markets in which the bank operates; and
        (f) Limitations in risk assessment infrastructure and methodologies.
        July 2018

      • IC-1.5.3

        Bahraini conventional bank licensees must develop their ICAAP on a consolidated and solo basis. Banks must ensure that their consolidated capital is adequate to:

        (a) Support the volume and risk characteristics of all parent and subsidiary activities; and
        (b) Provides a sufficient cushion to absorb potential losses arising from such activities.
        July 2018

      • IC-1.5.4

        Bahraini conventional bank licensees must ensure that their consolidated ICAAP addresses the following:

        (a) That the total capital estimated as appropriate for the group has been allocated to each group member, according to their respective risk profiles; and
        (b) That the group risks they face (including reputation risk arising from the failure of another group member, and the risks they face due to exposure to, or dependence on, other group members) are fully evaluated.
        July 2018

      • Capital Adequacy Objectives

        • IC-1.5.5

          The CBB may impose specific capital charge, and / or limits, on all material risk exposures, if warranted. This may include risks that the CBB considers not have been adequately transferred, or mitigated, through transactions entered into by the Bank (e.g. securitization transactions)

          July 2018

        • IC-1.5.6

          In stating their capital adequacy, banks must:

          (a) Use formal economic capital models for setting capital objectives and targets and assessing its capital adequacy. The CBB will determine which banks may be exempted from establishing formal economic capital model on a case to case basis;
          (b) Assess whether their long-run capital objectives differ significantly from their short-run capital objectives. As it may take time for a bank to raise new capital, the bank must make allowances for unexpected events, including putting contingency plans in place for raising additional capital;
          (c) State the time horizon for achieving their capital adequacy objectives, and set out in broad terms the capital planning process and the responsibilities for that process. The capital plan should recognise that accommodating additional capital needs requires significant lead time, and take into account the potential difficulties of raising additional capital during downturns or other times of stress. It must also set out how the bank will comply with regulatory capital requirements, any relevant limits related to capital, and a general contingency plan for dealing with divergences and unexpected events;
          (d) Develop an internal strategy for maintaining capital levels which must not only reflect the desired level of risk coverage, but also incorporate factors such as portfolio growth expectations, future sources and uses of funds, and dividend policy. There may be other considerations that the banks consider relevant or important in determining how much capital it must hold (e.g. external rating goals, market image, strategic goals etc.). If these other considerations are included in the ICAAP, the bank must show how the considerations have influenced its decisions concerning the amount of capital to be held; and
          (e) Ensure that capital objectives and targets are reviewed and approved by the Board, on an annual basis at least, to ensure their appropriateness.
          July 2018

        • IC-1.5.7

          Bahraini conventional bank licensees must ensure that adequate capital is held against all material risks not just at a point in time, but over time, to account for changes in their strategic direction, evolving economic conditions and volatility in the financial environment.

          July 2018

      • Risk Modelling

        • IC-1.5.8

          Bahraini conventional bank licensees using risk-modelling techniques to assess capital adequacy must comprehensively identify their capital needs on the basis of bothquantifiable and non-quantifiable risks. Banks must not rely on quantitative methods alone to assess capital adequacy. Non-quantifiable risks, if material, must also be included using qualitative assessment and management judgment.

          July 2018

      • Design of ICAAP

        • IC-1.5.9

          Bahraini conventional bank licensees must present in their ICAAP report and how risks relate to capital levels under both normal and stressed conditions.

          July 2018

      • Recovery Plan

        • IC-1.5.10

          Bahraini conventional bank licensees must develop, commensurate with the nature, size, complexity and scale of its activities, a recovery plan in line with Chapter 2 of Module DS. Recovery plans must be approved and reviewed regularly by the Board. The recovery plan must include information and analysis to reflect the appropriate coverage and granularity of the recovery plan, as well as key elements including:

          (a) Governance arrangements and escalation process following a triggering event;
          (b) Quantitative and qualitative triggers and early warning indicators; and
          (c) Recovery options based on the appropriate number of market-wide (systemic) stress scenarios and bank-specific (idiosyncratic) stress scenarios to assess which recovery options would be effective in a range of stress situations.
          Amended: January 2022
          Added: July 2018

        • IC-1.5.11

          Bahraini conventional bank licensees must develop and maintain a recovery plan trigger framework (which must be embedded within the bank's risk management framework), to prompt recovery action in a timely manner.

          July 2018

        • IC-1.5.12

          Recovery triggers must be well-defined and tailored to the full range of risks faced by banks. Notwithstanding other triggers that might be considered, the capital ratio trigger must not be less than 13%. The threshold level for triggers must be calibrated with impact on the bank's capital and set out clearly in the bank's recovery plan.

          July 2018

        • IC-1.5.13

          Bahraini conventional bank licensees must establish an adequate monitoring process to support the operation of the trigger framework in their recovery plan.

          July 2018

        • IC-1.5.14

          Bahraini conventional bank licensees must submit to the CBB annually their recovery plans by the 31st of August.

          Added: July 2021

    • IC-1.6 IC-1.6 Independent Review

      • IC-1.6.1

        Bahraini conventional bank licensees must ensure that the independent review undertaken in accordance with Paragraphs HC-6.6.33 and HC-6.6.34, addresses all the requirements within Module IC.

        Amended: April 2022
        Amended: January 2022
        Added: July 2018

  • ST ST Stress Testing

    • ST-A ST-A Introduction

      • ST-A.1 ST-A.1 Purpose

        • Executive Summary

          • ST-A.1.1

            This Module sets out the Central Bank of Bahrain's ('CBB's') directives and guidance to conventional bank licensees operating in Bahrain on the key requirements of an effective stress testing programme, and describes the CBB's approach to assessing the adequacy of bank stress testing practices. The contents of this Module apply to all conventional banks, except where noted in individual Chapters.

            July 2018

          • ST-A.1.2

            This Module should be read in conjunction with other parts of the Rulebook, mainly:

            (a) Principles of Business;
            (b) High-level Controls;
            (c) Risk Management (credit risk, market risk, operational risk, reputational risk, liquidity risk and interest rate risk in banking book);
            (d) Internal Capital Adequacy Assessment Process (ICAAP); and
            (e) Capital Adequacy.
            July 2018

        • Legal Basis

          • ST-A.1.3

            This Module contains the CBB's Directive (as amended from time-to-time) relating to Stress Testing and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). The Directive in this Module is applicable to all conventional bank licensees (including their approved persons).

            July 2018

          • ST-A.1.4

            The requirements for stress-testing covered in this Module for the purpose of capital adequacy, ICAAP, recovery planning and reverse stress testing apply to Bahraini conventional bank licensees only.

            Amended: October 2019
            July 2018

          • ST-A.1.4A

            Branches of foreign bank licensees must apply the requirements included in this Module for risks that are material and to the extent appropriate. If branches of foreign bank licensees do not have established policies, procedures, processes and systems at a branch level, they must satisfy the CBB that there are equivalent arrangements at their head office or regional office.

            Added: October 2019

          • ST-A.1.5

            For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

            July 2018

      • ST-A.2 ST-A.2 Module History

        • Evolution of the Module

          • ST-A.2.1

            This Module is issued in July 2018 as part of Volume One of the CBB Rulebook. The requirements in this Module become effective from the date of issuance. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made; Chapter UG-3 provides further details on Rulebook maintenance and version control.

            July 2018

          • ST-A.2.2

            The changes made to this Module are detailed in the table below:

            Summary of Changes

            Module Ref. Change Date Description of Changes
            ST-A.1.4 10/2019 Amended Paragraph on branches of foreign banks.
            ST-A.1.4A 10/2019 Added a new Paragraph on branches of foreign banks.
            ST-1.8.1 01/2022 Deleted Paragraph.
            ST-1.8.2 01/2022 Amended Paragraph.
                 

    • ST-1 ST-1 General Guidance on Stress Testing

      • ST-1.1 ST-1.1 Overview

        • ST-1.1.1

          This Chapter provides guidance and directives for stress testing and sets out the CBB's expectations and requirements with regards to the governance, coverage of risks, design and implementation of banks' stress testing programmes. The document provides input for supervisory assessment to ensure comprehensive and sound stress testing practice at banks.

          July 2018

        • ST-1.1.2

          Stress testing is an essential risk management tool used to assess a bank's potential vulnerabilities to stressed business conditions. Stress testing involves the use of various techniques to assess a bank's existing and potential vulnerability (typically in terms of its profitability, liquidity and capital adequacy) to 'stressed' business and economic conditions and plays an important role in the management of risk by banks. Effective stress testing enables a bank to quantify adverse unexpected outcomes related to a variety of risks and facilitate the decision to put in place risk mitigation plans to safeguard its safety and soundness. This includes providing a sufficient amount of financial resources (including capital and liquidity) and implementing other risk mitigation strategies that are required to withstand losses arising from a particular stressed scenario.

          July 2018

        • ST-1.1.3

          Stress testing can be used for multiple purposes within the bank. While this Directive is focused on the integrated firm-wide stress testing which serves to identify weaknesses and vulnerabilities in a bank's risk profile and in turn evaluate its capital adequacy and liquidity position under adverse scenarios stress testing should also be conducted for recovery planning and ICAAP. However, the underlying methodologies for scenario development and stress testing should be consistent regardless of whether they are used for firm-wide stress testing, ICAAP or recovery planning.

          July 2018

      • ST-1.2 ST-1.2 Developing an Appropriate Stress Testing Framework

        • General Requirements

          • ST-1.2.1

            Conventional bank licensees must establish a rigorous and forward-looking (i.e. considers a minimum of 3-years projections) stress testing programme that is commensurate with the nature, size and complexity of its business operations, markets it operates in and its risk profile.

            July 2018

          • ST-1.2.2

            The coverage of the stress testing programme must be comprehensive and include on- and off-balance sheet exposures, commitments, guarantees and contingent liabilities. Conventional bank licensees must factor in existing material risks and emerging risks relevant to its business and operating environment.

            July 2018

          • ST-1.2.3

            Stress testing must form an integral part of a Bahraini conventional bank licensee's internal capital adequacy assessment and risk management process. Banks must be able to demonstrate the robustness of the stress testing methodologies used, the quality and comprehensiveness of the data underpinning the stress testing, involvement of relevant stakeholders across Board, senior management, business line, risk and finance control and oversight functions in the design and implementation of the stress test programme, and the use of stress test results by risk management.

            July 2018

          • ST-1.2.4

            Stress testing must also feed into the conventional bank licensee's strategic and business plan.

            July 2018

        • The Board of Directors and Senior Management Oversight

          • ST-1.2.5

            The Board and senior management must ensure that a strong risk culture and governance policy underpins the effective use of stress testing.

            July 2018

          • ST-1.2.6

            Responsibilities of the Board include:

            (a) Approving the policies and procedures governing the stress testing programme, and ensuring sufficient resources and expertise to effectively implement the programme;
            (b) Ensuring that the design of the stress testing programme is consistent with the bank's risk appetite and is appropriate to the nature, scale, complexity of its risk-taking activities and overall business strategy;
            (c) Ensuring that views and inputs from relevant functions and departments are considered in the stress testing programme;
            (d) Providing constructive challenge on the results of stress tests, scenarios, key assumptions and methodologies used in the stress tests;
            (e) Reviewing the appropriateness of management actions proposed by senior management to mitigate potential vulnerabilities, taking into consideration the factors set out in Section ST-1.6;
            (f) Approve management actions; and
            (g) Commissioning regular stress testing programme in accordance with Section ST-1.7.
            July 2018

        • Senior Management

          • ST-1.2.7

            Responsibilities of the senior management must include:

            (a) Ensuring implementation and monitoring of the stress testing programme;
            (b) Developing stress testing policies and procedures in accordance with Section ST-1.4;
            (c) Participating in the review and identification of appropriate stressed scenarios;
            (d) Ensuring that scenarios are coherent with the risk profile of the bank's business and the market it operates in;
            (e) Ensuring that stress testing methodology is proportional to the scale and complexity of the bank;
            (f) Providing the Board with key information which has a bearing on stress testing exercise. This includes information on assumptions, extent of judgment used and limitations of the stress tests including the quantitative models used;
            (g) Communicating the stress test results in a clear, concise and comprehensive manner for the Board to consider the impact on the bank's strategy, performance and financial condition;
            (h) Developing and recommending appropriate management action plans to the Board to address potential vulnerabilities identified during the stress test exercise; and
            (i) Ensuring there is timely and effective implementation of Board-approved management action plans.
            July 2018

          • ST-1.2.8

            For branches of foreign bank licensees, where no local board of directors exists, all references in this Module to the board of directors should be interpreted as the authorised person(s) at the Head Office/ Regional Office.

            July 2018

      • ST-1.3 ST-1.3 Uses of Stress Testing

        • ST-1.3.1

          In order to ensure effectiveness of stress testing, conventional bank licensees should leverage it for the following purposes:

          (a) Provide a forward-looking assessment of risk exposures under stressed conditions, enabling banks to develop appropriate risk-mitigating strategies (e.g. restructuring positions) and contingency plans across a range of stressed conditions;
          (b) Improve the bank's understanding of its own risk profile and facilitate the monitoring of changes in this profile over time;
          (c) Inform the Board and senior management on the setting of the bank's risk appetite or tolerance and the determination of whether its risk exposures are commensurate with the stated risk appetite or tolerance;
          (d) Supplement the use of statistical risk measures (e.g. value-at-risk or economic capital models) which are based mainly on historical data and assumptions, and contribute to the modelling of the risks associated with new products or activities where there is a lack of sufficient historical data. Stress-testing helps quantify "tail" risk (i.e. the risk of losses under extreme market conditions) and re-assessment of modelling assumptions (e.g. those in relation to volatility and correlation);
          (e) Evaluate the bank's existing and potential vulnerabilities on a firm-wide basis (e.g. emerging risk concentrations) and its capacity to withstand stressed situations in terms of profitability, liquidity and capital adequacy;
          (f) Improve the bank's strategic annual business plan, capital plan, liquidity plan and funding plan; and
          (g) Support internal and external communication regarding the bank's risk appetite or tolerance, risk exposures and risk-mitigating strategies.
          July 2018

      • ST-1.4 ST-1.4 Policies, Procedures and Documentation

        • ST-1.4.1

          Conventional bank licensees must establish comprehensive policies and procedures governing its stress testing programme which address the following:

          (a) Principal objectives of the stress testing programme;
          (b) Governance including the roles and responsibilities of the Board, senior management, relevant business heads, Risk Management, Operations, Financial Control, Treasury, Compliance and Internal Audit;
          (c) Articulate the risk drivers (external and internal) in testing scenarios;
          (d) Pre-defined frequency for periodic stress testing. In case of ad hoc stress testing, establish criteria or trigger points.
          (e) Methodologies used for stress testing of each risk category and development of relevant scenarios;
          (f) Range of triggers and remedial management actions envisaged vis-à-vis different adverse events;
          (g) Frequency of review and update of the stress testing programme to reflect changing market conditions;
          (h) Reporting procedures; and
          (i) Guidelines on use of stress testing for broader risk management.
          July 2018

        • ST-1.4.2

          Where a third-party model is used in stress testing, conventional bank licensees must demonstrate a thorough understanding of:

          (a) Methodology underpinning the external model;
          (b) The third party's approach to validating the model;
          (c) Approach to implementing the model;
          (d) Rationale behind any adjustments made to the external model's input data sets and output; and
          (e) Limitations of the external model.
          July 2018

      • ST-1.5 ST-1.5 Stress Testing Approaches and Methodologies

        • General Requirements

          • ST-1.5.1

            Conventional bank licensees must adopt an integrated approach to stress testing and conduct stress tests on a firm-wide basis and on a consolidated basis where applicable, providing a spectrum oi perspectives at product-, business- and entity-specific levels. Where the bank is part of a larger banking group, its stress tests must also take into account the potential spillover effects and inter-dependence among members of the group.

            July 2018

          • ST-1.5.2

            Stress tests must be regularly conducted, at least on a biannual basis. Tests must consider the nature of the risks involved and the purpose of the stress tests. Stress scenarios must be coherently developed so that risks that are inherently linked (e.g. market risk and credit risk) can be assessed together across portfolios and across time. The bank may refer to Section ST-2.2 for any available guidance on stress testing for specific risks.

            July 2018

          • ST-1.5.3

            The conventional bank licensee may also conduct ad hoc stress tests on specific areas whenever this is warranted. The situations which warrant ad hoc stress testing may include market volatility, changes to the risk profile of large counterparties, deteriorating economic conditions domestically or globally, political events, new product development or new market entry, significant changes in business operations and changes in applicable laws and regulations.

            July 2018

          • ST-1.5.4

            The scope of a stress test exercise must reflect the significant activities undertaken by the conventional bank licensee and consider all material risks affecting the bank. The assessment of material risks must include the following major risk categories or activities:

            (a) Credit risk;
            (b) Market risk;
            (c) Interest rate risk in the banking book;
            (d) Liquidity risk, including funding liquidity risk;
            (e) Operational risk; and
            (f) Other material risks.
            July 2018

        • Methodologies and Techniques

          • ST-1.5.5

            Conventional bank licensees must use a range of quantitative and qualitative stress testing techniques and perspectives, depending on the complexity of risk and adequacy of data.

            July 2018

          • ST-1.5.6

            A quantitative measurement approach must provide the foundation of the stress testing framework. In measuring risks, a conventional bank licensee must establish quantitative approaches that appropriately reflect methodologies and standards that are well accepted in the industry. Quantification of risks and losses must be estimated based on credible data. However, quantitative techniques must be adequately enhanced with qualitative techniques and expert judgment to overcome limitations in data and systems. Meaningful qualitative techniques must be developed for stress testing risk factors that are not easily quantifiable.

            July 2018

          • ST-1.5.7

            Conventional bank licensees must ensure that the data used for stress testing is representative of, and bears similar risk characteristics to, the specific products or risk profile of the bank. In cases where there are data limitations, proxy estimates can be used. However, banks must apply a margin of conservatism to proxy estimates.

            July 2018

          • ST-1.5.8

            Conventional bank licensees must use, based on its risk profile, a suitable range of stress testing methodologies to ensure that its stress testing programme is comprehensive. In conducting scenario analysis, banks must assume a dynamic balance sheet rather than a static balance sheet. Banks must project growth (or decline) in balance sheet size under the chosen stressed conditions.

            July 2018

          • ST-1.5.9

            A sensitivity analysis estimates the impact of a single risk factor or a small number of closely-related risk factors (e.g. interest rates, FX rates, real estate price, equity price etc.) on asset value, asset quality, earnings, capital or liquidity ratios. In most cases, sensitivity tests involve changing inputs or parameters without relating those changes to an underlying event or real-world outcome. While it is helpful to draw on extreme values from historical periods of stress, sensitivity tests should also include hypothetical extreme values to ensure that a wide range of possibilities are included.

            July 2018

          • ST-1.5.10

            A scenario analysis simulates the impact of a combination of risk factors on the bank's profitability, capital adequacy and liquidity. The adverse movements of risk factors is usually driven by macroeconomic or political events, financial market movements, deterioration in industry fundamentals or a bank-specific event. These stress scenarios can be based on historical or hypothetical events (see Section ST-2.3).

            July 2018

          • ST-1.5.11

            Stress tests should also account for interactions between credit, funding and asset market conditions in a stressed scenario. The following interactions may be considered:

            (a) Credit deterioration of obligors leading to a reduction in cash inflows;
            (b) Price shocks for specific asset categories (for example, fire sales and significant mark-to-market losses) resulting in the drying up of liquidity for such assets;
            (c) Reduction of eligible high quality liquid assets ('HQLA') due to issuer downgrades;
            (d) Increase in bank's liquidity needs as a consequence of higher drawdown of committed credit lines (for example, higher crystallisation of undrawn credit lines);
            (e) Additional posting of collateral or margin due to a downgrade of the bank's credit rating or adverse price movements; and
            (f) Restricted access to secured or unsecured funding markets due to a deterioration in the bank's financial strength and credit rating.
            July 2018

        • Reverse Stress Testing

          • ST-1.5.12

            Apart from assessing and being prepared to respond to stressed conditions, Bahraini conventional bank licensees must also be aware of the scenarios that can render its business non-viable, due to severe financial or reputational damage. Banks must, therefore, implement a reverse stress testing program to identify the scenarios or events that can threaten the viability or solvency of the bank.

            July 2018

          • ST-1.5.13

            Reverse stress tests start from a known stress testing outcome, such as a breach of regulatory capital ratios, illiquidity, insolvency, or the cancellation of banking licence, and then work backwards to identify the events that could lead to such an outcome for the bank.

            July 2018

          • ST-1.5.14

            Reverse stress testing must serve as a starting point for determining the scenarios for recovery planning. Given that stress testing helps in understanding the quantum and the direction of impact of various scenarios on the Bahraini conventional bank licensee's critical risk metrics, the process of defining the recovery triggers must also be informed by stress testing

            July 2018

        • Expert Judgment

          • ST-1.5.15

            Conventional bank licensees must ensure qualitative judgment and perspective from relevant experts such as risk controllers, economists, business managers and traders within the bank are incorporated into the stress testing programme to help supplement the mechanical analysis performed by models, assess the impact of extreme events which are difficult to model statistically because, by definition, they occur very rarely and analyse and respond to fast-changing market conditions.

            July 2018

          • ST-1.5.16

            The designated unit responsible for managing and coordinating the stress testing programme should facilitate internal dialogue and debate among the relevant experts and take into account their opinions, as appropriate, in the design, implementation and use of the stress tests.

            July 2018

        • Alignment with Recovery Planning Program

          • ST-1.5.17

            Bahraini conventional bank licensees must test their recovery plan against three types of scenario at a minimum:

            (a) Idiosyncratic scenario;
            (b) Market-wide scenario; and
            (c) Scenario with a combination of both components.
            July 2018

          • ST-1.5.18

            Bahraini conventional bank licensees must adopt more than one scenario within each of the three scenario types.

            July 2018

      • ST-1.6 ST-1.6 Stress Testing Results and Management Actions

        • ST-1.6.1

          Bahraini conventional bank licensees must evaluate the impact of tests against accounting profit and loss, impairment provisions, risk weighted assets ('RWA'), regulatory capital, liquidity and funding gaps.

          July 2018

        • ST-1.6.2

          Bahraini conventional bank licensees may also use other measures to gauge the impact of stress tests depending on the purpose of the stress test, as well as the risks and portfolios being analysed including:

          (a) Asset values;
          (b) Economic or risk-adjusted profit and loss; and
          (c) Economic capital requirements.
          July 2018

        • ST-1.6.3

          In response to the stress tests results, conventional bank licensees must formulate realistic management actions considering:

          (a) Type of actions and specific circumstances, including external conditions, under which the management actions are unlikely to be feasible. This includes a consideration of factors listed in Paragraph ST-1.6.6;
          (b) Whether the actions would be consistent with the risk appetite or tolerance level set by the Board;
          (c) Whether the bank has adequate financial resources and operational capabilities to undertake such management actions; and
          (d) Constraints by supervisory or regulatory requirements, or market restrictions.
          July 2018

        • ST-1.6.4

          Management actions should be based on careful analysis and deliberation by the Board and senior management. The range of management actions may vary depending on the magnitude of impact and likelihood of stressed scenarios. Actions pursued should be proportionate to the severity of the impact of the stress tests and may include:

          (a) Reviewing the risk appetite or limits and business strategies;
          (b) Restructuring, liquidating, unwinding or hedging exposures;
          (c) Seeking additional collateral, buying credit protection or reducing risk exposures to specific sectors, countries and regions;
          (d) Tightening underwriting standards;
          (e) Adjusting the asset and liability composition;
          (f) Building additional capital or liquidity buffers;
          (g) Implementing recovery or contingency plans; and (h) Recourse to central bank funding facilities.
          July 2018

        • ST-1.6.5

          Management actions must be approved by the Board and senior management and clearly documented. Senior management must ensure effective monitoring mechanisms are in place to promptly activate management actions based on established triggers. Clear roles and responsibilities must be assigned to ensure prompt escalation to the Board and senior management upon the occurrence of any trigger event. Reviews must be periodically conducted to ensure that such management actions are executed in a timely and orderly manner.

          July 2018

        • ST-1.6.6

          The following are examples of factors that may be considered in formulating the management actions during stressed conditions:

          (a) Time required for full implementation, considering expected time for the management action to take effect, such as improvement of asset quality due to tightening of underwriting standards;
          (b) Legal restrictions and impediments that may affect financial resources to be relied upon, such as cross border transfers of capital to entities within the group;
          (c) Elevated cost associated with additional borrowings and risk of undersubscription when issuing debt or raising capital;
          (d) Limited access to funding markets and reduced market liquidity for assets to be disposed of as well as increased volatility which may further depress the price of these assets;
          (e) Loss of revenue and market share arising from any proposed reduction in lending activities;
          (f) Reputational risk and potential negative market reaction caused by ceasing discretionary coupons or exercising convertibility provisions of capital instruments; and
          (g) The potential response of other banks and market participants to a given scenario and the consequential impact on asset and funding markets.
          July 2018

      • ST-1.7 ST-1.7 Interpretation and Communication of Stress Testing Results

        • ST-1.7.1

          Stress testing provides a more comprehensive view of risks and vulnerabilities that a Conventional bank licensee is exposed to. To ensure that the stakeholders within the bank and the CBB can interpret the results accurately, the bank should provide supporting information which includes scenario assumptions, model methodologies, model assumptions and limitations.

          July 2018

        • ST-1.7.2

          Stress testing estimates the exposure to a specified stress event or scenario, but does not give the probability of such an event or scenario occurring. Moreover, stress testing is influenced by the judgment and experience of the experts designing the stress tests. The effectiveness of stress testing therefore, depends, in particular, on whether the bank has chosen the 'right' scenarios for stress testing, interpreted the results properly and taken the necessary steps to address the results.

          July 2018

        • ST-1.7.3

          Conventional bank licensees must be aware of the limitations when interpreting the results of stress tests.

          July 2018

        • ST-1.7.4

          Conventional bank licensees must submit the stress test results to the CBB biannually on 31st May and 30th November. The submission must include:

          (a) Description of the risks, exposures and entities covered;
          (b) Description of the scenarios and the rationale for it;
          (c) Prevailing and projected macro-economic conditions, as well as justifications for assumptions used;
          (d) Description of the methodologies used, including justifications for any material changes to the previous methodologies adopted;
          (e) Impact on the profitability, capital adequacy and liquidity, as well as on all material risk indicators; both absolute amounts and key financial ratios must be reported;
          (f) Description of management actions that have been considered and an assessment of their reasonableness;
          (g) Assessment on areas of vulnerability and the associated risk factors. The assessment must be at a sufficient level of granularity to provide a meaningful understanding of the vulnerable areas (for instance, business line, geographical sectors, economic sectors or sub-sectors, market segments, borrower groups) and the causes of stressed losses;
          (h) Extract of minutes of the Board and/or any other related sub-committee meetings on the deliberation on the stress tests and reverse stress test results; and
          (i) Assessment and results of independent reviews, where such a review has been conducted.
          July 2018

        • ST-1.7.5

          The reporting of stress test results by conventional bank licensees must, at minimum, cover a 3-year horizon based on the following scenarios:

          (a) One market-wide (systemic) stress scenarios;
          (b) One bank-specific (idiosyncratic) stress scenarios; and
          (c) A combination of systemic and idiosyncratic stress scenarios.
          July 2018

        • ST-1.7.6

          In order to arrive at a comprehensive assessment of a conventional bank licensee's stress testing programme, the CBB will, where necessary, engage in discussion with the Board or senior management on the programme, particularly in respect of the following:

          (a) Their views on major macroeconomic and financial market vulnerabilities and relevant threats specific to the bank's operation and business model; and
          (b) Their justifications for various aspects of the stress testing programme and the methodology employed, such as the key assumptions driving the stress-testing results, the scope and severity of the firm-wide scenarios used, and how the stress-testing results are, in practice, being used.
          July 2018

        • ST-1.7.7

          The CBB may also require the conventional bank licensees to conduct additional sensitivity analysis in respect of specific business lines, portfolios or positions which pose significant risk to the bank. Furthermore, the banks may be required to evaluate scenarios under which their viability is compromised (e.g. reverse stress testing scenarios), or to assess the plausibility of events that lead to significant strategic or reputational risk, particularly for significant business lines or products.

          July 2018

        • ST-1.7.8

          Conventional bank licensees must provide a detailed plan of corrective actions and follow-up on its implementation, in the event that the CBB assessment reveals material shortcomings in the bank's stress testing programme (or that the results generated from the programme are not adequately attended to or acted upon).

          July 2018

      • ST-1.8 ST-1.8 Independent Review

        • ST-1.8.1

          [This Paragraph was deleted in January 2022].

          Deleted: January 2022
          Added: July 2018

        • ST-1.8.2

          The independent reviews of the stress testing framework undertaken in accordance with Paragraphs HC-6.6.33 and HC-6.6.34, must cover the following:

          (a) Effectiveness of the stress testing programme in meeting its intended purposes, and the requirements of this Module;
          (b) Adequacy of management oversight and approval process;
          (c) Adequacy of documentation for the programme;
          (d) Comprehensiveness of risk exposures captured by the programme, and the methodologies, scenarios and assumptions used;
          (e) Verification of the quality of data sources used to run the stress tests (e.g. in terms of accuracy, consistency, timeliness, completeness and reliability);
          (f) Implementation of the programme, as well as subsequent authorization for, and implementation of, significant changes or development work (e.g. to take account of changes in bank's business strategies, risk characteristics or external environment);
          (g) Integration of stress testing into risk management and decision-making processes at appropriate management levels, including capital and liquidity planning;
          (h) Integrity of management information and reporting systems for the stress tests; and
          (i) Validation of stress testing results, such as through backtesting historical scenarios (e.g. the 2008/09 Global Financial Crisis and the 1997 Asian Financial Crisis) and their impact on a bank's portfolio, or benchmarking with other stress tests conducted within and outside the bank.
          Amended: January 2022
          Added: July 2018

    • ST-2 ST-2 Major Risks and Stress Scenarios

      • ST-2.1 ST-2.1 Risks and Stress Scenarios

        • ST-2.1.1

          This chapter outlines various risk factors and stress scenarios which the conventional bank licensees should take into account in their stress testing programme.

          July 2018

        • ST-2.1.2

          Conventional bank licensees must identify stress scenarios and risk factors which are aligned to the nature and complexity of the business and markets they operate in. They must ensure that important risk factors or relationships between these factors are not omitted from the stress testing analysis. The risk factors identified will form the basis for developing stress scenarios. Banks must ensure that they have the capacity to conduct integrated stress tests by using a combination of the stress scenarios most relevant to their risk profiles and activities, covering the major types of risk to which they are exposed.

          July 2018

      • ST-2.2 ST-2.2 Risk Factors

        • ST-2.2.1

          A key step in the stress testing process is the identification of major risk factors that should be stressed. In drawing up the list of risk factors, conventional bank licensees must understand the risk characteristics of their exposures and analyse the relevant risk factors, as well as the correlation (and potential for change in correlation) between these factors.

          July 2018

        • ST-2.2.2

          Highlighted below are some examples of risk factors that may be relevant to the conventional bank licensees:

          (a) Credit risk characterised by an increase in default probabilities (e.g. the rise in delinquencies and charge-offs); a decline in recovery rates or in the value of supporting collateral; a rating migration of counterparties, issuers or credit protection providers; and worsening of credit spreads. Banks should be aware of the major drivers of repayment ability (such as economic downturns and significant market shocks) that will affect all classes of counterparties or credits;
          (b) Concentration risk in terms of the large chunks of exposures to individual counterparties, products/-instruments, industries, market sectors, countries or regions which are driven by the same risk factors. Banks should also assess the contagion effects and possible linkages (and the potential changes in such interrelationships, both over time and in times of stress) which may lead to a disproportionate increase in risk exposure;
          (c) Interest rate risk arising from parallel shifts or twists in the yield curve and the increase in basis risk (i.e. changes in relationships between key market rates);
          (d) Market or price risk arising from adverse changes in the price or fair value of assets (e.g. currencies, equities, commodities or other financial instruments and their derivative positions) and their impact on relevant portfolios and markets;
          (e) Liquidity risk as a result of the tightening of credit lines, tightening of secured or unsecured funding markets, market liquidity for certain asset classes, the triggering of obligations to provide additional collateral or margin under credit support agreements or unexpected increase in drawdown of credit lines and deposits;
          (f) Operational risk (including legal risk) caused by various factors, such as internal or external fraud, system failure and security risks (e.g. in respect of transactional e-banking services), and litigation cases that may lead to material monetary loss or reputational impact on the bank concerned, if the outcome is not in its favour;
          (g) Strategic risk resulting from events or changes in the environment that could adversely alter the original assumptions made in the strategic plan and any potential threats to a bank's business, both financially and non-financially;
          (h) Reputational risk stress testing in terms of identifying scenarios (may be due to misconduct, financial crime, market view about the stability of the bank) which will have a negative reputational impact and, in turn, result in increased credit risk (e.g. run on the bank), liquidity risk (tightened access to funding markets) or market risk (drop in equity value).
          (i) Product-specific risks, such as prepayment risk for mortgages, or securitized portfolios. Other potential risks may also arise from abnormal market movements and their impact on contingent credit exposures (e.g. derivatives) and complex products (e.g. structured products with embedded multiple risks);
          (j) System-wide interactions and feedback effects that reflect the impact of likely behavioural responses of other market participants and their counterparties on the broader market in times of stress, and how that impact will feed back to the bank's own positions;
          (k) Macroeconomic factors (e.g. gross domestic product ('GDP') growth, change in property prices, unemployment rate and inflation or deflation rate) and their impact on other risk factors; and
          (l) Political and economic factors pertaining to industries, regions and markets.
          July 2018

      • ST-2.3 ST-2.3 Stress Scenarios

        • Credit and Counterparty Credit Risk

          • ST-2.3.1

            The following are examples of stress scenarios relatingto credit risk and counterparty credit risk:

            (a) Domestic economic downturn — this estimates the impact on a bank's asset quality, impairment provisions, profitability and capital adequacy of adverse changes in selected macroeconomic variables (e.g. GDP growth, unemployment rate, interest rates, bankruptcy rates and asset prices etc.) that are relevant to the bank's exposures;
            (b) Economic downturn in major economies affecting Bahrain (e.g. U.S., Saudi Arabia, UAE etc.) — this estimates the impact on a bank's counterparty exposures (e.g. corporate loans, holdings in securities, interbank exposures etc.) as a result of economic downturn in major economies that have significant financial/commercial/trading links with Bahrain;
            (c) Decline in the real estate market — this estimates the impact of a decline in property prices on collateral coverage, default risk and provisioning needs for loans secured by properties;
            (d) Decline in the value and market liquidity of financial collateral — this estimates the impact of a decline in the valuation and market liquidity of financial collateral, which reduces the quality and quantity of the collateral, leading to lower collateral coverage and recovery rates and higher provisioning needs and capital charges;
            (e) Increases in non-performing loans ('NPL') and provisioning levels — this assesses the resilience of a bank's loan portfolios in terms of the impact of such increases on its profitability and capital adequacy. In designing the scenario, the bank may apply different percentages of increase in classified loans and provisioning levels to its loan portfolios;
            (f) Rating migration of counterparties — a test based on the internal or external credit ratings of bank's credit exposures, by migrating a certain percentage of the credit exposures of a specific rating grade (by one or more notches) to a lower rating grade, and assessing the resultant impact on a bank's profitability and capital adequacy. The capital impact may include the effects of increases in credit losses and provisioning needs, as well as the application of higher risk-weights due to rating downgrades in the calculation of regulatory capital; and
            (g) Default of major counterparties — this estimates the impact of default of a bank's major counterparties, including corporate, sovereign and bank counterparties, on its profitability, as well as liquidity and capital adequacy. The test can be extended to cover aggregate exposures to major industries, market sectors, countries and regions (e.g. by assuming that a significant number of defaults occur within such aggregate exposures).
            July 2018

          • ST-2.3.2

            For the purpose of stressed expected loss, default probabiltiies should be point in time estimates. For a three year stress testing time horizon the bank should estimate the metric for 12th, 24th and the 36th month from the reporting date. This PDs should be cumulative.

            July 2018

        • Interest Rate Risk in Banking Book

          • ST-2.3.3

            The following are examples of stress scenarios relating to interest rate risk in the banking book:

            (a) 'gap risk' arises from the term structure of banking book instruments, and describes the risk arising from the timing of instruments' rate changes. The extent of gap risk depends on whether changes to the term structure of interest rates occur consistently across the yield curve (parallel risk) or differentially by period (non-parallel risk);
            (b) 'basis risk' describes the impact of relative changes in interest rates for financial instruments that have similar tenors but are priced using different interest rate indices; and
            (c) 'option risk' arises from option derivative positions or from optional elements embedded in the bank's assets, liabilities and off-balance sheet items, where the bank or its customer can alter the level and timing of their cash flows. Option risk can be further characterized into automatic option risk and behavioral option risk.
            July 2018

        • Liquidity Risks

          • ST-2.3.4

            The following are examples of stress scenarios relating to liquidity risk:

            (a) Tightening of credit lines — the potential impact of liquidity stress on the solvency position arising from a higher cost of funding due to tightening of wholesale and deposit/funding markets, and loss in the value of marketable securities due to market illiquidity;
            (b) Funding concentration — this assesses the liquidity risk of significant business activities and concentration to a particular source of funding, such as large depositors/funding providers, investment account holders, wholesale market funding or holdings of a particular asset class; and
            (c) Withdrawal risk of investment account holders ('IAH') /deposit outflows — this assesses the liquidity risk arising from honouring redemptions by investment account holders of unrestricted investment accounts at the level of individual funds in case of Islamic windows.
            July 2018

        • Market Risks

          • ST-2.3.5

            The following are examples of stress scenarios relating to market risk:

            (a) Increased volatility in key financial markets assesses the effects of increased volatility and adverse movements of market risk factors (i.e. interest rates, foreign exchange rates and equity or commodity prices) on a bank's market risk exposures;
            (b) Effect of key monetary decisions by the CBB, which might impact stock prices, FX rates and interest rates;
            (c) Effect on the bank arising from a rating downgrade of sovereign, leading to widening of credit spreads and a fall in equity prices; and
            (d) Structural changes to the economy of the main countries in which the bank operates.
            July 2018

        • Other Risks

          • ST-2.3.6

            The following are examples of stress scenarios relating to other risks:

            (a) Decline in net interest income — this estimates the impact on the bank's net interest income due to negative loan growth or squeezes in pricing caused by competition for new business or market share;
            (b) Risk concentrations — this estimates the impact from changes in market conditions which could give rise to risk concentrations. Banks may identify and assess the impact of heightened correlations or hidden inter-dependencies within and across risk types/risk factors, and possible second-round effects under severe market shocks that may lead to an increase in bank's exposures; and
            (c) Operational risk events — this assesses the effects, on a bank's capital requirement for operational risk, or its ability to maintain critical operations and earning capabilities, of external events (e.g. external fraud, vendor failure, utility outage and service disruption) or internal events (e.g. internal fraud, business disruption or system failures, telecommunication problems and loss of key personnel).
            July 2018

  • DSIBs DSIBs Domestic Systemically Important Banks

    • DS-A DS-A Introduction

      • DS-A.1 DS-A.1 Purpose

        • Executive Summary

          • DS-A.1.1

            The Domestic Systemically Important Banks (D-SIBs) Module sets out the Central Bank of Bahrain's ('CBB's) framework applicable to Bahraini conventional bank licensees identified as D-SIBs. This module provides guidance on the CBB's assessment methodology for identifying D-SIBs, and the Higher Loss Absorbency ('HLA') capital requirements to which such banks will be subject. The Module also sets out the supervisory measures and requirements to be applied by banks identified as being systemically important. This requirement is supported by Article 44(c) of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law') (Decree No. 64 of 2006).

            July 2018

          • DS-A.1.2

            DS-A.1.2 This Module shall be read in conjunction with other parts of the Rulebook, mainly:

            (a) Principles of Business;
            (b) High-level Controls;
            (c) Capital Adequacy;
            (d) Stress Testing; and
            (e) Internal Capital Adequacy Assessment Process ('ICAAP').
            July 2018

        • Legal Basis

          • DS-A.1.3

            This Module contains the CBB's Directive relating to D-SIBs and is issued under the powers available to the CBB under Article 38 of the CBB Law. The Directive in this Module is applicable to all Bahraini conventional bank licensees.

            July 2018

          • DS-A.1.4

            For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

            July 2018

      • DS-A.2 DS-A.2 Module History

        • Evolution of the Module

          • DS-A.2.1

            This Module is first issued in July 2018 as part of Volume One of the CBB Rulebook. The requirements in this Module are effective from the date of issuance. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made. Chapter UG-3 provides further details on Rulebook maintenance and version control.

            July 2018

          • DS-A.2.1

            The most recent changes made to this Module are detailed in the table below:

            Summary of Changes

            Module Ref. Change Date Description of Changes
            DS-2.1.2 07/2021 Amended Paragraph on RRPs submission annually.
            DS-3.1.1 01/2022 Deleted Paragraph.
            DS-3.1.2 01/2022 Amended Paragraph.

    • DS-1 DS-1 Recovery and Resolution Planning

      • DS-1.1 DS-1.1 Overview

        • DS-1.1.1

          The objective of the D-SIBs framework is to identify banks that could cause significant disruption to the domestic financial system and economic activity locally in the event of distress or failure. To address the negative externalities posed by such banks, regulatory and supervisory measures will be undertaken with the aim of:

          (a) Reducing the probability of failure of D-SIBs, by increasing their going-concern loss absorbency through additional capital requirements, requiring early recovery planning and increasing the intensity of their supervision; and
          (b) Reducing the extent or impact of any failure, by improving the resolvability of these banks.
          July 2018

      • DS-1.2 DS-1.2 General Requirements

        • DS-1.2.1

          Bahraini conventional bank licensees designated as D-SIBs must hold designated HLA expressed as Common Equity Tier 1 ('CET1') capital at 1.5 percent of the total Risk-Weighted Assets ('RWA'), as calculated for the purposes of capital adequacy.

          July 2018

        • DS-1.2.2

          The HLA requirement must be fully met by the CET1 capital. This is to ensure that the capital held for HLA purposes must be available to absorb losses on a going-concern basis and, as such, enhance the resilience of the relevant D-SIB.

          July 2018

        • DS-1.2.3

          Bahraini conventional bank licensees designated as D-SIBs will be subject to an annual inspection by the CBB and two prudential meetings per year.

          July 2018

        • DS-1.2.4

          The HLA requirement and the Pillar 2 capital add-on address the external and internal risks associated with banks from different, but complementary perspectives.

          July 2018

        • Disclosure Requirement for D-SIBs

          • DS-1.2.5

            Bahraini conventional bank licensees designated as D-SIBs must disclose their D-SIB HLA requirement in their capital disclosures for the purpose of disclosures of the composition of the bank's capital base.

            July 2018

        • Recovery and Resolution Plans

          • DS-1.2.6

            Bahraini conventional bank licensees designated as D-SIBs must develop and maintain Recovery and Resolution Plans (RRPs) specific to their circumstances and reflect the nature, complexity, interconnectedness, level of substitutability and size of the bank in question. The RRPs must be approved by the CBB.

            July 2018

      • DS-1.3 DS-1.3 D-SIBs Assessment Framework

        • DS-1.3.1

          The D-SIBs Assessment Framework aims to assess the degree to which banks are systemically important to the local financial system and domestic economy. Accordingly, the assessment focuses on the impact of a bank's failure within the financial system.

          July 2018

        • DS-1.3.2

          D-SIBs are identified using a two-step approach. The first step is to draw up a preliminary indicative list of D-SIBs based on the quantitative scores calculated using a set of factors/indicators. The second step involves the exercise of supervisory judgment that may serve as a complement to the quantitative assessment process, i.e. to refine the preliminary indicative list by either (i) removing banks from the list; or (ii) including other banks onto the list.

          July 2018

        • DS-1.3.3

          The D-SIBs assessment is based on the following four factors:

          (a) Size
          i. Size is a key measure of systemic importance. The larger the bank, the more widespread the effect of a sudden withdrawal of its services and, therefore, the greater the chance that its distress or failure would cause disruption to the financial markets and systems in which it operates, and to the broader functioning of the economy. The size factor broadly measures the volume of a D-SIB's banking activities within the local banking system and economy and, therefore, provides a good measure of the potential systemic impact in case a bank should fail.
          ii. The quantitative indicator used in the D-SIBs framework to measure a bank's size is its total assets, as disclosed in the balance sheet.
          (b) Interconnectedness
          i. This measure captures the extent of a bank's interconnections with other financial institutions, which could give rise to externalities affecting the financial system and domestic economy.
          ii. The quantitative indicators used to capture interconnectedness are interbank activities (represented by intra-financial system assets, and intra-financial system liabilities) and securities outstanding.
          iii. Intra-financial system assets comprise lending to financial institutions (including undrawn committed lines), holding of securities issued by other financial institutions, gross positive current exposure of Securities Financing Transactions and exposure value of those Over the Counter ('OTC') derivatives which have positive current market value. Intra-financial system liabilities comprise deposits by other financial institutions (including undrawn committed lines), gross negative current exposure of Securities Financing Transactions and exposure value of those OTC derivatives which have negative current market value. The total marketable securities issued by the bank comprise debt securities, commercial paper, certificate of deposit and equity issued by the bank. The total marketable securities issued by the bank with the data on maturity structure of these securities will give an indication of the reliance of the bank on wholesale funding markets.
          (c) Substitutability
          i. The concept underlying substitutability as a factor for assessing systemic importance, is the recognition that the greater the role of a bank in a particular business line, or in acting as a service provider in relation to market infrastructure, the more difficult it will be to swiftly replace that bank and the extent of the products and services it offers, and, therefore, the more significant the risk of disruption in the event that the bank becomes distressed.
          ii. The quantitative indicators used to capture substitutability are assets under custody (i.e. the value of assets that a bank holds as a custodian), payment activity (i.e. the value of a bank's payments sent through all of the main payments systems of which it is a member) and values of underwritten transactions in debt and equity markets (i.e. the annual value of debt and equity instruments underwritten by the bank). This is based on the logic that the higher the market share of a bank, the more difficult it will be to substitute the extent and level of service it provides.
          (d) Complexity
          i. The degree of complexity of a bank is generally expected to be proportionately related to the systemic impact of the bank's distress, as the less complex a bank is, the more 'resolvable' it will likely be, and, in turn, the more likely the impact of its failure could be contained.
          ii. The quantitative indicators used to capture complexity are the notional value of OTC derivatives (i.e. the ratio of the notional amount outstanding for the bank), Level 3 assets and ratio of the total value of the bank's holding of securities for trading and available for sale category.
          July 2018

        • Qualitative Indicators

          • DS-1.3.4

            The CBB will apply a supervisory judgmental overlay to the quantitative assessment process recognising that some of the most effective indicators for assessing systemic importance tend not to be of a quantitative nature and, as such, not captured by a quantitative indicator-based measurement approach.

            July 2018

          • DS-1.3.5

            The CBB's indicative list of qualitative indicators that will typically be considered are:

            (a) Anticipated business expansion/contraction;
            (b) Anticipated mergers and acquisitions;
            (c) Analysis of exposures to a particular banking group;
            (d) Settlement institution for any payment or clearing system;
            (e) Extent of retail banking network;
            (f) Number of local and overseas branches;
            (g) Analysis of non-banking business exposure and income;
            (h) Analysis of non-plain vanilla products /portfolios held;
            (i) Analysis of off-balance sheet exposures;
            (j) Complexity of the group structure; and
            (k) Reputational risk.
            July 2018

        • Assessment Approach

          • DS-1.3.6

            A weight is assigned to each of the 'size', 'interconnectedness', 'substitutability' and 'complexity' factors. The CBB applies 25 percent equally to all factors towards the final aggregate score.

            Category (and weighting) Individual indicator Indicator weighting
            Size Total assets 25%
            Interconnectedness Intra-financial system assets 8.33%
            Intra-financial system liabilities 8.33%
            Securities outstanding 8.33%
            Substitutability Assets under custody 8.33%
            Payments activity 8.33%
            Underwritten transactions in debt and equity markets 8.33%
            Complexity OTC derivative notional value 8.33%
            Level 3 assets 8.33%
            Trading and available-for-sale securities 8.33%
            July 2018

          • DS-1.3.7

            Bahraini conventional bank licensees that have a minimal amount of exposure to clients in Bahrain, and a low percentage of their deposits base are from clients in Bahrain, will be excluded from the D-SIB assessment.

            July 2018

          • DS-1.3.8

            The CBB shall conduct the D-SIB assessment every two years and shall inform the banks, the relevant thresholds or cut off, and shall provide the DSIBs the guidance for implementation.

            July 2018

    • DS-2: DS-2: Recovery and Resolution Plans

      • DS-2.1 DS-2.1 Recovery and Resolution Plans

        • DS-2.1.1

          Recovery and Resolution Plans (RRPs) developed by DSIBs must be specific to their circumstances reflecting the nature, complexity, interconnectedness, level of substitutability and size of the bank in question. RRPs must include:

          (a) High-level substantive summary of the key recovery and resolution strategies and an operational plan for implementation;
          (b) Strategic analysis that underlies the recovery and resolution strategies;
          (c) Conditions for intervention, describing necessary and sufficient prerequisites for triggering the implementation of recovery or resolution actions;
          (d) Concrete and practical options for recovery and resolution measures;
          (e) Preparatory actions to ensure that the measures can be implemented effectively and in a timely manner;
          (f) Details of any potential material impediments (legal, strategic or technical) to an effective and timely execution of the plans; and
          (g) Responsibilities for executing preparatory actions, triggering the implementation of the plans and the actual measures.
          July 2018

        • DS-2.1.2

          Bahraini conventional bank licensees must engage in an annual simulation and scenario exercise to assess whether the RRPs are feasible and credible. The Board must approve any changes to RRPs resulting from such exercise. The results of such annual exercise and the RRPs must be submitted to the CBB annually by the 31st of August.

          Amended: July 2021
          July 2018

        • DS-2.1.3

          Underlying assumptions of the RRPs and stress scenarios must be sufficiently severe, but plausible. Both "solo" specific and "consolidated" stress scenarios, as appropriate, must be considered taking into account the potential impact of cross-border contagion in crisis scenarios, as well as simultaneous stress situations in several significant markets. RRPs must not make the assumption that the CBB or government support can be relied upon to recover the bank.

          July 2018

        • DS-2.1.4

          Bahraini conventional bank licensees must develop a robust governance structure and sufficient resources to support the recovery and resolution planning process. This includes clear responsibilities of business units, senior management up to, and including, board members. A senior level executive must be made responsible for the overall RRPs. This person must be responsible for ensuring that the bank is, and remains in compliance with the requirements of the RRPs and for ensuring that recovery and resolution planning is integrated into the bank's overall governance processes.

          July 2018

        • DS-2.1.5

          Bahraini conventional bank licensees must have systems in place that are able to generate on a timely basis, the information required to support the recovery and resolution planning process to enable both the bank and the CBB to carry out recovery and resolution planning effectively, and, where necessary, implement the RRPs.

          July 2018

        • DS-2.1.6

          RRPs should serve as guidance to banks and the CBB in a recovery or resolution scenario. The CBB may implement a different strategy should the bank need to be resolved.

          July 2018

        • Recovery Plan

          • DS-2.1.7

            The Recovery Plan must identify possible recovery measures, recovery options and the necessary steps and time needed to implement such measures, as well as assess the associated risks. An effective Recovery Plan must at least consider the following:

            (a) Governance arrangements and escalation process following a trigger event;
            (b) Recovery triggers must be well-defined and tailored to the full range of risks faced by the bank. The threshold level for triggers must be calibrated with impact on the bank's economic capital and set out clearly in the bank's recovery plan;
            (c) Actions or responses that should occur when triggers are breached; there should be an expectation that breach of a trigger causes a predetermined escalation and information process up to Board and Senior Management level;
            (d) A detailed explanation and analysis, illustrating how the triggers were calibrated, as well as highlighting the effectiveness of the triggers;
            (e) Incorporating qualitative triggers in their consideration of whether a recovery response is necessary and, if so, what kind of response would be appropriate;
            (f) Incorporating the triggers for recovery planning into the bank's overall risk management framework. Recovery triggers must be aligned with (but not limited to) existing triggers for liquidity or capital contingency plans, early warning indicators and the bank's risk appetite;
            (g) Triggers for recovery planning must be complemented by early warning indicators that alert the bank to emerging signs of stress, but that do not yet give rise to a triggering event;
            (h) Use at least one market-wide (systemic) stress scenarios and one bank-specific (idiosyncratic) stress scenarios, as well as a combination of systemic and idiosyncratic stress scenarios, to assess the robustness of their Recovery Plans and to assess which recovery options would be effective in a range of stress situations; and
            (i) Allocation of losses to shareholders, and unsecured and uninsured creditors in a manner that respects the hierarchy of claims.
            July 2018

          • DS-2.1.8

            Bahraini conventional bank licensees must notify the CBB when high levels of stress are experienced and/or recovery plan triggers are breached. Banks must also notify the CBB on the Recovery Plan actions or responses that would be taken by the Bank when the plan is activated.

            July 2018

          • DS-2.1.9

            Bahraini conventional bank licensees must use quantitative and, if relevant, qualitative triggers in their recovery plans. The quantitative triggers focused on firm-specific liquidity and capital measures are critical. The quantitative triggers may include different elements such as:

            (a) withdrawal of deposits and other funding;
            (b) revenue performance (or components of these);
            (c) ratings downgrades;
            (d) credit risk limits;
            (e) equity ratios;
            (f) renewal of wholesale financing;
            (g) increased collateral requirements;
            (h) interest rate environment; and
            (i) senior debt spreads.
            July 2018

          • DS-2.1.10

            Bahraini conventional bank licensees must use three stress scenarios at a minimum, i.e. systemic, idiosyncratic and a combination of both for the purpose of recovery planning.

            July 2018

          • DS-2.1.11

            The following elements are illustrative in nature for stress scenarios to be considered in Recovery planning:

            a) significant deposit withdrawal or runoff;
            b) collapse of global financial markets;
            c) significant capital and liquidity impacts;
            d) severe losses through a rogue trader;
            e) rating downgrades;
            f) US Dollar or a Euro crisis;
            g) GDP growth rates; h) loss of goodwill;
            i) exodus of talent;
            j) currency or commodity prices volatility;
            k) increased collateral requirements;
            l) bank failures;
            m) fraud; and
            n) reputational crisis.
            July 2018

          • DS-2.1.12

            Bahraini conventional bank licensees must consider a variety of feasible recovery options that could play a critical role towards improving resilience and viability ultimately. Such options may include for instance the following illustrative options:

            (a) Issuance of capital instruments at short notice;
            (b) Seeking additional liquidity from existing or new sources;
            (c) Sale or disposal of a part of the business and assets;
            (d) Restricting new business activities;
            (e) Lowering dividend pay outs; and
            (f) Restructuring.
            July 2018

        • Resolution Plan

          • DS-2.1.13

            Bahraini conventional bank licensees must establish Resolution Plans intended to facilitate smooth resolution making it feasible without severe market disruption. It must include a substantive resolution strategy approved by the Board and agreed with the CBB, and an operational plan for its implementation. It must identify, in particular:

            (a) Financial and economic functions for which continuity during the resolution process is critical and suitable resolution options to preserve those functions, or wind them down in an orderly manner;
            (b) Data requirements on the bank's business operations, structures, and systemically important functions;
            (c) Potential legal, strategic or technical barriers to effective resolution and actions to mitigate those barriers; and
            (d) Actions to protect insured depositors and ensure the rapid return of segregated client assets.
            July 2018

          • DS-2.1.14

            Bahraini conventional bank licensees must consider the following important elements in their analysis leading to the development of the resolution plan:

            (a) The corporate and group structure
            (b) Relevant entities and the identification of material entities;
            (c) Balance sheet profile including on and off balance sheet;
            (d) Funding, liquidity and capital needs;
            (e) Business model of the parent and material entities;
            (f) Core business lines;
            (g) Operational, financial, legal and structural dependencies;
            (h) External dependencies;
            (i) Financial functions mapping each material entity and business lines;
            (j) Resolution strategies and options.
            July 2018

          • DS-2.1.15

            For the purpose of DS-2.1.13(a), banks shall consider in their recovery and resolution planning processes the identification and the development of suitable resolution options for 'critical functions' and 'critical shared services. The resolution strategy and operational plan should encompass appropriate actions which help maintain continuity of these functions while avoiding unnecessary loss of value and minimising, where possible, the costs of resolution.

            July 2018

          • DS-2.1.16

            Critical functions are activities performed for third parties not affiliated to the bank, the failure of which would lead to a disruption of services that are vital for the functioning of the real economy and for financial stability due to the bank/banking group's size or market share, interconnectedness, complexity and cross-border activities.

            July 2018

          • DS-2.1.17

            The designation of a function as critical does not imply that the function and all related liabilities will be protected in a resolution. Rather, the designation is meant to assist the CBB and relevant authorities in developing resolution strategies that minimise systemic disruption and preserve value. It is important to note that the institution specific lists of critical functions will be an important input in the resolution planning process and the resolvability assessments.

            July 2018

          • DS-2.1.18

            The criticality of a function can be assessed in a three-step process: —

            a) Impact assessment: It will include understanding the nature and extent of the activity and assessing the impact of the failure of the function on the market and infrastructure, on customers, on other market participants and finally the interdependences of the market;
            b) Evaluating the market for that function: This will encompass understanding how quickly the market is able to substitute the service providers of the failed function. Such an assessment will include supply side analysis of service providers covering market concentration;
            c) Firm-specific test: The analysis will determine whether the bank's failure would have a material impact on third parties, on the potential for contagion and on the general confidence of market participants which will be based on understanding of the overall market share of the firm for that specific function etc.
            July 2018

          • DS-2.1.19

            These critical functions are assessed in the following five broad categories with distinct economic objectives and characteristics: (a) Deposit Taking, (b) lending and loan servicing; (c) payments, clearing custody and settlement, (d) lending and borrowing to and from financial institutions; and (e') Capital markets and investment activities.

            July 2018

          • DS-2.1.20

            Critical shared services are activities performed within the bank or by another unit within the group or outsourced to third parties and their failure would lead to the inability to perform critical functions and, therefore, to the disruption of functions vital for the functioning of the real economy or for financial stability.

            July 2018

          • DS-2.1.21

            Critical shared services are related to the critical functions a bank performs. They provide the internal and essential infrastructure the bank needs to continue operating. Their designation should therefore follow from the identification of the critical functions. The prioritising of the critical shared services, starts with answering the following questions first:

            a) How severe are the consequences of the failure of a particular service on one or more critical functions?
            b) How quickly will the failure of a particular shared service lead to a collapse of one or more critical functions?
            July 2018

          • DS-2.1.22

            For the purposes of this analysis, there should be a clear understanding of the following aspects of the shared services at legal entity level:

            i. the provider and the recipient of the services;
            ii. the nature of the services being provided;
            iii. the financial terms on which those services are offered;
            iv. the existence of service level agreements and the validity of such agreements in the event of failure; and
            v. the impact of default on the ability of the bank to maintain these services.
            vi. the substitutability of the services being provided (see above).
            July 2018

          • DS-2.1.23

            Bahraini conventional bank licensees must ensure that key Service Level Agreements (SLAs) can be maintained in crisis situations and in resolution, and that the underlying contracts include provisions that prevent termination triggered by recovery or resolution events, and facilitate transfer of the contract to a bridge institution or a third party acquirer.

            July 2018

          • DS-2.1.24

            Nothing in this Module will preclude CBB from devising other resolution strategies, options or plans recognised under the CBB Law should it believe it is necessary under the circumstances.

            July 2018

    • DS-3: DS-3: Independent Review

      • DS-3.1 DS-3.1 Independent Review

        • DS-3.1.1

          [This Paragraph has been deleted in January 2022].

          Deleted: January 2022
          Added: July 2018

        • DS-3.1.2

          The independent reviews of recovery and resolution planning framework undertaken in accordance with Paragraphs HC-6.6.33 and HC-6.6.34, must cover the following:

          (a) Adequacy of management oversight and approval of the RRPs;
          (b) Adequacy of documentation supporting the RRPs;
          (c) Integration of ICAAP and stress testing into RRP process;
          (d) Sufficiency of the trigger framework and the process for implementing and monitoring them;
          (e) Escalation process and the integrity of the planned actions against the triggers;
          (f) Authorisation for, and implementation of, significant changes to the RRPs;
          (g) Alignment of the RRPs to the bank's business strategies, group and organisational structure;
          (h) Due consideration of the legal and external environment;
          (i) Verification of the quality of data sources used to run the stress tests (e.g. in terms of accuracy, consistency, timeliness, completeness and reliability).
          Amended: January 2022
          Added: July 2018

  • RR RR Reputational Risk Management

    • RR-A RR-A Introduction

      • RR-A.1 RR-A.1 Purpose

        • Executive Summary

          • RR-A.1.1

            The Reputational Risk Management Module sets out the Central Bank of Bahrain's ('CBB's') rules and guidance to conventional bank licensees operating in Bahrain on establishing parameters and control procedures to monitor and mitigate reputational risks. The content of this Module applies to all conventional bank licensees, except where noted in individual Chapters.

            July 2018

          • RR-A.1.2

            This Module should be read in conjunction with other parts of the Rulebook, mainly:

            (a) Principles of Business;
            (b) High-level Controls;
            (c) Credit Risk;
            (d) Market Risk;
            (e) Operational Risk;
            (f) Liquidity Risk;
            (g) Interest Rate Risk in the Banking Book ('IRRBB');
            (h) Internal Capital Adequacy Assessment Process ('ICAAP'); and (i) Stress Testing.
            July 2018

        • Legal Basis

          • RR-A.1.3

            This Module contains the CBB's Directive (as amended from time-to-time) relating to reputational risk management and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). The Directive in this Module is applicable to all conventional bank licensees (including their approved persons).

            July 2018

          • RR-A.1.4

            Requirements of Section 3.3—Management of Step-in Risk are applicable to Bahraini conventional bank licensees only.

            July 2018

          • RR-A.1.5

            For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

            July 2018

      • RR-A.2 RR-A.2 Module History

        • Evolution of the Module

          • RR-A.2.1

            This Module is issued in July 2018 as part of Volume One of the CBB Rulebook. The requirements in this Module are effective from the date of issuance. Any material changes that are subsequently made to this Module are annotated with the calendar quarter date in which the change was made. Chapter UG-3 provides further details on Rulebook maintenance and version control.

            July 2018

          • RR-A.2.2

            The most recent changes made to this Module are detailed in the table below:

            Summary of Changes

            Module Ref. Change Date Description of Changes
                 
            July 2018

    • RR-1 RR-1 Reputational Risk

      • RR-1.1 RR-1.1 Introduction and Scope

        • RR-1.1.1

          This Chapter provides CBB's requirements and guidance with respect to an effective reputational risk management and sets out the approach for conventional bank licensees to manage reputational risk.

          July 2018

        • RR-1.1.2

          Reputational risk can be defined as the risk arising from negative perception on the part of customers, counterparties, shareholders, investors, debt-holders, market analysts, other relevant parties or regulators that can adversely affect a bank's ability to maintain existing, or establish new, business relationships and continued access to sources of funding (e.g. through the interbank or securitisation markets). Reputational risk is multidimensional and reflects the perception of other market participants. Furthermore, it exists throughout the organisation and exposure to reputational risk is essentially a function of the adequacy of the bank's internal risk management processes, as well as the manner and efficiency with which management responds to external influences on bank-related transactions.

          July 2018

        • RR-1.1.3

          Reputational risk also may affect a bank's liabilities, since market confidence and a bank's ability to fund its business are closely related to its reputation. For instance, to avoid damaging its reputation, a bank may call its liabilities even though this might negatively affect its liquidity profile. This is particularly true for liabilities that are components of regulatory capital, such as hybrid/subordinated debt. In such cases, a bank's capital position is likely to suffer.

          July 2018

        • RR-1.1.4

          Once a bank identifies potential exposures arising from reputational concerns, it should measure the amount of support it might have to provide (including implicit support of securitisations) or losses it might experience under adverse market conditions. In particular, in order to avoid reputational damages and to maintain market confidence, a bank should develop methodologies to measure as precisely as possible the effect of reputational risk in terms of other risk types (e.g. credit, liquidity, market or operational risk) to which it may be exposed. This could be accomplished by including reputational risk scenarios in regular stress tests. For instance, non contractual off-balance sheet exposures could be included in the stress tests to determine the effect on a bank's credit, market and liquidity risk profiles. Methodologies also could include comparing the actual amount of exposure carried on the balance sheet versus the maximum exposure amount held off-balance sheet, that is, the potential amount to which the bank could be exposed.

          July 2018

        • RR-1.1.5

          A conventional bank licensee should pay particular attention to the effects of reputational risk on its overall liquidity position, taking into account both possible increases in the asset side of the balance sheet and possible restrictions on funding, should the loss of reputation result in various counterparties' loss of confidence. (See Liquidity Risk Management Module.)

          July 2018

        • RR-1.1.6

          Conventional bank licensees must establish an effective process for managing reputational risk that is appropriate for the size and complexity of their operations.

          July 2018

        • RR-1.1.7

          This Module focuses mainly on:

          (a) The approach to identifying and managing reputational risk;
          (b) Drawing attention to various sources of reputational risk;
          (c) Providing guidance on the key elements of reputational risk management; and
          (d) Promoting adoption of a formalized and structured approach to managing reputational risk.
          July 2018

    • RR-2 RR-2 Sources of Reputational Risk

      • RR-2.1 RR-2.1 Key Drivers

        • RR-2.1.1

          It is vital for banks to understand how different sources of reputational risk can impact their business operations, to set up appropriate systems and controls which can be used to manage these risks. It should be noted that many of the reputational drivers are inter-related, representing common factors applicable to banks, and relate to how well a bank has managed its business and controlled its material risks.

          July 2018

        • RR-2.1.2

          The key drivers of reputational risk that could assist banks in identifying and categorising the major sources of reputational risk applicable to them, amongst others, are outlined below:

          (a) Corporate governance—good corporate governance is vital to a bank's reputation. The leadership of the Board and senior management will directly affect stakeholders' perception of the bank;
          (b) Board and management integrity—the personal ethics and behaviour of directors and senior management are important determinants of stakeholder confidence;
          (c) Staff competence/support—staff competence and support is essential for business success. Any deficiencies in employment and staff management practices could lead to various problems, which include high staff turnover, insufficient staffing, poor service quality, staff incompetence/misconduct, customer complaints and employee disputes. Some of these issues may result in damaging headlines and adverse publicity;
          (d) Corporate culture—it is crucial for banks to promote a corporate culture where the adoption of ethical and responsible behaviour, that can protect and enhance their reputation, is encouraged. Inadequate corporate culture may result in a loss of confidence;
          (e) Risk management and control environment—a sound risk management and control environment is essential for banks to safeguard their assets and capital, and to mitigate reputational risk. Banks should seek independent assurance that existing risk management and control systems are appropriate via internal audits, and take remedial actions for any deterioration in risk management and control standards;
          (f) Financial soundness/business viability—a bank's reputation is likely to suffer if its financial soundness, or business viability, is questioned. To safeguard and strengthen their reputation, banks should build-up stakeholder trust in their financial reporting systems, manage stakeholder expectations by providing relevant factual information to facilitate their assessment of the banks' financial performance and future prospects;
          (g) Business conduct and practices—banks are required to run their businesses in a responsible, honest and prudent manner. Business practices which deviate from this basic standard could erode stakeholder confidence and damage their reputation, and any resultant breach of laws and regulations may lead to investigations, disciplinary action and criminal charges. In dealing with customers and other counterparties, banks should be guided by, and adhere to, all relevant ethical standards and codes of conduct;
          (h) Stakeholder satisfaction—a banks' ability to satisfy stakeholder needs and expectations on a continuing basis is of utmost importance in sustaining their business in a highly competitive banking environment. Failure to do so, may result in loss of stakeholder confidence, falling business, adverse publicity or, in some cases, legal sanctions;
          (i) Legal/regulatory compliance—banks should adequately appraise legal and regulatory risks, and put in place robust systems to ensure compliance, including enhancing staff awareness of compliance issues and identifying areas of potential threat and vulnerability. Breaching the law or any relevant regulatory standards and guidelines can lead to serious consequences, including regulatory investigations, costly and high profile litigation, public censure, civil and criminal sanctions, harmful publicity, claims for damages, or even the loss of authorization. There may be significant damage to a bank's reputation even if the bank is ultimately acquitted of any illegal conduct;
          (j) Contagion risk/rumours—banks operating as part of a group will be susceptible to reputational events affecting their parent bank, non-bank holding company, or other members of the group (e.g. subsidiaries and affiliates). Such contagion effects on a banks' reputation may also result from other problematic relationships, such as any close association with major customers, counterparties or service providers that are revealed to be engaged in unethical, unlawful or corrupt activities. Rumours may have a damaging impact on the bank's reputation and the level of public confidence. Therefore, adequate contingency procedures should be developed by banks;
          (k) Crisis management—a bank's inadequate response to a crisis, or even a minor incident, that attracts media attention could arouse stakeholder concerns about management competence, thereby jeopardising the bank's reputation. On the other hand, effective crisis management arrangements (including communications with stakeholders and the media) could quickly allay stakeholder fears, restore their confidence and even enhance reputation. Therefore, banks should ensure that they are ready to deal with possible crises (which may be unprecedented and totally unexpected), with detailed and well-rehearsed crisis management plans in place. Close attention should also be paid to managing media communications;
          (l) Transparency/accountability—a banks' ability to be responsive to and satisfy stakeholders' information needs (e.g. by disclosing information in respect of material issues of interest to stakeholders in a transparent, honest and prompt manner) has become a key determinant of business competence. Such information will help stakeholders in understanding a banks' values, strategies, performance and future prospects. Stakeholder confidence, as well as the banks' credibility and reputation, will be weakened if information disclosed is found to be misleading, inaccurate or incomplete. There should be adequate accountability for the integrity of information disclosures, which should be backed by robust management monitoring and reporting systems;
          (m) Branding and cross-selling—this refers to the potential harm to a bank's reputation when an entity has clients in common with the bank and also carries the bank's brand (e.g. corporate name, logo/symbol). Different brand strategies create different risk profiles. Banks should consider the degree to which cross-selling is part of their overall strategy, as a greater degree of cross-selling increases reputational risk. This is particularly the case if a bank or banking group has stand-alone deposit-taking institution(s), broker-dealer(s) and asset management unit(s) that cross-sell products;
          (n) Outsourcing—a bank's reputation could also be damaged by sub-standard service quality, improper acts, or lax controls of some key service providers (e.g. outsourced telephone banking operations, IT support, debt collection services etc.). Banks should closely monitor the performance of the outsourcing providers and the on-going impact of the agreement on their risk profile, systems and controls framework; and
          (o) Shari'a non-compliance risk—Shari'a non-compliance is a unique operational risk in Islamic finance products resulting from non-compliance of the bank with the rules and principles of Shari'a in its products and services. It is crucial to set up key risk indicators for identifying the Shari'a non-compliance risk inherent in different kinds of Shari'a-compliant contracts, and to outline a set of variables that help to estimate the likelihood and severity of Shari'a non-compliance risk. It is possible for banks to become insolvent because of the reputational risk that is triggered by the Shari'a non-compliance risk. It is important to consider Shari'a non-compliance risk as one of the main risks that banks should take into account as part of their enterprise-level risk evaluation. Banks should be aware of the implications of Shari'a non-compliance risk for the overall enterprise when Shari'a requirements and rulings are not effectively communicated, translated into internal policy, or observed by banks across different businesses and functional units; and
          (p) Step-in risk—refers to the level of risk that is associated with a bank's decision to provide financial support to an unconsolidated entity that is facing stress, in the absence of, or in excess of, any contractual obligations to provide such support. The main reason for step-in risk is to avoid the reputational risk that a bank might suffer if it did not support an entity facing a stress situation. The financial crisis provided evidence that a bank might have incentives beyond contractual obligation or equity ties to 'step in' to support unconsolidated entities to which it is connected (refer to Section RR-3.3).
          July 2018

    • RR-3 RR-3 Reputational Risk Management

      • RR-3.1 RR-3.1 Reputational Risk Management Framework

        • RR-3.1.1

          Conventional bank licensees must adopt an approach to reputational risk management that fits the banks' profile of activities and level of sophistication, and that enables the risks affecting reputation to be consistently and comprehensively identified, assessed, controlled, monitored and reported.

          July 2018

        • RR-3.1.2

          The key elements of reputational risk management are good corporate governance, the existence of highly skilled, sincere and honest resources, effective reputational risk management processes; and adequate management of reputational events.

          July 2018

        • Good Corporate Governance

          • RR-3.1.3

            Good corporate governance forms the foundation of effective reputational risk management and provides a framework for:

            (a) Guiding banks' conduct and actions in achieving their vision, values, goals and strategies, as well as meeting stakeholder requirements and expectations; and
            (b) Ensuring robust oversight of their conduct and actions.
            July 2018

          • RR-3.1.4

            Good corporate governance can be achieved by implementing a governance infrastructure and adopting governance practices in compliance with Module HC (High-level Controls).

            July 2018

          • RR-3.1.5

            The Board must be responsible for overseeing the overall reputational risk management processes.

            July 2018

          • RR-3.1.6

            A sound governance infrastructure should have the following general attributes:

            (a) Having the right people, with the right balance of skills and experience on the Board, with suitable checks in place to ensure that no single individual can influence Board decisions;
            (b) Including a robust framework for succession planning to ensure that the business can continue to function effectively, even when there is a major management or staff turnover; and
            (c) Enabling business and management performance to be closely overseen by independent directors.
            July 2018

          • RR-3.1.7

            Conventional bank licensees should adopt a governance approach that sets out clear governance objectives and expectations on reputational risk management, as well as the authorities and responsibilities of all parties engaged in the risk management process.

            July 2018

          • RR-3.1.8

            The following elements must be included in the banks' governance practice framework:

            (a) Setting a clear and unambiguous vision, values, goals and strategies, and ensuring that they are transparent;
            (b) Developing appropriate policy, codes of conduct, guidelines and procedures to support the implementation of the bank's vision, values, goals and strategies;
            (c) Creating an open and empowering corporate culture to encourage responsible and ethical behaviour, and to support the achievement of business objectives and effective risk management;
            (d) Building up a strong, stable management team that are honest, competent, responsible, accountable and responsive to stakeholders;
            (e) Raising the risk awareness of employees and providing employees with adequate training;
            (f) Setting up effective systems and controls to manage and control all material risks (including reputational risks) faced by the bank and to monitor compliance with all applicable laws, regulatory standards, best practices and internal guidelines; and
            (g) Having adequate policy and procedures in place to ensure that all disclosures to stakeholders are clear, accurate, complete, relevant, consistent and timely, and guided by the principles of ethics, integrity and transparency.
            July 2018

        • Effective Reputational Risk Management Process

          • RR-3.1.9

            Conventional bank licensees must have adequate arrangements, strategies, policy, processes and mechanisms in place to manage reputational risk. An effective reputational risk management process must include:

            (a) Policy, definition of roles, codes of conduct, guidelines and procedures which guide staff behaviour and conduct, and set boundaries for staff actions, in particular the boundaries for unacceptable practices;
            (b) Consideration of the potential impact of its strategy and business plans and, more generally, of its behaviour on its reputation;
            (c) Addressing reputational risk in a precautionary manner, for example by setting limits or requiring approval for allocating capital to specific countries, sectors or persons and/or whether its contingency plans address the need to deal proactively with reputational issues in the event of a crisis;
            (d) Risk identification, assessment and control which provides a systematic process for identifying and assessing the risks affecting reputation, including the setting of appropriate response actions to control the risks;
            (e) Risk monitoring and reporting which ensures that the progress of carrying out agreed response plans is adequately monitored, any changes to the status of the risks concerned is regularly reviewed, and early warning systems are in place for identifying emerging threats, to ensure that prompt corrective actions are taken to address those threats;
            (f) Communications and disclosures which enable meaningful, transparent and timely information to be provided to stakeholders to better their understanding of the bank's performance and future prospects, and to retain their confidence; and
            (g) Independent reviews and audits which give assurance that the risks affecting reputation have been adequately understood and properly controlled throughout the bank.
            July 2018

        • Adequate Management of Reputational Events

          • RR-3.1.10

            Reputational events may still occur despite stringent risk control measures. As such, banks must develop a systematic and comprehensive approach for managing reputational events. This will allow bank management to be prepared to take proper measures to restore the institution's reputation and minimize any damage caused. The effectiveness of this approach would help reduce the chance of having to deal with a full-blown crisis.

            July 2018

          • RR-3.1.11

            The conventional bank licensee's approach to manage reputational events must include:

            (a) Crisis management adoption of the key elements of effective crisis management, which includes a crisis management manual, crisis management structure, invocation of crisis management, crisis management process, internal and external communications, and pre-planning for crisis management;
            (b) Adoption of an embedded risk mitigation approach that refers to shaping products, business transactions, special investments, outsourcing arrangements, new product process, restructurings etc., which will assist in mitigating some of the potential concerns of key stakeholders by design;
            (c) Post-event reviews—the Board and senior management must conduct a post-event review to identify any lessons learnt, or problems and weaknesses revealed, from the event in order to take appropriate actions to improve the bank's approach for managing reputational risk; and
            (d) Early warning systems—a banks' implementation of early warning systems will enable them to plan actions in advance for addressing potential threats that are likely to develop into reputational events. Early recognition of impending reputational problems also means that valuable time has been won to facilitate pre-planning for future action.
            July 2018

          • RR-3.1.12

            The early warning systems must also involve developing and monitoring:

            (a) Performance indicators and other indicators reflecting stakeholder confidence, which can provide an estimate of the bank's reputation and keep track of the progress in managing associated risks; and
            (b) Early warning indicators (e.g. a sudden increase in customer complaints, breaches of internal controls, operational errors, system outages, fraudulent incidents and any significant deterioration in other performance indicators) and other triggers or thresholds for management actions, or provide signals to invoke response or contingency plans.
            July 2018

      • RR-3.2 RR-3.2 Assessment of Reputational Risk

        • RR-3.2.1

          Conventional bank licensees must conduct a regular assessment of the reputational risk to which they are exposed, leveraging their understanding of governance, business model, products and the environment in which they operate.

          July 2018

        • RR-3.2.2

          Conventional bank licensees must consider both internal and external factors or events that might give rise to reputational concerns (refer to Section RR-2.1). Banks must consider the following qualitative indicators, amongst others, in their assessment of reputational risk:

          (a) The number of sanctions from official bodies during the year;
          (b) Media campaigns and consumer-association initiatives that contribute to a deterioration in the public perception and reputation of the institution;
          (c) The number of and changes in customer complaints;
          (d) Malpractices and irregularities;
          (e) Negative events affecting the institution's peers;
          (f) Dealing with sectors that are not well perceived by the public (e.g. weapons industry, embargoed countries etc.) or people and countries on sanctions lists; and
          (g) Other 'market' indicators, for example, rating downgrades or changes in the share price throughout the year.
          July 2018

        • RR-3.2.3

          Conventional bank licensees must assess the significance of its reputational risk and how it is connected with other risks (i.e. credit, market, operational, liquidity and interest rate risks) by leveraging other risk assessments to identify any possible secondary effects in either direction (from reputation to other risks and vice versa).

          July 2018

        • Stress Testing

          • RR-3.2.4

            Conventional bank licensees must enhance their stress testing methodologies to capture the effect of reputational risk. Banks must also conduct stress testing or scenario analysis to assess any secondary effects of reputational risk (e.g. liquidity, funding costs, etc.).

            July 2018

          • RR-3.2.5

            The stress testing technique is useful for identifying events or changes that pose threats to banks, and can help develop different sets of circumstances which could potentially cause a crisis. Banks can make use of this technique to assess the likelihood of the risk materialising and the potential impact of the risk on their business and reputation under different stress scenarios (refer to Module ST on Stress Testing for guidance).

            July 2018

          • RR-3.2.6

            Conventional bank licensees should be guided by the following supplementary guidance on use of stress testing for reputational risk:

            (a) Banks employing stress testing techniques for assessing reputational risk should seek to incorporate stress scenarios for reputational risk into their institution-wide stress testing procedures and assess the impact of reputational risk on other major risks (e.g. business or liquidity risk);
            (b) In developing stress scenarios for reputational risk, banks should identify the major sources of reputational risk to which they are potentially exposed, key stakeholders that will most likely increase reputational risks in stress scenarios or an appropriate range of circumstances and events. Banks should also consider how those sources, circumstances and events may adversely affect their business prospects and financial position (including earnings, capital and liquidity), as well as generate other second round effects;
            (c) Banks may face reputational risk in other aspects, such as those arising from material weaknesses in their internal risk management processes (e.g. resulting in substantial fraudulent losses) or management's failure to respond swiftly and effectively to external threats or influences (e.g. resulting in poor strategic decisions). Banks should exercise their best judgment and apply stress scenarios and parameters that suit their own circumstances and risk profile;
            (d) Once the potential exposures arising from reputational concerns are identified, banks should estimate the amount of support (capital or liquidity) they may have to provide, as well as estimate potential loss under adverse market conditions. Banks should also assess the impact of reputational risk on other risks to which they may be exposed. This could be accomplished by including reputational risk scenarios in regular stress tests;
            (e) Banks should assess whether there is any longer term impact on their business and operations due to reputational risk (e.g. loss of market share, customer base or business revenue). Banks should also pay particular attention to the effects of reputational risk on their overall liquidity position, taking into account both possible changes in the asset side of the balance sheet and possible restrictions on funding, should the damage in reputation result in a general loss of confidence on the part of their counterparties and customers; and
            (f) Senior management should actively participate in conducting stress testing and scenario analyses for reputational risk (including the development of stress scenarios and assumptions), and review the stress testing results.
            July 2018

      • RR-3.3 RR-3.3 Management of Step-in Risk

        • Bahraini Conventional bank licensees' Policy and Procedures for Identifying and Managing Step-in Risk

          • RR-3.3.1

            Bahraini Conventional bank licensees must establish and maintain, as part of their risk management framework, policy and procedures that describe the processes used to identify entities that are unconsolidated for regulatory purposes and the associated step-in risks. The policy and procedures must:

            (a) Clearly describe the identification criteria that banks use to identify the step-in risk;
            (b) Not be prescriptive or geared towards any particular type of entity. Given the case-by-case nature of the evaluation, the guidelines are envisaged as flexible enough to capture all entities that are unconsolidated for regulatory purposes and which pose significant step-in risk;
            (c) Clearly describe the specific provisions of the laws or regulations and list the types of entity covered by those laws or regulations;
            (d) Describe the internal function responsible for identifying, monitoring, assessing, mitigating and managing the potential step-in risk;
            (e) Clearly describe the bank's own definition and criteria of 'materiality', as used to exclude immaterial entities in the bank's step-in risk assessment, and their rationale;
            (f) Document the process to obtain the necessary information to conduct the regular self-assessments;
            (g) Be reviewed regularly, and whenever there is any material change in the types of entity or in the risk profile of entities; and
            (h) Require the 'Step-in Risk Self-assessment' to be included in the internal risk management processes, subject to independent controls.
            July 2018

        • Regular Step-in Risk Identification and Assessment

          • RR-3.3.2

            Bahraini Conventional bank licensees must regularly identify all entities giving rise to step-in risk. For all these entities, they must estimate the potential impact on their liquidity and capital that step-in risk could entail. The bank must use the estimation method it believes to be most appropriate. Banks must describe the method used to estimate the financial impact of step-in risk in each case.

            July 2018

        • Step-in Risk Reporting

          • RR-3.3.3

            Bahraini Conventional bank licensees must annually report the results of their self-assessment of step-in risk to the CBB on 30th September of each year. The report must contain the following information:

            (a) Per groups of similar entities, the number and types of entity that were initially identified;
            (b) The entities must be grouped under three categories: entities deemed immaterial (for which no step-in risk assessment process conducted); entities which are material, but for which step-in risk is insignificant; and entities which are material and for which step-in risk is significant; and
            (c) The nature of the step-in risk and the action taken by the bank to limit, mitigate or recognise this risk, must be reported for entities which are material and for which step-in risk is significant.
            July 2018

  • LM LM Liquidity Risk Management

    • LM-A LM-A Introduction

      • LM-A.1 LM-A.1 Purpose

        • Executive Summary

          • LM-A.1.1

            This Module sets out the CBB's requirements with regards to management of liquidity risk by banks.

            August 2018

          • LM-A.1.2

            Liquidity is the ability of a bank to fund increases in assets and meet obligations as they fall due, without incurring unacceptable losses. Virtually every financial transaction or commitment has implications for a bank's liquidity. Effective liquidity risk management helps ensure a bank's ability to meet cash flow obligations. Liquidity risk management is of paramount importance because a liquidity shortfall at a single institution can have system-wide repercussions.

            August 2018

          • LM-A.1.3

            This Module outlines a set of principles covering the following topics:

            (a) Governance of liquidity risk management;
            (b) Liquidity risk identification, measurement, monitoring and control;
            (c) Foreign currency liquidity management;
            (d) Funding diversification and market access;
            (e) Maintenance of liquidity cushion;
            (f) Intragroup liquidity management;
            (g) Intraday liquidity risk management;
            (h) Collateral management;
            (i) Stress testing and scenario analysis; and
            (j) Contingency Funding Plan.
            August 2018

        • Legal Basis

          • LM-A.1.4

            This Module contains the Central Bank of Bahrain's ('CBB's') Directive (as amended from time-to-time) on the liquidity risk management requirements for conventional banks, and is issued under the powers available to the CBB under Article 38 of the CBB and Financial Institutions Law 2006 ('CBB Law'). The Directive in this Module is applicable to all conventional banks.

            August 2018

          • LM-A.1.5

            For an explanation of the CBB's rule-making powers and different regulatory instruments, see UG module (Section UG-1.1).

            August 2018

          • LM-A.1.6

            The requirements included in chapters LM-1 to LM-11 must be fully met by 30th June 2019, and the requirements in Chapter LM-12 must fully be met by 31st December 2019.

            August 2018

          • LM-A.1.7

            Branches of foreign bank licensees must apply the requirements under Chapters LM-1 to LM-10 of this Module to the extent appropriate. If branches of foreign bank licensees do not have established policies, procedures, processes and systems at a branch level, they must satisfy the CBB that there are equivalent arrangements at their head office or regional office.

            Added: October 2019

      • LM-A.2 LM-A.2 Module History

        • LM-A.2.1

          This Module was issued in August 2018 as part of Volume One of the CBB Rulebook. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made. Chapter UG-3 provides further details on Rulebook maintenance and version control.

          August 2018

        • LM-A.2.2

          The changes made to this Module are detailed in the table below:

          Summary of Changes

          Module Ref. Change Date Description of Changes
          LM-11.1.9 07/2019 Added reference to BR regarding LCR reporting.
          LM-A.1.7 10/2019 Added a new Paragraph on branches of foreign banks.
          LM-12.4 – Table 1 01/2020 Amended table on components of ASF Category.
          LM-12.5.1 – LM-12.5.3 01/2020 Amended Section on General Disclosure Requirements.
          LM-1.3.7 01/2022 Deleted Paragraph.
          LM-1.3.8 01/2022 Amended Paragraph.
          LM-1.3.9 01/2022 Deleted Paragraph.

    • LM-1 LM-1 Governance of Liquidity Risk Management

      • LM-1.1 LM-1.1 Liquidity Risk Management Framework

        • LM-1.1.1

          Banks must establish a robust liquidity risk management framework, which includes an asset and liability management committee (ALCO). The framework must describe the role of ALCO and its relationship with the risk management function, and articulate the delineation of powers, responsibilities and reporting lines for different departments and levels of management, so that the liquidity risk management strategy, policies and procedures are implemented effectively.

          August 2018

        • LM-1.1.2

          A bank's liquidity risk management structure must be commensurate with the nature, scale and complexity of the bank's business activities.

          August 2018

      • LM-1.2 LM-1.2 Responsibilities of Board of Directors

        • LM-1.2.1

          The Board must be ultimately responsible for determining the types and magnitude of liquidity risk that the bank can tolerate according to the liquidity risk management strategy, and for ensuring that there is an appropriate organisation structure for managing liquidity risk.

          August 2018

        • Liquidity Risk Tolerance

          • LM-1.2.2

            The Board of Directors must articulate the bank's liquidity risk appetite and tolerance that is appropriate for its business strategy and ensure that it is communicated to all levels of management.

            August 2018

          • LM-1.2.3

            The risk tolerance level must be adequately documented and articulated, preferably with a combination of qualitative and quantitative factors1 .


            1 For example, the specification of a minimum survival period under a range of sufficiently severe, but plausible, stress scenarios. Other quantitative measures may, for example, relate to controls over areas such as liquid asset holdings, maturity or currency mismatches, concentration of funding and contingent liquidity obligations, and other limits on liquidity indicators used for controlling different aspects of liquidity risk.

            August 2018

          • LM-1.2.4

            The risk tolerance must be set in a way that:

            (a) Defines clearly the level of liquidity risk that the bank is willing to assume, under normal and stressed conditions2 ;
            (b) Can be easily communicated, understood and monitored by relevant personnel of the bank involved in the liquidity risk management process; and
            (c) Reflects the bank's assessment of the sources of liquidity risk it faces, as well as the trade-off between risks and profits.

            2 For example, a bank may quantify its liquidity risk tolerance in terms of the level of unmitigated funding liquidity risk the bank decides to take under normal and stressed business conditions.

            August 2018

          • LM-1.2.5

            Banks must also constantly monitor its risk profile for adherence to the risk appetite and tolerance, ensuring that any significant changes in market circumstances or the validity of assumptions used are accounted for.

            August 2018

        • Liquidity Risk Management Structure Oversight

          • LM-1.2.6

            The Board of Directors must ensure that any authority that is delegated to the bank's ALCO to carry out some of its responsibilities for liquidity risk management is adequately executed. However, such delegation of authority does not absolve the Board and its members from their risk management responsibilities and the need to oversee the work of any such committee(s) exercising delegated authority.

            August 2018

          • LM-1.2.7

            For the ALCO, or any similar committee, to perform a liquidity risk governance function on behalf of the Board effectively, its membership should be extended to comprise personnel from the treasury function, the risk management function, the financial control function and other principal business areas that affect the bank's liquidity risk profile. It should also be supported by competent risk managers with a dedicated responsibility for liquidity risk management.

            August 2018

          • LM-1.2.8

            In the case of a local banking group with overseas operations (whether in the form of a branch or subsidiary), the Board must determine the appropriate liquidity risk management framework for overseeing all such overseas operations, taking into account the differences in their liquidity risk characteristics and the transferability of funds between them in the light of any potential legal, regulatory or operational restrictions.

            August 2018

          • LM-1.2.9

            In the case of foreign bank branches in Bahrain, the head office of the bank may, where appropriate, delegate certain tasks for liquidity risk management to the local branch management, provided that adequate oversight is exercised by the bank's Board (or a delegated risk governance function at the head office or regional level) in approving the branch policies and monitoring the branch's compliance with such policies.

            August 2018

          • LM-1.2.10

            The Board of Directors is also responsible for:

            (a) Ensuring the competence of senior management and appropriate personnel in measuring, monitoring and controlling liquidity risk in terms of expertise, systems and resources, and in taking appropriate and prompt remedial actions to address concerns when necessary;
            (b) Reviewing and approving, on an annual basis at least, the liquidity risk strategy and other significant liquidity risk management policies and procedures (e.g. contingency funding planning and liquidity stress testing framework), and ensuring that senior management translates the Board's decisions into clear guidance and operating processes (e.g. in the form of controls) for effective implementation;
            (c) Reviewing regular reports and stress testing results on the bank's liquidity positions and becoming fully aware of the bank's performance and overall liquidity risk profile; and
            (d) Understanding, supported by senior management of the bank, how other risks (e.g. credit, market, operational and reputation risks) interact with liquidity risk and affect the overall Liquidity Risk Management Strategy, ensuring that the interaction of these risks is considered and taken into account by the relevant Board-level committees and Risk Management function within the bank.
            August 2018

      • LM-1.3 LM-1.3 Responsibilities of Senior Management

        • Liquidity Risk Management, Strategies and Procedures

          • LM-1.3.1

            Senior management must be responsible for developing and implementing the bank's liquidity risk management strategy, policies and procedures, properly documented in the form of a policy statement, in accordance with the risk tolerance established by the Board. The policy statement must be approved by the Board.

            August 2018

          • LM-1.3.2

            A bank must develop its liquidity policy statement taking into account of the nature of its business activities and liquidity needs under both normal and stressed conditions. A bank's liquidity policy statement must cover, at a minimum, the following key aspects:

            (a) Liquidity risk appetite and tolerance established by the Board;
            (b) Liquidity risk management strategy, including the goals and objectives underlying the strategy; the composition and maturity of assets and liabilities; the level of diversity and stability of funding targeted by the bank; the approach to managing liquidity in different currencies, across borders, and across business lines, products and legal entities, where applicable, taking into consideration the home and host regulatory requirements in the jurisdictions in which the bank operates; the approach to intraday liquidity management; the assumptions on the liquidity and marketability of assets;
            (c) Liquidity risk management responsibilities, with clearly defined lines of authority, responsibilities and reporting structure;
            (d) Liquidity risk management systems and tools for measuring, monitoring, controlling and reporting liquidity risk, including the setting of various liquidity limits and ratios; the framework for conducting cash-flow projections and liquidity stress testing, including the techniques, scenarios and assumptions used; and the management reporting system for liquidity risk; and
            (e) Contingency funding plan, which must describe the approaches and strategies for dealing with various types of liquidity stress.
            August 2018

        • Allocation of Liquidity Costs, Benefits and Risks

          • LM-1.3.3

            Senior management must appropriately incorporate liquidity costs, benefits and risks in the internal pricing, performance measurement and new product approval processes, thereby aligning the risk-taking incentives of individual business lines with the liquidity risk tolerance established by the Board.

            August 2018

          • LM-1.3.4

            Senior management must ensure that the liquidity pricing framework involves the charging of a liquidity premium to activities that consume liquidity (e.g. granting new advances) and the assignment of a liquidity value to those that generate liquidity (e.g. obtaining new deposits), based on a predetermined mechanism for attributing liquidity costs, benefits and risks to these activities. The following considerations, at a minimum, must be factored into the framework:

            (a) The framework must reflect the level of liquidity risk inherent in a business activity;
            (b) The framework must cover all significant business activities, including those involving the creation of contingent exposures which may not immediately have a direct balance sheet impact;
            (c) The framework must incorporate the measurement and allocation process factors related to the anticipated holding periods of assets and liabilities, their market liquidity risk characteristics and any other relevant factors, including the benefits from having access to relatively stable sources of funding, such as some types of retail deposits;
            (d) The framework must take account of both contractual maturity, as well as behavioural patterns in estimating the length of tenor of any relevant asset or liability item for the determination of the liquidity value or premium to be allocated;
            (e) The framework must provide an explicit and transparent process, at the line management level for quantifying and attributing liquidity costs, benefits and risks; and
            (f) The framework must include consideration on how liquidity would be affected under stressed conditions.
            August 2018

          • LM-1.3.5

            Senior management must review periodically the liquidity pricing framework, taking into account changes in business and financial market conditions.

            August 2018

          • LM-1.3.6

            Senior management is also responsible for:

            (a) Communicating the liquidity risk management strategy, key policies and procedures, liquidity pricing framework and liquidity risk management structure to all relevant business units and personnel throughout the organisation, that conduct activities with an impact on liquidity;
            (b) Ensuring that there are close communication links between treasury, liquidity risk managers and other business and risk managers having access to critical information that affects liquidity;
            (c) Ensuring that liquidity risk managers have sufficient authority and independence from risk-taking units to discharge their function effectively;
            (d) Ensuring that adequate internal controls are executed by independent personnel with the necessary skills and competence to safeguard the integrity of the bank's liquidity risk management process;
            (e) Closely monitoring the current trends and potential market developments that may require timely changes or updates to the liquidity risk management strategy, systems and internal controls to address any significant challenges;
            (f) Defining the specific process for handling exceptions to policies and limits, including the procedures for escalation, reporting and consideration of follow-up actions;
            (g) Ensuring the effectiveness of stress tests and contingency funding plans, as well as the appropriateness of the liquidity cushion maintained; and
            (h) Informing the Board of any new and emerging liquidity concerns, through regular and ad hoc submission of risk management reports and risk analysis, in a timely manner.
            August 2018

        • Independent Reviews

          • LM-1.3.7

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: August 2018

          • LM-1.3.8

            The independent reviews of the liquidity risk management framework undertaken in accordance with Paragraphs HC-6.6.33 and HC-6.6.34, must cover the following:

            (a) The adequacy of internal systems and procedures for identifying, measuring, monitoring and mitigating liquidity risk;
            (b) The appropriateness of various internal limits on liquidity metrics for controlling liquidity risk;
            (c) The suitability of the underlying scenarios and assumptions for conducting cash flow analysis;
            (d) The integrity and usefulness of management information reports on liquidity risk; and
            (e) The adherence to established liquidity risk strategy, policies and procedures.
            Amended: January 2022
            Added: August 2018

          • LM-1.3.9

            [This Paragraph was deleted in January 2022].

            Deleted: January 2022
            Added: August 2018

    • LM-2 LM-2 Liquidity Risk Identification, Measurement, Monitoring and Control

      • LM-2.1 LM-2.1 Liquidity Metrics and Measurement Tools

        • LM-2.1.1

          A bank should have a sound process for identifying, measuring, monitoring and controlling liquidity risk. This process should include a robust framework for comprehensively projecting cash flows arising from assets, liabilities and off-balance sheet items over an appropriate set of time horizons.

          August 2018

        • LM-2.1.2

          Banks must use a range of liquidity metrics for identifying, measuring and analysing liquidity risk. These metrics must enable the management to understand its day-to-day liquidity positions and structural liquidity mismatches, as well as its resilience under stressed conditions. In particular, these metrics must perform the functions of:

          (a) Ensuring compliance with statutory liquidity requirements;
          (b) Projecting the bank's future cash flows and identifying potential funding gaps and mismatches under both normal and stressed conditions over different time horizons;
          (c) Evaluating potential liquidity risks inherent in the bank's balance sheet structure and business activities, including the liquidity risks that may arise from any embedded options and other contingent exposures or events;
          (d) Assessing the bank's capability to generate funding, as well as its vulnerability to, or concentration on, any major source of funding;
          (e) Identifying the bank's vulnerabilities to foreign currency movements; and
          (f) Identifying market related information.
          August 2018

        • LM-2.1.3

          The above must take into account all assets, liabilities, off — balance sheet ('OBS') positions and activities of the bank, across business lines, legal entities and overseas operations in a timely and effective manner.

          August 2018

        • LM-2.1.4

          Banks must use metrics and tools that are appropriate for their business mix, complexity and risk profile. In addition to liquidity coverage ratio ('LCR') and net stable funding ratio ('NSFR'), the following liquidity indicators must be monitored:

          (a) Maturity mismatch analysis, based on contractual maturities, as well as behavioural assumptions of cash inflows and outflows. Such metrics provide insight into the extent to which a bank engages in maturity transformation and identify potential funding needs that may need to be bridged;
          (b) Information on the level of concentration of funding from major counterparties (including retail and wholesale fund providers);
          (c) Major funding instruments (e.g. by issuing various types of securities);
          (d) Information on the size, composition and characteristics of unencumbered assets included in a bank's liquidity cushion for assessing the bank's potential capacity to obtain liquidity, through sale or secured borrowing, at short notice from private markets or CBB in times of stress; and
          (e) LCR in individual currencies.
          August 2018

        • LM-2.1.5

          In addition to the above, banks should adopt other metrics, as considered prudent or necessary to supplement their liquidity risk management, such as:

          (a) Medium-term funding ratio3, stable or core deposit ratio, or any similar ratio that reflects the stability of a bank's funding;
          (b) Loan-to-deposit ratio, or any similar ratio that reflects the extent to which a major category of asset is funded by a major category of funding4; and
          (c) Metrics tracking intragroup lending and borrowing.

          3 A medium-term funding ratio is a ratio of liabilities to assets, both with a contractual maturity of, say, more than 1 year. This ratio focuses on the medium-term liquidity profile of a bank and is intended to highlight the extent to which medium-term assets are being financed by the roll-over of short-term liabilities.

          4 A bank, depending on its business profile, may decide to adopt different breakdowns of the loan-to-deposit ratio such as, by way of example, loan-to-retail customers/retail customer deposits; loan to corporate customers/corporate customer deposits; loan/retail (or corporate) customer deposits. To complement the analysis provided by these indicators, the bank may consider assessing other funding risk indicators such as customer deposits/total liabilities or deposits from credit institutions/total liabilities to provide a notion of the bank's funding profile and take a closer look at the share of wholesale funding. Depending on its foreign activities and the related relevance, the bank may decide to assess the share of deposits in non-domestic markets.

          August 2018

        • LM-2.1.6

          Banks must regularly analyse information or trends revealed from liquidity metrics (e.g. a persistent decline in stable deposits) to identify any material liquidity concerns.

          August 2018

      • LM-2.2 LM-2.2 Risk Control Limits

        • LM-2.2.1

          Banks must, where appropriate, set limits for the liquidity metrics they employ in monitoring and controlling their liquidity risk exposures. The limits set must be relevant to a bank's business activities and consistent with its liquidity risk tolerance.

          August 2018

        • LM-2.2.2

          The limits must be used for managing day-to-day liquidity within and across business lines and entities. A typical example is the setting of maturity mismatch limits over different time horizons in order to ensure that a bank can continue to operate in a period of market stress.

          August 2018

        • LM-2.2.3

          Banks must ensure compliance with the established limits, and define the procedures for escalation and reporting of exceptions or breaches which can be early indicators of excessive risk or inadequate liquidity risk management. The limits set, and the corresponding escalation and reporting procedures, must be regularly reviewed.

          August 2018

        • LM-2.2.4

          Banks must consider setting stricter internal limits on intrabank funding denominated in foreign currencies where the convertibility and transferability of such funding is not certain, particularly in stressed situations.

          August 2018

      • LM-2.3 LM-2.3 Early Warning Indicators

        • LM-2.3.1

          To complement liquidity metrics, banks must adopt a set of indicators that are more readily available, either internally or from the market, to help in identifying at an early stage emerging risks in their liquidity risk positions or potential funding needs, so that management review and where necessary, mitigating measures can be undertaken promptly.

          August 2018

        • LM-2.3.2

          Such early warning indicators can be qualitative or quantitative in nature and may include, but are not limited to, the following:

          (a) Rapid asset growth, especially when funded with potentially volatile liabilities;
          (b) Growing concentrations on certain assets or liabilities or funding sources;
          (c) Increasing currency mismatches;
          (d) Increasing overall funding costs;
          (e) Worsening cash-flow or structural liquidity positions as evidenced by widening negative maturity mismatches, especially in the short-term time bands (e.g. up to 1 month);
          (f) A decrease in weighted average maturity of liabilities;
          (g) Repeated incidents of positions approaching or breaching internal or regulatory limits;
          (h) Negative trends or heightened risk, such as rising delinquencies or losses, associated with a particular business, product or activity;
          (i) Significant deterioration in earnings, asset quality, and overall financial condition;
          (j) Negative publicity;
          (k) A credit rating downgrade;
          (l) Stock price declines;
          (m) Widening spreads on credit default swaps or senior and subordinated debt;
          (n) Counterparties beginning to request additional collateral for credit exposures or to resist entering into new transactions to provide unsecured or longer dated funding;
          (o) Reduction in available credit lines from correspondent banks;
          (p) Increasing trends of retail deposit withdrawals;
          (q) Increasing redemptions of certificates of deposit before maturity; and
          (r) Difficulty in accessing longer-term funding or placing short-term liabilities (e.g. commercial paper).
          August 2018

      • LM-2.4 LM-2.4 Management Information Systems

        • LM-2.4.1

          A bank must have reliable management information systems ('MIS') that provide the Board, senior management and other appropriate personnel with timely and forward-looking information on its liquidity positions. The MIS must be appropriate for the purpose of supporting the bank's day-to-day liquidity risk management and continuous monitoring of compliance with established policies, procedures and limits. The MIS reports must be capable of supporting the Board and senior management in identifying emerging concerns on liquidity, as well as in managing liquidity stress events.

          August 2018

        • LM-2.4.2

          A bank's MIS must encompass information in respect of the bank's liquidity cushion, major sources of funding and all significant sources of liquidity risk, including contingent risks and the related triggers and those arising from new activities. Moreover, a bank's MIS must have the ability to calculate risk measures to monitor liquidity positions:

          (a) In all currencies, both individually and on an aggregate basis;
          (b) Under normal business conditions and during stress events, with the ability to deliver more granular and time-sensitive information for the latter;
          (c) For different time horizons (e.g. on an intraday basis, on a day-today basis for shorter time horizons (of, say, 5 to 7 days ahead), and over a series of more distant time periods thereafter); and
          (d) At appropriate intervals (in times of stress, the MIS reports must be capable of being produced at more frequent intervals such as daily, or even intraday if necessary).
          August 2018

        • LM-2.4.3

          To facilitate liquidity risk monitoring, there must be reporting criteria specifying the scope, manner and frequency of reporting liquidity information for various recipients (e.g. daily/weekly & monthly for those responsible for managing liquidity risk, and at each meeting convened by the Board or its relevant delegated committee(s) during normal times, with increased reporting frequency in times of stress) and the parties responsible for preparing the reports.

          August 2018

        • LM-2.4.4

          In particular, the reporting must compare current liquidity exposures to established limits (both for internal liquidity risk management and statutory compliance purposes) to identify any limit breaches. Breaches in liquidity risk limits must be reported to the appropriate level of management. Thresholds and reporting guidelines must be specified for escalation of the reporting of breaches to higher levels of management and the Board.

          August 2018

      • LM-2.5 LM-2.5 Cash-flow Approach to Managing Liquidity Risk

        • LM-2.5.1

          Banks must adopt a cash-flow approach to managing liquidity risk, under which they must have in place a robust framework for projecting comprehensively future cash flows arising from assets, liabilities and OBS items over an appropriate set of time horizons. The framework must be used for:

          (a) monitoring on a daily basis their net funding gaps under normal business conditions; and
          (b) Conducting regular cash-flow analysis based on a range of stress scenarios.
          August 2018

        • LM-2.5.2

          Unless otherwise specified, the cash-flow management requirements in this chapter apply generally to banks under both normal and stressed situations.

          August 2018

        • Scope, Coverage and Frequency of Cash-flow Projection

          • LM-2.5.3

            Cash-flow projections involve the estimation of a bank's cash inflows against its outflows and the liquidity value of its assets to identify the potential for future net funding shortfalls. The projections must be forward-looking and based on reasonable assumptions and techniques, covering liquidity risks stemming from:

            (a) On-balance sheet assets and liabilities;
            (b) OBS positions and derivative transactions (including sources of contingent liquidity demand and related triggering events associated with such positions);
            (c) Special Purpose Vehicles; a bank must have a detailed understanding of its contingent liquidity risk exposure and event triggers arising from any contractual and non-contractual relationships with special purpose vehicles; and
            (d) Core business lines and activities (for example, correspondent, custodian and settlement activities).
            August 2018

          • LM-2.5.4

            Cash-flow projections must address a variety of factors over different time horizons, including:

            (a) Vulnerabilities to changes in liquidity needs and funding capacity on an intraday basis;
            (b) Day-to-day liquidity needs in, say, 5 to 7 days ahead;
            (c) Funding capacity over short and medium-term horizons (e.g. 14 day, 1, 2, 3, 6 and 9 months) of up to 1 year;
            (d) Longer-term liquidity needs over 1, 2, 3, 4 and beyond 5 years; and
            (e) Vulnerabilities to events, activities and strategies that can put a significant strain on a bank's capacity for generating liquidity.
            August 2018

          • LM-2.5.5

            Cash-flow projections must cover positions in Bahraini Dinar (BHD/USD), where appropriate and in all significant currencies in aggregate. Separate cash-flow projections must also be performed for individual foreign currencies in which a bank has significant positions. Please refer to LM-3: Foreign currency liquidity management for the identification of significant positions in other currencies.

            August 2018

        • Net Funding Gaps

          • LM-2.5.6

            In order to meet their obligations as they fall due and thereby stay in business, banks need to ensure:

            (a) Positive cash-flow position is maintained; or
            (b) Sufficient cash can be generated from their assets; or
            (c) Adequate funding sources to cover their funding gaps promptly.
            August 2018

          • LM-2.5.7

            Net funding gaps can be assessed through the construction of a maturity profile, supplemented where relevant with additional analysis of the funding capacity of specific on- or off-balance sheet items.

            August 2018

          • LM-2.5.8

            A bank's maturity profile should encompass adequate time bands so that the bank can monitor its liquidity needs for various time horizons. It is generally expected to have daily time bands in the very short term (say for a period of 5 to 7 days ahead), which may be followed by wider and less granular time bands for other periods.

            August 2018

          • LM-2.5.9

            Banks must set internal limits to control the size of their cumulative net mismatch positions (i.e. where cumulative cash inflows are exceeded by cumulative cash outflows), at least for the shorter-term time bands (e.g. next day, 5 to 7 days ahead, 14 days, 1, 2, 3, 6 and 9 months). Such limits must be in line with the established liquidity risk tolerance, and must take into account the potential impact of adverse market conditions on the bank's funding capacity. Maturity mismatch limits must also be imposed for individual foreign currencies in which a bank has significant positions.

            August 2018

          • LM-2.5.10

            The maturity mismatch limits must be properly documented in the Liquidity Risk Management Policy statement. Banks must regularly review the suitability of such limits.

            August 2018

        • Cash Flow Projection Assumptions and Techniques

          • LM-2.5.11

            While certain cash flows can be projected based on contractual maturities, some may need to be estimated based on certain assumptions. In these circumstances, banks should make realistic assumptions (with a reasonable degree of prudence) to reflect the characteristics of their businesses and products, as well as economic and market conditions. For example, banks may take into account the following factors in setting the assumptions for cash flow projection:

            (a) Expected future growth or contractions in the balance sheet;
            (b) The proportion of maturing assets and liabilities that banks reasonably expect to roll-over or renew;
            (c) The quality and proportion of liquid assets or other marketable securities that can be used as collateral to obtain secured funding;
            (d) The behaviour of assets and liabilities with no clearly specified maturity dates, such as repayment of overdrafts and demand deposits as well as sticky deposits;
            (e) The potential cash flows arising from off-balance sheet activities, e.g., drawdown under loan commitments and contingent liabilities (including all potential draws from contractual or non-contractual commitments);
            (f) The behaviour of cash flows under different service delivery channels (e.g. branches vs e-banking channels);
            (g) The convertibility of foreign currencies;
            (h) The lead time required for the monetization of marketable debt securities; and
            (i) Access to wholesale markets, standby facilities and intragroup funding.
            August 2018

          • LM-2.5.12

            Techniques employed by banks for designing cash flow assumptions must be commensurate with the nature and complexity of their business activities.

            August 2018

          • LM-2.5.13

            In deriving behavioural cash flow assumptions, banks may analyse historical observations on cash flow patterns. While there is no standard methodology for making such assumptions, it is important that the assumptions used are consistent and reasonable and they should be supported by sufficient historical or empirical evidence.

            August 2018

          • LM-2.5.14

            Banks must document in their liquidity risk management policy statement, the underlying assumptions used for estimating cash flow projections and the rationale behind them. The assumptions and their justifications must be approved, and subject to regular review, by the ALCO to take account of available statistical evidence and changing business environment.

            August 2018

    • LM-3 LM-3 Foreign Currency Liquidity Management

      • LM-3.1 LM-3.1 Foreign Currency Liquidity Management

        • LM-3.1.1

          A currency must be considered 'significant' if the aggregate liabilities of the bank (both on and off-balance sheet) denominated in that currency, amount to 5 percent or more of its total liabilities (both on and off-balance sheet).

          August 2018

        • LM-3.1.2

          Banks must formulate, and review regularly, strategies and policies for the management of liquidity risks with respect to BHD/USD, if relevant, and each significant foreign currency respectively, taking into account the potential market conditions and potential constraints in times of stress. If a bank has assets or liabilities denominated in a significant foreign currency, and that currency is not freely convertible, more prudent management of liquidity risk must be adopted, such as more conservative limits on funding gaps in respect of that currency vis-à-vis other currencies, as liquidity may not be easily transferred into or out of that currency, particularly in times of stress.

          August 2018

        • LM-3.1.3

          Banks must assess their foreign currency liquidity funding gaps under both normal and stressed conditions, and control currency mismatches within acceptable levels.

          August 2018

        • LM-3.1.4

          As with the management of its overall maturity mismatch position, a bank must set, and regularly review, internal limits to control the size of cumulative net maturity mismatches arising from assets and liabilities denominated in significant foreign currencies.

          August 2018

        • LM-3.1.5

          Such limits must cover the bank's maturity mismatch position in BHD, if relevant, and each significant foreign currency over various specific time-bands (e.g. next day, 5 to 7 days ahead, 14 days, 1, 2, 3, 6, 9 months and 1, 2, 3, 5 and beyond 5 years).

          August 2018

    • LM-4 LM-4 Funding Diversification and Market Access

      • LM-4.1 LM-4.1 Overview

        • LM-4.1.1

          To ensure a reliable supply of funds, both in normal times and during stressed conditions, banks must, to the most practicable extent, maintain a range of diversified and stable funding sources (including liquid assets held) to meet liquidity needs for various time horizons, supported by their ready access to the relevant markets. Banks must also take appropriate measures to foster relationships with fund providers and strengthen their presence in funding markets.

          August 2018

      • LM-4.2 LM-4.2 Funding Diversification

        • LM-4.2.1

          Banks must establish an effective funding strategy to achieve sufficient diversification, both of their funding sources and in the composition of their liquid assets. A bank's funding strategy must consider correlations between sources of funds and market conditions.

          August 2018

        • LM-4.2.2

          Banks must put in place concentration limits on liquid assets and funding sources, as appropriate, with reference to such characteristics as the type of asset, product, market or instrument; nature of issuer, counterparty or fund provider; maturity; currency; geographical location and economic sector.

          August 2018

        • LM-4.2.3

          Banks must maintain an appropriate mix of liquid assets (including the type and quality of assets, and level of such holdings) as a source of liquidity for day-to-day operational needs (e.g. for settlement and clearing purposes), as well as for meeting emergency funding needs.

          August 2018

        • Other Funding Sources

          • LM-4.2.4

            Banks must assess their exposure to significant funding providers (or depositors) on an ongoing basis. For this purpose, banks must have in place, as part of their MIS, regular reports on the funding received from significant funding providers to facilitate monitoring. Such reports must consolidate all funding that a bank obtains from each significant funding provider (including a group of related funding providers which, when aggregated, amount to a significant funding provider). The historical amount of funds provided by these funding providers, e.g. in terms of the maximum, minimum and average balances over the previous 12 months, must also be monitored. Trigger ratios must be established to identify any funding concentration for management review. In the case of a retail bank, a funding concentration may exist if a significant percentage of its total deposit base is from a limited number of the top-ranking depositors or a single depositor (or group of related depositors). Banks must consider appropriate actions to diversify the deposit base.

            August 2018

          • LM-4.2.5

            Banks must avoid any potential concentration in their reliance on particular funding markets and sources. Banks must take into account the following major factors in assessing the degree of funding concentration:

            (a) The maturity profile and credit-sensitivity of the liabilities;
            (b) The mix of secured funding and unsecured funding;
            (c) The extent of reliance on a single fund provider or a group of related fund providers; particular markets, instruments or products (e.g. interbank borrowing, retail versus wholesale deposits, and repo agreements and swaps); and intragroup funding;
            (d) Geographical location, industry or economic sector of fund providers; and
            (e) The currency of funding sources.
            August 2018

          • LM-4.2.6

            Banks with a large deposit base must, in particular, conduct more granular analysis on the stability of different types of deposits taking into account the relevant contractual and behavioural characteristics of such deposits (e.g. in terms of deposit insurance coverage, currency denomination, nature of depositors, such as retail, wholesale or private banking customers, etc.). They must monitor the trends and levels of their stable deposits regularly.

            August 2018

          • LM-4.2.7

            Banks must identify alternative sources of funding (e.g. intragroup funding, new debt issues, asset sales, etc.) that may be used to generate liquidity in case of need, and review the effectiveness of using such sources in different situations. However, they must be aware that not all fund-raising options are available in all circumstances and some may be available only with a substantial time delay.

            August 2018

      • LM-4.3 LM-4.3 Market Access

        • Market Presence

          • LM-4.3.1

            Banks must maintain an active presence in markets relevant to their funding strategy. This requires an ongoing commitment and investment in adequate and appropriate infrastructures, processes and information systems. To ensure their access to funding markets in a timely manner, banks must periodically utilise the established systems, documentation and arrangements for accessing those markets to confirm whether willing counterparties are readily available.

            August 2018

          • LM-4.3.2

            The ability to obtain funds in the interbank market is an important source of liquidity for banks. Banks should be in a position to estimate their 'normal' borrowing capacity, based on past experience, and aim to limit their wholesale funding needs for both local and foreign currencies.

            August 2018

        • Relationship with Market Providers

          • LM-4.3.3

            Banks must identify and build strong relationships with funding providers. In particular, banks must maintain a solid and close relationship with its 25 largest depositors on an ongoing basis, to ensure that the bank has the ability to obtain funds in case of need (e.g. during events of stress), to prevent and/or limit a bank run-off and to safeguard its major sources of funding. Nevertheless, banks must take a prudent view of how such relationships may be strained in times of stress. In the formulation of stress scenarios and contingency funding plans, banks must take into account possible situations where funding sources, including its 10 largest depositors, may dry up and markets may close, and where market perceptions of a bank's financial position may change.

            August 2018

    • LM-5 LM-5 Maintenance of Liquidity Cushion

      • LM-5.1 LM-5.1 Overview

        • LM-5.1.1

          Banks must maintain an adequate cushion of unencumbered liquid assets that can be readily sold or used as collateral in private markets by a bank to obtain funds to meet the liquidity needs at all times, even in periods of severe idiosyncratic and market stress.

          August 2018

        • LM-5.1.2

          The size of the liquidity cushion should reflect a bank's established risk tolerance, and should be sufficient to meet the bank's liquidity needs in the initial phase of liquidity stress, which is most critical to the bank's survival, taking into account the monetization or borrowing values of the assets included in the cushion under the relevant stressed conditions.

          August 2018

        • LM-5.1.3

          The liquidity cushion should be sized to enable a bank to continue to meet its daily payment and settlement obligations on a timely basis for the period of stress. In doing so, the bank should take into account other available tools and resources to manage intraday liquidity risks.

          August 2018

        • LM-5.1.4

          In addition, the liquidity cushion must at least be sufficient to enable a bank to reach its regulatory LCR.

          August 2018

      • LM-5.2 LM-5.2 Composition of Liquidity Cushion

        • LM-5.2.1

          The liquidity cushion must be largely made up of high quality liquid assets (the most liquid, unencumbered and readily marketable assets such as cash, other high quality government debt securities, etc.) or similar instruments, that can be easily or immediately monetised with little or no loss or discount at all times, irrespective of the bank's own condition.

          August 2018

        • LM-5.2.2

          To cater for any extension or deterioration of any stress situation, a bank may widen the composition of its liquidity cushion by holding other liquid and marketable assets which can be used to cater for the longer end of the stress period (e.g. 1 month or beyond) without resulting in excessive losses or discounts.

          August 2018

        • LM-5.2.3

          A bank must document its policies and criteria for defining the liquid assets to be included in its liquidity cushion and distinguishing their relative levels of quality in terms of their ability to generate liquidity swiftly, with little loss or discount. MIS reports must be in place to facilitate continuous management of a bank's liquidity cushion.

          August 2018

    • LM-6 LM-6 Intragroup Liquidity Management

      • LM-6.1 LM-6.1 Overview

        • LM-6.1.1

          Where a bank is part of a banking group (local or foreign), the bank must be able to monitor and control liquidity risks arising from intragroup transactions (including cross-border transactions where applicable) with other legal entities in the group, taking into account any legal, regulatory, operational or other constraints on the transferability of liquidity and collateral to and from those entities.

          August 2018

        • LM-6.1.2

          In managing intragroup liquidity risks, banks should understand how their liquidity positions may be affected by liquidity problems faced by other group entities.

          August 2018

      • LM-6.2 LM-6.2 Treatment of Intragroup Transactions

        • LM-6.2.1

          Banks must specify in their liquidity risk management strategy the treatment of intragroup liquidity, and assumptions on intragroup dependencies for the purposes of making cash flow projections.

          August 2018

        • LM-6.2.2

          In assessing funding needs (especially under stressed situations), banks should account for any funding or liquidity commitment provided to group entities (e.g. in the form of explicit guarantees or funding lines to be drawn in times of need) and prepare for any withdrawal of funding provided by group entities. Banks should also analyse how the liquidity positions of group entities may affect their own liquidity, either through direct financial impact or through contagion when those entities encounter liquidity strain. Where there is reliance on funding support from group entities, banks should take steps to identify the existence of and take into account any legal, regulatory or other limitations that may restrict their access to liquidity from those entities in case of need.

          August 2018

        • LM-6.2.3

          A bank that has entered into 'back-to-back' transactions5 with its group entities must exclude such transactions from cash flow or liquidity calculations, as such transactions usually involve no actual movement of funds and, as such, cannot effectively improve the bank's liquidity.


          5 These transactions refer to interoffice or intragroup transactions which typically involve two legs, one borrowing long (say, with maturity of more than 1 month) and the other lending short (say, with maturity of 1 month or less). Both legs are for the same or similar amount and at the same or similar rate of interest, and are, in most cases, rolled forward continuously.

          August 2018

      • LM-6.3 LM-6.3 Intragroup Liquidity Limits

        • LM-6.3.1

          Banks must establish internal limits on intragroup liquidity risk to mitigate the risk of contagion from other group entities when those entities are under liquidity stress. Moreover, banks must consider setting stricter internal limits on intragroup funding denominated in foreign currencies where the convertibility and transferability of such funding is not certain, particularly in stressed situations.

          August 2018

      • LM-6.4 LM-6.4 Constraints on Intragroup Liquidity Transfers

        • LM-6.4.1

          Banks should understand potential constraints that may affect intragroup liquidity movements, and specify their assumptions regarding the transferability of funds and collateral in liquidity risk management policies. These assumptions should fully consider regulatory, legal, accounting, credit, tax and internal constraints on the effective movement of liquidity and collateral.

          August 2018

        • LM-6.4.2

          Banks should also consider the operational arrangements needed to transfer funds and collateral across entities and the time required to complete such transfers under these arrangements.

          August 2018

    • LM-7 LM-7 Intraday Liquidity Risk Management

      • LM-7.1 LM-7.1 Overview

        • LM-7.1.1

          Intraday liquidity risk management is an important component of a bank's broader liquidity risk management strategy. Banks must actively manage their intraday liquidity positions and risks to meet payment and settlement obligations on a timely basis under both normal and stressed conditions, and, as such, contribute to the smooth functioning of payment and settlement systems.

          August 2018

        • LM-7.1.2

          Aside from direct participation in payment and settlement systems, banks may incur intraday liquidity risk through their provision of correspondent and custodian banking services. Where a bank relies on other correspondent or custodian banks to conduct payment and settlement activities, operational or financial disruptions at those banks will also affect the bank's own liquidity position and should have alternate arrangements in place to ensure it is able to meet its obligations.

          August 2018

        • LM-7.1.3

          A primary objective in intraday liquidity risk management is for banks to identify, prioritise and meet time-specific and other critical obligations when they become due, and to settle other, less critical obligations as soon as possible. In satisfying this objective, banks must be aware of, and be able to address, various challenges associated with intraday liquidity risk management.

          August 2018

        • LM-7.1.4

          A key challenge in intraday liquidity risk management lies in the uncertainty in both the amount and timing of a bank's gross cash inflows and outflows during the day, in part because such cash flows may reflect the activities of its customers or counterparties which are beyond the bank's control, especially where the bank provides correspondent or custodian services. Moreover, the timing of the cash flows may be dictated by the rules governing payment and settlement systems (e.g. payment obligations may be due by specific times during the day). Because a bank's daily gross cash outflows can often far exceed the bank's gross cash inflows at different points of time during a day, or its net overnight balances even under normal circumstances, differences in the timing of its inflows and outflows could result in significant intraday liquidity shortfalls. These shortfalls may necessitate the bank borrowing funds on an intraday basis, prioritizing its outflows to meet critical payments, or borrowing additional overnight funds (if certain expected cash inflows are not received before the end of the working day).

          August 2018

      • LM-7.2 LM-7.2 Risk Management Controls

        • LM-7.2.1

          Banks must have effective policies, procedures, systems and controls for managing their intraday liquidity risks in all of the financial markets and currencies in which they have significant payment and settlement activities. Such systems and controls must, among other things, ensure a bank's capacity, to:

          (a) Measure expected daily gross cash inflows and outflows, anticipate the intraday timing of these cash flows where possible, and, as such, forecast the range of potential net funding shortfalls at different time points during the day;
          (b) Monitor intraday liquidity positions against expected activities and available resources (including liquidity balances, remaining intraday credit capacity, and available collateral) and prioritise payments, if necessary; and
          (c) Manage intraday liquidity positions so that there is always sufficient intraday funding to meet the bank's intraday liquidity needs.
          (d) Manage and mobilise collateral as necessary to obtain intraday funds. A bank must have sufficient collateral available to acquire the level of intraday liquidity needed to meet its intraday objectives.
          (e) Manage the timing of its liquidity outflows in line with its intraday objectives. A bank must have the ability to manage the payment outflows of key customers and, if customers are provided with intraday credit that credit procedures must be capable of supporting timely decisions.
          (f) Manage unexpected disruptions to its intraday liquidity flows. A bank's stress testing and contingency funding plans must reflect intraday considerations. A bank also must understand the level and timing of liquidity needs that may arise as a result of the failure-to settle procedures of payment and settlement systems in which it is a direct participant. Robust operational risk management and business continuity arrangements are also critical to the effectiveness of a bank's intraday liquidity management.
          August 2018

        • LM-7.2.2

          Intraday liquidity risk management demands cooperation between the front and back offices, as it typically requires close monitoring of expected payments and direct contacts with customers, where necessary, to quickly verify the reasons for delayed payments. A clear assignment of tasks and responsibilities to personnel involved is, therefore, important, particularly as time-critical decisions need to be made, for instance, to meet the settlement cut-off times.

          August 2018

        • LM-7.2.3

          The tools and resources applied by a bank in managing intraday liquidity risks must be tailored to the bank's business model and role in the financial system. This relates to, for example, whether the bank participates in a payment or settlement system directly or through correspondent or custodian banks, and whether it provides correspondent or custodian services and intraday credit facilities to other banks, firms or systems. If a bank relies heavily on secured funding markets, the bank must have adequate systems and procedures in place to monitor positions in securities settlement systems.

          August 2018

    • LM-8 LM-8 Collateral management

      • LM-8.1 LM-8.1 Overview

        • LM-8.1.1

          The ready availability of assets that banks can use as collateral to obtain funding by means of secured borrowing (e.g. repo) mitigates liquidity risk. Therefore, banks must allocate sufficient resources to ensure efficient and effective management of collateral in their liquidity risk management process.

          August 2018

        • LM-8.1.2

          Collateral management must aim at optimising the allocation of collateral available for different operational needs, across products, business units, locations and currencies. It must be based on a prioritisation of needs and an awareness of the opportunity cost of its use, in both normal and stressed times.

          August 2018

      • LM-8.2 LM-8.2 Management of Collateral Positions

        • LM-8.2.1

          Banks must have the ability to calculate all of their collateral positions, including assets currently deployed for use as collateral relative to amount of collateral required, and unencumbered assets available to be used as collateral.

          August 2018

        • LM-8.2.2

          Bank's level of available collateral must be monitored by legal entity, jurisdiction and currency exposure. Banks must be able to track precisely the legal entity and the physical location (i.e. the custodian or securities settlement system) at which each of the assets is held, and monitor how such assets may be mobilised in a timely manner in case of need.

          August 2018

        • LM-8.2.3

          Banks must have sufficient collateral to meet expected, and accommodate unexpected borrowing needs, as well as potential increases in margin requirements for pledged assets over different timeframes, including intraday, short-term and longer-term structural liquidity requirements, and have adequate systems for monitoring the shifts between intraday, overnight and term collateral usage. In determining the required collateral to be allocated for intraday liquidity needs, banks must consider the potential for significant uncertainty around the timing of payment flows during the day, as well as the potential for operational and liquidity disruptions that could necessitate the pledging or delivery of additional intraday collateral.

          August 2018

        • LM-8.2.4

          Banks must assess the eligibility of each major asset class for pledging as collateral with relevant central banks (for intraday, overnight and term credit or secured borrowing under standing facilities, as the case may be), as well as the acceptability of assets to major counterparties and fund providers in secured funding markets. They must also ensure that there is proper legal documentation for each asset class to be effectively pledged for liquidity.

          August 2018

        • LM-8.2.5

          Banks must diversify their sources of collateral to avoid excessive concentration on any particular funding provider or market, taking into consideration capacity constraints, sensitivity of prices, haircuts and collateral requirements under conditions of institution-specific and market-wide stress, and the availability of funds from private sector counterparties in various market stress scenarios.

          August 2018

      • LM-8.3 LM-8.3 Operational Issues

        • LM-8.3.1

          Banks must address various operational issues relating to the use of collateral for obtaining liquidity. These include, but are not limited to:

          a) Awareness of the operational and timing requirements associated with accessing the collateral given its physical location;
          b) Understanding the liquidity risks associated with different types of payment and settlement systems (e.g. 'net' systems versus 'gross' systems) and their implications for collateral management; and
          c) Taking into account the implications of obligations embedded in the contractual terms of certain transactions which, when triggered, may reduce the availability of collateral for liquidity risk management. These refer to, for example, margin requirements and triggering events that require a bank to: 1) provide additional collateral as a result of changes in the market valuation of the transactions or in the bank's credit rating or financial position (in the case of derivative transactions), or; 2) hypothecate or deliver additional assets to the pool of underlying assets when the embedded triggering events occur (in the case of securitisation transactions).
          August 2018

        • LM-8.3.2

          Banks must test on a regular basis, and at least annually, the ability to use its source of collateral in repo operations, to ensure its capability of using the securities to obtain the required liquidity, if needed, and assess the market appetite for a particular security, including the related haircut applied to put the operation in place. Banks must also ensure that there are no operational issues that could have an impact on the timing and the feasibility of the operation (e.g. limits to the transferability of the security, in case this is held in a local and foreign branch portfolio).

          August 2018

        • LM-8.3.3

          For collateralised borrowing, banks must maintain all documentation related to the agreement with the counterparties.

          August 2018

    • LM-9 LM-9 Stress Testing and Scenario Analysis

      • LM-9.1 LM-9.1 Overview

        • LM-9.1.1

          In addition to conducting cash flow projections to monitor its liquidity positions under normal business conditions, a bank must regularly perform stress tests based on sufficiently severe but plausible scenarios to identify potential sources of liquidity strain under stressed conditions.

          August 2018

        • LM-9.1.2

          Banks must conduct stress tests based on sufficiently severe, but plausible scenarios and assumptions that are commensurate with the bank's business nature, size and complexity. The stress testing scenarios and assumptions adopted by a bank must reflect the current market conditions and address the bank's actual experiences in stressed situations. Such scenarios and assumptions must be reviewed regularly by the senior management, with any major changes endorsed by the bank's Board or its relevant delegated committee(s). The active involvement of senior management is vital to the stress testing process. During their regular reviews, senior management must consistently require consideration of sufficiently severe stress scenarios.

          August 2018

        • LM-9.1.3

          Stress tests must enable a bank to analyse the impact of stress scenarios on its consolidated group-wide liquidity position, as well as on the liquidity position of individual entities and business lines in order to understand where risks could arise. For the purposes of consolidated liquidity positions, the licensees may use a proportionate or component approach.

          August 2018

        • LM-9.1.4

          Stress tests must be performed for all significant currencies in aggregate and, separately, for positions in BHD or USD in wholesale banks functioning on the basis of a US Dollar based operating model, if relevant, and individual foreign currencies in which banks have significant positions.

          August 2018

        • LM-9.1.5

          The design and frequency of stress testing must be commensurate with the size and complexity of a bank and its liquidity risk exposures.

          August 2018

        • LM-9.1.6

          When conducting stress tests on their liquidity position, banks must also consider the insights and results of stress tests performed for other risks, including possible interaction with these other risks.

          August 2018

      • LM-9.2 LM-9.2 Scenarios and Assumptions

        • LM-9.2.1

          It is important for banks to construct sufficiently severe, but plausible stress scenarios and examine the resultant cash flow needs. While banks should aim to cover different stress events and levels of adversity, they must, at a minimum, include the following types of scenarios in their stress testing exercise:

          (a) An institution-specific stress scenario;
          (b) A general market stress scenario; and
          (c) A combination of both, including possible interaction with other risks.
          August 2018

        • LM-9.2.2

          A bank will need to assign the timing of cash flows for each type of asset and liability, as well as off-balance sheet and contingent items, by assessing the probability of the behaviour of those cash flows under the scenario being examined. The timing of cash inflows and outflows on the maturity ladder can vary among scenarios and the assumptions may differ quite sharply. In estimating liquidity needs, both contractual and non-contractual cash flows should be considered.

          August 2018

        • LM-9.2.3

          In designing stress scenarios, a bank must take into account, specific risks associated with its business activities, products or funding sources. These include, for example, heavy reliance on specific funding markets or significant exposures to complex financial instruments. The stress scenarios must be able to evaluate the potential adverse impact of these factors on the bank's liquidity position.

          August 2018

        • LM-9.2.4

          A bank should take a reasonably conservative approach when setting stress assumptions. There are a number of possible areas that the assumptions should cover. For illustrative purposes, these areas include, but are not limited to, the following:

          (a) The run-off for retail funding;
          (b) Asset market illiquidity and erosion in the value of liquid assets;
          (c) The loss or impairment of secured and unsecured wholesale funding sources;
          (d) The correlation between funding markets and effectiveness of diversification across available sources of funding;
          (e) The availability of contingent lines extended to the banks;
          (f) The availability of funding in different tenors;
          (g) Contingent claims, including potential draws on committed lines extended to third parties or the bank's connected parties (such as its overseas branches, associated entities in its consolidated group, controller or head office);
          (h) Liquidity drains associated with contractual obligations or non-contractual obligations involving off-balance sheet vehicles and activities, as well as complex products or transactions;
          (i) Additional margin calls and collateral requirements (e.g. in derivative or other contracts with embedded trigger clauses);
          (j) Estimates of future balance sheet growth;
          (k) Currency convertibility and access to foreign exchange markets;
          (l) The transferability of liquidity across entities, sectors and jurisdictions, taking into account legal, regulatory, operational and time zone restrictions and constraints;
          (m) Access to the payment and settlement systems which are imperative to a bank.
          (n) The impact of credit rating triggers;
          (o) The access to central bank facilities;
          (p) The operational ability of the bank to monetise assets; and
          (q) The bank's remedial actions and the availability of the necessary documentation and operational expertise and experience to execute them, taking into account the potential reputational impact when executing these actions.
          August 2018

        • LM-9.2.5

          All stress scenarios and their underlying assumptions must be properly defined and documented in the bank's Liquidity Risk Management Policy statement.

          August 2018

        • Institution-specific Stress Scenarios

          • LM-9.2.6

            An institution-specific stress scenario must cover situations that could arise from a bank experiencing either real or perceived problems (e.g. asset quality problems, solvency concerns, credit rating downgrade, rumours relating to the bank's credibility or management fraud, etc.) which affect public confidence in the bank and its firm-wide or group-wide operations. It must represent the bank's view of the behaviour of its cash flows in a sufficiently severe stress scenario. A key assumption is that many of the bank's liabilities cannot be rolled-over or replaced, resulting in the need to utilise its liquidity cushion.

            August 2018

          • LM-9.2.7

            This scenario will likely entail an acute deposit run. Such a scenario would typically include the following characteristics:

            (a) Significant daily run-off rates for deposits particularly at the initial stage of the stress scenario, with increasing requests from customers to redeem their time deposits before maturity;
            (b) Interbank deposits repaid at maturity;
            (c) No new unsecured or secured funding obtainable from the market; and
            (d) Forced sale of marketable securities at discounted prices.
            August 2018

        • General Market Stress Scenarios

          • LM-9.2.8

            A general market stress scenario is one where liquidity, at a large number of financial institutions in one or more markets, is affected. Characteristics of this scenario may include:

            (a) A market-wide liquidity squeeze, with severe contraction in the availability of secured and unsecured funding sources, and a simultaneous drying up of market liquidity in some previously high liquidity markets;
            (b) Substantial discounts needed to sell or repo assets and wide differences in funding access among banks, due to the occurrence of a severe tearing of their perceived credit quality (i.e. flight to quality);
            (c) Restrictions on currency convertibility; and
            (d) Severe operational or settlement disruptions affecting one or more payment or settlement systems.
            August 2018

        • Combined Stress Scenarios

          • LM-9.2.9

            Banks must incorporate a stress scenario into their stress test framework that has the key characteristics of both an institution-specific stress scenario and a general market stress scenario combined ('combined stress scenario'), with appropriate modulations of the underlying assumptions, as necessary, to reflect a set of adverse circumstances that could plausibly happen.

            August 2018

          • LM-9.2.10

            The following are some relevant factors that could be considered in formulating a bank's 'combined stress scenario':

            (a) As a greater number of financial institutions in the market will be affected under a combined stress scenario, this may change the way in which some institution-specific stress elements are to be structured. For example, instead of a quick but severe bank run, there may be a less acute, but more persistent and protracted run-off of customer deposits; and
            (b) Even lower realizable values of assets may result as the bank concerned seeks to sell or repo large quantities of assets when the relevant asset markets become less liquid and market participants are generally in need of liquidity.
            August 2018

        • Minimum Stress Period

          • LM-9.2.11

            Banks must assume the minimum stress period for an institution-specific stress scenario to last for no less than 5 working days, and that for a general market stress scenario and a combined stress scenario to last for no less than one calendar month. However, a bank must adopt a longer minimum stress period for the purposes of liquidity stress-testing if its liquidity risk profile warrants this. To gauge a bank's survival period under stress, it is also generally expected that, in addition to the minimum stress period, the bank's stress test must also include sufficiently granular time-bands to assess the bank's ability to meet its obligations in the near to medium-term.

            August 2018

      • LM-9.3 LM-9.3 Utilisation of Stress Test Results

        • LM-9.3.1

          The stress testing results must be linked to the overall liquidity risk management process of a bank, including the setting of the liquidity risk tolerance and the internal liquidity risk limits). To this end, senior management must:

          (a) Ensure proper documentation of the stress scenarios and related assumptions, and review the scenarios and assumptions periodically;
          (b) Evaluate the stress testing results and consider any possible need for remedial or mitigating actions. Remedial or mitigating actions may include actions to limit the bank's liquidity risk exposures, obtain more long-term funding, restructure the composition of assets, and increase the size of the bank's liquidity cushion or the adoption of any other measures to adjust the bank's liquidity profile to fit its risk tolerance. Where such actions are not considered necessary to address stress test results indicating potential liquidity strains or shortfalls, senior management must document the justifications for their view;
          (c) Report the stress testing results and vulnerabilities identified to the Board (or its relevant delegated committee(s)), with recommendations for any resulting actions. Where appropriate, the CBB must be informed of the results and anticipated actions if they are material to the bank (i.e. in addition to normal stress testing reporting arrangements); and
          (d) Integrate the stress-testing results into the bank's strategic business planning and Contingency Funding Plan ('CFP').
          August 2018

    • LM-10 LM-10 Contingency Funding Plan

      • LM-10.1 LM-10.1 Overview

        • LM-10.1.1

          A bank must have a CFP that clearly sets out its strategies for addressing liquidity and funding shortfalls to the extent beyond the level estimated from the stress tests performed by the bank under institution-specific, market-wide and combined stress scenarios and beyond the level covered by the bank's liquidity cushion. The CFP must contain a set of policies, procedures and action plans that prepare a bank to deal with relevant liquidity stress events in a timely and cost-effective manner, with clearly established lines of responsibility and invocation and escalation procedures. The CFP must be approved by the Board and regularly tested and updated to ensure that it is operationally robust.

          August 2018

        • LM-10.1.2

          The CFP must be commensurate with the bank's complexity, risk profile, scope of operations and role in the financial system. The design of a CFP, including its action plans and procedures, must be closely integrated with the bank's ongoing analysis of liquidity risk. The CFP must address liquidity issues over a range of different time horizons.

          August 2018

      • LM-10.2 LM-10.2 Strategy, Plans and Procedures

        • Contingency Funding Measures and Sources

          • LM-10.2.1

            The CFP must provide a bank's management with a diversified set of viable, readily deployable potential contingency funding measures for preserving and making up liquidity shortfalls in emergency situations. All available potential sources of funding must be outlined, along with the estimated amount of funds that can be derived from these sources, their expected degree of reliability, under what conditions these sources must be used, and the lead time needed to access additional funds from each of the sources.

            August 2018

          • LM-10.2.2

            Banks must analyse the viability and likely impact on market perception of adopting different contingency funding measures. Some of the factors that must be considered include:

            (a) The impact of stressed market conditions on a bank's ability to raise funding through different sources;
            (b) The interaction between asset markets and funding liquidity, especially in situations where there is an extensive or complete loss of typically available market funding options;
            (c) Any second-round effects, as well as reputation, legal, regulatory and operational constraints, related to the execution of such measures; and
            (d) Any peculiarities (including special terms and conditions) associated with particular funding sources. For example, banks must generally refrain from excessive reliance on back-up credit lines (even if committed) and need to understand various conditions, such as notice periods, that could affect a bank's ability to access such lines quickly.
            August 2018

          • LM-10.2.3

            In developing contingency funding measures, banks should also be aware of the operational procedures needed to transfer liquidity and collateral across group entities, borders and business lines, taking into account legal, regulatory, operational and time zone restrictions and controls governing such transfers. The CFP should incorporate relevant operational procedures and realistic timelines for such transfers. Assets intended to be pledged as collateral in the event that backup funding sources are utilised, should be held by a legal entity and in a location consistent with management's funding plans.

            August 2018

        • Early Warning Signals and Triggering Events

          • LM-10.2.4

            The CFP must clearly mention a set of triggering events that will activate the plan, as well as the mechanisms for identification, monitoring and reporting of such events at an early stage. Banks may consider the various early warning indicators highlighted in Section LM-2.3 in relation to this.

            August 2018

        • Roles and Responsibilities

          • LM-10.2.5

            The CFP must contain clear policies and procedures enabling a bank's management to make timely and well-informed decisions, communicate the decisions effectively, and execute contingency measures swiftly and proficiently. To achieve this, the roles and responsibilities, and internal procedures for liquidity stress management must be clearly delineated. These must cover:

            (a) The authority to invoke the CFP and the establishment of a formal 'crisis management team' to facilitate internal coordination and communication across different business lines and locations and decision-making by senior management in a stress situation;
            (b) Clear escalation and prioritisation procedures detailing what actions to take, who can take them, and when and how each of the actions can and must be activated;
            (c) Names and contact details of members of the team responsible for implementing the CFP and the locations of team members; and
            (d) The designation of alternates for key roles.
            August 2018

        • Intraday Liquidity Considerations

          • LM-10.2.6

            The CFP must include potential steps to meet intraday critical payments. In situations where intraday liquidity resources become scarce, a bank must have the ability to identify critical payments and to sequence or schedule payments based on priority.

            August 2018

        • Communications and Public Disclosure

          • LM-10.2.7

            As part of the CFP, a bank must develop a communication plan to deliver, on a timely basis, clear and consistent communication to internal and external parties, in a time of stress, to support general confidence in the bank. Internal communication must cover employees and encompass different business lines and locations of the bank. External parties must include the CBB, other relevant local or overseas public authorities, clients and creditors. The plan must, in particular, address communication with shareholders and other external stakeholders, such as market participants, correspondents, custodians and major counterparties and customers to whom assurance about the bank is extremely important, as their actions could significantly affect the bank's reputation and liquidity position.

            August 2018

      • LM-10.3 LM-10.3 Testing, Update and Maintenance

        • LM-10.3.1

          The CFP must be subject to regular testing to ensure its effectiveness and operational feasibility, particularly in respect of the availability of the contingency sources of funding listed in it.

          August 2018

        • LM-10.3.2

          The testing of the CFP must cover:

          (a) Verifying key assumptions, such as the ability to sell or repo certain assets or periodically draw down credit lines;
          (b) Ensuring that roles and responsibilities are appropriate and understood;
          (c) Confirming that contact information is up-to-date, with reporting lines clearly stated and synchronised with the latest organisation chart;
          (d) Proving the transferability of cash and collateral (especially across borders and entities); and
          (e) Reviewing that the necessary legal and operational documentation is in place to execute the plan at short notice.
          August 2018

        • LM-10.3.3

          The ALCO must review all aspects of the CFP following each testing exercise and ensure that follow-up actions are delivered.

          August 2018

        • LM-10.3.4

          The ALCO must review and update the CFP on an annual basis at least, or more often, as warranted by changes in business or market circumstances, to ensure that the CFP remains robust over time. Any changes to the CFP must be properly documented and approved by the Board (or its relevant delegated committee).

          August 2018

        • LM-10.3.5

          The CFP must be consistent with the bank's business continuity plans and should be operational under situations where business continuity arrangements have been invoked. As such, a bank should ensure effective coordination between teams managing issues surrounding liquidity crisis and business continuity.

          August 2018

    • LM-11 LM-11 Liquidity Coverage Ratio

      • LM-11.1 LM-11.1 General Requirements

        • LM-11.1.1

          The requirements of this section is applicable to all Bahraini conventional bank licensees.

          August 2018

        • LM-11.1.2

          Liquidity Coverage Ratio (LCR) has been developed to promote short-term resilience of a bank's liquidity risk profile. The LCR requirements aim to ensure that a bank has an adequate stock of unencumbered high quality liquidity assets (HQLA) that consists of assets that can be converted into cash immediately to meet its liquidity needs for a 30-calendar day stressed liquidity period. The stock of unencumbered HQLA should enable the bank to survive until day 30 of the stress scenario, by which time appropriate corrective actions would have been taken by management to find the necessary solutions to the liquidity crisis.

          August 2018

        • LM-11.1.3

          Bahraini conventional bank licensees must calculate LCR on a consolidated and on a "solo" basis by using the following formula:

                  Stock of HQLA        
          Net cash outflows over the next 30 calendar days

          August 2018

        • LM-11.1.4

          Bahraini conventional bank licensees must meet the minimum LCR of not less than 100 percent on a daily basis.

          August 2018

        • LM-11.1.5

          When applying these requirements on a consolidated basis, the computations of LCR for branches and subsidiaries outside Bahrain must be as per the Rulebook requirements applied to all legal entities being consolidated except for the treatment of retail/small business deposits that should follow the relevant parameters adopted in host jurisdictions in which the bank operates.

          August 2018

        • LM-11.1.6

          In cases of restrictions or reasonable doubt about the capability of Bahraini conventional bank licensees with foreign branches and subsidiaries to transfer surplus liquidity from these branches and subsidiaries to the parent entity, the banks must exclude this surplus liquidity from the calculation of the LCR on a consolidated basis.

          August 2018

        • LM-11.1.7

          No excess liquidity should be recognized by a bank with overseas operations in its consolidated LCR. Thus, the eligible HQLA held by a legal entity being consolidated to meet its local LCR requirements (where applicable) can be included in the consolidated LCR to the extent that such HQLA are used to cover the total net cash outflows of that entity. Any surplus at the legal entity level can only be included in the consolidated stock if the assets would also be freely available to the consolidated (parent) entity in times of stress.

          August 2018

        • LM-11.1.8

          LCR in significant currencies: A currency is considered significant if the aggregate liabilities (both on and off-balance sheet) in that currency amount to 5 percent or more of the bank's aggregate liabilities (both on and off-balance sheet) in all currencies. Bahraini conventional bank licensees must monitor the LCR for each significant currency for the bank and its branches/subsidiaries, inside and outside Bahrain.

          August 2018

        • Frequency of Reporting

          • LM-11.1.9

            Bahraini conventional bank licensees are required to submit their "solo" LCR to the CBB within 7 calendar days following the month end, and their consolidated LCR within 14 calendar days following the month end (as required under Section BR-4.3).

            Amended: July 2019
            August 2018

          • LM-11.1.10

            In cases where the LCR falls, or is expected to fall, below 100 percent, Bahraini conventional bank licensees must immediately notify the CBB, report the reasons for the breach or potential breach and present a plan showing the measures they intend to take to restore the LCR ratio.

            August 2018

          • LM-11.1.11

            The stress scenarios assumed in these requirements must be viewed as a minimum supervisory requirement for Bahraini conventional bank licensees. Banks must construct their own scenarios proportionate to their size, business model and complexity of operations, to assess the level of liquidity they must hold over and above this minimum level. These Internal stress scenarios must incorporate time horizons longer than the one mandated by the requirements mentioned in this section.

            August 2018

          • LM-11.1.12

            Bahraini conventional bank licensees must disclose the information on the LCR concurrently with the publication of their quarterly and year-end financial statements. The LCR must be presented as simple averages of daily LCRs over the current and previous period.

            August 2018

      • LM-11.2 LM-11.2 High Quality Liquid Assets (HQLA)

        • The LCR Components and Operational Requirements

          • LM-11.2.1

            Bahraini conventional bank licensees must hold a stock of unencumbered HQLA to cover the total net cash outflows over a 30-day period under prescribed stress scenario outlined in the LCR requirements.

            August 2018

          • LM-11.2.2

            Assets qualify as HQLA if they can be easily and immediately converted into cash at little or no loss of value under stress circumstances.

            August 2018

          • LM-11.2.3

            Bahraini conventional bank licensees must ensure that no operational impediments exist that can prevent timely monetisation of HQLA during a stress period. Banks also have to demonstrate that they can immediately use the stock of HQLA as a source of available liquidity that can be converted into cash (either through outright sale or repo) to fill funding gaps between cash inflows and outflows at any time during stress periods.

            August 2018

          • LM-11.2.4

            The stock of HQLA must be well diversified within the asset classes themselves (except for sovereign debt of Bahrain, central bank reserves, central bank debt securities and cash). Bahraini conventional bank licensees must have policies and limits in place in order to avoid concentration with respect to asset types, issue and issuer types, and currency (consistent with the distribution of net cash outflows by currency) within asset classes.

            August 2018

          • LM-11.2.5

            Bahraini conventional bank licensees must ensure that they have internal policies and measures in place, in line with the following operational requirements:

            (a) Banks must periodically monetise a representative proportion of the assets in its stock of HQLA through outright sale or repos, in order to test access to the market, the effectiveness of its process of monetisation, and to minimise the risk of negative signalling during a period of actual stress;
            (b) All assets in the stock must be unencumbered, meaning free of legal, regulatory, contractual or other restrictions on the ability of the bank to liquidate, sell or transfer these assets;
            (c) Assets received in reverse repos and securities financing transactions that are held at the bank, which have not been rehypothecated, and which are legally available for the bank's use, can be considered as part of the stock of HQLA;
            (e) Assets which qualify for HQLA that have been deposited with the central bank but have not been used to generate liquidity may also be included in the stock of HQLA; and
            (f) A bank must exclude from the stock those assets that, although meeting with the definition of 'unencumbered', the bank would not have the operational capability to monetise them for whatever reasons;
            (g) The bank must have a policy in place that identifies legal entities, geographical locations, currencies and specific custodial or bank accounts where HQLA are held;
            (h) The bank must identify whether there are any regulatory, legal or accounting impediments to the transfer of these assets to the banking group level, and only include within its stock of HQLA the assets that are freely transferable;
            (i) The bank must exclude from the stock of HQLA, those assets where there are impediments to sale, such as large fire-sale discounts;
            (j) Banks must not include, in the stock of HQLA, any assets, or liquidity generated from assets, they have received under right of hypothecation, if the beneficial owner has the contractual right to withdraw those assets during the 30-day stress period;
            (k) Banks must include within the stock of HQLA the assets held during the reporting period, irrespective of the residual maturity of these assets. The two categories of assets that can be included in the stock of HQLA are 'Level 1' and 'Level 2'. Level 1 assets can be included without any limit, whereas Level 2 assets can only comprise up to 40 percent of total HQLA;
            (l) Level 2 assets are divided into two categories; level 2A and level 2B, according to the qualifying conditions identified in these requirements;
            (m) As part of level 2, banks may include level 2B assets up to 15 percent of total HQLA. However, level 2 assets must not exceed a cap of 40 percent of total HQLA assets;
            (n) The cap on level 2 and level 2B assets must be determined after the application of required haircuts and after taking into account the unwinding of short-term securities financing transactions maturing within 30 calendar days that involve the exchange of HQLA; and
            (o) Banks must ensure that they maintain appropriate systems and policies to control and monitor potential risks, such as market and credit risk which the banks may face while maintaining these assets.
            August 2018

          • LM-11.2.6

            The composition of HQLA is as follows:

            Level 1 Assets

            Level 1 assets comprise of an unlimited share of the total pool and are not subject to haircuts.

            Level 1 assets are limited to:

            (i) Coins and banknotes;
            (ii) Assets with central banks in countries in which the LCR is being calculated, including cash reserves, to the extent that the CBB allows banks to draw-down these assets in times of stress;
            (iii) Debt securities/Sukuk issued by Government of Bahrain or Gulf Cooperation Council (GCC) countries;
            (iv) Debt securities/Sukuk issued or guaranteed by sovereigns, central banks, PSEs, the International Monetary Fund ('IMF'), the Bank for International Settlements ('BIS'), the Islamic Development Bank ('IDB') or its subsidiaries, the European Central Bank ('ECB') and European Commission ('EC'), or Multilateral Development Banks ('MDB') satisfying the following conditions:
            a) Assigned a 0 percent risk weight as shown in Appendix A;
            b) Traded in large, deep and active repo or cash markets and characterized by a low level of concentration;
            c) Have a proven track record of reliable liquidity in the cash or repo market even during stressed market conditions;
            d) Not an obligation of a financial institution or any of its subsidiaries.
            (v) Where the sovereign has a non-0 percent risk weight, debt securities/Sukuk issued in domestic currency by the sovereign or central bank of the country in which the liquidity risk is being taken, or in the bank's home country; and
            (vi) Where the sovereign has a non-0 percent risk weight, debt securities/Sukuk in foreign currencies issued by the sovereign or central bank up to the amount of the bank's stressed net cash outflows in that specific foreign currency arising from the bank's operations in that jurisdiction.

            Level 2 Assets

            Level 2 assets are subject to a 40 percent cap of the overall stock of HQLA assets after haircuts have been applied.

            A. Level 2A assets

            A 15 % haircut is applied to the current market value of each level 2A asset held in the stock of HQLA.

            Level 2A assets are limited to the following;
            (i) Debt securities/Sukuk issued or guaranteed by sovereigns, central banks, PSEs or multilateral development banks that satisfy all the following conditions:
            a. Assigned a 20 percent risk weight, as per Appendix A;
            b. Traded in large deep and active repo or cash markets and characterised by low level of concentration;
            c. Have a proven track record of reliable source of liquidity in the markets (sale or repo) even during stressed market conditions (i.e. maximum price decline not exceeding 10 percent or the increase in haircut not exceeding 10 percent over a 30-day period during a relevant significant stress period); and
            d. Not an obligation of a financial institution, or any of its affiliated entities.
            (ii) Debt securities (including commercial paper)/Sukuk that can be monetised, and covered bonds that satisfy all of the following conditions:
            a. Not issued by a financial institution or any of its affiliated entities;
            b. In the case of covered bonds, not issued by the bank itself or any of its affiliated entities;
            c. Either have a long-term credit rating from a recognized external credit assessment institution ('ECAI') of at least AA-or, in the absence of a long term rating, a short-term rating equivalent in quality to the long-term rating;
            d. Traded in large, deep and active cash or repo markets and characterized by a low level of concentration; and
            e. Have a proven track record of reliable liquidity in the markets, even during stressed market conditions (i.e. maximum price decline not exceeding 10 percent, or the increase in haircut not exceeding 10 percent over a 30-day period during a relevant period of significant liquidity stress).
            B. Level 2B assets

            Level 2B assets are limited to the following;
            (i) Debt securities (including commercial paper)/Sukuk issued by non-financial institutions, subject to a 50 percent haircut, that satisfy all of the following conditions:
            a. Debt securities/Sukuk issued by non-financial institutions, or one of their subsidiaries, and have a long-term credit rating between A+ and BBB- or equivalent, or in the absence of a long-term rating, a short-term rating equivalent to the long-term rating;
            b. Traded in large deep and active repo, or cash markets characterized by a low level of concentration; and
            c. Have a proven track record as a reliable source of liquidity in the markets even during stressed market conditions (i.e. maximum price decline not exceeding 20 percent. or the increase in haircut not exceeding 20 percent over a 30-day period during a relevant period of significant liquidity stress);
            (ii) Common equity shares subject to a 50 percent haircut that satisfy all of the following conditions:
            a. Not issued by a financial institution or any of its affiliated entities;
            b. Exchange traded and centrally cleared;
            c. A constituent of the major stock index in the home jurisdiction or where the liquidity risk is being taken;
            d. Denominated in BHD, USD or in the currency of the jurisdiction where the liquidity risk is being taken;
            e. Traded in large, deep and active repo or cash markets characterized by a low level of concentration; and
            f. Have a proven track record as a reliable source of liquidity in the markets, even during stressed market conditions (i.e. maximum price decline of not exceeding 40 percent, or increase in haircut not exceeding 40 percent over a 30-day period during a relevant period of significant liquidity stress).

            Appendix A provides the calculation of the caps and haircuts.

            August 2018

          • LM-11.2.7

            If a bank wishes to include other assets under level 2B assets, prior approval must be obtained from the CBB.

            August 2018

          • LM-11.2.8

            Bahraini conventional bank licensees must demonstrate their ability to monitor the concentration of the assets in their stock of HQLA, and they must have adequate policies in place for monitoring asset concentration and granular distribution.

            August 2018

      • LM-11.3 LM-11.3 Cash Outflows

        • LM-11.3.1

          Net cash outflow is defined as the total expected cash outflows, minus total expected cash inflows in the stress scenario for the subsequent 30 calendar days. Total expected cash outflows are calculated by multiplying the outstanding balances of various categories or types of liabilities and OBS commitments with the run-off rates, as shown in these requirements. Total expected cash inflows are calculated by multiplying the outstanding balances of various categories of contractual receivables by the rates at which they are expected to flow in, up to an aggregate cap of 75 percent of total expected cash outflows. (See Appendix A)

          August 2018

        • LM-11.3.2

          If an asset is included as part of the stock of HQLA (i.e. the numerator), the associated cash inflows cannot also be counted as cash inflows (i.e. the denominator).

          August 2018

        • Outflows

          • LM-11.3.3

            Retail deposits are defined as deposits placed with a bank by a natural person. Deposits from legal entities, sole proprietorships or partnerships are captured in wholesale deposit categories. Retail deposits include demand deposits, saving accounts and term deposits.

            August 2018

          • LM-11.3.4

            Retail deposits are divided into 'stable' and 'less stable' categories as described below:

            A. Stable Deposits

            Stable deposits are subject to a run-off rate of 3%. Stable deposits must meet the following conditions:
            i. Fully insured6 under a deposit insurance scheme; and
            ii. Meets either of the following 2 conditions (a) or (b):
            a) The depositors have other established relationships with the bank that make deposit withdrawal highly unlikely. An established relationship is deemed to exist between the depositor and the bank, if:
            •   The bank has an active contractual relationship with the depositor of at least 12 months duration;
            •   The depositor has a borrowing relationship with the bank for residential loans or other long term loans; or
            •   The depositor has a minimum number of active products, other than loans, with the bank;
            Or
            b) The deposits are in transactional accounts (e.g. accounts where salaries are automatically deposited).
            B. Less Stable Deposits
            (i) Cash outflows related to retail term deposits with a residual maturity or withdrawal notice period greater than 30 days will be excluded from the total expected cash outflows if the depositor has no legal right to withdraw deposits within the 30-day horizon of the LCR, or if early withdrawal results in a significant penalty greater than the loss of profits payable on the deposit;
            (ii) The CBB may, at its discretion, apply run-off rates on these deposits if there are concerns that depositors might withdraw their deposits in the same manner as demand deposits during either normal or stress times, or if there are concerns that banks may have to repay such deposits early in stressed times for reputational reasons;
            (iii) If a bank is unable to readily identify which retail deposits would qualify as 'stable' according to the definition provided above, it must place the full amount in the 'less stable' category; and
            (iv) Run-off rates shall be applied to less stable deposits as outlined in Appendix A.

            6 6 'Fully insured' means that 100 percent of the deposit amount is covered by an effective deposit insurance scheme. Deposit balances up to the deposit insurance limit can be treated as "fully insured". However, any amount in excess of the deposit insurance limit is to be treated as less stable'. For example, if a depositor has a deposit of BD 150,000 that is covered by a deposit insurance scheme, which has a limit of BD 100,000, where the depositor would receive at least BD 100,000 from the deposit insurance scheme if the bank were unable to pay, then BD 100,000 would be considered "fully insured" and treated as stable deposits, while BD 50,000 would be treated as less stable deposits.

            6 An established relationship is deemed to exist between the depositor and the bank, if:

            •   The bank has an active contractual relationship with the depositor of at least 12 months duration; or
            •   The depositor has a borrowing relationship with the bank for residential loans or other long term loans; or

            The depositor has a minimum number of active products, other than loans, with the bank.

            August 2018

        • Unsecured Wholesale Funding

          • LM-11.3.5

            Unsecured wholesale funding is defined as those liabilities due to non-naturalised persons (i.e. legal entities, including sole proprietorships) and are not collateralized by legal rights to specifically designated assets owned by the bank in the case of bankruptcy, insolvency, liquidation or resolution. Obligations related to derivative contracts are excluded from this definition.

            August 2018

          • LM-11.3.6

            Bahraini conventional bank licensees must include all funding which is callable within the LCR's horizon of 30 days or that has its earliest possible contractual maturity date situated within this horizon (such as maturing term deposits and unsecured debt securities), as well as funding with an undetermined maturity. This must also include funding with options that are exercisable at the investor's discretion within the 30-day calendar day horizon. For funding with options exercisable at the bank's discretion where there is a possibility of not exercising the option (e.g. for reputational reasons), banks must include these liabilities as outflows.

            August 2018

          • LM-11.3.7

            Wholesale funding that is callable by the funds provider subject to a contractually defined and binding notice period exceeding 30 days must not be included in the calculation of the LCR.

            August 2018

          • LM-11.3.8

            For the purpose of the LCR, deposits and unsecured wholesale funding are to be categorized as below (please see Appendix A).

            A. Unsecured Wholesale Funding Provided by Small Business Customers
            (i) This category includes deposits and other funds provided by small business customers (other than financial institutions). For the purpose of these requirements, small business customer deposits are defined as deposits which have the same characteristics of retail accounts, provided that total aggregate funding raised from one small business customer is less than BHD 500,000 (on a consolidated basis where applicable); and
            (ii) Term deposits provided by small business customers are treated the same way as retail deposits.
            B. Operational Deposits Generated by Clearing, Custody and Cash Management Activities
            (i) Certain banking activities that lead to financial and non-financial customers needing to place, or leave deposits with a bank in order to facilitate their access and ability to use payment and settlement systems and otherwise make payments. These funds may receive a 25 percent run-off factor, only if the customer has a substantive dependency with the bank and the deposit is required for such activities. Banks must seek the CBB's prior approval on such accounts and the CBB may choose not to allow the banks to use operational deposit run-off rates in certain cases;
            (ii) Qualifying activities in this context refer to clearing, custody or cash management activities that meet the following criteria;
            a. The customer is reliant on the bank to perform these services as an independent third-party intermediary over the next 30 days. For example, this condition would not be met if the customer has alternative back-up arrangements;
            b. These services must be provided under a legally binding agreement; and
            c. The termination of such arrangements shall be subject either to a notice period of at least 30 days, or significant switching costs to be borne by the customer if the operational deposits are moved before 30 days.
            (iii) Qualifying operational deposits generated by such activities are ones where:
            a. The deposits are held in specifically designated accounts and priced without giving an economic incentive to the customer for maintaining such deposits; and
            b. The deposits are by-products of the underlying services and not solicited in bulk in the wholesale market.
            (iv) Any excess balances that could be withdrawn, leaving enough funds to fulfil the clearing, custody and cash management activities, do not qualify for the 25 percent run-off rate. Only that portion of the deposit which is proven to meet the customer's needs can qualify as stable. Excess balances must be treated in the category for non-operational deposits;
            (v) Banks must determine methodology for identifying excess balances in operational accounts;
            (vi) If the deposit arises out of correspondent banking, or from the provision of prime brokerage services, it will be treated as if there were no operational activities for the purpose of determining run-off factors; and
            (vii) That portion of the operational deposits generated by clearing, custody and cash management activities that is fully covered by deposit insurance can receive the same treatment as 'stable' retail deposits and, as such, can be subject to the 5 percent runoff rate factor.
            C. Unsecured Wholesale Funding Provided by Non-financial Corporates and Sovereigns, Central Banks, Multilateral Development Banks and PSEs

            This category comprises all deposits and other extensions of unsecured funding from non-financial corporate customers (that are not categorized as small business customers) and both domestic and foreign sovereign, central bank, multilateral development bank and PSE, Bahrain's Social Insurance Organization and GCC, Public Investment Funds (PIFs)7 that are not held for operational purposes. The run-off factor for these funds is 40 percent and, in cases where the deposit is fully insured, the run-off factor shall be 20 percent.
            D. Unsecured Wholesale Funding Provided by Other Legal Entity Customers
            (i) This category comprise all deposits and other funding from other institutions (including banks, securities firms, insurance companies, etc.), fiduciaries, beneficiaries, special purpose vehicles, affiliated entities of the bank and other entities that are not specifically held for operational purposes and included in the prior categories. The run-off factor for these funds is 100 percent:
            (ii) All notes, bonds and other debt securities issued by the bank are included in this category regardless of the holder, unless the bond is sold exclusively in the retail market and held in retail accounts (including small business customer accounts treated as retail, as per LM-11.3.8A) in which the instruments can be treated in the appropriate retail or small business customer deposit category. To be treated as such, it is not sufficient that the debt instruments are specifically designed and marketed to retail or small business customers, but rather there must be limitations placed such that those instruments cannot be bought and held by parties other than retail or small business customers; and
            (iii) Customer cash balances arising from the provision of prime brokerage services must be considered separate from any balances related to client protection regimes imposed by the regulatory authorities, and must not be netted against other customer exposures included in this Module.

            7 Only deposits from GCC PIFs where the PIF is a controller of the bank must be included under this classification.

            August 2018

        • Secured Funding

          • LM-11.3.9

            Secured funding is defined as those liabilities and general obligations that are collateralised by legal rights to specifically designated assets owned by the bank in the case of bankruptcy, insolvency, liquidation or resolution. The amount of outflow is calculated based on the amount of funds raised through the transaction, and not the value of the underlying collateral. The table below summarises the applicable factors:

            Categories for outstanding maturing secured Amount to add to cash flows %
            Backed by Level 1 assets or with central banks 0%
            Bank by Level 2A assets 15%
            •   Secured funding transactions with domestic sovereign, PSE or multilateral development bank that are not backed by Level 1 or 2 assets
            •   Backed by RMBS eligible for inclusion in Level 2B
            25%
            Backed by other Level 2B assets 50%
            All other transactions 100%
            August 2018

        • Other Cash Outflows

          • LM-11.3.10

            Additional items and their runoff rates as follows:

            A. Derivatives cash outflows:
            (i) The sum of all net cash outflows will receive a 100 percent factor. Banks must calculate, in accordance with their existing valuation methodologies, expected contractual derivative cash inflows and outflows. Cash flows must be calculated on a net basis (i.e. inflows can offset outflows) by counterparty, only where a valid master netting agreement exists. The banks must exclude from such calculations, those liquidity requirements that would result from increased collateral needs due to market value movements or falls in value of collateral posted. Options must be assumed to be exercised when they are in the money to the option buyer;
            (ii) Where derivative payments are collateralized by HQLA, cash outflows must be calculated net of any corresponding cash inflows arising from collateral received for derivatives, or that would result from contractual obligations for cash or collateral to be provided to the bank, if the bank is entitled to re-use the collateral in new transactions; and
            (iii) Below run-off rates apply in the following cases:
            a. Increased liquidity needs related to downgrade triggers embedded in financing transactions, derivatives and other contracts. Banks must review those contracts in detail and identify the clauses that require the posting of additional collateral or early repayment upon the ratings downgrades, by and up to three notches. A 100 percent run-off rate will be applied to the amount of collateral that would be posted for, or contractual cash outflows associated with, the credit rating downgrades;
            b. Increased liquidity needs related to the changes in the market value of the bank's posted collateral. A run-off rate of 20 percent must apply to cover the possibility of changes in value of the collateral posted by the bank in the derivatives contract, as well as other transactions. This rate must apply to all collateral, excluding level 1 assets after offsetting the collateral posted by the same counterparty, which can be used again without any restrictions. This rate will be calculated based on the notional amount of the asset after any other applicable haircuts;
            c. A run-off rate of 100 percent will apply to non-segregated collateral that could contractually be recalled by the counterparty because the collateral is in excess of the counterparty's current collateral requirements;
            d. A run-off rate of 100 percent will apply to the collateral that is contractually due, but where the counterparty has not yet demanded the posting of such collateral;
            e. A run-off rate of 100 percent will apply to the amount of HQLA collateral that can be substituted for non-HQLA assets without the bank's consent; and
            f. Banks must calculate the liquidity needs to face potentially substantial liquidity risk exposures, to valuation changes of derivative contracts. This must be calculated by identifying the largest absolute net 30-day collateral flow realized during the preceding 24 months. The net flows of collateral must be calculated by offsetting the collateral inflows and outflows. This must be executed using the same Master Netting Agreement ('MNA')
            B. Asset Backed Securities, Covered Bonds and Other Structured Financing Instruments

            Such transactions are subject to a run-off rate of 100 percent of the funding transaction maturing within the 30-day period, when these instruments are issued by the bank itself (assuming that the refinancing market will not exist).
            C. Asset-backed Commercial Paper, Securities Investment Vehicles and Other Financing Facilities

            A run-off rate of 100 percent must apply to the payments due within a 30-day period. In cases where assets are returnable, a run-off rate of 100 percent must apply to the returned assets when there are derivatives, or derivative-like components, contractually mentioned in the agreements for the structure, allowing the 'return' of assets in a financing arrangement (assuming that the refinancing market will not exist).
            D. Asset-backed Commercial Paper, Securities Investment Vehicles and Other Financing Facilities

            A run-off rate of 100 percent must apply to the payments due within a 30-day period. In cases where assets are returnable, a run-off rate of 100 percent must apply to the returned assets when there are derivatives, or derivative-like components, contractually mentioned in the agreements for the structure, allowing the 'return' of assets in a financing arrangement (assuming that the refinancing market will not exist).
            E. Drawdowns on Committed Credit and Liquidity Facilities

            These facilities include contractually irrevocable ('committed') or conditionally revocable agreements to extend funds. Unconditionally revocable facilities that are unconditionally cancellable are excluded from this section and included in 'Other Contingent Funding Liabilities' section for the purpose of the following requirements:
            (i) When calculating the facilities mentioned in the preceding paragraph, the currently undrawn portion of these facilities is the calculated net of any HQLA if the HQLA have already been posted as collateral by the counterparty to secure the facilities, or are contractually obliged to be posted when the counterparty will draw down the facility if the bank is entitled to re-use the collateral and there is no undue correlation between the probability of drawing the facility and the market value of the collateral. In such cases, the assets posted as collateral can be netted to the extent that this collateral is not already counted in the stock of HQLA, as per these requirements;
            (ii) For the purpose of these requirements, a liquidity facility is defined as any committed, undrawn (unused) backup facility that would be utilized to refinance the debt obligations of a customer in situations where such a customer is unable to rollover that debt in financial markets. To calculate the LCR, an amount equivalent to the currently outstanding debt issued by the customer maturing within a 30-day period is taken, while excluding the portion of the backing debt within this period. General working capital facilities for corporate entities will not be classified as liquidity facilities, but as credit facilities. Any other undrawn facilities will be classified as credit facilities; and
            (iii) Any facilities provided to hedge funds and special purpose funding vehicles or other vehicles used to finance the banks own assets, must be captured in their entirety as a liquidity facility, to other legal entities.
            F. Contractual Obligations To Extend Funds Within a 30-day Period

            Any contractual lending obligations to financial institutions not captured elsewhere in the requirements must be captured here at a 100 percent run-off rate.


            If the total of all contractual obligations to extend funds to retail and non-financial corporate clients within the next 30 calendar days (not captured in the prior categories) exceeds 50 percent of the total contractual inflows due in the next 30 calendar days from these clients, the difference must be reported as a 100 percent outflow (i.e. the excess above 50 percent of the total inflow of these clients within a period of 30 days).
            G. Other Contingent Funding Obligations

            The table below shows the cash outflow run-off rates for other contingent funding obligations:

            Table: Run-off rates for Other Contingent Funding Obligations

            Type of Contingent Funding Run-off Rates (%)
            Revocable and unconditional financing and liquidity facilities 'uncommitted'. 5%
            Non-contractual contingent funding obligations related to potential liquidity draws from joint venture or minority investments in entities. 5%
            Obligations related to trade financing (including letters of guarantee and letters of credit). 5%
            Guarantees and letters of credit unrelated to trade finance obligations. 5%
            Non-contractual commitments related to customers' short positions covered by other customers' collateral. 50%
            Outstanding debt securities/Sukuk (more than 30 days maturity). 5%
            Any other non-contractual obligations not captured above. 5%
            (i) Lending commitments, such as direct import or export financing for non-financial corporate firms are excluded from this treatment and banks will apply the run-off rates specified in Appendix A; and
            (ii) A 100 percent run-off rate must apply for any other contractual cash outflows within the next 30 calendar days, not captured above, other than operational expenses (which are not covered by this Module).
            August 2018

      • LM-11.4 LM-11.4 Cash Inflows

        • LM-11.4.1

          When considering its available cash inflows, the bank must only include contractual inflows from outstanding exposures that are fully performing and for which the bank has no reason to expect a default within the 30-day time horizon. Contingent inflows are not included in total net cash inflows.

          August 2018

        • LM-11.4.2

          Bahraini conventional bank licensees need to monitor the concentration of expected inflows across wholesale counterparties in the context of the banks' liquidity risk management, in order to ensure that liquidity position is not overly dependent on the arrival of expected inflows from one or a limited number of wholesale counterparties.

          August 2018

        • LM-11.4.3

          The amount of inflows that can offset outflows is capped at 75 percent of the total expected cash outflows, as calculated in the Module for the purpose of calculating the net cash outflows.

          August 2018

        • A. Secured Lending, Including Reverse Repos and Securities Borrowing

          • LM-11.4.4

            A bank must assume that maturing financing transactions secured by level 1 assets will be rolled-over and will not give rise to any cash inflows; as a result, an inflow factor of 0 percent will be applied to this kind of transaction. While maturing financing transactions secured by Level 2 HQLA will lead to cash inflows equivalent to the relevant haircut for the specific assets. A bank is assumed not to roll-over maturing secured financing transactions which have been secured by non-HQLA assets, and can assume receiving back 100 percent of the cash related to those agreements (i.e. an inflow factor of 100 percent).

            August 2018

          • LM-11.4.5

            Maturing secured lending transactions backed by different asset categories will receive different factors provided that the collateral obtained through reverse repo, or securities borrowing which matures within the 30-day horizon, is not used to cover short positions.

            August 2018

          • LM-11.4.6

            If the collateral obtained through reverse repo or securities borrowing matures within the 30-day horizon, and is re-used to cover short positions that could be extended beyond 30 days, a bank must assume that the reverse repo or securities borrowing arrangements will be rolled-over and will not give rise to any cash inflow (0 percent).

            August 2018

          • LM-11.4.7

            In the case of a bank's short positions, if the short position is being covered by an unsecured security borrowing, the bank must assign a 100 percent outflow of either cash or HQLA to secure the borrowing, or cash to close out the short position by buying back the security. This must be assigned a 100% run-off rate under the other contractual cash outflows described in LM-11.3.10(F). However, if the bank's short position is being covered by a collateralized securities financing transaction, the bank must assume the short position will be maintained throughout the 30-day period and receive a 0 percent outflow.

            August 2018

        • B. Committed Facilities

          • LM-11.4.8

            No cash inflows are assumed from credit facilities or liquidity facilities that the bank holds at other institutions for its own purposes. As such, these transactions must receive a 0 percent cash inflow rate, meaning that this scenario does not consider inflows from committed credit or liquidity facilities.

            August 2018

        • C. Other Inflows by Counterparty

          • LM-11.4.9

            For all other types of transactions, either secured or unsecured, the bank must apply inflow rates according to the counterparty category, as explained in the following paragraphs.

            August 2018

          • LM-11.4.10

            When considering loan payments, the bank must only include inflows from fully performing loans. For revolving credit facilities, this assumes that the existing loans are rolled-over and that any remaining balances (undrawn) are treated in the same way as a committed facility according to LM-11.3.10(E).

            August 2018

          • LM-11.4.11

            Inflows from loans that have no specific maturity (i.e. have non-defined or open maturity) must not be included; therefore, no assumptions must be applied as to when maturity of such loans would occur. An exception to this would be minimum payments of principal, commission or interest associated with an open maturity financing transactions, provided that such payments are contractually due within 30 days. These minimum payment amounts must be captured as inflows at the rates prescribed in the paragraphs below (articles a. and b.).

            August 2018

          • LM-11.4.12

            Bahraini conventional bank licensees must apply the below rates to the cash inflows maturing within 30 calendar days by counterparty:

            a. Cash inflows from retail customers and small business customers: 50 percent of the contractual amount.
            b. Other wholesale inflows:
            i. 100 percent for financial institutions and central bank counterparties; and
            ii. 50 percent for non-financial wholesale counterparties.
            c. Operational deposits: Deposits held at other financial institutions for operational purposes will receive a 0 percent inflow rate.
            August 2018

          • LM-11.4.13

            Inflows from securities maturing within 30 days not included in the stock of HQLA must be treated in the same category as inflows from financial institutions (i.e. 100 percent inflow). Bahraini conventional bank licensees may also recognize in this category inflows from the release of balances held in segregated accounts in accordance with regulatory requirements for the protection of customer trading assets, provided that these segregated balances are maintained in HQLA. Liquid assets from level 1 and level 2 securities maturing within 30 days must be included as HQLA, provided that they meet all operational and definitional requirements, as laid out in LM-11.2.

            August 2018

        • D. Other Cash Inflows

          • LM-11.4.14

            Derivatives cash inflows: The sum of all net cash inflows must receive a 100 percent inflows factor. The amounts of derivative cash inflows and outflows must be calculated in accordance with the methodology described in LM-11.3.10(A) Sub Paragraph.(i).

            August 2018

          • LM-11.4.15

            Where derivative contracts are collateralized by HQLA, cash inflows must be calculated net of any corresponding cash or contractual outflows that would result, all other things being equal, from contractual obligations for cash or collateral to be posed by the bank, given these contractual obligations would reduce the stock of HQLA. This is in accordance with the principle that banks must not double-count liquidity inflows or outflows.

            August 2018

          • LM-11.4.16

            Other contractual cash inflows: Other contractual cash inflows must be captured here, with an explanation given as to what this bucket comprises of; they must receive a 100 percent inflow rate. Cash inflows related to cash flows which are not pertinent to the bank's primary activities are not taken into account in the calculation of the net cash outflows for the purposes of calculating the LCR.

            August 2018

    • LM-12 LM-12 Net Stable Funding Ratio

      • LM-12.1 LM-12.1 Introduction

        • LM-12.1.1

          The content of this section is applicable to all locally incorporated conventional banks licensed by the Central Bank of Bahrain.

          August 2018

        • LM-12.1.2

          The objective of the Net Stable Funding Ratio (NSFR) is to promote the resilience of banks' liquidity risk profiles and to incentivise a more resilient banking sector over a longer time horizon. The NSFR will require banks to maintain a stable funding profile in relation to the composition of their assets and off-balance sheet activities. A sustainable funding structure is intended to reduce the likelihood that disruptions to a bank's regular sources of funding will erode its liquidity position in a way that would increase the risk of its failure and potentially lead to broader systemic stress. The NSFR limits overreliance on short-term wholesale funding, encourages better assessment of funding risk across all on-balance sheet and off-balance sheet items, and promotes funding stability.

          August 2018

      • LM-12.2 LM-12.2 Scope of Application

        • LM-12.2.1

          Bahraini conventional bank licensees shall calculate the NSFR

          separately for each of the following levels:

          (a) Level (A): The NSFR for the bank on solo basis; and
          (b) Level (B): The NSFR for the bank on a consolidated basis.
          August 2018

        • LM-12.2.2

          When applying these requirements on a consolidated basis, the available stable funding ('ASF') factors applied for branches and subsidiaries outside Bahrain must be as per the requirements in this Module.

          August 2018

      • LM-12.3 LM-12.3 Requirements and Calculation Methodology

        • LM-12.3.1

          The NSFR is defined as the amount of available stable funding relative to the amount of required stable funding. This ratio must be equal to at least 100 percent on an ongoing basis. 'Available stable funding' is defined as the portion of capital and liabilities expected to be reliable over the time horizon considered by the NSFR, which extends to 1 year. 'Required stable funding' is defined as the portion of assets and OBS exposures expected to be funded on an ongoing basis over a 1-year horizon. The amount of such stable funding required of a specific institution is a function of the liquidity characteristics and residual maturities of the various assets held by that institution, as well as those of its OBS exposures.

          August 2018

        • LM-12.3.2

          The NSFR (as a percentage) must be calculated as follows:

          Available stable funding >=100
          Required stable funding
          August 2018

        • LM-12.3.3

          The NSFR definitions mirror those outlined in the section LM-11 'Liquidity Coverage Ratio unless otherwise specified.

          August 2018

      • LM-12.4 LM-12.4 NSFR Components

        • A) Available Stable Funding

          • LM-12.4.1

            The amount of ASF is measured based on the broad characteristics of the relative stability of an institution's funding sources, including the contractual maturity of its liabilities and the differences in the propensity of different types of funding providers to withdraw their funding. The amount of ASF is calculated by first assigning the carrying value of a bank's capital and liabilities to one of five categories, as presented below in Table (1), before the application of any regulatory deductions, filters or other adjustments. The amount assigned to each category is then multiplied by an ASF factor, and the total ASF is the sum of the weighted amounts.

            August 2018

          • LM-12.4.2

            When determining the maturity of an equity or liability instrument, investors are assumed to redeem a call option at the earliest possible date. In particular, where the market expects certain liabilities to be redeemed before their legal final maturity date, banks must assume such behaviour for the purpose of the NSFR and include these liabilities in the corresponding ASF category. For long-dated liabilities, only the portion of cash flows falling at or beyond the 6-month and 1-year time horizons must be treated as having an effective residual maturity of 6 months or more, and 1 year or more, respectively.

            August 2018

        • Calculation of Derivative Liability Amounts

          • LM-12.4.3

            Derivative liabilities are calculated first based on the replacement cost for derivative contracts (obtained by marking to market) where the contract has a negative value. When an eligible bilateral netting contract is in place that meets the conditions as specified in the 'bilateral netting agreements' conditions specified in Appendix F, the replacement cost for the set of derivative exposures covered by the contract will be the net replacement cost.

            August 2018

          • LM-12.4.4

            In calculating NSFR derivative liabilities, collateral posted in the form ofvariation margin in connection with derivative contracts, regardless of the asset type, must be deducted from the negative replacement cost amount.8, 2


            8 NSFR derivative liabilities = (derivative liabilities) - (total collateral posted as variation margin on derivative liabilities).

            2 To the extent that the bank's accounting framework reflects on the balance sheet, in connection with a derivative contract, an asset associated with collateral posted as variation margin that is deducted from the replacement cost amount for purposes of the NSFR, that asset should not be included in the calculation of a bank's required stable funding ('RSF') to avoid any double-counting.

            August 2018

        • Liabilities and Capital Receiving a 100 percent ASF Factor

          • LM-12.4.5

            Liabilities and capital instruments receiving a 100 percent ASF factor comprise:

            (a) The total amount of regulatory capital, before the application of capital deductions9, including general provisions calculated under the regulatory capital and excluding the proportion of Tier 2 instruments with residual maturity of less than 1 year. With regards to branches of foreign banks, this category includes the actual value of funds designated for the branch/branches;
            (b) The total amount of any capital instrument not included in (a ) that has an effective residual maturity of 1 year or more, but excluding any instruments with explicit or embedded options that, if exercised, would reduce the expected maturity to less than 1 year; and
            (c) The total amount of secured and unsecured borrowings and liabilities (including term deposits) with effective residual maturities of 1 year or more. Cash flows falling below the 1-year horizon, but arising from liabilities with a final maturity greater than 1 year do not qualify for the 100 percent ASF factor.

            9 Capital instruments reported here should meet all requirements outlined in CBB Capital Adequacy Ratio—Basel III Guidelines.

            August 2018

        • Liabilities Receiving a 95 percent ASF Factor

          • LM-12.4.6

            Liabilities receiving a 95 percent ASF factor comprise of 'stable' non-maturing deposits (demand) deposits, saving deposits and/or term deposits with residual maturities of less than 1 year provided by retail customers.

            August 2018

          • LM-12.4.7

            Stable deposits for this purpose are the amount of the deposits that are fully insured10 by a deposit insurance scheme, and where:

            (a) The depositors have other established relationships with the bank that make deposit withdrawal highly unlikely; or
            (b) The deposits are in transactional accounts (e.g. accounts where salaries are automatically deposited).

            All other deposits and accounts that do not satisfy these criteria shall be treated as less stable deposits.


            10 'Fully insured' means that 100 percent of the deposit amount is covered by an effective deposit insurance scheme. Deposit balances up to the deposit insurance limit can be treated as "fully insured". However, any amount in excess of the deposit insurance limit is to be treated as 'less stable'. For example, if a depositor has a deposit of BD 150,000 that is covered by a deposit insurance scheme, which has a limit of BD 100,000, where the depositor would receive at least BD 100,000 from the deposit insurance scheme if the bank were unable to pay, then BD 100,000 would be considered "fully insured" and treated as stable deposits, while BD 50,000 would be treated as less stable deposits.

            August 2018

          • LM-12.4.8

            The presence of deposit insurance alone is not sufficient to consider a deposit 'stable' if it does not satisfy all of the conditions previously outlined.

            August 2018

        • Liabilities Receiving a 90 Percent ASF Factor

          • LM-12.4.9

            Liabilities receiving a 90 percent ASF factor comprise of 'less stable' demand deposits, saving deposits and/or term deposits with residual maturities of less than 1 year provided by retail and small business customers.

            August 2018

        • Liabilities Receiving a 50 Percent ASF Factor

          • LM-12.4.10

            Liabilities receiving a 50 percent ASF factor comprise:

            (a) Funding (secured and unsecured) with a residual maturity of less than 1 year provided by non-financial corporate customers;
            (b) Operational deposits (as defined in Appendix E);
            (c) Funding with residual maturity of less than 1 year from sovereigns, public sector entities (PSEs), and multilateral and national development banks; and
            (d) Other funding (secured and unsecured) not included in the categories above with a residual maturity of between 6 months to less than 1 year, including funding from central banks and financial institutions.

            'Funding' refers to all sources of funding including deposits, loans and others.

            August 2018

        • 5) Liabilities Receiving a 0 Percent ASF Factor

          • LM-12.4.11

            Liabilities receiving a 0 percent ASF factor comprise:

            (a) All other liability categories not included in the above categories, including other funding with residual maturity of less than 6 months from the central bank and financial institutions;
            (b) Other liabilities without a stated maturity. This category may include short positions and open maturity positions. Two exceptions can be recognized for liabilities without a stated maturity:
            i. First, deferred tax liabilities, which must be treated according to the nearest possible date on which such liabilities could be realized; and
            ii. Second, minority interest, which must be treated according to the term of the instrument, usually in perpetuity.
            These exceptions would then be assigned either a 100 percent ASF factor if the effective maturity is 1 year or greater, or 50 percent, if the effective maturity is between 6 months and less than 1 year.
            (c) NSFR derivative liabilities, as calculated according to LM-12.4.3 and LM-12.4.4, and NSFR derivative assets, as calculated according to LM-12.4.21 and LM-12.4.22, if the NSFR derivative liabilities are greater than NSFR derivative assets;11 and
            (d) 'Trade date' payables arising from purchases of financial instruments, foreign currencies and commodities that (i) are expected to settle within the standard settlement cycle or period that is customary for the relevant exchange or type of transaction, or (ii) have failed to, but are still expected to, settle.

            11 In this case, ASF = 0% x MAX ((NSFR derivative liabilities - NSFR derivative assets), 0).

            August 2018

          • LM-12.4.12

            Table (1) below summarizes the components of each of the ASF categories and the associated maximum ASF factor to be applied in calculating a bank's total amount of available stable funding.

            Table 1: Summary of Liability Categories and Associated ASF Factors

            ASF Factor Components of ASF Category
            100%
            •   Total regulatory capital (excluding Tier 2 instruments with a residual maturity of less than 1 year);
            •   Other capital instruments and liabilities with an effective residual maturity of 1 year or more;
            •   Deferred tax liabilities with a residual maturity of 1 year or greater; and
            •   Minority interest with a residual maturity of 1 year or more.
            95% Stable demand deposits, saving deposits and term deposits with a residual maturity of less than 1 year provided by retail customers.
            90% Less stable demand deposits, saving deposits and term deposits with a residual maturity of less than 1 year provided by retail and small business customers.
            50%
            •   Funding with a residual maturity of less than 1 year provided by non-financial corporate customers;
            •   Operational deposits;
            •   Funding with a residual maturity of less than 1 year from sovereigns, PSEs, and multilateral and national development banks, Bahrain's Social Insurance Organization and GCC PIFs (where the PIF is a controller of the bank);
            •   Other secured or unsecured funding with a residual maturity between 6 months and less than 1 year not included in the above categories, including funding provided by central banks and financial institutions;
            •   Deferred tax liabilities with a residual maturity of between 6 months and less than 1 year; and
            •   Minority interest with residual maturity between 6 months and less than 1 year.
            ASF Factor Components of ASF Category
            0%
            •   All other liabilities and equity not included in the above categories, including liabilities without a stated maturity (with a specific treatment for deferred tax liabilities and minority interests);
            •   NSFR derivative liabilities net of NSFR derivative assets if NSFR derivative liabilities are greater than NSFR derivative assets; and
            •   'Trade date' payables arising from purchases of financial instruments, foreign currencies and commodities.
            Amended: January 2020
            August 2018

        • Required Stable Funding (RSF)

          • LM-12.4.13

            The amount of RSF funding is measured based on the broad characteristics of the liquidity risk profile of an institution's assets and OBS exposures. The amount of required stable funding is calculated by first assigning the carrying value of an institution's assets to the categories listed in Table 2 below. The amount assigned to each category is then multiplied by its associated RSF factor, and the total RSF is the sum of the weighted amounts added to the amount of OBS activity (or potential liquidity exposure) multiplied by its associated RSF factor.

            August 2018

          • LM-12.4.14

            Definitions mirror those outlined in the LCR, unless otherwise specified12.


            12 For the purposes of calculating the NSFR, HQLA are defined as all HQLA without regard to LCR operational requirements and LCR caps on Level 2 and Level 2B assets that may otherwise limit the ability of some HQLA to be included as eligible HQLA in calculation of the LCR.

            August 2018

          • LM-12.4.15

            The RSF factors assigned to various types of assets are intended to approximate the amount of a particular asset that would have to be funded, either because it will be rolled-over, or because it could not be monetised through sale or used as collateral in a secured borrowing transaction over the course of 1 year without significant expense. Such amounts are expected to be supported by stable funding.

            August 2018

          • LM-12.4.16

            Assets must be allocated to the appropriate RSF factor based on their residual maturity or liquidity value. When determining the maturity of an instrument, investors must be assumed to exercise any option to extend maturity. In particular, where the market expects certain assets to be extended in their maturity, banks must assume such behaviour for the purpose of the NSFR and include these assets in the corresponding RSF category. For amortizing loans, the portion that comes due within the 1-year horizon can be treated in the less-than-1-year residual maturity category.

            August 2018

          • LM-12.4.17

            For the purposes of determining its required stable funding, a bank must; (i) include financial instruments, foreign currencies and commodities for which a purchase order has been executed, and (ii) exclude financial instruments, foreign currencies and commodities for which a sales order has been executed, even if such transactions have not been reflected in the balance sheet under a settlement-date accounting model, provided that; (i) such transactions are not reflected as derivatives or secured financing transactions in the bank's balance sheet, and (ii) the effects of such transactions will be reflected in the institution's balance sheet when settled.

            August 2018

        • Encumbered Assets

          • LM-12.4.18

            Encumbered assets receive RSF factors as follows:

            (a) Assets on the balance sheet that are encumbered for 1 year or more receive a 100 percent RSF factor;
            (b) Assets encumbered for a period of between 6 months and less than 1 year receive the following RSF factors:
            i. 50 percent RSF factor if these assets would receive an RSF factor lower than or equal to 50 percent if unencumbered; and ii. If these assets receive an RSF factor higher than 50 percent if unencumbered, the higher RSF factor is applied.
            (c) Where assets have less than 6 months remaining in the encumbrance period, those assets may receive the same RSF factor as an equivalent asset that is unencumbered.

            Assets that are encumbered for exceptional13 central bank liquidity operations receive 0 percent RSF factor.


            13 In general, exceptional central bank liquidity operations are considered to be non-standard, temporary operations conducted by the central bank in a period of market-wide financial stress and/or exceptional macroeconomic challenges.

            August 2018

        • Secured Financing Transactions

          • LM-12.4.19

            For secured funding arrangements, including securities financing transactions, the following applies:

            (a) Banks must include securities that have been borrowed in securities financing transactions (such as reverse repos and collateral swaps), that appear on the banks' balance sheets and where the banks retain beneficial ownership. Otherwise, banks must not include the securities; and
            (b) Where banks have encumbered securities in repos or other securities financing transactions, but have retained beneficial ownership and those assets remain on the bank's balance sheet, the bank must allocate such securities to the appropriate RSF category.
            August 2018

          • LM-12.4.20

            Securities financing transactions with a single counterparty may be measured net when calculating the NSFR, provided that the netting conditions are as set out below:

            (a) Transactions have the same final settlement date;
            (b) The right to net the amount owed to the counterparty with the amount owed by the counterparty is legally enforceable both currently in the normal course of business and in the event of; (i) default; (ii) insolvency; and (iii) bankruptcy; and
            (c) Transactions are settled net, settled simultaneously, or are subject to a settlement mechanism that results in a single net amount on the settlement date.
            August 2018

        • Calculation of Derivative Asset Amounts

          • LM-12.4.21

            Derivative assets are calculated first based on the replacement cost for derivative contracts (obtained by marking to market) where the contract has a positive value. When an eligible bilateral netting contract is in place that meets the conditions as specified, as per the 'bilateral netting agreements' conditions specified in Appendix F, the replacement cost for the set of derivative exposures covered by the contract will be the net replacement cost.

            August 2018

          • LM-12.4.22

            In calculating NSFR derivative assets, collateral received in connection with derivative contracts may not offset the positive replacement cost amount, regardless of whether or not netting is permitted under the bank's operative accounting or risk-based framework, unless it is received in the form of a cash variation margin and meets the conditions as specified in Appendix G14. Any remaining balance sheet liability associated with; (a) variation margin received that does not meet the criteria above, or (b) initial margin received, may not offset derivative assets and must be assigned a 0 percent ASF factor.


            14 NSFR derivative assets = (derivative assets) - (cash collateral received as variation margin on derivative assets).

            August 2018

        • 1) Assets Assigned a 0 Percent RSF Factor

          • LM-12.4.23

            Assets assigned a 0 percent RSF factor comprise:

            (a) Coins and banknotes immediately available to meet obligations;
            (b) All central bank reserves (including required reserves and excess reserves);
            (c) All claims on central banks with residual maturities of less than 6 months; and
            (d) 'Trade date' receivables arising from the sales of financial instruments, foreign currencies and commodities that; (i) are expected to settle within the standard settlement cycle or period that is customary for the relevant exchange or type of transaction, or (ii) have failed to, but are still expected to, settle.
            August 2018

        • 2) Assets Assigned a 5 Percent RSF Factor

          • LM-12.4.24

            Assets assigned a 5 percent RSF factor comprise unencumbered level 1 HQLA, as defined in Appendix H, excluding assets receiving a 0 percent RSF factor as specified above, and including:

            (a) Marketable securities representing claims on or guaranteed by sovereigns, central banks, PSEs and MDBs that are assigned a 0 percent risk weight under Appendix I, Government of Bahrain, the CBB, the BIS, the IMG, the ECB and the EC; and
            (b) Marketable securities representing claims on, or guaranteed by, certain non-0 percent risk-weighted sovereign or central bank debt securities, as specified in Appendix I.
            August 2018

        • 3) Assets Assigned a 10 Percent RSF Factor

          • LM-12.4.25

            Unencumbered loans and deposits with financial institutions with residual maturities of less than 6 months, where the loan is secured against level 1 HQLA as defined in Appendix H, and where the bank has the ability to freely re-hypothecate the received collateral for the life of the loan.

            August 2018

        • 4) Assets Assigned a 15 Percent RSF Factor

          • LM-12.4.26

            Assets assigned a 15 percent RSF factor comprise of:

            (a) Unencumbered level 2A HQLA, as defined in Appendix H, including:
            (i) Marketable securities representing claims on or guaranteed by sovereigns, central banks, PSEs or MDBs that are assigned a 20 percent risk weight under Appendix I; and
            (ii) Corporate debt securities/Sukuk (including commercial paper) and covered bonds with a credit rating equal or equivalent to at least AA-.
            (b) Other unencumbered loans and deposits with financial institutions with residual maturities of less than 6 months, not included in LM-12.4.25.
            August 2018

        • 5) Assets Assigned a 50 Percent RSF Factor

          • LM-12.4.27

            Assets assigned a 50 percent RSF factor comprise:

            (a) Unencumbered level 2B HQLA, as defined and subject to the conditions set forth in Appendix H, including:
            (i) Corporate debt securities/Sukuk (including commercial paper) with a credit rating of between A+ and BBB-;
            (ii) Exchange-traded common equity shares not issued by financial institutions or their affiliates.
            (b) Any HQLA, as defined in Appendix H, that are encumbered for a period of between 6 months and less than 1 year;
            (c) All loans and deposits with financial institutions and central banks with residual maturity of between 6 months and less than 1 year;
            (d) Deposits held at other deposit-taking financial institutions for operational purposes that are subject to the 50 percent ASF factor in LM-12.4.10; and
            (e) All other non-HQLA not included in the above categories that have a residual maturity of less than 1 year, including loans to non-financial corporate clients, loans to retail customers (i.e. natural persons) and small business customers, and loans to sovereigns and PSEs.
            August 2018

        • 6) Assets Assigned a 65 Percent RSF Factor

          • LM-12.4.28

            Assets assigned a 65 percent RSF factor comprise of:

            (a) Unencumbered residential mortgages with a residual maturity of 1 year or more that would qualify for a 35 percent or lower risk weight under the Capital Adequacy Ratio Guidelines; and
            (b) Other unencumbered loans and deposits not included in the above categories, excluding loans and deposits with financial institutions, with a residual maturity of 1 year or more that would qualify for a 35 percent or lower risk weight under the CBB Capital Adequacy Ratio Guidelines.
            August 2018

        • 7) Assets Assigned a 85 Percent RSF Factor

          • LM-12.4.29

            Assets assigned an 85 percent RSF factor comprise:

            (a) Cash, securities or other assets posted as initial margin for derivative contracts15 and cash or other assets provided to contribute to the default fund of a central counterparty ('CCP'). Where securities or other assets, posted as initial margin for derivative contracts, would otherwise receive a higher RSF factor, they must retain that higher factor.
            (b) Other unencumbered performing loans16 that do not qualify for the 35 percent or lower risk weight under the CBB Capital Adequacy Ratio Guidelines and have residual maturities of 1 year or more, excluding loans and deposits with financial institutions;
            (c) Unencumbered securities with a remaining maturity of 1 year or more and exchange-traded equities, in cases where the issuer is not in default and where the securities do not qualify as HQLA according to the LCR; and
            (d) Physical traded commodities, including gold.

            15 Initial margin posted on behalf of a customer, where the bank does not guarantee performance of the third party, would be exempt from this requirement.

            16 Performing loans are considered to be those that are not past due for more than 90 days. Conversely, non-performing loans are considered to be loans that are more than 90 days past due.

            August 2018

        • 8) Assets Assigned a 100 Percent RSF Factor

          • LM-12.4.30

            Assets assigned a 100 percent RSF factor comprise:

            (a) All assets that are encumbered for a period of 1 year or more;
            (b) NSFR derivative assets, as calculated according to LM-12.4.21 and LM-12.4.22, and NSFR derivative liabilities, as calculated according to LM-12.4.3 and LM-12.4.4, if NSFR derivative assets are greater than NSFR derivative liabilities;17
            (c) All other assets not included in the above categories, including non-performing loans (net of specific provisions), loans and deposits with financial institutions with a residual maturity of 1 year or more, non-exchange-traded equities, fixed assets, items deducted from regulatory capital, insurance assets and defaulted securities; and
            (d) 20 percent of derivative liabilities (i.e. negative replacement cost amounts), as calculated according to LM-12.4.3 (before deducting variation margin posted). The CBB has the discretion to lower the value of this factor, with a floor of 5%.

            17 RSF = 100% x MAX ((NSFR derivative assets - NSFR derivative liabilities), 0).

            August 2018

          • LM-12.4.31

            Table 2 summarizes the specific types of assets to be assigned to each asset category and their associated RSF factor.

            Table 2: Summary of Asset Categories and Associated RSF Factors

            RSF Factor Components of RSF Factor
            0%
            •   Coins and banknotes;
            •   All central bank reserves;
            •   All claims on central banks with residual maturities of less than 6 months; and
            •   'Trade date' receivables arising from the sales of financial instruments, foreign currencies and commodities.
            5% Unencumbered level 1 HQLA, excluding coins, banknotes and central bank reserves.
            10% Unencumbered loans and deposits with financial institutions with residual maturities of less than 6 months, where the loan is secured against level 1 HQLA and where the bank has the ability to freely rehypothecate the received collateral for the life of the loan.
            15%
            •   Unencumbered level 2A HQLA;
            •   All other unencumbered loans and deposits with financial institutions with residual maturities of less than 6 months not included in the above categories.
            50%
            •   Unencumbered level 2B HQLA;
            •   HQLA encumbered for a period of 6 months or more, and less than 1 year;
            •   Loans and deposits with financial institutions and central banks with residual maturities between 6 months and less than 1 year;
            •   Deposits held at other financial institutions for operational purposes; and
            •   All other assets not included in the above categories with residual maturity of less than 1 year, including loans to non-financial corporate clients, loans to retail and small business customers, and loans to sovereigns and PSEs.
            65%
            •   Unencumbered residential mortgages with a residual maturity of 1 year or more, and with a risk weight of less than or equal to 35 percent, as per the CBB Capital Adequacy Ratio Guidelines; and
            •   Other unencumbered loans and deposits not included in the above categories, excluding loans and deposits with financial institutions, with a residual maturity of 1 year or more, and with a risk weight of less than or equal to 35 percent, as per the CBB Capital Adequacy Ratio Guidelines.
            85%
            •   Cash, securities or other assets posted as initial margin for derivative contracts and cash or other assets provided to contribute to the default fund of a CCP;
            •   Other unencumbered performing loans with risk weights greater than 35 percent, as per the CBB Capital Adequacy Ratio Guidelines and residual maturities of 1 year or more, excluding loans and deposits with financial institutions;
            Unencumbered securities that are not in default and do not qualify as HQLA with a remaining maturity of 1 year or more, and exchange-traded equities in cases where the issuer is not in default and where the securities do not qualify as HQLA according to the LCR; and
            •   Physical traded commodities, including gold.
            100%
            •   All assets that are encumbered for a period of 1 year or more;
            •   NSFR derivative assets net of NSFR derivative liabilities, if NSFR derivative assets are greater than NSFR derivative liabilities;
            •   20 percent of derivative liabilities (net of eligible cash variation margin); The CBB has discretion to lower the value of this factor, with a floor of 5%; and
            •   All other assets not included in the above categories, including non-performing loans (net of specific provisions), loans and deposits with financial institutions with a residual maturity of 1 year or more, non-exchange-traded equities, fixed assets, items deducted from regulatory capital, insurance assets and defaulted securities.
            August 2018

        • Off-balance Sheet Exposures

          • LM-12.4.32

            Many potential OBS liquidity exposures require little direct or immediate funding, but can lead to significant liquidity drains over a longer time horizon. The NSFR assigns an RSF factor to various OBS activities in order to ensure that institutions hold stable funding for the portion of OBS exposures that may be expected to require funding within a 1-year horizon.

            August 2018

          • LM-12.4.33

            Consistent with the LCR, the NSFR identifies OBS exposure categories based broadly on whether the commitment is a credit or liquidity facility, or some other contingent funding obligation. Table 3 identifies the specific types of OBS exposures to be assigned to each OBS category and their associated RSF factor.

            Table 3: Summary of OBS Categories and Associated RSF Factors

            RSF Factor RSF Category
            5% of the currently undrawn portion
            •   Irrevocable and conditionally revocable credit and liquidity facilities;
            •   Other contingent funding obligations, including products and instruments such as:
            •   Unconditionally revocable credit and liquidity facilities;
            •   Trade finance-related obligations (including guarantees and letters of credit);
            •   Guarantees and letters of credit unrelated to trade finance obligations;
            •   Non-contractual obligations such as:
            •   Potential requests for debt repurchases of the bank's own debt, or that of related conduits, securities investment vehicles and other such financing facilities;
            •   Structured products where customers anticipate ready marketability, such as adjustable rate notes and variable rate demand notes ('VRDNs').
            •   Managed funds that are marketed with the objective of maintaining a stable value.
            August 2018

      • LM-12.5 LM-12.5 General Disclosure Requirements

        • LM-12.5.1

          Bahraini conventional bank licensees must report their NSFR ratios to the CBB on a quarterly basis within 14 calendar days of the quarter end as per Appendix BR-24.

          Amended: January 2020
          August 2018

        • LM-12.5.2

          Bahraini conventional bank licensees must disclose the NSFR on a consolidated basis in their quarterly and year-end financial statements as per Appendix C. Banks must also make previous NSFR reports available on their websites.

          Amended: January 2020
          August 2018

        • LM-12.5.3

          Bahraini conventional bank licensees must must provide sufficient qualitative disclosures relevant to the NSFR, in their quarterly and year-end financial statements, to facilitate understanding of the results and data disclosed. This may include analysis of the main drivers of the NSFR results, changes during the period for which the data is prepared or compared to the date of the last disclosure (such as changes to the bank's strategy, funding structure or any other circumstances).

          Amended: January 2020
          August 2018

    • Appendix A Illustrative Summary of the LCR

      Item Factor
      Stock of HQLA
      A. Level 1 Assets
      •   Coins and banknotes;
      •   Qualified balances with the CBB (including placements and reserves);
      •   Debt securities/Sukuk issued by the CBB or the Government of Bahrain;
      •   Debt securities/Sukuk issued governments of GCC member states and their central banks;
      •   Debt securities/Sukuk that can be monetised and issued or guaranteed by sovereigns, central banks, PSEs, IMF, BIS, ECB, EC, or MDBs;
      •   Debt securities/Sukuk issued in local currency by sovereign or the country's central bank, where the liquidity risk arises or the banks home country—given a non-0 percent Risk-weight (RW); and
      •   Debt securities/Sukuk issued in foreign currency by sovereign or central bank that does not exceed the value of the net cash outflow in the foreign currency caused by a stress scenario based on the bank's operations in the country where the liquidity risk arises from—given a non-0 percent RW.
      100%
      Total level 1 Assets
      B. Level 2 assets (maximum of 40 percent Of HQLA)
       
      1) Level 2A assets
       
      •   Debt securities/Sukuk that can be issued and liquidated or guaranteed by sovereigns, central banks, PSEs, and qualified MDBs;
      •   Debt securities/Sukuk qualified for liquidation (including commercial paper); and
      •   Qualified covered bonds.
      85%
      2) Level 2B assets (maximum of 15 percent of HQLA)
       
      •   Debt securities/Sukuk (including commercial paper) issued by qualified non-financial institutions; and
      •   Qualified common equity shares.
      50%
      Total level 2 Assets (1+2)  
      Total value of stock of HQLA  
      Cash Outflows
      Retail Deposits
      Demand deposits and term deposits (maturity within 30 days):  
      •   Stable deposits; and
      3%
      •   Less stable—retail deposits
      10%
      B. Unsecured Wholesale Funding
      Small Business Customer deposits 10%
      Operational deposits generated by clearing, custody, and cash management: 25%
      Deposits from non-financial institutions, sovereign, central banks, multilateral development banks, PSEs, and Bahrain's Social Insurance Organization and GCC PIFs where PIF is a controller of the bank. 40%
      Deposits from other legal entity corporations. 100%
      C. Secured Funding
       
      •   Backed by level 1 assets or with central banks;
      0%
      •   Backed by level 2A assets;
      15%
      •   Secured funding transactions with domestic sovereign, PSE's or multilateral development banks that are not baked by level 1 or 2A assets;
      25%
      •   Backed by other level 2B assets;
      50%
      •   All others.
      100%
      D. Other Cash Outflow
       
      Net derivative cash outflow 100%
      Asset-backed securities, covered bonds, and other structured financing instruments 100%
      Asset-backed commercial paper, securities paper, securities investment vehicles, and other similar financing tool 100%
      Committed: credit and liquidity facilities given by bank to:  
      •   Retail (including credit cards) and small business customers (from amount not used);
      5%
      •   Non-financial corporates, sovereigns and central banks, PSEs and multilateral development banks (from amount not used);
      10% credit 30% Liquidity
      •   Banks subject to prudential supervision (from amount not used);
      40%
      •   Other financial institutions (including securities firms and insurance firms) (from amount not used);
      40% credit 100% liquidity
      •   Other legal entities (from amount not used).
      100%
      Other Contingent Funding Obligations  
      •   Guarantees, LCs, revocable credit and liquidity facilities, non-contractual commitments;
      5%
      •   Customer short positions that are covered by other customers' collateral.
      50%
      Increased liquidity needs related to the potential for valuations changes on posted collateral 20%
      Other contractual cash outflows 100%
      Total Cash Outflow  
      Cash Inflows Inflow rates
      A. Secured lending transactions backed by the following asset category:
       
        Level 1 assets; 0%
        Level 2A assets; and 15%
        Level 2B assets. 50%
        Margin lending backed by all other collateral: 50%
        Other collateral. 100%
      B. Committed facilities—credit and liquidity facilities given to banks;
      0%
      C. Other inflows by:
       
       
      •   Retail and small business customer;
      50%
       
      •   Non-retail customers:
       
        1.Financial institutions and central banks; and
        2.Non-financial institutions.
      100%
      50%
      •   Operational deposits held at other financial institutions.
      0%
      D. Other net derivative cash inflows; and
      100%
      E. Other contractual cash inflows.
      100%
      Total Cash Inflows  
      Net cash outflow = total cash outflow—total cash inflow or lowest value (75 percent of total cash outflow).  
      Liquidity coverage ratio—HQLA / Net cash outflow.  
      August 2018

    • Appendix B LCR Common Disclosure Template

        Total unweighted value (average) Total weighted value (average)
      High-quality liquid assets
      1 Total HQLA    
      Cash outflows
      2 Retail deposits and deposits from small business customers, of which:
      3 Stable deposits    
      4 Less stable deposits    
      5 Unsecured wholesale funding, of which:
      6 Operational deposits (all counterparties) and deposits in networks of cooperative banks    
      7 Non-operational deposits (all counterparties)    
      8 Unsecured debt    
      9 Secured wholesale funding    
      10 Additional requirements, of which:
      11 Outflows related to derivative exposures and other collateral requirements    
      12 Outflows related to loss of funding on debt products    
      13 Credit and liquidity facilities    
      14 Other contractual funding obligations    
      15 Other contingent funding obligations    
      16 Total Cash Outflows    
      Cash inflows
      17 Secured lending (eg reverse repos)    
      18 Inflows from fully performing exposures    
      19 Other cash inflows    
      20 Total Cash Outflows    
        Total adjusted value
      21 Total HQLA    
      22 Total net cash outflows    
      23 Liquidity Coverage Ratio (%)    
      August 2018

    • Appendix C NSFR Common Disclosure Template

      Appendix C: NSFR Common Disclosure Template18

      For the Period Ending on.../.../...... "Value in BHD 000"

      No. Item Unweighted Values (i.e. before applying relevant factors)  
      No specified maturity Less than 6 months More than 6 months and less than one year Over one year Total weighte d value
      Available Stable Funding (ASF):          
      1 Capital:          
      2 Regulatory Capital          
      3 Other Capital Instruments          
      4 Retail deposits and deposits from small business customers:          
      5 Stable deposits          
      6 Less stable deposits          
      7 Wholesale funding:          
      8 Operational deposits          
      9 Other wholesale funding          
      10 Other liabilities:          
      11 NSFR derivative liabilities          
      12 All other liabilities not included in the above categories          
      13 Total ASF          
      Required Stable Funding (RSF):
      14 Total NSFR high-quality liquid assets (HQLA)          
      15 Deposits held at other financial institutions for operational purposes          
      16 Performing loans and securities:          
      17 Performing loans to financial institutions secured by Level 1 HQLA          
      18 Performing loans to financial institutions secured by non-level 1 HQLA and unsecured performing loans to financial institutions          
      19 Performing loans to non- financial corporate clients, loans to retail and small business customers, and loans to sovereigns, central banks and PSEs, of which:          
      20
      •   With a risk weight of less than or equal to 35% as per the CBB Capital Adequacy Ratio guidelines
               
      21 Performing residential mortgages, of which:          
      22 With a risk weight of less than or equal to 35% under the CBB Capital Adequacy Ratio Guidelines          
      23 Securities that are not in default and do not qualify as HQLA, including exchange-traded equities          
      24 Other assets:          
      25 Physical traded commodities, including gold          
      26 Assets posted as initial margin for derivative contracts and contributions to default funds of CCPs          
      27 NSFR derivative assets          
      28 NSFR derivative liabilities before deduction of variation margin posted          
      29 All other assets not included in the above categories          
      30 OBS items          
      31 Total RSF          
      32 NSFR (%)          

      18 Quarterly statement.

      12 Quarterly statement

      August 2018

    • Appendix D Definitions

      Appendix D: Definitions19

      In the context of these Guidelines, the following terminologies take the meanings corresponding to each of them:

      1. 'Bank' means any bank fully recognized as such by the relevant regulator of the country in which it is registered, except such a bank which:
      a. In the opinion of the central bank, is not adequately supervised by the relevant banking supervisory authority;
      b. The license or other authorization of which to carry on banking business is, for the time being, suspended.
      2. 'Banking groups' are groups that engage predominantly in banking activities and are registered as banks in the relevant jurisdiction.
      3. 'PSE' means a public sector entity which is specified as such either by the central bank ('domestic PSE') or by an overseas banking supervisory authority ('foreign PSE'). Domestic PSEs include those entities owned by the government, excluding the subsidiaries of such institutions undertaking commercial activities.
      4. 'Financial Institutions' are institutions defined as financial institutions by the CBB (local financial institutions) or by foreign banking regulators (foreign financial institutions); examples of financial institutions include investment companies, insurance companies and currency exchange companies.
      5. 'MDB' means a multilateral development bank, which refers to any bank or lending or development body established by agreement between, or guaranteed by, two or more countries, territories or international organizations, other than for purely commercial purposes.
      6. 'Off-balance Sheet ('OBS') Activities" refers to a banks' business that does not generally involve booking assets or liabilities. Examples include the granting of standby commitments, letters of credit and guarantees.
      7. 'Repo-style Transactions' means transactions involving the sale and repurchase ('repo') of assets, purchase and resale ('reverse repo') of assets, as well as securities lending and securities borrowing. The term 'repo-style transactions' is generally taken to refer to any of the following transactions of a bank:
      i Sale and repurchase ('repo') of securities—the bank agrees to sell securities to a third party for cash with a commitment to repurchase the securities at an agreed price on an agreed future date.
      ii Securities lending—the bank lends securities to a third party and receives either cash or other securities from that party in exchange as collateral.
      iii Purchase and resale ('reverse repo') of securities—the bank agrees to acquire securities from a third party for cash, with a commitment to resell the securities at an agreed price on an agreed future date (i.e. the reverse of repo transactions).
      iv Securities borrowing—the bank borrows securities from a third party and gives cash or other securities to that party in exchange as collateral.
      8. 'Secured Obligations' means obligations that are secured by legal rights on specifically designated assets owned by the bank which are used in the case of bankruptcy, insolvency or liquidation.
      9. 'High-Quality Liquid Asset ('HQLA')' an asset is considered to be HQLA if it can be easily and immediately converted into cash at little or no loss of value under stress scenarios.
      10. 'Operational Deposits' are the deposits generated by clearing, custody and cash management activities.
      11. 'Stable Deposits' are the amounts of the deposits that are fully insured by a deposit insurance scheme which represents a portion from the deposits in the transactional accounts (e.g. accounts where salaries are automatically deposited), as per the provisions of those regulations.
      12. 'Transactional Accounts' are defined as the accounts used to settle transactions pertaining to salaries and customer income.
      13. 'Unencumbered Assets' means assets free of legal, regulatory, contractual or other restrictions on the ability of the bank to liquidate, sell or transfer these assets. Liquid assets should not be used to cover trading positions or to secure, collateralize or credit-enhance any transaction, nor be designated to cover operational costs (such as rents and salaries).
      14. 'Retail Deposits' are defined as deposits placed with a bank by a natural person. Deposits from legal entities, sole proprietorships or partnerships are captured in wholesale deposit categories.
      15. 'Wholesale Funding' is defined as those deposits and obligations that are raised from non-natural persons (i.e. legal entities, including sole proprietorships and partnerships).
      16. 'Small Business Deposits' are the deposits that are considered as having similar characteristics to retail accounts, provided the total aggregated funding raised from one small business customer is less than BHD 500,000 (on a consolidated basis where applicable).
      17. 'Default Funds', also known as clearing deposits or guarantee fund contributions (or any other names), are clearing members' funded or unfunded contributions towards, or underwriting of, a CCP's mutualized loss-sharing arrangements.
      18. 'Central Counterparty (CCP)' is the party that intermediates in the settlement process between counterparties to contracts related to financial instruments, becoming the buyer to every seller, and the seller to every buyer in the market.
      19. 'Principal Amount' means the amount of any outstanding claim (excluding any interest and other expenses) on, or contingent liability in respect of, the relevant counterparty.
      20. 'Variation Margin' means a clearing member's or client's funded collateral posted on a daily or intraday basis, to a CCP based upon price movements of their transactions.
      21. 'Initial Margin' means a clearing member's or client's funded collateral posted to the CCP to mitigate the potential future exposure of the CCP to the clearing member, arising from the possible future change in the value of the transactions.
      22. 'Fiduciary' is a legal entity that is authorised to manage assets on behalf of a third party. Fiduciaries include asset management entities such as pension funds and other collective investment vehicles.

      19 Definitions mirror those in the Capital Adequacy Ratio—Basel III and the LCR guidelines.

      August 2018

    • Appendix E Operational Deposits

      Appendix E: Operational Deposits20

      1. Certain banking activities related to payments and settlement systems lead to customers needing to place, or leave, deposits with a bank in order to cover such transactions. This is conditional on the fact that the activities have a substantive dependency with the bank and the deposit is required for such activities;
      2. Qualifying activities in this context refer to clearing, custody or cash-management activities that meet the following criteria:
      a. The customer is reliant on the bank to perform these services as an independent third party intermediary in order to fulfil its normal banking activities over the next 30 days. For example, this condition would not be met if the bank is aware that the customer has adequate back-up arrangements;
      b. These services must be provided under a legally-binding agreement to customers; and
      c. The termination of such agreements shall be subject either to a notice period of at least 30 days or significant switching costs (such as those related to transaction, information technology, early termination or legal costs) to be borne by the customer if the operational deposits are moved before 30 days.
      3. Qualifying operational deposits generated by such activities are ones where:
      a. The deposits are by-products of the underlying services provided by the bank and are not sought out in the wholesale market; and
      b. The deposits are held in specifically designated accounts and priced without giving an economic incentive to the customer.
      4. Only that part of the deposit balance with the service provider that is proven to serve a customer's operational needs can qualify as stable. Excess balances should be treated in the appropriate category for (non-operational) deposits. If the bank is unable to determine the amount of the excess balance, the entire deposit should be considered non-operational;
      5. Banks must determine the methodology for identifying excess balances in operational accounts. The methodology should be conducted at a sufficiently granular level to adequately assess the risk of withdrawal in an idiosyncratic stress. The methodology should take into account relevant factors, such as the average balances in advance of specific payment needs;
      6. If the deposit arises out of correspondent banking, or from the provision of prime brokerage services, it will be treated as if it was a non-operational activity for the purpose of determining run-off factors21 .

      Appendix E: Operational Deposits22 (Continued)

      7. The portion of the operational deposits generated by clearing, custody and cash management activities that is fully covered by deposit insurance can receive the same treatment as 'stable' retail deposits;
      8. A clearing relationship, in this context, refers to a service arrangement, granted by the bank as a direct participant in settlement systems that enables customers to transfer funds (or securities) indirectly through participants in domestic settlements systems to final recipients. Such services are limited to the following activities; transmission, overdraft and settlement;
      9. A custody relationship refers to the provision of safekeeping, reporting, processing of assets or the facilitation of the operational and administrative elements of related activities on behalf of customers in the process of their transacting and retaining financial assets. Such services are limited to the settlement of securities transactions, the transfer of contractual payments, the processing of collateral, and the receipt of dividends and other income, transfer of funds and stocks and agency services, including payment and settlement services (excluding correspondent banking);
      10. A cash management relationship refers to the provision of cash management and related services to customers. Cash management services refers to those products and services provided to a customer to manage its cash flows, assets and liabilities, and conduct financial transactions necessary to the customer's operational activities. Such services are limited to payment remittance, collection and aggregation of funds, payroll administration, and control over the disbursement of funds.

      20 Based on the definition of operational deposits in the LCR guidelines.

      21 Correspondent banking refers to arrangements under which one bank (correspondent) holds deposits owned by other banks (respondents) and provides payment and other services in order to settle foreign currency transactions (e.g. so called 'nostro' and 'vostro' accounts used to settle transactions in a currency other than the domestic currency of the respondent bank, for the provision of clearing and settlement of payments). Prime brokerage is a package of services offered to large active investors, particularly institutional hedge funds. These services usually include: clearing, settlement and custody; consolidated reporting; financing (margin, repo or synthetic); securities lending; capital introduction, and risk analytics.

      22 Based on the definition of operational deposits in the LCR guidelines.

      August 2018

    • Appendix F Bilateral Netting Agreements

      Appendix F: Bilateral Netting Agreements23

      1. Exposures to the same counterparties arising out of a range of forwards, swaps, options and similar derivative contracts, could be subject to a netting treatment according to the following requirements.
      2. Accordingly, for the NSFR purposes:
      a. Banks may net transactions subject to novation under which any obligation between a bank and its counterparty to deliver a given currency, on a given value date, is automatically amalgamated with all other obligations for the same currency and value date, legally substituting one single amount for the previous gross obligations;
      b. Banks may also net transactions subject to any legally valid form of bilateral netting not covered in (a), including other forms of novation; and
      c. In both cases (a) and (b), a bank will need to satisfy the CBB that it has:
      i. A netting contract or agreement with the counterparty which creates a single legal obligation, covering all included transactions, so that the bank would have either a claim to receive, or an obligation to pay, only the net sum of the positive and negative mark-to-market values of included individual transactions in the event a counterparty fails to perform due to any of the following; default, bankruptcy, liquidation or similar circumstances;
      ii. Written and reasoned legal opinions that, in the event of a legal challenge, the relevant courts and administrative authorities would find the bank's exposure to be such a net amount under:
      a) The law of the jurisdiction in which the counterparty is chartered and the branch that conducted the netting;
      b) The law that governs the individual transactions;
      c) The law that governs any contract or agreement necessary to effect the netting;
      iii. In this context, the banks may use the following applicable market accepted standard agreements:
      •   International Swaps and Derivatives Association ('ISDA') Master Agreement (English law or New York law, as applicable);
      •   International Foreign Exchange Master Agreement('IFEMA') for FX transactions
      •   FX Net Agreements for FX transactions;
      •   Worldwide Foreign Exchange Netting and Close-Out Agreement for FX transactions;
      •   Global Foreign Exchange Netting and Close-Out Agreement ('FXNET "Non-User" Agreement') for FX transactions;
      •   International Currency Option Master Agreement ('ICOM');
      iv. Banks are only permitted to avail the benefit of Master Netting Agreements in jurisdictions where such agreements are legally enforceable (i.e. where legal precedence exists). The use of such netting should also be supported by the positive opinion of the licensed bank's Legal department; and
      v. Banks intending to use any Master Netting Agreements other than those listed in previous paragraph should seek the explicit approval of the CBB to do so.
      3. Procedures are in place to ensure that the legal characteristics of netting arrangements are kept under review, in the light of possible changes that may be applicable to these type of agreements at a later stage;
      4. In certain arrangements (such as contracts including 'walk away clauses') where the counterparty terminates the contract, this event is not taken into consideration for the purposes of calculating the NSFR. Thus, the exposure is calculated without taking into account the Netting Agreement;
      5. Exposure on bilaterally-netted derivative transactions will be calculated as the sum of the net mark-to-market replacement cost, if positive, plus an add-on based on the notional underlying principal. The add-on for netted transactions ('ANet') will equal the weighted average of the gross add-on ('AGross')24 and the gross add-on adjusted by the ratio of net current replacement cost to gross current replacement cost ('NGR'). This is expressed through the following formula:

      ANet=0.4*AGross+0.6*NGR*AGross

      Where:

      NGR=level of net replacement cost/level of gross replacement cost for transactions subject to legally enforceable netting agreements.25
      6. The scale of the gross add-ons to apply in this formula will be the same as those for non-netted transactions, as set out in the CBB's Capital Adequacy Ratio Guidelines. The CBB will continue to review the scale of add-ons to make sure they are appropriate; and
      7. For purposes of calculating potential future credit exposure to a netting counterparty for forward foreign exchange contracts and other similar contracts, in which notional principal is equivalent to cash flows, notional principal is defined as the net receipts falling due on each value date in each currency.

      23 Based on the Capital Adequacy Ratio � Basel III Guidelines.

      24 AGross equals the sum of individual add-on amounts (calculated by multiplying the notional principal amount by the appropriate add-on factors set out in the CBB Capital Adequacy Ratio Guidelines) of all transactions subject to legally-enforceable netting agreements with one counterparty

      25 The CBB permits a choice of calculating the NGR on a counterparty by counterparty or on an aggregate basis level for all transactions subject to legally enforceable netting agreements. However, the method chosen by a licensed bank is to be used consistently. Under the aggregate approach, net negative current exposures to individual counterparties cannot be used to offset net positive current exposures of another counterparty, i.e. for each counterparty the net current exposure used in calculating the NGR is the maximum of the net replacement cost or zero. Note that under the aggregate approach, the NGR is to be applied individually to each legally enforceable netting agreement.

      August 2018

    • Appendix G Utilising the Cash Portion of Variation Margin Received to Reduce the Replacement Cost

      Appendix G: Utilising the Cash Portion of Variation Margin Received to Reduce the Replacement Cost26

      Banks may use the cash portion of variation margin received to reduce the replacement cost portion (but not the potential future exposure) of the leverage ratio exposure measure, and may deduct the receivables assets from the cash variation margin provided from the leverage ratio exposure measure (if the cash variation margin provided has been recognized as an asset under the bank's accounting framework) subject to the following conditions being met:

      a. For trades not cleared through a qualifying central counterparty ('QCCP') the cash received by the recipient counterparty is not segregated from the cash portion of the variation margin;
      b. Variation margin is calculated and exchanged on a daily basis based on mark-to-market valuation of derivatives positions;
      c. The cash variation margin is received in the same currency as the currency of settlement of the derivative contract;
      d. Variation margin exchanged is enough to cover the mark-to-market exposure of the derivative; and
      e. Derivatives transactions and variation margins are covered by a single MNA between the counterparties, and the MNA must be legally enforceable.

      26 Based on the Leverage Ratio for Conventional Banks guidelines.

      August 2018

    • Appendix H High Quality Liquid Assets as per the LCR

      1. Assets are generally qualified as HQLA if they can be easily and immediately converted into cash at little, or no, loss of value under stress circumstances; and
      2. The conditions identified in the following paragraphs must be satisfied by levels 1 and 2 assets.
      1) Level 1 Assets
      3. Level 1 assets are included in their applicable market value, can comprise of an unlimited share of the pool and are not subject to haircuts.
      4. Level 1 assets are limited to:
      a. Coins and banknotes;
      b. Assets with central banks in the countries in which the liquidity risk is being taken (including cash reserves27 ) to the extent that allows banks to draw down these assets in times of stress;
      c. Debt securities/Sukuk issued by the CBB or the Government of the State of Bahrain;
      d. Debt securities/Sukuk issued or guaranteed by sovereigns, central banks, PSEs, the IMF, the BIS, the ECB and EC, or development banks and satisfying all of the following conditions:
      i. Assigned a 0 percent risk-weight as shown in Appendix I;
      ii. Traded in large, deep and active repo or cash markets, characterized by a low level of concentration;
      iii. Have a proven record as a reliable source of liquidity in the markets (repo or sale), even during stressed market conditions;
      iv. Not an obligation of a financial institution or any of its subsidiary entities28 ;
      e. Where the sovereign has a non-0 percent risk weight, debt securities/Sukuk issued in domestic currency by the sovereign or central bank in the country in which the liquidity risk is being taken or in the bank's home country; and
      f. Where the sovereign has a non-0 percent risk weight, debt securities/Sukuk in foreign currencies issued by the sovereign or central bank up to the amount of the bank's stressed net cash outflows in that specific foreign currency stemming from the bank's operations in the jurisdiction where the bank's liquidity risk is being taken.
      2) Level 2 Assets
      A. Level 2A Assets
      5. Level 2A assets are limited to the following:
      a. Debt securities/Sukuk issued or guaranteed by sovereigns, central banks, PSEs or MDBs that satisfy all of the following conditions:
      i. Assigned a 20 percent risk weight as per Annexure (F);
      ii. Traded in large, deep and active repo or cash markets as characterized by a low level of concentration;
      iii. Have a proven record as a reliable source of liquidity in the markets (repo or sale) even during stressed market conditions (i.e. maximum decline of price not exceeding 10 percent, or the increase in haircut not exceeding 10 percent over a 30-day period during a relevant period of significant liquidity stress); and
      iv. Not an obligation of a financial institution or any of its affiliated entities.

      Debt securities/Sukuk that can be monetised (including commercial paper)29 and covered bonds30 that satisfy all of the following conditions:
      i. Not issued by a financial institution or any of its affiliated entities;
      ii. In the case of covered bonds: not issued by the bank itself or any of its affiliated entities;
      iii. Either have a long-term credit rating from a recognized ECAI of at least (AA-) or in the absence of a long-term rating, a short-term rating equivalent in quality to the long-term rating;
      iv. Traded in large, deep and active repo or cash markets characterized by a low level of concentration; and
      v. Have a proven record as a reliable source of liquidity in the markets (repo or sale) even during stressed market conditions (i.e. maximum decline of price not exceeding 10 percent, or the increase in haircut not exceeding 10 percent, over a 30-day period during a relevant period of significant liquidity stress).
      B. Level 2B Assets
      6. Level 2B assets are limited to the following:
      a. Debt securities/Sukuk (including commercial paper) issued by nonfinancial institutions, that satisfy all of the following conditions:
      i. Debt securities/Sukuk issued by non-financial institutions or one of their subsidiaries and have a long-term credit rating between A+ and BBB- or the equivalent, or in the absence of a long-term rating, a short-term rating equivalent in quality to the long-term rating;
      ii. Traded in large, deep and active repo or cash markets characterized by a low level of concentration; and
      iii. Have a proven record as a reliable source of liquidity in the markets even during stressed market conditions (i.e. maximum decline of price not exceeding 20 percent or the increase in haircut not exceeding 20 percent over a 30-day period during a relevant period of significant liquidity stress).
      b. Common equity shares that satisfy all of the following conditions, subject to a 50 percent haircut:
      i. Not issued by a financial institution or any of its affiliated entities.
      ii. Exchange traded and centrally cleared;
      iii. A constituent of the major stock index in Bahrain or where the liquidity risk is taken;
      iv. Denominated in Bahraini Dinar or in the currency of the jurisdiction where the liquidity risk is taken;
      v. Traded in large, deep and active repo or cash markets characterized by a low level of concentration; and
      vi. Have a proven record as a reliable source of liquidity in the markets (repo or sale) even during stressed market conditions, (i.e. a maximum decline of share price not exceeding 40 percent, or increase in haircut not exceeding 40 percent, over a 30-day period during a relevant period of significant liquidity).
      7. If a bank wishes to include other assets under Level 2B assets, prior approval must be obtained from the CBB.

      27 In this context, the central bank reserves would include demand deposits, overnight deposits and term deposits with the central bank that: (i) are repayable within 30 day or are explicitly and contractually repayable on notice from the depositing bank; or (ii) that the bank can use to obtain financing on a term basis or on an overnight basis. Other term deposits with central banks are not eligible for the stock of HQLA.

      28 This requires that the holder of the security must not have recourse to the financial institution or any of the financial institution's affiliated entities. In practice, this means that securities, such as government-guaranteed issuance during the financial crisis, which remain liabilities of the financial institution, would not qualify for the stock of HQLA. The only exception is when the bank also qualifies as a PSE under the CBB Capital Adequacy Ratio—Basel III Guidelines where securities issued by the bank could qualify for level 1 assets if all necessary conditions are satisfied.

      29 Corporate debt securities (including commercial papers) do not include complex structured products or subordinated debt.

      30 Covered bonds are bonds issued and owned by a bank or mortgage institution and are subject by law to special public supervision designed to protect bond holders. Proceeds deriving from the issue of these bonds must be invested in conformity with the law in assets which, during the whole period of the validity of the bonds, are capable of covering claims attached to the bonds and which, in the event of the failure of the issuer, would be used on a priority basis for the reimbursement of the principal and payment of the accrued interest.

      August 2018

    • Appendix I Mapping Notations Used by Individual ECAIs for Sovereigns, Central Banks, PSEs and MDBs

      Credit Quality31 Risk Weight
      Claims on sovereigns/central banks
      (AAA to AA-) or Equivalent 0%
      (A+ to A-) or Equivalent 20%
      Claims on PSEs
      Claims on local (Bahraini) PSEs 0%
      (AAA to AA-) or Equivalent 20%
      Claims on MDBs
      As per the Capital Adequacy Ratio Guidelines 0%
      As per the Capital Adequacy Ratio Guidelines 20%

      31 Based on rating by Standard and Poor's.

      August 2018

    • Appendix J Illustrative NSFR Computation Template

      August 2018

  • DA DA Digital Finance Advice

    • DA-A DA-A Introduction

      • DA-A.1 DA-A.1 Purpose

        • DA-A.1.1

          This Module sets out the Central Bank of Bahrain's (CBB's) Directive relevant to licensees providing digital financial advice or 'robo-advice' as defined in Module LR, Licensing Requirements Module of the CBB Rulebook Volume 1 in the Kingdom of Bahrain.

          Added: April 2019

        • DA-A.1.2

          This Module should be read in conjunction with the requirements in other parts of the CBB Rulebook, Volume 1, applicable to licensees particularly:

          (a) Principles of Business Module;
          (b) High level Controls Module;
          (c) General Requirements Module;
          (d) Business and Market Conduct Module;
          (e) Operational Risk Management Module;
          (f) Financial Crime Module; and
          (g) Enforcement Module.
          Added: April 2019

        • Legal Basis

          • DA-A.1.3

            This Module contains the CBB's Directive (as amended from time to time) applicable to licensees providing digital financial advice and is issued under the powers available to the CBB under Article 38 of the CBB Law.

            Added: April 2019

          • DA-A.1.4

            For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

            Added: April 2019

      • DA-A.2 DA-A.2 Module History

        • DA-A.2.1

          This Module was first issued in March 2019. It is numbered as version 01. All subsequent changes to this Module are annotated with a sequential version number: UG-3 provides further details on Rulebook maintenance and version control.

          Added: April 2019

        • DA-A.2.2

          A list of recent changes made to this Module is provided below:

          Module Ref. Change Date Description of Changes
               
               
               
               

    • DA-B DA-B Scope of Application

      • DA-B.1 DA-B.1 Introduction

        • DA-B.1.1

          Digital financial advice, otherwise also referred to in common jargon as 'robo advice' or 'automated advice' has gained much popularity globally following advancements in technology. The provision of financial advice is a regulated activity under this Rulebook and the use of technology for providing digital financial advice needs to be governed within the context of sound prudential and conduct regulations in order to safeguard the interests of clients. This Module sets forth the key requirements applicable to licensees who wish to use a digital financial advice tool.

          Added: April 2019

        • DA-B.1.2

          The core of digital financial advice tools is the algorithms embedded in the software. The algorithms use a variety of financial modelling techniques and assumptions to translate data inputs into suggested actions at each step of the financial advice value chain. For this reason, it is essential that the entire process is subject to a comprehensive governance and controls framework.

          Added: April 2019

        • DA-B.1.3

          Additionally, there are confidentiality and data privacy implications if the digital financial advice tool uses the cloud for the analytics. If client data is processed by the tool using the cloud there must be safeguards to avoid noncompliance with applicable laws.

          Added: April 2019

    • DA-1 DA-1 Systems and Controls

      • DA-1.1 DA-1.1 Oversight and Internal Controls

        • Board and Senior Management Involvement

          • DA-1.1.1

            Board and senior management of the licensees providing digital financial advice must maintain effective oversight and governance of the digital financial advice process and the client-facing tool. The board and senior management must establish sound policies, procedures, systems, methodologies and tools in relation to the provision of digital financial advice. Such policies must be comprehensive and cover the following:

            (a) System design and system design documentation;
            (b) Construction of the algorithms, changes and their maintenance;
            (c) Suspension of the use of digital financial advice tool should there be errors;
            (d) Security and access controls;
            (e) Updating input parameters on a timely basis, for example, factors such as market changes or changes in law;
            (f) End to end processes for the advisory service using the digital financial advice tool;
            (g) Oversight over the management of the client-facing tool; and
            (h) Documentation of test strategy explaining scope of testing the algorithms.
            Added: April 2019

        • Internal Controls and Risks

          • DA-1.1.2

            Licensees must establish adequate internal controls to safeguard their clients from unsuitable advice and effectively manage the operational and other relevant risks arising therefrom.

            Added: April 2019

          • DA-1.1.3

            Licensees must ensure that there are documented measures to protect confidentiality of client data consistent with Law No. 30 of 2018, Personal Data Protection Law (PDPL) issued on 12 July 2018.

            Added: April 2019

          • DA-1.1.4

            Licensees providing digital financial advice must ensure that their overall control framework and the algorithm functionality is evaluated and independently tested by an independent external consultant other than the external auditor:

            a) initially upon implementation of this Module and prior to launching the digital financial advice to clients;
            b) when there are any material changes to the systems and controls; and
            c) at least once every 3 years.
            Added: April 2019

          • DA-1.1.5

            The evaluation requirements referred to in Paragraph DA-1.1.4 should cover at a minimum:

            a) the internal control infrastructure, given the nature, scope and complexity of the digital financial advice operation;
            b) the appropriateness of third-party systems or tools used;
            c) validation of the underlying models;
            d) the algorithm's functionality;
            e) the cyber security policies and controls;
            f) the completeness and accuracy of client profiling process including the relevant KYC requirements;
            g) controls on client data protection and confidentiality.
            Added: April 2019

          • DA-1.1.6

            Licensees must ensure that reports of the evaluation referred to in paragraph DA-1.1.4 is provided to the CBB within 2 weeks of completion of the reports, provided however, that the report required under DA-1.1.4(a) should be submitted for the CBB's review and no-objection prior to launching the digital financial advice to clients.

            Added: April 2019

          • DA-1.1.7

            Licensees must ensure that the requirements relating to enhanced due diligence as required under Module FC are met when the client is assessed as higher risk and also where the client relationship (whether at the time of on-boarding or otherwise) is on a non-face-to-face basis.

            Added: April 2019

          • DA-1.1.8

            Licensees offering digital financial advice involving overseas funds must ensure that they comply with the requirements for obtaining authorization, registration and/ or acknowledgement of filing from the CBB under Module ARR of the CBB Rulebook 7: Collective Investment Undertakings.

            Added: April 2019

      • DA-1.2 DA-1.2 Technology

        • DA-1.2.1

          Licensees providing digital financial advice must ensure that they maintain an up to date security policy document containing the following information:

          a) a description of the business IT systems supporting the digital financial advice tool;
          b) the logical security measures and mechanisms in place, specifying the control the licensee will have over such access as well as the nature and frequency of such control;
          c) policies and processes for system monitoring, authentication, confidentiality of communication, intrusion detection, antivirus systems and logs;
          d) the physical security measures and mechanisms of the premises and the data centre of the licensee, such as access controls and environmental security; and
          e) the type of authorised connections from outside, such as with technology partners, service providers and employees working remotely, including the rationale for such connections where applicable.
          Added: April 2019

      • DA-1.3 DA-1.3 Client On boarding and Profiling

        • Client Agreements and On boarding

          • DA-1.3.1

            Further to the requirements under BC-2.4 relevant to retail clients, the licensees providing digital financial advice must agree in writing the terms of business with their clients and ensure that the following are stipulated:

            a) the full scope of the digital financial advice;
            b) the basis for providing digital financial advice including but not limited to methodologies used for the algorithm,
            c) the fees, charges or commissions relevant to the advice being offered;
            d) the specific conditions or triggers and the processes relating to suspension or discontinuation of the use of the digital financial advice client facing tool and possible use or replacement of human judgement;
            e) changes to the algorithm, the key input parameter, assumptions underlying the digital financial advice client facing tool;
            f) the dispute resolution processes are available to the clients if they wish to make a complaint; and
            g) terms on how clients can withdraw from the arrangement and any associated costs.
            Added: April 2019

          • DA-1.3.2

            The terms of business referred to in Paragraph DA-1.3.1 may be presented in a digital format and customer consent may be obtained in digital format subject to complying with relevant law/s.

            Added: April 2019

          • DA-1.3.3

            At the time of on boarding clients and prior to the signing of client agreements, the licensees must:

            (a) explain the scope of the advice (i.e. what advice is being offered, any restrictions or limitations, and any relevant matters not forming part of the advice);
            (b) actively demonstrate to the clients that the advice they are seeking is within the scope of what is being offered;
            (c) explain the methodological approaches to the strategy and the algorithms underlying it;
            (d) inform clients if the licensee believes that the digital financial advice is not appropriate to him based on the understanding of the client profile and objectives;
            (e) inform the clients on the likely benefits and risk resulting from the digital financial advice; and
            (f) ensure that the client understands that any performance numbers presented are hypothetical projections of return and that actual performance of the portfolio may vary from initial projections.
            Added: April 2019

          • DA-1.3.4

            Licensees are not required to disclose the detailed methodology itself, rather the approach utilised in designing the algorithm should be described.

            Added: April 2019

        • Client Profiling

          • DA-1.3.5

            Licensees providing digital financial advice to clients must record the client profile accurately and comprehensively if they are critical or to the extent needed for the algorithms underlying the client facing tool. The licensees must at a minimum:

            (a) obtain information to understand the clients overall financial situation, including sources of regular income, financial returns objective, time horizon, liquidity, legal issues, taxes and any unique constraints;
            (b) obtain information to make assessment of both the customers' risk tolerance, capacity and willingness;
            (c) have a process in place for resolving contradictory or inconsistent responses or advice in a client profiling tool or questionnaire, if any;
            (d) have a process for assessing whether investing (as opposed to saving or paying off debt) is appropriate for the client individual;
            (e) establish a process for contacting customers to update changes to their profile, at least annually; and
            (f) establish appropriate governance and supervisory mechanisms for the client profiling tool.
            Added: April 2019

          • DA-1.3.6

            Due to the nature of digital financial advice tools, much information referred to in the Paragraph DA-1.3.5 will be obtained using questionnaires, which should be comprehensive and fuzzy logic enabled.

            Added: April 2019

          • DA-1.3.7

            Licensees must obtain a declaration from the client to ensure that he understands the scope and nature of digital financial advice and the associated risks and limitations.

            Added: April 2019

          • DA-1.3.8

            Licensees must disclose in writing any actual or potential conflicts of interest arising from any connection or association with product provider, including any material information or facts that may compromise its objectivity or independence.

            Added: April 2019

          • DA-1.3.9

            Licensees must disclose in writing the full particulates of any arrangement, including basis for commissions, charges or fees, involving related parties including parent, associates, fellow subsidiaries and other connected parties.

            Added: April 2019

          • DA-1.3.10

            Any disclosure of information that requires acceptance by the client should be tracked for an acknowledgement or response from the client confirming receipt thereof.

            Added: April 2019

    • DA-2 DA-2 Algorithm Governance

      • DA-2.1 DA-2.1 Design of Algorithm

        • DA-2.1.1

          Licensees providing digital financial advice must ensure that the algorithm embedded within the client facing tool is sufficiently robust and that the algorithm is designed to sufficiently analyse the information in order to make a suitable recommendation. The algorithms must be able to identify and determine clients who are unsuitable for investing in products.

          Added: April 2019

        • DA-2.1.2

          Licensees providing digital financial advice must:

          (a) have appropriate system design documentation that clearly sets out the purpose, scope and design of the algorithms;
          (b) establish decision trees or decision rules as part of the documentation, where relevant;
          (c) establish controls to detect any error or bias in the algorithms;
          (d) have appropriate processes for managing any changes to an algorithm which must include security arrangements to monitor and prevent unauthorised access to the algorithm;
          (e) be able to control, monitor and keep records describing any changes made to algorithms (one way of doing this may be to store different versions of the algorithm electronically);
          (f) review and update algorithms whenever there are factors that may affect their relevance (e.g. market changes and changes in the law);
          (g) have in place controls and processes to suspend the provision of advice either when there are two or more conflicting answers to the risk profiling questions or when an error within an algorithm is detected and that error is likely to result in client loss and/or a breach of client agreement or laws and regulations;
          (h) have in place an appropriate internal sign-off process to ensure that the steps above have been followed; and
          (i) perform compliance checks on the quality of advice provided by the client-facing tool. This must include post-transaction sample testing.
          Added: April 2019

        • DA-2.1.3

          Licensees offering digital financial advice may base their algorithms on different methodological approaches (e.g. Modern Portfolio Theory). Each algorithm would have different assumptions, underlying rules and limitations. In addition, some digital advisers may override the automated algorithm or temporarily halt the digital advisory service in extreme market conditions.

          Added: April 2019

      • DA-2.2 DA-2.2 Testing and Updating Algorithms

        • DA-2.2.1

          Licensees providing digital financial advice must perform back-test to ensure that the methodology reliably produces an output that is consistent with the intended investment recommendation. Such back-testing must be performed at periodic intervals and when changes are made to the tool.

          Added: April 2019

        • DA-2.2.2

          Back-testing in Paragraph DA-2.2.1 refers to testing the digital financial advice tool that seeks to estimate the performance of a strategy or model if it had been employed during a past period. This requires simulating past conditions with sufficient detail.

          Added: April 2019

        • DA-2.2.3

          Licensees providing digital financial advice must maintain and document the policies, procedures and controls to monitor and test their algorithm. They must ensure that, at a minimum, the following process are in place:

          (a) have a documented test strategy that explains the scope of the licensee's testing of algorithms which should include
          i. test plans,
          ii. test cases,
          iii. test results,
          iv. defect resolution (if relevant), and
          v. final test results.
          (b) establish robust testing of algorithms to occur before digital financial advice is first provided to a client, and on a regular basis after that; and
          (c) conduct stress tests at least once a year under various scenarios including extreme adverse and unpredictable market conditions.
          Added: April 2019

        • DA-2.2.4

          Licensees providing digital financial advice must ensure that they have adequate human resources with the competency and expertise to develop and review the methodology of the algorithms.

          Added: April 2019

        • DA-2.2.5

          Licensees providing digital financial advice must not outsource the key processes and management of the client facing tool.

          Added: April 2019

        • DA-2.2.6

          Licensees providing digital financial advice may choose to outsource the development (based on the approach, methodology and design input provided by the licensee) and the day to day maintenance of client-facing tools to a third party. However, the licensee remains responsible for the underlying approach to financial advice, the methodology, design input and also the quality of the advice provided. In order to be able to assume this responsibility, the licensee must understand and control the rationale, risks and decision rules behind the algorithm. Licensees should, nonetheless, subject the outsourcing service provider to appropriate due diligence processes as required by the relevant rules on outsourcing in Module OM.

          Added: April 2019

    • DA-3 DA-3 Dealing and Rebalancing Portfolio

      • DA-3.1 DA-3.1 Dealing Incidental to Offering Digital Financial Advice

        • DA-3.1.1

          Licensees dealing in securities as agents or brokers as part of the digital financial advice offering must comply with the requirements related to conflicts of interest under Module BC and rules incidental to it.

          Added: April 2019

    • DA-4 DA-4 Disclosures

      • DA-4.1 DA-4.1 Ongoing Disclosure

        • DA-4.1.1

          Further to the requirements under BC-2.6 of Module BC of the Rulebook, licensees providing digital financial advice must ensure that the following are disclosed to their clients:

          (a) adequate explanations about the functioning of any client facing tool including whether there are affirmations or confirmations that the client would provide as the tool is being populated;
          (b) at key points in the advice process, inform the client about the limitations and potential consequences of the scope of advice in plain and simple language
          (c) throughout the advice process, inform the client about key concepts and the relevant risks and benefits associated with the advice being provided; and
          (d) disclose separately the fees, costs and charges.
          Added: April 2019

        • DA-4.1.2

          Licensees must disclose to their clients in writing the following with respect to the algorithms used:

          (a) assumptions, limitations and risks of the algorithms;
          (b) circumstances under which the licensees may override the algorithms or temporarily halt the digital advisory service; and
          (c) any material adjustments to the algorithms.
          Added: April 2019

        • DA-4.1.3

          Licensees that provide general financial advice to non-retail clients must provide a warning that such advice does not take into account the client's profile and personal circumstances.

          Added: April 2019

        • DA-4.1.4

          For the purpose of Paragraph DA-4.1.3, general financial advice is defined as financial advice that does not take into account the particular personal circumstances, such as the objectives, financial situation and needs of the client. For example, if an adviser gives information about a product but does not consider the financial goals of the client and the adviser does not actually recommend the client to specifically take up the said product, it is considered general advice.

          Added: April 2019