• DA DA Digital Finance Advice

    • DA-A DA-A Introduction

      • DA-A.1 DA-A.1 Purpose

        • DA-A.1.1

          This Module sets out the Central Bank of Bahrain's (CBB's) Directive relevant to licensees providing digital financial advice or 'robo-advice' as defined in Module LR, Licensing Requirements Module of the CBB Rulebook Volume 1 in the Kingdom of Bahrain.

          Added: April 2019

        • DA-A.1.2

          This Module should be read in conjunction with the requirements in other parts of the CBB Rulebook, Volume 1, applicable to licensees particularly:

          (a) Principles of Business Module;
          (b) High level Controls Module;
          (c) General Requirements Module;
          (d) Business and Market Conduct Module;
          (e) Operational Risk Management Module;
          (f) Financial Crime Module; and
          (g) Enforcement Module.
          Added: April 2019

        • Legal Basis

          • DA-A.1.3

            This Module contains the CBB's Directive (as amended from time to time) applicable to licensees providing digital financial advice and is issued under the powers available to the CBB under Article 38 of the CBB Law.

            Added: April 2019

          • DA-A.1.4

            For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

            Added: April 2019

      • DA-A.2 DA-A.2 Module History

        • DA-A.2.1

          This Module was first issued in March 2019. It is numbered as version 01. All subsequent changes to this Module are annotated with a sequential version number: UG-3 provides further details on Rulebook maintenance and version control.

          Added: April 2019

        • DA-A.2.2

          A list of recent changes made to this Module is provided below:

          Module Ref. Change Date Description of Changes
               
               
               
               

    • DA-B DA-B Scope of Application

      • DA-B.1 DA-B.1 Introduction

        • DA-B.1.1

          Digital financial advice, otherwise also referred to in common jargon as 'robo advice' or 'automated advice' has gained much popularity globally following advancements in technology. The provision of financial advice is a regulated activity under this Rulebook and the use of technology for providing digital financial advice needs to be governed within the context of sound prudential and conduct regulations in order to safeguard the interests of clients. This Module sets forth the key requirements applicable to licensees who wish to use a digital financial advice tool.

          Added: April 2019

        • DA-B.1.2

          The core of digital financial advice tools is the algorithms embedded in the software. The algorithms use a variety of financial modelling techniques and assumptions to translate data inputs into suggested actions at each step of the financial advice value chain. For this reason, it is essential that the entire process is subject to a comprehensive governance and controls framework.

          Added: April 2019

        • DA-B.1.3

          Additionally, there are confidentiality and data privacy implications if the digital financial advice tool uses the cloud for the analytics. If client data is processed by the tool using the cloud there must be safeguards to avoid noncompliance with applicable laws.

          Added: April 2019

    • DA-1 DA-1 Systems and Controls

      • DA-1.1 DA-1.1 Oversight and Internal Controls

        • Board and Senior Management Involvement

          • DA-1.1.1

            Board and senior management of the licensees providing digital financial advice must maintain effective oversight and governance of the digital financial advice process and the client-facing tool. The board and senior management must establish sound policies, procedures, systems, methodologies and tools in relation to the provision of digital financial advice. Such policies must be comprehensive and cover the following:

            (a) System design and system design documentation;
            (b) Construction of the algorithms, changes and their maintenance;
            (c) Suspension of the use of digital financial advice tool should there be errors;
            (d) Security and access controls;
            (e) Updating input parameters on a timely basis, for example, factors such as market changes or changes in law;
            (f) End to end processes for the advisory service using the digital financial advice tool;
            (g) Oversight over the management of the client-facing tool; and
            (h) Documentation of test strategy explaining scope of testing the algorithms.
            Added: April 2019

        • Internal Controls and Risks

          • DA-1.1.2

            Licensees must establish adequate internal controls to safeguard their clients from unsuitable advice and effectively manage the operational and other relevant risks arising therefrom.

            Added: April 2019

          • DA-1.1.3

            Licensees must ensure that there are documented measures to protect confidentiality of client data consistent with Law No. 30 of 2018, Personal Data Protection Law (PDPL) issued on 12 July 2018.

            Added: April 2019

          • DA-1.1.4

            Licensees providing digital financial advice must ensure that their overall control framework and the algorithm functionality is evaluated and independently tested by an independent external consultant other than the external auditor:

            a) initially upon implementation of this Module and prior to launching the digital financial advice to clients;
            b) when there are any material changes to the systems and controls; and
            c) at least once every 3 years.
            Added: April 2019

          • DA-1.1.5

            The evaluation requirements referred to in Paragraph DA-1.1.4 should cover at a minimum:

            a) the internal control infrastructure, given the nature, scope and complexity of the digital financial advice operation;
            b) the appropriateness of third-party systems or tools used;
            c) validation of the underlying models;
            d) the algorithm's functionality;
            e) the cyber security policies and controls;
            f) the completeness and accuracy of client profiling process including the relevant KYC requirements;
            g) controls on client data protection and confidentiality.
            Added: April 2019

          • DA-1.1.6

            Licensees must ensure that reports of the evaluation referred to in paragraph DA-1.1.4 is provided to the CBB within 2 weeks of completion of the reports, provided however, that the report required under DA-1.1.4(a) should be submitted for the CBB's review and no-objection prior to launching the digital financial advice to clients.

            Added: April 2019

          • DA-1.1.7

            Licensees must ensure that the requirements relating to enhanced due diligence as required under Module FC are met when the client is assessed as higher risk and also where the client relationship (whether at the time of on-boarding or otherwise) is on a non-face-to-face basis.

            Added: April 2019

          • DA-1.1.8

            Licensees offering digital financial advice involving overseas funds must ensure that they comply with the requirements for obtaining authorization, registration and/ or acknowledgement of filing from the CBB under Module ARR of the CBB Rulebook 7: Collective Investment Undertakings.

            Added: April 2019

      • DA-1.2 DA-1.2 Technology

        • DA-1.2.1

          Licensees providing digital financial advice must ensure that they maintain an up to date security policy document containing the following information:

          a) a description of the business IT systems supporting the digital financial advice tool;
          b) the logical security measures and mechanisms in place, specifying the control the licensee will have over such access as well as the nature and frequency of such control;
          c) policies and processes for system monitoring, authentication, confidentiality of communication, intrusion detection, antivirus systems and logs;
          d) the physical security measures and mechanisms of the premises and the data centre of the licensee, such as access controls and environmental security; and
          e) the type of authorised connections from outside, such as with technology partners, service providers and employees working remotely, including the rationale for such connections where applicable.
          Added: April 2019

      • DA-1.3 DA-1.3 Client On boarding and Profiling

        • Client Agreements and On boarding

          • DA-1.3.1

            Further to the requirements under BC-2.4 relevant to retail clients, the licensees providing digital financial advice must agree in writing the terms of business with their clients and ensure that the following are stipulated:

            a) the full scope of the digital financial advice;
            b) the basis for providing digital financial advice including but not limited to methodologies used for the algorithm,
            c) the fees, charges or commissions relevant to the advice being offered;
            d) the specific conditions or triggers and the processes relating to suspension or discontinuation of the use of the digital financial advice client facing tool and possible use or replacement of human judgement;
            e) changes to the algorithm, the key input parameter, assumptions underlying the digital financial advice client facing tool;
            f) the dispute resolution processes are available to the clients if they wish to make a complaint; and
            g) terms on how clients can withdraw from the arrangement and any associated costs.
            Added: April 2019

          • DA-1.3.2

            The terms of business referred to in Paragraph DA-1.3.1 may be presented in a digital format and customer consent may be obtained in digital format subject to complying with relevant law/s.

            Added: April 2019

          • DA-1.3.3

            At the time of on boarding clients and prior to the signing of client agreements, the licensees must:

            (a) explain the scope of the advice (i.e. what advice is being offered, any restrictions or limitations, and any relevant matters not forming part of the advice);
            (b) actively demonstrate to the clients that the advice they are seeking is within the scope of what is being offered;
            (c) explain the methodological approaches to the strategy and the algorithms underlying it;
            (d) inform clients if the licensee believes that the digital financial advice is not appropriate to him based on the understanding of the client profile and objectives;
            (e) inform the clients on the likely benefits and risk resulting from the digital financial advice; and
            (f) ensure that the client understands that any performance numbers presented are hypothetical projections of return and that actual performance of the portfolio may vary from initial projections.
            Added: April 2019

          • DA-1.3.4

            Licensees are not required to disclose the detailed methodology itself, rather the approach utilised in designing the algorithm should be described.

            Added: April 2019

        • Client Profiling

          • DA-1.3.5

            Licensees providing digital financial advice to clients must record the client profile accurately and comprehensively if they are critical or to the extent needed for the algorithms underlying the client facing tool. The licensees must at a minimum:

            (a) obtain information to understand the clients overall financial situation, including sources of regular income, financial returns objective, time horizon, liquidity, legal issues, taxes and any unique constraints;
            (b) obtain information to make assessment of both the customers' risk tolerance, capacity and willingness;
            (c) have a process in place for resolving contradictory or inconsistent responses or advice in a client profiling tool or questionnaire, if any;
            (d) have a process for assessing whether investing (as opposed to saving or paying off debt) is appropriate for the client individual;
            (e) establish a process for contacting customers to update changes to their profile, at least annually; and
            (f) establish appropriate governance and supervisory mechanisms for the client profiling tool.
            Added: April 2019

          • DA-1.3.6

            Due to the nature of digital financial advice tools, much information referred to in the Paragraph DA-1.3.5 will be obtained using questionnaires, which should be comprehensive and fuzzy logic enabled.

            Added: April 2019

          • DA-1.3.7

            Licensees must obtain a declaration from the client to ensure that he understands the scope and nature of digital financial advice and the associated risks and limitations.

            Added: April 2019

          • DA-1.3.8

            Licensees must disclose in writing any actual or potential conflicts of interest arising from any connection or association with product provider, including any material information or facts that may compromise its objectivity or independence.

            Added: April 2019

          • DA-1.3.9

            Licensees must disclose in writing the full particulates of any arrangement, including basis for commissions, charges or fees, involving related parties including parent, associates, fellow subsidiaries and other connected parties.

            Added: April 2019

          • DA-1.3.10

            Any disclosure of information that requires acceptance by the client should be tracked for an acknowledgement or response from the client confirming receipt thereof.

            Added: April 2019

    • DA-2 DA-2 Algorithm Governance

      • DA-2.1 DA-2.1 Design of Algorithm

        • DA-2.1.1

          Licensees providing digital financial advice must ensure that the algorithm embedded within the client facing tool is sufficiently robust and that the algorithm is designed to sufficiently analyse the information in order to make a suitable recommendation. The algorithms must be able to identify and determine clients who are unsuitable for investing in products.

          Added: April 2019

        • DA-2.1.2

          Licensees providing digital financial advice must:

          (a) have appropriate system design documentation that clearly sets out the purpose, scope and design of the algorithms;
          (b) establish decision trees or decision rules as part of the documentation, where relevant;
          (c) establish controls to detect any error or bias in the algorithms;
          (d) have appropriate processes for managing any changes to an algorithm which must include security arrangements to monitor and prevent unauthorised access to the algorithm;
          (e) be able to control, monitor and keep records describing any changes made to algorithms (one way of doing this may be to store different versions of the algorithm electronically);
          (f) review and update algorithms whenever there are factors that may affect their relevance (e.g. market changes and changes in the law);
          (g) have in place controls and processes to suspend the provision of advice either when there are two or more conflicting answers to the risk profiling questions or when an error within an algorithm is detected and that error is likely to result in client loss and/or a breach of client agreement or laws and regulations;
          (h) have in place an appropriate internal sign-off process to ensure that the steps above have been followed; and
          (i) perform compliance checks on the quality of advice provided by the client-facing tool. This must include post-transaction sample testing.
          Added: April 2019

        • DA-2.1.3

          Licensees offering digital financial advice may base their algorithms on different methodological approaches (e.g. Modern Portfolio Theory). Each algorithm would have different assumptions, underlying rules and limitations. In addition, some digital advisers may override the automated algorithm or temporarily halt the digital advisory service in extreme market conditions.

          Added: April 2019

      • DA-2.2 DA-2.2 Testing and Updating Algorithms

        • DA-2.2.1

          Licensees providing digital financial advice must perform back-test to ensure that the methodology reliably produces an output that is consistent with the intended investment recommendation. Such back-testing must be performed at periodic intervals and when changes are made to the tool.

          Added: April 2019

        • DA-2.2.2

          Back-testing in Paragraph DA-2.2.1 refers to testing the digital financial advice tool that seeks to estimate the performance of a strategy or model if it had been employed during a past period. This requires simulating past conditions with sufficient detail.

          Added: April 2019

        • DA-2.2.3

          Licensees providing digital financial advice must maintain and document the policies, procedures and controls to monitor and test their algorithm. They must ensure that, at a minimum, the following process are in place:

          (a) have a documented test strategy that explains the scope of the licensee's testing of algorithms which should include
          i. test plans,
          ii. test cases,
          iii. test results,
          iv. defect resolution (if relevant), and
          v. final test results.
          (b) establish robust testing of algorithms to occur before digital financial advice is first provided to a client, and on a regular basis after that; and
          (c) conduct stress tests at least once a year under various scenarios including extreme adverse and unpredictable market conditions.
          Added: April 2019

        • DA-2.2.4

          Licensees providing digital financial advice must ensure that they have adequate human resources with the competency and expertise to develop and review the methodology of the algorithms.

          Added: April 2019

        • DA-2.2.5

          Licensees providing digital financial advice must not outsource the key processes and management of the client facing tool.

          Added: April 2019

        • DA-2.2.6

          Licensees providing digital financial advice may choose to outsource the development (based on the approach, methodology and design input provided by the licensee) and the day to day maintenance of client-facing tools to a third party. However, the licensee remains responsible for the underlying approach to financial advice, the methodology, design input and also the quality of the advice provided. In order to be able to assume this responsibility, the licensee must understand and control the rationale, risks and decision rules behind the algorithm. Licensees should, nonetheless, subject the outsourcing service provider to appropriate due diligence processes as required by the relevant rules on outsourcing in Module OM.

          Added: April 2019

    • DA-3 DA-3 Dealing and Rebalancing Portfolio

      • DA-3.1 DA-3.1 Dealing Incidental to Offering Digital Financial Advice

        • DA-3.1.1

          Licensees dealing in securities as agents or brokers as part of the digital financial advice offering must comply with the requirements related to conflicts of interest under Module BC and rules incidental to it.

          Added: April 2019

    • DA-4 DA-4 Disclosures

      • DA-4.1 DA-4.1 Ongoing Disclosure

        • DA-4.1.1

          Further to the requirements under BC-2.6 of Module BC of the Rulebook, licensees providing digital financial advice must ensure that the following are disclosed to their clients:

          (a) adequate explanations about the functioning of any client facing tool including whether there are affirmations or confirmations that the client would provide as the tool is being populated;
          (b) at key points in the advice process, inform the client about the limitations and potential consequences of the scope of advice in plain and simple language
          (c) throughout the advice process, inform the client about key concepts and the relevant risks and benefits associated with the advice being provided; and
          (d) disclose separately the fees, costs and charges.
          Added: April 2019

        • DA-4.1.2

          Licensees must disclose to their clients in writing the following with respect to the algorithms used:

          (a) assumptions, limitations and risks of the algorithms;
          (b) circumstances under which the licensees may override the algorithms or temporarily halt the digital advisory service; and
          (c) any material adjustments to the algorithms.
          Added: April 2019

        • DA-4.1.3

          Licensees that provide general financial advice to non-retail clients must provide a warning that such advice does not take into account the client's profile and personal circumstances.

          Added: April 2019

        • DA-4.1.4

          For the purpose of Paragraph DA-4.1.3, general financial advice is defined as financial advice that does not take into account the particular personal circumstances, such as the objectives, financial situation and needs of the client. For example, if an adviser gives information about a product but does not consider the financial goals of the client and the adviser does not actually recommend the client to specifically take up the said product, it is considered general advice.

          Added: April 2019