• HC HC High-Level Controls [Versions Up To April 2023]

    • HC-A HC-A Introduction

      • HC-A.1 HC-A.1 Purpose

        • Executive Summary

          • HC-A.1.1

            This Module presents requirements that have to be met by Islamic bank licensees with respect to:

            (a) Corporate governance principles issued by the Ministry of Industry and Commerce as "The Corporate Governance Code"; and
            (b) International best practice corporate governance standards set by bodies such as the Basel Committee for Banking Supervision; and
            (c) Related high-level controls and policies.
            Amended: April 2011
            October 2010

          • HC-A.1.2

            The Principles referred to in this Module are in line with the Principles relating to the Corporate Governance Code issued by the Ministry of Industry and Commerce.

            October 2010

          • HC-A.1.3

            The purpose of the Module is to establish best practice corporate principles in Bahrain, and to provide protection for investors and other Islamic bank licensee's stakeholders through compliance with those principles.

            October 2010

          • HC-A.1.4

            Whilst the Module follows best practice, it is nevertheless considered as the minimum standard to be applied. This Module also includes additional rules and guidance issued by the CBB prior to the publication of the Code and previously contained in Module HC.

            October 2010

        • Structure of this Module

          • HC-A.1.5

            This Module follows the structure of the Corporate Governance Code and each Chapter deals with one of the nine Principles of corporate governance. The numbered directives included in the Code are Rules for purposes of this Module. Recommendations under the Code have been included as guidance. However, where the previous version of Module HC had a similar recommendation as a Rule, the Module retains this Paragraph as a Rule.

            October 2010

          • HC-A.1.6

            The Module also incorporates other high-level controls and policies that apply in particular to Islamic bank licensees.

            October 2010

          • HC-A.1.7

            All references in this Module to 'he' or 'his' shall, unless the context otherwise requires, be construed as also being references to 'she' and 'her'.

            October 2010

        • The Comply or Explain Principle

          • HC-A.1.8

            This Module is issued as a Directive (as amended from time to time) in accordance with Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). In common with other Rulebook Modules, this Module contains a mixture of Rules and Guidance (See Module UG-1.2 for detailed explanation of Rules and Guidance). All Rulebook content that is categorised as a Rule must be complied with by those to whom the content is addressed. Other parts of this Module are Guidance; nonetheless every Islamic bank licensee to whom Module HC applies, is expected to comply with recommendations made as Guidance in Module HC or explain its noncompliance in the Annual Report in accordance with Subparagraph PD-1.3.10(x) and to the CBB (see Chapter HC-8).

            Amended: April 2012
            Amended: January 2011
            October 2010

        • Monitoring and Enforcement of Module HC

          • HC-A.1.9

            Disclosure and transparency are underlying principles of Module HC. Disclosure is crucial to allow outside monitoring to function effectively. This Module looks to a combined monitoring system relying on the Board, the Islamic bank licensee's shareholders and the CBB.

            October 2010

          • HC-A.1.10

            It is the Board's responsibility to see to the accuracy and completeness of the Islamic bank licensee's corporate governance guidelines and compliance with Module HC. Failure to comply with this Module is subject to enforcement measures as outlined in Module EN (Enforcement).

            October 2010

        • Legal Basis

          • HC-A.1.11

            This Module contains the CBB's Directive (as amended from time to time) relating to high-level controls and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). The Directive in this Module is applicable to Islamic bank licensees (including their approved persons).

            Amended: January 2011
            October 2010

          • HC-A.1.12

            For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

            October 2010

        • Effective Date

          • HC-A.1.13

            The previous version of Module HC is applicable until 31st December 2010. This updated Module issued in October 2010, is effective on 1st January 2011. All Islamic bank licensees to which Module HC applies should be in full compliance by the financial year end 2011. At every Islamic bank licensee's annual shareholder meeting held after 1st January 2011, corporate governance should be an item on the agenda for information and any questions from shareholders regarding the Islamic bank licensee's governance. Where possible, the Islamic bank licensee should also have corporate governance guidelines in place at that time and should have a "comply or explain" report as described in Paragraph HC-A.1.8.

            October 2010

      • HC-A.2 HC-A.2 Module History

        • HC-A.2.1

          This Module was first issued in June 2004 by the BMA and updated in October 2007 to reflect the switch to the CBB. Following the issuance of the Corporate Governance Code by the Ministry of Industry and Commerce in March 2010, the Module was amended in October 2010 to be in line with the new Corporate Governance Code and to include previous requirements that were in place in the originally issued Module HC. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG-3 provides further details on Rulebook maintenance and version control.

          October 2010

        • HC-A.2.2

          A list of recent changes made to this Module is detailed in the table below:

          Module Ref. Change Date Description of Changes
          HC-1 to HC-8 10/2010 Amendments due to introduction of new MOIC Corporate Governance Code.
          HC-1.3 10/2010 Prohibition of proxies and requirement to attend 75% of Board meetings in a financial year.
          HC-A.1.8 and HC-A.1.11 01/2011 Clarified legal basis.
          HC-1.3.8 01/2011 Corrected cross reference.
          HC-2.2.4, 2.2.5 and 3.2.1 01/2011 Corrected cross references.
          HC-2.3.2 01/2011 Corrected cross reference; reference changed to connected persons.
          Appendix C 01/2011 Corrected cross reference.
          Appendix A 04/2011 Clarified membership of audit committee to be in line with Rule HC-3.2.1.
          HC-6.2.1 10/2011 Clarified management structure.
          HC-B.2.2 01/2012 Clarified language related to corporate governance.
          HC-1.2.8 and HC-1.5.3 01/2012 Clarified that the Chairman of the Board may delegate specific duties dealt with in these Paragraphs.
          HC-1.3.12 01/2012 Amended Rule on Directorships.
          HC-1.9.1 01/2012 Deleted last sentence to be in line with other Volumes of the CBB Rulebook.
          HC-3.2.1(a) and HC-5.6.6 01/2012 Amended to be in line with other Volumes of the CBB Rulebook.
          HC-6.3.1 01/2012 Clarified Rule by following corporate governance code wording.
          Appendix A 01/2012 Amended criteria for audit committee member.
          HC-A.1.8 04/2012 Clarified the reporting of noncompliance with Module HC in the Annual Report.
          HC-7.2.5 04/2012 Clarified Guidance on election of board members.
          Appendices A, B and C 04/2012 Amended requirement for written report on performance evaluation for various Board committees.
          Appendix A 04/2012 Included reference to compliance under Committee Duties and Responsibilities.
          HC-2.2.6A and HC-2.2.6B 07/2012 Added Rule and guidance dealing with benefits received from approved persons from projects and investments.
          Appendices A, B and C 07/2012 Clarified requirement for written report on performance evaluation for various Board committees.
          HC-1.3.7A 10/2012 Added requirement on minimum number of Board meetings to take place in the Kingdom of Bahrain to be consistent with other Volumes of the CBB Rulebook.
          HC-2.2.6A 10/2012 Clarified Rule dealing with benefits received from approved persons from projects and investments.
          Appendix A 10/2012 Corrected minor typo.
          HC-2.2.2 and HC-2.4.1 01/2013 Clarified scope of application for Rules.
          HC-2.2.6A, HC-5 and Appendix C 01/2014 Amendments due to new rules on sound remuneration practices.
          HC-1.2.6 04/2014 Clarified CBB's requirements for proposed changes to strategy and/or corporate plans.
          HC-5.2, HC-5.4 and HC-5.5 07/2014 Updated Rules on remuneration.
          HC-1.2.11 10/2014 Corrected cross reference.
          HC-1.3.10 10/2014 Corrected typo.
          HC-6.4.3 10/2014 Clarified self assessment of compliance function.
          HC-5.4.2 01/2015 Clarified application of remuneration rules for Bahrain operations.
          HC-5.4.5 01/2015 Paragraph deleted.
          HC-5.5.2 04/2015 Clarified cap on board of directors' remuneration as per Article 188 of the Company Law.
          HC-5.4.3A 07/2015 Amended to allow for CBB-approved consultancy firm to prepare report on the bank's compliance with the remuneration Rules outlined in Chapter HC-5.
          HC-2.3.3 04/2016 Added a requirement for the Islamic bank licensee to have in place a board approved policy on the employment of relatives of approved persons.
          HC-2.4.1A 04/2016 Added the requirement to disclose to the board on annual basis relatives of any approved persons occupying controlled functions.
          HC-7.2 04/2016 Added requirements dealing with shareholders' meetings.
          HC-2.3 and HC-2.4 07/2016 Clarified application of rules to overseas conventional bank licensees
          HC-5.4.30(a) and HC-5.4.30A 10/2016 Amended Standard for all Remuneration
          HC-5.2.1 01/2017 Amendment in sub-paragraph (b)
          HC-7.2.4 04/2017 Amended paragraph on website requirement.
          HC-8.2.1 04/2017 Amended sub-paragraph (b) on website requirement.
          HC-7.2.3A 07/2017 Amended paragraph to be in line with Article (199) of the Commercial Companies Law.
          HC-6.5 04/2018 Added new Section on Internal Audit
          HC-1.8.1 07/2018 Amended paragraph to be consistent with HC-6.6.
          HC-6.6 07/2018 Added new Section on Risk Management
          HC-6.4 01/2019 Amended Section and added new requirements on compliance.
          HC-B.1.2 04/2019 Amended Paragraph.
          HC-2.3.4 04/2019 Amended Paragraph.
          HC-2.4.1B 04/2019 Amended Paragraph.
          HC-5.4.4 04/2019 Amended Paragraph.
          HC-6.6.2A 10/2019 Added a new Paragraph on branches of foreign bank licensees.
          HC-6.6.6 10/2019 Deleted Paragraph.
          HC-6.6.7 10/2019 Amended Paragraph on branches of foreign bank licensees.
          HC-1.4.11 01/2020 Added a new Paragraph on independent directors.
          HC-1.4.12 01/2020 Added a new Paragraph on termination of Board membership of a retired, terminated CEO.
          HC-6.4.7 & HC-6.4.10 01/2020 Amended Paragraphs on policy and procedures approval.
          HC-5.4.9A  04/2020  Added a new Paragraph on KPIs compliance with AML/CFT requirements.
          HC-6.2.1  04/2020  Amended Paragraph on reporting line.
          HC-5.4.4 01/2021 Amended reference in Paragraph.
          HC-6.6.33 01/2022 Amended Paragraph.
          HC-6.6.34 01/2022 Amended Paragraph.
          HC-6.6.35 01/2022 Added a new Paragraph on the independent third-party review.
          HC-6.6.36 01/2022 Added a new Paragraph on the independent review reports.

    • HC-B HC-B Scope of Application

      • HC-B.1 HC-B.1 Scope of Application

        • HC-B.1.1

          The contents of this Module — unless otherwise stated — apply to all Islamic bank licensees, incorporated under the Legislative Decree No. 21 of 2001, with respect to promulgating the Commercial Companies Law ('Company Law').

          October 2010

        • HC-B.1.2

          Branches of foreign bank licensees must satisfy the CBB that equivalent arrangements are in place at the parent entity level, and that these arrangements provide for effective high-level controls over activities conducted under the Bahrain license.

          Amended: April 2019
          October 2010

      • HC-B.2 HC-B.2 Subsidiaries and Foreign Branches

        • HC-B.2.1

          Bahraini Islamic bank licensees must ensure that, as a minimum, the same or equivalent provisions of this Module apply to their foreign branches, located outside the Kingdom of Bahrain, such that these are also subject to effective high-level controls. In instances where local jurisdictional requirements are more stringent than those applicable in this Module, the local requirements are to be applied.

          October 2010

        • HC-B.2.2

          Bahraini Islamic bank licensees must satisfy the CBB that financial services activities conducted in subsidiaries and other group members are subject to the same or equivalent arrangements for ensuring effective corporate governance over their activities.

          Amended: January 2012
          October 2010

        • HC-B.2.3

          Where an Islamic bank licensee is unable to satisfy the CBB that its subsidiaries and other group members are subject to the same or equivalent arrangements, the CBB will assess the potential impact of risks — both financial and reputational — to the licensee arising from inadequate high-level controls in the rest of the group of which it is a member. In such instances, the CBB may impose restrictions on dealings between the licensee and other group members. Where weaknesses in controls are assessed by the CBB to pose a major threat to the stability of the licensee, then its authorisation may be called into question.

          October 2010

    • HC-1 HC-1 The Board

      • HC-1.1 HC-1.1 Principle

        • HC-1.1.1

          All Bahraini Islamic bank licensees must be headed by an effective, collegial and informed Board of Directors ('the Board').

          October 2010

      • HC-1.2 HC-1.2 Role and Responsibilities

        • HC-1.2.1

          All directors must understand the Board's role and responsibilities under the Commercial Companies Law and any other laws or regulations that may govern their responsibilities from time to time. In particular:

          (a) The Board's role as distinct from the role of the shareholders (who elect the Board and whose interests the Board serves) and the role of officers (whom the Board appoints and oversees); and
          (b) The Board's fiduciary duties of care and loyalty to the Islamic bank licensee and the shareholders (see HC-2.1).
          October 2010

        • HC-1.2.2

          The Board's role and responsibilities include but are not limited to:

          (a) The overall business performance and strategy for the Islamic bank licensee;
          (b) Causing financial statements to be prepared which accurately disclose the Islamic bank licensee's financial position;
          (c) Monitoring management performance;
          (d) Convening and preparing the agenda for shareholder meetings;
          (e) Monitoring conflicts of interest and preventing abusive related party transactions;
          (f) Assuring equitable treatment of shareholders including minority shareholders; and
          (g) Establishing the objectives of the bank.
          October 2010

        • HC-1.2.3

          The precise functions reserved for the Board, and those delegated to management and committees will vary, dependent upon the business of the institution, its size and ownership structure. However, as a minimum, the Board must establish and maintain a statement of its responsibilities for:

          (a) The adoption and annual review of strategy;
          (b) The adoption and review of management structure and responsibilities;
          (c) The adoption and review of the systems and controls framework; and
          (d) Monitoring the implementation of strategy by management.
          Amended: April 2011
          October 2010

        • HC-1.2.4

          The directors are responsible both individually and collectively for performing the responsibilities outlined in HC-1.2.1 to HC-1.2.3. Although the Board may delegate certain functions to committees or management, it may not delegate its ultimate responsibility to ensure that an adequate, effective, comprehensive and transparent corporate governance framework is in place.

          October 2010

        • HC-1.2.5

          In its strategy review process under Paragraphs HC-1.2.3 a) and d), the Board must:

          (a) Review the bank's business plans and the inherent level of risk in these plans;
          (b) Assess the adequacy of capital to support the business risks of the bank;
          (c) Set performance objectives; and
          (d) Oversee major capital expenditures, divestitures and acquisitions.
          Amended: April 2011
          October 2010

        • HC-1.2.6

          Bahraini Islamic bank licensees must obtain the CBB's prior written approval for all major proposed changes to the strategy and/or corporate plan of the Bahraini Islamic bank licensee prior to implementation (see also Paragraph BR-5.2.8).

          Amended: April 2014
          October 2010

        • HC-1.2.7

          The Board is expected to have effective policies and processes in place for:

          (a) Approving budgets and reviewing performance against those budgets and key performance indicators; and
          (b) The management of the bank's compliance risk.
          Amended: April 2011
          October 2010

        • HC-1.2.8

          When a new director is inducted, the chairman of the Board, or the Islamic bank licensee's legal counsel or compliance officer, or other individual delegated by the chairman of the board, should review the Board's role and duties with that person, particularly covering legal and regulatory requirements and Module HC (see also HC-4.5.1).

          Amended: January 2012
          October 2010

        • HC-1.2.9

          The Islamic bank licensee must have a written appointment agreement with each director which recites the directors' powers, duties, responsibilities and accountabilities and other matters relating to his appointment including his term, the time commitment envisaged, the committee assignment if any, his remuneration and expense reimbursement entitlement, and his access to independent professional advice when that is needed.

          October 2010

        • Risk Recognition and Assessment

          • HC-1.2.10

            The Board is responsible for ensuring that the systems and controls framework, including the Board structure and organisational structure of the bank, is appropriate for the bank's business and associated risks (see HC-1.2.3 c). The Board must ensure that collectively it has sufficient expertise to identify, understand and measure the significant risks to which the bank is exposed in its business activities.

            The Board must regularly assess the systems and controls framework of the bank. In its assessments, the Board must demonstrate to the CBB that:

            a) The bank's operations, individually and collectively are measured, monitored and controlled by appropriate, effective and prudent risk management systems commensurate with the scope of the bank's activities;
            b) The bank's operations are supported by an appropriate control environment. The compliance, risk management and financial reporting functions must be adequately resourced, independent of business lines and must be run by individuals not involved with the day-to-day running of the various business areas. The Board must additionally ensure that management develops, implements and oversees the effectiveness of comprehensive know your customer standards, as well as on-going monitoring of accounts and transactions, in keeping with the requirements of relevant law, regulations and best practice (with particular regard to anti-money laundering measures). The control environment must maintain necessary client confidentiality and ensure that the privacy of the bank is not violated, and ensure that clients' rights and assets are properly safeguarded; and
            c) Where the Board has identified any significant issues related to the bank's adopted governance framework, appropriate and timely action is taken to address any identified adverse deviations from the requirements of this Module.
            October 2010

          • HC-1.2.11

            The Board must adopt a formal Board charter or other statement specifying matters which are reserved to it, which should include but need not be limited to the specific requirements and responsibilities of directors. This charter must cover the points in HC-1.2.1 to HC-1.2.10. Wherever possible, the documents referred to in HC-1.2.3 to HC-1.2.10 or a summary of responsibilities should be disclosed publicly, for example in the annual report, which must be submitted to the CBB in line with the requirements of Module BR.

            Amended: October 2014
            October 2010

      • HC-1.3 HC-1.3 Decision Making Process

        • HC-1.3.1

          The Board must be collegial and deliberative, to gain the benefit of each individual director's judgment and experience.

          October 2010

        • HC-1.3.2

          The chairman must take an active lead in promoting mutual trust, open discussion, constructive dissent and support for decisions after they have been made.

          October 2010

        • HC-1.3.3

          The Board must meet frequently to enable it to discharge its responsibilities effectively but in no event less than four times a year. All directors must attend the meetings whenever possible and the directors must maintain informal communication between meetings.

          October 2010

        • HC-1.3.4

          Individual Board members must attend at least 75% of all Board meetings in a given financial year to enable the Board to discharge its responsibilities effectively (see table below). Voting and attendance proxies for Board meetings are prohibited at all times.

          Meetings per year 75% Attendance requirement
          4 3
          5 4
          6 5
          7 5
          8 6
          9 7
          10 8
          October 2010

        • HC-1.3.5

          The absence of Board members at Board and committee meetings must be noted in the meeting minutes. In addition, Board attendance percentage must be reported during any general assembly meeting when Board members stand for re-election (e.g. Board member XYZ attended 95% of scheduled meetings this year).

          October 2010

        • HC-1.3.6

          In the event that a Board member has not attended at least 75% of Board meetings in any given financial year, the bank must immediately notify the CBB indicating which member has failed to satisfy this requirement, his level of attendance and any mitigating circumstances affecting his non-attendance. The CBB shall then consider the matter and determine whether disciplinary action, including disqualification of that Board member pursuant to Article 65 of the CBB Law, is appropriate. Unless there are exceptional circumstances, it is likely that the CBB will take disciplinary action.

          October 2010

        • HC-1.3.7

          To meet its obligations under Rule HC-1.3.3 above, the full Board should meet once every quarter to address the Board's responsibilities for management oversight and performance monitoring. Furthermore, Board rules should require members to step down if they are not actively participating in Board meetings. Board members are reminded that non attendance at Board meetings does not absolve them of their responsibilities as directors. It is important that each individual director should allocate adequate time and effort to discharge his responsibilities. All Directors are expected to contribute actively to the work of the Board in order to discharge their responsibilities and should make every effort to attend Board meetings where major issues are to be discussed. Banks are encouraged to amend their Articles of Association to provide for telephonic and videoconference meetings. Participation in Board meetings by means of video or telephone conferencing is regarded as attendance and may be recorded as such.

          October 2010

        • HC-1.3.7A

          At least half the Board meetings of Bahraini Islamic bank licensees in any twelve-month period must be held in the Kingdom of Bahrain.

          Added: October 2012

        • HC-1.3.8

          All locally incorporated banks are required to submit, on an annual basis, as an attachment to the year-end quarterly PIR, a report recording the meetings during the year by their Board of Directors. For a sample report, refer to Appendix BR-6, under Part B/CBB Reporting Forms of Volume 2.

          Amended: January 2011
          October 2010

        • HC-1.3.9

          The Chairman is responsible for the leadership of the Board, and for the efficient functioning of the Board. The chairman must ensure that all directors receive an agenda, minutes of prior meetings, and adequate background information in writing before each Board meeting and when necessary between meetings. Therefore it is vital that the Chairman commit sufficient time to perform his role effectively. All directors must receive the same Board information. At the same time, directors have a legal duty to inform themselves and they must ensure that they receive adequate and timely information and must study it carefully (See also HC-7 for other duties of the Chairman).

          October 2010

        • HC-1.3.10

          The Board should have no more than 15 members, and should regularly review its size and composition to ensure that it is small enough for efficient decision making yet large enough to have members who can contribute from different specialties and viewpoints. The Board should recommend changes in Board size to the shareholders when a needed change requires amendment of the Islamic bank licensee's Memorandum of Association.

          Amended: October 2014
          October 2010

        • HC-1.3.11

          Potential non-executive directors should be made aware of their duties before their nomination, particularly as to the time commitment required. The Nominating Committee should regularly review the time commitment required from each non-executive director and should require each non-executive director to inform the Committee before he accepts any Board appointments to another company.

          October 2010

        • HC-1.3.12

          No Board member may have more than one Directorship of a Retail Bank or a Wholesale Bank. This means an effective cap of a maximum of two Directorships of banks inside Bahrain. Two Directorships of licensees within the same Category (e.g. 'Retail Bank') are not permitted. Banks may approach the CBB for exemption from this limit where the Directorships concern banks or financial institutions within the same group.

          Amended: January 2012
          October 2010

        • HC-1.3.13

          One person should not hold more than three directorships in public companies in Bahrain with the provision that no conflict of interest may exist, and the Board should not propose the election or reelection of any director who does.

          October 2010

      • HC-1.4 HC-1.4 Independence of Judgment

        • HC-1.4.1

          Every director must bring independent judgment to bear in decision-making. No individual or group of directors must dominate the Board's decision-making and no one individual should have unfettered powers of decision.

          October 2010

        • HC-1.4.2

          Executive directors must provide the Board with all relevant business and financial information within their cognizance, and must recognise that their role as a director is different from their role as a member of management (see HC-2.3.2).

          October 2010

        • HC-1.4.3

          Non-executive directors must be fully independent of management and must constructively scrutinise and challenge management including the management performance of executive directors.

          October 2010

        • HC-1.4.4

          Where there is the potential for conflict of interest, or there is a need for impartiality, the Board must assign a sufficient number of independent Board members capable of exercising independent judgement. At a minimum, all locally incorporated banks must appoint one independent director.

          October 2010

        • HC-1.4.5

          At least half of an Islamic bank licensee's Board should be non-executive directors and at least three of those persons should be independent directors. (Note the exception for controlled companies in Paragraph HC-1.5.2.)

          October 2010

        • HC-1.4.6

          The chairman of the Board should be an independent director, so that there will be an appropriate balance of power and greater capacity of the Board for independent decision making.

          October 2010

        • HC-1.4.7

          The Chairman and/or Deputy Chairman must not be the same person as the Chief Executive Officer.

          October 2010

        • HC-1.4.8

          The Chairman must not be an Executive Director.

          October 2010

        • HC-1.4.9

          The Board should review the independence of each director at least annually in light of interests disclosed by them, and their conduct. Each independent director shall provide the Board with all necessary and updated information for this purpose.

          October 2010

        • HC-1.4.10

          To facilitate free and open communication among independent directors, each Board meeting should be preceded or followed with a session at which only independent directors are present, except as may otherwise be determined by the independent directors themselves.

          October 2010

        • HC-1.4.11

          Where an independent director has served three consecutive terms on the board, such director will lose his/her independence status and must not be classified as an independent director if reappointed.

          Added: January 2020

        • HC-1.4.12

          Where a Chief Executive Officer of a Bank, who is also a Board member, no longer occupies the CEO position, whether due to resignation, retirement or termination, his/her Board Membership must also be immediately terminated.

          Added: January 2020

      • HC-1.5 HC-1.5 Representation of all Shareholders

        • HC-1.5.1

          Each director must consider himself as representing all shareholders and must act accordingly. The Board must avoid having representatives of specific groups or interests within its membership and must not allow itself to become a battleground of vested interests. If the Islamic bank licensee has controllers (as defined by Module GR-5.2) (or a group of controllers acting in concert), the latter must recognise its or their specific responsibility to the other shareholders, which is direct and is separate from that of the Board of directors.

          October 2010

        • HC-1.5.2

          In Islamic bank licensees with a controller, at least one-third of the Board must be independent directors. Minority shareholders must generally look to independent directors' diligent regard for their interests, in preference to seeking specific representation on the Board.

          October 2010

        • HC-1.5.3

          In Islamic bank licensees with controllers, both controllers and other shareholders should be aware of controllers' specific responsibilities regarding their duty of loyalty to the Islamic bank licensee and conflicts of interest (see Chapter HC-2) and also of rights that minority shareholders may have to elect specific directors under the Company Law or if the Islamic bank licensee has adopted cumulative voting for directors. The chairman of the board or other individual delegated by the chairman of the board should take the lead in explaining this with the help of the Islamic bank licensee's lawyers.

          Amended: January 2012
          October 2010

      • HC-1.6 HC-1.6 Directors' Access to Independent Advice

        • HC-1.6.1

          The Board must ensure by way of formal procedures that individual directors have access to independent legal or other professional advice at the Islamic bank licensee's expense whenever they judge this necessary to discharge their responsibilities as directors and this must be in accordance with the Islamic bank licensee's policy approved by the Board.

          October 2010

        • HC-1.6.2

          Individual directors must also have access to the Islamic bank licensee's corporate secretary, who must have responsibility for reporting to the Board on Board procedures. Both the appointment and removal of the corporate secretary must be a matter for the Board as a whole, not for the CEO or any other officer.

          October 2010

        • HC-1.6.3

          Whenever a director has serious concerns which cannot be resolved concerning the running of the Islamic bank licensee or a proposed action, he should consider seeking independent advice and should ensure that the concerns are recorded in the Board minutes and that any dissent from a Board action is noted or delivered in writing.

          October 2010

        • HC-1.6.4

          Upon resignation, a non-executive director should provide a written statement to the chairman, for circulation to the Board, if he has any concerns such as those in Paragraph HC-1.6.3.

          October 2010

      • HC-1.7 HC-1.7 Directors' Communication with Management

        • HC-1.7.1

          The Board must encourage participation by management regarding matters the Board is considering, and also by management members who by reason of responsibilities or succession, the CEO believes should have exposure to the directors.

          October 2010

        • HC-1.7.2

          Non-executive directors should have free access to the Islamic bank licensee's management beyond that provided in Board meetings. Such access should be through the Chairman of the Audit Committee or CEO. The Board should make this policy known to management to alleviate any management concerns about a director's authority in this regard.

          October 2010

      • HC-1.8 HC-1.8 Committees of the Board

        • HC-1.8.1

          The Board must establish Audit, Remuneration, Nominating and Risk Committees described elsewhere in this Module.

          Amended: July 2018
          October 2010

        • HC-1.8.2

          The Board should establish a corporate governance committee of at least three independent members which should be responsible for developing and recommending changes from time to time in the Islamic bank licensee's corporate governance policy framework.

          Amended: January 2012
          October 2010

        • HC-1.8.3

          The Board or a committee may invite non-directors to participate in, but not vote at, a committee's meetings so that the committee may gain the benefit of their advice and expertise in financial or other areas.

          October 2010

        • HC-1.8.4

          Committees must act only within their mandates and therefore the Board must not allow any committee to dominate or effectively replace the whole Board in its decision-making responsibility.

          October 2010

        • HC-1.8.5

          Committees may be combined provided that no conflict of interest might arise between the duties of such committees, subject to CBB prior approval.

          October 2010

        • HC-1.8.6

          Every committee must have a formal written charter similar in form to the model charters which are set forth in Appendices A, B and C of this Module for the Audit, Nominating and Remuneration Committees.

          October 2010

        • HC-1.8.7

          Where committees are set up, they should keep full minutes of their activities and meet regularly to fulfil their mandates. For larger banks that deal with the general public, committees can be a more efficient mechanism to assist the main Board in its monitoring and control of the activities of the bank. The establishment of committees should not mean that the role of the Board is diminished, or that the Board becomes fragmented.

          October 2010

      • HC-1.9 HC-1.9 Evaluation of the Board and Each Committee

        • HC-1.9.1

          At least annually the Board must conduct an evaluation of its performance and the performance of each committee and each individual director.

          Amended: January 2012
          October 2010

        • HC-1.9.2

          The evaluation process must include:

          (a) Assessing how the Board operates, especially in light of Chapter HC-1;
          (b) Evaluating the performance of each committee in light of its specific purposes and responsibilities, which shall include review of the self-evaluations undertaken by each committee;
          (c) Reviewing each director's work, his attendance at Board and committee meetings, and his constructive involvement in discussions and decision making;
          (d) Reviewing the Board's current composition against its desired composition with a view toward maintaining an appropriate balance of skills and experience and a view toward planned and progressive refreshing of the Board; and
          (e) Recommendations for new Directors to replace long-standing members or those members whose contribution to the bank or its committees (such as the audit committee) is not adequate.
          October 2010

        • HC-1.9.3

          While the evaluation is a responsibility of the entire Board, it should be organised and assisted by an internal Board committee and, when appropriate, with the help of external experts.

          October 2010

        • HC-1.9.4

          The Board should report to the shareholders, at each annual shareholder meeting, that evaluations have been done and report its findings.

          October 2010

    • HC-2 HC-2 Approved Persons Loyalty

      • HC-2.1 HC-2.1 Principle

        • HC-2.1.1

          The approved persons must have full loyalty to the Islamic bank licensee.

          October 2010

      • HC-2.2 HC-2.2 Personal Accountability

        • HC-2.2.1

          Banks are subject to a wide variety of laws, regulations and codes of best practice that directly affect the conduct of business. Such laws involve the Bahraini Stock Exchange Law, the Labour Law, the Commercial Companies Law, occupational health and safety, even environment and pollution laws, as well as the Law, codes of conduct and regulations of the Central Bank. The Board sets the 'tone at the top' of a bank, and has a responsibility to oversee compliance with these various requirements. The Board should ensure that the staff conduct their affairs with a high degree of integrity, taking note of applicable laws, codes and regulations.

          October 2010

        • Corporate Ethics, Conflicts of Interest and Code of Conduct

          • HC-2.2.2

            Each member of the board must understand that under the Company Law he is personally accountable to the Islamic bank licensee and the shareholders if he violates his legal duty of loyalty to the Islamic bank licensee, and that he can be personally sued by the Islamic bank licensee or the shareholders for such violations.

            Amended: January 2013
            October 2010

          • HC-2.2.3

            The Board must establish corporate standards for approved persons and employees. This requirement should be met by way of a documented and published code of conduct or similar document. These standards must be communicated throughout the bank, so that the approved persons and staff understand the importance of conducting business based on good corporate governance values and understand their accountabilities to the various stakeholders of the licensee. Banks' approved persons and staff must be informed of and be required to fulfil their fiduciary responsibilities to the bank's stakeholders.

            October 2010

          • HC-2.2.4

            An internal code of conduct is separate from the business strategy of a bank. A code of conduct should outline the practices that approved persons and staff should follow in performing their duties. Banks may wish to use procedures and policies to complement their codes of conduct. The suggested contents of a code of conduct are covered below:

            (a) Commitment by the Board and management to the code. The code of conduct should be linked to the objectives of the bank, and its responsibilities and undertakings to customers, shareholders, staff and the wider community (see HC-2.2.3 and HC-2.2.4). The code should give examples or expectations of honesty, integrity, leadership and professionalism;
            (b) Commitment to the law and best practice standards. This commitment would include commitments to following accounting standards, industry best practice (such as ensuring that information to clients is clear, fair, and not misleading), transparency, and rules concerning potential conflicts of interest (see HC-2.3);
            (c) Employment practices. This would include rules concerning health and safety of employees, training, policies on the acceptance and giving of business courtesies, prohibition on the offering and acceptance of bribes, and potential misuse of Islamic bank licensee's assets;
            (d) How the Islamic bank licensee deals with disputes and complaints from clients and monitors compliance with the code; and
            (e) Confidentiality. Disclosure of client or bank information should be prohibited, except where disclosure is required by law (see HC-1.2.10 b).
            Amended: April 2011
            Amended: January 2011
            October 2010

          • HC-2.2.5

            The Central Bank expects that the Board and its members individually and collectively:

            (a) Act with honesty, integrity and in good faith, with due diligence and care, with a view to the best interest of the bank and its shareholders and other stakeholders (see Paragraphs HC-2.2.2 to HC-2.2.4);
            (b) Act within the scope of their responsibilities (which should be clearly defined — see HC-1.2.9 and HC-1.2.11 and not participate in the day-to-day management of the bank;
            (c) Have a proper understanding of, and competence to deal with the affairs and products of the bank and devote sufficient time to their responsibilities; and
            (d) To independently assess and question the policies, processes and procedures of the bank, with the intent to identify and initiate management action on issues requiring improvement. (i.e. to act as checks and balances on management).
            Amended: April 2011
            Amended: January 2011
            October 2010

          • HC-2.2.6

            The duty of loyalty (mentioned in Paragraph HC-2.2.2 above) includes a duty not to use property of the Islamic bank licensee for his personal needs as though it was his own property, not to disclose confidential information of the Islamic bank licensee or use it for his personal profit, not to take business opportunities of the Islamic bank licensee for himself, not to compete in business with the Islamic bank licensee, and to serve the Islamic bank licensee's interest in any transactions with a company in which he has a personal interest.

            October 2010

          • HC-2.2.6A

            [This Paragraph was moved to Paragraph HC-5.4.39].

            Amended: January 2014
            Amended: October 2012
            Added: July 2012

          • HC-2.2.6B

            [This Paragraph was moved to Paragraph HC-5.4.40].

            Amended: January 2014
            Added: July 2012

          • HC-2.2.7

            For purposes of Paragraph HC-2.2.6, an approved person should be considered to have a "personal interest" in a transaction with a company if:

            (a) He himself; or
            (b) A member of his family (i.e. spouse, father, mother, sons, daughters, brothers or sisters); or
            (c) Another company of which he is a director or controller,

            is a party to the transaction or has a material financial interest in the transaction. (Transactions and interests which are de minimis in value should not be included.)

            October 2010

      • HC-2.3 HC-2.3 Avoidance of Conflicts of Interest

        • HC-2.3.1

          Each approved person must make every practicable effort to arrange his personal and business affairs to avoid a conflict of interest with the Islamic bank licensee.

          October 2010

        • HC-2.3.2

          The Board must establish and disseminate to its members and management, policies and procedures for the identification, reporting, disclosure, prevention, or strict limitation of potential conflicts of interest. It is senior management's responsibility to implement these policies. Rules concerning connected party transactions and potential conflicts of interest may be dealt with in the Code of Conduct (see HC-2.2.4). In particular, the CBB requires that any decisions to enter into transactions, under which approved persons would have conflicts of interest that are material, should be formally and unanimously approved by the full Board. Best practice would dictate that an approved person must:

          (a) Not enter into competition with the bank;
          (b) Not demand or accept substantial gifts from the bank for himself or connected persons;
          (c) Not misuse the bank's' assets;
          (d) Not use the Islamic bank licensee's privileged information or take advantage of business opportunities to which the Islamic bank licensee is entitled, for himself or his associates; and
          (e) Absent themselves from any discussions or decision-making that involves a subject where they are incapable of providing objective advice, or which involves a subject or (proposed) transaction where a conflict of interest exists.
          Amended: April 2011
          Amended: January 2011
          October 2010

        • HC-2.3.3

          Bahraini Islamic bank licensees must have in place a board approved policy on the employment of relatives of approved persons and a summary of such policy must be disclosed in the annual report of the Bahraini Islamic bank licensee.

          Amended: July 2016
          Added: April 2016

        • HC-2.3.4

          Branches of foreign bank licensees must have in place a policy on the employment of relatives of approved persons pertaining to their Bahrain operations.

          Amended: April 2019
          Added: July 2016

      • HC-2.4 HC-2.4 Disclosure of Conflicts of Interest

        • HC-2.4.1

          Each approved person must inform the entire Board of (potential) conflicts of interest in their activities with, and commitments to other organisations as they arise. Board members must abstain from voting on the matter in accordance with the relevant provisions of the Company Law. This disclosure must include all material facts in the case of a contract or transaction involving the approved person. The approved persons must understand that any approval of a conflicted transaction is effective only if all material facts are known to the authorising persons and the conflicted person did not participate in the decision. In any case, all approved persons must declare in writing all of their other interests in other enterprises or activities (whether as a shareholder of above 5% of the voting capital of a company, a manager, or other form of significant participation) to the Board (or the Nominations or Audit Committees) on an annual basis.

          Amended: January 2013
          Amended: January 2011
          October 2010

        • HC-2.4.1A

          The chief executive/general manager of the Bahraini Islamic bank licensees must disclose to the board of directors on an annual basis those individuals who are occupying controlled functions and who are relatives of any approved persons within the Bahraini Islamic bank licensee.

          Amended: July 2016
          Added: April 2016

        • HC-2.4.1B

          The chief executive/general manager of the branch of foreign bank licensee must disclose to a designated officer at its head office or regional manager on an annual basis those individuals who are occupying controlled functions and who are relatives of any approved persons within the branch of foreign bank licensee.

          Amended: April 2019
          Added: July 2016

        • HC-2.4.2

          The Board of a Bahraini Islamic bank licensee should establish formal procedures for:

          (a) Periodic disclosure and updating of information by each approved person on his actual and potential conflicts of interest; and
          (b) Advance approval by directors or shareholders who do not have an interest in the transactions in which an Islamic bank licensee's approved person has a personal interest. The Board should require such advance approval in every case.
          Amended: July 2016
          October 2010

      • HC-2.5 HC-2.5 Disclosure of Conflicts of Interest to Shareholders

        • HC-2.5.1

          The Islamic bank licensee must disclose to its shareholders in the Annual Report any abstention from voting motivated by a conflict of interest and must disclose to its shareholders any authorisation of a conflict of interest contract or transaction in accordance with the Company Law.

          October 2010

    • HC-3 HC-3 Audit Committee and Financial Statements Certification

      • HC-3.1 HC-3.1 Principle

        • HC-3.1.1

          The Board must have rigorous controls for financial audit and reporting, internal control, and compliance with law.

          October 2010

      • HC-3.2 HC-3.2 Audit Committee

        • HC-3.2.1

          The Board must establish an audit committee of at least three directors of which the majority must be independent including the Chairman. The committee must:

          (a) Review the Islamic bank licensee's accounting and financial practices;
          (b) Review the integrity of the Islamic bank licensee's financial and internal controls and financial statements (particularly with reference to information passed to the Board — see HC-1.2.10). The information needs of the Board to perform its monitoring responsibilities must be defined in writing, and regularly monitored by the Audit Committee;
          (c) Review the Islamic bank licensee's compliance with legal requirements;
          (d) Recommend the appointment, compensation and oversight of the Islamic bank licensee's external auditor; and
          (e) Recommend the appointment of the internal auditor.
          Amended: January 2012
          Amended: January 2011
          October 2010

        • HC-3.2.2

          In its review of the systems and controls framework in Paragraph HC-3.2.1, the audit committee must:

          (a) Make effective use of the work of external and internal auditors. The audit committee must ensure the integrity of the bank's accounting and financial reporting systems through regular independent review (by internal and external audit). Audit findings must be used as an independent check on the information received from management about the bank's operations and performance and the effectiveness of internal controls; and
          (b) Make use of self-assessments, stress/scenario tests, and/or independent judgements made by external advisors. The Board should appoint supporting committees, and engage senior management to assist the audit committee in the oversight of risk management; and
          (c) Ensure that senior management have put in place appropriate systems of control for the business of the bank and the information needs of the Board; in particular, there must be appropriate systems and functions for identifying as well as for monitoring risk, the financial position of the bank, and compliance with applicable laws, regulations and best practice standards. The systems must produce information on a timely basis.
          October 2010

        • HC-3.2.3

          The Islamic bank licensee must set up an internal audit function, which reports directly to the Audit Committee and administratively to the CEO.

          October 2010

        • HC-3.2.4

          The CEO must not be a member of the audit committee.

          October 2010

      • HC-3.3 HC-3.3 Audit Committee Charter

        • HC-3.3.1

          The audit committee must adopt a written charter which shall, at a minimum, state the duties outlined in Paragraph HC-3.2.1 and the other matters included in Appendix A to this Module.

          October 2010

        • HC-3.3.2

          A majority of the audit committee must have the financial literacy qualifications stated in Appendix A.

          October 2010

        • HC-3.3.3

          The Board should adopt a "whistleblower" program under which employees can confidentially raise concerns about possible improprieties in financial or legal matters. Under the program, concerns may be communicated directly to any audit committee member or, alternatively, to an identified officer or employee who will report directly to the Audit Committee on this point.

          October 2010

      • HC-3.4 HC-3.4 CEO and CFO Certification of Financial Statements

        • HC-3.4.1

          To encourage management accountability for the financial statements required by the directors, the Islamic bank licensee's CEO and chief financial officer must state in writing to the audit committee and the Board as a whole that the Islamic bank licensee's interim and annual financial statements present a true and fair view, in all material respects, of the Islamic bank licensee's financial condition and results of operations in accordance with applicable accounting standards.

          October 2010

    • HC-4 HC-4 Appointment, Training and Evaluation of the Board

      • HC-4.1 HC-4.1 Principle

        • HC-4.1.1

          The Islamic bank licensee must have rigorous and transparent procedures for appointment, training and evaluation of the Board.

          October 2010

      • HC-4.2 HC-4.2 Nominating Committee

        • HC-4.2.1

          The Board must establish a Nominating Committee of at least three directors which must:

          (a) Identify persons qualified to become members of the Board of directors or Chief Executive Officer, Chief Financial Officer, Corporate Secretary and any other officers of the Islamic bank licensee considered appropriate by the Board, with the exception of the appointment of the internal auditor which shall be the responsibility of the Audit Committee in accordance with Paragraph HC-3.2.1 above; and
          (b) Make recommendations to the whole Board of directors including recommendations of candidates for Board membership to be included by the Board of directors on the agenda for the next annual shareholder meeting.
          October 2010

        • HC-4.2.2

          The committee must include only independent directors or, alternatively, only non-executive directors of whom a majority must be independent directors and the chairman must be an independent director. This is consistent with international best practice and it recognises that the Nominating Committee must exercise judgment free from personal career conflicts of interest.

          October 2010

      • HC-4.3 HC-4.3 Nominating Committee Charter

        • HC-4.3.1

          The Nominating Committee must adopt a formal written charter which must, at a minimum, state the duties outlined in Paragraph HC-4.2.1 and the other matters included in Appendix B to this Module.

          October 2010

      • HC-4.4 HC-4.4 Board Nominations to Shareholders

        • HC-4.4.1

          Each proposal by the Board to the shareholders for election or reelection of a director must be accompanied by a recommendation from the Board, a summary of the advice of the Nominating Committee, and the following specific information:

          (a) The term to be served, which may not exceed three years (but there need not be a limit on reelection for further terms);
          (b) Biographical details and professional qualifications;
          (c) In the case of an independent director, a statement that the Board has determined that the criteria of independent director have been met;
          (d) Any other directorships held;
          (e) Particulars of other positions which involve significant time commitments, and
          (f) Details of relationships between:
          (i) The candidate and the Islamic bank licensee, and
          (ii) The candidate and other directors of the Islamic bank licensee.
          October 2010

        • HC-4.4.2

          The chairman of the Board should confirm to shareholders when proposing re-election of a director that, following a formal performance evaluation, the person's performance continues to be effective and continues to demonstrate commitment to the role. Any term beyond six years (e.g. two three-year terms) for a director should be subject to particularly rigorous review, and should take into account the need for progressive refreshing of the Board. Serving more than six years is relevant to the determination of a non-executive director's independence.

          October 2010

      • HC-4.5 HC-4.5 Induction and Training of Directors

        • HC-4.5.1

          The chairman of the Board must ensure that each new director receives a formal and tailored induction to ensure his contribution to the Board from the beginning of his term. The induction must include meetings with senior management, visits to the Islamic bank licensee's facilities, presentations regarding strategic plans, significant financial, accounting and risk management issues, compliance programs, its internal and external auditors and legal counsel.

          October 2010

        • HC-4.5.2

          All continuing directors must be invited to attend orientation meetings and all directors must continually educate themselves as to the Islamic bank licensee's business and corporate governance.

          October 2010

        • HC-4.5.3

          Management, in consultation with the chairman of the Board, should hold programs and presentations to directors respecting the Islamic bank licensee's business and industry, which may include periodic attendance at conferences and management meetings. The Nominating Committee shall oversee directors' corporate governance educational activities.

          October 2010

    • HC-5 HC-5 Remuneration of Approved Persons and Material Risk-Takers

      • HC-5.1 HC-5.1 Principle

        • HC-5.1.1

          The Islamic bank licensee must remunerate approved persons and material risk-takers fairly and responsibly.

          Amended: January 2014
          October 2010

      • HC-5.2 HC-5.2 Role of the Board of Directors and Remuneration Committee

        • HC-5.2.1AA

          The board of directors must actively oversee the remuneration system s design and operation for approved persons as well as for material risk-takers. The CEO and senior management must not primarily control the remuneration system.

          Added: January 2014

        • HC-5.2.1

          The Board must establish a remuneration committee of at least three directors which must:

          (a) Review the Islamic bank licensee's remuneration policies for the approved persons and material risk-takers, which must be approved by the shareholders and be consistent with the corporate values and strategy of the bank;
          (b) Approve the remuneration package and amounts for each approved person and material risk-taker, as well as the total variable remuneration to be distributed, taking account of total remuneration including salaries, fees, expenses, bonuses and other employee benefits;
          (c) Approve, monitor and review the remuneration system to ensure the system operates as intended; and
          (d) Recommend Board member remuneration based on their attendance and performance and in compliance with Article 188 of the Company Law.
          Amended: January 2017
          Amended: July 2014
          Amended: January 2014
          October 2010

        • HC-5.2.1A

          In reviewing the remuneration system (see Subparagraph HC-5.2.1(c)), the remuneration committee should ensure that the system includes effective controls, including back testing and stress testing of the remuneration policy. The practical operation of the system should be regularly reviewed for compliance with regulations, internal policies and bank procedures. In addition, remuneration outcomes, risk measurements, and risk outcomes should be regularly reviewed by the Board for consistency with Board's approved risk appetite.

          Added: January 2014

        • HC-5.2.1B

          Stress testing or stressed measures might be used by banks to help ex-ante risk adjustments take into account severe but plausible scenarios, based on possible expected loss on loans, as an example. Due to the uncertainty of payoffs, there will always be a need for ex-post adjustments so as to back-test actual performance against risk assumptions.

          Added: January 2014

        • HC-5.2.1C

          As part of the duties noted under Paragraph HC-5.2.1, the remuneration committee must carefully evaluate practices by which remuneration is paid for potential future revenues whose timing and likelihood remain uncertain. It must demonstrate that its decisions are consistent with an assessment of the bank's financial condition and future prospects.

          Added: January 2014

        • HC-5.2.2

          The committee may be merged with the nominating committee.

          October 2010

      • HC-5.3 HC-5.3 Remuneration Committee Charter

        • HC-5.3.1

          The committee must adopt a written charter which must, at a minimum, state the duties in Paragraph HC-5.2.1 and other matters in Appendix C of this Module.

          October 2010

        • HC-5.3.1A

          Members of the remuneration committee must have independence of any risk taking function or committees.

          Added: January 2014

        • HC-5.3.2

          The committee should include only independent directors or, alternatively, only non-executive directors of whom a majority are independent directors and the chairman is an independent director. This is consistent with international best practice and it recognises that the remuneration committee must exercise judgment free from personal career conflicts of interest.

          October 2010

      • HC-5.4 HC-5.4 Standard for all Remuneration

        • HC-5.4.1

          Remuneration of approved persons and material risk-takers must be sufficient enough to attract, retain and motivate persons of the quality needed to run the Islamic bank licensee successfully, but the Islamic bank licensee must avoid paying more than is necessary for that purpose.

          Amended: January 2014
          October 2010

        • HC-5.4.2

          While this Section applies to all approved persons and material risk-takers for the Bahrain operations, the rules on the proportion of fixed and variable remuneration (Paragraph HC-5.4.30) as well as those rules related to the deferral of variable remuneration (Paragraphs HC-5.4.31 and HC-5.4.32) and the obligation to have part of the variable remuneration in shares (Paragraphs HC-5.4.33 and HC-5.4.34) apply only to:

          (a) Approved persons; or
          (b) Material risk-takers

          whose total annual remuneration (including all benefits) is in excess of BD100,000, unless the board of directors requires the application of these Rules to all staff.

          Amended: January 2015
          Amended: July 2014
          Added: January 2014

        • HC-5.4.3

          All policies for performance-based incentives should be approved by the shareholders, but the approval should be only of the plan itself and not of the grant to specific individuals of benefits under the plan.

          Added: January 2014

        • HC-5.4.3A

          As noted in Sections AU-3.7 and BR-4A.3, the external auditor or a CBB approved consultancy firm must undertake an annual review of the bank's compliance with the remuneration Rules outlined in this Chapter. The results of this review are to be submitted to the CBB within 3 months from the financial year end.

          Amended: July 2015
          Moved from HC-5.4.6 to HC-5.4.3A: January 2015
          Amended: October 2014
          Added: January 2014

        • Application to Branches of Foreign Banks

          • HC-5.4.4

            Banks operating as branches of foreign bank licensee in Bahrain must apply the most stringent set of remuneration rules to which they may be subject to. Such rules are:

            (a) The requirements imposed in Bahrain with respect to remuneration as outlined in Volume 2 CBB Rulebook; and
            (b) The requirements imposed by their home supervisor and head office.
            Amended: January 2021
            Amended: April 2019
            Added: January 2014

        • HC-5.4.5

          [This Paragraph was deleted in January 2015.]

          Deleted: January 2015
          Added: January 2014

        • HC-5.4.6

          [Moved to Paragraph HC-5.4.3A in January 2015.]

          Amended: January 2015
          Amended: October 2014
          Added: January 2014

        • Approved Persons in Risk Management, Internal Audit, Operations, Financial Controls, Internal Shari'a Review/Audit, AML and Compliance Functions

          • HC-5.4.7

            The bank's approved persons engaged in risk management, internal audit, operations, financial controls, internal Shari'a review/audit, AML and compliance functions must be independent, have appropriate authority, and be remunerated in a manner that is independent of the business areas they oversee and commensurate with their key role in the bank. Effective independence and appropriate authority of such staff are necessary to preserve the integrity of financial risk and management's influence on incentive remuneration.

            Amended: July 2014
            Added: January 2014

          • HC-5.4.8

            The performance measures of approved persons referred to in Paragraph HC-5.4.7 must be based principally on the achievement of the objectives and targets of their functions.

            Added: January 2014

          • HC-5.4.9

            The mix of fixed and variable remuneration for risk management, internal audit, operations, financial controls, internal Shari'a review/audit, AML and compliance functions personnel must be weighted in favour of fixed remuneration.

            Amended: July 2014
            Added: January 2014

        • Effective Alignment of Remuneration with Prudent Risk-Taking

          • Alignment of All Staff Remuneration with Compliance with AML/CFT Requirements

            • HC-5.4.9A

              The performance evaluation and remuneration of senior management and staff of the Islamic bank licensee must be based on the achievement of the Key Performance Indicators (KPIs) relevant to ensuring compliance with AML/CFT requirements as specified in Paragraphs FC-2.1.3 and FC-2.1.4.

              Added: April 2020

            • HC-5.4.10

              Remuneration must be adjusted for all types of risks.

              Added: January 2014

            • HC-5.4.11

              In relation to Paragraph HC-5.4.10, two employees who generate the same short-run profit but take different amounts of risk on behalf of their bank should not be treated the same by the remuneration system.

              Added: January 2014

            • HC-5.4.12

              Both quantitative measures and human judgement must play a role in determining risk adjustments.

              Added: January 2014

            • HC-5.4.13

              Risk adjustments must account for all types of risk, including intangible and other risks such as reputation risk, liquidity risk and the cost of capital.

              Added: January 2014

            • HC-5.4.14

              Banks' remuneration policies and practices must be designed to reduce employees' incentives to take excessive and undue risk.

              Added: January 2014

            • HC-5.4.15

              Remuneration outcomes must be symmetric with risk outcomes.

              Added: January 2014

            • HC-5.4.16

              The mix of cash, equity and other forms of remuneration must be consistent with risk alignment. The mix will vary depending on the employee's position and role and the bank must be able to explain the rationale for its mix to the CBB.

              Added: January 2014

            • HC-5.4.17

              Existing contractual payments related to a termination of employment must be re-examined, and kept in place only if there is a clear basis for concluding that they are aligned with long-term value creation and prudent risk-taking. Prospectively, any such payments must be related to performance achieved over time and designed in a way that does not reward failure.

              Added: January 2014

            • HC-5.4.18

              Banks must ensure that their employees commit themselves not to use personal hedging strategies or remuneration- and liability-related insurance to undermine the risk alignment effects embedded in their remuneration arrangements. Banks must ensure that appropriate compliance mechanisms are in place to monitor their employees commitment in this regard such as signed adherence by staff to the bank's code of ethics which should include the conditions outlined in this Paragraph.

              Added: January 2014

          • Variable Remuneration

            • HC-5.4.19

              Remuneration systems must link the size of the bonus pool to the overall performance of the bank.

              Added: January 2014

            • HC-5.4.20

              Employees' incentive payments must be linked to the contribution of the individual and business to such performance.

              Added: January 2014

            • HC-5.4.21

              As profits and losses of different activities of a bank are realised over different periods of time, remuneration payout schedules must be sensitive to the time horizon of risks and variable remuneration must therefore be deferred accordingly. Variable remuneration must not be finalised over short periods where risks are realised over long periods.

              Added: January 2014

            • HC-5.4.22

              The remuneration committee of the bank must question payouts for income that cannot be realised or whose likelihood of realisation remains uncertain at the time of payout.

              Amended: July 2014
              Added: January 2014

            • HC-5.4.23

              Banks must ensure that total variable remuneration does not limit their ability to strengthen their capital base. The extent to which capital needs to be built up must be a function of a bank's current capital position and its ICAAP.

              Added: January 2014

            • HC-5.4.24

              The size of the variable remuneration pool and its allocation within the bank must take into account the full range of current and potential risks, including:

              (a) The cost and quantity of capital required to support the risks taken;
              (b) The cost and quantity of the liquidity risk assumed in the conduct of business; and
              (c) Consistency with the timing and likelihood of potential future revenues incorporated into current earnings.
              Amended: July 2014
              Added: January 2014

            • HC-5.4.25

              Paragraph HC-5.4.24 focuses on the overall size of the variable remuneration, at the overall bank level, in order to ensure that the recognition and accrual of variable remuneration will not compromise the financial soundness of the bank.

              Added: January 2014

            • HC-5.4.26

              Bonuses must diminish or be deferred in the event of poor bank, divisional or business unit performance.

              Added: January 2014

            • HC-5.4.27

              Subdued or negative financial performance of the bank should generally lead to a considerable contraction of the bank's total variable remuneration, taking into account both current remuneration and reductions in payouts of amounts previously earned, including through malus and clawback arrangements. Recognition of staff who have achieved their targets or better, may take place by way of deferred compensation, which may be paid once the bank's performance improves.

              Added: January 2014

            • HC-5.4.28

              If the bank and/or relevant line of business is incurring losses in any year during the vesting period, any unvested portions must be subject to malus.

              Amended: July 2014
              Added: January 2014

            • HC-5.4.29

              Accrual and deferral of variable remuneration does not oblige the bank to pay the variable remuneration, particularly when the anticipated outcome has not materialised or the bank's financial position does not support such payments.

              Added: January 2014

            • HC-5.4.30

              For approved persons and material risk-takers, other than those covered under Paragraphs HC-5.4.9 and Section HC-5.5, as their actions have a material impact on the risk exposure of the bank:

              (a) An appropriate ratio between the fixed and variable components of total remuneration must be set to ensure that fixed and variable components of total remuneration are appropriately balanced and paid on the basis of individual, business-unit and bank-wide measures that adequately measure performance; and
              (b) The variable proportion of remuneration must increase significantly along with the level of seniority and/or responsibility.
              Amended: October 2016
              Amended: July 2014
              Added: January 2014

            • HC-5.4.30A

              The level of the fixed component referred to in Subparagraph HC-5.4.30(a) should represent a sufficiently high proportion of the total remuneration to allow the operation of a fully flexible policy on variable remuneration components, including the possibility to pay no variable component.

              Amended: October 2016
              Added: July 2014

            • HC-5.4.31

              For purposes of Paragraph HC-5.4.30:

              (a) At least 40% of the variable remuneration must be payable under deferral arrangements over a period of at least 3 years; and
              (b) For the CEO, his deputies and the other 5 most highly paid business line employees, at least 60% of the variable remuneration must be payable under deferral arrangements over a period of at least 3 years.
              Amended: July 2014
              Added: January 2014

            • HC-5.4.32

              The deferral period referred to under Subparagraph HC-5.4.31(a) must be aligned with the nature of the business, its risks and the activities of the employee in question. Remuneration payable under deferral arrangements should generally vest no faster than on a pro rata basis.

              Added: January 2014

            • HC-5.4.33

              As a minimum, 50% of variable remuneration (including both the deferred and undeferred portions of the variable remuneration) must be awarded in shares or share-linked instruments or where appropriate, other non-cash instruments.

              Added: January 2014

            • HC-5.4.34

              The remaining portion (other than that mentioned under Paragraph HC-5.4.33) of the deferred remuneration can be paid as cash remuneration vested over a minimum 3-year period.

              Added: January 2014

            • HC-5.4.34A

              The only instance where deferred remuneration can be paid out before the end of the vesting period is in the case of the death of the employee where the beneficiaries would receive any unpaid deferred remuneration.

              Added: July 2014

            • HC-5.4.35

              Banks must not provide any form of guaranteed variable remuneration as part of the overall remuneration package. Exceptional minimum variable remuneration must only occur in the context of hiring new staff and limited to the first year.

              Amended: July 2014
              Added: January 2014

          • Remuneration in the Form of Shares or Share-Linked Instruments

            • HC-5.4.36

              Awards in shares or share-linked instruments must be subject to a minimum share retention policy of 6 months from the time the shares are awarded, unless the bank's policy requires a longer period.

              Amended: July 2014
              Added: January 2014

            • HC-5.4.37

              For Bahraini Islamic bank licensees, where fixed or variable remuneration include common shares, banks must limit the shares awarded to an annual aggregate limit of 10% of the total issued shares outstanding of the bank, at all times.

              Amended: July 2014
              Added: January 2014

            • HC-5.4.38

              For Bahraini Islamic bank licensees, all share incentive plans must be approved by the shareholders.

              Amended: July 2014
              Added: January 2014

          • Remuneration from Projects and Investments

            • HC-5.4.39

              In reference to Paragraph HC-2.2.6, for greater certainty, approved persons are not allowed to take any benefits from any projects or investments which are managed by the Islamic bank licensee or promoted to its customers or potential customers except for board related remuneration (declared as per Paragraph HC-2.4.1) linked to their fiduciary duties to the investors of the project/investment. This Rule applies to all approved persons including those appointed as members of the board of special purpose vehicles or other operating companies set up by the Islamic bank licensee for projects or investments.

              Added: January 2014

            • HC-5.4.40

              The reference to benefits in Paragraph HC-5.4.39 includes commission, fees, shares, consideration in kind, or other remuneration or incentives in respect of the performance of the project or investment

              Added: January 2014

      • HC-5.5 HC-5.5 Board of Directors' Remuneration

        • HC-5.5.1

          Remuneration of non-executive directors must not include performance-related elements such as grants of shares, share options or other deferred stock-related incentive schemes, bonuses, or pension benefits.

          October 2010

        • HC-5.5.2

          The Board of Directors' remuneration must be capped so that total remuneration is in line with Article 188 of the Company Law, in any financial year and has been approved by the shareholders.

          Amended: April 2015
          Amended: July 2014
          Added: January 2014

        • HC-5.5.3

          If a senior manager is also a director, his remuneration as a senior manager must take into account compensation received in his capacity as a director.

          Added: January 2014

        • HC-5.5.4

          In the years where the bank has not generated any profits it must comply with the approval requirements of Article 188 of the Company Law.

          Added: January 2014

        • HC-5.5.5

          In addition to the requirements of Article 188 of the Company Law, the articles of association regarding remuneration of the board of directors must be in line with the Rules outlined in this Chapter.

          Added: January 2014

      • HC-5.6 HC-5.6 [This Section was deleted and is replaced with requirements contained under Section HC-5.4]

        Deleted: January 2014

        • HC-5.6.1

          [This paragraph was deleted and is replaced with requirements contained under Section HC-5.4]

          Deleted: January 2014
          October 2010

        • HC-5.6.2

          [This paragraph was deleted and is replaced with requirements contained under Section HC-5.4]

          Deleted: January 2014
          October 2010

        • HC-5.6.3

          [This paragraph was deleted and is replaced with requirements contained under Section HC-5.4]

          Deleted: January 2014
          October 2010

        • HC-5.6.4

          [This paragraph was deleted and is replaced with requirements contained under Section HC-5.4]

          Deleted: January 2014
          October 2010

        • HC-5.6.5

          [This paragraph was deleted and is replaced with requirements contained under Section HC-5.4]

          Deleted: January 2014
          October 2010

        • HC-5.6.6

          [This paragraph was deleted and is replaced with requirements contained under Section HC-5.4]

          Deleted: January 2014
          Amended: January 2012
          October 2010

    • HC-6 HC-6 Management Structure

      • HC-6.1 HC-6.1 Principle

        • HC-6.1.1

          The Board must establish a clear and efficient management structure.

          October 2010

      • HC-6.2 HC-6.2 Establishment of Management Structure

        • HC-6.2.1

          The Board must appoint senior management whose authority must include management and operation of current activities of the Islamic bank licensee under the direction and oversight of the Board. The senior management must include at a minimum:

          (a) A CEO;
          (b) A chief financial officer;
          (c) A corporate secretary; and
          (d) An internal auditor,

          and must also include such other approved persons as the Board considers appropriate.

          Amended: April 2020
          Amended: October 2011
          Added: October 2010

      • HC-6.3 HC-6.3 Titles, Authorities, Duties and Reporting Responsibilities

        • HC-6.3.1

          The Board must adopt by-laws prescribing each senior manager's title, authorities, duties, accountabilities and internal reporting responsibilities. This must be done with the advice of the Nominating Committee and in consultation with the CEO, to whom the other senior managers should normally report.

          Amended: January 2012
          October 2010

        • HC-6.3.2

          These provisions must include but should not be limited to the following:

          (a) The CEO must have authority to act generally in the Islamic bank licensee's name, representing the Islamic bank licensee's interests in concluding transactions on the Islamic bank licensee's behalf and giving instructions to other senior managers and Islamic bank licensee employees;
          (b) The chief financial officer must be responsible and accountable for:
          (i) The complete, timely, reliable and accurate preparation of the Islamic bank licensee's financial statements, in accordance with the accounting standards and policies of the Islamic bank licensee (see also HC-3.4.1); and
          (ii) Presenting the Board with a balanced and understandable assessment of the Islamic bank licensee's financial situation;
          (c) The corporate secretary's duties must include arranging, recording and following up on the actions, decisions and meetings of the Board and of the shareholders (both at annual and extraordinary meetings) in books to be kept for that purpose; and
          (d) The internal auditor's duties must include providing an independent and objective review of the efficiency of the Islamic bank licensee's operations. This would include a review of the accuracy and reliability of the Islamic bank licensee's accounting records and financial reports as well as a review of the adequacy and effectiveness of the Islamic bank licensee's risk management, control, and governance processes.
          October 2010

        • HC-6.3.3

          The Board should also specify any limits which it wishes to set on the authority of the CEO or other senior managers, such as monetary maximums for transactions which they may authorise without separate Board approval.

          October 2010

        • HC-6.3.4

          The corporate secretary should be given general responsibility for reviewing the Islamic bank licensee's procedures and advising the Board directly on such matters (see Rule HC-6.3.2(c)). Whenever practical, the corporate secretary should be a person with legal or similar professional experience and training

          October 2010

        • HC-6.3.5

          At least annually the Board shall review and concur in a succession plan addressing the policies and principles for selecting a successor to the CEO, both in emergencies and in the normal course of business. The succession plan should include an assessment of the experience, performance, skills and planned career paths for possible successors to the CEO.

          October 2010

      • HC-6.4 HC-6.4 Compliance

        • HC-6.4.1

          Compliance starts at the top. It will be most effective in a corporate culture that emphasises standards of honesty and integrity and in which the board of directors and senior management lead by example. It concerns everyone within the bank and should be viewed as an integral part of the bank's business activities. A bank should hold itself to high standards when carrying on business, and at all times strive to observe the spirit as well as the letter of the law. Failure to consider the impact of its actions on its shareholders, customers, employees and the markets may result in significant adverse publicity and reputational damage, even if no law has been broken.

          Amended: January 2019
          October 2010

        • HC-6.4.2

          Islamic bank licensees must establish an effective compliance framework, which is appropriate for the size and complexity of their operations, for managing their compliance risks.

          Amended: January 2019
          October 2010

        • HC-6.4.3

          The term "Compliance risk" refers to the risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, directives, directions, reporting requirements and codes of conduct, including internal code of conduct.

          Amended: January 2019
          Amended: October 2014
          October 2010

        • HC-6.4.4

          Compliance laws, rules and standards generally cover matters such as observing proper prudential standards, standards of market conduct, managing conflicts of interest, treating customers fairly and ensuring suitability of customer advice, as well as matters specified in HC-6.4.3 above. They typically include specific areas such as the prevention of money laundering and terrorist financing, and may extend to tax laws that are relevant to the structuring of banking products or customer advice.

          Added: January 2019

        • HC-6.4.5

          It is important that banks do not consider compliance function as a cost center rather it is an activity that enhances the reputation of the bank and promotes the right environment for better financial performance.

          Added: January 2019

        • HC-6.4.6

          The relationship between a bank's business units, the support functions and the compliance function can be explained using the three lines of defence model.

          a) The business units are the first line of defence. They undertake the management of risks within assigned limits of risk exposure and are responsible and accountable for identifying, assessing and controlling the risks of their business.
          b) The second line of defence includes the support functions, such as risk management, compliance, legal, human resources, finance, operations, and technology. Each of these functions, in close relationship with the business units, ensures that risks in the business units have been appropriately identified and managed. The business support functions work closely to help define strategy, implement bank policies and procedures, and collect information to create a bank-wide view of risks.
          c) The third line of defence is the internal audit function that independently assesses the effectiveness of the controls over the processes created in the first and second lines of defence and provides assurance on these processes. The responsibility for internal control does not transfer from one line of defence to the next line.
          Added: January 2019

        • Responsibilities of the Board of Directors

          • HC-6.4.7

            The board of directors of an Islamic bank licensee is responsible for overseeing the management of the bank's compliance risk. The board must establish a permanent and effective compliance function and approve the bank's compliance policies for identifying, assessing, monitoring, reporting and advising on compliance risk. At least once a year, the board or a designated board committee must assess the extent to which the bank is managing its compliance risk effectively. The board must also ensure that the agenda for the meetings of the board or the designated board committee include compliance as a topic at least every quarter.

            Amended: January 2020
            Added: January 2019

          • HC-6.4.8

            The board designated committee referred to in HC-6.4.7 may be the audit committee, the governance committee, the risk committee, or other committee which does not have a role in the business or executive roles, such as those relevant to executive committees and investment committees. For branches of foreign bank licensees, all references in this Section to the Board/the designated board committee should be interpreted as the Group Compliance Officer or a sufficiently senior level Regional Compliance Committee or Officer.

            Added: January 2019

        • Responsibilities of the Senior Management

          • HC-6.4.9

            Senior management is responsible for effective management of bank's compliance risk.

            Added: January 2019

          • HC-6.4.10

            Senior management is responsible for establishing the operating framework and the processes to support a permanent and an effective compliance function. It is responsible for establishing and communicating a written compliance policy through all levels of the organisation for ensuring that it is adhered to in practice. It is responsible also for approving the bank's compliance procedures for identifying, assessing, monitoring, reporting and advising on compliance risk.

            Amended: January 2020
            Added: January 2019

          • HC-6.4.11

            The compliance policy must be approved by the Board/the designated board committee and must address the following:

            (a) The role and responsibilities of the compliance function;
            (b) Measures to ensure its independence;
            (c) Its relationship with other risk management functions within the bank and with the internal audit function;
            (d) In cases where compliance responsibilities are carried out by staff in different departments, how these responsibilities are to be allocated among the departments;
            (e) Its right to obtain access to information necessary to carry out its responsibilities, and the corresponding duty of bank staff to cooperate in supplying this information;
            (f) Its right to conduct investigations of possible breaches of the relevant laws and regulations and the compliance policy and to appoint outside experts to perform this task if appropriate; and
            (g) Its right to be able freely to express and disclose its findings to the board of directors or to the designated board committee, e.g. the audit committee or the governance committee of the board.
            (h) The basic principles to be followed by management and staff describing the main processes by which compliance risks are to be identified and managed through all levels of the organization.
            Added: January 2019

          • HC-6.4.12

            The Board and the designated Board committee must ensure that all compliance findings and recommendations are resolved within six months for high risk/critical issues and 9 months for any other issues from the issue date of the subject compliance report unless otherwise agreed with the CBB taking into consideration time required for specific issues that may require substantive changes to technology, systems and/or processes.

            Added: January 2019

          • HC-6.4.13

            Senior management must assess the training needs of staff taking into account the existing skills and competencies, the nature of changes to laws and regulations in developing a training plan for compliance across all levels throughout the organisation. Training must be provided by competent and skilled personnel, whether available internally or externally. Training that is provided must reflect the seniority, role and responsibilities of the individuals for whom it is intended.

            Added: January 2019

        • Compliance Function

          • HC-6.4.14

            Islamic bank licensees must organise their compliance function and set priorities for the management of their compliance risk in a way that is consistent with their own risk management strategy and structures.

            Added: January 2019

          • HC-6.4.15

            The compliance function must be independent and effective. It must be headed by an executive or senior staff member with overall responsibility for co-ordinating the identification and management of the bank's compliance risk and for supervising the activities of other compliance function staff.

            Added: January 2019

          • HC-6.4.16

            The Head of Compliance, with the assistance of senior management must:

            (a) report to the board of directors or the designated committee of the board on a quarterly basis, even if there are no issues to highlight,
            (b) report to the board or the designated committee of the board on the bank's management of its compliance risk, in such a manner as to assist board members to make an informed judgment on whether the bank is managing its compliance risk effectively;
            (c) report promptly to the board or the designated committee of the board on any material compliance failures as they arise (e.g. failures that may attract a significant risk of legal or regulatory sanctions, material financial loss, or loss to reputation); and
            (d) ensure that senior management develop remedial action plans to address compliance breaches.
            Added: January 2019

          • HC-6.4.17

            The role of head of compliance may be combined with those of the head of risk if the size and nature of the bank justifies a single function for both roles. Banks which carry out limited operations or are small branches of foreign banks would qualify for such a practice.

            Added: January 2019

          • HC-6.4.18

            The compliance function should assist senior management, the board and the designated committee of the board in their compliance obligations and help promote the right culture within the bank. While the board and management are accountable for the bank's compliance, the compliance function has an important role in supporting corporate values, policies and processes that help ensure that the bank acts responsibly and fulfils all applicable obligations.

            Added: January 2019

          • HC-6.4.19

            The independence and effectiveness of the function must be based on the following related elements:

            (a) The compliance function must have a formal status with sufficient authority within the bank;
            (b) There must be a group compliance officer or head of compliance with overall responsibility for co-ordinating the management of the bank's compliance risk;
            (c) Compliance function staff, and in particular, the head of compliance, must not be placed in a position where there is a possible conflict of interest between their compliance responsibilities and any other responsibilities they have;
            (d) Compliance function staff must have access to the information and personnel necessary to carry out their responsibilities; and
            (e) The compliance function must directly report to the board or a designated board committee in the case of Bahraini Islamic bank licensees) and administratively to the CEO; and
            (f) In the case of branches of foreign bank licensees, the reporting must be to the Group Compliance Officer or Regional Compliance Officer and may report administratively to the CEO/GM.
            Added: January 2019

          • HC-6.4.20

            The concept of independence does not mean that the compliance function cannot work closely with management and staff in the various business units. Indeed, a co-operative working relationship between compliance function and business units should help to identify and manage compliance risks at an early stage. Rather, the various elements described above should be viewed as safeguards to help ensure the effectiveness of the compliance function, notwithstanding the close working relationship between the compliance function and the business units. The way in which the safeguards are implemented will depend to some extent on the specific responsibilities of individual compliance function staff.

            Added: January 2019

          • HC-6.4.21

            The compliance function should be free to highlight to senior management on any irregularities or possible breaches disclosed by its investigations, without fear of retaliation or disfavour from management or other staff members.

            Added: January 2019

          • HC-6.4.22

            Appointment, dismissal and other changes to the head of compliance must be approved by the board or the designated board committee. Appointments of head of compliance must be approved by the CBB in accordance with paragraph LR-1A.1.17. If the head of compliance is removed from his or her position for any reason, this must be notified to the CBB, describing fully the reasons as required under paragraph LR-1A.1.22.

            Added: January 2019

          • HC-6.4.23

            Islamic bank licensees must ensure that the compliance risk management framework is subject to an independent review by a third party consultant, other than the external auditor, every three years and when there are material changes to the business. The results of the independent review and action must be provided to the CBB by 30th September of the relevant year.

            Added: January 2019

          • HC-6.4.24

            The responsibilities of the compliance function must be carried out under a compliance programme that sets out its planned activities, such as the implementation and review of specific policies and procedures, compliance risk assessment, compliance testing, and educating staff on compliance matters. The compliance programme must be risk based and subject to oversight by the head of compliance to ensure appropriate coverage across businesses and co-ordination among risk management functions.

            Added: January 2019

          • HC-6.4.25

            The Compliance function must on a pro-active basis, identify, measure, document and assess the compliance risks associated with the bank's business activities including the development of new products and business practices; the proposed establishment of new types of business or customer relationships, or material changes in the nature of such relationships. If the bank has a new products committee, the compliance function staff should be represented on the committee.

            Added: January 2019

          • HC-6.4.26

            While the Compliance function is responsible for oversight and compliance checks across the full spectrum of compliance risk areas, it is recognised that many areas of compliance require specialist skills which can be found in different parts of the organisation, example, the skill sets for compliance with ICAAP can be found either with financial control or with risk management, for compliance with labour laws, the specialist skills are with human resources departments etc. In such cases, the compliance function ensures that the right levels of checks and balances and compliance reporting are available to get comfort that the licensee has adhered to the relevant requirements. In certain instances, it may use external experts with the approval of the relevant authority within the bank.

            Added: January 2019

          • HC-6.4.27

            The compliance function should consider ways to measure compliance risk (e.g. by using performance indicators) and use such measurements to enhance compliance risk assessment.

            Added: January 2019

          • HC-6.4.28

            In case of new regulations, the compliance function must assess the appropriateness of the bank's compliance procedures and guidelines, promptly follow up any identified deficiencies, and, where necessary, formulate proposals for amendments.

            Added: January 2019

        • Monitoring, testing and reporting

          • HC-6.4.29

            The compliance function must monitor and test compliance by performing sufficient and representative compliance testing. The results of the compliance testing must be reported to the board or designated committee of the board.

            Added: January 2019

          • HC-6.4.30

            The compliance function must advise senior management and the designated committee of the board on all relevant laws, rules and standards, in all jurisdictions in which the bank conducts its business, and inform them on developments in the subject.

            Added: January 2019

        • Guidance and education

          • HC-6.4.31

            The compliance function must assist senior management in:

            a) Educating staff on compliance issues, and acting as a contact point within the bank for compliance queries from staff members; and
            b) Establishing written guidance to staff on the appropriate implementation of laws, rules and standards through policies and procedures and other documents such as manuals, internal codes of conduct and practice guidelines.
            Added: January 2019

        • Statutory responsibilities and liaison

          • HC-6.4.32

            The compliance function must have specific statutory responsibilities (e.g. fulfilling the role of anti-money laundering officer). It may also liaise with relevant external bodies, including regulators, standard setters and external experts.

            Added: January 2019

        • Right of access

          • HC-6.4.33

            The compliance function must have access across the entire organisation to carry out its responsibilities on its own initiative where compliance risk exists. It must, additionally, have the right to communicate with any staff member and to obtain access to any records or files necessary to conduct its responsibilities and to conduct investigations of possible breaches of the compliance policy and to request assistance from specialists within the bank (e.g. legal or internal audit) or engage outside specialists' subject to appropriate internal approval to perform this task if appropriate.

            Added: January 2019

        • Competent Resources

          • HC-6.4.34

            The compliance function must have adequate resources to carry out its functions effectively commensurate with the size and complexity of the organisation. The resources to be provided for the compliance function must be both sufficient and appropriate to ensure that compliance risk within the bank is managed effectively.

            Added: January 2019

          • HC-6.4.35

            The compliance function staff must have the necessary qualifications, experience and professional and personal qualities to enable them to carry out their specific duties. Compliance function staff must have a sound understanding of laws, rules and standards and their practical impact on the bank's operations.

            Added: January 2019

          • HC-6.4.36

            The professional skills of compliance function staff, especially with respect to keeping up-to-date with developments in compliance laws, rules and standards, must be maintained through regular and systematic education and training.

            Added: January 2019

        • Relationship with Internal Audit

          • HC-6.4.37

            The scope and breadth of the activities of the compliance function must be subject to periodic review by the internal audit function.

            Added: January 2019

          • HC-6.4.38

            Compliance risk must be included in the risk assessment methodology of the internal audit function, and an audit programme that covers the adequacy and effectiveness of the bank's compliance function should be established, including testing of controls commensurate with the perceived level of risk.

            Added: January 2019

          • HC-6.4.39

            The compliance function and the internal audit function must be separate, to ensure that the activities of the compliance function are subject to independent review. It is important, therefore, that there is a clear understanding within the bank as to how risk assessment and testing activities are divided between the two functions, and that this is documented (e.g. in the bank's compliance policy or in a related document such as a protocol). The internal audit function must, of course, keep the head of compliance informed of any audit findings relating to compliance.

            Added: January 2019

        • Cross-border Issues

          • HC-6.4.40

            Islamic bank licensees that conduct business through a branch or subsidiary in other jurisdictions must through the Group Compliance Function:

            (a) comply with local laws and regulations;
            (b) have Group Compliance policy and procedures; and
            (c) conduct annual compliance testing on overseas operations whose total revenue represents 20% or more of the Group's total revenue and on every two years' basis for other overseas operations.
            Added: January 2019

          • HC-6.4.41

            Islamic bank licensees must have procedures in place to identify and assess the possible increased reputational risk to the bank if it offers products or carries out activities in certain jurisdictions.

            Added: January 2019

          • HC-6.4.42

            Islamic bank licensees with overseas operations must establish a Group Compliance Function which must oversee the compliance activities on a group-wide basis. The Group Compliance Officer must ensure that compliance reviews and checks are carried out at branches and subsidiaries. As legal and regulatory requirements may differ from jurisdiction to jurisdiction, compliance issues specific to each jurisdiction must be coordinated within the structure of the bank's group-wide compliance policy.

            Added: January 2019

          • HC-6.4.43

            The senior management with assistance of Group Compliance Officer must ensure that adequate resources, commensurate with the scale and complexity of the operations, are assigned for compliance activities at, the head office, branches and subsidiaries.

            Added: January 2019

          • HC-6.4.44

            The Group Compliance Officer must ensure that adequate reports and information is received from overseas branches and subsidiaries on compliance related issues.

            Added: January 2019

        • Outsourcing

          • HC-6.4.45

            Compliance function or its activities must not be outsourced.

            Added: January 2019

        • Other requirements

          • HC-6.4.46

            Every application/request for approval to the CBB must be accompanied by a compliance assessment report confirming that all related requirements pertaining to the request have been thoroughly checked by the compliance function including the impact of such a request on the licensee's financial position and compliance status. In addition, reference must be made to any previously approved arrangements by the CBB.

            Added: January 2019

          • HC-6.4.47

            In cases where the requests have a potential financial impact on the licensee a report from the financial control function in consultation with external auditors must also be submitted as part of the compliance assessment report, whereas in case of any legal implication of such a request a legal opinion on the matter must be submitted.

            Added: January 2019

          • HC-6.4.48

            Where breaches or deficiencies have occurred due to failures by approved persons, the CBB may consider re-assessing the fitness and propriety of such persons.

            Added: January 2019

      • HC-6.5 HC-6.5 Internal Audit

        • Introduction

          Added: April 2018

          • HC-6.5.1

            Islamic bank licensee's must establish and implement an effective internal audit function which provides an independent and objective assurance to the board of directors and senior management on the quality and effectiveness of a bank's internal control, risk management and governance systems and processes, to protect the bank and its reputation.

            Added: April 2018

          • HC-6.5.2

            The internal audit function must develop an independent and informed view of the risks faced by the bank based on its access to all bank records and data, its enquiries, and its professional competence. The internal audit function must discuss its views, findings and conclusions directly with the audit committee and, if necessary with the board of directors at their routine quarterly meetings, thereby helping the board to oversee senior management.

            Added: April 2018

          • HC-6.5.3

            In this Section, all references to the board of directors may also be taken as referring to the bank's audit committee where the audit committee is mandated to carry out such functions on the board's behalf.

            Added: April 2018

          • HC-6.5.4

            For branches of foreign bank licensee's, and where no local board of directors exists, all references in this Module to the board of directors should be interpreted as the Head Office/ Regional Office.

            Added: April 2018

          • HC-6.5.5

            This Section applies in its entirety to all locally incorporated banks, including those within a banking group, and to holding companies whose subsidiaries are predominantly banks. While Module LR requires that all banks including branches must have an internal auditor as a controlled function in the Kingdom, only Paragraphs HC-6.5.7 to HC-6.5.23, HC-6.5.28 to HC-6.5.42 and HC-6.5.69 to HC-6.5.70 would be directly applicable to branches of foreign bank licensee's in Bahrain in terms of the internal audit function located here. Branches should ensure that equivalent arrangements are in place at the parent level for other requirements in this Section and these arrangements provide for an effective internal audit function over activities conducted under the Bahrain license.

            Added: April 2018

          • HC-6.5.6

            The extent of application of this Section must be commensurate with the significance, complexity and international presence of the bank (principle of proportionality).

            Added: April 2018

          • HC-6.5.7

            The key features for the effective operation of an internal audit function are:

            (a) Independence and objectivity;
            (b) Professional competence and due professional care; and
            (c) Professional ethics
            Added: April 2018

        • Independence and Objectivity

          • HC-6.5.8

            Islamic bank licensees internal audit function must be independent of the audited activities. This means that the internal audit is independent of all functions including compliance, risk management and financial control functions. The internal audit function must also have sufficient standing and authority within the bank and must operate according to sound principles.

            Added: April 2018

          • HC-6.5.9

            The internal audit function must report directly to the audit committee and administratively to the CEO, thereby providing a framework for internal auditors to carry out their assignments with objectivity.

            Added: April 2018

          • HC-6.5.10

            The internal audit function must be able to perform its assignments on its own initiative in all areas and functions of the bank based on the audit plan established by the head of the internal audit function and approved by the board of directors or audit committee. It must be free to report its findings and assessments internally through clear reporting lines. The head of internal audit must demonstrate appropriate leadership and have the necessary personal characteristics and professional skills to fulfill his or her responsibility for maintaining the function's independence and objectivity.

            Added: April 2018

          • HC-6.5.11

            The internal audit function must not be involved in designing, selecting, implementing or operating specific internal control measures. However, the independence of the internal audit function must not prevent senior management from requesting input from internal audit on matters related to risk and internal controls. Nevertheless, the development and implementation of internal controls must remain the responsibility of management.

            Added: April 2018

          • HC-6.5.12

            Islamic bank licensees should, whenever practicable and without jeopardising competence and expertise, periodically rotate internal audit staff within the internal audit function.

            Added: April 2018

        • Professional Competence and Due Professional Care

          • HC-6.5.13

            The head of internal audit must have the responsibility for acquiring human resources with sufficient qualifications and skills to effectively deliver on the mandate for professional competence and to audit to the required level. He/she must continually assess and monitor the skills necessary to do so. The skills required for senior internal auditors must include the abilities to judge outcomes and make an impact at the highest level of the organisation.

            Added: April 2018

          • HC-6.5.14

            For purposes of Paragraph HC-6.5.13, professional competence depends on the auditor's capacity to collect and understand information, to examine and evaluate audit evidence and to communicate with the stakeholders of the internal audit function.

            Added: April 2018

          • HC-6.5.15

            The head of internal audit must ensure that internal audit staff acquire appropriate ongoing training in order to meet the growing technical complexity of the Islamic Bank licensee's activities and the increasing diversity of tasks that need to be undertaken as a result of the introduction of new products and processes within the Islamic Bank licensee and other developments in the financial sector.

            Added: April 2018

          • HC-6.5.16

            The internal audit function collectively must be competent to examine all areas in which the bank operates. When internal audit is outsourced, the head of internal audit/coordinator must ensure that the use of those experts does not compromise the independence and objectivity of the internal audit function.

            Added: April 2018

          • HC-6.5.17

            For purposes of Paragraph HC-6.5.16, the coordinator must be an approved person within the Islamic Bank licensee.

            Added: April 2018

          • HC-6.5.18

            The head of internal audit/coordinator should ensure that, whenever practical, the relevant knowledge input from an expert is assimilated into the organisation. This may be possible by having one or more members of the bank's internal audit staff participate in the external expert's work.

            Added: April 2018

          • HC-6.5.19

            Internal auditors must apply the care and skills expected of a reasonably prudent and competent professional. Due professional care does not imply infallibility; however, internal auditors having limited competence and experience in a particular area must be appropriately supervised by more experienced internal auditors.

            Added: April 2018

        • Professional Ethics

          • HC-6.5.20

            Internal auditors must act with integrity. Integrity includes, being straightforward, honest and truthful.

            Added: April 2018

          • HC-6.5.21

            Internal auditors must respect the confidentiality of information acquired in the course of their duties. They must not use that information (particularly 'confidential information' as defined in Article 116 of the CBB Law) for personal gain or malicious action and must be diligent in the protection of information acquired.

            Added: April 2018

          • HC-6.5.22

            The head of the internal audit function and all internal auditors must avoid conflicts of interest (see Section HC-2.3). Internally recruited internal auditors must not engage in auditing activities for which they have had previous responsibility before a one year "cooling off" period has elapsed.

            Added: April 2018

          • HC-6.5.23

            Internal auditors must adhere to the code of ethics of both the bank and The Institute of Internal Auditors (see Section HC-2.2).

            Added: April 2018

        • Internal Audit Charter

          • HC-6.5.24

            All Bahraini Islamic bank licensee's must have an internal audit charter that articulates the purpose, standing and authority of the internal audit function within the bank in a manner that promotes an effective internal audit function as described in Paragraph HC-6.5.1.

            Added: April 2018

          • HC-6.5.25

            The charter must be drawn up and reviewed annually by the head of internal audit and approved by the board of directors or audit committee. It must be available to all internal stakeholders and, in certain circumstances, such as listed entities, to external stakeholders.

            Added: April 2018

          • HC-6.5.26

            At a minimum, the internal audit charter must establish:

            (a) The internal audit function's standing within the bank, its authority, its responsibilities and its relations with other control functions in a manner that promotes the effectiveness of the function as described in Paragraphs HC-6.5.1 and HC-6.5.2;
            (b) The purpose and scope of the internal audit function;
            (c) The key features of the internal audit function described in Paragraphs HC-6.5.8 to HC-6.5.23;
            (d) The obligation of the internal auditors to communicate the results of their engagements and a description of how and to whom this must be done (reporting line);
            (e) The criteria for when and how the internal audit function may outsource some of its engagements to external experts;
            (f) The terms and conditions according to which the internal audit function can be called upon to provide consulting or advisory services or to carry out other special tasks;
            (g) The responsibility and accountability of the head of internal audit;
            (h) A requirement to comply with sound internal auditing standards; and
            (i) Procedures for the coordination of the internal audit function with the external auditor.
            Added: April 2018

          • HC-6.5.27

            The charter must empower the internal audit function, whenever relevant to the performance of its assignments and discharge of its duties, to initiate direct communication with any member of staff, to examine any activity or entity of the bank, and to have full and unconditional access to any records, files, data and physical properties of the bank. This includes access to management information systems and records and the minutes of board and sub-board committee meetings and all consultative and decision-making committees.

            Added: April 2018

        • Scope of Activity

          • HC-6.5.28

            The scope of internal audit activities must include the examination and evaluation of the effectiveness of the internal control, risk management and governance systems and processes of the entire bank, including the bank's outsourced activities and its subsidiaries (including SPVs) and branches.

            Added: April 2018

          • HC-6.5.29

            The internal audit function must independently evaluate the:

            (a) Effectiveness and efficiency of internal control, risk management and governance systems and processes created by the business units and support functions in the context of both current and potential or actual emerging risks and provide assurance on these systems and processes;
            (b) Reliability, effectiveness and integrity of management information systems and processes (including relevance, accuracy, completeness, availability, confidentiality and comprehensiveness of data);
            (c) Monitoring of compliance with laws and regulations, including any requirements from the CBB; and
            (d) Safeguarding of assets.
            Added: April 2018

          • HC-6.5.30

            The head of internal audit must establish, prior to year-end an annual internal audit plan. It must be based on a robust risk assessment (including direct or indirect input from senior management and the board).

            Added: April 2018

          • HC-6.5.31

            The audit committee's approval of the audit plan also requires that an appropriate budget will be available to support the internal audit function's activities.

            Added: April 2018

          • HC-6.5.32

            The scope of the internal audit function's activities must ensure adequate coverage of matters of regulatory interest within the audit plan.

            Added: April 2018

        • Risk Management

          • HC-6.5.33

            Internal audit must include in its scope the following aspects of risk management:

            (a) The organisation and mandates of the risk management function including market, credit, liquidity, interest rate and operational risks;
            (b) Evaluation of risk appetite, escalation and reporting of issues and decisions taken by the risk management function;
            (c) The adequacy of risk management systems and processes for identifying, measuring, assessing, controlling, responding to, and reporting on all the risks resulting from the bank's activities;
            (d) The integrity of the risk management information systems, including the accuracy, reliability and completeness of the data used;
            (e) The approval and maintenance of risk models including verification of the consistency, timeliness, independence and reliability of data sources used in such models;
            (f) Information technology and information security;
            (g) The bank's system for identifying and measuring its regulatory capital and assessing the adequacy of its capital resources in relation to the bank's risk exposures and established minimum ratios; and
            (h) The review of management's process for stress testing its capital levels, taking into account the frequency of such exercises, their purpose (e.g., internal monitoring vs. regulator imposed), the reasonableness of scenarios and the underlying assumptions employed, and the reliability of the processes used.
            Added: April 2018

          • HC-6.5.34

            When the risk management function has not informed the board of directors about the existence of a significant divergence of views between senior management and the risk management function regarding the level of risk faced by the bank, the head of internal audit must inform the audit committee about this divergence.

            Added: April 2018

        • Capital Adequacy and Liquidity

          • HC-6.5.35

            The internal audit must review the bank's system for identifying and measuring its regulatory capital and assessing the adequacy of its capital resources in relation to the bank's risk exposures and established minimum ratios.

            Added: April 2018

          • HC-6.5.36

            Internal audit must review management's process for stress testing its capital levels.

            Added: April 2018

          • HC-6.5.37

            Internal audit must review the effectiveness of the bank's systems and processes for measuring and monitoring its liquidity positions in relation to its risk profile, external environment, and minimum regulatory requirements including the requirement set out in Paragraph CA-1.3.4.

            Added: April 2018

        • Regulatory and Internal Reporting

          • HC-6.5.38

            The internal audit function must regularly evaluate the effectiveness of the process by which the risk and reporting functions interact to produce timely, accurate, reliable and relevant reports for both internal management and the CBB. Such reports include, but not limited to, the PIR and public disclosure requirements included in the CBB Rulebook, Module PD.

            Added: April 2018

        • Compliance

          • HC-6.5.39

            The internal audit function must periodically review the scope of the activities of the compliance function using the risk-based approach. The audit of the compliance function must include an assessment of how effectively it fulfils its responsibilities.

            Added: April 2018

        • Finance

          • HC-6.5.40

            The internal audit function must periodically review the controls over the bank's finance function using the risk-based approach.

            Added: April 2018

          • HC-6.5.41

            The internal audit function must devote sufficient resources to evaluate the valuation control environment, availability and reliability of information or evidence used in the valuation process and the reliability of estimated fair values. This is achieved through reviewing the independent price verification processes and testing valuations of significant transactions.

            Added: April 2018

          • HC-6.5.42

            The internal audit function must, as a minimum, also include the following aspects in its scope:

            (a) The organisation and mandate of the finance function;
            (b) The adequacy and integrity of underlying financial data and finance systems and processes for completely identifying, capturing, measuring and reporting key data such as profit or loss, valuations of financial instruments and impairment allowances;
            (c) The approval and maintenance of pricing models including verification of the consistency, timeliness, independence and reliability of data sources used in such models;
            (d) Controls in place to prevent and detect trading irregularities; and
            (e) Balance sheet controls including key reconciliations performed and actions taken (e.g. adjustments).
            Added: April 2018

        • Permanency of the Internal Audit Function

          • HC-6.5.43

            The internal audit function must be structured consistent with Paragraphs HC-6.5.61 to HC-6.5.65. Senior management and the board must ensure that the internal audit function is permanent and commensurate with the size, the nature and complexity of the bank's operations.

            Added: April 2018

          • HC-6.5.44

            Where the head of internal audit function ceases to act in this capacity, the CBB will meet with him/her to discuss the reasons.

            Added: April 2018

        • Responsibilities of the Board of Directors and Senior Management

          • HC-6.5.45

            Islamic bank licensees board of directors must ensure that senior management establishes and maintains an adequate, effective and efficient internal control system (see HC-1.2.3(c)) and accordingly, the board must support the internal audit function in discharging its duties effectively.

            Added: April 2018

          • HC-6.5.46

            The board of directors must review at least annually, the effectiveness and efficiency of the internal control system based, in part, on information provided by the internal audit function (see HC-1.2.10).

            Added: April 2018

          • HC-6.5.47

            The board of directors, its audit committee and senior management must promote a strong internal control environment supported and assessed by a sound internal audit function.

            Added: April 2018

          • HC-6.5.48

            As part of their oversight responsibilities, the audit committee must review the performance of the internal audit function.

            Added: April 2018

          • HC-6.5.49

            Every five years, the audit committee must commission an independent external quality assurance review of the internal audit function.

            Added: April 2018

          • HC-6.5.50

            Senior management must inform the internal audit function of new developments, initiatives, projects, products and operational changes.

            Added: April 2018

          • HC-6.5.51

            Senior management must ensure that all internal audit findings and recommendations are resolved within six months for high risk/critical issues and 12 months for any other issues from the issue date of the subject internal audit report.

            Added: April 2018

          • HC-6.5.52

            Senior management must ensure that the head of internal audit has the necessary resources, financial and otherwise, available to carry out his or her duties commensurate with the annual internal audit plan, scope and budget approved by the audit committee.

            Added: April 2018

        • Responsibilities of the Audit Committee in relation to the Internal Audit Function

          • HC-6.5.53

            The audit committee must oversee the bank's internal audit function (see also Paragraph HC-3.2.3).

            Added: April 2018

          • HC-6.5.54

            The bank's audit committee and the internal audit function must develop and maintain their own tools to assess the quality of the internal audit function.

            Added: April 2018

          • HC-6.5.55

            The audit committee must ensure that the internal audit function is able to discharge its responsibilities in an independent manner, consistent with Paragraph HC-6.5.8. It must review and approve the audit plan, its scope, and the budget of the internal audit function. It must also review audit reports and ensure that senior management is taking necessary and timely corrective actions to address control weaknesses, compliance issues with policies, laws and regulations, and other concerns identified and reported by the internal audit function.

            Added: April 2018

        • Management of the Internal Audit Function

          • HC-6.5.56

            The head of the internal audit function must ensure that the function complies with The Institute of Internal Auditors' International Standards for the Professional Practice of Internal Auditing.

            Added: April 2018

          • HC-6.5.57

            The audit committee must ensure that the head of the internal audit function is a person of integrity. This means that he or she will be able to perform his or her work with honesty, diligence and responsibility. It also implies that this person observes the law and has not been a party to any illegal activity. The head of internal audit must also ensure that the members of internal audit staff are persons of integrity.

            Added: April 2018

        • Reporting Lines of the Internal Audit Function

          • HC-6.5.58

            The internal audit function must be accountable to the audit committee, on all matters related to the performance of its mandate as described in the internal audit charter. It must also promptly inform the CEO and other related Heads of Functions about its findings.

            Added: April 2018

          • HC-6.5.59

            The internal audit function must inform senior management of all significant findings so that timely corrective actions can be taken. Subsequently, the internal audit function must follow up with senior management on the outcome of these corrective measures. The head of the internal audit function must quarterly report to the audit committee, the status of pending findings.

            Added: April 2018

        • The Relationship between the Internal Audit, Compliance and Risk Management Functions

          • HC-6.5.60

            The relationship between a bank's business units, the support functions and the internal audit function can be explained using the three lines of defence model. The business units are the first line of defence. They undertake the management of risks within assigned limits of risk exposure and are responsible and accountable for identifying, assessing and controlling the risks of their business. The second line of defence includes the support functions, such as risk management, compliance, legal, human resources, finance, operations, and technology. Each of these functions, in close relationship with the business units, ensures that risks in the business units have been appropriately identified and managed. The business support functions work closely to help define strategy, implement bank policies and procedures, and collect information to create a bank-wide view of risks. The third line of defence is the internal audit function that independently assesses the effectiveness of the controls over the processes created in the first and second lines of defence and provides assurance on these processes. The responsibility for internal control does not transfer from one line of defence to the next line.

            Added: April 2018

        • Internal Audit within a Group or Holding Company Structure

          • HC-6.5.61

            The internal auditors who perform the internal audit work at the bank must report to the bank's audit committee, or its equivalent, and to the group or holding company's head of internal audit.

            Added: April 2018

          • HC-6.5.62

            To facilitate a consistent approach to internal audit across all the banks within a banking organisation, the board of directors of each bank within a banking group or holding company structure should ensure that either:

            (a) The bank has its own internal audit function, which should be accountable to the bank's board and should report to the banking group or holding company's head of internal audit; or
            (b) The banking group or holding company's internal audit function performs internal audit activities of sufficient scope at the bank to enable the board to satisfy its fiduciary and legal responsibilities.
            Added: April 2018

          • HC-6.5.63

            The board of directors and senior management of the parent bank in a banking group must ensure that an adequate and effective internal audit function is established across the banking organisation and must ensure that internal audit policies and practices are appropriate to the structure, business activities and risks of all of the components of the group or holding company.

            Added: April 2018

          • HC-6.5.64

            The head of internal audit at the level of the parent bank must define the group or holding company's internal audit strategy, determine the organisation of the internal audit function both at the parent and subsidiary bank levels (in consultation with these entities' respective audit committees and in accordance with local laws) and formulate the internal audit principles, which include the audit methodology and quality assurance measures.

            Added: April 2018

          • HC-6.5.65

            The group or holding company's internal audit function must determine the audit scope for the banking organisation. In doing so, it must comply with local legal and regulatory provisions and incorporate local knowledge and experience.

            Added: April 2018

        • Outsourcing of Internal Audit Activities

          • HC-6.5.66

            Regardless of whether internal audit activities are outsourced, the board of directors remains ultimately responsible for the internal audit function.

            Added: April 2018

          • HC-6.5.67

            The head of internal audit/coordinator must maintain adequate oversight and ensure that any outsourcing providers comply with the principles of the bank's internal audit charter.

            Added: April 2018

          • HC-6.5.68

            To preserve independence, the head of internal audit/coordinator must ensure that the outsourcing provider has not been previously engaged in a consulting engagement in the same area within the bank unless a one year "cooling-off" period has elapsed. Subsequently, those experts who participated in an internal audit engagement must not provide consulting services to a function of the bank they have audited within the previous 12 months. Additionally, banks must not outsource internal audit activities to their own external audit firm (see OM-3).

            Added: April 2018

        • Communication between the CBB and the Internal Audit Function

          • HC-6.5.69

            The bank's internal auditor must have formal regular communication with the CBB to (i) discuss the risk areas identified, (ii) understand the risk mitigation measures taken by the bank, and (iii) monitor the bank's response to weaknesses identified.

            Added: April 2018

          • HC-6.5.70

            At least two weeks prior to the prudential meeting date, all internal audit reports issued since the last prudential meeting must be submitted to the CBB supervisory point of contact.

            Added: April 2018

      • HC-6.6 HC-6.6 Risk Management

        • Bank-wide Risk Management Framework

          • HC-6.6.1

            Islamic bank licensees must establish a sound risk management framework commensurate with the bank's size, complexity and risk profile. A risk management framework must have the following key features:

            (a) active Board and senior management oversight;
            (b) independent risk management function;
            (c) a Board driven sound risk management culture that is established throughout the bank;
            (d) appropriate policy, procedures and limits;
            (e) comprehensive and timely identification, measurement, mitigation, controlling, monitoring and reporting of risks;
            (f) appropriate management information systems ('MIS') at a business and bank-wide level; and
            (g) comprehensive internal controls.
            Added: July 2018

          • HC-6.6.2AA

            Further to the requirement in Paragraph HC-B.1.2, branches of foreign bank licensees must demonstrate that the activities of the Bahrain branch are subject to appropriate risk management oversight commensurate with the size, complexity, nature and the risk profile of the branch.

            Added: October 2019

          • HC-6.6.2

            More specifically, the risk management framework generally encompasses the process of:

            (a) developing and implementing the enterprise-wide risk governance framework, Subject to the review and approval of the board, which includes the bank's risk culture, risk appetite and risk limits;
            (b) identifying key risks to the bank including material individual, aggregate and emerging risks;
            (c) assessing the key risks and measuring the bank's exposures to them;
            (d) ongoing monitoring and assessing of the risk taking activities, decisions and risk exposures in line with the board-approved risk strategy, risk appetite, risk limits and determining the corresponding capital or liquidity needs (i.e. capital planning) on an ongoing basis;
            (e) reporting to senior management, and the board or risk committee as appropriate, on all the items noted in this Paragraph including but not limited to proposing appropriate risk-mitigating actions;
            (f) establishing an early warning or trigger system for breaches of the bank's risk appetite or limits; and
            (g) influencing and, when necessary, challenging decisions that give rise to material risk.
            Added: July 2018

          • HC-6.6.3

            Senior management must establish a risk management process that is not limited to credit, market, rate of return risk in the banking book (RRRBB), liquidity and operational risks, but which incorporates all material risks. This includes reputational and strategic risks, as well as risks that do not appear to be significant in isolation, but when combined with other risks, could lead to material losses.

            Added: July 2018

        • Independent Risk Management Function and Chief Risk Officer

          • HC-6.6.4

            All Islamic bank licensees must establish an independent Risk Management function and appoint a head of risk management function, referred to as Chief Risk Officer ('CRO') or any equivalent title. The function must be independent of the individual business lines and report directly to the Board of Directors or its Audit or Risk Committees and administratively to the Chief Executive Officer ('CEO'). The role of the CRO must be independent and distinct from other executive functions and business line responsibilities, and there must be no 'dual hatting' (i.e. the chief operating officer, CFO, chief auditor or other senior management personnel must not also serve as the CRO).

            Added: July 2018

          • HC-6.6.5

            For branches of foreign bank licensees, and where no local board of directors exists, all references in this Module to the board of directors should be interpreted as the Head Office/ Regional Office.

            Added: July 2018

          • HC-6.6.6

            [This Paragraph was deleted in October 2019].

            Deleted: October 2019
            Added: July 2018

          • HC-6.6.7

            Branches of foreign bank licensees operating in Bahrain have the choice of having an in-house risk management function in Bahrain or to outsource such role to their regional or Head offices.

            Amended: October 2019
            Added: July 2018

          • HC-6.6.8

            The CRO should have the ability to interpret and articulate risk in a clear and understandable manner and to effectively engage the board and management in constructive dialogue on key risk issues. The CRO should also not have any management or financial responsibility in respect of any operational business lines or revenue-generating functions. Interaction between the CRO and the board should occur regularly and be documented adequately. Non-executive board members should have the right to meet regularly — in the absence of senior management — with the CRO.

            Added: July 2018

          • HC-6.6.9

            The CRO has primary responsibility for overseeing the development and implementation of the bank's risk management framework. This includes the ongoing strengthening of risk management staff skills and enhancements to risk management systems, policies, processes, quantitative models and reports as necessary to ensure that the bank's risk management capabilities are sufficiently robust and effective to fully support its strategic objectives and all of its risk-taking activities. The CRO is responsible for supporting the board and the Risk Committee, as appropriate, in its engagement with and oversight of the development of the bank's risk strategy, risk appetite statement ('RAS') and for translating the risk appetite into a risk limits structure.

            Added: July 2018

          • HC-6.6.10

            The risk management function must have access to all business lines that have the potential to generate material risk to the Islamic bank licensee as well as to relevant risk-bearing subsidiaries.

            Added: July 2018

          • HC-6.6.11

            The CRO, together with management, must be actively engaged in monitoring performance relative to risk-taking and risk limit adherence. The CRO's responsibilities also include participating in key decision-making processes (e.g. strategic planning, capital and liquidity planning, new products and services development and compensation design and operation).

            Added: July 2018

          • HC-6.6.12

            The CRO must have sufficient organisational stature, authority, seniority within the organisation and necessary skills to oversee the bank's risk management activities.

            Added: July 2018

          • HC-6.6.13

            Appointment, dismissal and other changes to the CRO position must be approved by the board or its Risk/ Audit Committee. If the CRO is removed from his or her position for any reason, this must be disclosed publicly. The bank must also discuss the reasons for such removal with the CBB. The CRO's performance, compensation and budget must be reviewed and approved by the board Remuneration Committee.

            Added: July 2018

        • Board Risk Committee

          • HC-6.6.14

            Further to HC-1.8.1, all Bahraini Islamic bank licensees must establish a board risk committee composed of at least three independent directors. Such board risk committee must be responsible for supporting the board in its oversight and decisions related to the bank's risk management framework.

            Added: July 2018

          • HC-6.6.15

            The risk committee must meet the following requirements:

            (a) must be chaired by an independent director;
            (b) include a majority of members who are independent of day to day risk taking activities;
            (c) include members who have experience in risk management issues and practices;
            (d) develop a committee charter which among other matters include its role in the discussions of risk strategies, both at an aggregated basis and by type of risk and make recommendations to the board thereon, and on the risk appetite and risk limits;
            (e) review and revise as may be required, the bank's policies from a risk management perspective, at least every three years, unless there are material changes in the relevant Rulebook requirements or to the business conducted by the bank and / or its risk profile;
            (f) review and recommend the appointment or removal of Chief Risk Officer; and
            (g) oversee that the bank has in place processes to promote the bank's adherence to the approved risk policies.
            Added: July 2018

        • Role of Board and Senior Management

          • HC-6.6.16

            The Board must define the Islamic bank licensee's risk appetite and ensure that the bank's risk management framework is aligned with the bank's strategic, capital strategies and financial plans and compensation practices and includes detailed policy that sets specific bank-wide prudential limits on the bank's activities. The bank's risk appetite must be clearly conveyed through an RAS that can be easily understood by all relevant parties, the board itself, senior management and bank employees.

            Added: July 2018

          • HC-6.6.17

            The Islamic bank licensee's RAS must:

            (a) include both quantitative and qualitative considerations;
            (b) establish the individual and aggregate level and types of risk that the bank is willing to assume in advance of and in order to achieve its business activities within its risk capacity;
            (c) define the boundaries and business considerations in accordance with which the bank is expected to operate when pursuing the business strategy; and
            (d) be communicated effectively throughout the bank, linking it to daily operational decision-making and establishing the means to raise risk issues and strategic concerns across the bank.
            Added: July 2018

          • HC-6.6.18

            Developing and conveying the bank's risk appetite is essential to reinforcing a strong risk culture. The risk governance framework should outline actions to be taken when stated risk limits are breached, including disciplinary actions for excessive risk-taking, escalation procedures and board of director notification.

            Added: July 2018

          • HC-6.6.19

            The development of an effective RAS should be driven by both top-down board leadership and bottom-up management involvement. While the definition of risk appetite may be initiated by senior management, successful implementation depends upon effective interactions between the board, senior management, risk management and operating businesses, including the chief financial officer (CFO).

            Added: July 2018

          • HC-6.6.20

            The Board must ensure that:

            (a) a sound risk management culture is established throughout the bank;
            (b) appropriate limits are established that are consistent with the bank's risk appetite, risk profile and capital strength, and that are understood by, and regularly communicated to, relevant staff;
            (c) policy and processes are developed for risk-taking, that are consistent with the Risk Management Strategy and the established risk appetite;
            (d) uncertainties attached to risk measurement are recognised; and
            (e) senior management is taking all necessary steps to monitor and control all material risks consistent with the approved strategies and risk appetite.
            Added: July 2018

          • HC-6.6.21

            The Board of Directors and senior management must possess sufficient knowledge of all major business lines to ensure that appropriate policy, controls and risk monitoring systems are implemented effectively. They must have the necessary expertise to understand the activities in which the bank is involved — such as securitisation and off-balance sheet activities — and the associated risks. The Board and senior management must remain informed, on an on-going basis, about these risks as financial markets, risk management practices and the bank's activities evolve. In addition, the Board and senior management must ensure that accountability and lines of authority are clearly delineated.

            Added: July 2018

          • HC-6.6.22

            Before embarking on new lines of business or activities, the Board and senior management must identify and review the changes in risk profile arising from these potential new activities and ensure that the infrastructure and the internal controls necessary to manage any related risks, are in place.

            Added: July 2018

          • HC-6.6.23

            Before embarking on new or complex products, senior management must identify and review the changes in risk profile arising from these potential new products and ensure that the infrastructure and internal controls necessary to manage any related risks, are in place.

            Added: July 2018

          • HC-6.6.24

            For purposes of paragraphs HC-6.6.22 and HC-6.6.23, senior management must understand the underlying assumptions regarding accounting treatment, business models, valuation and risk management practices. In addition, senior management must evaluate the potential risk exposure if those assumptions fail.

            Added: July 2018

          • HC-6.6.25

            As part of the Board members annual training program, Islamic bank licensees must include training to enable Board members to better analyse risk and question strategic decisions, policy and transactions. Banks must also provide adequate training for all staff across the business units on risk management related matters.

            Added: July 2018

        • Policy, Procedures, Limits and Controls

          • HC-6.6.26

            An Islamic bank licensee's policy and procedures must provide specific guidance for the implementation of broad risk management strategies and must establish, where appropriate, internal limits for the various types of risk to which the bank may be exposed. These limits must consider the bank's role in the financial system and be defined in relation to the bank's capital, total assets, earnings or where adequate measures exist, its overall risk level.

            Added: July 2018

          • HC-6.6.27

            An Islamic bank licensee's policy, procedures and limits must:

            (a) Provide for adequate and timely identification, measurement, monitoring, control and mitigation of all risks, including the risks posed by its lending, investing, trading, securitisation, off-balance sheet, fiduciary and other significant activities at the business line and bank-wide levels;
            (b) Ensure that the economic substance of a bank's risk exposures, including reputational risk and valuation uncertainty, are fully recognised and incorporated into the bank's risk management processes;
            (c) Be consistent with the bank's stated goals and objectives, as well as its overall financial strength;
            (d) Clearly delineate accountability and lines of authority across the bank's various business activities, and ensure there is a clear separation between business lines and the Risk Management function;
            (e) Escalate and address breaches of internal position limits;
            (f) Provide for the review of new businesses and products by bringing together all relevant risk management, control and business lines, to ensure that the bank is able to manage and control the activity, prior to it being initiated; and
            (g) Include a schedule and process for reviewing the policy, procedures and limits, and for updating them as appropriate.
            Added: July 2018

        • Monitoring and Reporting of Risk

          • HC-6.6.28

            An Islamic bank licensee's MIS must provide the Board and senior management with timely and relevant information concerning their risk profile, in a clear and concise manner. This information must include all risk exposures, including those that are off-balance sheet. Senior management must understand the assumptions behind, and limitations inherent in, specific risk measures

            Added: July 2018

          • HC-6.6.29

            Islamic bank licensees must establish appropriate risk management methodologies, tools and models and systems commensurate with the nature and complexity of their business.

            Added: July 2018

          • HC-6.6.30

            Where Islamic bank licensees use models to measure components of risk, they must establish model governance frameworks including regulatory validation and testing.

            Added: July 2018

          • HC-6.6.31

            Islamic bank licensees must have information systems that are adequate (both under normal circumstances and in periods of stress) for measuring, assessing and reporting on the size, composition and quality of exposures on a bank-wide basis across all risk types, products, countries, region, etc. and counterparties. These reports must reflect the bank's risk profile, capital and liquidity needs, and are provided on a timely basis to the bank's Board and senior management. A bank's MIS must be capable of capturing limit breaches, and there must be procedures in place to promptly report such breaches to senior management, as well as to ensure that the appropriate follow-up actions are taken.

            Added: July 2018

          • HC-6.6.32

            The CRO must consistently remind staff, through a regular process under the sponsorship of the CEO, of the risk management requirements and enhance a common understanding of these requirements across the bank in order to create a culture of risk awareness.

            Added: July 2018

        • Independent Review

          • HC-6.6.33

            Islamic bank licensees must ensure that their risk management frameworks are subject to a comprehensive independent review by a third-party consultant, other than their external auditors:

            (a) Upon first implementation of a new or revised module on specific risk management requirements;
            (b) When there are material changes to certain Rulebook requirements and the CBB requires such a review;
            (c) When there are material changes to the business conducted by the bank or its risk profile and the CBB requires such a review; or
            (d) In case of a major failure of controls or major adverse changes in relevant business environment and the CBB requires such a review.
            Amended: January 2022
            Added: July 2018

          • HC-6.6.34

            With regards to HC-6.6.33(a), the relevant modules are the following:

            (a) Module IC;
            (b) Module CA;
            (c) Module DS;
            (d) Module CM;
            (e) Module OM;
            (f) Module ST;
            (g) Module LM; and
            (h) Module RR.
            Amended: January 2022
            Added: July 2018

          • HC-6.6.35

            Resources involved in the independent third-party review must be competent and appropriately trained. The independent third party must not have been previously involved in the development, implementation and operation of the bank’s risk management framework.

            Added: January 2022

          • HC-6.6.36

            The independent review reports must be presented to the Board or a designated committee of the Board. The agreed action planning steps to remedy any material weaknesses must be documented. The independent report together with the action plan must be provided to the CBB within one month of the date of the report.

            Added: January 2022

    • HC-7 HC-7 Communication between Board and Shareholders

      • HC-7.1 HC-7.1 Principle

        • HC-7.1.1

          The Islamic bank licensee must communicate with shareholders, encourage their participation, and respect their rights.

          October 2010

      • HC-7.2 HC-7.2 Conduct of Shareholders' Meetings

        • HC-7.2.1

          The Board must observe both the letter and the intent of the Company Law's requirements for shareholder meetings. Among other things:

          (a) Notices of meetings must be honest, accurate and not misleading. They must clearly state and, where necessary, explain the nature of the business of the meeting;
          (b) Meetings must be held during normal business hours and at a place convenient for the greatest number of shareholders to attend;
          (c) Notices of meetings must encourage shareholders to attend shareholder meetings and, if not possible, to participate by proxy and must refer to procedures for appointing a proxy and for directing the proxy how to vote on a particular resolution. The proxy agreement must list the agenda items and must specify the vote (such as "yes," "no" or "abstain");
          (d) Notices must ensure that all material information and documentation is provided to shareholders on each agenda item for any shareholder meeting, including but not limited to any recommendations or dissents of directors;
          (e) The Board must propose a separate resolution at any meeting on each substantially separate issue, so that unrelated issues are not "bundled" together;
          (f) In meetings where directors are to be elected or removed the Board must ensure that each person is voted on separately, so that the shareholders can evaluate each person individually;
          (g) The chairman of the meeting must encourage questions from shareholders, including questions regarding the Islamic bank licensee's corporate governance guidelines;
          (h) The minutes of the meeting must be made available to shareholders upon their request as soon as possible but not later than 30 days after the meeting; and
          (i) Disclosure of all material facts must be made to the shareholders by the Chairman prior to any vote by the shareholders.
          Amended: April 2011
          October 2010

        • HC-7.2.2

          The Bahraini Islamic bank licensee should require all directors to attend and be available to answer questions from shareholders at any shareholder meeting and, in particular, ensure that the chairs of the audit, remuneration and nominating committees are ready to answer appropriate questions regarding matters within their committee's responsibility (it being understood that confidential and proprietary business information may be kept confidential).

          Amended: April 2016
          October 2010

        • HC-7.2.3

          The Bahraini Islamic bank licensee should require its external auditor to attend the annual shareholders' meeting and be available to answer shareholders' questions concerning the conduct and conclusions of the audit.

          Amended: April 2016
          October 2010

        • HC-7.2.3A

          Bahraini Islamic bank licensees must provide to the CBB, for its review and comment, at least 5 business days prior to communicating with the shareholders or publishing in the press, the draft agenda for any shareholders' meetings referred to in Paragraph HC-7.2.3C.

          Amended: July 2017
          April 2016

        • HC-7.2.3B

          Bahraini Islamic bank licensees must ensure that any agenda items to be discussed or presented during the course of meetings which require the CBB's prior approval, have received the necessary approval, prior to the meeting taking place.

          Added: April 2016

        • HC-7.2.3C

          The Bahraini Islamic bank licensee must invite a representative of the CBB to attend any shareholders' meetings (i.e. ordinary and extraordinary general assembly) taking place. The invitation must be provided to the CBB at least 5 business days prior to the meeting taking place.

          Added: April 2016

        • HC-7.2.3D

          Within a maximum of 15 calendar days of any shareholders' meetings referred to in Paragraph HC-7.2.3C, the Bahraini Islamic bank licensee must provide to the CBB a copy of the minutes of the meeting.

          Added: April 2016

        • HC-7.2.4

          The Islamic bank licensee should maintain a website. The Islamic bank licensee should dedicate a specific section of its website to describing shareholders' rights to participate and vote at each shareholders' meeting, and should post significant documents relating to meetings including the full text of notices and minutes. The Islamic bank licensee may also consider establishing an electronic means for shareholders' communications including appointment of proxies. For confidential information, the Islamic bank licensee should grant a controlled access to such information to its shareholders.

          Amended: April 2017
          October 2010

        • HC-7.2.5

          In notices of meetings at which directors are to be elected or removed the Islamic bank licensee should ensure that:

          (a) Where the number of candidates exceeds the number of available seats, the notice of the meeting should explain the voting method by which the successful candidates will be selected and the method to be used for counting of votes; and
          (b) The notice of the meeting should present a factual and objective view of the candidates so that shareholders may make an informed decision on any appointment to the board.
          Amended: April 2012
          October 2010

      • HC-7.3 HC-7.3 Direct Shareholder Communication

        • HC-7.3.1

          The chairman of the Board (and other directors as appropriate) must maintain continuing personal contact with controllers to solicit their views and understand their concerns. The chairman must ensure that the views of shareholders are communicated to the Board as a whole. The chairman must discuss governance and strategy with controllers. Given the importance of market monitoring to enforce the "comply or explain" approach of this Module, the Board should encourage investors, particularly institutional investors, to help in evaluating the Islamic bank licensee's corporate governance (see also HC-1.2 and 1.3 for other duties of the Chairman).

          October 2010

      • HC-7.4 HC-7.4 Controllers

        • HC-7.4.1

          In Islamic bank licensees with one or more controllers, the chairman and other directors must actively encourage the controllers to make a considered use of their position and to fully respect the rights of minority shareholders (see also HC-1.2 and 1.3 for other duties of the Chairman).

          October 2010

    • HC-8 HC-8 Corporate Governance Disclosure

      • HC-8.1 HC-8.1 Principle

        • HC-8.1.1

          The Islamic bank licensee must disclose its corporate governance.

          October 2010

      • HC-8.2 HC-8.2 Disclosure Under the Company Law and CBB Requirements

        • HC-8.2.1

          In each Islamic bank licensee:

          (a) The Board must adopt written corporate governance guidelines covering the matters stated in this Module and Module PD and other corporate governance matters deemed appropriate by the Board. Such guidelines must include or refer to the principles and rules of Module HC;
          (b) The Islamic bank licensee must publish the guidelines on its website;
          (c) At each annual shareholders' meeting the Board must report on the Islamic bank licensee's compliance with its guidelines and Module HC, and explain the extent if any to which it has varied them or believes that any variance or noncompliance was justified; and
          (d) At each annual shareholders' meeting the Board must also report on further items listed in Module PD. Such information should be maintained on the Islamic bank licensee's website or held at the Islamic bank licensee's premises on behalf of the shareholders.
          Amended: April 2017
          October 2010

        • HC-8.2.2

          The CBB may issue a template as a guide for an Islamic bank licensee's annual meeting corporate governance discussion.

          October 2010

        • Board's Responsibility for Disclosure

          • HC-8.2.3

            The Board must oversee the process of disclosure and communications with internal and external stakeholders. The Board must ensure that disclosures made by the bank are fair, transparent, comprehensive and timely and reflect the character of the bank and the nature, complexity and risks inherent in the bank's business activities. Disclosure policies must be reviewed for compliance with the Central Bank's disclosure requirements (see Chapter PD-1).

            October 2010

    • HC-9 HC-9 The Principles of Islamic Shari'a

      • HC-9.1 HC-9.1 Principle

        • HC-9.1.1

          Banks which refer to themselves as "Islamic" must follow the principles of Islamic Shari'a.

          October 2010

      • HC-9.2 HC-9.2 Governance and Disclosure Per Shari'a Principles

        • HC-9.2.1

          Islamic bank licensees which are guided by the principles of Islamic Shari'a have additional responsibilities to their stakeholders. Islamic bank licensees which refer to themselves as "Islamic" are subject to additional governance requirements and disclosures to provide assurance to stakeholders that they are following Shari'a Principles. In ensuring compliance with Shari'a principles, each Islamic bank licensee must establish an independent Shari'a Supervisory Board consisting of at least three Shari'a scholars and complying with AAOIFI's Governance Standards for Islamic Financial Institutions No.1 and No.2.

          October 2010

        • HC-9.2.2

          The Board shall set up a Corporate Governance Committee (see also Chapter HC-8). In this case, the Committee shall comprise at least three members to co-ordinate and integrate the implementation of the governance policy framework.

          October 2010

        • HC-9.2.3

          In addition to its duties outlined in Chapter HC-3 and Appendix A, the Audit Committee shall communicate and co-ordinate with the Islamic bank licensee's Corporate Governance Committee and the Shari'a Supervisory Board ("SSB") (where applicable) to ensure that information on compliance with Islamic Shari'a rules and principles is reported in a timely manner.

          October 2010

        • HC-9.2.4

          The Corporate Governance Committee established under Chapter HC-9 shall comprise at a minimum of:

          (a) An independent director to chair the Corporate Governance Committee. The Chairman of the Corporate Governance Committee should not only possess the relevant skills, such as the ability to read and understand financial statements, but should also be able to coordinate and link the complementary roles and functions of the Corporate Governance Committee and the Audit Committee;
          (b) A Shari'a scholar who is an SSB member for the purpose of leading the Corporate Governance Committee on Shari'a-related governance issues (if any), and also to coordinate and link the complementary roles and functions of the Corporate Governance Committee and the SSB; and
          (c) An independent director who can offer different skills to the committee, such as legal expertise and business proficiency, which are considered particularly relevant by the Board of directors for cultivating a good corporate governance culture, and deemed "fit and proper" by the CBB.
          October 2010

        • HC-9.2.5

          The Corporate Governance Committee shall be empowered to:

          (a) Oversee and monitor the implementation of the governance policy framework by working together with the management, the Audit Committee and the SSB; and
          (b) Provide the Board of directors with reports and recommendations based on its findings in the exercise of its functions.
          October 2010

        • HC-9.2.6

          All Islamic Bank Licensees must comply with all AAOIFI issued accounting standards as well as applicable Shari'a pronouncements issued by the Shari'a Board of AAOIFI. The Islamic Bank Licensee must have a separate function of Shari'a review to verify compliance with the above. The internal Shari'a review must be carried out in accordance with AAOIFI governance standard No.3. The Shari'a review function may be located in the Internal audit function of the Islamic Bank Licensee.

          October 2010

    • Appendix A Appendix A Audit Committee

      • Committee Duties

        The Committee's duties shall include those stated in Paragraph HC-3.2.1.

        October 2010

      • Committee Membership and Qualifications

        The Committee shall have at least three members. Such members must have no conflict of interest with any other duties they have for the Islamic bank licensee.

        A majority of the members of the committee including the Chairman shall be independent directors.

        The CEO must not be a member of this committee.

        The committee members must have sufficient technical expertise to enable the committee to perform its functions effectively. Technical expertise means that members must have recent and relevant financial ability and experience, which includes:

        (a) An ability to read and understand corporate financial statements including an Islamic bank licensee's balance sheet, income statement and cash flow statement and changes in shareholders' equity;
        (b) An understanding of the accounting principles which are applicable to the Islamic bank licensee's financial statements;
        (c) Experience in evaluating financial statements that have a level of accounting complexity comparable to that which can be expected in the Islamic bank licensee's business;
        (d) An understanding of internal controls and procedures for financial reporting; and
        (e) An understanding of the audit committee's controls and procedures for financial reporting.
        Amended: January 2012
        Amended: April 2011
        October 2010

      • Committee Duties and Responsibilities

        In serving those duties, the Committee shall:

        (a) Be responsible for the selection, appointment, remuneration, oversight and termination where appropriate of the external auditor, subject to ratification by the Islamic bank licensee's Board and shareholders. The external auditor shall report directly to the committee;
        (b) Make a determination at least once each year of the external auditor's independence, including:
        (i) Determining whether its performance of any non-audit services compromised its independence (the committee may establish a formal policy specifying the types of non-audit services which are permissible) and;
        (ii) Obtaining from the external auditor a written report listing any relationships between the external auditor and the Islamic bank licensee or with any other person or entity that may compromise the auditor's independence;
        (c) Review and discuss with the external auditor the scope and results of its audit, any difficulties the auditor encountered including any restrictions on its access to requested information and any disagreements or difficulties encountered with management;
        (d) Review and discuss with management and the external auditor each annual and each quarterly financial statements of the Islamic bank licensee including judgments made in connection with the financial statements;
        (e) Review and discuss and make recommendations regarding the selection, appointment and termination where appropriate of the head of internal audit and head of compliance and the budget allocated to the internal audit and compliance function, and monitor the responsiveness of management to the committee's recommendations and findings;
        (f) Review and discuss the activities, performance and adequacy of the Islamic bank licensee's internal auditing and compliance personnel and procedures and its internal controls and compliance procedures, risk management systems, and any changes in those;
        (g) Oversee the Islamic bank licensee's compliance with legal and regulatory requirements, codes and business practices, and ensure that the bank communicates with shareholders and relevant stakeholders (internal and external) openly and promptly, and with substance of compliance prevailing over form; and
        (h) Review and discuss possible improprieties in financial reporting or other matters, and ensure that arrangements are in place for independent investigation and follow-up regarding such matters;
        (i) The committee must monitor rotation arrangements for audit engagement partners. The audit committee must monitor the performance of the external auditor and the non-audit services provided by the external auditor; and
        (j) The review and supervision of the implementation of, enforcement of and adherence to the bank's code of conduct.
        Amended: October 2012
        Amended: April 2012
        Amended: April 2011
        October 2010

      • Committee Structure and Operations

        The committee shall elect one member as its chair.

        The committee shall meet at least four times a year. Its meetings may be scheduled in conjunction with regularly-scheduled meetings of the entire Board.

        The committee may meet without any other director or any officer of the Islamic bank licensee present. Only the committee may decide if a non-member of the committee should attend a particular meeting or a particular agenda item. Non-members who are not directors of the Islamic bank licensee may attend to provide their expertise, but may not vote. It is expected that the external auditor's lead representative will be invited to attend regularly but that this shall always be subject to the committee's decision.

        The committee must meet with the external auditor at least twice per year, and at least once per year in the absence of any members of executive management.

        The committee shall report regularly to the full Board on its activities.

        October 2010

      • Committee Resources and Authority

        The committee shall have the resources and authority necessary for its duties and responsibilities, including the authority to select, retain, terminate and approve the fees of outside legal, accounting or other advisors as it deems necessary or appropriate, without seeking the approval of the Board or management. The Islamic bank licensee shall provide appropriate funding for the compensation of any such persons.

        October 2010

      • Committee Performance Evaluation

        The committee shall prepare and review with the Board an annual performance evaluation of the committee, which shall compare the committee's performance with the above requirements and shall recommend to the Board any improvements deemed necessary or desirable to the committee's charter. The report must be in the form of a written report provided at any regularly scheduled Board meeting.

        Amended: July 2012
        Amended: April 2012
        October 2010

    • Appendix B Appendix B Nominating Committee

      • Committee Duties

        The committee's duties shall include those stated in Paragraph HC-4.2.1.

        October 2010

      • Committee Duties and Responsibilities

        In serving those duties with respect to Board membership:

        (a) The committee shall make recommendations to the Board from time to time as to changes the committee believes to be desirable to the size of the Board or any committee of the Board;
        (b) Whenever a vacancy arises (including a vacancy resulting from an increase in Board size), the committee shall recommend to the Board a person to fill the vacancy either through appointment by the Board or through shareholder election;
        (c) In performing the above responsibilities, the committee shall consider any criteria approved by the Board and such other factors as it deems appropriate. These may include judgment, specific skills, experience with other comparable businesses, the relation of a candidate's experience with that of other Board members, and other factors;
        (d) The committee shall also consider all candidates for Board membership recommended by the shareholders and any candidates proposed by management;
        (e) The committee shall identify Board members qualified to fill vacancies on any committee of the Board and recommend to the Board that such person appoint the identified person(s) to such committee; and
        (f) Assuring that plans are in place for orderly succession of senior management.

        In serving those purposes with respect to officers the committee shall:

        (a) Make recommendations to the Board from time to time as to changes the committee believes to be desirable in the structure and job descriptions of the officers including the CEO, and prepare terms of reference for each vacancy stating the job responsibilities, qualifications needed and other relevant matters including integrity, technical and managerial competence, and experience;
        (b) Overseeing succession planning and replacing key executives when necessary, and ensuring appropriate resources are available, and minimising reliance on key individuals;
        (c) Design a plan for succession and replacement of officers including replacement in the event of an emergency or other unforeseeable vacancy; and
        (d) If charged with responsibility with respect to Islamic bank licensee's corporate governance guidelines, the committee shall develop and recommend to the Board corporate governance guidelines, and review those guidelines at least once a year.
        Amended: April 2011
        October 2010

      • Committee Structure and Operations

        The committee shall elect one member as its chair.

        The committee shall meet at least twice a year. Its meetings may be scheduled in conjunction with regularly-scheduled meetings of the entire Board.

        October 2010

      • Committee Resources and Authority

        The committee shall have the resources and authority necessary for its duties and responsibilities, including the authority to select, retain, terminate and approve the fees of outside legal, consulting or search firms used to identify candidates, without seeking the approval of the Board or management. The Islamic bank licensee shall provide appropriate funding for the compensation of any such persons.

        October 2010

      • Performance Evaluation

        The committee shall preview and review with the Board an annual performance evaluation of the committee, which shall compare the committee's performance with the above requirements and shall recommend to the Board any improvements deemed necessary or desirable to the committee's charter. The report must be in the form of a written report provided at any regularly scheduled Board meeting.

        Amended: July 2012
        Amended: April 2012
        October 2010

    • Appendix C Appendix C Remuneration Committee

      • Committee Duties

        The committee's duties shall include those stated in Paragraph HC-5.2.1.

        Amended: January 2011
        October 2010

      • Committee Duties and Responsibilities

        In serving those duties the committee shall consider, and make specific recommendations to the Board on, both remuneration policy and individual remuneration packages for the approved persons and other material risk-takers as well as the total variable remuneration to be distributed. This remuneration policy should cover at least:

        (a) The following components:
        (i) Salary;
        (ii) The specific terms of performance-related plans including any stock compensation, stock options, or other deferred-benefit compensation;
        (iii) Pension plans;
        (iv) Fringe benefits such as non-salary perks; and
        (v) Termination policies including any severance payment policies; and
        (b) Policy guidelines to be used for determining remuneration in individual cases, including on:
        (i) The relative importance of each component noted in a) above;
        (ii) Specific criteria to be used in evaluating a senior manager's performance.

        The committee shall evaluate the approved persons and material risk-takers' performance in light of the bank's corporate goals, agreed strategy, objectives and business plans and may consider the Islamic bank licensee's performance and shareholder return relative to comparable Islamic bank licensees, the value of awards to CEOs at comparable Islamic bank licensees, and awards to the CEO in past years.

        The committee should also be responsible for retaining and overseeing outside consultants or firms for the purpose of determining approved persons and material risk-takers' remuneration, administering remuneration plans, or related matters.

        Amended: January 2014
        Amended: April 2011
        October 2010

      • Committee Structure and Operations

        The committee shall elect one member as its chair.

        The committee shall meet at least twice a year. Its meetings may be scheduled in conjunction with regularly-scheduled meetings of the entire Board.

        October 2010

      • Committee Resources and Authority

        The committee shall have the resources and authority necessary for its duties and responsibilities, including the authority to select, retain, terminate and approve the fees of outside legal, consulting or compensation firms used to evaluate the compensation of directors, the CEO or other approved persons, without seeking the approval of the Board or management. The Islamic bank licensee shall provide appropriate funding for the compensation of any such persons.

        October 2010

      • Performance Evaluation

        The committee shall preview and review with the Board an annual performance evaluation of the committee, which shall compare the committee's performance with the above requirements and shall recommend to the Board any improvements deemed necessary or desirable to the committee's charter. The report must be in the form of a written report provided at any regularly scheduled Board meeting.

        Amended: July 2012
        Amended: April 2012
        October 2010