Back Custom print Link Text Only Rich Text Print

  • DA-1.1 DA-1.1 Oversight and Internal Controls

    • Board and Senior Management Involvement

      • DA-1.1.1

        Board and senior management of the licensees providing digital financial advice must maintain effective oversight and governance of the digital financial advice process and the client-facing tool. The board and senior management must establish sound policies, procedures, systems, methodologies and tools in relation to the provision of digital financial advice. Such policies must be comprehensive and cover the following:

        (a) System design and system design documentation;
        (b) Construction of the algorithms, changes and their maintenance;
        (c) Suspension of the use of digital financial advice tool should there be errors;
        (d) Security and access controls;
        (e) Updating input parameters on a timely basis, for example, factors such as market changes or changes in law;
        (f) End to end processes for the advisory service using the digital financial advice tool;
        (g) Oversight over the management of the client-facing tool; and
        (h) Documentation of test strategy explaining scope of testing the algorithms.
        Added: April 2019

    • Internal Controls and Risks

      • DA-1.1.2

        Licensees must establish adequate internal controls to safeguard their clients from unsuitable advice and effectively manage the operational and other relevant risks arising therefrom.

        Added: April 2019

      • DA-1.1.3

        Licensees must ensure that there are documented measures to protect confidentiality of client data consistent with Law No. 30 of 2018, Personal Data Protection Law (PDPL) issued on 12 July 2018.

        Added: April 2019

      • DA-1.1.4

        Licensees providing digital financial advice must ensure that their overall control framework and the algorithm functionality is evaluated and independently tested by an independent external consultant other than the external auditor:

        a) initially upon implementation of this Module and prior to launching the digital financial advice to clients;
        b) when there are any material changes to the systems and controls; and
        c) at least once every 3 years.
        Added: April 2019

      • DA-1.1.5

        The evaluation requirements referred to in Paragraph DA-1.1.4 should cover at a minimum:

        a) the internal control infrastructure, given the nature, scope and complexity of the digital financial advice business operation;
        b) the appropriateness of third-party systems or tools used;
        c) validation of the underlying models;
        d) the algorithm's functionality;
        e) the cyber security policies and controls;
        f) the completeness and accuracy of client profiling process including the relevant KYC requirements;
        g) controls on client data protection and confidentiality.
        Added: April 2019

      • DA-1.1.6

        Licensees must ensure that reports of the evaluation referred to in paragraph DA-1.1.4 is provided to the CBB within 2 weeks of completion of the reports, provided however, that the report required under DA-1.1.4 (a) should be submitted for the CBB's review and no-objection prior to launching the digital financial advice to clients.

        Added: April 2019

      • DA-1.1.7

        Licensees must ensure that the requirements relating to enhanced due diligence as required under Module FC are met when the client is assessed as higher risk and also where the client relationship (whether at the time of on-boarding or otherwise) is on a non-face-to-face basis.

        Added: April 2019

      • DA-1.1.8

        Licensees offering digital financial advice involving overseas funds must ensure that they comply with the requirements for obtaining authorization, registration and/ or acknowledgement of filing from the CBB under Module ARR of the CBB Rulebook 7: Collective Investment Undertakings).

        Added: April 2019