Back Custom print Link Text Only Rich Text Print

  • CRA-4.1 CRA-4.1 General Obligations

    • CRA-4.1.1

      In the course of undertaking regulated crypto-asset services, a licensee must:

      (a) Ensure that the regulated activities are undertaken in a fair, orderly and transparent manner;
      (b) Manage any risks associated with its business and operations prudently;
      (c) Not act contrary to the interests of its clients and its investors;
      (d) Maintain proper arrangements to enforce compliance with the CBB Law, Rules and Regulations and develop, implement and adhere to a “crypto-asset compliance policy”, tailored to meet specific crypto-asset services requirements. The crypto asset compliance policy must reflect a clear comprehension and understanding of compliance responsibilities with respect to crypto-assets;
      (e) Act with due skill, care and diligence in all dealings with clients;
      (f) Identify clients' specific requirements in relation to the services about which they are enquiring;
      (g) Provide sufficient information to enable clients to make informed decisions when purchasing services offered to them;
      (h) Provide sufficient and timely documentation to clients to confirm that their transaction arrangements are in place and provide all necessary information about their rights and responsibilities;
      (i) Maintain fair treatment of clients through the lifetime of the client relationships, and ensure that clients are kept informed of important events and are not mislead;
      (j) Ensure complaints from clients are dealt with fairly and promptly;
      (k) Take appropriate measures to safeguard any money and crypto-assets handled on behalf of clients and maintain confidentiality of client information;
      (l) Use or arrange to use a well-designed Business Continuity Plan and Disaster Recovery Plan;
      (m) Ensure that all its employees or representatives are provided with the required education, qualifications and experience and they fully understand the Rules and regulations of the CBB;
      (n) Ensure that there are sufficient and appropriate records, books and systems in place to record all transactions and maintain an audit trail;
      (o) Have an operating manual and internal policies;
      (p) Provide to the CBB, for its review and comment, the draft agenda at least 5 business days prior to, the shareholders' meetings (i.e. ordinary and extraordinary general assembly);
      (q) Ensure that any agenda items to be discussed or presented during the course of meetings which requires the CBB's prior approval, have received the necessary approval, prior to the meeting taking place;
      (r) Invite a representative of the CBB to attend any shareholders' meeting that will take place. The invitation must be provided to the CBB at least 5 business days prior to the meeting taking place; and
      (s) Within one month of any shareholders' meetings referred to in Paragraph CRA-4.1.1(p), provide to the CBB a copy of the minutes of the meeting.
      (t) [This Subparagraph was deleted in April 2023].
      Amended: April 2023
      Amended: January 2020
      Added: April 2019

    • CRA-4.1.1A

      Licensees must ensure that all regulated financial services are provided without any discrimination based on gender, nationality, origin, language, faith, religion, physical ability or social standing.

      Added: October 2020

    • CRA-4.1.2

      A licensee must establish and document keyman risk management measures that include arrangements in place should individuals holding encryption keys or passcodes to stored assets, including wallets, or information be unavailable unexpectedly due to death, disability or other unforeseen circumstances.

      Amended: April 2023
      Added: April 2019

    • CRA-4.1.3

      A licensee must ensure that it maintains no encrypted accounts that cannot be retrieved in the future for any reason. It must also advise its clients who maintain wallets with firms outside Bahrain (i.e. not CBB licensees) and not licensed by the CBB about any associated risks.

      Amended: April 2023
      Added: April 2019

    • CRA-4.1.4

      Licensees must use appropriate technology and wherever appropriate third-party services to identify the situations referred to below, and other additional mitigating or preventive actions as necessary to mitigate the money laundering and terror financing risks involved. The situations include amongst others:

      (a) The use of proxies, any unverifiable or high-risk IP geographical locations, disposable email addresses or mobile numbers, or frequently changing the devices used to conduct transactions; and
      (b) Transactions involving tainted wallet addresses such as “darknet” marketplace transactions and those involving tumblers.
      Added: April 2023

    • CRA-4.1.5

      Licensees must establish and maintain adequate and effective systems and processes, including suspicious transaction indicators to monitor transactions with a client or counterparty involving crypto- assets and conduct appropriate enquiry and evaluation of potentially suspicious transactions identified. In particular:

      (a) Identify transactions with wallet addresses or their equivalent which are compromised or tainted; and
      (b) Employ technology solutions which enable the tracking of crypto-assets through multiple transactions to more accurately identify the source and destination of these crypto- assets.
      Added: April 2023

    • CRA-4.1.6

      For the purposes of CRA-4.1.5(a), a wallet address is compromised or tainted where there is reasonable suspicion that it is used for the purpose of conducting fraud, identity theft, extorting ransom or any other criminal activity.

      Added: April 2023

    • Suitability and Appropriateness Assessment for Retail Clients

      • CRA-4.1.7

        Licensees, prior to offering portfolio management service, investment advice or complex products such as but not limited to derivative products, margin or leverage products or products with features that may make it difficult for a retail investor to understand the essential characteristics of the product and its risks (including the pay-out structure and how the product may perform in different market and economic conditions), must undertake a suitability and appropriateness assessment for retail clients (investors other than accredited investors) to determine the suitability and appropriateness of crypto-assets products and services for retail clients. Licensees must gather sufficient information from every retail client to be in a position to decide whether the crypto-asset product and/or services are suitable and appropriate for the client.

        Added: April 2023

      • CRA-4.1.8

        Licensees may seek the following information for the purposes of suitability and appropriateness assessment:

        (a) Client’s knowledge and experience:
        (i) the types of investment services and transaction which the client is familiar with;
        (ii) the nature, volume and frequency of the client’s transactions with trading and investments; and
        (iii) the level of education, profession or (if relevant) former profession of the client.
        (b) Client’s financial situation:
        (i) the source and extent of the client’s regular income;
        (ii) the client’s assets, including liquid assets, investments and real property;
        (iii) the client’s regular financial commitments;
        (iv) the ability to bear losses.
        (c) Client’s investment objective:
        (i) the client’s investment horizon;
        (ii) the client’s risk preferences, risk profile and risk tolerance; and
        (iii) the purposes of the investment.
        Added: April 2023

    • Transaction with Unknown Counterparties

      • CRA-4.1.9

        A licensee should take reasonable measures to avoid transactions with another crypto-asset entity, infrastructure or service provider where the counterparty is unknown or anonymous (e.g., via certain peer to peer or decentralised exchanges) at any stage of its business process.

        Added: April 2023

      • CRA-4.1.10

        In accordance with the reporting requirements under Section 8.1, specifically SIO-8.1.1 and SIO-8.1.7, of the Stablecoin Issuance and Offering (SIO) Module, licensees providing services in approved stablecoins to their clients must provide necessary information as required under SIO-8.1.1 to the stablecoin issuer. The information must be calculated as this information stands on the following reporting reference dates: 31stMarch, 30thJune, 30thSeptember and 31stDecember and the report must be submitted to the stablecoin issuer no later than 7 days from the end of the respective reporting period. The value of the transactions referred to in Paragraph SIO- 8.1.1(c) and (d) must be reported in Bahraini Dinar by using the relevant exchange rate applicable at the end of each calendar day during the applicable reporting period.

        Added: July 2025