HC High-Level Controls
HC-A Introduction
HC-A.1 Executive Summary
Purpose
HC-A.1.1
The purpose of this Module is to:
(a) Explicitly reinforce the collective oversight and risk governance responsibilities of the board;(b) Emphasise key components of risk governance such as risk culture, risk appetite and their relationship to alicensee’s risk capacity;(c) Delineate the specific roles of the board, board committees, senior management, chief financial officer, internal auditor, chief risk officer and head of compliance; and(d) Strengthenlicensees’ overall checks and balances.Added: July 2023HC-A.1.2
All references in this Module to ‘he’ or ‘his’ shall, unless the context otherwise requires, be construed as also being references to ‘she’ and ‘her’.
Added: July 2023Legal Basis
HC-A.1.3
This Module contains the CBB’s Directive (as amended from time to time) relating to high-level controls and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 (‛CBB Law’). The Directive in this Module is applicable to
licensees (including theirapproved persons ).Added: July 2023HC-A.1.4
All Rulebook content that is categorised as a Rule must be complied with by those to whom the content is addressed. Other parts of this Module are Guidance paragraphs which are considered best market practices and
licensees are encouraged to implement the same.Added: July 2023Effective Date
HC-A.1.5
The new requirements in this amended Module are effective from January 2024 on which date the existing Module HC will become redundant, and any exemptions allowed under the existing Module will be subject to grandfathering requirements unless the relevant requirement has undergone change within this amended Module.
Added: July 2023HC-A.2 Module History
HC-A.2.1
This Module was first issued in July 2007. Following the issuance of the Corporate Governance Code by the Ministry of Industry and Commerce in March 2010, the Module was amended in January 2011 to be in line with the new Code and to include previous requirements that were in place in the originally issued Module HC. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG-3 provides further details on Rulebook maintenance and version control.
Added: July 2023HC-A.2.2
A list of recent changes made to this Module is detailed in the table below:
Module Ref. Change Date Description of Changes Full Module HC 07/2023 New restructured HC Module supersedes the previous version. HC-A.2.3
Guidance on the implementation and transition to Volume 4 (Investment Business) is given in Module ES (Executive Summary).
Added: July 2023HC-B Scope of Application
HC-B.1 Scope of Application
HC-B.1.1
The contents of this Module, unless otherwise stated, apply to Category 1, Category 2 and Category 3
investment firm licensees . The requirements in this Module must, however, be treated as guidance for Category 3investment firm licensees , except for Paragraphs HC-1.1.3, HC-2.2.3, HC-2.3.3, HC-3.1.6, HC-7.1.1, HC-8.1.1, HC-9.1.1 and HC-9.1.2, which must be treated as Rules.Added: July 2023HC-B.1.2
The implementation of the rules in this Module should be commensurate with the size, complexity, structure, economic significance, risk profile and business model of the
licensee and the group to which it belongs, if any. In cases of certainlicensees (e.g. overseasinvestment firm licensees , smaller and limited scope firms where CBB assesses that certain specific rules in this Module are less relevant or too cumbersome to apply, it will be willing to consider alternative governance arrangement.Added: July 2023HC-B.1.3
For
overseas investment firm licensees , all references in this Module to the board of directors or a board sub-committee should be interpreted as references to the Head Office (HO), Regional Office (RO) or the relevant function(s) at HO or RO (as applicable).Added: July 2023HC-B.1.4
Overseas investment firm licensees should satisfy the CBB that equivalent or similar arrangements are in place at either the branch or theparent entity level, and that such arrangements provide for effective high-level controls over activities conducted by the branch, commensurate with the size, complexity, nature and the risk profile of the branch. If the branch is unable to satisfy the CBB that the governance arrangements are equivalent, the CBB will assess the potential impact of risks and require that thelicensee satisfy that compensating alternative arrangements are in place to address any risks relevant to the Bahrain operations.Added: July 2023HC-B.2 Subsidiaries and overseas Branches of Bahraini Investment Firm Licensees
HC-B.2.1
Licensees must ensure that, as a minimum, the same or equivalent provisions of this Module apply to their subsidiaries and overseas branches. In instances where local jurisdictional requirements are more stringent than those applicable in this Module, the local requirements are to be applied.Added: July 2023HC-B.2.2
Where a
licensee is unable to satisfy the CBB that itssubsidiaries and overseas branches are subject to the same or equivalent arrangements, the CBB will assess the potential impact of risks to thelicensee arising from inadequate high-level controls. In such instances, the CBB may impose certain restrictions on thelicensee . Where weaknesses in controls are assessed by the CBB to pose a major threat to the financial soundness of thelicensee and/or the financial stability in the Kingdom, then its license may be called into question.Added: July 2023HC-1 Board’s Overall Responsibilities
HC-1.1 Responsibilities of the Board
HC-1.1.1
The board of directors (“Board”) of the
licensee must:(a) Set the “tone at the top” and play a leading role in establishing thelicensee’s corporate culture and values, and oversee management’s role in fostering and maintaining a sound corporate and risk culture;(b) Ensure that no individual or group of directors dominates the Board’s decision-making and no individual or group has unfettered powers of decision;(c) Approve and oversee the development of thelicensee’s strategy, business plans and budget, and monitor their implementation;(d) Actively engage in the affairs of thelicensee , keep up with material changes in thelicensee’s business and the external environment and act in a timely manner to protect the long-term interests of thelicensee ;(e) Convene and prepare the agenda for shareholder meetings;(f) Approve, and oversee the implementation of, thelicensee’s governance framework, risk management framework and all policies, and review the relevant parts of these as well as review key controls in case a new business activity is considered, or in case of material changes to thelicensee’s size, complexity, business strategy, markets or regulatory requirements, or the occurrence of a major failure of controls;(g) Establish, along with senior management and the chief risk officer, thelicensee’s risk appetite, considering thelicensee’s strategy, competitive and regulatory landscape, thelicensee’s long-term interests, risk exposure and ability to manage risk effectively, and oversee thelicensee’s adherence to the risk appetite statement, risk policy and risk limits;(h) Ensure that:i. Adequate systems, controls, processes and procedures are implemented by senior management in line with the Board approved policies;ii. Thelicensee has adequate processes to ensure full compliance with the requirements of the CBB Law, other relevant laws and the pertinent rulebooks;iii. Thelicensee has a robust finance function responsible for accounting and financial data;iv. The risk management, compliance and internal audit functions are properly positioned, staffed and resourced and carry out their responsibilities independently, objectively and effectively; andv. Senior management maintains an effective and transparent relationship with the CBB;(i) Approve the annual financial statements and, where applicable, the interim financial statements;(j) At minimum, approve the selection and oversee the performance of the chief executive officer (CEO), chief financial officer and heads of the risk management, compliance and internal audit functions;(k) Actively oversee the remuneration system’s design and operation forapproved person s and monitor and review executive compensation and assess whether it is aligned with thelicensee’s remuneration policy, risk culture and risk appetite; and(l) Consider the legitimate interests of shareholders and other relevant stakeholders in their decision-making process.Added: July 2023HC-1.1.2
The Board may, where appropriate, delegate some of its functions, but not its responsibilities, to the Board committees.
Added: July 2023HC-1.1.3
The members of the Board must exercise their fiduciary and other duties of care, candor and loyalty to the
licensee in accordance with local laws and regulations.Added: July 2023HC-1.1.4
Each director must:
(a) Understand the Board’s role and responsibilities pursuant to the CBB Rulebook, the Commercial Companies Law and any other laws or regulations that may govern their responsibilities from time to time;(b) Consider themselves as representing all shareholders and must act accordingly; and(c) Ensure that they receive adequate and timely information before each meeting and must study it carefully.Added: July 2023HC-1.2 Corporate Culture and Values
HC-1.2.1
In order to promote a sound corporate culture, the Board must:
(a) Approve an appropriate code of conduct/ ethics that must outline the acceptable practices that all Board members, senior management and other staff must follow in performing their duties, and the unacceptable practices/ conduct that must be avoided;(b) Set and adhere to corporate values that create expectations that the business must be conducted in a legal, professional and ethical manner, and oversee the adherence to such values by Board members, senior management and other employees;(c) Promote risk awareness within a strong risk culture, convey the Board’s expectation that it does not support risk-taking beyond the risk appetite and risk limits set by the Board, and that all employees are responsible for ensuring that thelicensee operates within the established risk appetite and risk limits;(d) Ensure that the corporate values, professional standards and codes of conduct it sets, together with supporting policies, are adequately communicated throughout thelicensee ; and(e) Ensure that all directors, senior management and other staff are aware that appropriate disciplinary or other actions will follow unacceptable behaviour, practices and transgressions.Added: July 2023HC-1.2.2
Employees must be encouraged and be able to communicate, confidentially and without the risk of reprisal, legitimate concerns about illegal, unethical or questionable practices. This must be facilitated through a well communicated and Board approved whistleblowing policy and adequate procedures and processes, consistent with applicable laws. This includes the escalation of material concerns to the CBB.
Added: July 2023HC-1.2.3
The Board of the
investment firm licensees must:(a) Have oversight of the whistleblowing policy mechanism and ensure that senior management addresses legitimate issues that are raised;(b) Take responsibility for ensuring that staff who raise concerns are protected from detrimental treatment or reprisals, and that their rights are not undermined;(c) Approve and oversee how and by whom legitimate material concerns shall be investigated and addressed such as by an objective and independent internal or external body, senior management and/or the Board itself; and(d) Ensure that, after verifying the validity of the allegations, the person responsible for any misconduct is held accountable and is subjected to an appropriate disciplinary measure.Added: July 2023HC-1.2.4
The Board must establish a conflict of interest policy on identifying and managing potential conflicts of interest related to all
approved persons . The policy must include:(a) Anapproved person ’s duty to:i. Avoid, to the extent possible, activities that could create conflicts of interest or the appearance of conflicts of interest. Anapproved person shall be considered to have a “personal interest” in a transaction with a company if they themselves, or a member of their family (i.e. spouse, father, mother, sons, daughters, brothers or sisters), or another company of which they are a director or controller, are a party to the transaction or have a material financial interest in the transaction or are expected to derive material personal benefit from the transaction (transactions and interests which are de minimis in value should not be included);ii. Promptly disclose any matter that may result, or has already resulted, in a conflict of interest;iii. Abstain from getting involved in or voting on any matter where they may have a conflict of interest or where their objectivity or ability to properly fulfil duties to thelicensee may be otherwise compromised. Any decision to enter into a transaction in which anapproved person appears to have a material conflict of interest must be formally and unanimously approved by the entire Board;iv. Act with honesty, integrity and care for the best interest of thelicensee and its shareholders and other stakeholders;v. Not use properties of thelicensee for their personal needs;vi. Not misuse or misappropriate thelicensee’s assets or resources;vii. Not disclose confidential information of thelicensee or use it for their personal profit or interest;viii. Make every practicable effort to arrange their personal and business affairs to avoid a conflict of interest with thelicensee ;ix. Not take business opportunities of thelicensee for themselves; andx. Not compete in business with thelicensee or serve thelicensee’s interest in any transaction with a company in which they have a personal interest.(b) Examples of where conflict of interest may arise when serving as anapproved person ;(c) A rigorous review and approval process forapproved persons to follow before they engage in certain activities (such as serving on another Board) so as to ensure that such activity will not create a conflict of interest;(d) Adequate requirements that transactions with related parties must be made on an arm’s length basis;(e) Sufficient restrictions on and/or a robust and transparent process for the employment of relatives ofapproved persons ;(f) Requirements for properly managing and disclosing conflict of interest that cannot be prevented;(g) Requirements for allapproved persons to annually declare in writing all their other interests in other enterprises or activities (whether as a shareholder of above 5% of the voting capital of a company, a manager or other form of significant participation) to the Board or a designated Board committee; and(h) The way in which the Board will deal with any non-compliance with the policy.Added: July 2023HC-1.2.5
Where there is a potential for conflict of interest, or there is a need for impartiality, the Board must assign a sufficient number of independent Board members capable of exercising independent judgement, to address the conflict.
Added: July 2023HC-1.2.6
The CEO/General Manager of the
investment firm must disclose to the Board of directors on an annual basis those individuals who are occupyinglicensee scontrolled functions and who are relatives of any otherapproved person within thelicensee .Added: July 2023HC-1.3 Oversight of Senior Management
HC-1.3.1
The Board must exercise proper oversight of senior management against formal performance and remuneration standards consistent with the long-term strategic objectives and the financial soundness of the
licensee . In doing so, the Board must:(a) Meet regularly with senior management;(b) Subject senior management to annual performance assessment and document such assessments;(c) Ensure thatapproved persons ’ collective knowledge and expertise remain appropriate given thelicensee’s nature of business and risk profile;(d) Ensure that senior management’s actions are in full compliance with applicable laws and regulations and consistent with the strategy, business plan and policies approved by the Board, including risk appetite;(e) Question, challenge and critically review the explanations and information provided by senior management; and(f) Ensure that appropriate succession plans are in place for allapproved persons within senior management (provided that such plans are subject to review in case of any changes toapproved persons within senior management).Added: July 2023HC-2 Board Formation
HC-2.1 Board Composition
HC-2.1.1
The Board must comprise of individuals with a balance of skills, diversity and expertise, who individually and collectively possess the necessary qualifications commensurate with the size, complexity and risk profile of the
licensee .Added: July 2023HC-2.1.2
The Board must have a sufficient number of independent directors. In case of a
Bahraini investment firm licensees with a controller, at least one-third of the Board must be independent.Added: July 2023HC-2.1.3
If the
Bahraini investment firm licensee has a controller or a group of controllers acting in concert, such person(s) must recognise their specific responsibility to the minority shareholders as Board members have responsibilities to thelicensee’s overall interests, regardless of who appoints them.Added: July 2023HC-2.1.4
The CBB may call upon each independent director at its discretion to have a general discussion on the affairs of the
Bahraini investment firm licensee .Added: July 2023HC-2.2 Board Member Selection
HC-2.2.1
The Board must have a clear and rigorous process for identifying, assessing and selecting Board candidates. The Board, and not management, must nominate the candidates for shareholders’ approval.
Added: July 2023HC-2.2.2
Board candidates must:
(a) Possess the knowledge, skills, experience and, particularly in the case of non-executive directors, independence of mind necessary to discharge their responsibilities on the Board in light of thelicensee’s business and risk profile;(b) Have a record of integrity and good repute;(c) Have sufficient time to fully carry out their responsibilities;(d) Not have any conflicts of interest that may impede their ability to perform their duties independently and objectively and subject them to undue influence from:
i. Otherapproved persons , controllers or other connected parties;ii. Past or present positions held; oriii. Personal, professional or other economic relationships with otherapproved persons (or with other entities within the group); and(e) Not have more than two directorships of financial institutions inside Bahrain. However, two directorships ofinvestment firm licensees would not be permitted.Investment firm licensees may approach the CBB for exemption from this limit where the directorships concern financial institutions within the same group.Added: July 2023HC-2.2.3
Board candidates should not hold more than three directorships in public companies in Bahrain. In case such directorships exist, there must be no conflict of interest, and the Board must not propose the election or re-election of any director where such conflict of interest exists
Added: July 2023HC-2.2.4
Nominated directors of a
Bahraini investment firm licensee must possess the requisite experience and competencies specified in Module TC (Training and Competency).Added: July 2023HC-2.2.5
A CEO of a
Bahraini investment firm licensee who has resigned or retired, may serve as a Board member of the samelicensee but not as an independent director.Added: July 2023HC-2.2.6
Each proposal by the Board to the shareholders for election or re-election of a director must be accompanied by a recommendation from the Board and the following specific information:
(a) The term to be served, which may not exceed three years;(b) Biographical details and professional qualifications;(c) In the case of an independent director, a statement that the Board has determined that the applicable rules and criteria for independent director have been met;(d) Any other directorships held;(e) Particulars of other positions which involve significant time commitments; and(f) Details of relationships (if any) between:i. the candidate and thelicensee , andii. the candidate and otherapproved persons of thelicensee .Added: July 2023HC-2.2.7
Newly appointed directors must be made aware of their duties before their nomination, particularly as to the time commitment required.
Added: July 2023HC-2.3 Board Members’ Appointment and Induction
Board Members’ Appointment
HC-2.3.1
The chairperson of the Board must confirm to shareholders when proposing re-election of a director that, following a formal performance evaluation, the person’s performance continues to be effective and they continue to demonstrate commitment to the role.
Added: July 2023HC-2.3.2
Where an independent director has served three consecutive terms on the Board, such director will lose his independence status and must not be classified as an independent director if reappointed.
Added: July 2023HC-2.3.3
Bahraini investment firm licensees must have a written appointment agreement with each director which recites the directors’ powers, duties and responsibilities, accountability, term, the time commitment envisaged, the committee assignment (if any), remuneration, expense reimbursement entitlement and their access to independent legal or other professional advice at the expense of thelicensee when needed to discharge their responsibilities as directors.Added: July 2023Board Members’ Induction
HC-2.3.4
The Board must ensure that:
(a) Sufficient time, budget and other resources are allocated annually for the Board members’ induction programmes;(b) Each new director receives a formal and tailored induction and has access to ongoing training on relevant issues which may involve internal or external resources to ensure their effective contribution to the Board from the beginning of their term; and(c) The induction programmes include meetings with senior management, visits to theinvestment firm licensee’s facilities, presentations regarding strategic plans, significant financial, accounting and risk management issues, compliance programs, and meetings with internal and external auditors and legal counsel.Added: July 2023HC-2.3.5
Board members must understand their oversight and corporate governance role and be able to exercise sound, objective judgment about the affairs of the
investment firm licensee .Added: July 2023HC-2.3.6
All continuing directors must be invited to attend orientation meetings and all directors must continually educate themselves as to the
licensee ’s business and corporate governance.Added: July 2023HC-3 Board’s Structure and Practices
HC-3.1 Organisation and Assessment of the Board
HC-3.1.1
The Board of a
Bahraini investment firm licensees must:(a) Adopt a formal Board charter specifying matters which are reserved for it, which must include, but are not limited to, the specific requirements and responsibilities of directors stipulated in this Module and the Commercial Companies Law;(b) Structure itself in terms of leadership, size and the use of committees so as to effectively carry out its oversight role and other responsibilities. This includes ensuring that the Board has the time and means to cover all necessary subjects in sufficient depth and have a robust discussion of key issues;(c) Maintain and periodically update its governance structure, organisational rules, by-laws and other similar documents setting out its organisation, rights, responsibilities and key activities; and(d) Carry out annual evaluation and assessments – alone or with the assistance of external experts – of the Board, its committees and individual Board members. This must include:i. Assessing how the Board operates in terms of the requirements of the CBB Rulebook and the Commercial Companies Law;ii. Evaluating the performance of each committee considering its specific purposes and responsibilities, which shall include review of the self-evaluations undertaken by each committee;iii. Reviewing each director's work, their attendance at Board and committee meetings, and their independence and constructive involvement in discussions and decision making;iv. Reviewing the Board’s current structure, size, composition as well as committees’ structures and composition in order to maintain an appropriate balance of skills, diversity and experience and for the purpose of planned and progressive refreshing of the Board; andv. Recommendations for new directors to replace long-standing members or those members whose contribution to the Board or its committees is not adequate.Added: July 2023HC-3.1.2
Where the Board has serious reservations about the performance or integrity of a Board member, or he ceases to be qualified, the Board must take appropriate action and inform the CBB accordingly.
Added: July 2023HC-3.1.3
The Board must report to the shareholders, at each annual shareholder meeting, that evaluations have been done and report its findings.
Added: July 2023HC-3.1.4
Executive directors must provide the Board with all relevant business and financial information within their knowledge and must recognise that their role as a director is different from their role as a member of management.
Added: July 2023HC-3.1.5
Non-executive directors must be fully independent of management and must constructively scrutinise and challenge management and executive directors.
Added: July 2023HC-3.1.6
The Board must maintain appropriate records of meeting minutes, including key points of discussions held, recommendations made, decisions taken and dissenting opinions (if any).
Added: July 2023HC-3.1.7
The Board must meet at least four times a year to enable it to discharge its responsibilities effectively, and half of all Board meetings in any financial year must be held in the Kingdom of Bahrain.
Added: July 2023HC-3.1.8
Individual Board members must attend at least 75% of all Board meetings in a given financial year, whether in-person or virtually (if needed) so as to enable the Board to discharge its responsibilities effectively (see table below). Voting and attendance proxies for Board meetings are prohibited.
Meetings per year 75% Attendance requirement 4 3 5 4 6 5 7 5 8 6 9 7 10 8 Added: July 2023HC-3.1.9
The absence of Board members at Board and committee meetings must be noted in the relevant meeting minutes. In addition, Board attendance percentage must be reported during any general assembly meeting when Board members stand for re-election (e.g. Board member XYZ attended xx% of scheduled meetings this year).
Added: July 2023HC-3.1.10
If a Board member has not attended at least 75% of Board meetings in any given financial year, the
licensee must notify the CBB, within one month from its financial year-end, indicating which member has failed to satisfy this requirement, their level of attendance and the reason for non-attendance. The CBB shall then consider the matter and determine whether enforcement action pursuant to Article 65 of the CBB Law is appropriate.Added: July 2023HC-3.1.11
Board governance framework should require members to step down if they are not actively participating in Board meetings.
Added: July 2023HC-3.2 Board Chairperson
HC-3.2.1
The Chairperson of the Board of the
Bahraini investment firm licensees must:(a) Not be an executive director;(b) Not be the same person as the CEO. This applies also to the deputy chairperson;(c) Commit sufficient time to perform their role effectively;(d) Play a critical role in promoting mutual trust, efficient functioning of the Board, open discussion, constructive dissent from decisions and constructive support for decisions after they have been made;(e) Ensure that all directors receive an agenda, minutes of prior meetings and adequate background information on each agenda item in writing well before each Board meeting;(f) Encourage and promote critical and objective discussion and ensure that dissenting views can be freely expressed, discussed and recorded in the minutes of the Board meeting; and(g) Ensure that Board decisions are taken on sound and well-informed basis.Added: July 2023HC-3.3 Board Committees
HC-3.3.1
Bahraini investment firm licensees must comply with the requirements of this Section for each of the Board committees it establishes. The Board must at minimum establish an Audit Committee.Added: July 2023HC-3.3.2
Objectivity and independence must be ensured by the selection of appropriate Board members in each committee.
Added: July 2023HC-3.3.3
Committees may be combined provided that no conflict of interest arises between the duties of such committees, and subject to the CBB’s prior approval.
Added: July 2023HC-3.3.4
Every committee must have a formal written charter or other instrument which sets out its roles and responsibilities, how the committee will report to the Board, what is expected of committee members and any tenure limits for serving on the committee.
Added: July 2023HC-3.3.5
Each committee must have the resources and the authority necessary to discharge its duties and responsibilities, including the authority to select, retain, terminate and approve the fees of external legal, accounting or other advisors as it deems necessary.
Added: July 2023HC-3.3.6
Each Board committee must maintain appropriate records of their deliberations and decisions in their meeting minutes, including key points of discussions held, recommendations made, decisions taken (and update on their subsequent implementation) and dissenting opinions (if any).
Added: July 2023HC-3.3.7
Each committee must prepare and review with the Board an annual performance evaluation of the committee and its members and must recommend to the Board any improvements deemed necessary or desirable to the committee’s charter or composition. The report must be in the form of a written report presented at any regularly scheduled Board meeting.
Added: July 2023HC-3.3.8
Members of each committee must exercise judgment free from any personal conflicts of interest or bias.
Added: July 2023HC-3.3.9
The Board should consider occasional rotation of membership and chair of the Board committees provided that doing so does not impair the collective skills, experience and effectiveness of these committees.
Added: July 2023HC-3.4 Audit Committee
HC-3.4.1
The audit committee of the
Bahraini investment firm licensee must have at least three directors of which the majority must be independent and have no conflict of interest with any other duties they have.Added: July 2023HC-3.4.2
The Chairperson of the audit committee must:
(a) Be independent; and(b) Not be the chairperson of the board, unless he is considered independent.Added: July 2023HC-3.4.3
The CEO and other senior management of the
Bahraini investment firm licensee must not be members of the audit committee.Added: July 2023HC-3.4.4
The audit committee members must have sufficient experience in audit practices, financial reporting and accounting.
Added: July 2023HC-3.4.5
The audit committee must meet:
(a) At least four times a year.(b) At least twice a year with the external auditor.(c) At least once a year in the absence of the CEO and any executive management, but in presence of the Head of Compliance, Internal Auditor and CRO.Added: July 2023HC-3.4.6
The audit committee must, at minimum:
(a) Ensure that thelicensee has effective and adequate policies covering all its business activities, internal audit, financial reporting, compliance, risk management, prevention of frauds and cyber security breaches, etc.;(b) Oversee the financial reporting process;(c) Oversee and interact with thelicensee’s internal and external auditors;(d) Review the integrity of thelicensee’s financial statements;(e) Recommend to the Board, based on a Board approved objective criteria, the appointment, remuneration, dismissal and rotation of external auditors;(f) Review and approve the internal and external audit and compliance scope;(g) Receive internal and external audit and compliance reports and ensure that senior management is taking necessary corrective actions in a timely manner to address any control weaknesses, non-compliance with policies, laws and regulations, and other problems identified by auditors, the head of compliance and other control functions;(h) Assess once a year the extent to which thelicensee is managing its compliance risk effectively;(i) Ensure that the agenda for their meetings includes compliance and internal audit issues at least every quarter;(j) Recommend the appointment and dismissal of the heads of internal audit and compliance functions. Thelicensee must also discuss the reasons for their dismissal with the CBB.(k) Make a determination, at least once a year, of the external auditor’s independence;(l) Review and supervise the implementation and enforcement of thelicensee's code of conduct, unless such mandate is delegated to another committee such as the Governance Committee; and(m) Ensure that senior management establishes and maintains an adequate and effective internal control systems, procedures and processes for the business of thelicensee .Added: July 2023HC-3.4.7
In case the
licensee has a different board committee overseeing and monitoring compliance issues, then all of the above compliance-related requirements in Paragraph HC-3.4.6 can be handled by such committee instead.Added: July 2023HC-3.5 Risk Committee
HC-3.5.1
Where a
Bahraini investment firm licensee establishes a Board risk committee, such committee should have at least three directors of which the majority, including the chairperson should be independent. In addition, the committee members should have experience in risk management issues and practices and have no conflict of interest with any other duties they may have.Added: July 2023HC-3.5.2
There should be effective communication and coordination between the audit committee and the risk committee to facilitate the exchange of information and effective coverage of all risks, including emerging risks, and any needed adjustments to the risk governance framework of the
licensee .Added: July 2023HC-3.6 Remuneration Committee
HC-3.6.1
Where a
Bahraini investment firm licensee establishes a Board remuneration committee, such committee should have at least three directors.Added: July 2023HC-3.6.2
Members of the remuneration committee should be independent of any risk-taking function or committee.
Added: July 2023HC-3.6.3
The remuneration committee should include only independent directors or, alternatively, only non-executive directors of whom a majority are independent directors and the chairperson should be an independent director.
Added: July 2023HC-3.6.4
The remuneration committee should meet at least twice a year.
Added: July 2023HC-3.6.5
The remuneration committee should:
(a) Recommend to the Board:i. An appropriate remuneration policy designed to reduce employees’ incentives to take excessive and undue risk, which must be approved by the shareholders; andii. A fair and internally transparent remuneration system, which includes relevant performance measures and effective controls;(b) Ensure on an annual basis that the remuneration policy and its implementation:i. Are in full compliance with CBB requirements;ii. Are consistent with thelicensee’s strategy, culture, long-term business objectives, risk appetite, performance and control environment; andiii. Are creating the desired incentives for managing risk, capital and liquidity.(c) Work closely with the risk committee in evaluating the incentives created by the remuneration system. The risk committee must, without prejudice to the tasks of the remuneration committee, examine whether incentives provided by the remuneration system take into consideration risk, capital, liquidity and the likelihood and timing of earnings;(d) Approve the remuneration package and amounts for eachapproved person and material risk-taker, as well as the total variable remuneration to be distributed based on the results of the performance evaluation system and taking account of total remuneration including salaries, fees, expenses, bonuses and other employee benefits;(e) Regularly review remuneration outcomes, risk measurements, and risk outcomes for consistency with Board’s approved risk appetite;(f) Question payouts for income that cannot be realised or whose likelihood of realisation remains uncertain at the time of payout;(g) Recommend Board member remuneration based on their attendance and in compliance with the Commercial Companies Law;(h) Evaluate practices by which remuneration is paid for potential future revenues whose timing and likelihood remain uncertain by means of both quantitative and qualitative key indicators. It must demonstrate that its decisions are consistent with the assessment of thelicensee’s financial condition and future prospects; and(i) Obtain feedback on performance evaluation of the Chief Risk Officer, Chief Internal Auditor and Head of Compliance from the designated Board committee responsible for oversight of these functions.Added: July 2023HC-3.7 Corporate Governance Committee
HC-3.7.1
The
Bahraini investment firm licensee should assign to one of its senior management the role of a corporate governance officer who is responsible for the tasks of verifying thelicensee’s compliance with corporate governance rules and regulations.Added: July 2023HC-3.7.2
The Board should establish a corporate governance committee for developing and recommending changes from time to time in the
licensee ’s corporate governance policy framework. Such committee should have at least three directors of which the majority should be independent.Added: July 2023HC-3.7.3
The corporate governance committee should:
(a) Oversee and monitor the implementation of the governance policy framework by working with the management and the Audit Committee; and(b) Provide the Board of directors with reports and recommendations based on its findings in the exercise of its functions.Added: July 2023HC-3.7.4
The responsibilities of the corporate governance officer may be assumed by the head of compliance and should include, at minimum:
(a) Coordinating and following up on thelicensee’s compliance with corporate governance requirements;(b) Ensuring that the corporate governance policies, their implementation and related internal controls are consistent with the regulatory and legal requirements;(c) Working closely with the Board and/or the relevant Board committee to improve the governance framework of thelicensee ; and(d) Reviewing the annual corporate governance disclosure to ensure that its contents are in conformity with thelicensee’s internal policies and the CBB rulebook requirements.Added: July 2023HC-4: Group Structures
HC-4.1 Governance of Group Structures
HC-4.1.1
The Board of a
Bahraini investment firm licensee which acts as aparent must:(a) Have the overall responsibility for the group and exercise adequate oversight over subsidiaries and overseas branches while respecting the independent legal and governance responsibilities that might apply to subsidiary Boards;(b) Establish, subject to CBB’s approval, a group structure (including the legal entity and business structure) and a group corporate governance framework with clearly defined roles and responsibilities at both theparent licensee’s and the subsidiaries’ level as may be appropriate based on the complexity, risks and significance of the subsidiaries;(c) Set adequate and comprehensive criteria for composing Boards at subsidiaries’ level;(d) Have a clear strategy and group policy for establishing new structures and legal entities, and ensure that they are consistent with the policies and interests of the group;(e) Have sufficient resources at group and subsidiaries levels to monitor risks and compliance at the level of the group and its subsidiaries;(f) Pay special attention and due care to any significant subsidiary based on its risk profile or systemic importance or due to its size relative to theparent licensee ;(g) Assess and discuss material risks and issues that might affect the group and its subsidiaries and overseas branches;(h) Establish effective group functions at theparent licensee , including but not limited to, internal audit, compliance, risk management and financial controls to whom the relevant subsidiaries’ functions must report;(i) Maintain an effective relationship, through the subsidiary Board or direct contact, with the regulators of all subsidiaries and overseas branches; and(j) ensure that:i. The group has appropriate policies and controls to identify and address potential intragroup conflicts of interest, such as those arising from intragroup transactions;ii. The group is governed and operating under clear group strategies, business policies and specific set of group policies on risk management, internal audit, compliance and financial controls;iii. There are no barriers to exchanging information between the subsidiaries and theparent licensee and that there are robust systems in place to facilitate the exchange of information to enable theparent licensee to effectively supervise the group and manage its risks; andiv. Adequate authority is available to each subsidiary pursuant to local legislations.Added: July 2023Subsidiaries’ Boards
HC-4.1.2
Boards and senior management of subsidiaries of
Bahraini investment firm licensees must remain responsible for developing effective governance and risk management framework for their entities and must clearly understand the reporting obligations they have to theparent licensee .Added: July 2023HC-4.1.4
Material risk-bearing subsidiaries and overseas branches must be captured by the
licensee -wide risk management system and must be part of the overall risk governance framework.Added: July 2023HC-4.1.3
The strategy, business plan, policies, risk governance framework, corporate values and corporate governance framework of each subsidiary must align with group strategy and policies, and the subsidiary Board must make necessary adjustments where a group policy conflicts with an applicable legal or regulatory provision or prudential rule or would be detrimental to the sound and prudent management of the subsidiary.
Added: July 2023HC-5 Remuneration of Approved Persons
HC-5.1 Remuneration of Approved Persons
HC-5.1.1
Bahraini investment firm licensees must have in place a Board approved remuneration policy.Licensees must ensure that allapproved persons are remunerated fairly and responsibly. More specifically, the remuneration must be sufficient to attract, retain and motivate persons.Added: July 2023HC-5.1.2
The performance evaluation and remuneration of senior management and staff of the
licensees must be based, among other factors, on their adherence to all relevant laws, regulations and CBB rulebook requirements, including but not limited to AML/CFT requirements in the FC module.Added: July 2023HC-5.1.3
Remuneration ofnon-executive directors must not include performance-related elements such as grants of shares, share options or other deferred stock-related incentive schemes, bonuses, or pension benefits.Added: July 2023HC-6 Senior Management
HC-6.1 Senior Management
HC-6.1.1
The Board must establish an adequate organisational structure that promotes accountability and transparency and facilitates effective decision-making and good governance throughout the
licensee . This includes clarity on the role, authority and responsibility of the various positions within senior management, including that of the CEO.Added: July 2023HC-6.1.2
Senior management must:
(a) Be selected through an appropriate promotion or recruitment process which considers the qualifications and competencies required for the position in question;(b) Have the necessary experience, competencies, personal qualities and integrity to manage the businesses and employees under their supervision;(c) Be subject to regular training to maintain and enhance their competencies and stay up to date on developments relevant to their areas of responsibility;(d) Act within the scope of their responsibilities which must be clearly defined;(e) Independently assess and question the policies, processes and procedures of thelicensee , with the intent to identify and initiate management action on issues requiring improvement;(f) Not interfere in the independent duties of the risk management, compliance and internal audit functions;(g) Carry out and manage thelicensee’s activities in compliance with all laws and regulations, and in a manner consistent with the business strategy, risk appetite, business plans and remuneration and other policies approved by the Board;(h) Have a robust governance framework for all management committees;(i) Not primarily control the remuneration system in thelicensee ;(j) Actively communicate and consult with the control functions on management’s major plans and activities so that the control functions can effectively discharge their responsibilities; and(k) Provide the Board and its committees with timely, complete, accurate and understandable information and documents so that they are equipped for upholding their responsibilities, and keep them adequately informed and updated on a timely basis about material issues including:i. Changes in the implementation of business strategy, risk strategy and risk appetite;ii. Thelicensee’s performance and financial condition;iii. Breaches of risk limits or regulations;iv. Internal control failures, frauds and cyber-security incidents;v. Legal or regulatory concerns;vi. Customer complaints; andvii. Issues raised as a result of thelicensee’s whistleblowing policy.Added: July 2023HC-7 Compliance
HC-7.1 Compliance
HC-7.1.1
The Board must:
(a) Oversee the management of thelicensee’s compliance risk;(b) Establish an independent compliance function and approve an appropriate compliance framework for thelicensee based on its size and complexity of its operations;(c) Set priorities for the management of its compliance risk in a way that is consistent with its risk management strategy and structures; and(d) Approve thelicensee’s compliance policy for identifying, assessing, monitoring, reporting and advising on compliance risk.Added: July 2023HC-7.1.2
The compliance function and the internal audit function must be separate.
Added: July 2023HC-7.1.3
The Board, Audit Committee or the designated Board committee and senior management must:
(a) Ensure that, based on an agreed remedial action plan, all compliance findings are resolved within a reasonable period of time to be set based on level and magnitude of risk;(b) Not restrict the compliance function from reporting any irregularities or breaches that are identified as a result of its work or investigations, and must ensure that such reporting can be done without fear of retaliation or disfavour from management, board members or other staff members;(c) Ensure that the head of compliance and his staff are not placed in a position where there is a possible conflict of interest between their compliance responsibilities and any other responsibilities they may have;(d) Not consider the compliance function as a cost center; instead it should be viewed as an activity that helps thelicensee avoid enforcement action for non-compliance, enhances thelicensee’s reputation and promotes the right environment for better financial performance; and(e) Ensure the compliance function’s right to:i. Have unrestricted access to any records or files necessary to carry out its responsibilities, and the corresponding duty oflicensee staff to co-operate in supplying this information;ii. Conduct investigations of possible breaches of the applicable laws, regulations and the compliance policy; andiii. Appoint, subject to audit committee’s approval, outside experts to perform a specific task, if appropriate.Added: July 2023HC-7.1.4
Licensees must appoint a head of compliance with overall responsibility for thelicensee’s compliance function.Added: July 2023HC-7.1.5
In groups (applicable to Category 1 investment firms):
(a) The audit committee and senior management, with assistance of the group head of compliance, should ensure that adequate resources, commensurate with the scale and complexity of operations, are assigned for compliance activities at the head office, subsidiaries and overseas branches; and(b) The group head of compliance should ensure that:i. Adequate reports and information are received from subsidiaries and overseas branches on compliance related issues and must report the same to the audit committee; andii. It conducts annual compliance testing on subsidiaries and overseas branches whose total revenue represents 20% or more of the group’s total revenue and every two years for other overseas operations.Added: July 2023HC-7.1.6
Subject to the CBB’s approval, the role of head of compliance may be combined with the head of risk if the size and nature of the
licensee justify the same.Added: July 2023HC-7.1.7
The head of compliance must:
(a) Report to the Audit Committee or the designated Board committee and administratively to the CEO. In the case ofoverseas investment firm licensees , the reporting must be to the Group or Regional Head of Compliance and administratively to the CEO/GM of the branch;(b) Establish the operating compliance procedures and processes for identifying, assessing, monitoring, reporting and advising on compliance risk;(c) Establish written guidance to thelicensee’s staff on the appropriate implementation of laws and regulations;(d) Conduct, under the sponsorship of the CEO, awareness sessions for thelicensee’s staff on compliance policy requirements and issues; and(e) Report to the Audit Committee or the designated Board Committee:i. On a quarterly basis, thelicensee’s management of its compliance risk, in such a manner as to assist committee members to make an informed judgment on whether thelicensee is managing its compliance risk effectively; andii. Immediately any material compliance failures as they arise (e.g. failures that may attract a significant risk of legal or regulatory sanctions, material financial loss, or loss of reputation).Added: July 2023HC-7.1.8
The compliance function must:
(a) Have a formal status with sufficient authority within thelicensee ;(b) Carry out its responsibilities under a risk-based compliance programme that sets out its planned activities, such as the implementation and review of specific policies and procedures, compliance risk assessment and compliance testing;(c) Assess in cooperation with the relevant functions, in case of new regulations, the appropriateness of thelicensee’s relevant policies as well as the compliance policy and related procedures and processes. It must promptly follow up regarding any identified deficiencies, and, where necessary, formulate proposals for amendments in cooperation with the relevant functions;(d) On a proactive basis, identify, measure, document and assess the compliance risks associated with thelicensee’s business activities including the development of new products and business practices, proposed establishment of new types of business or customer relationships, or material changes in the nature of such relationships. If thelicensee has a new products and services committee, the compliance function staff must be represented on the committee;(e) Monitor and test compliance by performing sufficient and representative compliance testing. The results of such testing must be reported to the Audit Committee ;(f) Advise the audit committee and senior management on all relevant laws, regulations and standards in all jurisdictions in which thelicensee conducts its business and inform them on developments on the subject;(g) Must provide to the CBB a compliance assessment report on every application/request for approval to the CBB confirming that all related legal and regulatory requirements pertaining to the request have been thoroughly checked, including the impact of such request on thelicensee’s financial position and compliance status, and a reference must be made to any previously approved arrangements by the CBB. In cases where the requests have a potential financial impact on thelicensee , a report from the financial control function in consultation with external auditors must also be submitted as part of the compliance assessment report, whereas in case of any legal implication of such a request a legal opinion on the matter must be submitted;(h) Act as a contact point within thelicensee for compliance queries from staff members; and(i) Have sufficient and appropriate resources to carry out its functions effectively, commensurate with the size and complexity of thelicensee .Added: July 2023HC-7.1.9
The compliance function staff must:
(a) Have the necessary qualifications, experience and professional and personal qualities to enable them to carry out their specific duties;(b) Have a sound understanding of applicable laws, regulations and standards and their practical impact on thelicensee’s business activities and operations; and(c) Be subject to regular and systematic training to remain up-to-date with developments in laws, regulations and standards.Added: July 2023HC-7.1.10
The CBB may at its own discretion communicate directly with the Head of Compliance to discuss issues of material concerns related to compliance risk.
Added: July 2023HC-8 Internal Audit
HC-8.1 Internal Audit
HC-8.1.1
Investment firm licensees must establish an effective and independent internal audit function (IAF).Added: July 2023HC-8.1.2
The Audit Committee remains ultimately responsible for the IAF regardless of whether internal audit activities are outsourced.
Added: July 2023HC-8.1.3
The Board, Audit Committee and senior management must:
(a) Promote a strong and robust internal control environment within thelicensee ;(b) Provide the IAF staff full and unconditional access to all files, records, data, documents, systems, properties, subsidiaries and overseas branches of thelicensee ;(c) Require that all internal audit findings and recommendations are resolved within a reasonable period of time to be set based on level and magnitude of risk;(d) Allocate sufficient annual budget to support the IAF’s activities and plans; and(e) Inform the IAF of new developments, initiatives, projects, products and operational changes.Added: July 2023HC-8.1.4
All
Bahraini investment firm licensees must have an internal audit charter which must be drawn up and reviewed annually by the head of internal audit and approved by the Board or Audit Committee. It must be available to all internal stakeholders, and to external stakeholders in case of a listed investment firm.Added: July 2023HC-8.1.5
The internal audit charter must establish, at a minimum:
(a) The IAF’s standing within thelicensee , its authority, responsibilities and relations with other control functions in a manner that promotes the effectiveness of the function;(b) The purpose and scope of the IAF;(c) The obligation of the internal auditors to communicate the results of their engagements and a description of how and to whom this must be done (reporting line);(d) The criteria for when and how the IAF may outsource some of its engagements to external experts;(e) The terms and conditions according to which the IAF can be called upon to provide consulting or advisory services or to carry out other special tasks without creating a conflict with its core function;(f) The responsibility and accountability of the head of internal audit;(g) The requirement to comply with the international standard on internal audit issued by The Institute of Internal Auditor; and(h) Procedures for the coordination of the IAF with the external auditor.Added: July 2023HC-8.1.6
The IAF must:
(a) Be independent of all functions;(b) Have sufficient standing and authority within thelicensee ;(c) Have sufficient skilled resources to be able to judge outcomes and make an impact at the highest level of the organization;(d) Be able to perform its assignments on its own initiative in all areas and functions of thelicensee based on the audit plan established by the head of the IAF and approved by the audit committee;(e) Be free to report its findings and assessments internally;(f) Independently review and evaluate the effectiveness and efficiency of all functions, internal controls, risk management, internal risk and finance models, governance framework, policies, procedures, systems and processes, including thelicensee’s outsourced activities and its subsidiaries (including SPVs) and local and overseas branches, and must ensure adequate coverage of matters of regulatory interest within the audit plan;(g) Develop an independent and informed view of the risks faced by thelicensee based on its access to alllicensee records and data, its enquiries and its professional competence;(h) Discuss its views, findings and conclusions directly with the audit committee and, if necessary, with the board of directors at their routine quarterly meetings; and(i) Not be involved in designing, selecting, implementing or operating specific internal control measures. However, the independence of the IAF must not prevent senior management from requesting input from the IAF on matters related to risk and internal controls. Nevertheless, the development and implementation of internal controls must remain the responsibility of management.Added: July 2023HC-8.1.7
Licensees must appoint a head of internal audit who shall:(a) Report directly to the Audit Committee and administratively to the CEO;(b) Demonstrate appropriate leadership and have the necessary personal characteristics and professional skills to fulfil his responsibility for maintaining the function’s independence and objectivity;(c) Inform senior management of all significant findings so that timely corrective actions can be taken, and subsequently, he must follow up with senior management on the outcome of those corrective measures;(d) Report quarterly to the Audit Committee the status of pending findings;(e) Arrange appropriate ongoing training for the internal audit staff to meet the growing technical complexity of thelicensee ’s activities and the increasing diversity of tasks that need to be undertaken as a result of the introduction of new products and processes and other developments in the financial sector;(f) Establish an annual internal audit plan approved by the audit committee. The plan must be based on a robust risk assessment, including direct or indirect input from the board, audit committee and senior management;(g) Develop and maintain appropriate tools to assess the quality of the IAF; and(h) Define, in a group structure, the group’s internal audit strategy, determine the organisation of the internal audit function both at theparent ’s and the subsidiary’s level (in consultation with these entities’ respective audit committees and in accordance with local laws) and formulate the internal audit principles, the audit methodology and quality assurance measures. He must also determine the audit scope for every internal audit exercise, by the parent’s internal audit function, for every subsidiary on an annual basis in compliance with local regulations and incorporate local knowledge and experience.Added: July 2023HC-8.1.8
The head of IAF should, whenever practicable and without jeopardising competence and expertise, periodically rotate internal audit staff within the internal audit function.
Added: July 2023HC-8.1.9
The CBB may at its own discretion communicate directly with the head of the IAF to discuss issues of material concerns related to risks, compliance and internal controls.
Added: July 2023HC-8.1.10
For purposes of Paragraph HC-8.1.7,
licensees may outsource the IAF.Added: July 2023HC-8.1.11
Internal audit reports must be provided to the audit committee without management filtering.
Added: July 2023HC-8.1.12
All internal audit staff must:
(a) Apply the care and skills expected of a reasonably prudent and competent professional. Due professional care does not imply infallibility. Internal auditors having limited competence and experience in a particular area must be appropriately supervised by more experienced staff;(b) Avoid conflicts of interest. Internal auditors appointed from within thelicensee must not engage in auditing activities for which they have had previous responsibility before a one year “cooling off” period has elapsed;(c) Act with integrity (being straightforward, honest and truthful);(d) Be diligent in the protection of information acquired in the course of their duties and must not use it for personal gain or malicious action;(e) Adhere to the code of ethics of thelicensee , the institute of internal auditors and any other relevant professional or standard setting body;(f) Collectively be competent to examine all areas in which thelicensee operates; and(g) Adhere to international professional standards established by the institute of internal auditors.Added: July 2023HC-9 Islamic Investment Firm Licensees
HC-9.1 Governance and Disclosure per Shari’a Principles
HC-9.1.1
Companies which refer to themselves as “Islamic” must follow the principles of Islamic Shari’a.
Added: July 2023HC-9.1.2
Category 1 andCategory 2 investment firm licensees , which are guided by the principles of Islamic Shari’a have additional responsibilities to their stakeholders.Investment firm licensees which refer to themselves as “Islamic” are subject to additional governance requirements and disclosures to provide assurance to stakeholders that they are following Shari’a Principles. In ensuring compliance with Shari’a principles, suchlicensees must establish a Shari’a Supervisory Board consisting of at least three Shari’a board members.Category 3 investment firm licensees , which are guided by the principles of Islamic Shari'a and refer to themselves as “Islamic” must appoint a minimum of one Shari’a advisor or scholar to verify that their operations are Shari’a compliant.Added: July 2023HC-9.1.3
In addition to its duties outlined in Section HC-3.4, the Audit Committee shall communicate and co-ordinate with the
investment firm licensee’s Corporate Governance Committee and the Shari’a Supervisory Board (“SSB”) (where applicable) to ensure that information on compliance with Islamic Shari’a rules and principles is reported in a timely manner.Added: July 2023HC-9.1.4
The Board shall set up a Corporate Governance Committee (see also Paragraph HC-3.7.2). In this case, the Committee shall comprise at least three members to co-ordinate and integrate the implementation of the governance policy framework.
Added: July 2023HC-9.1.5
The Corporate Governance Committee established under Chapter HC-9 shall comprise at a minimum of:
(a) Anindependent director to chair the Corporate Governance Committee. The Chairman of the Corporate Governance Committee should not only possess the relevant skills, such as the ability to read and understand financial statements, but should also be able to coordinate and link the complementary roles and functions of the Corporate Governance Committee and the Audit Committee;(b) A Shari’a scholar who is an SSB member for the purpose of leading the Corporate Governance Committee on Shari’a-related governance issues (if any), and also to coordinate and link the complementary roles and functions of the Corporate Governance Committee and the SSB; and(c) Anindependent director who can offer different skills to the committee, such as legal expertise and business proficiency, which are considered particularly relevant by the Board of directors for cultivating a good corporate governance culture, and deemed “fit and proper” by the CBB.Added: July 2023HC-9.1.6
The Corporate Governance Committee shall be empowered to:
(a) Oversee and monitor the implementation of the governance policy framework by working together with the management, the Audit Committee and the SSB; and(b) Provide the Board of directors with reports and recommendations based on its findings in the exercise of its functions.Added: July 2023
