Executive Summary

Legal Basis

SIO-A.2.1

This Module was first issued in July 2025. Changes made subsequently to this Module are annotated with the calendar quarter date in which the change was made as detailed in the table below. Chapter UG 3 provides further details on Rulebook maintenance and version control.

Effective Date

SIO-1.1.1

This Module sets out the requirements for stablecoin issuers undertaking regulated stablecoin offering service. Pursuant to CBB Regulation No (1) of 2007 with respect to regulated services, regulated stablecoin offering service includes the following services:

SIO-1.1.2

Stablecoin issuers intending to offer regulated stablecoin offering services which were not included in its application for license and/or additional services which are not part of the regulated stablecoin offering services specified in Paragraph SIO-1.1.1, must seek the CBB’s prior written approval before offering the service. Stablecoin issuers must provide the CBB with detailed description of the new services, the resources required and the operational framework for such service.

SIO-1.1.3

No person shall undertake (or hold oneself to undertake) regulated stablecoin offering service (SIO-1.1.1) or actively market the issuance and offering of stablecoins to the public, by way of business, within or from the Kingdom of Bahrain, unless that person is duly licensed by the CBB.

SIO-1.1.4

The regulated activities will be deemed to be undertaken ‘within or from the Kingdom of Bahrain’, if, for example, the person concerned:

SIO-1.1.5

For the purposes of SIO-1.1.3, actively market includes:

SIO-1.1.6

Stablecoin issuers must satisfy the conditions and requirements detailed in this Module for:

SIO-1.1.7

To assist with the interpretation of the requirements of this Module and their application, stablecoin issuer and/or their appointed functionaries should initiate discussion with the CBB and seek necessary clarification. Any action or conduct which departs from the requirements stipulated in this Module or other applicable Modules shall be taken into account by the CBB for the purpose of determining compliance with the regulatory framework.

SIO-1.2.1

Stablecoin issuers are permitted to issue single currency stablecoins backed by reserve assets in one of the following fiat currencies:

SIO-1.2.2

For the purpose of Paragraph SIO-1.2.1, a stablecoin issuer must ensure that the value of the reserve assets backing the approved stablecoin is at least equal to the par value of the approved stablecoin in circulation at all times.

SIO-1.2.3

With regards to Paragraph SIO-1.2.1(c) above, the CBB while determining the suitability of stablecoins backed in any other fiat currencies (other than Bahraini Dinar and US Dollar), will take into consideration various factors including but not limited to the stabilisation mechanism as well as the availability of high quality and highly liquid with minimal market, credit and concentration risk reserve assets in those currencies.

SIO-1.2.4

In order to distinguish stablecoins approved by the CBB for offering pursuant to the requirement of this Module from other types of stablecoins, the stablecoins approved by the CBB shall be referred to as approved stablecoins.

CBB’s Right of Refusal or Restrictions on Stablecoin Offering

SIO-2.1.1

Applicants for a stablecoin issuer license must submit a duly completed Form 1 (Application for a License), under cover of a letter signed by an authorised signatory of the applicant marked for the attention of the Director, Licensing Directorate. The application must be accompanied by the documents listed in Paragraph SIO-2.1.4, unless otherwise directed by the CBB.

SIO-2.1.2

Applicants seeking a stablecoin issuer license from the CBB must pay a non-refundable license application fee of BD 100 at the time of submitting their formal application to the CBB.

SIO-2.1.3

References to applicant mean the potential licensee seeking a license. An applicant may appoint a representative, such as a law firm or professional consultancy, to prepare and submit the application. However, the applicant retains full responsibility for the accuracy and completeness of the application and is required to certify the application form accordingly. The CBB also expects to be able to liaise directly with the applicant during the licensing process, when seeking clarification of any issues.

SIO-2.1.4

Unless otherwise directed by the CBB, the following documents must be provided in support of the application for license:

SIO-2.1.5

The CBB, in its absolute discretion, may ask for a letter of guarantee from the applicant’s controlling or major shareholders on a case-by-case basis as it deems appropriate/necessary as part of the required documents to be submitted pursuant to Paragraph SIO- 2.1.4 above.

SIO-2.1.6

The business plan submitted in support of an application must include:

SIO-2.1.7

The applicant’s memorandum and articles of association must explicitly provide for it to undertake the activities proposed in the license application and must preclude the applicant from undertaking other regulated services, or commercial activities, unless these arise out of its regulated stablecoin issuance services or are incidental to those.

SIO-2.1.8

All documentation provided to the CBB as part of an application for a license must be in either the Arabic or English languages. Any documentation in a language other than English or Arabic must be accompanied by a certified English or Arabic translation thereof.

SIO-2.1.9

Any material changes or proposed changes to the information provided to the CBB in support of a licensing application that occurs prior to licensing must be reported to the CBB.

SIO-2.1.10

Failure to inform the CBB of the changes specified in Paragraph SIO-2.1.9 is likely to be viewed as a failure to provide full and transparent disclosure of information, and thus a failure to meet licensing condition stipulated in Paragraph SIO-3.1.1 (i)

Licensing Process and Timelines

Granting or Refusal of License

Commencement of Operations

Voluntary Surrender of a License

Cancellation of a License by the CBB

Amendment to the scope of regulated services under the license or Amendment of the license

SIO-2.3.1

In accordance with Articles 47 and 49 of the CBB Law, the CBB must publish its decision to voluntarily surrender, cancel or amend a license in the Official Gazette and in two local newspapers, one in Arabic and the other in English.

SIO-2.3.2

For the purposes of Paragraph SIO-2.3.1, the cost of publication must be borne by the stablecoin issuer.

SIO-2.3.3

The CBB may also publish its decision on such cancellation or amendment using any other means it considers appropriate, including electronic means.

SIO-2.4.1

Licensed stablecoin issuers must pay the relevant annual license fee to the CBB, on 1st December of the preceding year for which the fee is due.

SIO-2.4.2

The relevant fees are specified in Paragraph SIO-2.4.3 below. The fees due on 1st December are those due for the following calendar year but are calculated on the basis of the firm’s latest audited financial statements for the previous calendar year: i.e. the fee payable on 1st December 2013 for the 2014 year (for example), is calculated using the audited financial statements for 2012, assuming a 31st December year end. Where a licensee does not operate its accounts on a calendar-year basis, then the most recent audited financial statements available are used instead.

SIO-2.4.3

The variable annual license fee payable by stablecoin issuer is 0.25% of their relevant operating expenses, subject to a minimum fee of BD 5000 and maximum fee of BD 12,000.

SIO-2.4.4

Relevant operating expenses are defined as the total operating expenses of the stablecoin issuer concerned, as recorded in the most recent audited financial statements available, subject to the adjustments specified in Paragraph SIO-2.4.5.

SIO-2.4.5

The adjustments to be made to relevant operating expenses are the exclusion of the following items from total operating expenses:

SIO-2.4.6

For the avoidance of doubt, operating expenses for the purposes of this Section, do not include items such as depreciation, provisions, interest expense, and dividends.

SIO-2.4.7

The CBB would normally rely on the audited accounts of a stablecoin issuer as representing a true and fair picture of its operating expenses. However, the CBB reserves the right to enquire about the accounting treatment of expenses, and/or policies on intra-group charging, if it believes that these are being used artificially to reduce a license fee.

SIO-2.4.8

Stablecoin issuers must complete and submit Form ALF (Annual License Fee) to the CBB, no later than 15th October of the preceding year for which the fees are due.

SIO-2.4.9

Stablecoin issuers are subject to direct debit for the payment of the annual fee and must complete and submit to the CBB a Direct Debit Authorisation Form by 15th September available under Part B of Volume 6 (Capital Markets) CBB Rulebook on the CBB website.

SIO-2.4.10

For newly licensed stablecoin issuers, the first annual license fee is payable when the license is issued by the CBB. The amount payable is the minimum amount stipulated in Paragraph SIO-2.4.3.

SIO-2.4.11

For the first full year of operation, a stablecoin issuer would calculate its fee as the floor amount. For future years, the stablecoin issuer would submit the Form ALF by 15th October of the preceding year for which the fees are due and calculate its fee using its last audited financial statements (or alternative arrangements as agreed with CBB, should its first set of accounts cover an 18-month period).

SIO-2.4.12

Where a license is cancelled (whether at the initiative of the firm or the CBB), no refund is paid for any months remaining in the calendar year in question.

SIO-3.1.1

A stablecoin issuer must ensure it meets the following conditions:

SIO-3.1.2

Stablecoin issuers must comply with any other specific requirements or restrictions imposed by the CBB on the scope of their license.

SIO-3.1.3

Stablecoin issuers that designate their stablecoins as sharia compliant must appoint an independent sharia advisor with relevant qualifications (in fiqh al muamalat) and experience. Licensees must comply with relevant AAOIFI Shari’ah standards.

SIO-4.1.1

The minimum initial paid-up share capital (base capital) for grant of stablecoin issuer license is BHD 250,000.

SIO-4.1.2

Applicants are required to ensure that the minimum initial paid-up share capital is paid into a retail bank licensed to operate in the Kingdom of Bahrain. They must provide, upon request, evidence to the CBB of the deposited amount.

SIO-4.2.1

A stablecoin issuer must at all times, have net shareholders equity equal to higher of the following:

For the purposes of SIO-4.2.1(b), the total operating expenses for newly licensed stablecoin issuer (less than one year of operation) shall be their projected annual operating expenses.

Minimum Liquid Fund Requirement

Additional Capital

Other Regulatory Measures

SIO-5.1.1

In the course of undertaking regulated stablecoin offering service, a stablecoin issuer must:

SIO-5.1.2

A stablecoin issuer must establish and document keyman risk management measures that include arrangements in place should individuals holding encryption keys or passcodes to stored assets, including wallets, or information be unavailable unexpectedly due to death, disability or other unforeseen circumstances.

SIO-5.1.3

A stablecoin issuer must ensure that it maintains no encrypted accounts that cannot be retrieved in the future for any reason. It must also advise its clients who maintain wallets with custodian firms outside of Bahrain (not licensed by the CBB) about any associated risks.

SIO-5.1.4

Where a stablecoin issuer holds their own approved stablecoins, either due to redemption or due to minting, such approved stablecoins must be fully backed by reserve assets.

SIO-5.2.1

Stablecoin issuers must appoint an independent external auditor for its accounts for every financial year. While appointing an auditor, stablecoin issuers must exercise due skill, care and diligence in the selection and appointment of the auditor and must take into consideration the auditor’s experience and track record of auditing stablecoin and/or crypto-asset related businesses.

SIO-5.2.2

In accordance with Article 61(b) of the CBB Law, if a stablecoin issuer fails to appoint an auditor within four months from the beginning of its financial year, the CBB shall appoint an auditor on behalf of the stablecoin issuer.

SIO-5.2.3

A stablecoin issuer must pay the fees of the auditor regardless of the manner in which the auditor is appointed.

SIO-5.2.4

An auditor must not be the chairman or a director in the stablecoin issuer’s board or a managing director, agent, representative or taking up any administrative work therein, or supervising its accounts, or a next of kin to someone who is responsible for the administration or accounts of the stablecoin issuer or having an extraordinary interest in the stablecoin issuer.

SIO-5.2.5

If any of the circumstances referred to in rule Paragraph SIO-5.2.4 occurs after the appointment of the auditor, the stablecoin issuer must appoint another external auditor.

SIO-5.2.6

Stablecoin issuers must provide the external auditor with all information and assistance necessary for carrying out his duties.

SIO-5.2.7

The duties of the external auditor must include the preparation of a report on the final accounts. The report must contain a statement on whether the stablecoin issuer’s accounts are correct and reflect the actual state of affairs of the licensee according to the auditing standards prescribed by the CBB, and whether the stablecoin issuer has provided the auditor with all required information and clarifications.

SIO-5.2.8

The final audited accounts must be presented to the general meeting of the licensed stablecoin issuer together with the auditor’s report. A copy of these documents must be sent to the CBB at least 15 days before the date of the general meeting.

SIO-5.2.9

Audited financial statements of a stablecoin issuer must be prepared in accordance with the International Financial Accounting Standards (IFRS) or AAOIFI standards as appropriate.

Annual Audited Financial statements

Annual Report

Reviewed (Unaudited) Quarterly Financial Statements

SIO-5.3.1

A stablecoin issuer must have robust governance arrangements, including a clear organisational structure with well-defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks to which they are or might be exposed, and adequate internal control mechanisms, including sound administrative and accounting procedures.

SIO-5.3.2

Stablecoin issuers must adopt policies and procedures that are sufficiently effective to ensure compliance with the requirements of this Module and other applicable Modules. Stablecoin issuer must establish, maintain and implement, in particular, policies and procedures on:

SIO-5.3.3

For the purposes of Paragraph SIO-5.3.2(h), stablecoin issuers must enter into a written contact with the third party. The contractual arrangements must set out the roles, responsibilities, rights and obligations both of the licensee and of the third party. Any contractual arrangement with cross jurisdictional implications must provide for an unambiguous choice of applicable law.

SIO-5.3.4

Unless a stablecoin issuer initiates a redemption plan referred to in Chapter 11 of this Module, the stablecoin issuer must employ appropriate and proportionate systems, resources and procedures to ensure the continued and regular performance of their services and activities. To this end, stablecoin issuers must maintain all of their systems and security access protocols in conformity with necessary and appropriate standards.

SIO-5.3.5

Where a stablecoin issuer decides to discontinue the provision of its regulated stablecoin offering services and activities, including by discontinuing the offering of a particular approved stablecoin, it must submit a plan to the CBB for approval of such discontinuation.

SIO-5.3.6

Stablecoin issuers must identify sources of operational risk and minimise those risks through the development of appropriate systems, controls and procedures.

SIO-5.3.7

Stablecoin issuers must establish a business continuity management policy to ensure, in the case of an interruption of their Information Technology systems and procedures, the preservation of essential data and functions and the maintenance of their activities or, where that is not possible, the timely recovery of such data and functions and the timely resumption of their activities.

SIO-5.3.8

Stablecoin issuers must have in place internal control mechanisms and effective procedures for risk management, including effective control and safeguard arrangements for managing IT systems. Further, stablecoin issuers must monitor and evaluate on a regular basis the adequacy and effectiveness of the internal control mechanisms and procedures for risk assessment and take appropriate measures to address any deficiencies in that respect.

SIO-5.3.9

Stablecoin issuers must have systems and procedures in place that are adequate to safeguard the availability, authenticity, integrity and confidentiality of data as required under Personal Data Protection Law. Those systems must record, and safeguard relevant data and information collected and produced in the course of the stablecoin issuer’s activities.

Responsibility of the Board of Directors

Responsibility of Senior Management

SIO-5.4.1

Stablecoin issuers must establish a permanent and effective compliance function to manage compliance risk and appoint a competent person as compliance officer.

SIO-5.4.2

Stablecoin issuers may combine the position of compliance officer with the money laundering reporting officer provided there is no conflict of interest between the tasks performed and the size, internal organisation, business model, and nature, scale and complexity of the licensee’s activities is such that the licensee can effectively meet the regulatory requirements.

SIO-5.4.3

Stablecoin issuers must seek the CBB’s prior written before combining the positions of head of compliance and money laundering reporting officer functions referred to in Paragraph SIO-5.4.2.

SIO-5.4.4

Employees within the compliance function must possess sufficient knowledge, skills and experience in relation to compliance and relevant procedures and should undergo regular training.

SIO-5.4.5

Stablecoin issuers must have a well-documented compliance policy, and the senior management must oversee the implementation of the compliance policy. Stablecoin issuers must set up a process to regularly assess changes in the law and regulations applicable to its business activities.

SIO-5.4.6

The compliance function should advise the board and senior management body on measures to be taken to ensure compliance with applicable laws, rules, regulations and standards, and should assess the possible impact of any changes in the legal or regulatory environment on the stablecoin issuer’s activities and compliance framework.

SIO-5.5.1

The internal audit function must be independent and have sufficient authority and resources. In particular, stablecoin issuers must ensure that the qualification of the internal audit staff members and the internal audit resources, in particular its auditing tools and risk analysis methods, are adequate for the nature, scale and complexity of the risks associated with the licensed stablecoin issuer’s business model, activities, and risk appetite.

SIO-5.5.2

The internal audit function must follow a risk-based approach, independently review and provide objective assurance of the compliance of all activities undertaken by the stablecoin issuer, including the use of third-party entities, with the licensee’s policies and procedures and with the regulatory requirements.

SIO-5.5.3

The internal audit function must not be involved in designing, selecting, establishing, or implementing specific internal control policies, mechanisms, procedures or risk limits. However, this should not prevent the Board and the senior management from requesting input from the internal audit function on matters relating to risk, internal controls and compliance with applicable rules.

SIO-5.5.4

The internal audit function must review the adequateness of the processes for the development of stablecoin whitepaper, its approval and the processes followed for issuance of the approved stablecoin and how the approved stablecoin is offered to the public.

SIO-5.5.5

Internal audit work should be performed regularly in accordance with an audit plan and a detailed audit programme following a risk-based approach.

SIO-5.5.6

Stablecoin issuers must, at least once a year, draw up an internal audit plan on the basis of the annual internal audit control objectives. The internal audit plan must be approved by the board or relevant board committee.

SIO-5.6.1

Stablecoin issuers must not advertise its products, services, or activities in the Kingdom of Bahrain without including the name of the licensee and a statement that the licensee is “Licensed by the CBB as a Stablecoin issuer”.

SIO-5.6.2

Stablecoin issuers must not make use of the name of the CBB in any promotion in such a way that would indicate endorsement or approval of its products or services.

SIO-5.6.3

Stablecoin issuers must ensure that all advertising and marketing materials adhere to the principles of fair competition. While comparative advertisement in product or service promotion is acceptable, the intent and connotation of comparative advertisement should be to inform and never to discredit or unfairly target competitors, competing products or services.

SIO-5.6.4

Any marketing communication relating to an offer to the public of an approved stablecoin, must comply with all of the following requirements:

SIO-5.6.5

Marketing communications must contain a clear and unambiguous statement that clients have a direct right of redemption at par value at any time.

SIO-5.6.6

Marketing communications and any modifications thereto must be published on the stablecoin issuer’s website.

SIO-5.6.7

No marketing communications shall be disseminated prior to the publication of the stablecoin white paper. Such a restriction does not affect the ability of the stablecoin issuer to conduct market soundings.

SIO-5.6.8

Stablecoin issuers, at a minimum, must make the following information available on its website:

SIO-5.7.1

Stablecoin issuers must establish and maintain written policies and procedures to resolve complaints in a fair and timely manner.

SIO-5.7.2

Stablecoin issuers must provide, in a clear and conspicuous manner on their website and in all physical locations the following disclosures:

SIO-5.7.3

Stablecoin issuers must notify the CBB any change in their complaint policies or procedures within seven days prior to the implementation of the new complaint policy.

SIO-5.7.4

The complaint handling procedures of a stablecoin issuer must provide for:

SIO-5.7.5

A stablecoin issuer’s internal complaint handling procedures must be designed to ensure that:

Response of Complaints

Redress

Reporting of Complaints

Record of Complaints

SIO-5.8.1

Stablecoin issuers must implement and maintain effective policies and procedures to identify, prevent, manage and disclose conflicts of interest between themselves and:

SIO-5.8.2

The conflict of interest policies referred to in Paragraph SIO-5.8.1 must address all such situations which may influence or affect, or which may be perceived to influence or affect, the stablecoin issuer’s ability or the ability of any person connected to the licensee such as its shareholders, board of directors, senior management, employees etc., to take impartial and objective decisions. In particular, the conflict of interest policies and procedures must specifically cover:

SIO-5.8.3

The conflict of interest policies and procedures must, at a minimum include:

Conflict of interest potentially detrimental to the clients

Conflicts of interest potentially detrimental to the stablecoin issuers

Remuneration procedures, policies and arrangements

SIO-5.9.1

Stablecoin issuers must have adequate and appropriate systems and controls, in accordance with the requirements of Anti Money Laundering and Combating of Financial Crime (AML) Module, CBB Rulebook Volume 6, to prevent, detect and combat money laundering and terror financing.

SIO-5.9.2

The AML/CFT systems and controls referred to in Paragraph SIO-5.9.1 must include but not be limited to (i) customer due diligence in relation to the offering and redemption of the approved stablecoin, (ii) transaction monitoring and (iii) crypto asset transfer (travel rule) and wire transfer rules as provided for in AML-2A of the Anti-Money Laundering and Combating of Financial Crime (AML) Module, CBB Rulebook Volume 6.

SIO-5.9.3

For avoidance of doubt, stablecoin issuers must ensure that clients making redemption requests are compliant with the customer due diligence requirements prior to processing of the redemption request.

Origin and Destination of Approved stablecoins

SIO-5.10.1

This Section sets out the CBB’s approach to outsourcing by stablecoin issuers. It also sets out various requirements that stablecoin issuers must address when considering outsourcing an activity or function.

SIO-5.10.2

In the context of this Section, ‘outsourcing’ means an arrangement whereby a third party performs on behalf of a stablecoin issuer an activity which commonly would have been performed internally by the stablecoin issuer. Examples of services that are typically outsourced include data processing, cloud services, customer call centres and back office related activities.

SIO-5.10.3

In the case of a stablecoin issuer being part of a group entity, the CBB may consider a third-party outsourcing arrangement entered into by the stablecoin issuer’s head office/regional office or other offices of the group entity as an intragroup outsourcing, provided that the head office/regional office submits to the CBB a letter of comfort which includes, but is not limited to, the following conditions: (i) The head office/regional office declares its ultimate responsibility of ensuring that adequate control measures are in place; and (ii) The head office/regional office is responsible to take adequate rectification measures, including compensation to the affected customers, in cases where customers suffer any loss due to inadequate controls applied by the third-party service provider.

SIO-5.10.4

A stablecoin issuer must not outsource the following functions:

SIO-5.10.5

For the purposes of Paragraph SIO-5.10.4, certain support activities, processes and systems under these functions may be outsourced (e.g. call centre, data processing, credit recoveries, cyber security, e-KYC solutions) subject to compliance with Paragraph SIO-5.10.7. However, strategic decision-making and managing and bearing the principal risks related to these functions must remain with the stablecoin issuer.

SIO-5.10.6

Stablecoin issuers who are part of a group may be allowed to outsource to their head office, the risk management function stipulated in Subparagraph SIO-5.10.4(iv), subject to CBB’s prior approval.

SIO-5.10.7

Stablecoin issuers must comply with the following requirements:

SIO-5.10.8

For the purpose of Subparagraph SIO-5.10.7(iv), stablecoin issuers as part of their assessments may use the following:

When conducting on-site examinations, licensees should ensure that the data of the outsourcing service provider’s other clients is not negatively impacted, including impact on service levels, availability of data and confidentiality.

SIO-5.10.9

For the purpose of Subparagraph SIO-5.10.7(i), the CBB will provide a definitive response to any prior approval request for outsourcing within 10 working days of receiving the request complete with all the required information and documents.

SIO-6.1.1

Stablecoin issuers, at all times, must hold and maintain sufficient reserve assets such that the value of the reserve assets must be equivalent to at least one hundred percent (100%) of the par value of the outstanding approved stablecoins in circulation, including those held by the licensee.

SIO-6.1.2

Stablecoin issuers must ensure that the reserve assets held are:

SIO-6.1.3

For the purposes of Paragraph SIO-6.1.1, stablecoin issuers must ensure that the reserve assets are valued on a daily basis by using their current market value i.e. the reserve assets are marked to market on a daily basis for the purpose of valuation.

SIO-6.1.4

When using mark-to-market valuation the reserve assets must be valued at the prudent side of the bid and offer unless the reserve assets can be closed out at mid-market value. Only market data of good quality should be used, and data should be assessed on all of the following factors:

SIO-6.1.5

Where use of mark-to-market as referred to Paragraph SIO-6.1.3 is not possible or the market data is not of sufficiently good quality, the reserve asset must be valued conservatively by using mark-to-model. The model should accurately estimate the intrinsic value of the reserve asset, based on all of the following up-to-date key factors:

Composition of Reserve Assets

Segregation of Reserve Assets

SIO-6.2.1

Stablecoin issuers must, on a monthly basis, obtain a report by an independent external audit firm confirming the following:

SIO-6.2.2

The report referred to in Paragraph SIO-6.2.1 must be submitted to the CBB and published on the stablecoin issuer’s website by the end of the following month for the month being reported.

Reconciliation

Addressing Discrepancies: Excess

Addressing Discrepancies: Shortfall

SIO-6.4.1

Stablecoin issuers must establish, maintain and implement custody policies, procedures and contractual arrangements that ensure at all times that:

SIO-6.4.2

The custody policies and procedures referred to in Paragraph SIO-6.4.1 must set out the selection criteria for the appointment of banks, investment firms and custodians to safeguard the reserve assets and the procedure for reviewing such appointments. Stablecoin issuers must review the appointment of banks, investment firms, and custodians for safeguarding the reserve assets on an annual basis or more frequently. For the purpose of review stablecoin issuers must evaluate their exposures to the banks, investment firms and custodians, taking into account the full scope of their relationship with them, and monitor the financial conditions of such entities on an ongoing basis.

SIO-6.4.3

For the purposes of SIO-6.4.1(b) (safeguarding the reserve assets), a stablecoin issuer can (i) manage the reserve assets by holding them with a bank and an investment firm or (ii) appoint a custodian to manage the reserve assets. In either case, the stablecoin issuer is legally responsible for ensuring that the reserve assets are safeguarded appropriately and the stablecoin issuer will be subject to the regulatory requirements that are stipulated for reserve assets.

SIO-6.4.4

Stablecoin issuers who issue two or more approved stablecoins must have a custody policy in place for each pool of reserve assets.

SIO-6.4.5

The reserve assets must be held in custody no later than five business days from the date of issuance of the approved stablecoin.

SIO-6.4.6

Stablecoin issuers must exercise all due skill, care and diligence in the selection, appointment and review of banks, investment firms and custodians of the reserve assets.

SIO-6.4.7

Stablecoin issuers must ensure that the banks, investment firms and custodians of the reserve assets have the necessary expertise and market reputation to safeguard the reserve assets, taking into account the accounting practices, safekeeping procedures and internal control mechanisms of those entities.

SIO-6.4.8

The appointment of custodians of the reserve assets must be done through a contractual agreement. The contractual agreement must, amongst others, regulate the flow of information necessary to enable the stablecoin issuer and the custodians to perform their functions.

SIO-6.4.9

The appointed custodians must act honestly, fairly, professionally, independently and in the interest of the stablecoin issuer and its clients.

SIO-6.4.10

The appointed custodians must not carry out activities with regard to the stablecoin issuer that might create conflicts of interest between the stablecoin issuer, the clients of the stablecoin issuer and themselves unless all of the following conditions are met:

SIO-6.5.1

Stablecoin issuers must, at all times, ensure that holders of approved stablecoins have a direct legal right to redeem the approved stablecoins for the pegged fiat currency at par value.

SIO-6.5.2

Stablecoin issuers must ensure that all legitimate redemption requests are processed at par value and completed:

Redemption requests will be considered as processed when the stablecoin issuer completes the fund transfer process at their end and does not include the time it takes for the funds to reach the client account.

SIO-6.5.3

For the purposes of Paragraph SIO-6.5.2, a redemption request is generally deemed as legitimate if the client can meet the stablecoin issuers onboarding requirements, including the applicable customer onboarding rules to mitigate ML/TF risks.

SIO-6.5.4

Where a stablecoin issuer imposes any type of fees or charges, whether directly or indirectly, on redemption, such fees or charges must be reasonable and must not be set at a very high level to deter the clients from exercising their right to redemption. Stablecoin issuers must clearly communicate the fees and charges on redemption.

SIO-6.5.5

Stablecoin issuers must establish, maintain and implement clear and detailed policies and procedures for redemption. The redemption policy and procedure must be disclosed on the stablecoin issuer’s website.

SIO-6.5.6

Stablecoin issuers must prominently state the conditions and procedures for redemption in the stablecoin whitepaper and on the stablecoin issuer’s website. Any condition that the stablecoin issuer wishes to impose for redemption must be reasonable.

SIO-6.5.7

Where stablecoin issuers retain any approved stablecoin for re-circulation following redemption, the retention must be done in accordance with the requirements stipulated Paragraph SIO-5.1.4 i.e. the stablecoin issuer must ensure that the retained approved stablecoins are fully backed by reserve assets.

SIO-6.5.8

Where a stablecoin issuer uses the services of third parties for the purpose of redemption of approved stablecoin for fiat currency, the stablecoin issuer must ensure that the redemption is done at par value, without any restriction and in accordance with the requirements of this Section. However, where the third-party channels are unable to meet the redemption requests of clients, stablecoin issuers must provide direct redemption rights for such holders without any restrictions

SIO-6.6.1

A stablecoin issuer may issue yield bearing approved stablecoins which pay passive returns to its clients only from the interest or rewards (for sharia complaint stablecoins) earned from the investment of the reserve assets.

SIO-6.6.2

Stablecoin issuers offering a yield bearing approved stablecoin must set the yield rate or reward rate at a level that is reasonable and does not adversely affect the stability of the approved stablecoin as well as the financial health (going concern) of the stablecoin issuer.

SIO-6.6.3

A stablecoin issuer offering a yield bearing approved stablecoin must on an annual basis provide the CBB with its yield or reward policy as well as an internal assessment report, approved by the board, on the impact of yield or reward payment on the financial health of the stablecoin issuer. The aforementioned assessment report for a financial year must be provided to the CBB no later than 60 days prior to the start of the reference financial year.

SIO-6.6.4

Stablecoin issuers offering yield bearing approved stablecoins must provide the following details in the stablecoin whitepaper:

Disclosure Requirements

SIO-7.1.1

The draft stablecoin whitepaper referred to in Paragraph SIO-2.1.4(j) must be prepared in accordance with the template provided in Appendix C, either in Arabic or English language, containing all the information concerning the stablecoin issuer and the proposed stablecoin offering that would enable clients to make an informed decision and understand the risks relating to the stablecoin. The information in the draft stablecoin whitepaper must, at a minimum, include the following:

SIO-7.1.2

All information in the draft stablecoin whitepaper must be fair, clear and not misleading. The draft stablecoin whitepaper must not contain material omissions and must be presented in a concise and comprehensible form.

Summary of Draft Stablecoin Whitepaper

Responsibility for Reliability and Accuracy of the Stablecoin Whitepaper

SIO-7.2.1

Stablecoin issuers must file a modified stablecoin whitepaper and seek the written approval of the CBB prior to any intended change of their business model likely to have a significant influence on the purchase decision of any clients or prospective clients of approved stablecoin, which occurs after the CBB’s approval of the stablecoin whitepaper. Such changes include, amongst others, any material modifications to:

SIO-7.2.2

The CBB shall examine the proposed modification to the stablecoin whitepaper and may request additional information, explanation or justification concerning the proposed modification. Where the CBB makes such a request, the stablecoin issuer must provide the additional information requested within 15 days from the date of the request.

SIO-7.2.3

A modified stablecoin whitepaper must comply with the following requirements:

SIO-7.2.4

Where the CBB approves the modified stablecoin whitepaper, the stablecoin issuer must:

SIO-7.3.1

Stablecoin issuers must publish on their website the approved stablecoins whitepaper referred to in Section SIO-7.1 and, where applicable, the modified stablecoin whitepaper referred to in Section SIO-7.2. The approved stablecoin whitepaper must be publicly accessible at least from the starting date of the offer to the public. The approved stablecoin whitepaper and, where applicable, the modified stablecoin whitepaper must remain available on the stablecoin issuer’s website for as long as the approved stablecoins are held by the public.

SIO-8.1.1

For each approved stablecoin, the stablecoin issuer must, on a quarterly basis, report (as per the format provided in Appendix F) to the CBB the following information:

SIO-8.1.2

For the purpose of Paragraph SIO-8.1.1(c) and SIO-8.1.1(d), “transaction” means any change of the natural or legal person entitled to the approved stablecoin as a result of transfer of the approved stablecoin from one distributed ledger address or account to another that leads to a change in the natural or legal person entitled to the approved stablecoin.

SIO-8.1.3

The stablecoin issuer shall estimate the number and value of transactions associated to use of an approved stablecoin as a medium of exchange within Bahrain, as referred to in Paragraph SIO-8.1.1(d), by deducting from the total number and value of transactions with that approved stablecoin:

SIO-8.1.4

Transactions associated to the use of an approved stablecoin as a medium of exchange shall also include transactions where one or several crypto assets, different from the approved stablecoin, is/are used to pay for goods and services, provided that those transactions are settled in the approved stablecoin. This includes cases where an approved stablecoin is sued as a bridge asset to settle:

SIO-8.1.5

The transactions referred to in Paragraph SIO-8.1.1(d) includes:

SIO-8.1.6

The transactions referred to in Paragraph SIO-8.1.1(d) shall include transactions where both the both he payer and the payee are located in Bahrain. The location of the payer and the payee refers to their habitual residence, for natural persons, and to the registered office address, for legal persons.

SIO-8.1.7

In the case of transactions from a non-custodial wallet to a custodial wallet, the crypto-asset licensee of the payee shall report the transaction and in the case of transaction from a custodial wallet to a non-custodial wallet, the crypto-asset licensee of the payer shall report the transaction provided the crypto asset licensee of the payer is able to determine that the transaction has taken place within Bahrain.

SIO-8.1.8

Crypto-asset licensees that provides services related to approved stablecoins must provide the stablecoin issuer of the approved stablecoin with the necessary information to prepare the report referred to in Paragraph SIO-8.1.1. including by reporting transactions outside the distributed ledger. Appendix F provides the template for the report.

SIO-8.1.9

The information referred to in Paragraph SIO-8.1.1 must be calculated as this information stands on the following reporting reference dates: 31^stMarch, 30^thJune, 30^thSeptember and 31^stDecember and the report must be submitted to the CBB no later than 15 days from the end of the respective reporting period. The value of the transactions referred to in Paragraph SIO- 8.1.1(c) and (d) must be reported in Bahraini Dinar by using the relevant exchange rate applicable at the end of each calendar day during the applicable reporting period.

Data Quality

Restriction on Issuance

Significant Stablecoin Arrangement

Additional Obligations for Licensees whose Stablecoins have been Classified as Significant Stablecoins

SIO-9.1.1

Stablecoin issuers must have in place clear and comprehensive policies and procedures, from a technology perspective, for the following key areas:

SIO-9.1.2

Stablecoin issuers must, as a minimum, have in place systems and controls with respect to the following:

SIO-9.1.3

The CBB may grant waivers from specific requirements of technology governance and cyber security. A stablecoin issuer seeking waiver from specific requirements must provide in writing, to the satisfaction of the CBB, that the nature, scale and complexity of their business does not require such technology governance and cyber security measures and in absence of such measures there will be no risk of violation of applicable laws, including the CBB law, its regulations, resolutions or directives (including these rules) or risks associated with the integrity of the market and/or interest of clients.

System Resilience

SIO-9.2.1

Stablecoin issuers must have a clear and well-structured approach for the implementation and upgrade of systems and software.

SIO-9.2.2

Stablecoin issuers must also have well-established policies and procedures for the regular and thorough testing of any system currently implemented or being considered for use. Stablecoin issuers must ensure that the implementation of new systems, or upgrading of existing systems, is thoroughly checked by multiple members of technology staff.

SIO-9.2.3

Licensed stablecoin issuers must maintain a clear and comprehensive audit trail for system issues internally, including security issues and those with third parties, and their resolution.

SIO-9.3.1

Stablecoin issuers must have measures and procedures in place which comply with network security best practices (e.g., the implementation of firewalls, the regular changing of passwords and encryption of data in transit and at rest). Updates and patches to all systems, particularly security systems, must be performed as soon as safely feasible after such updates and patches have been released.

SIO-9.3.2

The IT infrastructures must provide strong layered security and ensure elimination of “single points of failure”. Stablecoin issuers must maintain IT infrastructure security policies, describing in particular how strong layered security is provided and how “single points of failure” are eliminated. IT infrastructures must be strong enough to resist, without significant loss to clients, a number of scenarios, including but not limited to accidental destruction or breach of a single facility, collusion or leakage of information by employees/former employees within a single office premise, successful hack of a cryptographic module or server, or access by hackers of any single set of encryption/decryption keys.

SIO-9.3.3

Stablecoin issuers must regularly test security systems and processes. System components, processes, and custom software must be tested frequently to ensure security controls continue to reflect a changing environment.

SIO-9.3.4

Stablecoin issuers must have in place policies and procedures that address information security for all staff, sets the security tone for the whole entity and informs staff what is expected of them. All staff should be aware of the sensitivity of data and their responsibilities for protecting it.

SIO-9.3.5

The encryption of data, both at rest and in transit, including consideration of API security should be included in the security policy. In particular, encryption and decryption of private keys should utilise encryption protocols or use alternative algorithms that have broad acceptance with cyber security professionals. Critical cryptographic functions such as encryption, decryption, generation of private keys, and the use of digital signatures should only be performed within cryptographic modules complying with the highest, and ideally internationally recognised, applicable security standards.

SIO-9.3.6

Stablecoin issuers must conduct regular security tests of their systems, network, and connections.

SIO-9.4.1

Stablecoin issuers must implement robust procedures and protective measures to ensure the secure generation, storage, backup and destruction of both public and private keys.

SIO-9.4.2

Stablecoin issuers must use multi-signature wallets e.g. where multiple private keys are associated with a given public key and a subset of these private keys, held by different parties, are required to authorise transactions.

Private Key Management

SIO-9.5.1

Stablecoin issuers must have multiple communication channels to ensure that their clients are informed, ahead of time, of any outages which may affect them.

SIO-9.5.2

Stablecoin issuers must have clear, publicly available, procedures articulating the process in the event of an unplanned outage. During an unplanned outage, licensed stablecoin issuers must be able to rapidly disseminate key information and updates on a frequent basis.

SIO-9.5.3

Stablecoin issuers should have a programme of planned systems outages to provide for adequate opportunities to perform updates and testing.

General Requirements

Roles and Responsibilities of the Board

Roles and Responsibilities of the Management

Cyber Security Strategy

Prevention

Cyber Risk Identification and Assessments

Cyber Incident Detection and Management

Chief Information Security Officer

Cyber Risk Insurance

Training and Awareness

Reporting to the CBB

Multi Factor Authentication

SIO-10.1.1

This chapter applies to stablecoin issuers who also undertake safeguarding, storing, holding or maintaining custody of approved stablecoins.

SIO-10.1.2

A stablecoin issuer who undertakes safeguarding, storing, holding or maintaining custody of approved stablecoins must have systems and controls in place to:

SIO-10.1.3

A stablecoin issuer undertaking custody services must hold approved stablecoins of the same type and amount which it holds on behalf of its clients.

SIO-10.1.4

Stablecoin issuers are prohibited from selling, transferring, assigning, lending, hypothecating, pledging, or otherwise using or encumbering approved stablecoins stored, held, or maintained by, or under the custody or control of, such licensee on behalf of a client except for the redemption or transfer of the approved stablecoins at the direction of the client.

Multi-Signature Arrangement

SIO-10.2.1

Stablecoin issuers must provide to the CBB, for prior written approval, details of custodial arrangement put in place to safeguard, store, hold or maintain custody of approved stablecoins.

SIO-10.2.2

Stablecoin issuers may implement the following three types of custodial arrangements or any other type of custodial arrangement that is acceptable to the CBB:

Third Party Custody Arrangement

Self-Custody Arrangement

SIO-11.1.1

A stablecoin issuer must draw up and maintain a recovery plan providing for measures to be taken by the stablecoin issuer to restore compliance with the requirements applicable to the reserve assets in cases where the stablecoin issuer fails to comply with those requirements.

SIO-11.1.2

The recovery plan referred to in Paragraph SIO-11.1.1 must also include the preservation of the stablecoin issuer’s services related to the approved stablecoin, the timely recovery of operations and the fulfilment of the stablecoin issuer’s obligations in case of occurrence of events that pose a significant risk leading to disruption of operations.

SIO-11.1.3

The recovery plan must include appropriate conditions and procedures to ensure the timely implementation of recovery actions as well as a wide range of recovery options, including:

SIO-11.1.4

A stablecoin issuer must submit the draft recovery plan to the CBB for approval, within six months of the date of approval of the stablecoin whitepaper. The CBB may, at its sole discretion, recommend amendments to the draft recovery plan where necessary to ensure its proper implementation. The CBB shall inform the stablecoin issuer about its decision i.e. either approving the draft recovery plan or recommending amendments to the draft recovery plan, within 30 days from the date of submission of the draft recovery plan. The stablecoin issuer must implement the recovery plan as approved by the CBB within 15 days from the date of approval of the recovery plan. The stablecoin issuer must regularly review and update the recovery plan.

SIO-11.1.5

Where a stablecoin issuer fails to comply with the requirements applicable to the reserve assets and redemption requirements as referred to in Chapter 6 of this Module or, due to a rapidly deteriorating financial condition, is likely in the near future to not comply with those requirements, the CBB, in order to ensure compliance with the applicable requirements, may, at its sole discretion, require the stablecoin issuer to implement one or more of the arrangements or measures set out in the recovery plan or to update such a recovery plan when the circumstances are different from the assumptions set out in the initial recovery plan and implement one or more of the arrangements or measures set out in the updated plan within a specific timeframe.

SIO-11.1.6

In the circumstances referred to in Paragraph SIO-11.1.5, the CBB may temporarily suspend the redemption of approved stablecoins, provided that the suspension is justified having regard to the interests of the clients and financial stability.

SIO-11.2.1

The recovery plan must include the following:

Information on Governance

Recovery Plan Indicators & Monitoring Thresholds

Recovery Options

Continuity of Service

SIO-11.3.1

A stablecoin issuer must draw up and maintain an operational plan to support the orderly redemption of each approved stablecoin, which is to be implemented upon a decision by the CBB that the stablecoin issuer is unable or likely to be unable to fulfil its obligations, including in the case of insolvency or in the case of withdrawal of license of the stablecoin issuer.

SIO-11.3.2

The redemption plan must demonstrate the ability of the stablecoin issuer to carry out the redemption of the outstanding approved stablecoins issued without causing undue economic harm to its clients or to the stability of the markets of the reserve assets. The redemption plan must ensure equitable treatment to all the clients and that the clients are paid in a timely manner with the proceeds from the sale of the reserve assets. In addition, the redemption plan must also ensure the continuity of any critical activities that are necessary for the orderly redemption, whether performed by the stablecoin issuer or by any third-party entity.

SIO-11.3.3

A stablecoin issuer must submit the draft redemption plan to the CBB for approval, within six months of the date of approval of the stablecoin whitepaper. The CBB may, at its sole discretion, recommend amendments to the draft redemption plan where necessary to ensure its proper implementation. The CBB shall inform the stablecoin issuer about its decision, i.e. either approving the draft redemption plan or recommending amendments to the draft redemption plan, within 30 days from the date of submission of the draft redemption plan. The stablecoin issuer must implemented the redemption plan as approved by the CBB within 15 days from the date of approval of the redemption plan. The stablecoin issuer must regularly review and update the redemption plan.

General Principles and Objectives of the Redemption Plan

SIO-12.1.1

Any person or persons, acting in concert who intends to acquire, directly or indirectly, shares in a stablecoin issuer by virtue of which the person(s) would, if the acquisition is carried out, become a substantial shareholder of the stablecoin issuer , must obtain the approval of the CBB, prior to entering into an agreement with the stablecoin issuer.

SIO-12.1.2

In Paragraph SIO-12.1.1 “substantial shareholder” means a person who alone or together with his associates:

SIO-12.1.3

Any person applying for approval under Paragraph SIO-12.1.1 must submit to the CBB a written application along with supporting documents that sets out:

SIO-12.1.4

The CBB may require the applicant to furnish it with such information or documents as the CBB considers necessary in relation to the application and the applicant shall furnish such additional information or documents as required by the CBB.

SIO-12.1.5

The CBB may approve an application made under Paragraph SIO-12.1.1 of this Module if the CBB is satisfied that:

SIO-12.1.6

Where the CBB, based on its assessment, concludes that the proposed acquisition is not in the interest of the market, it shall reject the application and notify the applicant and provide reasons for its decision.

SIO-12.2.1

A stablecoin issuer must seek prior written approval from the CBB before transferring any of its business to a third party.

SIO-12.2.2

The CBB’s approval to transfer business will only be given where:

SIO-12.2.3

In assessing the criteria outlined in Paragraph SIO-12.2.2, the CBB will, amongst other factors, take into account the financial strength of the transferee; its capacity to manage the business being transferred; its track record in complying with applicable regulatory requirements; and (where applicable) its track record in treating clients fairly. The CBB will also take into account the impact of the transfer on the transferor, and any consequences this may have for the transferor’s remaining clients.

SIO-12.2.4

A stablecoin issuer seeking to obtain the CBB’s permission to transfer business must apply to the CBB in writing, in the form of a covering letter together with supporting attachments. Unless otherwise directed by the CBB, the application must provide:

SIO-12.2.5

Stablecoin issuers intending to apply to transfer business are advised to contact the CBB at the earliest possible opportunity, prior to submitting a formal application, in order that the CBB may determine the nature and level of documentation to be provided and the need for an auditor or other expert opinion to be provided to support the application. The documentation specified in Paragraph SIO-12.2.4 may be varied by the CBB, depending on the nature of the proposed transfer, such as the materiality of the business concerned and its impact on customers.

SIO-12.2.6

The CBB’s approval may be given subject to any conditions deemed appropriate by the CBB. In all cases where additional requirements are imposed, the CBB shall state the reasons for doing so.

SIO-12.2.7

At its discretion, the CBB may require that a notice of proposed transfer of business be published in the Official Gazette, and/or in at least two local daily newspapers (one in Arabic, the other in English), in order to give affected clients, the right to comment on the proposed transfer. Where such a requirement has been imposed, the CBB’s decision on the application will also be published in the Official Gazette and in at least two local daily newspapers. In all such cases, the costs of publication must be met by the transferor.

SIO-12.2.8

Publication under Paragraph SIO-12.2.7 will generally only be required where a proposed transfer involves a large number of clients or is otherwise deemed necessary in order to protect customer interests.

SIO-12.3.1

Any person seeking to acquire control of a stablecoin issuer must seek prior written approval of the CBB.

SIO-12.3.2

For the purposes of rule Paragraph SIO-12.3.1, “control” means the right to appoint the majority of the directors or to control the management or policy decisions exercisable by a person or persons acting individually or in concert, directly or indirectly, including by virtue of their shareholding or management rights or shareholders agreements or voting agreements, or in any other manner.

SIO-12.3.3

For the purposes of Paragraph SIO-12.3.1, a person(s) seeking to acquire control must request for the CBB’s approval for taking control over a stablecoin issuer or taking any action that may lead to control by submitting Form 2 and shall also contain such particulars and information and be accompanied by such documents as the CBB may specify.

SIO-12.3.4

The CBB shall, within 60 days from the date of receipt of the request referred to in Paragraph SIO-12.3.3, notify the person intending to take control over a stablecoin issuer of its approval of control, any of the actions which would lead to control, or the refusal thereof as the CBB may determine at its own discretion.

SIO-12.3.5

The CBB may impose any restrictions that it considers necessary to be observed in case of its approval of control, or any of the actions that would lead to control.

SIO-12.3.6

The person intending to take control over a stablecoin issuer, may within 30 days of the notification referred to in Paragraph SIO-12.3.4, lodge a grievance against the CBB’s decision to refuse the control or any conditions imposed in respect of such control. The CBB shall decide on the grievance and notify the person intending to take control over the stablecoin issuer of its decision within 30 days from the date of submitting the grievance.

SIO-12.3.7

The CBB may refuse to give approval for change of control, if the CBB, based on its own assessment, concludes that the change in control would adversely affect financial stability, market integrity and interests of the clients, or if the CBB decides that the person(s), do not meet the fit and proper requirement set by the CBB.

SIO-12.3.8

Any person who acquires control or shares in breach of the provisions of this Module shall carry out any instructions issued to him by the CBB to transfer such control or shares, or refrain from exercising control or voting rights according to the procedures prescribed in such instructions.

SIO-12.3.9

A stablecoin issuer must not perform any of the following without prior written approval of the CBB:

SIO-13.1.1

Stablecoin issuers must provide all information that the CBB requests in order to discharge its regulatory obligations.

SIO-13.1.2

Stablecoin issuers must provide all relevant information and assistance to the CBB inspectors and appointed experts on demand as required by Articles 111 and 114 of the CBB Law. Failure by stablecoin issuers to cooperate fully with the CBB’s inspectors or appointed experts, or to respond to their examination reports within the time limits specified, will be treated as demonstrating a material lack of cooperation with the CBB which will result in enforcement measures.

SIO-13.1.3

Article 163 of the CBB Law provides for criminal sanctions where false or misleading statements are made to the CBB or any person /appointed expert appointed by the CBB to conduct an inspection or investigation on the business of the stablecoin issuer.

SIO-13.2.1

Representatives of the CBB, or persons appointed by the CBB for investigation purposes may access, with or without notice, any of the stablecoin issuer’s business premises in relation to the discharge of the CBB’s functions pursuant to the CBB Law.

SIO-13.2.2

A stablecoin issuer must take reasonable steps to ensure that its agents and providers under outsourcing arrangements permit such access to their business premises, to the CBB.

SIO-13.2.3

A stablecoin issuer must take reasonable steps to ensure that each of its providers under outsourcing arrangements deals in an open and cooperative way with the CBB in the discharge of its functions in relation to the stablecoin issuer.

SIO-13.2.4

The cooperation that stablecoin issuers are expected to procure from such providers is similar to that expected of stablecoin issuers themselves.

SIO-13.3.1

A stablecoin issuer must ensure that all information it provides to the CBB is:

SIO-13.3.2

If a stablecoin issuer becomes aware or has information that reasonably suggests that it has or may have provided the CBB with information that was or may have been false, misleading, incomplete or inaccurate, or has or may have changed in a material way, it must notify the CBB immediately. The notification must include:

SIO-13.3.3

If the information in Paragraph SIO-13.3.2 cannot be submitted with the notification (because it is not immediately available), it must instead be submitted as soon as possible afterwards.

SIO-13.4.1

The CBB uses various methods of information gathering on its own initiative which require the cooperation of stablecoin issuers:

SIO-13.4.2

When seeking meetings with a stablecoin issuer or access to the stablecoin issuer’s premises, the CBB or the CBB appointee will access a stablecoin issuer’s documents and personnel. Such requests will normally be made during reasonable business hours and with proper notice. However, there may be instances where the CBB may access the stablecoin issuer’s premises without prior notice.

SIO-13.4.3

The CBB expects that a stablecoin issuer should:

SIO-13.4.4

The CBB considers that a stablecoin issuer should ensure that the following persons act in the manner set out in Paragraph SIO-13.4.3:

SIO-13.5.1

The content of this Chapter is applicable to all stablecoin issuers and appointed experts.

SIO-13.5.2

The purpose of the contents of this Chapter is to highlight the roles and responsibilities of appointed experts when appointed pursuant to Articles 114 or 121 of the CBB Law.

SIO-13.5.3

The CBB uses its own inspectors to undertake on-site examinations of stablecoin issuers as an integral part of its regular supervisory role. In addition, the CBB may commission reports on matters relating to the business of stablecoin issuers in order to assist it in assessing their compliance with CBB requirements.

SIO-13.5.4

Appointed experts must not be the same firm appointed as external auditor of the stablecoin issuer.

SIO-13.5.5

The CBB will decide on the range, scope and frequency of work to be carried out by appointed experts.

SIO-13.5.6

The appointment of an appointed expert will be made in writing directly with the appointed experts concerned. A separate letter is sent to the stablecoin issuer, notifying them of the appointment. At the CBB’s discretion, a trilateral meeting may be held at any point, involving the CBB and representatives of the stablecoin issuer and the appointed experts, to discuss any aspect of the inspection or investigation or the report produced by the appointed expert.

SIO-13.5.7

Following the completion of the investigation, the CBB will normally provide feedback on the findings of the investigation to the stablecoin issuer.

SIO-13.5.8

Appointed experts will report directly to and be responsible to the CBB in this context and will specify in their report any limitations placed on them in completing their work (for example due to the stablecoin issuer’s group structure). The report produced by the appointed experts is the property of the CBB.