Back Custom print Link Text Only Rich Text Print

  • HC-3 HC-3 Other High-Level Controls[versions up to January 2011]

    • HC-3.1 HC-3.1 Chief Executive Officer / General Manager[versions up to January 2011]

      • HC-3.1.1 [versions up to January 2011]

        Insurance licensees must appoint a person to undertake the function of Chief Executive Officer, unless they fall into the categories specified in Paragraph HC-3.1.3,

        Amended: July 2007

      • HC-3.1.2 [versions up to January 2011]

        The Chief Executive Officer is responsible for the executive management and performance of the licensee, within the framework of delegated authorities set by the Board. The function of Chief Executive Officer is a controlled function, and the person nominated to that post therefore requires prior CBB approval (see Module AU (Authorisation)).

        Amended: July 2007

      • HC-3.1.2A [versions up to January 2011]

        The Chairman of the Board may not act as the Chief Executive or General Manager. However, in the case of appointing a Director on the Board as the Managing Director of the insurance licensee, such person:

        (a) Should be fully responsible for the executive management and performance of the insurance licensee, within the framework of delegated authorities set by the Board;
        (b) Must devote full-time working hours to the insurance licensee; and
        (c) Must not be employed at any other firm.
        Added: April 2010

      • HC-3.1.3 [versions up to January 2011]

        Unincorporated entities, single person companies and overseas insurance licensees must appoint a person to undertake the function of General Manager.

      • HC-3.1.4 [versions up to January 2011]

        In the case of unincorporated entities and single person companies, the General Manager is the person directing the affairs of the licensee. In the case of overseas insurance licensees, the General Manager is the most senior manager resident in Bahrain, accountable to the CBB for the operations of the Bahrain branch and its compliance with CBB Regulations and Directives. The function of General Manager is a controlled function, and the person nominated to that post requires prior CBB approval (see Module AU).

        Amended: January 2007

      • HC-3.1.5 [versions up to January 2011]

        Residency requirements apply to Chief Executive Officers and General Managers: see Section AU-2.2.

        Amended: January 2007

    • HC-3.2 HC-3.2 Mapping of Risks and Responsibilities[versions up to January 2011]

      • HC-3.2.1 [versions up to January 2011]

        The requirements in this section do not apply to captive insurance firms but should be considered as guidance.

        Amended: January 2007

      • HC-3.2.2 [versions up to January 2011]

        In conjunction with the Board, the Chief Executive Officer/General Manager must maintain a clear mapping of the risks faced by the business and document the organisational and other controls maintained to meet those risks.

        Amended: January 2007

      • HC-3.2.3 [versions up to January 2011]

        In conjunction with the Board, the Chief Executive Officer/General Manager must maintain a clear and appropriate apportionment of significant responsibilities amongst senior management.

        Amended: January 2007

      • HC-3.2.4 [versions up to January 2011]

        The apportionment must be clear as to who has which responsibility, and must permit the business and affairs of the licensee to be adequately monitored and controlled by the Board, the Chief Executive Officer/General Manager, and relevant heads of function.

        Amended: January 2007

      • HC-3.2.5 [versions up to January 2011]

        The apportionment must also ensure appropriate segregation of duties where these are required for effective controls.

    • HC-3.3 HC-3.3 Internal Audit[versions up to January 2011]

      • HC-3.3.1 [versions up to January 2011]

        Bahraini insurance licensees (except for unincorporated entities and single person companies) must establish an internal audit function to monitor the adequacy of their systems and controls.

      • HC-3.3.2 [versions up to January 2011]

        The CBB considers it best practice for captive insurers to fall within the remit of the internal audit functions of their groups and be subject to periodic review, although no formal arrangements for internal audit cover captive insurers.

        Amended: January 2007

      • HC-3.3.3 [versions up to January 2011]

        Part or all of the internal audit function may be outsourced, or provided at group level, subject to the requirements of Section RM-7.6. Amongst other things, these require licensees to retain responsibility for their internal audit programme, and that appropriate safeguards are built into the outsourcing contract. Furthermore, a licensee cannot outsource its internal audit function to its external auditors (with limited exceptions). Prior approval from the CBB is required for significant outsourcing arrangements, including all outsourcing of internal audit. A licensee's head of internal audit is a controlled function and requires CBB approval prior to being appointed (see Section AU-1.2).

        Amended: January 2007

      • HC-3.3.4 [versions up to January 2011]

        Internal audit functions must have terms of reference that clearly indicate:

        (a) The scope and frequency of audits;
        (b) Reporting lines; and
        (c) The review and approval process applied to audits.
        Amended: January 2007

      • HC-3.3.5 [versions up to January 2011]

        Paragraph HC-3.3.4 applies irrespective of whether the internal audit function is outsourced. Where it is outsourced, the CBB would expect to see these matters addressed in the contract with the outsourcing provider.

        Amended: January 2007

      • HC-3.3.6 [versions up to January 2011]

        Internal audit functions must report directly to the Audit committee or, where none exists, to the Board. They must have unrestricted access to all the appropriate records of the insurance licensee. They must have open and regular access to the Audit Committee, the Board, the Chief Executive, and the licensee's external auditors.

        Amended: January 2007

      • HC-3.3.7 [versions up to January 2011]

        Internal audit functions must have adequate staff levels with appropriate skills and knowledge, such that they can act as an effective challenge to the business. Where the function is not outsourced, the head of the function should be a senior and experienced employee. Internal audit functions must not perform other activities that compromise their independence.

        Amended: January 2007

      • HC-3.3.8 [versions up to January 2011]

        The CBB would expect to see in place a formal audit plan that:

        (a) Is reviewed and approved at least annually by the Audit Committee or, where none exists, the Board;
        (b) Is risk-based, with an appropriate scoring system; and
        (c) Covers all material areas of a licensee's operations over a reasonable timescale, including (where relevant) the process by which a licensee obtains professional actuarial expertise to develop and verify its pricing and reserving policies.
        Amended: January 2007

      • HC-3.3.9 [versions up to January 2011]

        Internal Audit reports should also be:

        (a) Clear and prioritised, with action points directed towards identified individuals;
        (b) Timely; and
        (c) Distributed to the Audit Committee or Board and appropriate senior management.
        Amended: January 2007

      • HC-3.3.10 [versions up to January 2011]

        Insurance licensees should also have processes in place to deal with recommendations raised by internal audit to ensure that they are:

        (a) Dealt with in a timely fashion;
        (b) Monitored until they are settled; and
        (c) Raised with senior management if they have not been adequately dealt with.
        Amended: January 2007

    • HC-3.4 HC-3.4 Compliance[versions up to January 2011]

      • HC-3.4.1 [versions up to January 2011]

        Insurance licensees must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements in the Kingdom's legislation and those set by the CBB, and those established under any other statute or regulator to which the insurance licensee is subject.

        Amended: January 2007

      • HC-3.4.2 [versions up to January 2011]

        Depending on the nature, scale and complexity of its business, an insurance licensee should consider having a separate compliance function. A compliance function should:

        (a) Document its organisation and responsibilities;
        (b) Be appropriately staffed with competent individuals;
        (c) Have unrestricted access to the licensee's relevant records; and
        (d) Have ultimate recourse to the Board.
        Amended: January 2007

      • HC-3.4.3 [versions up to January 2011]

        All insurance licensees must designate an employee, of appropriate standing and resident in Bahrain, as Compliance Officer. The duties of the Compliance Officer include:

        (a) Having responsibility for oversight of the licensee's compliance with the requirements of the CBB; and
        (b) Reporting to the licensee's Board in respect of that responsibility.
        Amended: January 2007

      • HC-3.4.4 [versions up to January 2011]

        The Compliance Officer is a controlled function and the requirements relating to approved persons must be met (see Chapter AU-1.2). If the scale and nature of the licensee's operations are limited, then the individual who performs the function of Compliance Officer may also take on other responsibilities, providing this does not create a potential conflict of interest. The compliance function may not be combined with the internal audit function or any operational function as they are incompatible and may create a conflict of interest.

        Amended: April 2010

      • HC-3.4.5 [versions up to January 2011]

        In the case of a captive insurance firm, where the captive insurer is managed by an insurance manager, the insurance manager must designate a Compliance Officer for the managed firms. A self-managed captive insurer must also appoint a Compliance Officer, although this role may be combined with other functions.

        Amended: January 2007

    • HC-3.5 HC-3.5 Remuneration Policies[versions up to January 2011]

      • HC-3.5.1 [versions up to January 2011]

        An insurance licensee's remuneration policies (including incentives, bonuses and other rewards), must not encourage short-term or reckless behaviour.

      • HC-3.5.2 [versions up to January 2011]

        Levels of remuneration should be sufficient to attract, retain and motivate Directors and employees of the quality required to run the licensee successfully, but a licensee should avoid paying more than is necessary for this purpose. Where remuneration is structured so as to link rewards to corporate and individual performance, criteria should avoid excessive focus on short-term profitability measures.

      • HC-3.5.3 [versions up to January 2011]

        The review of Directors' remuneration must be a standing item on the insurance licensee's Annual General Meeting agenda, and must be considered by shareholders at every Annual General Meeting. Policies in respect of Directors' remuneration (including pension and severance arrangements) and bonuses must be clearly disclosed in the annual financial statements.

        Amended: January 2007

      • HC-3.5.4 [versions up to January 2011]

        Directors' remuneration must comply with all applicable laws and Regulations, including the provisions contained in Legislative Decree No. 21 of 2001, with respect to promulgating the Commercial Companies Law, capping Directors' remuneration as a percentage of net profits.

        Amended: January 2007

    • HC-3.6 HC-3.6 Corporate Ethics[versions up to January 2011]

      • HC-3.6.1 [versions up to January 2011]

        The requirements in this Section do not apply to captive insurance firms, unincorporated entities and single person companies, but should be considered as guidance.

        Amended: January 2007

      • HC-3.6.2 [versions up to January 2011]

        An insurance licensee's Board must establish and disseminate to all employees and appointed representatives of the licensee a corporate code of conduct.

      • HC-3.6.3 [versions up to January 2011]

        The code of conduct must establish standards by giving examples or expectations of:

        (a) Honesty;
        (b) Integrity;
        (c) Leadership;
        (d) Reliability; and
        (e) Professionalism.
        Amended: January 2007

      • HC-3.6.4 [versions up to January 2011]

        The Board must establish and disseminate to employees and appointed representatives policies and processes for the identification, reporting and prevention or management of potential conflicts of interest, including matters such as:

        (a) Related party transactions;
        (b) The misuse of the licensee's assets; and
        (c) The use of privileged information for personal advantage ('insider trading').
        Amended: January 2007

      • HC-3.6.5 [versions up to January 2011]

        Any transaction in which Board members or any member of management have potential conflicts of interest should either be proscribed or require formal documented approval by the Board, with measures taken to manage those conflicts. (See also Paragraph HC-1.1.8)

        Amended: January 2007

      • HC-3.6.6 [versions up to January 2011]

        The Board must ensure that policies and procedures are in place to ensure that necessary customer confidentiality is maintained.

        Amended: January 2007

    • HC-3.7 HC-3.7 Transparency and Disclosure[versions up to January 2011]

      • HC-3.7.1 [versions up to January 2011]

        The requirements in this Section do not apply to captive insurance firms, but should be considered as guidance. Unincorporated entities and single person companies are exempt from these requirements.

        Amended: January 2007

      • HC-3.7.2 [versions up to January 2011]

        The Board must oversee the process of disclosure to all stakeholders. The Board must ensure that the licensee's communications are fair, transparent, comprehensive and timely.

      • HC-3.7.3 [versions up to January 2011]

        Disclosure policies must be reviewed for compliance with the CBB's disclosure requirements.

        Amended: January 2007

      • HC-3.7.4 [versions up to January 2011]

        Licensees should refer to Module PD (Public Disclosure) regarding the specific disclosures required.