HC-3 HC-3 Other High-Level Controls[versions up to January 2011]
HC-3.1 HC-3.1 Chief Executive Officer / General Manager[versions up to January 2011]
HC-3.1.1 [versions up to January 2011]
Insurance licensees must appoint a person to undertake the function ofChief Executive Officer , unless they fall into the categories specified in Paragraph HC-3.1.3,Amended: July 2007HC-3.1.2 [versions up to January 2011]
The
Chief Executive Officer is responsible for the executive management and performance of the licensee, within the framework of delegated authorities set by the Board. The function ofChief Executive Officer is acontrolled function , and the person nominated to that post therefore requires prior CBB approval (see Module AU (Authorisation)).Amended: July 2007HC-3.1.2A [versions up to January 2011]
The Chairman of the Board may not act as the
Chief Executive orGeneral Manager . However, in the case of appointing aDirector on the Board as theManaging Director of theinsurance licensee , such person:(a) Should be fully responsible for the executive management and performance of theinsurance licensee , within the framework of delegated authorities set by the Board;(b) Must devote full-time working hours to theinsurance licensee ; and(c) Must not be employed at any other firm.Added: April 2010HC-3.1.3 [versions up to January 2011]
Unincorporated entities, single person companies and
overseas insurance licensees must appoint a person to undertake the function ofGeneral Manager .HC-3.1.4 [versions up to January 2011]
In the case of unincorporated entities and single person companies, the
General Manager is the person directing the affairs of the licensee. In the case ofoverseas insurance licensees , theGeneral Manager is the most senior manager resident in Bahrain, accountable to the CBB for the operations of the Bahrain branch and its compliance with CBB Regulations and Directives. The function ofGeneral Manager is acontrolled function , and the person nominated to that post requires prior CBB approval (see Module AU).Amended: January 2007HC-3.1.5 [versions up to January 2011]
Residency requirements apply to
Chief Executive Officers andGeneral Managers : see Section AU-2.2.Amended: January 2007HC-3.2 HC-3.2 Mapping of Risks and Responsibilities[versions up to January 2011]
HC-3.2.1 [versions up to January 2011]
The requirements in this section do not apply to
captive insurance firms but should be considered as guidance.Amended: January 2007HC-3.2.2 [versions up to January 2011]
In conjunction with the Board, the
Chief Executive Officer /General Manager must maintain a clear mapping of the risks faced by the business and document the organisational and other controls maintained to meet those risks.Amended: January 2007HC-3.2.3 [versions up to January 2011]
In conjunction with the Board, the
Chief Executive Officer /General Manager must maintain a clear and appropriate apportionment of significant responsibilities amongst senior management.Amended: January 2007HC-3.2.4 [versions up to January 2011]
The apportionment must be clear as to who has which responsibility, and must permit the business and affairs of the licensee to be adequately monitored and controlled by the Board, the
Chief Executive Officer /General Manager , and relevantheads of function .Amended: January 2007HC-3.2.5 [versions up to January 2011]
The apportionment must also ensure appropriate segregation of duties where these are required for effective controls.
HC-3.3 HC-3.3 Internal Audit[versions up to January 2011]
HC-3.3.1 [versions up to January 2011]
Bahraini insurance licensees (except for unincorporated entities and single person companies) must establish an internal audit function to monitor the adequacy of their systems and controls.HC-3.3.2 [versions up to January 2011]
The CBB considers it best practice for
captive insurers to fall within the remit of the internal audit functions of their groups and be subject to periodic review, although no formal arrangements for internal audit covercaptive insurers .Amended: January 2007HC-3.3.3 [versions up to January 2011]
Part or all of the internal audit function may be
outsourced , or provided at group level, subject to the requirements of Section RM-7.6. Amongst other things, these require licensees to retain responsibility for their internal audit programme, and that appropriate safeguards are built into the outsourcing contract. Furthermore, a licensee cannotoutsource its internal audit function to its externalauditors (with limited exceptions). Prior approval from the CBB is required for significantoutsourcing arrangements, including alloutsourcing of internal audit. A licensee's head of internal audit is acontrolled function and requires CBB approval prior to being appointed (see Section AU-1.2).Amended: January 2007HC-3.3.4 [versions up to January 2011]
Internal audit functions must have terms of reference that clearly indicate:
(a) The scope and frequency of audits;(b) Reporting lines; and(c) The review and approval process applied to audits.Amended: January 2007HC-3.3.5 [versions up to January 2011]
Paragraph HC-3.3.4 applies irrespective of whether the internal audit function is outsourced. Where it is
outsourced , the CBB would expect to see these matters addressed in the contract with theoutsourcing provider .Amended: January 2007HC-3.3.6 [versions up to January 2011]
Internal audit functions must report directly to the Audit committee or, where none exists, to the Board. They must have unrestricted access to all the appropriate records of the
insurance licensee . They must have open and regular access to the Audit Committee, the Board, theChief Executive , and the licensee's externalauditors .Amended: January 2007HC-3.3.7 [versions up to January 2011]
Internal audit functions must have adequate staff levels with appropriate skills and knowledge, such that they can act as an effective challenge to the business. Where the function is not outsourced, the
head of the function should be a senior and experiencedemployee . Internal audit functions must not perform other activities that compromise their independence.Amended: January 2007HC-3.3.8 [versions up to January 2011]
The CBB would expect to see in place a formal audit plan that:
(a) Is reviewed and approved at least annually by the Audit Committee or, where none exists, the Board;(b) Is risk-based, with an appropriate scoring system; and(c) Covers all material areas of a licensee's operations over a reasonable timescale, including (where relevant) the process by which a licensee obtains professional actuarial expertise to develop and verify its pricing and reserving policies.Amended: January 2007HC-3.3.9 [versions up to January 2011]
Internal Audit reports should also be:
(a) Clear and prioritised, with action points directed towards identified individuals;(b) Timely; and(c) Distributed to the Audit Committee or Board and appropriate senior management.Amended: January 2007HC-3.3.10 [versions up to January 2011]
Insurance licensees should also have processes in place to deal with recommendations raised by internal audit to ensure that they are:(a) Dealt with in a timely fashion;(b) Monitored until they are settled; and(c) Raised with senior management if they have not been adequately dealt with.Amended: January 2007HC-3.4 HC-3.4 Compliance[versions up to January 2011]
HC-3.4.1 [versions up to January 2011]
Insurance licensees must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements in the Kingdom's legislation and those set by the CBB, and those established under any other statute or regulator to which theinsurance licensee is subject.Amended: January 2007HC-3.4.2 [versions up to January 2011]
Depending on the nature, scale and complexity of its business, an
insurance licensee should consider having a separate compliance function. A compliance function should:(a) Document its organisation and responsibilities;(b) Be appropriately staffed with competent individuals;(c) Have unrestricted access to the licensee's relevant records; and(d) Have ultimate recourse to the Board.Amended: January 2007HC-3.4.3 [versions up to January 2011]
All
insurance licensees must designate anemployee , of appropriate standing and resident in Bahrain, as Compliance Officer. The duties of the Compliance Officer include:(a) Having responsibility for oversight of the licensee's compliance with the requirements of the CBB; and(b) Reporting to the licensee's Board in respect of that responsibility.Amended: January 2007HC-3.4.4 [versions up to January 2011]
The Compliance Officer is a
controlled function and the requirements relating toapproved persons must be met (see Chapter AU-1.2). If the scale and nature of the licensee's operations are limited, then the individual who performs the function of Compliance Officer may also take on other responsibilities, providing this does not create a potential conflict of interest. The compliance function may not be combined with the internal audit function or any operational function as they are incompatible and may create a conflict of interest.Amended: April 2010HC-3.4.5 [versions up to January 2011]
In the case of a
captive insurance firm , where thecaptive insurer is managed by aninsurance manager , theinsurance manager must designate a Compliance Officer for the managed firms. A self-managedcaptive insurer must also appoint a Compliance Officer, although this role may be combined with other functions.Amended: January 2007HC-3.5 HC-3.5 Remuneration Policies[versions up to January 2011]
HC-3.5.1 [versions up to January 2011]
An
insurance licensee's remuneration policies (including incentives, bonuses and other rewards), must not encourage short-term or reckless behaviour.HC-3.5.2 [versions up to January 2011]
Levels of remuneration should be sufficient to attract, retain and motivate
Directors andemployees of the quality required to run the licensee successfully, but a licensee should avoid paying more than is necessary for this purpose. Where remuneration is structured so as to link rewards to corporate and individual performance, criteria should avoid excessive focus on short-term profitability measures.HC-3.5.3 [versions up to January 2011]
The review of
Directors' remuneration must be a standing item on theinsurance licensee's Annual General Meeting agenda, and must be considered byshareholders at every Annual General Meeting. Policies in respect ofDirectors' remuneration (including pension and severance arrangements) and bonuses must be clearly disclosed in the annual financial statements.Amended: January 2007HC-3.5.4 [versions up to January 2011]
Directors' remuneration must comply with all applicable laws and Regulations, including the provisions contained in Legislative Decree No. 21 of 2001, with respect to promulgating the Commercial Companies Law, cappingDirectors' remuneration as a percentage of net profits.Amended: January 2007HC-3.6 HC-3.6 Corporate Ethics[versions up to January 2011]
HC-3.6.1 [versions up to January 2011]
The requirements in this Section do not apply to
captive insurance firms , unincorporated entities and single person companies, but should be considered as guidance.Amended: January 2007HC-3.6.2 [versions up to January 2011]
An
insurance licensee's Board must establish and disseminate to allemployees andappointed representatives of the licensee a corporate code of conduct.HC-3.6.3 [versions up to January 2011]
The code of conduct must establish standards by giving examples or expectations of:
(a) Honesty;(b) Integrity;(c) Leadership;(d) Reliability; and(e) Professionalism.Amended: January 2007HC-3.6.4 [versions up to January 2011]
The Board must establish and disseminate to
employees andappointed representatives policies and processes for the identification, reporting and prevention or management of potential conflicts of interest, including matters such as:(a)Related party transactions ;(b) The misuse of the licensee's assets; and(c) The use of privileged information for personal advantage ('insider trading').Amended: January 2007HC-3.6.5 [versions up to January 2011]
Any transaction in which Board members or any member of management have potential conflicts of interest should either be proscribed or require formal documented approval by the Board, with measures taken to manage those conflicts. (See also Paragraph HC-1.1.8)
Amended: January 2007HC-3.6.6 [versions up to January 2011]
The Board must ensure that policies and procedures are in place to ensure that necessary
customer confidentiality is maintained.Amended: January 2007HC-3.7 HC-3.7 Transparency and Disclosure[versions up to January 2011]
HC-3.7.1 [versions up to January 2011]
The requirements in this Section do not apply to
captive insurance firms , but should be considered as guidance. Unincorporated entities and single person companies are exempt from these requirements.Amended: January 2007HC-3.7.2 [versions up to January 2011]
The Board must oversee the process of disclosure to all
stakeholders . The Board must ensure that the licensee's communications are fair, transparent, comprehensive and timely.HC-3.7.3 [versions up to January 2011]
Disclosure policies must be reviewed for compliance with the CBB's disclosure requirements.
Amended: January 2007HC-3.7.4 [versions up to January 2011]
Licensees should refer to Module PD (Public Disclosure) regarding the specific disclosures required.