Back Custom print Link Text Only Rich Text Print

  • RM-A RM-A Introduction

    • RM-A.1 RM-A.1 Purpose

      • Executive Summary

        • RM-A.1.1

          This Module provides detailed Rules and Guidance on risk management systems and controls requirements for insurance licensees. It expands on certain high-level requirements contained in various High-Level Standards Modules. In particular, Section AU-2.6 of Module AU (Authorisation) outlines the systems and controls required as part of the licensing conditions and Principle 10 of the Principles of Business (ref. PB-1.10) requires insurance licensees to have systems and controls sufficient to manage the level of risk inherent in their business.

          Amended: January 2007

        • RM-A.1.2

          This Module obliges insurance licensees to recognise the range of risks that they face and the need to manage these effectively. Their risk management systems should monitor and control all material risks. The adequacy of a licensee's risk management is subject to the scale and complexity of its operations, however. In demonstrating compliance with certain Rules, smaller licensees with very simple operational structures and business activities may require to implement less extensive or sophisticated risk management systems, compared to licensees with a complex and/or extensive customer base or operations.

      • Legal Basis

        • RM-A.1.3

          This Module contains the Central Bank of Bahrain's ('CBB') Directive (as amended from time to time) relating to risk management and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). The Directive in this Module is applicable to insurance licensees (including their approved persons).

          Amended: January 2011
          Amended: October 2007
          Added: January 2007

        • RM-A.1.4

          For an explanation of the CBB’s rule-making powers and different regulatory instruments, see Section UG-1.1.

          Added: January 2007

    • RM-A.2 RM-A.2 Module History

      • RM-A.2.1

        This Module was first issued in April 2005 by the BMA together with the rest of Volume 3 (Insurance). Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: UG-3 provides further details on Rulebook maintenance and version control.

        Amended: January 2007

      • RM-A.2.2

        When the CBB replaced the BMA in September 2006, the provisions of this Module remained in force. Volume 3 was updated in January 2007 to reflect the switch to the CBB; however, new calendar quarter dates were only issued where the update necessitated changes to actual requirements.

        Added: January 2007
        Amended: October 2007

      • RM-A.2.3

        A list of recent changes made to this module is detailed in the table below:

        Module Ref. Change Date Description of Changes
        RM-1.1 01/07/05 Correction to cross-reference.
        RM-6.1 01/07/05 Clarified wording of factors to consider for operational risks.
        RM-2.1 01/10/05 Clarified that the 25% notification for reinsurance exposure is to be applied based on a premium basis.
        RM-8.1 01/10/05 Corrected cross reference in RM-8.1.6.
        RM-1.1 01/01/06 Clarified CBB's requirements for insurance firms to carry out their own assessment of their capital needs.
        RM-2.1 01/01/06 Corrected cross-reference.
        RM-6.1 01/07/06 Added requirements for physical security measures and third party insurance to be put in place by insurance firms.
        RM-A.1.3 01/2007 New Rule introduced, categorising this Module as a Directive.
        RM-7.5.3 04/2008 Clarified that CBB prior approval is required for intra-group outsourcing.
        RM-7.2.1, 7.2.2 and 7.3.6 07/2008 Clarified that CBB prior approval is required for outsourcing arrangements.
        RM-7.5.7 04/2010 Added a Paragraph dealing with restrictions on intra-group outsourcing.
        RM-A.1.3 01/2011 Clarified legal basis
        RM-7.6 04/2013 Section amended on outsourcing of internal audit.
        RM-1.1 04/2014 Enhanced the requirements for the risk management function.
        RM-7.1.3 10/2017 Amended Paragraph to allow the utilization of cloud services.
        RM-7.1.5A 10/2017 Added a new Paragraph on outsourcing requirements.
        RM-7.2.1 10/2017 Amended Paragraph.
        RM-7.2.3 10/2017 Amended Paragraph.
        RM-7.2.6 10/2017 Amended Paragraph.
        RM-7.2.8 10/2017 Added a new Paragraph on outsourcing.
        RM-7.3.1 10/2017 Amended Paragraph.
        RM-7.3.2 10/2017 Amended Paragraph.
        RM-7.3.3 10/2017 Amended Paragraph.
        RM-7.3.6 10/2017 Amended Paragraph.
        RM-7.4.6 10/2017 Amended Paragraph.
        RM-7.4.13 10/2017 Amended Paragraph.
        RM-7.4.14 10/2017 Amended Paragraph.
        RM-7.4.20 10/2017 Amended Paragraph.
        RM-7.4.21 10/2017 Added a new Paragraph on security measures related to cloud services.
        RM-7.5.3 10/2017 Amended Paragraph.
        RM-7.5.4 10/2017 Amended Paragraph.
        RM-9 10/2019 Added a new Section on Cyber Security.
        RM-9 01/2022 New revised Chapter on Cyber Security Risk Management.
        RM-9.1.58 04/2022 Amended Paragraph on cyber security reporting.
        RM-9.1.59 04/2022 Amended Paragraph on the submission of the cyber security report.
        RM-7 07/2022 Replaced Chapter RM-7 with new Outsourcing Requirements.
        RM-9.1.22 10/2022 Amended Paragraph on email domains requirements.
        RM-9.1.22A 10/2022 Added a new Paragraph on additional domains requirements.

      • RM-A.2.3 [Deleted]

        Deleted: January 2007

      • RM-A.2.4

        Guidance on the implementation and transition to Volume 3 (Insurance) is given in Module ES (Executive Summary).

        Amended: January 2007