HC-6.1.1

The Board must establish a clear and efficient management structure.

HC-6.2.1

The Board must approve and review at least annually the insurance licensee's management structure and responsibilities.

HC-6.2.2

The Board must appoint senior management whose authority must include management and operation of current activities of the insurance licensee, reporting to and under the direction of the Board. The senior management must include at a minimum:

and must also include such other approved persons as the Board considers appropriate and as a minimum must include persons occupying controlled functions as outlined in Paragraph AU-1.2.2.

HC-6.3.1

The Board must adopt by-laws prescribing each senior manager's title, authorities, duties and internal reporting responsibilities. This must be done with the advice of the Nominating Committee and in consultation with the CEO, to whom the other senior managers should normally report.

HC-6.3.2

These provisions must include but should not be limited to the following:

HC-6.3.3

The Board should also specify any limits which it wishes to set on the authority of the CEO or other senior managers, such as monetary maximums which they authorise without separate Board approval.

HC-6.3.4

In conjunction with the Board, the Chief Executive Officer/General Manager must maintain a clear mapping of the risks faced by the business and document the organisational and other controls maintained to meet those risks.

HC-6.3.5

In conjunction with the Board, the Chief Executive Officer/General Manager must maintain a clear and appropriate apportionment of significant responsibilities amongst senior management.

HC-6.3.6

The apportionment must be clear as to who has which responsibility, and must permit the business and affairs of the licensee to be adequately monitored and controlled by the Board, the Chief Executive Officer/General Manager, and relevant heads of function.

HC-6.3.7

The apportionment must also ensure appropriate segregation of duties where these are required for effective controls.

HC-6.3.8

The corporate secretary should be given general responsibility for reviewing the insurance licensee's procedures and advising the Board directly on such matters. Whenever practical, the corporate secretary should be a person with legal or similar professional experience and training.

HC-6.3.9

At least annually the Board shall review and concur in a succession plan addressing the policies and principles for selecting a successor to the CEO, both in emergencies and in the normal course of business. The succession plan should include an assessment of the experience, performance, skills and planned career paths for possible successors to the CEO.

HC-6.4.1

Bahraini insurance firms must consider the need to establish an Executive Management Committee to support the Chief Executive Officer/General Manager.

HC-6.4.2

Insurance intermediaries and insurance managers, unlike other insurance licensees, are not required to consider the need to operate an Executive Management Committee.

HC-6.4.3

Executive Management Committees can facilitate proper corporate governance by ensuring that senior management discuss key issues affecting the licensee openly and collectively. Where an insurance firm does not consider it necessary to create an Executive Management Committee, it must be prepared to give reasons for its decision to the CBB, and to explain what checks and balances will apply to executive management.

HC-6.4.4

The Committee should comprise the Chief Executive Officer/General Manager and appropriate heads of functions, such as the head of risk management, the Chief Finance Officer, the Chief Operations Officer, the head of underwriting and other key business divisions.

HC-6.4.5

The Committee's responsibilities should include the oversight of day-to-day implementation of strategy, limits and procedures. It should also monitor the day-to-day performance of individual business lines and departments relative to targets, limits, and policies (in conjunction with other committees and functions, such as the Risk Committee or the Risk Management or Compliance functions).

HC-6.4.6

The Board is responsible for ensuring that there is a clear framework of delegated authorities and a clear demarcation of duties between the Board, the Executive Committee, the Chief Executive Officer and other members of senior management.

HC-6.5.1

Bahraini insurance licensees must establish an internal audit function to monitor the adequacy of their systems and controls.

HC-6.5.2

The internal audit function should be independent of the senior management, reporting to the Audit committee.

HC-6.5.3

The CBB considers it best practice for captive insurers to fall within the remit of the internal audit functions of their groups and be subject to periodic review, although no formal arrangements for internal audit cover captive insurers.

HC-6.5.4

Part or all of the internal audit function may be outsourced, or provided at group level, subject to the requirements of Section RM-7.6. Amongst other things, these require licensees to retain responsibility for their internal audit programme, and that appropriate safeguards are built into the outsourcing contract. Furthermore, a licensee cannot outsource its internal audit function to its external auditor (with limited exceptions). Prior approval from the CBB is required for significant outsourcing arrangements, including all outsourcing of internal audit. A licensee's head of internal audit is a controlled function and requires CBB approval prior to being appointed (see Section AU-1.2).

HC-6.5.5

Internal audit functions must have terms of reference that clearly indicate:

HC-6.5.6

Paragraph HC-6.5.5 applies irrespective of whether the internal audit function is outsourced. Where it is outsourced, the CBB would expect to see these matters addressed in the contract with the outsourcing provider.

HC-6.5.7

Internal audit functions must report directly to the Audit committee or, where none exists, to the Board. They must have unrestricted access to all the appropriate records of the insurance licensee. They must have open and regular access to the Audit Committee, the Board, the Chief Executive, and the licensee's external auditor.

HC-6.5.8

Internal audit functions must have adequate staff levels with appropriate skills and knowledge, such that they can act as an effective challenge to the business. Where the function is not outsourced, the head of the function should be a senior and experienced employee. Internal audit functions must not perform other activities that compromise their independence.

HC-6.5.9

The CBB would expect to see in place a formal audit plan that:

HC-6.5.10

Internal Audit reports should also be:

HC-6.5.11

Insurance licensees should also have processes in place to deal with recommendations raised by internal audit to ensure that they are:

HC-6.5.12

The internal auditor is considered as a head of function (see Paragraph AU-1.2.11) and is subject to CBB prior approval for the approved person occupying this controlled function as outlined in Section AU-1.2.

HC-6.6.1

Insurance licensees must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements in the Kingdom's legislation and those set by the CBB, and those established under any other statute or regulator to which the insurance licensee is subject.

HC-6.6.2

Depending on the nature, scale and complexity of its business, an insurance licensee should consider having a separate compliance function. A compliance function should:

HC-6.6.3

The compliance function may not be combined with the internal audit function or any other operational function as such combination may lead to a conflict of interest.