Back Custom print Link Text Only Rich Text Print

  • Chapter RM-A Chapter RM-A Introduction

    • RM-A.1 RM-A.1 Purpose

      • Executive Summary

        • RM-A.1.1

          This Module contains requirements relating to the management of risk by investment firm licensees. It expands on certain high level requirements contained in other Modules. In particular, Section AU-2.6 of Module AU (Authorisation) specifies requirements regarding systems and controls that have to be met as a license condition; Principle 10 of the Principles of Business (ref. PB-1.10) requires investment firm licensees to have systems and controls sufficient to manage the level of risk inherent in their business; and Module HC (High-level Controls) specifies various requirements relating to the role and composition of Boards, and related high-level controls.

          Adopted: July 2007

        • RM-A.1.2

          This Module obliges investment firm licensees to recognise the range of risks that they face and the need to manage these effectively. Their risk management framework is expected to have the resources and tools to identify, monitor and control all material risks. The adequacy of a licensee's risk management framework is subject to the scale and complexity of its operations, however. In demonstrating compliance with certain Rules, licensees with very simple operational structures and business activities may need to implement less extensive or sophisticated risk management systems, compared to licensees with a complex and/or extensive customer base or operations.

          Adopted: July 2007

        • RM-A.1.3

          The requirements contained in this Module apply to Category 1 investment firms and Category 2 investment firms only.

          Adopted: July 2007

      • Legal Basis

        • RM-A.1.4

          This Module contains the Central Bank of Bahrain's ('CBB') Directive (as amended from time to time) regarding Risk Management requirements applicable to investment firm licensees, and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law').

          Amended: January 2011
          Adopted: July 2007

        • RM-A.1.5

          For an explanation of the CBB's rule-making powers and different regulatory instruments, see section UG-1.1.

          Adopted: July 2007

    • RM-A.2 RM-A.2 Module History

      • Evolution of the Module

        • RM-A.2.1

          This Module was first issued in July 2007, as part of the second phase release of Volume 4's contents. It is dated July 2007. All subsequent changes to this Module are annotated with the end-calendar quarter date in which the change was made: UG-3 provides further details on Rulebook maintenance and version control.

          Adopted: July 2007

        • RM-A.2.2

          A list of recent changes made to this Module is provided below:

          Module Ref. Change Date Description of Changes
          RM-1.1.11 04/2008 Clarified the requirement for investment firm licensees to have a separate risk management function.
          RM-7.3.3 04/2008 Clarified that CBB prior approval is required for intra-group outsourcing.
          RM-7.1.6,
          7.1.7 and
          7.1.16          		 07/2008 Clarified that CBB prior approval is required for outsourcing arrangements.
          RM-B.1.2 10/2009 Amended to reflect applicability of Chapters RM-7 and RM-8.
          RM-7.1.16 10/2009 Amended to read approved person.
          RM-7.3.7 10/2009 New Rule added to clarify that licensees may not outsource core business activities, including internal audit, to their group.
          RM-7.4 10/2009 Updated to reflect CBB's requirements for outsourcing the internal audit function.
          RM-1.1.10, RM-1.1.11, and RM-1.1.13 07/2010 Updated and amended to include requirements for the risk management function.
          RM-7.1.7 07/2010 New Rule added regarding outsourcing core business functions or activities to third parties.
          RM-A.1.4 01/2011 Clarified legal basis.
          RM-B.2 01/2011 Removed reference in title to affiliates.
          RM-4.1.8 and RM-4.1.9 07/2012 Replaced reference to "securities" with "financial instruments".
          RM-7.4.5 10/2012 Corrected typo.
          RM-7.4.2A 01/2013 New Paragraph added to require that the outsourcing of the internal audit function must be supported by a board resolution or ratified by the audit committee.
          RM-7.1.9 07/2013 Added cross reference.
          RM-7.1.9A and RM-7.3.4 07/2013 Made reference to considerable outsourcing.
          RM-7.4.4 07/2013 Changed Guidance to Rule.
          RM-1.1.10 to RM-1.1.13 10/2013 Amendments made to allow overseas investment firm licensees to outsource the risk management function to their head office, subject to the CBB's prior written approval.
          RM-1.1.7 01/2016 Corrected cross reference.
          RM-1.1.9 01/2016 Aligned risk categories as per Module RM.
          RM-4.1.17 01/2016 Restructured Subparagraphs to avoid duplication.
          RM-7.1.9 01/2016 Clarified Guidance.
          RM-7.1.1 10/2017 Amended Paragraph to allow the utilization of cloud services.
          RM-7.1.3A 10/2017 Added a new Paragraph on outsourcing requirements.
          RM-7.1.6 10/2017 Amended Paragraph.
          RM-7.1.9 10/2017 Amended Paragraph.
          RM-7.1.11 10/2017 Amended Paragraph.
          RM-7.1.11A 10/2017 Added a new Paragraph on outsourcing.
          RM-7.1.13 10/2017 Amended Paragraph.
          RM-7.1.14 10/2017 Amended Paragraph.
          RM-7.1.14(f) 10/2017 Added a new sub-Paragraph.
          RM-7.1.17 10/2017 Amended Paragraph.
          RM-7.2.4 10/2017 Amended Paragraph.
          RM-7.2.11 10/2017 Amended Paragraph.
          RM-7.2.12 10/2017 Amended Paragraph.
          RM-7.2.18 10/2017 Amended Paragraph.
          RM-7.2.19 10/2017 Added a new Paragraph on security measures related to cloud services.
          RM-7.3.3 10/2017 Amended Paragraph.
          RM-7.3.4 10/2017 Amended Paragraph.
          RM-9 04/2019 Added a new Chapter on Cyber Security Risk.
          RM-9.1 01/2022 Enhanced Section on Cyber Security Risk Management.
          RM-9.1.58 04/2022 Amended Paragraph on the cyber security reporting.
          RM-9.1.59 04/2022 Amended Paragraph on the submission of the cyber security report.
          RM-7 07/2022 Replaced Chapter RM-7 with new Outsourcing Requirements.
          RM-9.1.22 10/2022 Amended Paragraph on email domains requirements.
          RM-9.1.22A 10/2022 Added a new Paragraph on additional domains requirements.
          RM-7.1.7 07/2023 Amended Sub-paragraph (v) and added Sub-paragraph (viii) on Outsourcing Requirements.

      • Superseded Requirements

        • RM-A.2.3

          This Module does not replace any regulations or circulars in force prior to July 2007.

          Adopted: July 2007

        • RM-A.2.4

          Further guidance on the implementation and transition to Volume 4 (Investment Business) is given in Module ES (Executive Summary).

          Adopted: July 2007