Back Custom print Link Text Only Rich Text Print

  • Internal Controls and Risks

    • DA-1.1.2

      Licensees must establish adequate internal controls to safeguard their clients from unsuitable advice and effectively manage the operational and other relevant risks arising therefrom.

      Added: April 2019

    • DA-1.1.3

      Licensees must ensure that there are documented measures to protect confidentiality of client data consistent with Law No. 30 of 2018, Personal Data Protection Law (PDPL) issued on 12 July 2018.

      Added: April 2019

    • DA-1.1.4

      Licensees providing digital financial advice must ensure that their overall control framework and the algorithm functionality is evaluated and independently tested by an independent external consultant other than the external auditor:

      a) initially upon implementation of this Module and prior to launching the digital financial advice to clients;
      b) when there are any material changes to the systems and controls; and
      c) at least once every 3 years.
      Added: April 2019

    • DA-1.1.5

      The evaluation requirements referred to in Paragraph DA-1.1.4 should cover at a minimum:

      a) the internal control infrastructure, given the nature, scope and complexity of the digital financial advice business operation;
      b) the appropriateness of third-party system or tools used;
      c) validation of the underlying models;
      d) the algorithm's functionality;
      e) the cyber security policies and controls;
      f) the completeness and accuracy of client profiling process including the relevant KYC requirements;
      g) controls on client data protection and confidentiality.
      Added: April 2019

    • DA-1.1.6

      Licensees must ensure that reports of the evaluation referred to in paragraph DA-1.1.4 is provided to the CBB within 2 weeks of completion of the reports, provided however, that the report required under DA-1.1.4 (a) should be submitted for the CBB's review and no-objection prior to launching the digital financial advice to clients.

      Added: April 2019

    • DA-1.1.7

      Licensees must ensure that the requirements relating to enhanced due diligence as required under Module FC are met when the client is assessed as higher risk and also where the client relationship (whether at the time of on-boarding or otherwise) is on a non-face-to-face basis.

      Added: April 2019

    • DA-1.1.8

      Licensees offering digital financial advice involving overseas funds must ensure that they comply with the requirements for obtaining authorization, registration and/ or acknowledgement of filing from the CBB under Module ARR of the CBB Rulebook 7: (Collective Investment Undertakings).

      Added: April 2019