• Type 3: Type 3: Financing Companies

    • Part A Part A

      • High Level Standards

        • AU AU Financing Companies Authorisation Module

          • AU-A AU-A Introduction

            • AU-A.1 AU-A.1 Purpose

              • Executive Summary

                • AU-A.1.1

                  The executive summary only provides an overview. For detailed rules, reference must be made to the individual Rules outlined in the remainder of this Module.

                  January 2013

                • AU-A.1.2

                  Module AU (Authorisation) sets out the Central Bank of Bahrain's ('CBB's) approach to licensing providers of regulated financing company services in the Kingdom of Bahrain. It also sets out CBB requirements for approving persons undertaking key functions in those providers.

                  January 2013

                • AU-A.1.3

                  Persons undertaking certain functions in relation to licensees require prior CBB approval. These functions (called controlled functions ) include Directors and members of senior management. The controlled functions regime supplements the licensing regime by ensuring that key persons involved in the running of licensees are fit and proper. Those authorised by the CBB to undertake controlled functions are called approved persons.

                  January 2013

              • Retaining Authorised Status

                • AU-A.1.4

                  The requirements set out in Chapters AU-2 and AU-3 represent the minimum conditions that have to be met in each case, both at the point of authorisation and on an on-going basis thereafter, in order for authorised status to be retained.

                  January 2013

              • Legal Basis

                • AU-A.1.5

                  This Module contains the CBB's Directive, Regulations and Resolutions (as amended from time to time) regarding authorisation under Volume 5 of the CBB Rulebook. It is applicable to all licensees (as well as to approved persons), and is issued under the powers available to the CBB under Articles 37 to 42, 44 to 48 and 180 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). It also includes the requirements contained in Resolution No (1) of 2007 with respect to determining fees categories due for licenses and services provided by the CBB. It contains requirements under Regulation No (1) of 2007 pertaining to the CBB's regulated services issued under Article 39 of the CBB Law and those conditions of granting a license for the provision of regulated services as prescribed under Resolution No (43) of 2011 and is issued under the powers available to the CBB under Article 44(c). The Module contains requirements under Resolution No.(16) for the year 2012 including the prohibition of marketing financial services pursuant to Article 42 of the CBB Law. This Module contains the prior approval requirements for approved persons under Resolution No (23) of 2015. The Directive, Resolutions and Regulations in this Module are applicable to all financing company licensees (including their approved persons).

                  Amended: July 2015
                  January 2013

                • AU-A.1.6

                  For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

                  January 2013

                • AU-A.1.7

                  Persons wishing to undertake regulated financing company services are required to be licensed by the CBB as a financing company licensee.

                  January 2013

              • Licensing Conditions

                • AU-A.1.8

                  Financing company licensees are subject to 8 licensing conditions, mostly specified at a high-level in Module AU, and further expanded in underlying subject Modules (such as Module CA). These licensing conditions are broadly equivalent to the standards applied in other Volumes of the CBB Rulebook, to other license categories, and are consistent with international good practice.

                  January 2013

              • Information Requirements and Processes

                • AU-A.1.9

                  Chapter AU-3 specifies the processes and information requirements that have to be followed for applicants seeking a financing company license, as well as existing licensees seeking to vary the scope of their license, by adding new regulated activities. It also covers the voluntary surrender of a license, or its cancellation by the CBB.

                  January 2013

            • AU-A.2 AU-A.2 Module History

              • Evolution of Module

                • AU-A.2.1

                  This Module was first issued in January 2013. All subsequent changes to this Module are annotated with the end-calendar quarter date in which the change was made. UG-3 provides further details on Rulebook maintenance and version control.

                  January 2013

                • AU-A.2.2

                  A list of recent changes made to this Module is provided below:

                  Module Ref. Change Date Description of Changes
                  AU-5.2 07/2013 Amended due date and collection process for annual license fee.
                  AU-2.8.1 01/2014 Corrected reference to proper accounting standards.
                  AU-5.2.7B and AU-5.2.7C 01/2014 Added requirements for payment of annual fees for SPVs.
                  AU-1.2.2 04/2014 Updated controlled functions.
                  AU-A.1.5 07/2015 Legal basis updated to reflect Resolution No (23) of 2015.
                  AU-3.2.1 07/2015 Added cross reference to Module TC.
                  AU-4.3 07/2015 Amended to be in line with Resolution No (23) of 2015 on Prior Approval Requirements for Approved Persons.
                  AU-1.2 01/2016 Clarified general requirements for Approved Persons.
                  AU-3 01/2016 Amended to be in line with Resolution No (23) of 2015 on Prior Approval Requirements for Approved Persons.
                  AU-4.3 01/2016 Minor amendments to be aligned with other Volumes of the Rulebook.
                  AU-4.6 07/2017 Added new Section on Publication of the Decision to Grant, Cancel or Amend a License.
                  AU-1.1.9 07/2019 Amended Paragraph to reflect online submission of Form 1.
                  AU-4.1.22 10/2019 Changed from Rule to Guidance.
                  AU-4.1.24 10/2019 Changed from Rule to Guidance.
                  AU-4.6.1 10/2019 Changed from Rule to Guidance.
                  AU-1.3.1A 10/2020 Added a new Paragraph on compliance with AAOIFI Shari’a Standards.
                  AU-4.3.10A 01/2021 Added a new Paragraph on compliance of approved persons with the fit and proper requirement.

              • Superseded Requirements

                • AU-A.2.3

                  This Module supersedes the following provisions contained in circulars or other regulatory instruments:

                  Circular/other reference Provision Subject
                  Standard Conditions and Licensing criteria for financing companies (conventional) All articles Scope of license and licensing conditions.
                  Standard Conditions and Licensing criteria for Islamic financing companies All articles Scope of license and licensing conditions.
                       
                       
                       
                  January 2013

          • AU-B AU-B Scope of Application

            • AU-B.1 AU-B.1 Scope of Application

              • AU-B.1.1

                The content of this Module applies to all financing company licensees authorised in the Kingdom of Bahrain, thereafter referred to in this Module as licensees.

                January 2013

              • AU-B.1.2

                Two types of authorisation are prescribed:

                (a) Any person seeking to provide a regulated financing company service within or from the Kingdom of Bahrain must hold the appropriate CBB license (see AU-1.1); and
                (b) Natural persons wishing to perform a controlled function in a licensee also require prior CBB's approval, as an approved person (see AU-1.2).
                January 2013

              • AU-B.1.3

                The Authorisation requirements in Chapter AU-1 have general applicability, in that they prevent any person from providing (or seeking to provide) regulated financing company services within or from the Kingdom of Bahrain, unless they have been licensed as a financing company (conventional or Islamic) by the CBB (see Rule AU-1.1.1).

                January 2013

              • AU-B.1.4

                The remaining requirements in Chapters AU-1 to AU-3 (besides those mentioned in Section AU-B.2 above) apply to all those licensed by the CBB as a financing company licensee, or which are in the process of seeking such a license. They apply regardless of whether the person concerned is incorporated in the Kingdom of Bahrain, or in an overseas jurisdiction, unless otherwise specified.

                January 2013

              • AU-B.1.5

                Chapter AU-2 applies to licensees (not just applicants), since licensing conditions have to be met on a continuous basis by licensees. Similarly, Chapter AU-3 applies to approved persons on a continuous basis; it also applies to licensees seeking an approved person authorisation. Chapter AU-4 contains requirements applicable to licensees, with respect to the starting up of their operations, as well as to licensees and approved persons, with respect to the amendment or cancellation of their authorised status. Finally, Section AU-5.2 imposes annual fees on licensees.

                January 2013

          • AU-1 AU-1 Authorisation Requirements

            • AU-1.1 AU-1.1 Licensing

              • General Prohibitions

                • AU-1.1.1

                  No person may:

                  (a) Undertake (or hold themselves out to undertake) financing company services, by way of business within or from the Kingdom of Bahrain unless duly licensed by the CBB;
                  (b) Hold themselves out to be licensed by the CBB unless they have as a matter of fact been so licensed; or
                  (c) Market any financial services in the Kingdom of Bahrain unless:
                  (i) Allowed to do by the terms of a license issued by the CBB;
                  (ii) The activities come within the terms of an exemption granted by the CBB by way of a Directive; or
                  (iii) Has obtained the express written permission of the CBB to offer financial services.
                  January 2013

                • AU-1.1.2

                  In accordance with Resolution No.(16) for the year 2012 and for the purpose of Subparagraph AU-1.1.1(c), the word 'market' refers to any promotion, offering, announcement, advertising, broadcast or any other means of communication made for the purpose of inducing recipients to purchase or otherwise acquire financial services in return for monetary payment or some other form of valuable consideration.

                  January 2013

                • AU-1.1.3

                  Persons in breach of Subparagraph AU-1.1.1(c) are considered in breach of Resolution No.(16) for the year 2012 and are subject to penalties under Articles 129 and 161 of the CBB Law (see also Section EN-9.3).

                  January 2013

                • AU-1.1.4

                  Licensees are prohibited from taking deposits or any similar liabilities and Shari'a compliant investment accounts.

                  January 2013

                • AU-1.1.5

                  Only persons licensed to undertake regulated financing services (or regulated Islamic financing services), may use the term 'financing company' in their corporate or trading names, or otherwise hold themselves out to be a financing company.

                  January 2013

                • AU-1.1.6

                  Licensees are not obliged to include the word 'financing company' in their corporate or trading names; however, they may be required to make clear their regulatory status in their letter heads, customer communications, website and so on (See Paragraph GR-2.2.1).

                  January 2013

                • AU-1.1.7

                  For the purposes of Rule AU-1.1.2, persons will be considered in breach of this requirement if they attempt to operate as, or incorporate a financing company in Bahrain with a name containing the word "financing company" (or the equivalents in any language), without holding the appropriate CBB license or obtaining the prior approval of the CBB.

                  January 2013

                • AU-1.1.8

                  Persons wishing to be licensed to undertake regulated financing company services within or from the Kingdom of Bahrain must apply in writing to the CBB.

                  January 2013

                • AU-1.1.9

                  An application for a license must fill in the Application form (Form 1) online, available on the CBB website under E-services/online Forms and must contain:

                  (a) A business plan specifying the type of business to be conducted;
                  (b) Application forms (Form 2) for all controllers; and
                  (c) Application forms (Form 3) for all controlled functions.
                  Amended: July 2019
                  January 2013

                • AU-1.1.10

                  The CBB will review the application and duly advise the applicant in writing when it has:

                  (a) Granted the application without conditions;
                  (b) Granted the application subject to conditions specified by the CBB; or
                  (c) Refused the application, stating the grounds on which the application has been refused and the process for appealing against that decision.
                  January 2013

                • AU-1.1.11

                  Detailed rules and guidance regarding information requirements and processes for license applications can be found in Section AU-4.1. As specified in Paragraph AU-4.1.14, the CBB will provide a formal decision on license application within 60 calendar days of all required documentation having been submitted in a form acceptable to the CBB.

                  January 2013

                • AU-1.1.12

                  In granting new licenses, the CBB will specify the specific types of regulated financing company service for which a license has been granted.

                  January 2013

                • AU-1.1.13

                  All applicants for financing company licenses must satisfy the CBB that they meet, by the date of their license, the minimum conditions for licensing, as specified in Chapter AU-2. Once licensed, licensees must maintain these criteria on an on-going basis.

                  January 2013

                • AU-1.1.14

                  Licensees must not carry on any commercial business in the Kingdom of Bahrain or elsewhere other than financing business and activities directly arising from or incidental to that business.

                  January 2013

                • AU-1.1.15

                  Rule AU-1.1.14 is intended to restrict licensees from undertaking any material non-financial business activities. The Rule does not prevent a financing company undertaking commercial activities if these directly arise from their financing business: for instance, in the context of Islamic contracts, such as murabaha, ijara and musharaka, where the company may hold the physical assets being financed or leased. Nor does it restrict a licensee from undertaking commercial activities if, in the judgment of the CBB, they are incidental and do not detract from the financial nature of the financing companies operations.

                  January 2013

                • AU-1.1.16

                  Rule AU-1.1.14 applies to the legal entity holding the financing company license. A licensee may thus own subsidiaries that undertake non-financial activities, although the CBB generally does not support the development of significant commercial activities within a licensee's group.

                  January 2013

            • AU-1.2 AU-1.2 Approved Persons

              • General Requirement

                • AU-1.2.1

                  Licensees must obtain the CBB's prior written approval for any person wishing to undertake a controlled function at a licensee. The approval from the CBB must be obtained prior to their appointment.

                  Amended: January 2016
                  January 2013

                • AU-1.2.2

                  Controlled functions are those functions occupied by board members and persons in executive positions and include:

                  (a) Member of the Board of Directors;
                  (b) Chief Executive or General Manager and their Deputies;
                  (c) Head of function;
                  (d) Compliance Officer;
                  (e) Money Laundering Reporting Officer (MLRO); and
                  (f) Head of Shari'a review.
                  Amended: January 2016
                  Amended: April 2014
                  January 2013

                • AU-1.2.3

                  Prior approval is required for controlled functions (a), (b), (c), (d) and (e). Controlled functions (d) and (e) may be combined, however (see also FC-4.1, regarding the MLRO function). Controlled function (f) does not require prior approval instead, notification only is required, once the person concerned has accepted to undertake that function.

                  January 2013

              • Basis for Approval

                • AU-1.2.4

                  Approval under Paragraph AU-1.2.1 is only granted by the CBB, if it is satisfied that the person is fit and proper to hold the particular position in the licensee concerned. 'Fit and proper' is determined by the CBB on a case-by-case basis. The definition of 'fit and proper' and associated guidance is provided in Sections AU-3.1 and AU-3.2 respectively.

                  Amended: January 2016
                  January 2013

              • Definitions

                • AU-1.2.5

                  Director is any person who occupies the position of a Director, as defined in Article 173 of the Commercial Companies Law (Legislative Decree No. 21 of 2001).

                  January 2013

                • AU-1.2.6

                  The fact that a person may have 'Director' in their job title does not of itself make them a Director within the meaning of the definition noted in Paragraph AU-1.5.5. For example, a 'Director of IT', is not necessarily a member of the Board of Directors and therefore may not fall under the definition of Paragraph AU-1.5.5.

                  January 2013

                • AU-1.2.7

                  The Chief Executive or General Manager means a person who is responsible for the conduct of the licensee (regardless of actual title). The Chief Executive or General Manager must be resident in Bahrain. This person is responsible for the conduct of the whole of the firm.

                  January 2013

                • AU-1.2.8

                  Head of function means a person who exercises major managerial responsibilities, is responsible for a significant business or operating unit, or has senior managerial responsibility for maintaining accounts or other records of the licensee.

                  January 2013

                • AU-1.2.9

                  Whether a person is a head of function will depend on the facts in each case and is not determined by the presence or absence of the word in their job title. Examples of head of function might include, depending on the scale, nature and complexity of the business, a deputy Chief Executive; heads of departments such as Risk Management, Compliance or Internal Audit; or any front office functions or the Chief Financial Officer.

                  January 2013

                • AU-1.2.10

                  Where a licensee is in doubt as to whether a function should be considered a controlled function it must discuss the case with the CBB.

                  January 2013

                • AU-1.2.11

                  The controlled function of compliance officer is defined in accordance with the compliance function under Section HC-6.4. The controlled functions of Money Laundering Reporting Officer is defined under Chapter FC-4.

                  January 2013

                • AU-1.2.12

                  All licensees must designate an employee, of appropriate standing and resident in Bahrain, as compliance officer. The duties of the compliance officer include:

                  (a) Assisting senior management to identify and assess the main compliance risks facing the licensees and the plans to manage them;
                  (b) Advising senior management on compliance laws, rules and standards, including keeping them informed on developments in the area;
                  (c) Assisting senior management in educating staff on compliance issues, and acting as a contact point within the licensee for compliance queries from staff members;
                  (d) Establishing written guidance to staff on the appropriate implementation of compliance laws, rules and standards through policies and procedures and other documents such as compliance manuals, internal codes of conduct and practice guidelines;
                  (e) On a pro-active basis, identifying, documenting and assessing the compliance risks associated with the licensee's business activities, including the development of new products and business practices, the proposed establishment of new types of business or customer relationships, or material changes in the nature of such relationships;
                  (f) Monitoring and testing compliance by performing sufficient and representative compliance testing; and
                  (g) Reporting on a regular basis to the board of directors or the audit committee of the board of directors.
                  January 2013

            • AU-1.3 AU-1.3 Definition of Regulated Financing Company Services

              • AU-1.3.1

                Regulated financing company services are any of the following activities, carried on by way of business:

                (a) Offering instalment credit;
                (b) Offering revolving credit facilities (such as credit cards);
                (c) Offering Shari'a financing contracts; and
                (d) Issuing/administering means of payment (charge cards, travellers' cheques, electronic purses).
                January 2013

              • AU-1.3.2 AU-1.3.2

                Upon application, the CBB may exclude specific transactions from the definition of regulated financing company services.

                January 2013

                • AU-1.3.1A

                  Where licensees are undertaking regulated activities in accordance with Shari'a, all transactions and contracts concluded by regulated financing company services must comply with Sharia standards issued by the Accounting and Auditing Organisation for Islamic Financial Institutions (AAOIFI). The validity of the contract or transaction is not impacted, if at a later date, the relevant AAOIFI Sharia standards are amended.

                  Added: October 2020

                • AU-1.3.3

                  For the purposes of Rule AU-1.3.1, carrying on a regulated financing company service by way of business means:

                  (a) Undertaking the regulated financing company service of (a), plus any of the activities (b) to (d), as defined in Section AU-1.3, for commercial gain;
                  (b) Holding oneself out as willing and able to engage in such activities; or
                  (c) Regularly soliciting other persons to engage in transactions constituting such activities.
                  January 2013

                • AU-1.3.4

                  Licensees are allowed to transact with both residents and non-residents of the Kingdom of Bahrain, and in both Bahrain Dinar and foreign currencies.

                  January 2013

                • AU-1.3.5

                  Licensees may undertake transactions with both Bahraini residents and non-residents.

                  January 2013

                • AU-1.3.6

                  Licensees should note that the same legal entity cannot combine regulated financing company services with other regulated services, such as regulated insurance services and regulated ancillary services.

                  January 2013

                • General Exclusions

                  • AU-1.3.7

                    A person does not carry on an activity constituting a regulated financing company service if the activity:

                    (a) Is carried on in the course of a business which does not ordinarily constitute the carrying on of financial services;
                    (b) May reasonably be regarded as a necessary part of any other services provided in the course of that business; and
                    (c) Is not remunerated separately from the other services.
                    January 2013

                  • AU-1.3.8

                    A person does not carry on an activity constituting a regulated financing company service if the person is a body corporate and carries on that activity solely with or for other bodies corporate that are members of the same group.

                    January 2013

                  • AU-1.3.9

                    A person does not carry on an activity constituting a regulated financing company service if such person carries on an activity with or for another person, and they are both members of the same family.

                    January 2013

                  • AU-1.3.10

                    A person does not carry on an activity constituting a regulated financing company service if the sole or main purpose for which the person enters into the transaction is to limit any identifiable risks arising in the conduct of his business, providing the business conducted does not itself constitute a regulated activity.

                    January 2013

                  • AU-1.3.11

                    A person does not carry on an activity constituting a regulated financing company service if that person is a government body charged with the management of financial instruments on behalf of a government or public body or an exempt person, as specified by Royal decree.

                    January 2013

                • Providing Credit

                  • AU-1.3.12

                    Providing credit is defined as the provision of credit to a person in his capacity as borrower or potential borrower. This includes consumer and mortgage credit and providing credit by way of finance leases and factoring.

                    January 2013

                • Offering Shari'a Financing Contracts

                  • AU-1.3.13

                    Offering Shari'a financing contracts is defined as entering into, or making arrangement for another person to enter into, a contract to provide finance in accordance with Shari'a principles, such as murabaha, bay muajjal, bay salam, ijara wa iktina and istisna'a contracts. etc...

                    January 2013

                • Issuing Means of Payment

                  • AU-1.3.14

                    Means the selling or issuing of payment instruments, or the selling or issuing of stored value (e.g. travellers' cheques, electronic purses).

                    January 2013

            • AU-1.4 AU-1.4 Shari'a Compliant Transactions

              • General Requirements for all Conventional Financing Companies

                • AU-1.4.1

                  Conventional financing company licensees may not hold themselves out as an Islamic financing company. Conventional financing company licensees are allowed to enter into activities (a) to (c) listed in Rule AU-1.3.1 under the conditions outlined in the remainder of this Section, subject to conditions outlined in Section AU-1.2 (concerning facilities offered to Bahrain residents and facilities in Bahrain Dinar in particular).

                  January 2013

                • AU-1.4.2

                  When offering any of the Shari'a compliant activities listed in Rule AU-1.3.1, conventional licensees must have staff trained in Shari'a compliant financing business. The licensee must also disclose in the notes to its Annual Report/Financial Statement all quantitative and qualitative disclosures on its Shari'a compliant business as required by AAOIFI accounting and auditing standards.

                  January 2013

              • Additional Requirements for Conventional Financing Companies

                • AU-1.4.3

                  Conventional licensees may provide Shari'a compliant activities (b) and (c) listed in Rule AU-1.3.1 in any amount and in any currency to Bahrain-resident individuals subject to the following conditions:

                  (a) Shari'a compliant financing transactions to be undertaken through a special counter or branch as deemed necessary by the licensee;
                  (b) The licensee must maintain separate books for Shari'a compliant financing activities to ensure no co-mingling of conventional and Islamic funds;
                  (c) The licensee must have a Shari'a Compliant Reviewer; and
                  (d) The licensee must establish a Shari'a Supervisory Committee with a minimum of three board members. The board may have global authority for all Shari'a compliant business or may have authority purely for Islamic business booked in Bahrain.
                  January 2013

          • AU-2 AU-2 Licensing Conditions

            • AU-2.1 AU-2.1 Condition 1: Legal Status

              • AU-2.1.1

                The legal status of a licensee must be a Bahraini joint stock company (BSC).

                January 2013

            • AU-2.2 AU-2.2 Condition 2: Mind and Management

              • AU-2.2.1

                Licensees with their Registered Office in the Kingdom of Bahrain must maintain their Head Office in the Kingdom.

                January 2013

              • AU-2.2.2

                The CBB requires that all approved persons occupying controlled functions outlined in Paragraph AU-1.2.2, except for Subparagraphs (a) member of the board of directors and (f) member of the Shari'a Supervisory Board, be resident in Bahrain.

                January 2013

              • AU-2.2.3

                For regional groups, the CBB may consider other arrangements, subject to such arrangements meeting the CBB's supervisory objectives.

                January 2013

            • AU-2.3 AU-2.3 Condition 3: Controllers

              • AU-2.3.1

                Licensees must satisfy the CBB that their controllers are suitable and pose no undue risks to the licensee. Licensees must also satisfy the CBB that their close links do not prevent the effective supervision of the licensee by the CBB and otherwise pose no undue risks to the licensee.

                January 2013

              • AU-2.3.2

                Chapters GR-5 and GR-6 contain the CBB's requirements and definitions regarding controllers and close links.

                January 2013

              • AU-2.3.3

                In summary, controllers are persons who directly or indirectly are significant shareholders in a licensee, or who are otherwise able to exert significant influence on the licensee. The CBB seeks to ensure that controllers pose no significant risks to the licensee. In general terms, controllers are assessed in terms of their financial standing, their judicial and regulatory record, and standards of business and (where relevant) personal probity.

                January 2013

              • AU-2.3.4

                A licensee has close links with its subsidiaries, with its parent undertakings, and with subsidiaries of its parent undertakings. It also has close links with any entity in which the licensee, its subsidiaries, its parent undertakings, and the subsidiaries of its parent undertakings has an equity interest of more than 20% (either in terms of capital or voting rights). The CBB seeks to ensure that these closely linked entities do not prevent adequate consolidated supervision being applied to financial entities within the group, and that other group entities do not pose any material financial, reputational or other risks to the licensee.

                January 2013

              • AU-2.3.5

                In all cases, when judging applications from existing groups, the CBB will have regard to the reputation and financial standing of the group as a whole. Where relevant, the CBB will also take into account the extent and quality of supervision applied to overseas members of the group and take into account any information provided by other supervisors in relation to any member of the group.

                January 2013

            • AU-2.4 AU-2.4 Condition 4: Board and Employees

              • AU-2.4.1

                Those nominated to carry out controlled functions must satisfy the CBB's approved persons requirements. This rule is supported by Article 65 of the CBB Law.

                January 2013

              • AU-2.4.2

                The definition of controlled functions is contained in Paragraph AU-1.5.2, whilst Chapter AU-3 sets out CBB's approved persons requirements.

                January 2013

              • AU-2.4.3

                The licensee's staff, taken together, must collectively provide a sufficient range of skills and experience to manage the affairs of the licensee in a sound and prudent manner. Licensees must ensure their employees meet any training and competency requirements specified by the CBB.

                January 2013

            • AU-2.5 AU-2.5 Condition 5: Financial Resources

              • Capital Funds

                • AU-2.5.1

                  Licensees must maintain a level of financial resources, as agreed with the CBB, adequate for the level of business proposed.

                  January 2013

                • AU-2.5.2

                  In accordance with Module CA (Capital Adequacy) licensees must maintain a minimum level of paid-up capital of BD 5,000,000 (or its equivalent in foreign currency, where legally permitted and agreed with the CBB). A greater amount of capital may be required by the CBB on a case-by-case basis. Licensees must also maintain a minimum gearing ratio of 20%.

                  January 2013

              • Liquidity

                • AU-2.5.3

                  Licensees must maintain sufficient liquid assets to meet their obligations as they fall due in the normal course of their business, as required under Module LM. Licensees must agree a liquidity management policy with the CBB.

                  January 2013

            • AU-2.6 AU-2.6 Condition 6: Systems and Controls

              • AU-2.6.1

                Licensees must maintain systems and controls that are, in the opinion of the CBB, adequate for the scale and complexity of their activities. These systems and controls must meet the minimum requirements contained in Modules HC, CM and OM.

                January 2013

              • AU-2.6.2

                Licensees must maintain systems and controls that are, in the opinion of the CBB, adequate to address the risks of financial crime occurring in the licensee. These systems and controls must meet the minimum requirements contained in Module FC, as specified for the license held.

                January 2013

            • AU-2.7 AU-2.7 Condition 7: External Auditors

              • AU-2.7.1

                Article 61 of the CBB Law requires that licensees appoint an external auditor, subject to CBB's prior approval. The minimum requirements regarding auditors contained in Module AA (Auditors and Accounting Standards) must be met.

                January 2013

            • AU-2.8 AU-2.8 Condition 8: Other Requirements

              • Books and Records

                • AU-2.8.1

                  Article 59 of the CBB Law requires licensees to maintain comprehensive books of accounts and other records, and satisfy the minimum record-keeping requirements contained in Article 60 of the pre-mentioned Law and Module OM. Books of accounts must comply with the financial accounting standards issued by the International Financial Reporting Standards (IFRS)/International Accounting Standards (IAS) or the applicable AAOIFI standards for Islamic licensees.

                  Amended: January 2014
                  January 2013

              • Provision of Information

                • AU-2.8.2

                  Articles 58, 111, 114 and 163 of the CBB Law require that licensees and their staff must act in an open and cooperative manner with the CBB. Licensees must meet the regulatory reporting and public disclosure requirements contained in Modules BR and PD respectively. As per Article 62 of the CBB Law, audited financial statements must be submitted to the CBB within 3 months of the licensee s financial year-end.

                  January 2013

              • General Conduct

                • AU-2.8.3

                  Licensees must conduct their activities in a professional and orderly manner, in keeping with good market practice. Licensees must comply with the general standards of business conduct contained in Module PB, as well as the standards relating to treatment of customers contained in Modules BC and CM.

                  January 2013

              • Additional Conditions

                • AU-2.8.4

                  Licensees must comply with any other specific requirements or restrictions imposed by the CBB on the scope of their license.

                  January 2013

                • AU-2.8.5

                  Licensees are subject to the provisions of the CBB Law. These include the right of the CBB to impose such terms and conditions, as it may deem necessary when issuing a license, as specified in Article 45 of the CBB Law. Thus, when granting a license, the CBB specifies the regulated financing company services that the licensee may undertake. Licensees must respect the scope of their license.

                  January 2013

                • AU-2.8.6

                  In addition, the CBB may impose additional restrictions or requirements, beyond those al specified in Volume 5, to address specific risks. For instance, a license may be granted subject to strict limitations on intra-group transactions.

                  January 2013

          • AU-3 AU-3 Approved Persons Conditions

            • AU-3.1 AU-3.1 Approved Persons Conditions

              • Condition 1: 'Fit and Proper'

                • AU-3.1.1

                  Licensees seeking an approved person authorisation for an individual, must satisfy the CBB that the individual concerned is 'fit and proper' to undertake the controlled function in question.

                  January 2013

                • AU-3.1.2

                  The authorisation requirement for persons nominated to carry out controlled functions is contained in Section AU-1.5. The authorisation process is described in Section AU-4.3.

                  January 2013

                • AU-3.1.3

                  Each applicant applying for approved person status and those individuals occupying approved person positions must comply with the following conditions:

                  (a) Has not previously been convicted of any felony or crime that relates to his/her honesty and/or integrity unless he/she has subsequently been restored to good standing;
                  (b) Has not been the subject of any adverse finding in a civil action by any court or competent jurisdiction, relating to fraud;
                  (c) Has not been adjudged bankrupt by a court unless a period of 10 years has passed, during which the person has been able to meet all his/her obligations and has achieved economic accomplishments;
                  (d) Has not been disqualified by a court, regulator or other competent body, as a director or as a manager of a corporation;
                  (e) Has not failed to satisfy a judgement debt under a court order resulting from a business relationship;
                  (f) Must have personal integrity, good conduct and reputation;
                  (g) Has appropriate professional and other qualifications for the controlled function in question (see Appendix TC-1 in Module TC (Training and Competency)); and
                  (h) Has sufficient experience to perform the duties of the controlled function (see Appendix TC-1 in Module TC (Training and Competency)).
                  Amended: January 2016
                  January 2013

                • AU-3.1.4

                  In assessing the conditions prescribed in Rule AU-3.1.3, the CBB will take into account the criteria contained in Paragraph AU-3.1.5. The CBB reviews each application on a case-by-case basis, taking into account all relevant circumstances. A person may be considered 'fit and proper' to undertake one type of controlled function but not another, depending on the function's job size and required levels of experience and expertise. Similarly, a person approved to undertake a controlled function in one licensee may not be considered to have sufficient expertise and experience to undertake nominally the same controlled function but in a much bigger licensee.

                  Amended: January 2016
                  January 2013

                • AU-3.1.5

                  In assessing a person's fitness and propriety, the CBB will also consider previous professional and personal conduct (in Bahrain or elsewhere) including, but not limited to, the following:

                  (a) The propriety of a person's conduct, whether or not such conduct resulted in a criminal offence being committed, the contravention of a law or regulation, or the institution of legal or disciplinary proceedings;
                  (b) A conviction or finding of guilt in respect of any offence, other than a minor traffic offence, by any court or competent jurisdiction;
                  (c) Any adverse finding in a civil action by any court or competent jurisdiction, relating to misfeasance or other misconduct in connection with the formation or management of a corporation or partnership;
                  (d) Whether the person, or any body corporate, partnership or unincorporated institution to which the applicant has, or has been associated with as a director, controller, manager or company secretary been the subject of any disciplinary proceeding, investigation or fines by any government authority, regulatory agency or professional body or association;
                  (e) The contravention of any financial services legislation;
                  (f) Whether the person has ever been refused a license, authorisation, registration or other authority;
                  (g) Dismissal or a request to resign from any office or employment;
                  (h) Whether the person has been a Director, partner or manager of a corporation or partnership which has gone into liquidation or administration or where one or more partners have been declared bankrupt whilst the person was connected with that partnership;
                  (i) The extent to which the person has been truthful and open with supervisors; and
                  (j) Whether the person has ever entered into any arrangement with creditors in relation to the inability to pay due debts.
                  Added: January 2016

                • AU-3.1.6

                  With respect to Paragraph AU-3.1.5, the CBB will take into account the length of time since any such event occurred, as well as the seriousness of the matter in question.

                  Added: January 2016

                • AU-3.1.7

                  Approved persons undertaking a controlled function must act prudently, and with honesty, integrity, care, skill and due diligence in the performance of their duties. They must avoid conflicts of interest arising whilst undertaking a controlled function.

                  Amended: January 2016
                  January 2013

                • AU-3.1.8

                  In determining where there may be a conflict of interest arising, factors that may be considered will include whether:

                  (a) A person has breached any fiduciary obligations to the company or terms of employment;
                  (b) A person has undertaken actions that would be difficult to defend, when looked at objectively, as being in the interest of the licensee; and
                  (c) A person has failed to declare a personal interest that has a material impact in terms of the person's relationship with the licensee.
                  Amended: January 2016
                  January 2013

                • AU-3.1.9

                  Further guidance on the process for assessing a person's 'fit and proper' status is given in Module EN (Enforcement): see Chapter EN-8.

                  Added: January 2016

            • AU-3.2 AU-3.2 [This Section was deleted in January 2016]

              • AU-3.2.1

                [This Paragraph was deleted in January 2016.]

                Deleted: January 2016
                Amended: July 2015
                January 2013

              • AU-3.2.2

                [This Paragraph was deleted in January 2016.]

                Deleted: January 2016
                January 2013

              • AU-3.2.3

                [This Paragraph was moved to Paragraph AU-3.1.9 in January 2016.]

                Amended: January 2016
                January 2013

          • AU-4 AU-4 Information Requirements and Processes

            • AU-4.1 AU-4.1 Licensing

              • Application Form and Documents

                • AU-4.1.1

                  Applicants for a license must submit a duly completed Form 1 (Application for a License), under cover of a letter signed by an authorised signatory of the applicant marked for the attention of the Director, Licensing and Policy Directorate. The application letter must be accompanied by the documents listed in Paragraph AU-4.1.4, unless otherwise directed by the CBB.

                  January 2013

                • AU-4.1.2

                  Articles 44 to 47 of the CBB Law govern the licensing process. This prescribes a single stage process, with the CBB required to take a decision within 60 calendar days of an application being deemed complete (i.e. containing all required information and documents). See below, for further details on the licensing process and time-lines.

                  January 2013

                • AU-4.1.3

                  References to applicant mean the proposed licensee seeking authorisation. An applicant may appoint a representative — such as a law firm or professional consultancy — to prepare and submit the application. However, the applicant retains full responsibility for the accuracy and completeness of the application, and is required to certify the application form accordingly. The CBB also expects to be able to liaise directly with the applicant during the authorisation process, when seeking clarification of any issues.

                  January 2013

                • AU-4.1.4

                  Unless otherwise directed by the CBB, the following documents must be provided together with the covering letter referred in Paragraph AU-4.1.1 above in support of a license application:

                  (a) A duly completed Form 2 (Application for Authorisation of Controller) for each controller of the proposed licensee;
                  (b) A duly completed Form 3 (Application for Approved Person status), for each individual proposed to undertake controlled functions (as defined in Rule AU-1.2.2) in the proposed licensee;
                  (c) A comprehensive business plan for the application, addressing the matters described in AU-4.1.6;
                  (d) Where the applicant is an existing institution, a copy of the applicant's commercial registration;
                  (e) Any relevant Private Placement Memoranda or public offering documents (if funds are to be raised by external shareholders);
                  (f) Where the applicant is a corporate body, a certified copy of a Board resolution of the applicant along with minutes of the concerned meeting, confirming the board's decision to seek a CBB financing company license;
                  (g) In the case of applicants that are part of a regulated group, a letter of non-objection to the proposed license application from the applicant's home supervisor, together with confirmation that the group is in good regulatory standing and is in compliance with applicable supervisory requirements, including those relating to capital adequacy and solvency requirements;
                  (h) Copies of the audited financial statements of the applicant's major shareholder and/or group (as directed by the CBB), for the three years immediately prior to the date of application; and
                  (i) A draft copy of the applicant's (and parent's where applicable) memorandum and articles of association, addressing the matters described in AU-4.1.7.
                  January 2013

                • AU-4.1.5

                  The CBB may require that an acceptably worded letter of guarantee be provided in support of the application for a license. Where the application for the license is for an incorporated entity, the CBB may seek a letter of guarantee from the major shareholder in control of the licensee.

                  January 2013

                • AU-4.1.6

                  The business plan submitted in support of an application should include:

                  (a) An outline of the history of the applicant and its shareholders;
                  (b) The reasons for applying for a license, including the applicant's strategy and market objectives;
                  (c) The proposed type of activities to be carried on by the applicant in/from the Kingdom of Bahrain;
                  (d) The proposed Board and senior management of the applicant and the proposed organisational structure of the applicant;
                  (e) An independent assessment of the risks that may be faced by the applicant, together with the proposed systems and controls framework to be put in place for addressing those risks and to be used for the main business functions; and
                  (f) An opening balance sheet for the applicant, together with a three-year financial projection, with all assumptions clearly outlined, demonstrating that the applicant will be able to meet applicable leverage and liquidity requirements.
                  January 2013

                • AU-4.1.7

                  The applicant's (and where applicable, its parent's) memorandum and articles of association must explicitly provide for it to undertake the activities proposed in the licensed application, and must preclude the applicant from undertaking other commercial activities, unless these arise out of its financing activities or are incidental to those.

                  January 2013

                • AU-4.1.8

                  Where a new financing company's capital is being financed by a private placement, the CBB will verify that the contents of the Private Placement Memorandum (PPM) are consistent with other information supplied to the CBB, notably the business plan, and otherwise meet any applicable regulatory requirements with respect to PPM documents. The CBB's review of the PPM does not in any way constitute an approval or endorsement as to any claims it may contain as to the future value of the proposed licensee.

                  January 2013

                • AU-4.1.9

                  The CBB will not license applicants without a core group of sponsoring shareholders (who can demonstrate a strong business track record with relevant expertise), and where failure of the private placement to raise its targeted amount would leave the institution unable to comply with the CBB's minimum capital requirements. The CBB may, on a case-by-case basis, require that at least one shareholder is a regulated financial institution which holds 20% of the applicant's shares.

                  January 2013

                • AU-4.1.10

                  All documentation provided to the CBB as part of an application for a license must be in either Arabic or English language. Any documentation in a language other than English or Arabic must be accompanied by a certified English or Arabic translation thereof.

                  January 2013

                • AU-4.1.11

                  Before the final approval is granted to a licensee, confirmation from a retail bank addressed to the CBB that the licensee's capital (injected funds) — as specified in the business plan submitted under Rule AU-4.1.4 — has been paid in, must be provided to the CBB.

                  January 2013

                • AU-4.1.12

                  Any material changes or proposed changes to the information provided to the CBB in support of an authorisation application that occurs prior to authorisation must be reported to the CBB.

                  January 2013

                • AU-4.1.13

                  Failure to inform the CBB of the changes specified in AU-4.1.12 is likely to be viewed as a failure to provide full and open disclosure of information, and thus a failure to meet licensing condition AU-2.8.2.

                  January 2013

              • Licensing Process and Timelines

                • AU-4.1.14

                  By law, the 60-day time limit referred to in Paragraph AU-4.1.2 only applies once the application is complete and all required information (which may include any clarifications requested by the CBB) and documents have been provided. This means that all the items specified in Rule AU-4.1.4 have to be provided, before the CBB may issue a license.

                  January 2013

                • AU-4.1.15

                  The CBB recognises, however, that applicants may find it difficult to secure suitable senior management (refer AU-4.1.4(b) above) in the absence of preliminary assurances regarding the likelihood of obtaining a license.

                  January 2013

                • AU-4.1.16

                  Therefore, applicants may first submit an unsigned Form 1 in draft, together with as many as possible of the items specified in Rule AU-4.1.4. This draft application should contain at least items AU-4.1.4(a); AU-4.1.4(b), with respect to proposed Directors (but not necessarily senior management); AU-4.1.4(c); AU-4.1.4(d); and AU-4.1.4(f) to AU-4.1.4(i) inclusive.

                  January 2013

                • AU-4.1.17

                  On the basis of the information specified in Paragraph AU-4.1.16, the CBB may provide an initial 'in principle' confirmation that the applicant appears likely to meet the CBB's licensing requirements, subject to the remaining information and documents being assessed as satisfactory. The 'in principle' confirmation will also list all outstanding documents required before an application can be considered complete and subject to formal consideration.

                  January 2013

                • AU-4.1.18

                  An 'in principle' confirmation does not constitute a license approval, nor does it commit the CBB to issuing a license. However, it provides sufficient assurance for an applicant to complete certain practical steps, such as securing suitable executive staff that satisfy CBB's 'fit and proper' requirements. Once this has been done, the applicant may finalise its application, by submitting the remaining documents required under Rule AU-4.1.4 and, once assessed as complete by the CBB, a signed and dated final version of Form 1. However, a Bahrain company proposing to undertake financial services activities would not be able to obtain a commercial registration from the Ministry of Industry and Commerce unless they receive the final approval from the CBB.

                  January 2013

                • AU-4.1.19

                  Regardless of whether an applicant submits a draft application or not, all potential applicants are strongly encouraged to contact the CBB at an early stage to discuss their plans and associated requirements. The Licensing & Policy Directorate would normally expect to hold at least one pre-application meeting with an applicant, prior to receiving an application (either in draft or in final form).

                  January 2013

                • AU-4.1.20

                  Potential applicants should initiate pre-application meetings in writing, setting out a short summary of their proposed business and any issues or questions that they may have al identified, once they have a clear business proposition in mind and have undertaken their preliminary research. The CBB can then guide the applicant on the specific areas in the Rulebook that will apply to them and the relevant requirements that they must address in their application.

                  January 2013

                • AU-4.1.21

                  At no point should an applicant hold themselves out as having been licensed by the CBB, prior to receiving formal written notification of the fact in accordance with Rule AU-4.1.22 below. Failure to do so may constitute grounds for refusing an application and result in a contravention of Articles 40 and 41 of the CBB Law (which carries a maximum penalty of BD 1 million).

                  January 2013

              • Granting or Refusal of License

                • AU-4.1.22

                  To be granted a license, an applicant should demonstrate compliance with the applicable requirements of the CBB Law and this Module. Should a license be granted, the CBB will notify the applicant in writing of the fact; the CBB will also publish its decision to grant a license in the Official Gazette and in two local newspapers (one published in Arabic, the other in English). The license may be subject to such terms and conditions as the CBB deems necessary for the additional conditions being met.

                  Amended: October 2019
                  January 2013

                • AU-4.1.23

                  The CBB may refuse to grant a license if in its opinion:

                  (a) The requirements of the CBB Law or this Module are not met;
                  (b) False or misleading information has been provided to the CBB, or information which should have been provided to the CBB has not been so provided; or
                  (c) The CBB believes it necessary in order to safeguard the interests of potential customers.
                  January 2013

                • AU-4.1.24

                  Where the CBB proposes to refuse an application for a license, it will give the applicant a written notice to that effect. Applicants will be given a minimum of 30 calendar days from the date of the written notice to appeal the decision, as per the appeal procedures specified in the notice; these procedures will comply with the provisions contained in Article 46 of the CBB Law.

                  Amended: October 2019
                  January 2013

              • Starting Operations

                • AU-4.1.25

                  Within 6 months of the license being issued, the new licensee must provide to the CBB:

                  (a) A detailed action plan for establishing the operations and supporting infrastructure of the licensee, such as the completion of written policies and procedures, and recruitment of remaining employees (having regard to the time limit set by Article 48 (c) of the CBB Law);
                  (b) The registered office address and details of premises to be used to carry out the business of the proposed licensee;
                  (c) The address in the Kingdom of Bahrain where full business records will be kept;
                  (d) The licensee's contact details including telephone and fax number, e-mail address and website;
                  (e) A description of the business continuity plan;
                  (f) A description of the IT system that will be used, including details of how IT systems and other records will be backed up;
                  (g) A copy of the external auditor's acceptance to act as an external auditor for the applicant;
                  (h) A copy of the applicant's notarised memorandum and articles of association, addressing the matters described in Paragraph AU-4.1.6;
                  (i) A copy of the Ministry of Industry & Commerce commercial registration certificate in Arabic and English languages;
                  (j) An updated organisation chart showing the reporting lines, committees (if any) and including the names of the persons undertaking the controlled functions;
                  (k) A copy of the licensee's business card and any written communication (including stationery, website, e-mail, business documentation, etc.) including a statement that the financing company is licensed by the CBB; and
                  (l) Any other information as may be specified by the CBB.
                  January 2013

                • AU-4.1.26

                  New licensees must start their operations within 6 months of being granted a license by the CBB, failing which the CBB may cancel the license, as per the powers and procedures set out in Article 48 of the CBB Law.

                  January 2013

                • AU-4.1.27

                  The procedures for cancelling licenses are contained in Section AU-4.3.

                  January 2013

            • AU-4.2 AU-4.2 Authorisation of a Branch or Subsidiary

              • AU-4.2.1

                Licensees may open branches or subsidiaries in the Kingdom of Bahrain or in foreign jurisdictions after obtaining the CBB's prior written approval.

                January 2013

              • Authorisation of a Branch

                • AU-4.2.2

                  Unless otherwise directed by the CBB, the following documents must be provided to the CBB in support of an application to open a branch:

                  (a) A business plan explaining:
                  (i) The reasons for applying for a branch, including the applicant's strategy and market objectives; and
                  (ii) A minimum of three-year financial projection, with all assumptions clearly outlined, demonstrating that the branch will be able to meet all liabilities and obligations;
                  (b) The location of the proposed branch, including the full address; and
                  (c) Confirmation from the external auditor that the licensee's capital adequacy is sufficient to support the operation of the branch, in addition to other existing branches (if applicable), at the time of filing the request.
                  January 2013

              • Starting Operations of a Branch

                • AU-4.2.3

                  Licensees must submit to the CBB confirmation that the authorised branch has commenced operations within 6 months of the authorisation letter.

                  January 2013

              • Authorisation of a Subsidiary

                • AU-4.2.4

                  Licensees wishing to establish a new subsidiary undertaking must submit to the CBB the following information as part of their request:

                  (a) Proposed name of subsidiary;
                  (b) Country of incorporation;
                  (c) Legal structure;
                  (d) Proposed issued capital;
                  (e) Proposed shareholding structure;
                  (f) Purpose of establishing the subsidiary;
                  (g) Draft incorporation documents of the subsidiary;
                  (h) Board resolution approving the establishment of the subsidiary; and
                  (i) Any other information or documentation requested by the CBB.
                  January 2013

                • AU-4.2.5

                  Licensees wishing to acquire a new subsidiary undertaking must submit to the CBB the following information as part of their request:

                  (a) Annual report, including audited financial statements of the subsidiary being acquired;
                  (b) Purpose of acquiring the subsidiary;
                  (c) Memorandum and Articles of Association of the subsidiary;
                  (d) Board resolution approving the acquisition of the subsidiary; and
                  (e) Any other information or documentation requested by the CBB.
                  January 2013

                • AU-4.2.6

                  Licensees should ensure adherence with Rules contained in:

                  (a) Chapter CA-1 and in particular with the gearing ratio requirements contained in Paragraph CA-1.1.4;
                  (b) The minimum liquidity requirements outlined in Chapter LM-1; and
                  (c) The reporting requirements for close links contained in Paragraph GR-6.1.3

                  when considering the impact of a subsidiary on these requirements.

                  January 2013

            • AU-4.3 AU-4.3 Approved Persons

              • AU-4.3.1

                Licensees must obtain CBB's prior written approval before a person is formally appointed to a controlled function. The request for CBB approval must be made by submitting to the CBB a duly completed Form 3 (Application for Approved Person status) and Curriculum Vitae after verifying that all the information contained in the Form 3, including previous experience, is accurate. Form 3 is available under Volume 5 Part B Authorisation Forms of the CBB Rulebook.

                Amended: January 2016
                Amended: July 2015
                January 2013

              • AU-4.3.2

                When the request for approved person status forms part of a license application, the Form 3 must be marked for the attention of the Director, Licensing and Policy Directorate. When the submission to undertake a controlled function is in relation to an existing licensee, the Form 3, except if dealing with a MLRO and the Deputy MLRO, must be marked for the attention of the applicable Director, Banking Supervision Directorate responsible for the supervision of the licensee. In the case of the MLRO and Deputy MLRO, Form 3 should be marked for the attention of the Director, Compliance Directorate.

                January 2013

              • AU-4.3.3

                When submitting the Forms 3, licensees must ensure that the Form 3 is:

                (a) Submitted to the CBB with a covering letter signed by an authorised representative of the licensee, seeking approval for the proposed controlled function;
                (b) Submitted in original form;
                (c) Submitted with a certified copy of the applicant's passport, original or certified copies of educational and professional qualification certificates (and translation if not in Arabic or English) and the Curriculum Vitae; and
                (d) Is signed by an authorised representative of the licensee and all pages stamped with the licensee's seal.
                Amended: July 2015
                January 2013

              • AU-4.3.3A

                Licensees seeking to appoint Board Directors must seek CBB approval for all the candidates to be put forward for election/approval at a shareholders' meeting, in advance of the agenda being issued to shareholders. CBB approval of the candidates does not in any way limit shareholders' rights to refuse those put forward for election/approval.

                Added: July 2015

              • AU-4.3.4

                For existing licensees applying for the appointment of a Director or the Chief Executive/General Manager, the authorised representative should be the Chairman of the Board or a Director signing on behalf of the Board. For all other controlled functions, the authorised representative should be a Director or the Chief Executive/General Manager.

                Amended: July 2015
                January 2013

              • AU-4.3.5

                [This Paragraph was deleted in July 2015.]

                Deleted: July 2015

              • AU-4.3.6

                [This Paragraph was moved to Paragraph AU-4.3.3A in July 2015.]

                Amended: July 2015
                January 2013

              • Assessment of Application

                • AU-4.3.6A

                  The CBB shall review and assess the application for approved person status to ensure that it satisfies all the conditions required in Paragraph AU-3.1.3 and the criteria outlined in Paragraph AU-3.1.5.

                  Amended: January 2016
                  Added: July 2015

                • AU-4.3.6B

                  For purposes of Paragraph AU-4.3.6A, licensees should give the CBB a reasonable amount of notice in order for an application to be reviewed. The CBB shall respond within 15 business days from the date of meeting all regulatory requirements, including but not limited to receiving the application complete with all the required information and documents, as well as verifying references.

                  Amended: January 2016
                  Added: July 2015

                • AU-4.3.6C

                  The CBB reserves the right to refuse an application for approved person status if it does not satisfy the conditions provided for in Paragraph AU-3.1.3 and does not satisfy the CBB criteria in Paragraph AU-3.1.5. A notice of such refusal is issued by registered mail to the licensee concerned, setting out the basis for the decision.

                  Amended: January 2016
                  Added: July 2015

                • AU-4.3.7

                  [This Paragraph was deleted in January 2016.]

                  Deleted: January 2016
                  Amended: July 2015
                  January 2013

              • Appeal Process

                • AU-4.3.7A

                  Licensees or the nominated approved persons may, within 30 calendar days of the notification, appeal against the CBB's decision to refuse the application for approved person status. The CBB shall decide on the appeal and notify the licensee of its decision within 30 calendar days from submitting the appeal.

                  Added: July 2015

                • AU-4.3.7B

                  Where notification of the CBB's decision to grant a person approved person status is not issued within 15 business days from the date of meeting all regulatory requirements, including but not limited to, receiving the application complete with all the required information and documents, licensees or the nominated approved persons may appeal to the concerned Executive Director, Banking Supervision of the CBB provided that the appeal is justified with supporting documents. The CBB shall decide on the appeal and notify the licensee of its decision within 30 calendar days from the date of submitting the appeal.

                  Amended: January 2016
                  Added: July 2015

              • Notification Requirements and Process

                • AU-4.3.8

                  Licensees must immediately notify the CBB when an approved person ceases to hold a controlled function together with an explanation as to the reasons why (see Paragraph AU-4.5.7). In such cases, their approved person status is automatically withdrawn by the CBB.

                  January 2013

                • AU-4.3.9

                  Licensees must immediately notify the CBB in case of any material change to the information provided in a Form 3 submitted for an approved person.

                  January 2013

                • AU-4.3.10

                  Licensees must immediately notify the CBB when they become aware of any of the events listed in Paragraph EN-8.2.3, affecting one of their approved persons.

                  January 2013

                • AU-4.3.10A

                  Licensees must immediately notify the CBB should they become aware of information that could reasonably be viewed as calling into question an approved person’s compliance with CBB’s ‘fit and proper’ requirement (see AU3.1).

                  Added: January 2021

              • Change in Controlled Function

                • AU-4.3.11

                  Licensees must seek prior CBB approval before an approved person may move from one controlled function to another within the same licensee.

                  January 2013

                • AU-4.3.12

                  In such instances, a new Form 3 (Application for Approved Person status) should be completed and submitted to the CBB. Note that a person may be considered 'fit and proper' for one controlled function, but not for another, if for instance the new role requires a different set of skills and experience. Where an approved person is moving to a controlled function in another licensee, the first licensee should notify the CBB of that person's departure (see Rule AU-4.5.7), and the new licensee should submit a request for approval under Rule AU-1.2.1.

                  January 2013

            • AU-4.4 AU-4.4 Variations to a License

              • AU-4.4.1

                As per Article 48 of the CBB Law, licensees must seek prior CBB approval before undertaking new regulated financing company services.

                January 2013

              • AU-4.4.2

                Failure to secure CBB approval prior to undertaking a new regulated activity may lead to enforcement action being taken against the concerned person. This is supported by Article 40 of the CBB law.

                January 2013

              • AU-4.4.3

                In addition to any other information requested by the CBB, and unless otherwise directed by the CBB, a licensee requesting CBB approval to undertake a new regulated financing company service must provide the following information:

                (a) A summary of the rationale for undertaking the proposed new activities;
                (b) A description of how the new business will be managed and controlled;
                (c) An analysis of the financial impact of the new activities; and
                (d) A summary of the due diligence undertaken by the Board and management of the licensee on the proposed new activities.
                January 2013

              • AU-4.4.4

                The CBB may amend or revoke a licence in any of the following cases:

                (a) If the licensee fails to satisfy any of the license conditions;
                (b) If the licensee violates the terms of these rules or any of the Volume's directives;
                (c) If the licensee fails to start business within six months from the date of the licence;
                (d) If the licensee ceases to carry out the licensed activity in the Kingdom; or
                (e) The legitimate interests of the customers or creditors of a licensee required such amendment or cancellation.
                January 2013

              • AU-4.4.5

                The CBB's procedures for amending or revoking a license is outlined in detail in the Enforcement Module (EN).

                January 2013

            • AU-4.5 AU-4.5 Withdrawal of a License or Closure of a Branch

              • Licenses

                • Voluntary Surrender of a License or Closure of a Branch

                  • AU-4.5.1 AU-4.5.1

                    In Accordance with Article 50 of the CBB Law, all requests for the voluntary surrender of a license or closure of a branch are subject to CBB approval. Such requests must be made in writing to the Executive Director of Banking Supervision, setting out in full the reasons for the request and how the voluntary surrender or branch closure is to be carried out.

                    January 2013

                    • AU-4.5.2 AU-4.5.2

                      Licensees must satisfy CBB that their customers' interests are to be safeguarded during and after the proposed voluntary surrender or closure of the branch.

                      January 2013

                      • AU-4.5.3 AU-4.5.3

                        The CBB will only approve a voluntary surrender where it has no outstanding regulatory concerns and any relevant customers' interests would not be prejudiced. A voluntary surrender will not be accepted where it is aimed at pre-empting supervisory actions by the CBB. Also, a voluntary surrender will only take effect once the licensee, in the opinion of the CBB, has discharged all its regulatory responsibilities to customers.

                        January 2013

                        • Cancellation of a License by the CBB

                          • AU-4.5.4 AU-4.5.4

                            As provided for under Article 48 (c) of the CBB Law, the CBB may itself move to cancel a license. The CBB generally views the cancellation of a license as appropriate only in the most serious of circumstances, and generally tries to address supervisory concerns through other means beforehand. See also Chapter EN-7, regarding the cancellation or amendment of licenses, including the procedures used in such instances and the licensee's right to appeal the formal notice of cancellation issued by the CBB.

                            January 2013

                            • AU-4.5.5 AU-4.5.5

                              Cancellation of a license requires CBB to issue a formal notice of cancellation to the person concerned. The notice of cancellation must describe the CBB's rationale for the proposed cancellation, as specified in Article 48(d) of the CBB Law.

                              January 2013

                              • AU-4.5.6 AU-4.5.6

                                Where cancellation of a license has been confirmed by CBB, the CBB will only effect the cancellation once a licensee has discharged all its regulatory responsibilities to customers. Until such time, CBB will retain all its regulatory powers with regards to the licensee, and will direct the licensee such that no new regulated financing activity may be undertaken whilst the licensee discharges its obligations to customers.

                                January 2013

                                • Cancellation of Approved Person Status

                                  • AU-4.5.7 AU-4.5.7

                                    In accordance with Paragraph AU-4.3.8, licensees must promptly notify the CBB in writing, as soon as they become aware, when a person undertaking a controlled function will no longer be carrying out that function. If a controlled function falls vacant, the licensee must appoint a permanent replacement (after obtaining CBB approval), within 120 calendar days of the vacancy occurring. Pending the appointment of a permanent replacement, the licensee must make immediate interim arrangements to ensure continuity of the duties and responsibilities of the controlled function affected. These interim arrangements must be approved by the CBB.

                                    January 2013

                                    • AU-4.5.8 AU-4.5.8

                                      The explanation given for any such changes should simply identify if the planned move was prompted by any concerns over the person concerned, or is due to a routine staff change, retirement or similar reason.

                                      January 2013

                                      • AU-4.5.9 AU-4.5.9

                                        The CBB may also move to declare someone as not 'fit and proper', in response to significant compliance failures or other improper behaviour by that person: see Chapter EN-8 regarding the cancellation of 'fit and proper' approval.

                                        January 2013

                                        • AU-4.6 AU-4.6 Publication of the Decision to Grant, Cancel or Amend a License

                                          • AU-4.6.1

                                            In accordance with Articles 47 and 49 of the CBB Law, the CBB will publish its decision to grant, cancel or amend a license in the Official Gazette and in two local newspapers, one in Arabic and the other in English.

                                            Amended: October 2019
                                            Added: July 2017

                                          • AU-4.6.2

                                            For the purposes of Paragraph AU-4.6.1, the cost of publication must be borne by the Licensee.

                                            Added: July 2017

                                          • AU-4.6.3

                                            The CBB may also publish its decision on such cancellation or amendment using any other means it considers appropriate, including electronic means.

                                            Added: July 2017

          • AU-5 AU-5 License Fees

            • AU-5.1 AU-5.1 License Application Fees

              • AU-5.1.1

                Applicants seeking a financing company license from the CBB must pay a non-refundable license application fee of BD 100 at the time of submitting their formal application to the CBB.

                January 2013

              • AU-5.1.2

                There are no application fees for those seeking approved person status.

                January 2013

            • AU-5.2 AU-5.2 Annual License Fees

              • AU-5.2.1

                Licensees must pay the relevant annual license fee to the CBB on 1st of December of the preceding year for which the fee is due.

                Amended: July 2013
                January 2013

              • AU-5.2.2

                Financing company licensees must pay a variable annual licensing fee based on 0.25% of their relevant operating expenses, subject to a floor of BD6,000 and a cap of BD24,000.

                Amended: July 2013
                January 2013

              • AU-5.2.3

                Relevant operating expenses are defined as the total operating expenses of the licensee concerned, as recorded in the most recent audited financial statements available, subject to the adjustments specified in Rule AU-5.2.4.

                January 2013

              • AU-5.2.4

                The adjustments to be made to relevant operating expenses are the exclusion of the following items from total operating expenses:

                (a) Training costs;
                (b) Charitable donations; and
                (c) Previous year's CBB fees paid.
                January 2013

              • AU-5.2.5

                The CBB would normally rely on the audited accounts of a licensee as representing a true and fair picture of its operating expenses. However, the CBB reserves the right to enquire about the accounting treatment of expenses, and/or policies on intra-group charging, if it believes that these are being used artificially to reduce a license fee.

                January 2013

              • AU-5.2.6

                Licensees must complete and submit Form ALF (Annual License Fee) to the CBB, no later than 15th October of the preceding year for which the fees are due.

                Amended: July 2013
                January 2013

              • AU-5.2.6A

                All licensees are subject to direct debit for the payment of the annual license fee and must complete and submit to the CBB a Direct Debit Authorisation Form by 15th September available under Part B of Volume 5 (Specialised Licensees) CBB Rulebook on the CBB Website.

                Added: July 2013

              • AU-5.2.7

                For new licensees, their first annual license fee is payable when their license is issued by the CBB. The amount payable is the floor amount of BD6,000.

                Amended: July 2013
                January 2013

              • AU-5.2.7A

                For the first full year of operation for licensees, the licensee would submit a Form ALF by the 15th October of the previous year for which the fees are due, and calculate its fee as the floor amount. For future years, the licensee would submit a Form ALF by 15th October of the preceding year for which the fees are due and calculate its fee using its last audited financial statements (or alternative arrangements as agreed with CBB, should its first set of accounts cover an 18-month period).

                Added: July 2013

              • AU-5.2.7B

                Licensees must pay a fixed annual fee of BD 1,000 for each locally incorporated SPV in Bahrain which is under the control of and/or providing an actual business function, service or activity (whether actively or passively) for the licensee and/or others at the licensee's direction or having been established under the licensee's direction for that purpose. The CBB approval for any new SPV will only be granted, once the annual fee has been paid. The full amount of the BD 1,000 annual fee is due in the year the SPV is set up and it is not prorated for the number of months remaining in the year.

                Added: January 2014

              • AU-5.2.7C

                Paragraph AU-5.2.7C does not apply to SPVs of Bahrain domiciled CIUs. In the case of Bahrain domiciled CIUs, licensees should refer to the relevant Chapter in Module ARR of Volume 7, depending on the classification of the Bahrain domiciled CIU.

                Added: January 2014

              • AU-5.2.8

                Where a license is cancelled (whether at the initiative of the firm or the CBB), no refund is paid for any months remaining in the calendar year in question, should a fee have been paid for that year.

                January 2013

              • AU-5.2.9

                Licensees failing to comply with this Section may be subject to financial penalties for date sensitive requirements as outlined in Section EN-5.3A or may have their licenses withdrawn by the CBB.

                Added: July 2013

        • HC HC Financing Companies High-level Controls Module

          • HC-A HC-A Introduction

            • HC-A.1 HC-A.1 Purpose

              • Executive Summary

                • HC-A.1.1

                  This Module presents requirements that have to be met by licensees with respect to:

                  (a) Corporate governance principles issued by the Ministry of Industry and Commerce as "The Corporate Governance Code"; and
                  (b) Related high-level controls and policies.
                  January 2013

                • HC-A.1.2

                  The Principles referred to in this Module are in line with the Principles relating to the Corporate Governance Code issued by the Ministry of Industry and Commerce.

                  January 2013

                • HC-A.1.3

                  The purpose of the Module is to establish best practice corporate governance principles in Bahrain, and to provide protection for investors and other licensee's stakeholders through compliance with those principles.

                  January 2013

                • HC-A.1.4

                  Whilst the Module follows best practice, it is nevertheless considered as the minimum standard to be applied.

                  January 2013

              • Structure of this Module

                • HC-A.1.5

                  This Module follows the structure of the Corporate Governance Code and each Chapter deals with one of the nine Principles of corporate governance. The numbered directives included in the Code are Rules for purposes of this Module. Recommendations under the Code have been included as guidance.

                  January 2013

                • HC-A.1.6

                  The Module also incorporates other high-level controls and policies that apply in particular to licensees.

                  January 2013

                • HC-A.1.7

                  All references in this Module to 'he' or 'his' shall, unless the context otherwise requires, be construed as also being references to 'she' and 'her'.

                  January 2013

              • The Comply or Explain Principle

                • HC-A.1.8

                  This Module is issued as a Directive (as amended from time to time) in accordance with Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). In common with other Rulebook Modules, this Module contains a mixture of Rules and Guidance (See Module UG-1.2 for detailed explanation of Rules and Guidance). All Rulebook content that is categorised as a Rule must be complied with by those to whom the content is addressed. Other parts of this Module are Guidance; nonetheless every financing company licensee to whom Module HC applies, is expected to comply with recommendations made as Guidance in Module HC or explain its noncompliance in the Annual Report in accordance with Paragraph PD-1.3.5 and to the CBB (see Chapter HC-8).

                  January 2013

              • Monitoring and Enforcement of Module HC

                • HC-A.1.9

                  Disclosure and transparency are underlying principles of Module HC. Disclosure is crucial to allow outside monitoring to function effectively. This Module looks to a combined monitoring system relying on the board, the licensee's shareholders and the CBB.

                  January 2013

                • HC-A.1.10

                  It is the board's responsibility to see to the accuracy and completeness of the licensee's corporate governance guidelines and compliance with Module HC. Failure to comply with this Module is subject to enforcement measures as outlined in Module EN (Enforcement).

                  January 2013

              • Legal Basis

                • HC-A.1.11

                  This Module contains the CBB's Directive (as amended from time to time) relating to high-level controls and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). The Directive in this Module is applicable to financing companies licensees (including their approved persons).

                  January 2013

                • HC-A.1.12

                  For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

                  January 2013

              • Effective Date

                • HC-A.1.13

                  The contents in this Module are effective from January 2013.

                  January 2013

            • HC-A.2 HC-A.2 Module History

              • HC-A.2.1

                This Module was first issued in January 2013. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG-3 provides further details on Rulebook maintenance and version control.

                January 2013

              • HC-A.2.2

                A list of recent changes made to this Module is provided below:

                Module Ref. Change Date Description of Changes
                HC-8.2 01/2014 Amended as a result of the issuance of Module PD.
                Appendix D 01/2014 Requirements moved to Module PD.
                HC-1.2.12,
                HC-1.2.13
                and HC-1.3.9
                10/2014 Corrected cross reference.
                HC-1.3.11 10/2014 Corrected typo.
                HC-2.3.3 04/2016 Added a requirement for the licensee to have in place a board approved policy on the employment of relatives of approved persons.
                HC-2.4.1A 04/2016 Added the requirement to disclose to the board on annual basis relatives of any approved persons occupying controlled functions.
                HC-7.2 04/2016 Added requirements dealing with shareholders' meetings.
                HC-7.2.3A 07/2017 Amended paragraph to be in line with Article (199) of the Commercial Companies law.
                HC-1.4.12 01/2020 Added a new Paragraph on independent directors.
                HC-1.4.13 01/2020 Added a new Paragraph on termination of Board membership of a retired, terminated CEO.
                HC-2.3.2 01/2020 Amended Paragraph on policy and procedures approval.
                HC-5.4.2 04/2020 Added a new Paragraph on KPIs compliance with AML/CFT requirements.

              • Superseded Requirements

                • HC-A.2.3

                  This Module supersedes the following provisions contained in circulars or other regulatory requirements:

                  Document Ref. Document Subject
                  Volumes 1 and 2 Module HC
                     
                  January 2013

          • HC-B HC-B Scope of Application

            • HC-B.1 HC-B.1 Scope of Application

              • HC-B.1.1

                The contents of this Module — unless otherwise stated — apply to all financing companies licensees, thereafter referred to in this Module as licensees.

                January 2013

            • HC-B.2 HC-B.2 Subsidiaries, Affiliates and Foreign Branches

              • HC-B.2.1

                Licensees must ensure that, as a minimum, the same or equivalent provisions of this Module apply to their foreign branches, located outside the Kingdom of Bahrain, such that these are also subject to effective high-level controls. In instances where local jurisdictional requirements are more stringent than those applicable in this Module, the local requirements are to be applied.

                January 2013

              • HC-B.2.2

                Licensees must satisfy the CBB that financial services activities conducted in subsidiaries and other group members are subject to the same or equivalent arrangements for ensuring effective corporate governance over their activities.

                January 2013

              • HC-B.2.3

                Where a licensee is unable to satisfy the CBB that its subsidiaries and other group members are subject to the same or equivalent arrangements, the CBB will assess the potential impact of risks — both financial and reputational — to the licensee arising from inadequate high-level controls in the rest of the group of which it is a member. In such instances, the CBB may impose restrictions on dealings between the licensee and other group members. Where weaknesses in controls are assessed by the CBB to pose a major threat to the stability of the licensee, then its authorisation may be called into question.

                January 2013

          • HC-1 HC-1 The Board

            • HC-1.1 HC-1.1 Principle

              • HC-1.1.1

                All licensees must be headed by an effective, collegial and informed Board of Directors ('the Board').

                January 2013

            • HC-1.2 HC-1.2 Role and Responsibilities

              • HC-1.2.1

                All directors must understand the board's role and responsibilities under the Commercial Companies Law and any other laws or regulations that may govern their responsibilities from time to time. In particular:

                (a) The board's role as distinct from the role of the shareholders (who elect the board and whose interests the board serves) and the role of senior managers (whom the board appoints and oversees); and
                (b) The board's fiduciary duties of care and loyalty to the licensee and the shareholders (see HC-2.1).
                January 2013

              • HC-1.2.2

                The board's role and responsibilities include but are not limited to:

                (a) The overall business performance and strategy for the licensee;
                (b) Causing financial statements to be prepared which accurately disclose the licensee's financial position;
                (c) Monitoring management performance;
                (d) Convening and preparing the agenda for shareholders meetings;
                (e) Monitoring conflicts of interest and preventing abusive related party transactions;
                (f) Assuring equitable treatment of shareholders including minority shareholders; and
                (g) Establishing the objectives of the licensee.
                January 2013

              • HC-1.2.3

                The precise functions reserved for the Board, and those delegated to management and committees will vary, dependent upon the business of the institution, its size and ownership structure. However, as a minimum, the Board must establish and maintain a statement of its responsibilities for:

                (a) The adoption and annual review of strategy;
                (b) The adoption and review of management structure and responsibilities;
                (c) The adoption and review of the systems and controls framework; and
                (d) Monitoring the implementation of strategy by management.
                January 2013

              • HC-1.2.4

                The directors are responsible both individually and collectively for performing the responsibilities outlined in Paragraph HC-1.2.1 to HC-1.2.3. Although the Board may delegate certain functions to committees or management, it may not delegate its ultimate responsibility to ensure that an adequate, effective, comprehensive and transparent corporate governance framework is in place.

                January 2013

              • HC-1.2.5

                In its strategy review process under Paragraphs HC-1.2.3 a) and d), the Board must:

                (a) Review the licensee's business plans and the inherent level of risk in these plans;
                (b) Assess the adequacy of capital to support the business risks of the licensee;
                (c) Set performance objectives; and
                (d) Oversee major capital expenditures, divestitures and acquisitions.
                January 2013

              • HC-1.2.6

                Licensees must notify the CBB in writing of all major proposed changes to the strategy and/or corporate plan of the licensee prior to implementation.

                January 2013

              • HC-1.2.7

                The Board is expected to have effective policies and processes in place for:

                (a) Approving budgets and reviewing performance against those budgets and key performance indicators; and
                (b) The management of the licensee's compliance risk.
                January 2013

              • HC-1.2.8

                When a new director is inducted, the chairman of the board, or by the licensee's legal counsel or compliance officer, or other individual delegated by the chairman of the board should review the board's role and duties with that person, particularly covering legal and regulatory requirements and Module HC (see also HC-4.5.1).

                January 2013

              • HC-1.2.9

                The licensee must have a written appointment agreement with each director which recites the directors' powers, duties, responsibilities and accountabilities and other matters relating to his appointment including his term, the time commitment envisaged, the committee assignment if any, his remuneration and expense reimbursement entitlement, and his access to independent professional advice when that is needed.

                January 2013

              • Risk Recognition and Assessment

                • HC-1.2.10

                  The Board is responsible for ensuring that the systems and controls framework, including the Board structure and organisational structure of the licensee, is appropriate for the business and associated risks (see Paragraph HC-1.2.3 (c)). The Board must ensure that collectively it has sufficient expertise to identify, understand and measure the significant risks to which the licensee is exposed in its business activities.

                  January 2013

                • HC-1.2.11

                  The Board must regularly assess the systems and controls framework of the licensee. In its assessments, the Board must demonstrate to the CBB that:

                  (a) The licensee's operations, individually and collectively are measured, monitored and controlled by appropriate, effective and prudent risk management systems commensurate with the scope of its activities;
                  (b) The licensee's operations are supported by an appropriate control environment. The compliance, risk management and financial reporting functions must be adequately resourced, independent of business lines and must be run by individuals not involved with the day-to-day running of the various business areas. The Board must additionally ensure that management develops, implements and oversees the effectiveness of comprehensive know your customer standards, as well as on-going monitoring of accounts and transactions, in keeping with the requirements of relevant law, regulations and best practice (with particular regard to anti-money laundering measures). The control environment must maintain necessary client confidentiality and ensure that the privacy of the licensee is not violated, and ensure that clients' rights and assets are properly safeguarded; and
                  (c) Where the Board has identified any significant issues related to the licensee's adopted governance framework, appropriate and timely action is taken to address any identified adverse deviations from the requirements of this Module.
                  January 2013

                • HC-1.2.12

                  The board must adopt a formal board charter or other statement specifying matters which are reserved to it, which should include but need not be limited to the specific requirements and responsibilities of directors. This charter must cover the points in Paragraphs HC-1.2.1 to HC-1.2.11.

                  Amended: October 2014
                  January 2013

                • HC-1.2.13

                  Wherever possible, the documents referred to in Paragraphs HC-1.2.3 to HC-1.2.11 or a summary of responsibilities should be disclosed publicly, for example in the annual report, which must be submitted to the CBB in line with the requirements of Module BR.

                  Amended: October 2014
                  January 2013

            • HC-1.3 HC-1.3 Decision Making Process

              • HC-1.3.1

                The board must be collegial and deliberative, to gain the benefit of each individual director's judgment and experience.

                January 2013

              • HC-1.3.2

                The chairman must take an active lead in promoting mutual trust, open discussion, constructive dissent and support for decisions after they have been made.

                January 2013

              • HC-1.3.3

                The board must meet frequently to enable it to discharge its responsibilities effectively but in no event less than four times a year. All directors must attend the meetings whenever possible and the directors must maintain informal communication between meetings.

                January 2013

              • HC-1.3.4

                Individual board members must attend at least 75% of all Board meetings in a given financial year to enable the Board to discharge its responsibilities effectively (see table below). Voting and attendance proxies for Board meetings are prohibited at all times.

                Meetings per year 75% Attendance requirement
                4 3
                5 4
                6 5
                7 5
                8 6
                9 7
                10 8
                January 2013

              • HC-1.3.5

                The absence of Board members at Board and committee meetings must be noted in the meeting minutes. In addition, Board attendance percentage must be reported during any general assembly meeting when board members stand for re-election (e.g. Board member XYZ attended 95% of scheduled meetings this year).

                January 2013

              • HC-1.3.6

                In the event that a Board member has not attended at least 75% of Board meetings in any given financial year, the licensee must immediately notify the CBB indicating which member has failed to satisfy this requirement, his level of attendance and any mitigating circumstances affecting his non-attendance. The CBB shall then consider the matter and determine whether disciplinary action, including disqualification of that Board member pursuant to Article 65 of the CBB Law, is appropriate. Unless there are exceptional circumstances, it is likely that the CBB will take disciplinary action.

                January 2013

              • HC-1.3.7

                To meet its obligations under Rule HC-1.3.3 above, the full Board should meet once every quarter to address the Board's responsibilities for management oversight and performance monitoring. Furthermore, Board rules should require members to step down if they are not actively participating in Board meetings. Board members are reminded that non attendance at board meetings does not absolve them of their responsibilities as directors. It is important that each individual director should allocate adequate time and effort to discharge his responsibilities. All directors are expected to contribute actively to the work of the Board in order to discharge their responsibilities and should make every effort to attend board meetings where major issues are to be discussed. Licensees are encouraged to amend their articles of association to provide for telephonic and videoconference meetings. Participation in board meetings by means of video or telephone conferencing is regarded as attendance and may be recorded as such.

                January 2013

              • HC-1.3.8

                At least half the Board meetings of Bahraini licensees in any twelve-month period must be held in the Kingdom of Bahrain.

                January 2013

              • HC-1.3.9

                All licensees are required to submit, on an annual basis, as an attachment to the year-end quarterly PIR, a report recording the meetings during the year by their Board of Directors. For a sample report, refer to Appendix BR-5.

                Amended: October 2014
                January 2013

              • HC-1.3.10

                The Chairman is responsible for the leadership of the Board, and for the efficient functioning of the Board. The chairman must ensure that all directors receive an agenda, minutes of prior meetings, and adequate background information in writing before each board meeting and when necessary between meetings. Therefore it is vital that the Chairman commit sufficient time to perform his role effectively. All directors must receive the same board information. At the same time, directors have a legal duty to inform themselves and they must ensure that they receive adequate and timely information and must study it carefully (See also HC-7 for other duties of the Chairman).

                January 2013

              • HC-1.3.11

                The board should have no more than 15 members, and should regularly review its size and composition to ensure that it is small enough for efficient decision making yet large enough to have members who can contribute from different specialties and viewpoints. The board should recommend changes in board size to the shareholders when a needed change requires amendment of the licensee's Memorandum of Association.

                Amended: October 2014
                January 2013

              • HC-1.3.12

                Potential non-executive directors should be made aware of their duties before their nomination, particularly as to the time commitment required. The Nominating Committee should regularly review the time commitment required from each non-executive director and should require each non-executive director to inform the Committee before he accepts any board appointments to another licensee.

                January 2013

              • HC-1.3.13

                No Board member may have a directorship in two financing companies in Bahrain. Licensees may approach the CBB for exemption from this limit where the directorships concern licensees or financial institutions within the same group.

                January 2013

              • HC-1.3.14

                One person should not hold more than three directorships in public companies in Bahrain with the provision that no conflict of interest may exist, and the Board should not propose the election or reelection of any director who does.

                January 2013

            • HC-1.4 HC-1.4 Independence of Judgment

              • HC-1.4.1

                Every director must bring independent judgment to bear in decision making. No individual or group of directors must dominate the board's decision-making and no one individual should have unfettered powers of decision.

                January 2013

              • HC-1.4.2

                Executive directors must provide the board with all relevant business and financial information within their cognizance, and must recognise that their role as a director is different from their role as a member of management (see HC-2.3.2).

                January 2013

              • HC-1.4.3

                Non-executive directors must be fully independent of management and must constructively scrutinise and challenge management including the management performance of executive directors.

                January 2013

              • HC-1.4.4

                Where there is the potential for conflict of interest, or there is a need for impartiality, the Board must assign a sufficient number of independent Board members capable of exercising independent judgment.

                January 2013

              • HC-1.4.5

                At least half of a licensee's board should be non-executive directors and at least three of those persons should be independent directors. (Note the exception for controlled companies in Paragraph HC-1.5.2.)

                January 2013

              • HC-1.4.6

                The chairman of the board should be an independent director, so that there will be an appropriate balance of power and greater capacity of the board for independent decision making.

                January 2013

              • HC-1.4.7

                The Chairman and/or Deputy Chairman must not be the same person as the Chief Executive Officer.

                January 2013

              • HC-1.4.8

                The Chairman must not be an Executive Director.

                January 2013

              • HC-1.4.9

                Where the Chairmanship concerns licensees within the same group, licensees may approach the CBB for an exemption from Paragraph HC-1.4.8.

                January 2013

              • HC-1.4.10

                The board should review the independence of each director at least annually in light of interests disclosed by them, and their conduct. Each independent director shall provide the board with all necessary and updated information for this purpose.

                January 2013

              • HC-1.4.11

                To facilitate free and open communication among independent directors, each board meeting should be preceded or followed with a session at which only independent directors are present, except as may otherwise be determined by the independent directors themselves.

                January 2013

              • HC-1.4.12

                Where an independent director has served three consecutive terms on the board, such director will lose his/her independence status and must not be classified as an independent director if reappointed.

                Added: January 2020

              • HC-1.4.13

                Where a Chief Executive Officer of a licensee, who is also a Board member, no longer occupies the CEO position, whether due to resignation, retirement or termination, his/her Board Membership must also be immediately terminated.

                Added: January 2020

            • HC-1.5 HC-1.5 Representation of all Shareholders

              • HC-1.5.1

                Each director must consider himself as representing all shareholders and must act accordingly. The board must avoid having representatives of specific groups or interests within its membership and must not allow itself to become a battleground of vested interests. If the licensee has controllers (as defined by Module GR-5.2) (or a group of controllers acting in concert), the latter must recognise its or their specific responsibility to the other shareholders, which is direct and is separate from that of the board of directors.

                January 2013

              • HC-1.5.2

                In licensees with a controller, at least one-third of the board must be independent directors. Minority shareholders must generally look to independent directors' diligent regard for their interests, in preference to seeking specific representation on the board.

                January 2013

              • HC-1.5.3

                In licensees with controllers, both controllers and other shareholders should be aware of controllers' specific responsibilities regarding their duty of loyalty to the licensee and conflicts of interest (see Chapter HC-2) and also of rights that minority shareholders may have to elect specific directors under the Company Law or if the licensee has adopted cumulative voting for directors. The chairman of the board or other individual delegated by the chairman of the board should take the lead in explaining this with the help of the licensee's lawyers.

                January 2013

            • HC-1.6 HC-1.6 Directors' Access to Independent Advice

              • HC-1.6.1

                The board must ensure by way of formal procedures that individual directors have access to independent legal or other professional advice at the licensee's expense whenever they judge this necessary to discharge their responsibilities as directors and this must be in accordance with the licensee's policy approved by the board.

                January 2013

              • HC-1.6.2

                Individual directors must also have access to the licensee's corporate secretary, who must have responsibility for reporting to the board on board procedures. Both the appointment and removal of the corporate secretary must be a matter for the board as a whole, not for the CEO or any other officer.

                January 2013

              • HC-1.6.3

                Whenever a director has serious concerns which cannot be resolved concerning the running of the licensee or a proposed action, he should consider seeking independent advice and should ensure that the concerns are recorded in the board minutes and that any dissent from a board action is noted or delivered in writing.

                January 2013

              • HC-1.6.4

                Upon resignation, a non-executive director should provide a written statement to the chairman, for circulation to the board, if he has any concerns such as those in Paragraph HC-1.6.3.

                January 2013

            • HC-1.7 HC-1.7 Directors' Communication with Management

              • HC-1.7.1

                The board must encourage participation by management regarding matters the board is considering, and also by management members who by reason of responsibilities or succession, the CEO believes should have exposure to the directors.

                January 2013

              • HC-1.7.2

                Non-executive directors should have free access to the licensee's management beyond that provided in board meetings. Such access should be through the Chairman of the Audit Committee or CEO. The board should make this policy known to management to alleviate any management concerns about a director's authority in this regard.

                January 2013

            • HC-1.8 HC-1.8 Committees of the Board

              • HC-1.8.1

                The board must create specialised committees when and as such committees are needed. In addition to the Audit, Remuneration and Nominating Committees described elsewhere in this Module, these may include an Executive Committee to review and make recommendations to the whole board on the licensee's actions, or a Risk Committee to identify and minimize specific risks of the licensee's business.

                January 2013

              • HC-1.8.2

                The board should establish a corporate governance committee of at least three independent members which should be responsible for developing and recommending changes from time to time in the licensee's corporate governance policy framework.

                January 2013

              • HC-1.8.3

                The board or a committee may invite non-directors to participate in, but not vote at, a committee's meetings so that the committee may gain the benefit of their advice and expertise in financial or other areas.

                January 2013

              • HC-1.8.4

                Committees must act only within their mandates and therefore the board must not allow any committee to dominate or effectively replace the whole board in its decision-making responsibility.

                January 2013

              • HC-1.8.5

                Committees may be combined provided that no conflict of interest might arise between the duties of such committees, subject to CBB prior approval.

                January 2013

              • HC-1.8.6

                Every committee must have a formal written charter similar in form to the model charters which are set forth in Appendices A, B and C of this Module for the Audit, Nominating and Remuneration Committees.

                January 2013

              • HC-1.8.7

                Where committees are set up, they should keep full minutes of their activities and meet regularly to fulfill their mandates. For larger licensees that deal with the general public, committees can be a more efficient mechanism to assist the main Board in its monitoring and control of the activities of the licensee. The establishment of committees should not mean that the role of the Board is diminished, or that the Board becomes fragmented.

                January 2013

            • HC-1.9 HC-1.9 Evaluation of the Board and Each Committee

              • HC-1.9.1

                At least annually the board must conduct an evaluation of its performance and the performance of each committee and each individual director.

                January 2013

              • HC-1.9.2

                The evaluation process must include:

                (a) Assessing how the board operates, especially in light of Chapter HC-1;
                (b) Evaluating the performance of each committee in light of its specific purposes and responsibilities, which shall include review of the self-evaluations undertaken by each committee;
                (c) Reviewing each director's work, his attendance at board and committee meetings, and his constructive involvement in discussions and decision making;
                (d) Reviewing the board's current composition against its desired composition with a view toward maintaining an appropriate balance of skills and experience and a view toward planned and progressive refreshing of the board; and
                (e) Recommendations for new directors to replace long-standing members or those members whose contribution to the board or its committees (such as the audit committee) is not adequate.
                January 2013

              • HC-1.9.3

                While the evaluation is a responsibility of the entire board, it should be organised and assisted by an internal board committee and, when appropriate, with the help of external experts.

                January 2013

              • HC-1.9.4

                The board should report to the shareholders, at each annual shareholder meeting, that evaluations have been done and report its findings.

                January 2013

          • HC-2 HC-2 Approved Persons Loyalty

            • HC-2.1 HC-2.1 Principle

              • HC-2.1.1

                The approved persons must have full loyalty to the licensee.

                January 2013

            • HC-2.2 HC-2.2 Personal Accountability

              • HC-2.2.1

                Licensees are subject to a wide variety of laws, regulations and codes of best practice that directly affect the conduct of business. Such laws involve the Rulebook of the licensed exchange, the Labour Law, the Commercial Companies Law, occupational health and safety, even environment and pollution laws, as well as the Law, codes of conduct and regulations of the CBB (as amended from time to time). The Board sets the 'tone at the top' of a licensee, and has a responsibility to oversee compliance with these various requirements. The Board should ensure that the staff conduct their affairs with a high degree of integrity, taking note of applicable laws, codes and regulations.

                January 2013

              • Corporate Ethics, Conflicts of Interest and Code of Conduct

                • HC-2.2.2

                  Each member of the board must understand that under the Company Law he is personally accountable to the licensee and the shareholders if he violates his legal duty of loyalty to the licensee, and that he can be personally sued by the licensee or the shareholders for such violations.

                  January 2013

                • HC-2.2.3

                  The Board must establish corporate standards for approved persons and employees. This requirement should be met by way of a documented and published code of conduct or similar document. These standards must be communicated throughout the licensee, so that the approved persons and staff understand the importance of conducting business based on good corporate governance values and understand their accountabilities to the various stakeholders of the licensee. The licensee's approved persons and staff must be informed of and be required to fulfill their fiduciary responsibilities to the licensee's stakeholders.

                  January 2013

                • HC-2.2.4

                  An internal code of conduct is separate from the business strategy of a licensee. A code of conduct should outline the practices that approved persons and staff should follow in performing their duties. Licensees may wish to use procedures and policies to complement their codes of conduct. The suggested contents of a code of conduct are covered below:

                  (a) Commitment by the Board and management to the code. The code of conduct should be linked to the objectives of the licensee, and its responsibilities and undertakings to customers, shareholders, staff and the wider community (see HC-2.2.3 and HC-2.2.4). The code should give examples or expectations of honesty, integrity, leadership and professionalism;
                  (b) Commitment to the law and best practice standards. This commitment would include commitments to following accounting standards, industry best practice (such as ensuring that information to clients is clear, fair, and not misleading), transparency, and rules concerning potential conflicts of interest (see HC-2.3);
                  (c) Employment practices. This would include rules concerning health and safety of employees, training, policies on the acceptance and giving of business courtesies, prohibition on the offering and acceptance of bribes, and potential misuse of licensee's assets;
                  (d) How the licensee deals with disputes and complaints from clients and monitors compliance with the code; and
                  (e) Confidentiality. Disclosure of client or licensee information should be prohibited, except where disclosure is required by law (see HC-1.2.10 b).
                  January 2013

                • HC-2.2.5

                  The Central Bank expects that the Board and its members individually and collectively:

                  (a) Act with honesty, integrity and in good faith, with due diligence and care, with a view to the best interest of the licensee and its shareholders and other stakeholders (see Paragraphs HC-2.2.2 to HC-2.2.4);
                  (b) Act within the scope of their responsibilities (which should be clearly defined — see HC-1.2.9 and HC-1.2.11 and not participate in the day-to-day management of the licensee;
                  (c) Have a proper understanding of, and competence to deal with the affairs and products of the licensee and devote sufficient time to their responsibilities; and
                  (d) To independently assess and question the policies, processes and procedures of the licensee, with the intent to identify and initiate management action on issues requiring improvement. (i.e. to act as checks and balances on management).
                  January 2013

                • HC-2.2.6

                  The duty of loyalty (mentioned in Paragraph HC-2.2.2 above) includes a duty not to use property of the licensee for his personal needs as though it was his own property, not to disclose confidential information of the licensee or use it for his personal profit, not to take business opportunities of the licensee for himself, not to compete in business with the licensee, and to serve the licensee's interest in any transactions with a licensee in which he has a personal interest.

                  January 2013

                • HC-2.2.7

                  For purposes of Paragraph HC-2.2.6, an approved person should be considered to have a "personal interest" in a transaction with a licensee if:

                  (a) He himself; or
                  (b) A member of his family (i.e. spouse, father, mother, sons, daughters, brothers or sisters); or
                  (c) Another licensee of which he is a director or controller,

                  is a party to the transaction or has a material financial interest in the transaction. (Transactions and interests which are de minimis in value should not be included.)

                  January 2013

            • HC-2.3 HC-2.3 Avoidance of Conflicts of Interest

              • HC-2.3.1

                Each approved person must make every practicable effort to arrange his personal and business affairs to avoid a conflict of interest with the licensee.

                January 2013

              • HC-2.3.2

                The Board must establish and disseminate to its members and management, policies for the identification, reporting, disclosure, prevention, or strict limitation of potential conflicts of interest. It is senior management's responsibility to implement these policies. Rules concerning connected party transactions and potential conflicts of interest may be dealt with in the Code of Conduct (see HC-2.2.4). In particular, the CBB requires that any decisions to enter into transactions, under which approved persons would have conflicts of interest that are material, should be formally and unanimously approved by the full Board. Best practice would dictate that an approved person must:

                (a) Not enter into competition with the licensee;
                (b) Not demand or accept substantial gifts from the licensee for himself or connected persons;
                (c) Not misuse the licensee's assets;
                (d) Not use the licensee's privileged information or take advantage of business opportunities to which the licensee is entitled, for himself or his associates; and
                (e) Absent themselves from any discussions or decision-making that involves a subject where they are incapable of providing objective advice, or which involves a subject or (proposed) transaction where a conflict of interest exists.
                Amended: January 2020
                Added: January 2013

              • HC-2.3.3

                Licensees must have in place a board approved policy on the employment of relatives of approved persons and a summary of such policy must be disclosed in the annual report of the licensee.

                April 2016

            • HC-2.4 HC-2.4 Disclosure of Conflicts of Interest

              • HC-2.4.1

                Each approved person must inform the entire board of (potential) conflicts of interest in their activities with, and commitments to other organisations as they arise. Board members must abstain from voting on the matter in accordance with the relevant provisions of the Company Law. This disclosure must include all material facts in the case of a contract or transaction involving the approved person. The approved persons must understand that any approval of a conflicted transaction is effective only if all material facts are known to the authorising persons and the conflicted person did not participate in the decision. In any case, all approved persons must declare in writing all of their other interests in other enterprises or activities (whether as a shareholder of above 5% of the voting capital of a licensee, a manager, or other form of significant participation) to the Board (or the Nominations or Audit Committees) on an annual basis.

                January 2013

              • HC-2.4.1A

                The chief executive/general manager of the licensee must disclose to the board of directors on an annual basis relatives of any approved persons occupying controlled functions within the licensee.

                April 2016

              • HC-2.4.2

                The board should establish formal procedures for:

                (a) Periodic disclosure and updating of information by each approved person on his actual and potential conflicts of interest; and
                (b) Advance approval by directors or shareholders who do not have an interest in the transactions in which a licensee's approved person has a personal interest. The board should require such advance approval in every case.
                January 2013

            • HC-2.5 HC-2.5 Disclosure of Conflicts of Interest to Shareholders

              • HC-2.5.1

                The licensee must disclose to its shareholders in the Annual Report any abstention from voting motivated by a conflict of interest and must disclose to its shareholders any authorisation of a conflict of interest contract or transaction in accordance with the Company Law.

                January 2013

          • HC-3 HC-3 Audit Committee and Financial Statements Certification

            • HC-3.1 HC-3.1 Principle

              • HC-3.1.1

                The Board must have rigorous controls for financial audit and reporting, internal control, and compliance with law.

                January 2013

            • HC-3.2 HC-3.2 Audit Committee

              • HC-3.2.1

                The board must establish an audit committee of at least three directors of which the majority must be independent including the Chairman. The committee must:

                (a) Review the licensee's accounting and financial practices;
                (b) Review the integrity of the licensee's financial and internal controls and financial statements (particularly with reference to information passed to the Board — see HC-1.2.10). The information needs of the Board to perform its monitoring responsibilities must be defined in writing, and regularly monitored by the Audit Committee;
                (c) Review the licensee's compliance with legal requirements;
                (d) Recommend the appointment, compensation and oversight of the licensee's external auditor; and
                (e) Recommend the appointment of the internal auditor.
                January 2013

              • HC-3.2.2

                In its review of the systems and controls framework in Paragraph HC-3.2.1, the audit committee must:

                (a) Make effective use of the work of external and internal auditors. The audit committee must ensure the integrity of the licensee's accounting and financial reporting systems through regular independent review (by internal and external audit). Audit findings must be used as an independent check on the information received from management about the licensee's operations and performance and the effectiveness of internal controls;
                (b) Make use of self-assessments, stress/scenario tests, and/or independent judgments made by external advisors. The Board should appoint supporting committees, and engage senior management to assist the audit committee in the oversight of risk management; and
                (c) Ensure that senior management have put in place appropriate systems of control for the business of the licensee and the information needs of the Board; in particular, there must be appropriate systems and functions for identifying as well as for monitoring risk, the financial position of the licensee, and compliance with applicable laws, regulations and best practice standards. The systems must produce information on a timely basis.
                January 2013

              • HC-3.2.3

                The licensee must set up an internal audit function, which reports directly to the Audit Committee and administratively to the CEO.

                January 2013

              • HC-3.2.4

                The CEO must not be a member of the audit committee.

                January 2013

            • HC-3.3 HC-3.3 Audit Committee Charter

              • HC-3.3.1

                The audit committee must adopt a written charter which shall, at a minimum, state the duties outlined in Paragraph HC-3.2.1 and the other matters included in Appendix A to this Module.

                January 2013

              • HC-3.3.2

                A majority of the audit committee must have the financial literacy qualifications stated in Appendix A.

                January 2013

              • HC-3.3.3

                The board should adopt a "whistleblower" program under which employees can confidentially raise concerns about possible improprieties in financial or legal matters. Under the program, concerns may be communicated directly to any audit committee member or, alternatively, to an identified officer or employee who will report directly to the Audit Committee on this point.

                January 2013

            • HC-3.4 HC-3.4 CEO and CFO Certification of Financial Statements

              • HC-3.4.1

                To encourage management accountability for the financial statements required by the directors, the licensee's CEO and chief financial officer must state in writing to the audit committee and the board as a whole that the licensee's interim and annual financial statements present a true and fair view, in all material respects, of the licensee's financial condition and results of operations in accordance with applicable accounting standards.

                January 2013

          • HC-4 HC-4 Appointment, Training and Evaluation of the Board

            • HC-4.1 HC-4.1 Principle

              • HC-4.1.1

                The licensee must have rigorous and transparent procedures for appointment, training and evaluation of the Board.

                January 2013

            • HC-4.2 HC-4.2 Nominating Committee

              • HC-4.2.1

                The board must establish a Nominating Committee of at least three directors which must:

                (a) Identify persons qualified to become members of the board of directors or Chief Executive Officer, Chief Financial Officer, Corporate Secretary and any other officers of the licensee considered appropriate by the Board, with the exception of the appointment of the internal auditor which shall be the responsibility of the Audit Committee in accordance with Paragraph HC-3.2.1 above; and
                (b) Make recommendations to the whole board of directors including recommendations of candidates for board membership to be included by the board of directors on the agenda for the next annual shareholder meeting.
                January 2013

              • HC-4.2.2

                The committee should include only independent directors or, alternatively, only non-executive directors of whom a majority should be independent directors and the chairman should be an independent director. This is consistent with international best practice and it recognises that the Nominating Committee should exercise judgment free from personal career conflicts of interest.

                January 2013

            • HC-4.3 HC-4.3 Nominating Committee Charter

              • HC-4.3.1

                The Nominating Committee must adopt a formal written charter which must, at a minimum, state the duties outlined in Paragraph HC-4.2.1 and the other matters included in Appendix B to this Module.

                January 2013

            • HC-4.4 HC-4.4 Board Nominations to Shareholders

              • HC-4.4.1

                Each proposal by the board to the shareholders for election or reelection of a director must be accompanied by a recommendation from the board, a summary of the advice of the Nominating Committee, as applicable, and the following specific information:

                (a) The term to be served, which may not exceed three years (but there need not be a limit on reelection for further terms);
                (b) Biographical details and professional qualifications;
                (c) In the case of an independent director, a statement that the board has determined that the criteria of independent director have been met;
                (d) Any other directorships held;
                (e) Particulars of other positions which involve significant time commitments; and
                (f) Details of relationships between:
                (i) The candidate and the licensee; and
                (ii) The candidate and other directors of the licensee.
                January 2013

              • HC-4.4.2

                The chairman of the board should confirm to shareholders when proposing re-election of a director that, following a formal performance evaluation, the person's performance continues to be effective and continues to demonstrate commitment to the role. Any term beyond six years (e.g. two three-year terms) for a director should be subject to particularly rigorous review, and should take into account the need for progressive refreshing of the board. Serving more than six years is relevant to the determination of a non-executive director's independence.

                January 2013

            • HC-4.5 HC-4.5 Induction and Training of Directors

              • HC-4.5.1

                The chairman of the board must ensure that each new director receives a formal and tailored induction to ensure his contribution to the board from the beginning of his term. The induction must include:

                (a) Meetings with senior management, internal and external auditors and legal counsel;
                (b) Visits to the licensee's facilities; and
                (c) Presentations regarding strategic plans, significant financial, accounting and risk management issues and compliance programs.
                January 2013

              • HC-4.5.2

                All continuing directors must be invited to attend orientation meetings and all directors must continually educate themselves as to the licensee's business and corporate governance.

                January 2013

              • HC-4.5.3

                Management, in consultation with the chairman of the board, should hold programs and presentations to directors respecting the licensee's business and industry, which may include periodic attendance at conferences and management meetings. The Nominating Committee shall oversee directors' corporate governance educational activities.

                January 2013

          • HC-5 HC-5 Remuneration of Approved Persons

            • HC-5.1 HC-5.1 Principle

              • HC-5.1.1

                The licensee must remunerate approved persons fairly and responsibly.

                January 2013

            • HC-5.2 HC-5.2 Remuneration Committee

              • HC-5.2.1

                The Board must establish a remuneration committee of at least three directors which must:

                (a) Review the licensee's remuneration policies for the approved persons, which must be approved by the shareholders and be consistent with the corporate values and strategy of the licensee;
                (b) Make recommendations regarding remuneration policies and amounts for approved persons to the whole board, taking account of total remuneration including salaries, fees, expenses and employee benefits; and
                (c) Recommend Board member remuneration based on their attendance and performance.
                January 2013

              • HC-5.2.2

                The committee may be merged with the nominating committee.

                January 2013

            • HC-5.3 HC-5.3 Remuneration Committee Charter

              • HC-5.3.1

                The committee must adopt a written charter which must, at a minimum, state the duties in Paragraph HC-5.2.1 and other matters in Appendix C of this Module.

                January 2013

              • HC-5.3.2

                The committee should include only independent directors or, alternatively, only non-executive directors of whom a majority are independent directors and the chairman is an independent director. This is consistent with international best practice and it recognises that the remuneration committee must exercise judgment free from personal career conflicts of interest.

                January 2013

            • HC-5.4 HC-5.4 Standard for all Remuneration

              • HC-5.4.1

                Remuneration of approved persons must be sufficient enough to attract, retain and motivate persons of the quality needed to run the licensee successfully, but the licensee must avoid paying more than is necessary for that purpose.

                January 2013

              • Alignment of All Staff Remuneration with Compliance with AML/CFT Requirements

                • HC-5.4.2

                  The performance evaluation and remuneration of senior management and staff of the licensee must be based on the achievement of the Key Performance Indicators (KPIs) relevant to ensuring compliance with AML/CFT requirements as specified in Paragraphs FC-2.1.3 and FC-2.1.4.

                  Added: April 2020

            • HC-5.5 HC-5.5 Non-Executive Directors' Remuneration

              • HC-5.5.1

                Remuneration of independent directors and non-executive directors must not include performance-related elements such as grants of shares, share options or other deferred stock-related incentive schemes, bonuses, or pension benefits.

                January 2013

            • HC-5.6 HC-5.6 Senior Management's Remuneration

              • HC-5.6.1

                Remuneration of senior management must be structured so that a portion of the total is linked to the licensee's and individual's performance and aligns their interests with the interests of the shareholders.

                January 2013

              • HC-5.6.2

                Such rewards may include grants of shares, share options and other deferred stock-related incentive schemes, bonuses, and pension benefits which are not based on salary.

                January 2013

              • HC-5.6.3

                If a senior manager is also a director, his remuneration as a senior manager must take into account compensation received in his capacity as a director.

                January 2013

              • HC-5.6.4

                All share incentive plans must be approved by the shareholders.

                January 2013

              • HC-5.6.5

                All performance-based incentives should be awarded under written objective performance standards which have been approved by the board and are designed to enhance shareholder and the licensee's value, and under which shares should not vest and options should not be exercisable within less than two years of the date of award of the incentive.

                January 2013

              • HC-5.6.6

                All policies for performance-based incentives should be approved by the shareholders, but the approval should be only of the plan itself and not of the grant to specific individuals of benefits under the plan.

                January 2013

          • HC-6 HC-6 Management Structure

            • HC-6.1 HC-6.1 Principle

              • HC-6.1.1

                The board must establish a clear and efficient management structure.

                January 2013

            • HC-6.2 HC-6.2 Establishment of Management Structure

              • HC-6.2.1

                The board must appoint senior management whose authority must include management and operation of current activities of the licensee, reporting to and under the direction of the board. The senior management must include at a minimum:

                (a) A CEO;
                (b) A chief financial officer;
                (c) A corporate secretary; and
                (d) An internal auditor,

                and must also include such other approved persons as the board considers appropriate.

                January 2013

            • HC-6.3 HC-6.3 Titles, Authorities, Duties and Reporting Responsibilities

              • HC-6.3.1

                The board must adopt by-laws prescribing each senior manager's title, authorities, duties, accountabilities and internal reporting responsibilities. This must be done with the advice of the Nominating Committee and in consultation with the CEO, to whom the other senior managers should normally report.

                January 2013

              • HC-6.3.2

                These provisions must include but should not be limited to the following:

                (a) The CEO must have authority to act generally in the licensee's name, representing the licensee's interests in concluding transactions on the licensee's behalf and giving instructions to other senior managers and licensee employees;
                (b) The chief financial officer must be responsible and accountable for:
                (i) The complete, timely, reliable and accurate preparation of the licensee's financial statements, in accordance with the accounting standards and policies of the licensee (see also HC-3.4.1); and
                (ii) Presenting the board with a balanced and understandable assessment of the licensee's financial situation;
                (c) The corporate secretary's duties must include arranging, recording and following up on the actions, decisions and meetings of the Board and of the shareholders (both at annual and extraordinary meetings) in books to be kept for that purpose; and
                (d) The internal auditor's duties must include providing an independent and objective review of the efficiency of the licensee's operations. This would include a review of the accuracy and reliability of the licensee's accounting records and financial reports as well as a review of the adequacy and effectiveness of the licensee's risk management, control, and governance processes.
                January 2013

              • HC-6.3.3

                The board should also specify any limits which it wishes to set on the authority of the CEO or other senior managers, such as monetary maximums for transactions which they may authorise without separate board approval.

                January 2013

              • HC-6.3.4

                The corporate secretary should be given general responsibility for reviewing the licensee's procedures and advising the board directly on such matters (see Rule HC-6.3.2(c)). Whenever practical, the corporate secretary should be a person with legal or similar professional experience and training.

                January 2013

              • HC-6.3.5

                At least annually the board shall review and concur in a succession plan addressing the policies and principles for selecting a successor to the CEO, both in emergencies and in the normal course of business. The succession plan should include an assessment of the experience, performance, skills and planned career paths for possible successors to the CEO.

                January 2013

            • HC-6.4 HC-6.4 Compliance

              • HC-6.4.1

                The CBB expects licensees to carry out a review of their compliance with the principles in this Module on a regular basis.

                January 2013

          • HC-7 HC-7 Communication between Board and Shareholders

            • HC-7.1 HC-7.1 Principle

              • HC-7.1.1

                The licensee must communicate with shareholders, encourage their participation, and respect their rights.

                January 2013

            • HC-7.2 HC-7.2 Conduct of Shareholders' Meetings

              • HC-7.2.1

                The board must observe both the letter and the intent of the Company Law's requirements for shareholder meetings. Among other things:

                (a) Notices of meetings must be honest, accurate and not misleading. They must clearly state and, where necessary, explain the nature of the business of the meeting;
                (b) Meetings must be held during normal business hours and at a place convenient for the greatest number of shareholders to attend;
                (c) Notices of meetings must encourage shareholders to attend shareholder meetings and, if not possible, to allow shareholders to participate by proxy and must refer to procedures for appointing a proxy and for directing the proxy how to vote on a particular resolution. The proxy agreement must list the agenda items and must specify the vote (such as "yes," "no" or "abstain);
                (d) Notices must ensure that all material information and documentation is provided to shareholders on each agenda item for any shareholder meeting, including but not limited to any recommendations or dissents of directors;
                (e) The board must propose a separate resolution at any meeting on each substantially separate issue, so that unrelated issues are not "bundled" together;
                (f) In meetings where directors are to be elected or removed the board must ensure that each person is voted on separately, so that the shareholders can evaluate each person individually;
                (g) The chairman of the meeting must encourage questions from shareholders, including questions regarding the licensee's corporate governance guidelines;
                (h) The minutes of the meeting must be made available to shareholders upon their request as soon as possible but not later than 30 days after the meeting; and
                (i) Disclosure of all material facts must be made to the shareholders by the Chairman prior to any vote by the shareholders.
                January 2013

              • HC-7.2.2

                The licensee should require all directors to attend and be available to answer questions from shareholders at any shareholder meeting and, in particular, ensure that the chairs of the audit, remuneration and nominating committees are to answer appropriate questions regarding matters within their committee's responsibility (it being understood that confidential and proprietary business information may be kept confidential).

                January 2013

              • HC-7.2.3

                The licensee should require its external auditor to attend the annual shareholders' meeting and be available to answer shareholders' questions concerning the conduct and conclusions of the audit.

                January 2013

              • HC-7.2.3A

                Licensees must provide to the CBB, for its review and comment, at least 5 business days prior to communicating with the shareholders or publishing in the press, the draft agenda for any shareholders' meetings referred to in Paragraph HC-7.2.3C.

                Amended: July 2017
                April 2016

              • HC-7.2.3B

                Licensees must ensure that any agenda items to be discussed or presented during the course of meetings which require the CBB's prior approval, have received the necessary approval, prior to the meeting taking place.

                April 2016

              • HC-7.2.3C

                The licensee must invite a representative of the CBB to attend any shareholders' meetings (i.e. ordinary and extraordinary general assembly) taking place. The invitation must be provided to the CBB at least 5 business days prior to the meeting taking place.

                April 2016

              • HC-7.2.3D

                Within a maximum of 15 calendar days of any shareholders' meetings referred to in Paragraph HC-7.2.3C, the licensee must provide to the CBB a copy of the minutes of the meeting.

                April 2016

              • HC-7.2.4

                A licensee should maintain a website. The licensee should dedicate a specific section of its website to describing shareholders' rights to participate and vote at each shareholders' meeting, and should post significant documents relating to meetings including the full text of notices and minutes. The licensee may also consider establishing an electronic means for shareholders' communications including appointment of proxies. For confidential information, the licensee should grant a controlled access to such information to its shareholders.

                January 2013

              • HC-7.2.5

                In notices of meetings at which directors are to be elected or removed the licensee should ensure that:

                (a) Where the number of candidates exceeds the number of available seats, the notice of the meeting should explain the voting method by which the successful candidates will be selected and the method to be used for counting of votes; and
                (b) The notice of the meeting should present a factual and objective view of the candidates so that shareholders may make an informed decision on any appointment to the board.
                January 2013

            • HC-7.3 HC-7.3 Direct Shareholder Communication

              • HC-7.3.1

                The chairman of the board (and other directors as appropriate) must maintain continuing personal contact with controllers to solicit their views and understand their concerns. The chairman must ensure that the views of shareholders are communicated to the board as a whole. The chairman must discuss governance and strategy with controllers. Given the importance of market monitoring to enforce the "comply or explain" approach of this Module, the board should encourage shareholders to help in evaluating the licensee's corporate governance (see also HC-1.2 and 1.3 for other duties of the Chairman).

                January 2013

            • HC-7.4 HC-7.4 Controllers

              • HC-7.4.1

                In licensees with one or more controllers, the chairman and other directors must actively encourage the controllers to make a considered use of their position and to fully respect the rights of minority shareholders (see also HC-1.2 and 1.3 for other duties of the Chairman).

                January 2013

          • HC-8 HC-8 Corporate Governance Disclosure

            • HC-8.1 HC-8.1 Principle

              • HC-8.1.1

                The licensee must disclose its corporate governance.

                January 2013

            • HC-8.2 HC-8.2 Disclosure under the Company Law and CBB Requirements

              • HC-8.2.1

                In each licensee:

                (a) The board must adopt written corporate governance guidelines covering the matters stated in this Module and Module PD and other corporate governance matters deemed appropriate by the board. Such guidelines must include or refer to the principles and rules of Module HC;
                (b) The licensee must publish the guidelines on its website, if it has a website;
                (c) At each annual shareholders' meeting the board must report on the licensee's compliance with its guidelines and Module HC, and explain the extent if any to which it has varied them or believes that any variance or noncompliance was justified; and
                (d) At each annual shareholders' meeting the board must also report on further items listed in Module PD. Such information should be maintained on the licensee's website or held at the licensee's premises on behalf of the shareholders.
                Amended: January 2014
                January 2013

              • HC-8.2.2

                [This Paragraph was deleted in January 2014]

                Deleted: January 2014

              • Board's Responsibility for Disclosure

                • HC-8.2.3

                  The Board must oversee the process of disclosure and communications with internal and external stakeholders. The Board must ensure that disclosures made by the licensee are fair, transparent, comprehensive and timely and reflect the character of the licensee and the nature, complexity and risks inherent in the licensee's business activities. Disclosure policies must be reviewed for compliance with the CBB's disclosure requirements (see Chapter PD-1).

                  January 2013

          • HC-9 HC-9 Shari'a Compliant Business

            • HC-9.1 HC-9.1 Principle

              • HC-9.1.1

                Companies which refer to themselves as "Islamic" must follow the principles of Islamic Shari'a.

                January 2013

            • HC-9.2 HC-9.2 Governance and Disclosure per Shari'a Principles

              • HC-9.2.1

                Licensees which are guided by the principles of Islamic Shari'a have additional responsibilities to their stakeholders. Licensees which refer to themselves as "Islamic" are subject to additional governance requirements and disclosures to provide assurance to stakeholders that they are following Shari'a Principles. In ensuring compliance with Shari'a principles, each licensee must establish a Shari'a Supervisory Board consisting of at least three Shari'a scholars.

                January 2013

              • HC-9.2.2

                In addition to its duties outlined in Chapter HC-3 and Appendix A, the Audit Committee shall communicate and co-ordinate with the licensee's Corporate Governance Committee and the Shari'a Supervisory Board ("SSB") (where applicable) to ensure that information on compliance with Islamic Shari'a rules and principles is reported in a timely manner.

                January 2013

              • HC-9.2.3

                The Board shall set up a Corporate Governance Committee (see also Paragraph HC-1.8.2). In this case, the Committee shall comprise at least three members to coordinate and integrate the implementation of the governance policy framework.

                January 2013

              • HC-9.2.4

                The Corporate Governance Committee established under Chapter HC-9 shall comprise at a minimum of:

                (a) An independent director to chair the Corporate Governance Committee. The Chairman of the Corporate Governance Committee should not only possess the relevant skills, such as the ability to read and understand financial statements, but should also be able to coordinate and link the complementary roles and functions of the Corporate Governance Committee and the Audit Committee;
                (b) A Shari'a scholar who is an SSB member for the purpose of leading the Corporate Governance Committee on Shari'a-related governance issues (if any), and also to coordinate and link the complementary roles and functions of the Corporate Governance Committee and the SSB; and
                (c) An independent director who can offer different skills to the committee, such as legal expertise and business proficiency, which are considered particularly relevant by the Board of directors for cultivating a good corporate governance culture, and deemed "fit and proper" by the CBB.
                January 2013

              • HC-9.2.5

                The Corporate Governance Committee shall be empowered to:

                (a) Oversee and monitor the implementation of the governance policy framework by working together with the management, the Audit Committee and the SSB; and
                (b) Provide the Board of directors with reports and recommendations based on its findings in the exercise of its functions.
                January 2013

          • Appendix A Appendix A Audit Committee

            • Committee Duties

              The Committee's duties shall include those stated in Paragraph HC-3.2.1.

              January 2013

            • Committee Membership and Qualifications

              The Committee shall have at least three members. Such members must have no conflict of interest with any other duties they have for the licensee.

              A majority of the members of the committee including the Chairman shall be independent directors.

              The CEO must not be a member of this committee.

              The committee members must have sufficient technical expertise to enable the committee to perform its functions effectively. Technical expertise means that members must have recent and relevant financial ability and experience, which includes:

              (a) An ability to read and understand corporate financial statements including a licensee's balance sheet, income statement and cash flow statement and changes in shareholders' equity;
              (b) An understanding of the accounting principles which are applicable to the licensee's financial statements;
              (c) Experience in evaluating financial statements that have a level of accounting complexity comparable to that which can be expected in the licensee's business;
              (d) An understanding of internal controls and procedures for financial reporting; and
              (e) An understanding of the audit committee's controls and procedures for financial reporting.
              January 2013

            • Committee Duties and Responsibilities

              In serving those duties, the Committee shall:

              (a) Be responsible for the selection, appointment, remuneration, oversight and termination where appropriate of the external auditor, subject to ratification by the licensee's board and shareholders. The external auditor shall report directly to the committee;
              (b) Make a determination at least once each year of the external auditor's independence, including:
              (i) Determining whether its performance of any non-audit services compromised its independence (the committee may establish a formal policy specifying the types of non-audit services which are permissible) and;
              (ii) Obtaining from the external auditor a written report listing any relationships between the external auditor and the licensee or with any other person or entity that may compromise the auditor's independence;
              (c) Review and discuss with the external auditor the scope and results of its audit, any difficulties the auditor encountered including any restrictions on its access to requested information and any disagreements or difficulties encountered with management;
              (d) Review and discuss with management and the external auditor each annual and each quarterly financial statements of the licensee including judgments made in connection with the financial statements;
              (e) Review and discuss and make recommendations regarding the selection, appointment and termination where appropriate of the head of internal audit and head of compliance and the budget allocated to the internal audit and compliance function, and monitor the responsiveness of management to the committee's recommendations and findings;
              (f) Review and discuss the activities, performance and adequacy of the licensee's internal auditing and compliance personnel and procedures and its internal controls and compliance procedures, risk management systems, and any changes in those;
              (g) Oversee the licensee's compliance with legal and regulatory requirements, codes and business practices, and ensure that the licensee communicates with shareholders and relevant stakeholders (internal and external) openly and promptly, and with substance of compliance prevailing over form;
              (h) Review and discuss possible improprieties in financial reporting or other matters, and ensure that arrangements are in place for independent investigation and follow-up regarding such matters;
              (i) The committee must monitor rotation arrangements for audit engagement partners. The audit committee must monitor the performance of the external auditor and the non-audit services provided by the external auditor; and
              (j) The review and supervision of the implementation of, enforcement of and adherence to the licensee's code of conduct.
              January 2013

            • Committee Structure and Operations

              The committee shall elect one member as its chair.

              The committee shall meet at least four times a year. Its meetings may be scheduled in conjunction with regularly-scheduled meetings of the entire board.

              The committee may meet without any other director or any officer of the licensee present. Only the committee may decide if a non-member of the committee should attend a particular meeting or a particular agenda item. Non-members who are not directors of the licensee may attend to provide their expertise, but may not vote. It is expected that the external auditor's lead representative will be invited to attend regularly but that this shall always be subject to the committee's decision.

              The committee must meet with the external auditor at least twice per year, and at least once per year in the absence of any members of executive management.

              The committee shall report regularly to the full board on its activities.

              January 2013

            • Committee Resources and Authority

              The committee shall have the resources and authority necessary for its duties and responsibilities, including the authority to select, retain, terminate and approve the fees of outside legal, accounting or other advisors as it deems necessary or appropriate, without seeking the approval of the board or management. The licensee shall provide appropriate funding for the compensation of any such persons.

              January 2013

            • Committee Performance Evaluation

              The committee shall prepare and review with the board an annual performance evaluation of the committee, which shall compare the committee's performance with the above requirements and shall recommend to the board any improvements deemed necessary or desirable to the committee's charter. The report must be in the form of a written report provided at any regularly scheduled board meeting.

              January 2013

          • Appendix B Appendix B Nominating Committee

            • Committee Duties

              The committee's duties shall include those stated in Paragraph HC-4.2.1.

              January 2013

            • Committee Duties and Responsibilities

              In serving those duties with respect to board membership:

              (a) The committee shall make recommendations to the board from time to time as to changes the committee believes to be desirable to the size of the board or any committee of the board;
              (b) Whenever a vacancy arises (including a vacancy resulting from an increase in board size), the committee shall recommend to the board a person to fill the vacancy either through appointment by the board or through shareholder election;
              (c) In performing the above responsibilities, the committee shall consider any criteria approved by the board and such other factors as it deems appropriate. These may include judgment, specific skills, experience with other comparable businesses, the relation of a candidate's experience with that of other board members, and other factors;
              (d) The committee shall also consider all candidates for board membership recommended by the shareholders and any candidates proposed by management;
              (e) The committee shall identify board members qualified to fill vacancies on any committee of the board and recommend to the board that such person appoint the identified person(s) to such committee; and
              (f) Assuring that plans are in place for orderly succession of senior management.

              In serving those purposes with respect to officers the committee shall:

              (a) Make recommendations to the board from time to time as to changes the committee believes to be desirable in the structure and job descriptions of the officers including the CEO, and prepare terms of reference for each vacancy stating the job responsibilities, qualifications needed and other relevant matters including integrity, technical and managerial competence, and experience;
              (b) Overseeing succession planning and replacing key executives when necessary, and ensuring appropriate resources are available, and minimising reliance on key individuals;
              (c) Design a plan for succession and replacement of officers including replacement in the event of an emergency or other unforeseeable vacancy; and
              (d) If charged with responsibility with respect to licensee's corporate governance guidelines, the committee shall develop and recommend to the board corporate governance guidelines, and review those guidelines at least once a year.
              January 2013

            • Committee Structure and Operations

              The committee shall elect one member as its chair.

              The committee shall meet at least twice a year. Its meetings may be scheduled in conjunction with regularly-scheduled meetings of the entire board.

              January 2013

            • Committee Resources and Authority

              The committee shall have the resources and authority necessary for its duties and responsibilities, including the authority to select, retain, terminate and approve the fees of outside legal, consulting or search firms used to identify candidates, without seeking the approval of the board or management. The licensee shall provide appropriate funding for the compensation of any such persons.

              January 2013

            • Performance Evaluation

              The committee shall preview and review with the board an annual performance evaluation of the committee, which shall compare the committee's performance with the above requirements and shall recommend to the board any improvements deemed necessary or desirable to the committee's charter. The report must be in the form of a written report provided at any regularly scheduled board meeting.

              January 2013

          • Appendix C Appendix C Remuneration Committee

            • Committee Duties

              The committee's duties shall include those stated in Paragraph HC-5.2.1.

              January 2013

            • Committee Duties and Responsibilities

              In serving those duties the committee shall consider, and make specific recommendations to the board on, both remuneration policy and individual remuneration packages for the CEO and other senior managers. This remuneration policy should cover at least:

              (a) The following components:
              (i) Salary;
              (ii) The specific terms of performance-related plans including any stock compensation, stock options, or other deferred-benefit compensation;
              (iii) Pension plans;
              (iv) Fringe benefits such as non-salary perks; and
              (v) Termination policies including any severance payment policies; and
              (b) Policy guidelines to be used for determining remuneration in individual cases, including on:
              (i) The relative importance of each component noted in a) above;
              (ii) Specific criteria to be used in evaluating a senior manager's performance.

              The committee shall evaluate the CEO's and senior management's performance in light of the licensee's corporate goals, agreed strategy, objectives and business plans and may consider the licensee's performance and shareholder return relative to comparable licensees, the value of awards to CEOs at comparable licensees, and awards to the CEO in past years.

              The committee should also be responsible for retaining and overseeing outside consultants or firms for the purpose of determining approved persons' remuneration, administering remuneration plans, or related matters.

              January 2013

            • Committee Structure and Operations

              The committee shall elect one member as its chair.

              The committee shall meet at least twice a year. Its meetings may be scheduled in conjunction with regularly-scheduled meetings of the entire board.

              January 2013

            • Committee Resources and Authority

              The committee shall have the resources and authority necessary for its duties and responsibilities, including the authority to select, retain, terminate and approve the fees of outside legal, consulting or compensation firms used to evaluate the compensation of directors, the CEO or other approved persons, without seeking the approval of the board or management. The licensee shall provide appropriate funding for the compensation of any such persons.

              January 2013

            • Performance Evaluation

              The committee shall preview and review with the board an annual performance evaluation of the committee, which shall compare the committee's performance with the above requirements and shall recommend to the board any improvements deemed necessary or desirable to the committee's charter. The report must be in the form of a written report provided at any regularly scheduled board meeting.

              January 2013

          • Appendix D Corporate Governance Disclosure to Shareholders

            [The requirements of this Appendix were moved to Module PD in January 2014]

            Deleted: January 2014

        • GR GR Financing Companies General Requirements Module

          • GR-A GR-A Introduction

            • GR-A.1 GR-A.1 Purpose

              • Executive Summary

                • GR-A.1.1

                  The General Requirements Module presents a variety of different requirements that are not extensive enough to warrant their own stand-alone Module, but for the most part are generally applicable. These include general requirements on books and records, the use of corporate and trade names; on the distribution of dividends; on controllers; and on suspension of business. Each set of requirements is contained in its own Chapter.

                  January 2013

              • Legal Basis

                • GR-A.1.2

                  This Module contains the Central Bank of Bahrain ('CBB') Directive (as amended from time to time) regarding general requirements applicable to financing company licensees, and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). The Module also contains requirements prescribed under Resolution No.(43) of 2011 governing the conditions of granting a license for the provision of regulated services and is issued under the powers available to the CBB under Article 44(c). Requirements regarding controllers (see Chapter GR-5) are also included in Regulations, to be issued by the CBB.

                  January 2013

                • GR-A.1.3

                  For an explanation of the CBB's rule-making powers and different regulatory instruments, see section UG-1.1.

                  January 2013

            • GR-A.2 GR-A.2 Module History

              • Evolution of Module

                • GR-A.2.1

                  This Module was first issued in January 2013 by the CBB. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG-3 provides further details on Rulebook maintenance and version control.

                  January 2013

                • GR-A.2.2

                  A list of recent changes made to this Module is detailed in the table below:

                  Module Ref. Change Date Description of Changes
                  GR-1.1.3 04/2013 Corrected reference to 'transaction' records.
                  GR-6.1.8 10/2016 Added an additional requirement for cessation of business to be consistent with other Volumes of the CBB Rulebook.
                  GR-4.1.7 01/2017 Consistency of notification timeline rule on controllers with other Volumes of the CBB Rulebook.
                  GR-1.2.1 07/2017 Amended paragraph according to the Legislative Decree No. (28) of 2002.
                  GR-1.2.2 07/2017 Deleted paragraph.
                  GR-3.1.3 10/2017 Amended paragraph and changed from Guidance to Rule.
                  GR-4.1.1A 04/2019 Added a new Paragraph on exposures to controllers.
                  GR-4.1.1B 04/2019 Added a new Paragraph on exposures to controllers.
                  GR-1.2.1 01/2020 Amended Paragraph.
                  GR-6.1.8 04/2020 Amended Paragraph.
                  GR-7 01/2021 Added a new Chapter on Prepaid Cards.

          • GR-B GR-B Scope of Application

            • GR-B.1 GR-B.1 Financing Company Licensees

              • GR-B.1.1

                The requirements in Module GR (General Requirements) apply to all financing company licensees, thereafter referred to in this Module as licensees.

                January 2013

          • GR-1 GR-1 Books and Records

            • GR-1.1 GR-1.1 General Requirements

              • GR-1.1.1

                In accordance with Article 59 of the CBB Law, all licensees must maintain books and records (whether in electronic or hard copy form) sufficient to produce financial statements and show a complete record of the business undertaken by a licensee. These records must be retained for at least ten years according to Article 60 of the CBB Law.

                January 2013

              • GR-1.1.2

                GR-1.1.1 includes accounts, books, files and other records (e.g. trial balance, general ledger, nostro/vostro statements, reconciliations, list of counterparties). It also includes records that substantiate the value of the assets, liabilities and off-balance sheet activities of the licensee (e.g. client activity files and valuation documentation).

                January 2013

              • GR-1.1.3

                Separately, Bahrain Law currently requires other transaction records to be retained for at least five years (see Ministerial Order No. 23 of 2002, Article 5(2), made pursuant to the Amiri Decree Law No. 4 of 2001).

                Amended: April 2013
                January 2013

              • GR-1.1.4

                Unless otherwise agreed to by the CBB in writing, records must be kept in either English or Arabic. Any records kept in languages other than English or Arabic must be accompanied by a certified English or Arabic translation. Records must be kept current. The records must be sufficient to allow an audit of the licensee's business or an on-site examination of the licensee by the CBB.

                January 2013

              • GR-1.1.5

                Translations produced in compliance with Rule GR-1.1.4 may be undertaken in-house, by an employee or contractor of the licensee, provided they are certified by an appropriate officer of the licensee.

                January 2013

              • GR-1.1.6

                Records must be accessible at any time from within the Kingdom of Bahrain, or as otherwise agreed with the CBB in writing.

                January 2013

              • GR-1.1.7

                Where older records have been archived, the CBB may accept that records be accessible within a reasonably short time frame (e.g. within 5 business days), instead of immediately. The CBB may also agree similar arrangements where elements of record retention and management have been centralised in another group company, whether inside or outside of Bahrain.

                January 2013

              • GR-1.1.8

                Paragraphs GR-1.1.1 to GR-1.1.7 apply to licensees, with respect to all business activities.

                January 2013

            • GR-1.2 GR-1.2 Transaction Records

              • GR-1.2.1

                Licensees must keep completed transaction records for as long as they are relevant for the purposes for which they were made (with a minimum period in all cases of five years from the date when the transaction was terminated). Records of terminated transactions must be kept whether in hard copy or electronic format as per the Legislative Decree No. (54) of 2018 with respect to Electronic Transactions “The Electronic Communications and Transactions Law” and its amendments.

                Amended: January 2020
                Amended: July 2017
                Added: January 2013

              • GR-1.2.2

                [This Paragraph has been deleted in July 2017].

                Deleted: July 2017
                January 2013

              • GR-1.2.3

                Rule GR-1.2.1 applies only to transactions relating to business booked in Bahrain by the licensee.

                January 2013

            • GR-1.3 GR-1.3 Other Records

              • Corporate Records

                • GR-1.3.1

                  Licensees must maintain the following records in original form or in hard copy at their premises in Bahrain:

                  (a) Internal policies, procedures and operating manuals;
                  (b) Corporate records, including minutes of shareholders', Directors' and management meetings;
                  (c) Correspondence with the CBB and records relevant to monitoring compliance with CBB requirements;
                  (d) Reports prepared by the licensee's internal and external auditors; and
                  (e) Employee training manuals and records.
                  January 2013

                • GR-1.3.2

                  [This Paragraph is intentionally left blank].

                  Added: April 2013

              • Customer Records

                • GR-1.3.3

                  Record-keeping requirements with respect to customer records, including customer identification and due diligence records, are contained in Module FC (Financial Crime).

                  January 2013

              • Promotional Schemes

                • GR-1.3.4

                  Licensees must maintain all materials related to promotional schemes as outlined in Section BC-1.1 for a minimum period of 5 years.

                  January 2013

          • GR-2 GR-2 Corporate and Trade Names

            • GR-2.1 GR-2.1 Vetting of Names

              • GR-2.1.1

                Licensees must seek prior written approval from the CBB for their corporate name and any trade names.

                January 2013

              • GR-2.1.2

                In approving a corporate or trade name, the CBB seeks to ensure that it is sufficiently distinct as to reduce possible confusion with other unconnected businesses, particularly those operating in the financial services sector. The CBB also seeks to ensure that names used by unregulated subsidiaries do not suggest those subsidiaries are in fact regulated.

                January 2013

            • GR-2.2 GR-2.2 Publication of Documents by the Licensee

              • GR-2.2.1

                Any written communication, including stationery, business cards or other business documentation published by the licensee, or used by its employees must include a statement that the licensee is regulated by the Central Bank of Bahrain, the type of license and the legal status.

                January 2013

          • GR-3 GR-3 Dividends

            • GR-3.1 GR-3.1 CBB Non-Objection

              • GR-3.1.1

                Licensees must obtain a letter of no-objection from the CBB to any dividend proposed, before announcing the proposed dividend by way of press announcement or any other means of communication and prior to submitting a proposal for a distribution of profits to a shareholder vote.

                January 2013

              • GR-3.1.2

                The CBB will grant a no-objection letter where it is satisfied that the level of dividend proposed is unlikely to leave the licensee vulnerable — for the foreseeable future — to breaching the CBB's capital requirements, taking into account (as appropriate) the licensee's liquidity, the adequacy of provisions against impaired credit facilities or other assets and the level of realised gains in reported profits.

                January 2013

              • GR-3.1.3

                To facilitate the prior approval required under Paragraph GR-3.1.1, licensees must provide the CBB with:

                (a) The licensee's intended percentage and amount of proposed dividends for the coming year;
                (b) A letter of no objection from the licensee's external auditor on such profit distribution; and
                (c) A detailed analysis of the impact of the proposed dividend on the capital adequacy requirements outlined in Module CA (Capital Adequacy) and the liquidity position of the licensee.
                Amended: October 2017
                January 2013

          • GR-4 GR-4 Controllers

            • GR-4.1 GR-4.1 Key Provisions

              • GR-4.1.1

                Licensees must obtain prior approval from the CBB for any of the following changes to their controllers (as defined in Section GR-4.2 and subject to the limits as outlined in GR-4.3):

                (a) A new controller;
                (b) An existing controller increasing its holding from below 20% to 20%;
                (c) An existing controller increasing its holding from above 20% to 30%;
                (d) An existing controller increasing its holding above 30% to 40%; or
                (e) An existing controller increasing its holding above 40%.
                January 2013

              • GR-4.1.1A

                Licensees must not incur or otherwise have an exposure (either directly or indirectly) to their controllers, including subsidiaries and associated companies of such controllers.

                Added: April 2019

              • GR-4.1.1B

                For the purpose of Paragraph GR-4.1.1A, licensees that al have an exposure to controllers must have an action plan agreed with the CBB's supervisory point of contact to address such exposures within a timeline agreed with the CBB.

                Added: April 2019

              • GR-4.1.2

                Condition 3 of the CBB's licensing conditions specifies, among other things, that licensees must satisfy the CBB that their controllers are suitable and pose no undue risks to the licensee (See Paragraph AU-2.3.1). There are also certain procedures which are set out in Articles 52 to 56 of the CBB Law on controllers. Licensees and their controllers must also observe the CBB's Capital Markets requirements in respect of changes in holdings of shares of listed companies.

                January 2013

              • GR-4.1.3

                Applicants for a license must provide details of their controllers, by submitting a duly completed Form 2 (Application for Authorisation of Controller). (See sub-Paragraph AU-4.1.4(a)).

                January 2013

              • GR-4.1.4

                There are strict limits on changes in the holdings of shares held by controllers in licensees or the extent of voting control exercised by controllers in licensees. These limits are outlined in Section GR-4.3. Failure to observe these limits may lead to imposition of enforcement provisions of the Rulebook on the licensee and other penalties on the controller under the provisions of the CBB Law as outlined in Paragraph GR-4.1.2, including loss of voting power or transfer of shares.

                January 2013

              • GR-4.1.5

                Where a controller is a legal person, any change in its shareholding must be notified to the CBB at the earlier of:

                (a) When the change takes effect; and
                (b) When the controller becomes aware of the proposed change.
                January 2013

              • GR-4.1.6

                For approval under Paragraph GR-4.1.1 to be granted, the CBB must be satisfied that the proposed controller or increase in control poses no undue risks to the licensee. The CBB will therefore consider or reconsider the criteria outlined in Paragraphs GR-4.3.6 to GR-4.3.8 in any request for approval. The CBB may impose any restrictions that it considers necessary to be observed in case of its approval of a new controller, or any of the changes listed to existing controllers in Paragraph GR-4.1.1. These restrictions will include the applicable maximum allowed limit of holding or control (as outlined in Section GR-4.3). A duly completed Form 2 (Controllers) must be submitted as part of the request for a change in controllers. An approval of controller will specify the applicable period for effecting the proposed acquisition of shares.

                January 2013

              • GR-4.1.7

                If, as a result of circumstances outside the licensee's knowledge and/or control, one of the changes specified in Paragraph GR-4.1.1 is triggered prior to CBB approval being sought or obtained, the licensee must notify the CBB no later than 15 calendar days from the date on which those changes have occurred.

                Amended: January 2017
                January 2013

              • GR-4.1.8

                The approval provisions outlined above do not apply to existing holdings or existing voting control by controllers al approved by the CBB. The approval provisions apply to new/prospective controllers or to increases in existing holdings/voting control as outlined in Paragraph GR-4.1.1.

                January 2013

              • GR-4.1.9

                Licensees are required to notify the CBB as soon as they become aware of events that are likely to lead to changes in their controllers. The criteria by which the CBB assesses the suitability of controllers are set out in Section GR-4.3. The CBB aims to respond to requests for approval within 30 calendar days and is obliged to reply within 3 months to a request for approval. The CBB may contact references and supervisory bodies in connection with any information provided to support an application for controller. The CBB may also ask for further information, in addition to that provided in Form 2, if required to satisfy itself as to the suitability of the applicant.

                January 2013

              • GR-4.1.10

                Licensees must submit, within 3 months of their financial year-end, a report on their controllers (See Subparagraph BR-1.1.2(f)). This report must identify all controllers of the licensee, as defined in Section GR-4.2 and the extent of their shareholding interests.

                January 2013

            • GR-4.2 GR-4.2 Definition of Controller

              • GR-4.2.1

                A controller of a licensee is a natural or legal person who either alone, or with his associates:

                (a) Holds 10% or more of the shares in the licensee ("L"), or is able to exercise (or control the exercise of) 10% or more of the voting power in L;
                (b) Holds 10% or more of the shares in a parent undertaking ("P") of L, or is able to exercise (or control the exercise of ) 10% or more of the voting power in P; or
                (c) Is able to exercise significant influence over the management of L or P.
                January 2013

              • GR-4.2.2

                For the purposes of Paragraph GR-4.2.1, "associate" includes:

                (a) The spouse, son(s) or daughter(s) of a controller;
                (b) An undertaking of which a controller is a Director;
                (c) A person who is an employee or partner of the controller; and
                (d) If the controller is a corporate entity, a Director of the controller, a subsidiary of the controller, or a Director of any subsidiary undertaking of the controller.
                January 2013

              • GR-4.2.3

                Associate also includes any other person or undertaking with which the controller has entered into an agreement or arrangement as to the acquisition, holding or disposal of shares or other interests in the licensee, or under which they undertake to act together in exercising their voting power in relation to the licensee.

                January 2013

            • GR-4.3 GR-4.3 Suitability of Controllers

              • GR-4.3.1

                All new controllers or prospective controllers (as defined in Section GR-4.2) of a licensee must obtain the approval of the CBB. Any increases to existing controllers' holdings or voting control (as outlined under Paragraph GR-4.1.1) must also be approved by the CBB and are subject to the conditions outlined in this Section. Such changes in existing controllers (as defined in the Section GR-4.2) or new/prospective controllers of a licensee must satisfy the CBB of their suitability and appropriateness according to the criteria outlined in Paragraphs GR-4.3.6 to GR-4.3.8. The CBB will issue an approval notice or notice of refusal of a controller according to the approval process outlined in Section GR-4.4 and Paragraph GR-4.1.5.

                January 2013

              • GR-4.3.2

                All controllers or prospective controllers (whether natural or legal persons) of all licensees are subject to the approval of the CBB. Persons who intend to take ownership stakes of 10% or above of the voting capital of a licensee are subject to enhanced scrutiny, given the CBB's position as home supervisor of such licensees. The level of scrutiny and the criteria for approval become more onerous as the level of proposed ownership increases. Existing and prospective controllers should therefore take particular note of the requirements of Paragraphs GR-4.3.3 to GR-4.3.8 if they wish to take more substantial holdings or control.

                As a matter of policy, the CBB distinguishes between regulated legal persons (i.e. financial institutions) and unregulated legal persons and natural persons as controllers. Unregulated legal persons and natural persons are subject to greater due diligence and therefore have more stringent conditions to satisfy. Regulated legal persons must satisfy home country prudential requirements. The CBB may also contact their home regulators for information on their "fit & proper" status.

                January 2013

              • GR-4.3.3

                A natural person will not be allowed to own or control more than 15% of the voting capital of a licensee. Such person must satisfy the conditions in Paragraph GR-4.3.6 below.

                January 2013

              • GR-4.3.4

                An unregulated legal person (including companies, trusts, partnerships) will not be allowed to own or control more than 20% of the voting capital of a licensee. All such persons must satisfy the conditions in Paragraph GR-4.3.7 below.

                January 2013

              • GR-4.3.5

                The CBB will only permit financial institutions which are subject to effective consolidated supervision under a regulatory framework consistent with the Basel Core Principles, the IOSCO Principles or the IAIS Principles to become controllers with a holding of more than 20% of the voting capital of a licensee. Furthermore, the concerned regulated financial institution must satisfy the conditions in Paragraph GR-4.3.7 and also the specific conditions in Paragraph GR-4.3.8 below. A regulated financial institution will not be approved as a controller of a locally listed licensee if it wishes to acquire more than 40% of the voting capital. Subject to the discretion of the CBB, regulated financial institutions from reputable jurisdictions may be allowed to own or control holdings of voting capital of unlisted locally incorporated licensees in excess of the above mentioned 40% level.

                January 2013

              • GR-4.3.6

                In assessing the suitability and the appropriateness of new/prospective controllers (and existing controllers proposing to increase their shareholdings) who are natural persons, CBB has regard to their professional and personal conduct, including, but not limited to, the following:

                (a) The propriety of a person's conduct, whether or not such conduct resulted in conviction for a criminal offence, the contravention of a law or regulation, or the institution of legal or disciplinary proceedings;
                (b) A conviction or finding of guilt in respect of any offence, other than a minor traffic offence, by any court or competent jurisdiction;
                (c) Any adverse finding in a civil action by any court or competent jurisdiction, relating to fraud, misfeasance or other misconduct in connection with the formation or management of a corporation or partnership;
                (d) Whether the person has been the subject of any disciplinary proceeding by any government authority, regulatory agency or professional body or association;
                (e) The contravention of any financial services legislation or regulation;
                (f) Whether the person has ever been refused a license, authorisation, registration or other authority;
                (g) Dismissal or a request to resign from any office or employment;
                (h) Disqualification by a court, regulator or other competent body, as a Director or as a manager of a corporation;
                (i) Whether the person has been a Director, partner or manager of a corporation or partnership which has gone into liquidation or administration or where one or more partners or managers have been declared bankrupt whilst the person was connected with that partnership or corporation;
                (j) The extent to which the person has been truthful and open with regulators;
                (k) Whether the person has ever been adjudged bankrupt, entered into any arrangement with creditors in relation to the inability to pay due debts, or failed to satisfy a judgement debt under a court order or has defaulted on any debts;
                (l) The person's track record as a controller of, or investor in financial institutions.
                (m) The financial resources of the person and the likely stability of their shareholding;
                (n) Existing Directorships or ownership of more than 20% of the capital or voting rights of any financial institution in the Kingdom of Bahrain or elsewhere, and the potential for conflicts of interest that such Directorships or ownership may imply;
                (o) The legitimate interests of creditors and minority shareholders of the licensee;
                (p) If the approval of a person as a controller is or could be detrimental to the subject licensee, Bahrain's financial sector or the national interests of the Kingdom of Bahrain; and
                (q) Whether the person is able to deal with existing shareholders and the board in a constructive and co-operative manner.
                January 2013

              • GR-4.3.7

                In assessing the suitability and appropriateness of legal persons as controllers (wishing to increase their shareholding) or new/potential controllers, the CBB has regard to their financial standing, judicial and regulatory record, and standards of business practice and reputation, including, but not limited to, the following:

                (a) The financial strength of the person, its parent(s) and other members of its group, its implications for the licensee and the likely stability of the person's shareholding;
                (b) Whether the person or members of its group have ever entered into any arrangement with creditors in relation to the inability to pay due debts;
                (c) The person's jurisdiction of incorporation, location of Head Office, group structure and connected counterparties and the implications for the licensee as regards effective supervision of the licensee and potential conflicts of interest;
                (d) The person's (and other group members') propriety and general standards of business conduct, including the contravention of any laws or regulations including financial services legislation on regulations, or the institution of disciplinary proceedings by a government authority, regulatory agency or professional body;
                (e) Any adverse finding in a civil action by any court or competent jurisdiction, relating to fraud, misfeasance or other misconduct;
                (f) Any criminal actions instigated against the person or other members of its group, whether or not this resulted in an adverse finding;
                (g) The extent to which the person or other members of its group have been truthful and open with regulators and supervisors;
                (h) Whether the person has ever been refused a licence, authorisation, registration or other authority;
                (i) The person's track record as a controller of, or investor in financial institutions;
                (j) The legitimate interests of creditors and shareholders of the licensee;
                (k) Whether the approval of a controller is or could be detrimental to the subject licensee, Bahrain's financial sector or the national interests of the Kingdom of Bahrain;
                (l) Whether the person is able to deal with existing shareholders and the board in a constructive manner; and
                (m) Existing Directorships or ownership of more than 20% of the capital or voting rights of any financial institution in the Kingdom of Bahrain or elsewhere, and the potential for conflicts of interest that such Directorships or ownership may imply.
                January 2013

              • GR-4.3.8

                Regulated financial institutions wishing to acquire more than 20% of the voting capital of a licensee must observe the following additional conditions:

                (a) The person must be subject to effective consolidated supervision by a supervisory authority which effectively implements the Basel Core Principles, the IOSCO Principles or the IAIS Principles as well as the FATF 40+9 Recommendations on Money Laundering and Terrorist Financing;
                (b) The home supervisor of the person must give its formal written prior approval for (or otherwise raise no objection to) the proposed acquisition of the licensee;
                (c) The home supervisor of the person must confirm to the CBB that it will require the person to consolidate the activities of the concerned licensee for regulatory and accounting purposes if the case so requires;
                (d) The home supervisor of the person must formally agree to the exchange of customer information between the person and its prospective Bahraini subsidiary/acquisition for AML/CFT purposes and for large exposures monitoring purposes;
                (e) The home supervisor of the person and the CBB must (if not al in place) conclude a Memorandum of Understanding in respect of supervisory responsibilities, exchange of information and mutual inspection visits;
                (f) The person must provide an acceptably worded letter of guarantee to the CBB in respect of its obligation to support the licensee; and
                (g) The licensee will be subject to the provisions of Chapter CM-5 in respect of exposures to its controller.
                January 2013

            • GR-4.4 GR-4.4 Approval Process

              • GR-4.4.1

                Within 3 months of receipt of an approval request under Paragraph GR-4.1.1, the CBB will issue an approval notice (with or without restrictions) or a written notice of refusal if it is not satisfied that the person concerned is suitable to increase his shareholding in, or become a controller of the licensee. The notice of refusal or notice of approval with conditions will specify the reasons for the objection or restriction and specify the applicant's right of appeal in either case. Where an approval notice is given, it will specify the period for which it is valid and any conditions that attach (see Paragraph GR-4.1.5). These conditions will include the maximum permitted limit of holding or voting control exercisable by the controller.

                January 2013

              • GR-4.4.2

                Notices of refusal have to be approved by an Executive Director of the CBB. The applicant has 30 calendar days from the date of the notice in which to make written representation as to why his application should not be refused. The CBB then has 30 calendar days from the date of receipt of those representations to reconsider the evidence submitted and make a final determination, pursuant to Article 53 of the Central Bank of Bahrain and Financial Institutions Law (Decree No. 64 of 2006) ("CBB Law") and Module EN (Enforcement).

                January 2013

              • GR-4.4.3

                Pursuant to Article 56 of the CBB Law, where a person has become a controller by virtue of his shareholding in contravention of Paragraph GR-4.1.1, or a notice of refusal has been served to him under Paragraph GR-4.4.1 and the period of appeal has expired, the CBB may, by notice in writing served on the person concerned, direct that his shareholding shall be transferred or until further notice, no voting right shall be exercisable in respect of those shares.

                January 2013

              • GR-4.4.4

                Article 56 of the CBB Law empowers the CBB to take appropriate precautionary measures, or sell such shares mentioned in Paragraph GR-4.4.3, if the licensee fails to carry out the order referred to in the preceding Paragraph.

                January 2013

          • GR-5 GR-5 Close Links

            • GR-5.1 GR-5.1 Key Provisions

              • GR-5.1.1

                Condition 3 of the CBB's licensing conditions specifies, amongst other things, that licensees must satisfy the CBB that their close links do not prevent the effective supervision of the licensee and otherwise pose no undue risks to the licensee. (See Paragraph AU-2.3.1).

                January 2013

              • GR-5.1.2

                Applicants for a license must provide details of their close links, as provided for under Form 1 (Application for a License). (See Paragraph AU-4.1.1).

                January 2013

              • GR-5.1.3

                Licensees must submit to the CBB, within 3 months of their financial year-end, a report on their close links (See Subparagraph BR-1.1.2(g)). The report must identify all undertakings closely linked to the licensee, as defined in Section GR-5.2.

                January 2013

              • GR-5.1.4

                Licensees may satisfy the requirement in Paragraph GR-5.1.3 by submitting a corporate structure chart, identifying all undertakings closely linked to the licensee.

                January 2013

              • GR-5.1.5

                Licensees must provide information on undertakings with which they are closely linked, as requested by the CBB.

                January 2013

            • GR-5.2 GR-5.2 Definition of Close Links

              • GR-5.2.1

                A licensee ('L') has close links with another undertaking ('U'), if:

                (a) U is a parent undertaking of L;
                (b) U is a subsidiary undertaking of L;
                (c) U is a subsidiary undertaking of a parent undertaking of L;
                (d) U, or any other subsidiary undertaking of its parent, owns or controls 20% or more of the voting rights or capital of L; or
                (e) L, any of its parent or subsidiary undertakings, or any of the subsidiary undertakings of its parent, owns or controls 20% or more of the voting rights or capital of U.
                January 2013

            • GR-5.3 GR-5.3 Assessment Criteria

              • GR-5.3.1

                In assessing whether a licensee's close links may prevent the effective supervision of the licensee, or otherwise poses no undue risks to the licensee, the CBB takes into account the following:

                (a) Whether the CBB will receive adequate information from the licensee, and those with whom the licensee has close links, to enable it to determine whether the licensee is complying with CBB requirements;
                (b) The structure and geographical spread of the licensee, its group and other undertakings with which it has close links, and whether this might hinder the provision of adequate and reliable flows of information to the CBB, for instance because of operations in territories which restrict the free flow of information for supervisory purposes; and
                (c) Whether it is possible to assess with confidence the overall financial position of the group at any particular time, and whether there are factors that might hinder this, such as group members having different financial year ends or auditors, or the corporate structure being unnecessarily complex and opaque.
                January 2013

          • GR-6 GR-6 Cessation of Business

            • GR-6.1 GR-6.1 CBB Approval

              • GR-6.1.1

                As specified in Article 50 of the CBB Law, a licensee wishing to cease to provide or suspend any or all of the licensed regulated services of its operations and/or liquidate its business must obtain the CBB's prior approval.

                January 2013

              • GR-6.1.2

                Licensees must notify the CBB in writing at least six months in advance of their intended suspension of any or all the licensed regulated services or cessation of business, setting out how they propose to do so and, in particular, how they will treat any of their liabilities.

                January 2013

              • GR-6.1.3

                If the licensee wishes to liquidate its business, the CBB will revise its license to restrict the firm from entering into new business. The licensee must continue to comply with all applicable CBB requirements until such time as it is formally notified by the CBB that its obligations have been discharged and that it may surrender its license.

                January 2013

              • GR-6.1.4

                A licensee in liquidation must continue to meet its contractual and regulatory obligations to its clients and creditors.

                January 2013

              • GR-6.1.5

                Once the licensee believes that it has discharged all its remaining contractual obligations to clients and creditors, it must publish a notice in two national newspapers in Bahrain approved by the CBB (one being in English and one in Arabic), stating that it has settled all its dues and wishes to leave the market. According to Article 50 of the CBB Law, such notice shall be given after receiving the approval of the CBB, not less than 30 days before the actual cessation is to take effect.

                January 2013

              • GR-6.1.6

                The notice referred to in Paragraph GR-6.1.5 must include a statement that written representations concerning the liquidation may be sent to the CBB before a specified day, which shall not be later than thirty days after the day of the first publication of the notice. The CBB will not decide on the application until after considering any representations made to the CBB before the specified day.

                January 2013

              • GR-6.1.7

                If no objections to the liquidation are upheld by the CBB, then the CBB may issue a written notice of approval for the surrender of the license.

                January 2013

              • GR-6.1.8

                Upon satisfactorily meeting the requirements set out in GR-6.1., the licensees must surrender the original license certificate issued by the Licensing Directorate at the time of establishment, and submit confirmation of the cancellation of its commercial registration from the Ministry of Industry, Commerce and Tourism.

                Amended: April 2020
                Added: October 2016

          • GR-7 Prepaid Cards

            • GR-7.1 GR-7.1 General Requirements

              • GR-7.1.1

                Licensees must place any prepaid card which is inactive for a period of six months on the “dormant” list.

                Added: January 2021

      • Business Standards

        • CA CA Financing Companies Capital Adequacy Module

          • CA-A CA-A Introduction

            • CA-A.1 CA-A.1 Purpose

              • Executive Summary

                • CA-A.1.1

                  The purpose of this module is to set out the CBB's regulations for minimum capital requirements. This requirement is supported by Article 44(c) of the Central Bank of Bahrain and Financial Institutions Law (Decree No. 64 of 2006).

                  January 2013

                • CA-A.1.2

                  Principle 9 of the Principles of Business requires that financing company licensees maintain adequate human, financial and other resources, sufficient to run their business in an orderly manner (see Section PB-1.9). In addition, Condition 5 of CBB's Authorised Conditions (Section AU-2.5) requires financing company licensees to maintain financial resources in excess of the minimum requirements specified in this Module.

                  January 2013

                • CA-A.1.3

                  This Module sets out the minimum capital requirements which financing company licensees must meet as a condition of their licensing.

                  January 2013

                • CA-A.1.4

                  The purpose of these requirements is to ensure that financing company licensees hold sufficient financial resources to provide some protection against unexpected losses.

                  January 2013

                • CA-A.1.5

                  The CBB requires in particular that the relevant financing company maintain adequate capital in accordance with the requirements of this Module, against their risks.

                  January 2013

                • CA-A.1.6

                  This module provides support for certain other parts of the Rulebook, mainly:

                  (a) Prudential Consolidation and Deduction Requirements;
                  (b) Licensing and Authorisation Requirements;
                  (c) CBB Reporting Requirements;
                  (d) Credit Risk Management;
                  (e) Operational Risk Management;
                  (f) High Level Controls:
                  (g) Relationship with Audit Firms; and
                  (i) Penalties and Fines.
                  January 2013

              • Legal Basis

                • CA-A.1.7

                  This Module contains the CBB's Directive relating to the capital requirements and gearing of financing company licensees, and is issued under the powers available to the CBB under Article 38 of the CBB Law. The Directive in this Module is applicable to all financing company licensees.

                  January 2013

            • CA-A.2 CA-A.2 Module History

              • Evolution of Module

                • CA-A.2.1

                  This Module was first issued in January 2013 by the CBB. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG-3 provides further details on Rulebook maintenance and version control.

                  January 2013

                • CA-A.2.2

                  A list of recent changes made to this Module is provided below:

                  Module Ref. Change Date Description of Changes
                  CA-1.1.5 10/2014 Clarified that gearing ratio is to be calculated on a consolidated basis.
                  CA-1.1.6 10/2014 Amended definition of core capital.
                       
                       
                       

                • CA-A.2.3

                  Guidance on the implementation and transition to Volume 5 (Specialised Licensees) is given in Module ES (Executive Summary).

                  January 2013

          • CA-B CA-B Scope of Application

            • CA-B.1 CA-B.1 Scope of Application

              • CA-B.1.1

                This Module is applicable to all financing company licensees (authorised in the Kingdom, thereafter referred to in this Module as licensees).

                January 2013

          • CA-1 CA-1 Regulatory Capital

            • CA-1.1 CA-1.1 General Requirements

              • Minimum Capital Requirement

                • CA-1.1.1

                  A licensee must maintain a minimum paid-up capital of BD5,000,000 (or an equivalent amount in a currency acceptable to the CBB). A greater amount of capital may be required by the CBB on a case-by-case basis.

                  January 2013

                • CA-1.1.2

                  In addition to the requirements of Paragraph CA-1.1.1, the CBB may require that an acceptably worded letter of guarantee be provided in support of the application for a license. Where the application for the license is for an incorporated entity, the CBB may seek a letter of guarantee from the major shareholder in control of the licensee.

                  January 2013

                • CA-1.1.3

                  All licensees must implement the requirements of Paragraphs CA-1.1.1 and CA-1.1.2, effective January 2013.

                  January 2013

              • Gearing Ratio

                • CA-1.1.4

                  In addition to the requirements outlined in Paragraphs CA-1.1.1 and CA-1.2.1., all licensees must maintain a minimum gearing ratio of 20%.

                  January 2013

                • CA-1.1.5

                  For purposes of Paragraph CA-1.1.4, the gearing ratio is defined as the core capital divided by the total liabilities to be calculated on a consolidated basis.

                  Amended: October 2014
                  January 2013

              • Core Capital

                • CA-1.1.6

                  Core capital shall consist of the sum of items (a) to (e) below, less the sum of items (f) to (h) below:

                  (a) Issued and fully paid ordinary shares (net of treasury shares);
                  (b) Share premium reserve;
                  (c) Preference shares;
                  (d) All disclosed reserves brought forward, that are audited and approved by the shareholders, in the form of legal, general and other reserves created by appropriations of retained earnings; and
                  (e) Retained earnings (losses) brought forward, including reviewed interim profits;

                  LESS:

                  (f) Goodwill;
                  (g) Current interim cumulative net losses; and
                  (h) Other deductions, as specified by the CBB.
                  Amended: October 2014
                  January 2013

                • CA-1.1.7

                  Only interim profits which have been reviewed as per IAS 34 may be included as core capital.

                  Amended: October 2014
                  January 2013

              • Liabilities

                • CA-1.1.8

                  For purposes of Paragraph CA-1.1.5, liabilities are defined as the total amount of liabilities reported in the PIRF or PIRCC.

                  January 2013

                • CA-1.1.9

                  Licensees must ensure that at all times they maintain the minimum gearing ratio outlined in Paragraph CA-1.1.4. In the event that the licensee does not comply with the minimum gearing ratio, it must notify the CBB by no later than the following business day of the actual level of the gearing ratio. When providing such notification, the licensee must:

                  (a) Provide to the CBB, within one week of the non-compliance, a written action plan setting out how the licensee proposes to restore its gearing ratio to the required minimum level and describe the systems and controls that have been put in place to prevent any future non-compliance of the minimum gearing ratio; and
                  (b) Report to the CBB on a monthly basis or on another timely basis as required by the CBB, the licensee's gearing ratio until such time as the gearing ratio has reached 22% or other target level as specified by the CBB.
                  January 2013

                • CA-1.1.10

                  Licensees must note that the CBB considers the breach of the gearing ratio to be a very serious matter. Consequently, the CBB may (at its discretion) subject a licensee which breaches its gearing ratio to a formal licensing reappraisal. Such reappraisal may be effected either through the CBB's own inspection function or through the use of Reporting Accountants, as appropriate. Following such reappraisal, the CBB will provide a written notification to the licensee concerned outlining the CBB's conclusions with regard to the continued licensing.

                  January 2013

              • Compliance Officer

                • CA-1.1.11

                  The CBB requires that the licensee's compliance officer supports and cooperates with the CBB in the monitoring and reporting of the capital level and the gearing ratio and other regulatory reporting matters.

                  January 2013

                • CA-1.1.12

                  Compliance officers should ensure that the licensee has adequate internal systems and controls to comply with this Module.

                  January 2013

              • Reporting Requirements

                • CA-1.1.13

                  The licensee must report its capital level and gearing ratio to the CBB in accordance with the requirements outlined in Chapter BR-3.

                  January 2013

        • BC BC Financing Companies Business And Market Conduct Module

          • BC-A BC-A Introduction

            • BC-A.1 BC-A.1 Purpose

              • BC-A.1.1

                This Module contains requirements that have to be met by financing company licensees with regards to their dealings with customers. The Rules contained in this Module aim to ensure that financing company licensees deal with their clients in a fair and open manner, and address their customers' information needs.

                January 2014

              • BC-A.1.2

                The Rules build upon several of the Principles of Business (see Module PB (Principles of Business)). Principle 1 (Integrity) requires financing company licensees to observe high standards of integrity and fair dealing, and to be honest and straightforward in their dealings with customers. Principle 3 (Due skill, care and diligence) requires financing company licensees to act with due skill, care and diligence when acting on behalf of their customers. Principle 7 (Client Interests) requires financing company licensees to pay due regard to the legitimate interests and information needs of their customers, and to communicate with them in a fair and transparent manner.

                January 2014

              • Legal Basis

                • BC-A.1.3

                  This Module contains the CBB's Directive (as amended from time to time) on business conduct by financing company licensees, and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 (CBB Law). The Directive in this Module is applicable to all financing company licensees.

                  January 2014

                • BC-A.1.4

                  For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

                  January 2014

            • BC-A.2 BC-A.2 Module History

              • BC-A.2.1

                This Module was first issued in January 2014 by the CBB. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG-3 provides further details on Rulebook maintenance and version control.

                January 2014

              • BC-A.2.2

                A list of recent changes made to this Module is provided below:

                Module Ref. Change Date Description of Changes
                BC-3.5 10/2015 Added new Section on credit check reports.
                BC-3.6 07/2016 Added new Section on transaction advice.
                BC-5 01/2017 Added new Section on Cheques
                BC-3.7 04/2018 Added new Section on Fees and Charges for Services Provided to Individuals.
                BC-3.1.28A 07/2018 Added new Paragraph on existing "Early Repayment" requirements.
                BC-3.1.22 01/2019 Amended Paragraph on initial disclosure of charges by licensees.
                BC-3.1.24 01/2019 Amended Paragraph on disclosure to individual customers.
                BC-3.1.25A 01/2019 Added a new Paragraph on Rounding off in Transactions.
                BC-3.8 07/2019 Added a new Section on Interest on Credit Card Transactions.
                BC-4.3.14 04/2020 Amended Paragraph adding reference to CBB consumer protection.
                BC-4.5.6 04/2020 Amended Paragraph adding reference to CBB consumer protection.
                BC-4.7.1 - BC-4.7.3 04/2020 Amended Paragraphs adding reference to CBB consumer protection.
                BC-C 10/2020 Added a new Chapter on Provision of Financial Services on a Non-discriminatory Basis.
                BC-3.9 10/2020 Added a new Section on Fund Transfers by Customers of Payment Service Providers (PSP).
                BC-3.10 04/2021 Added a new Section on Merchant Fees on Payments to Zakat and Charity Fund.

              • Superseded Requirements

                • BC-A.2.3

                  This Module supersedes the following provisions contained in circulars or other regulatory requirements:

                  Document Ref. Document Subject
                  Volumes 1 and 2 Module BC
                  EDBS/KH/C/73/2018 Rounding off in Transactions
                  Amended: January 2019
                  January 2014

          • BC-B BC-B Scope of Application

            • BC-B.1 BC-B.1 Scope

              • BC-B.1.1

                This Module applies to all financing company licensees authorised in the Kingdom, thereafter referred to in this Module as licensees.

                January 2014

          • BC-C BC-C Provision of Financial Services on a Non-discriminatory Basis

            • BC-C.1 BC-C.1 Provision of Financial Services on a Non-discriminatory Basis

              • BC-C.1.1

                Financing company licensees must ensure that all regulated financial services are provided without any discrimination based on gender, nationality, origin, language, faith, religion, physical ability or social standing.

                Added: October 2020

          • BC-1 BC-1 Promotion of Financial Products and Services

            • BC-1.1 BC-1.1 Promotion of Financial Products and Services Offered in/from Bahrain by Means of Incentives

              • Introduction

                • BC-1.1.1

                  The purpose of this Section is to set out requirements pertaining to the promotion of financial products offered in/from Bahrain by licensees by means of incentives (herein referred to as 'promotional schemes').

                  January 2014

                • BC-1.1.2

                  The CBB has no objection to the use of promotional schemes in general and, unless it otherwise specifically directs in any particular case, the CBB does not expect to be actively consulted/have its approval sought about the idea and/or substance of any promotional schemes. Any advertising of promotional schemes are subject to the requirements of Section BC-1.2. The CBB should, however, be sent copies of documentation relating to promotional schemes at least ten calendar days prior to their launch for information purposes.

                  January 2014

                • BC-1.1.3

                  The CBB will monitor promotional schemes and, if thought appropriate in the interests of a licensee and its customers in particular and/or the financial sector in general, may issue specific guidance in certain cases. Licensees should feel free to consult the CBB at any time regarding any matters referred to in this Section.

                  January 2014

              • General Requirements

                • BC-1.1.4

                  Licensees must take care to ensure that promotional schemes do not involve a breach of Bahrain law or any other relevant applicable law and regulation. In addition, promotional schemes should not in any way be detrimental to the public good or public morals.

                  January 2014

                • BC-1.1.5

                  While there is to be no formal restriction on the types of incentive which may be used by institutions, care must be taken to ensure that promotional schemes do not negatively affect the integrity, reputation, good image and standing of Bahrain and/or its financial sector, and do not detrimentally affect Bahrain's economy.

                  January 2014

                • BC-1.1.6

                  Bearing in mind the reputation of, and the requirement to develop, the financial sector in Bahrain, as well as the need to act at all times in the best interests of the customer, licensees need to take adequate care to ensure that promotional schemes do not unreasonably divert the attention of the public from other important considerations in choosing a financing company or a financial product.

                  January 2014

                • BC-1.1.7

                  All documentation and other media communication (including websites, voice messaging, SMS, etc.) concerning promotional schemes must be in Arabic and English and, if relevant, any other language necessary for customers to fully understand and appreciate their terms and conditions. Such terms and conditions, including any related advertising, are required to be clear, concise, truthful, unambiguous and complete so as to enable customers to make a fully informed decision.

                  January 2014

                • BC-1.1.8

                  Customers to whom promotional schemes are directed must enjoy equal opportunity in terms of access to, and treatment within, such schemes.

                  January 2014

                • BC-1.1.9

                  All costs (including funding costs), charges or levies associated with promotional schemes must be disclosed to prospective customers.

                  January 2014

                • BC-1.1.10

                  All material related to promotional schemes, particularly where raffles are concerned, must be maintained for a minimum period of 5 years (see Paragraph GR-1.3.4).

                  January 2014

                • BC-1.1.11

                  Any raffles held as part of promotional schemes must be independently monitored (e.g. by the licensee's external auditor) and adequate systems put in place to ensure fair play and impartiality.

                  January 2014

                • BC-1.1.12

                  An appropriate system must also exist for informing participants of the results of a raffle without delay. Licensees must note that raffles may be subject to rules and requirements (including prior authorisation/approval) laid down by the Ministry of Industry and Commerce.

                  January 2014

                • BC-1.1.13

                  Licensees may use small 'gifts' as an inducement to members of the public to use its services, provided such gifts are offered on a general basis and have a low monetary value.

                  January 2014

                • BC-1.1.14

                  Due note must be taken of the overriding provisions of Bahrain (and any other relevant) law in relation to licensees' duties to customers to the extent (if any) that promotional schemes might impact on such duties.

                  January 2014

            • BC-1.2 BC-1.2 Advertisements for Financial Products and Services

              • BC-1.2.1

                Licensees must seek the CBB's prior written approval before placing advertisements for financial products and services in newspapers, public places, website or through the use of any other media.

                January 2014

              • BC-1.2.2

                In implementing Rule BC-1.2.2, the CBB will provide the licensee with a written decision within five business days of the receipt of request for approval.

                January 2014

          • BC-2 BC-2 Client Confidentiality

            • BC-2.1 BC-2.1 Disclosure of Information about Individual Accounts

              • BC-2.1.1

                In accordance with Article 117 of the CBB Law, licensees must not publish or release information to third parties concerning the accounts or activities of their individual customers, unless:

                (a) Such information is requested by an authorised official from the CBB or by an order from the Courts;
                (b) The release of such information is approved by the customer concerned; or
                (c) It is in compliance with the provision of the law or any international agreements to which the Kingdom is a signatory.
                January 2014

          • BC-3 BC-3 Customer Account Services and Charges

            • BC-3.1 BC-3.1 Disclosure of Charges by Licensees

              • BC-3.1.1

                In order to improve customer awareness and enhance transparency of licensees' charging structures, all licensees must display in a prominent position, in Arabic and in English, by notice in their banking halls (both head offices and branches), a list of all applicable charges.

                January 2014

              • BC-3.1.2

                Licensees must also ensure that each customer is in receipt of their current list of charges, by enclosing such a list with statements and displaying such charges on their websites. The list must specify standard charges and commissions that will be applied by the licensee to individual services and transactions and to specific areas of business.

                January 2014

              • Credit Agreements

                • BC-3.1.3

                  A licensee must make available, at their premises, information leaflets containing information on the key products and services in respect of all credit agreements including:

                  (a) The Annual Percentage Rate (APR) as defined in BC-3.1.10, for instalment financing facilities only; and
                  (b) The annual profit/interest rate on credit facilities (as referred to in paragraph BC-3.1.14), commission, fees, one-off charges, expenses on behalf of third parties, exchange rates applied and any other charges.
                  January 2014

                • BC-3.1.4

                  For the purpose of this Section, the following definitions apply:

                  (a) Credit agreement — Means all instalment financing agreements and lease agreements, as well as credit cards, revolving and other types of credit offered to customers;
                  (b) Customer — Means both the debtor and the guarantor (if any) and/or any potential debtor or guarantor;
                  (c) Conspicuous notice — Means a written statement in both Arabic and English languages which is easily visible and legible and displayed in all licensees' premises open to the public (head offices and branches), and via means such as websites, newspapers and other press notices;
                  (d) Nominal annual rate — Means the interest rate charged to the customer, calculated by dividing the amount of the total interest by the amount of the funds provided to the customer and excluding any other charges, the results of which is divided by the number of years of the term of the credit agreement;
                  (e) Outstanding credit amount — Means the amount outstanding under a credit agreement representing the amount of funds provided to the customer and any other charges that are included as part of the principal amount to be repaid by the customer over the duration of the agreement less any repayment made related to the principal amount at a specified date; and
                  (f) Principal — Means the amount of credit received plus any other charges, the total of which is subject to interest.
                  January 2014

              • General Rules

                • BC-3.1.5

                  Where a customer has a credit agreement with a licensee, licensees must:

                  (a) Duly inform their customers in accordance with this Module about the nature and the characteristics (including relevant risks) of the credit agreements and services offered by them, and about the terms and conditions governing such agreements;
                  (b) Periodically inform, in writing, their customers on the evolution and the terms of any credit agreement signed, throughout the duration of the contract (refer to Paragraphs BC-3.1.24 and BC-3.1.25);
                  (c) Respond in due time, to customers' requests for the provision of information and clarifications regarding the application of contractual terms (refer to Paragraphs BC-3.1.29 and BC-3.1.30);
                  (d) Appoint a customer complaints officer and publicise his/ her contact details (refer to Chapter BC-4 on Customer Complaints Procedures);
                  (e) Ensure the proper training of employees involved in interfacing and providing specific information to customers;
                  (f) Disclose information required in this Module in the credit agreement in both Arabic & English languages;
                  (g) Show clearly the APR for instalment facilities and the annual rate of interest for other credit facilities on the credit agreement application and 'key terms disclosure' document; and
                  (h) Disclose all information in a clear and readable form (refer to Paragraph BC-3.1.6).
                  January 2014

                • BC-3.1.6

                  Marketing of customer credit agreements, advertising and sales promoting credit agreements, irrespective of the media used (SMS, Internet, printed material, telephone solicitation) must be clear and understandable, must be true and not misleading and meet the basic customer information requirements as defined in this Module. All advertisements for financing products and services are subject to CBB prior approval as per Paragraph BC-1.2.1. Licensees are also asked to take special care to ensure that the content of any advertising material does not mislead or deceive the public in any way.

                  January 2014

                • BC-3.1.7

                  The use of "small print" to make potentially important information less visible is not compatible with good business conduct, and should be avoided.

                  January 2014

              • Minimum Disclosure Requirements

                • BC-3.1.8

                  Licensees must make:

                  (a) Public disclosure regarding credit agreements; and
                  (b) Disclosures to individual customer(s), whether these be during the course of the initial negotiation of the credit agreement or during the term of the facility being offered.
                  January 2014

              • Public Disclosure Requirements for all Credit agreements

                • BC-3.1.9

                  The following public disclosures must be made by conspicuous notice for all types of credit agreements:

                  (a) Any late payment charges;
                  (b) The level of fees for any special services rendered, or one-off expenses, as well as any amount collected by licensees on behalf of third parties;
                  (c) Any fees or charges payable under any linked or mandatory contract entered into as a condition for the granting of the credit agreement, such as payment protection insurance; and
                  (d) Any other charges not included above.
                  January 2014

              • Additional Public Disclosure for Instalment Financing Facilities

                • BC-3.1.10

                  In addition to the requirements under Paragraph BC-3.1.9, licensees must publicly disclose by conspicuous notice for instalment financing facilities:

                  (a) The current Annual Percentage Rate (APR) as calculated using the APR methodology in BC-3.1.31. The APR displayed must be calculated based on the following scenarios. In case of consumer finance, amount borrowed is BD10,000 for a 7-year term and for housing facilities, BD100,000 for 25 years;
                  (b) The Annual Percentage Rate (APR), must be broken down as follows:
                  (i) The annual nominal interest/profit rate payable on the instalment financing;
                  (ii) Administration/handling fees;
                  (iii) In the case of finance lease contracts/ijara or deferred purchase contracts, any fees for purchasing the asset; and
                  (iv) Any other mandatory charges (contingent costs are excluded); and
                  (c) The terms and conditions for early repayment, partial or full, of the credit agreement, or for any change in the terms and covenants of the credit agreement, as well as any relevant charges (where permitted) and the way in which these are calculated.
                  January 2014

                • BC-3.1.11

                  The APR is a standard measure that allows customers to compare total charges for instalment financing facilities on a like-for-like basis. The APR allows the customer to compare the total charge for credit over differing periods (e.g. — two versus three years) or offered by different licensees with differing payment profiles and taking into account the payment of any other fees payable as a condition of the contract, such as administration fees or insurance premiums.

                  January 2014

                • BC-3.1.12

                  Any advertising through any media means of instalment financing facilities, offered by the licensees must specify only the APR (including all fees and charges) and no other rates, i.e. nominal, base, flat or rates by any other names.

                  January 2014

                • BC-3.1.13

                  For the purposes of Paragraph BC-3.1.10, the disclosures can be provided as one APR or a range of APRs for licensees that provide instalment financing to different segments and products. A licensee may have different customer segments with different risk profiles, for whom the APR offered on the same product may vary. However, the disclosures must comply with the scenarios outlined in Subparagraph BC-3.1.10 (a).

                  January 2014

              • Additional Public Disclosure for Credit Agreements other than Instalment Financing Facilities

                • BC-3.1.14

                  In addition to the requirements under paragraph BC-3.1.9, licensees must publicly disclose by conspicuous notice for Credit Agreements other than instalment financing facilities:

                  (a) For credit cards, the monthly and the annual rate of profit/interest plus other fees and charges;
                  (b) For floating-rate credit agreements, the profit/interest rate clearly defined on the basis of the relevant base rate, the periods during which this rate would apply, as well as information on key factors that could affect the total cost of the credit agreement; and
                  (c) For instances where the customer exceeds contractual credit lines, the terms and any relevant charges.
                  January 2014

                • BC-3.1.15

                  For credit agreements other than instalment financing facilities, any advertising through any media means must specify only the annual proft/interest rate and other fees and charges.

                  January 2014

                • BC-3.1.16

                  For credit agreements other than instalment financing facilities, licensees are prohibited from using the term APR in any advertising.

                  January 2014

              • Disclosure to Individual Customers: Initial Disclosure Requirements of Key Terms

                • BC-3.1.17

                  Licensees must make clear to potential customers, prior to entering into a credit agreement, all relevant key terms of the agreement in the credit application and 'key terms disclosure' document, in order for them to clearly understand the characteristics of the services and products on offer. Licensees must also comply with the disclosure requirements under the "Code of Best Practice on Consumer Credit and Charging" (see Appendix CM-1).

                  January 2014

                • BC-3.1.18

                  The above "key terms disclosure" document must be summarised in plain English and Arabic. This document must be signed and dated by the customer(s) in duplicate as having been read and understood, prior to signing a credit agreement. One copy should be retained by the customer and the other must be retained by the licensee in their customer file.

                  January 2014

                • BC-3.1.19

                  For credit agreements where a retailer extends credit to purchase goods or services by operating in agreement with licensees, all conditions of the credit agreement must be disclosed in the credit agreement application and 'key terms disclosure' document, including when interest will begin to accrue, along with information on any indirect charges.

                  January 2014

                • BC-3.1.20

                  Credit agreements, referred to in Paragraph BC-3.1.19, must be finalised with an employee of the licensee, whether located at the premises of the retailer or at the premises of the licensee providing the credit. Profit/interest must in no event be charged before the disbursement of funds.

                  January 2014

                • BC-3.1.21

                  Licensees must inform the customers on the nature of their contractual relationship with the retail outlet and the customers' rights arising as a result of this relationship.

                  January 2014

                • BC-3.1.22

                  In addition to the initial disclosure of key terms noted in Paragraphs BC-3.1.17 to BC-3.1.21, the "key terms disclosure" document must, at the time of signing the credit agreement, amongst other things, make clear:

                  (a) The detailed breakdown of the payments:
                  (i) The principal amount being borrowed, the profit/interest per month and the maturity of the credit agreement;
                  (ii) The net amount provided to the customer after deducting or applying any upfront or other charges;
                  (iii) The total profit/interest payments and principal repayment for the term of the credit agreement; and
                  (iv) The total administration/handling fees and all details of any other fees and charges spread over the term of the credit agreement;
                  (b) The APR and annual nominal rate as defined in Paragraphs BC-3.1.10 and BC-3.1.4(d) respectively;
                  (c) Whether the rate of profit/interest is fixed or can be varied, and under what circumstances;
                  (d) The basis on which profit/interest is charged (e.g. actual reducing balance) and applied to the account (e.g. monthly or quarterly compounding) and whether principal repayments are taken into account in the calculation, together with an illustration of the calculation method;
                  (e) The detailed costs associated with "top-ups" of credit agreements or other alternative arrangements for extending additional credit or early repayments, whether partial or full, of amounts due including the treatment of remaining profit/interest and the payment of premium for insurance;
                  (f) Any late payment charges;
                  (g) The annual profit/interest rate and credit limit being offered for credit agreements such as credit cards; and
                  (h) Any other charges related to the credit agreement not included above all details of which must be provided to the customer.
                  Amended: January 2019
                  January 2014

                • BC-3.1.23

                  Licensees are free to design the layout and wording to be used in their 'key terms disclosure' document, as they see fit, providing they contain the information specified in Paragraph BC-3.1.22. The CBB will monitor compliance with the spirit as well as the letter of the requirements in this Chapter.

                  January 2014

              • Disclosure to Individual Customers: During the Term of the Credit Agreement

                • BC-3.1.24

                  Licensees must, at the time of singing the credit agreement, give the clients information on the payment schedule of the credit agreement, including the breakdown of principal, profit/interest and other charges per month for the whole life of the facility. Information must be given, free of charge, at least on a semi-annual basis, unless the period of debt servicing is shorter or where there exists a prior agreement on a more frequent basis.

                  Amended: January 2019
                  January 2014

                • BC-3.1.25

                  In addition to the requirements under Paragraph BC-3.1.24, when credit is granted through credit cards, monthly statements must be provided and include information on minimum payment.

                  January 2014

                • BC-3.1.25A

                  Licensees must, when billing their customers, reflect the card transactions without rounding off the amounts in Fils. Licensees must collaborate with acquirers and Visa/MasterCard network schemes to ensure that there is no rounding off in any transaction irrespective of the currency of the transaction.

                  Added: January 2019

              • Variation Disclosures Requirements

                • BC-3.1.26

                  Licensees must disclose to the customer in advance, either collectively or individually, all relevant changes or variations to a credit agreement. The circumstances in which a customer must be provided with variation disclosures are:

                  (a) If both the licensee and customer agree to change the credit agreement; in this case, the customer must be provided in writing with full particulars of the change, at least seven calendar days before it takes effect; and
                  (b) If the credit agreement gives the licensee power to vary fees or charges, the amount or timing of payments, the profit/interest rate or the way profit/interest is calculated, and the licensee decides to exercise that power, the customer must be provided with full particulars of the change, including an updated schedule of the total interest payments and principal repayment for the remaining term of the credit agreement, at least thirty calendar days prior to the date the change takes effect. Such notice is to enable the customer to decide whether to accept the new terms or terminate the agreement by settling the outstanding credit amount, in accordance with relevant provisions therein, which must have been stated in a clear and understandable manner.
                  January 2014

                • BC-3.1.27

                  Any increase of the profit/interest rate or the amount of any fee or charge payable under a credit agreement, must be disclosed publicly, by conspicuous notice, at least thirty calendar days prior to the date the change takes effect by:

                  (a) Displaying the information prominently at the licensee's place of business; and
                  (b) Posting the information on the licensee's website.
                  January 2014

                • BC-3.1.28

                  Any deferral of profit/interest or principal announced by the licensee must also take account of the APR methodology as shown in Paragraphs BC-3.1.31 to BC-3.1.33, and the new APR must be given to the client or made public in advertisements.

                  January 2014

              • Early Repayment

                • BC-3.1.28A

                  All requests for early repayment of Shari'a compliant financing must satisfy the condition requiring the licensees to restrict the profit on the transaction to one month profit; i.e. the month in which the actual early repayment takes place. This is effective from 1st October 2011.

                  Added: July 2018

              • Request Disclosure

                • BC-3.1.29

                  The licensee must provide a reply to any request for disclosure within fifteen business days of receiving the request.

                  January 2014

                • BC-3.1.30

                  Disclosures requested by the customer may include but are not limited to any or all of the following information about a credit agreement:

                  (a) The effect of part prepayment on the customer's obligations;
                  (b) Full particulars of any changes to the agreement since it was made;
                  (c) The amount of any fee payable on part prepayment and how the fee will be calculated;
                  (d) The amount required for full prepayment on a specified date and how the amount will be calculated;
                  (e) The outstanding credit amount, including any outstanding profit/interest charge (calculated at the date the disclosure statement is prepared);
                  (f) The amount of payments made or to be made or the method of calculating the amount of those payments;
                  (g) The number of payments made or to be made (if ascertainable);
                  (h) How often payments are to be made;
                  (i) The total amount of payments to be made under the agreement, if ascertainable; and
                  (j) A copy of any disclosure statement that was or should have been provided before the request was made.
                  January 2014

                • BC-3.1.31

                  The APR must be calculated using the following methodology:

                  K=m K'=m'
                  Σ   Ak
                  (1 + i) tk =  
                  Σ   A'k'
                  (1 + i) tk'  
                  K=1 K'=1
                  January 2014

                • BC-3.1.32

                  The meaning of letters and symbols used in the above formula are:

                  K is the number identifying a particular advance of credit;
                  K' is the number identifying a particular instalment;
                  Ak is the amount of advance K;
                  A'k' is the amount of instalment K;
                  Σ represents the sum of all the terms indicated;
                  m is the number of advances of credit;
                  m' is the total number of instalments;
                  tk is the interval, expressed in years between the relevant date and the date of advance K;
                  tk' is the interval expressed in years between the relevant date and the date of instalment K';
                  i is the APR, expressed as a decimal.
                  January 2014

                • BC-3.1.33

                  For the purpose of this Chapter, the 'relevant date' is the earliest identifiable date on which the borrower is able to acquire anything which is the subject of the agreement (e.g. delivery of goods), or otherwise the 'relevant date' is the date on which the credit agreement is made.

                  January 2014

            • BC-3.2 BC-3.2 Notification to the CBB on Introduction of New or Expanded Customer Products and Facilities

              • BC-3.2.1

                All licensees are required to notify the CBB before the introduction of any new or expanded customer products and facilities. The CBB will respond to the concerned licensee within one week of receipt of the notification if it has any observations on the new product.

                January 2014

            • BC-3.3 BC-3.3 Dealing with Inheritance Claims

              • BC-3.3.1

                Licensees must ensure that no transfer of legal ownership of financial assets is made until they have sight of documentation (which must be duly copied for their records) from the Ministry of Justice and Islamic Affairs confirming the entitlement of a person or persons to inherit from the deceased. Such documentation must be complied with precisely. Particular care must be taken where minors (children) or other people lacking full legal capacity are named as inheritors.

                January 2014

              • BC-3.3.2

                Without prejudice to Paragraph BC-3.3.1, financial assets may be distributed to the order of an individual provided that individual is named in a mandate, duly certified by the Ministry of Justice and Islamic Affairs, as having the permission to act on behalf of all of the inheritors.

                January 2014

            • BC-3.4 BC-3.4 Compliance with the Code of Best Practice on Consumer Credit and Charging

              • BC-3.4.1

                Licensees must comply with the Code of Best Practice on Consumer Credit and Charging as included in Appendix CM-1 throughout the lifetime of their relationship with a customer.

                January 2014

              • BC-3.4.2

                Licensees must take responsibility for compliance with the above requirements by all persons carrying out regulated financing company services on their behalf. Licensees must put in place appropriate measures across all their business operations and distribution channels to ensure compliance with the requirements of the Code of Best Practice on Consumer Credit and Charging where relevant.

                January 2014

            • BC-3.5 BC-3.5 Credit Check Reports

              • BC-3.5.1

                Where a pensioner has been requested to produce a credit report by the Social Insurance Organization (SIO) to establish his/her credit standing, licensees must not levy any administrative charges.

                Added: October 2015

            • BC-3.6 BC-3.6 Transaction Advice

              • BC-3.6.1

                All licensees must provide at no charge, a transaction advice service for its customers. This service information must be communicated on all credit card transactions through short message service (SMS) for all types of local and international financial transactions, including POS, ATM and internet.

            • BC-3.7 BC-3.7 Fees and Charges for Services Provided to Individuals

              • BC-3.7.1

                Financing company licensees must comply with the caps on fees and charges for standard services provided to individuals effective from 1st May 2018 as per the table in Appendix BC-2 in Part B of the CBB Rulebook Volume 5 for Financing Companies.

                Added: April 2018

            • BC-3.8 BC-3.8 Interest on Credit Card Transactions

              • BC-3.8.1

                Financing company licensees must comply with the following requirements with regards to charging interest on credit card statement dues:

                (a) Interest must not be charged if the customer pays the full amount billed and due before or on the due date specified in the monthly credit card statement except for cash withdrawal transactions;
                (b) Interest must not be charged on partial payments made by the customer on or before the due date specified in the monthly credit card statement against credit card amount billed and due;
                (c) Interest on cash withdrawal transactions must be computed from the date of the transaction ("transaction date");
                (d) Interest on credit card amounts billed but unpaid on or before the due date must be computed from the posting date of the transaction; and
                (e) Interest must not be charged on outstanding interest amounts, fees and charges due from the customer.
                Added: July 2019

              • BC-3.8.2

                For the purpose of charging interest on credit card dues, financing company licensees must only calculate interest charges using 365-days a year basis.

                Added: July 2019

            • BC-3.9 BC-3.9 Fund Transfers by Customers of Payment Service Providers (PSP)

              • BC-3.9.1

                Financing company licensees that act as acquirers or payment gateways for PSPs, must not charge more than 100 fils in line with the Electronic Fund Transfer System (EFTS) requirements to the customers of PSPs for normal fund transfers made electronically.

                Added: October 2020

            • BC-3.10 BC-3.10 Merchant Fees on Payments to Zakat and Charity Fund

              • BC-3.10.1

                Financing company licensees that act as acquirers must exempt the Zakat and Charity Fund (“the Fund”) of the Ministry of Justice, Islamic Affairs and Awqaf from merchant fees for payments made to the Fund.

                Added: April 2021

          • BC-4 BC-4 Customer Complaints Procedures

            • BC-4.1 BC-4.1 General Requirements

              • BC-4.1.1

                All licensees must have appropriate customer complaints handling procedures and systems for effective handling of complaints.

                January 2014

              • BC-4.1.2

                Customer complaints procedures must be documented appropriately and their customers must be informed of their availability.

                January 2014

              • BC-4.1.3

                All licensees must appoint a customer complaints officer and publicise his/ her contact details at all departments and branches and on the licensee's website. The customer complaints officer must be of a senior level at the licensee and must be independent of the parties to the complaint to minimise any potential conflict of interest.

                January 2014

              • BC-4.1.4

                The position of customer complaints officer may be combined with that of compliance officer.

                January 2014

            • BC-4.2 BC-4.2 Documenting Customer Complaints Handling Procedures

              • BC-4.2.1

                In order to make customer complaints handling procedures as transparent and accessible as possible, all licensees must document their customer complaints handling procedures. These include setting out in writing:

                (a) The procedures and policies for:
                (i) Receiving and acknowledging complaints;
                (ii) Investigating complaints;
                (iii) Responding to complaints within appropriate time limits;
                (iv) Recording information about complaints;
                (v) Identifying recurring system failure issues;
                (b) The types of remedies available for resolving complaints; and
                (c) The organisational reporting structure for the complaints handling function.
                January 2014

              • BC-4.2.2

                Licensees must provide a copy of the procedures to all relevant staff, so that they may be able to inform customers. A simple and easy-to-use guide to the procedures must also be made available to all customers, on request, and when they want to make a complaint.

                January 2014

              • BC-4.2.3

                Licensees are required to ensure that all financial services related documentation (such as credit facility documentation) provided to the customer includes a statement informing the customer of the availability of a simple and easy-to-use guide on customer complaints procedures in the event the customer is not satisfied with the services provided.

                January 2014

            • BC-4.3 BC-4.3 Principles for Effective Handling of Complaints

              • BC-4.3.1

                Adherence to the following principles is required for effective handling of complaints:

                January 2014

              • Visibility

                • BC-4.3.2

                  "How and where to complain" must be well publicised to customers and other interested parties, in both English and Arabic languages.

                  January 2014

              • Accessibility

                • BC-4.3.3

                  A complaints handling process must be easily accessible to all customers and must be free of charge.

                  January 2014

                • BC-4.3.4

                  While a licensee's website is considered an acceptable mean for dealing with customer complaints, it should not be the only means available to customers as not all customers have access to the internet.

                  January 2014

                • BC-4.3.5

                  Process information must be readily accessible and must include flexibility in the method of making complaints.

                  January 2014

                • BC-4.3.6

                  Support for customers in interpreting the complaints procedures must be provided, upon request.

                  January 2014

                • BC-4.3.7

                  Information and assistance must be available on details of making and resolving a complaint.

                  January 2014

                • BC-4.3.8

                  Supporting information must be easy to understand and use.

                  January 2014

              • Responsiveness

                • BC-4.3.9

                  Receipt of complaints must be acknowledged in accordance with Section BC-4.5 "Response to Complaints".

                  January 2014

                • BC-4.3.10

                  Complaints must be addressed promptly in accordance with their urgency.

                  January 2014

                • BC-4.3.11

                  Customers must be treated with courtesy.

                  January 2014

                • BC-4.3.12

                  Customers must be kept informed of the progress of their complaint, in accordance with Section BC-4.5.

                  January 2014

                • BC-4.3.13

                  If a customer is not satisfied with a licensee's response, the licensee must advise the customer on how to take the complaint further within the organisation.

                  January 2014

                • BC-4.3.14

                  In the event that they are unable to resolve a complaint, licensees must outline the options that are open to that customer to pursue the matter further, including, where appropriate, referring the matter to the Consumer Protection Unit at the CBB.

                  Amended: April 2020
                  Added: January 2014

              • Objectivity and Efficiency

                • BC-4.3.15

                  Complaints must be addressed in an equitable, objective, unbiased and efficient manner.

                  January 2014

                • BC-4.3.16

                  General principles for objectivity in the complaints handling process include:

                  (a) Openness:

                  The process must be clear and well publicised so that both staff and customers can understand;
                  (b) Impartiality:
                  (i) Measures must be taken to protect the person the complaint is made against from bias;
                  (ii) Emphasis must be placed on resolution of the complaint not blame; and
                  (iii) The investigation must be carried out by a person independent of the person complained about;
                  (c) Accessibility:
                  (i) The bank must allow customer access to the process at any reasonable point in time; and
                  (ii) A joint response must be made when the complaint affects different participants;
                  (d) Completeness:

                  The complaints officer must find relevant facts, talk to both sides, establish common ground and verify explanations wherever possible;
                  (e) Equitability:

                  Give equal treatment to all parties;
                  (f) Sensitivity:

                  Each complaint must be treated on its merits and paying due care to individual circumstances;
                  (g) Objectivity for personnel — complaints handling procedures must ensure those complained about are treated fairly which implies:
                  (i) Informing them immediately and completely on complaints about performance;
                  (ii) Giving them an opportunity to explain and providing appropriate support;
                  (iii) Keeping them informed of the progress and result of the complaint investigation;
                  (iv) Full details of the complaint are given to those the complaint is made against prior to interview; and
                  (v) Personnel must be assured they are supported by the process and should be encouraged to learn from the experience and develop a better understanding of the complaints process;
                  (h) Confidentiality:
                  (i) In addition to customer confidentiality, the process must ensure confidentiality for staff who have a complaint made against them and the details must only be known to those directly concerned;
                  (ii) Customer information must be protected and not disclosed, unless the customer consents otherwise; and
                  (iii) Protect the customer and customer's identity as far as is reasonable to avoid deterring complaints due to fear of inconvenience or discrimination;
                  (i) Objectivity monitoring:

                  Licensees must monitor responses to customers to ensure objectivity which could include random monitoring of resolved complaints;
                  (j) Charges:

                  The process must be free of charge to customers;
                  (k) Customer Focused Approach:
                  (i) Licensees must have a customer focused approach;
                  (ii) Licensees must be open to feedback; and
                  (iii) Licensees must show commitment to resolving problems;
                  (l) Accountability:

                  Licensees must ensure accountability for reporting actions and decisions with respect to complaints handling;
                  (m) Continual improvement:

                  Continual improvement of the complaints handling process and the quality of products and services must be a permanent objective of the licensee.
                  January 2014

            • BC-4.4 BC-4.4 Internal Complaint Handling Procedures

              • BC-4.4.1

                A licensee's internal complaint handling procedures must provide for:

                (a) The receipt of written complaints;
                (b) The appropriate investigation of complaints;
                (c) An appropriate decision-making process in relation to the response to a customer complaint;
                (d) Notification of the decision to the customer;
                (e) The recording of complaints; and
                (f) How to deal with complaints when a business continuity plan (BCP) is operative.
                January 2014

              • BC-4.4.2

                A licensee's internal complaint handling procedures must be designed to ensure that:

                (a) All complaints are handled fairly, effectively and promptly;
                (b) Recurring systems failures are identified, investigated and remedied;
                (c) The number of unresolved complaints referred to the CBB is minimised;
                (d) The employee responsible for the resolution of complaints has the necessary authority to resolve complaints or has access to an employee who has the necessary authority; and
                (e) Relevant employees are aware of the licensee's internal complaint handling procedures and comply with them and receive training periodically to be kept abreast of changes in procedures.
                January 2014

            • BC-4.5 BC-4.5 Response to Complaints

              • BC-4.5.1

                A licensee must acknowledge in writing customer written complaints within 5 working days of receipt.

                January 2014

              • BC-4.5.2

                A licensee must respond in writing to a customer complaint within 4 weeks of receiving the complaint, explaining their position and how they propose to deal with the complaint.

                January 2014

              • Redress

                • BC-4.5.3

                  A licensee should decide and communicate how it proposes (if at all) to provide the customer with redress. Where appropriate, the licensee must explain the options open to the customer and the procedures necessary to obtain the redress.

                  January 2014

                • BC-4.5.4

                  Where a licensee decides that redress in the form of compensation is appropriate, the licensee must provide the complainant with fair compensation and must comply with any offer of compensation made by it which the complainant accepts.

                  January 2014

                • BC-4.5.5

                  Where a licensee decides that redress in a form other than compensation is appropriate, it must provide the redress as soon as practicable.

                  January 2014

                • BC-4.5.6

                  Should the customer that filed a complaint not be satisfied with the response received as per Paragraph BC-4.5.2, he can forward the complaint to the Consumer Protection Unit at the CBB within 30 calendar days from the date of receiving the letter.

                  Amended: April 2020
                  Added: January 2014

            • BC-4.6 BC-4.6 Records of Complaints

              • BC-4.6.1

                A licensee must maintain a record of all customers' complaints. The record of each complaint must include:

                (a) The identity of the complainant;
                (b) The substance of the complaint;
                (c) The status of the complaint, including whether resolved or not, and whether redress was provided; and
                (d) All correspondence in relation to the complaint. Such records must be retained by the licensees for a period of 5 years from the date of receipt of the complaint.
                January 2014

            • BC-4.7 BC-4.7 Reporting of Complaints

              • BC-4.7.1

                A licensee must submit to the CBB’s Consumer Protection Unit, 20 days after the end of the quarter, a quarterly report summarising the following:

                (a) The number of complaints received;
                (b) The substance of the complaints;
                (c) The number of days it took the licensee to acknowledge and to respond to the complaints; and
                (d) The status of the complaint, including whether resolved or not, and whether redress was provided.
                Amended: April 2020
                Added: January 2014

              • BC-4.7.2

                The report referred to in Paragraph BC-4.7.1 must be sent electronically to complaint@cbb.gov.bh.

                Amended: April 2020
                Added: January 2014

              • BC-4.7.3

                Where no complaints have been received by the licensee within the quarter, a 'nil' report should be submitted to the CBB's Consumer Protection Unit.

                Amended: April 2020
                Added: January 2014

            • BC-4.8 BC-4.8 Monitoring and Enforcement

              • BC-4.8.1

                Compliance with these requirements is subject to the ongoing supervision of the CBB as well as being part of any CBB inspection of a licensee. Failure to comply with these requirements is subject to enforcement measures as outlined in Module EN (Enforcement).

                January 2014

          • BC-5 BC-5 Cheques

            • BC-5.1 BC-5.1 Return Policy - Post-Dated Cheques

              • BC-5.1.1

                When a customer fully repays his/her credit outstanding amount in full or settles in part pursuant to a settlement agreement, the subject financing company licensee must immediately return all holding of the customer's post-dated cheques taken as collateral or destroy such cheques and inform the customer in writing.

                Added: January 2017

        • OM OM Financing Companies Operational Risk Management Module

          • OM-A OM-A Introduction

            • OM-A.1 OM-A.1 Purpose

              • Executive Summary

                • OM-A.1.1

                  The Operational Risk Management Module sets out the Central Bank of Bahrain's ('CBB's') rules and guidance for financing company licensees operating in Bahrain on establishing parameters and control procedures to monitor and mitigate operational risks.

                  January 2014

                • OM-A.1.2

                  This Module provides support for certain other parts of the Rulebook, mainly:

                  (a) Principles of Business; and
                  (b) High-level Controls.
                  January 2014

              • Legal Basis

                • OM-A.1.3

                  This Module contains the CBB's Directive (as amended from time to time) relating to operational risk management and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). The Directive in this Module is applicable to all financing company licensees (including their approved persons).

                  January 2014

                • OM-A.1.4

                  For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

                  January 2014

            • OM-A.2 OM-A.2 Module History

              • OM-A.2.1

                This Module was first issued in January 2014 by the CBB. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG 3 provides further details on Rulebook maintenance and version control.

                January 2014

              • OM-A.2.2

                The most recent changes made to this Module are detailed in the table below:

                Summary of Changes

                Module Ref. Change Date Description of Changes
                OM-2.9 07/2016 Added new Section dealing with outsourcing of functions containing customer information.
                OM-4.9 10/2016 Added new Section on Cyber Security Risk Management
                OM-5.3 10/2016 Added new Section on Cyber Security Measures
                OM-2.9.2 01/2017 Amended Paragraph on customer information
                OM-5.1.19 & OM-5.1.19A 01/2017 Added Paragraphs on PCI-DSS certification.
                OM-5.1.20 04/2017 Added a Paragraph on Geolocation Limitation
                OM-5.1.20A 07/2017 Added new paragraph on Prohibition of Double Swiping.
                OM-5.1.20B 07/2017 Added new paragraph on Prohibition of Double Swiping.
                OM-5.1.20C 07/2017 Added new paragraph on Prohibition of Double Swiping.
                OM-5.1.20D 07/2017 Added new paragraph on Prohibition of Double Swiping.
                OM-5.1.20E 07/2017 Added new paragraph on Prohibition of Double Swiping.
                OM-2.1.2 10/2017 Amended Paragraph on outsourcing, to allow the utilization of cloud services and customer call centres.
                OM-2.1.4 10/2017 Added a new Paragraph on outsourcing.
                OM-2.1.5 10/2017 Added a new Paragraph on outsourcing.
                OM-2.3.1 10/2017 Amended Paragraph.
                OM-2.3.6 10/2017 Amended Paragraph.
                OM-2.3.7 10/2017 Amended Paragraph.
                OM-2.4.2 10/2017 Amended Paragraph.
                OM-2.4.3 10/2017 Deleted Paragraph.
                OM-2.4.5 10/2017 Amended Paragraph.
                OM-2.5.1(a) 10/2017 Amended sub-sub-paragraph no. (5).
                OM-2.5.1(c) 10/2017 Amended sub-sub-paragraphs no. (2) and (3).
                OM-2.5.1(e) 10/2017 Amended sub-sub-paragraph no. (3).
                OM-2.8.3 10/2017 Amended Paragraph.
                OM-2.9.1 10/2017 Amended Paragraph.
                OM-2.9.4(b) 10/2017 Amended sub-paragraph.
                OM-2.9.4(c) 10/2017 Amended sub-paragraph.
                OM-2.9.4(d) 10/2017 Deleted sub-paragraph.
                OM-2.9.5 10/2017 Deleted paragraph.
                OM-2.9.6 10/2017 Added a new paragraph for security measures related to cloud services.
                OM-5.1.20AA 04/2018 Added a new Paragraph on card (EMV) compliance.
                OM-5.1.20BB 04/2018 Added a new Paragraph on provision of cash withdrawal and payment services through various channels.
                OM-2.9.2 07/2018 Amended Paragraph to include call centres.
                OM-2.9.2A 07/2018 Added new Paragraph on customer notification.
                OM-5.1.21 & OM-5.1.22 10/2019 Added new Paragraphs on Contactless Payment Transactions.
                OM-5.1.20AAA 07/2020 Added a new Paragraph on contactless payment.
                OM-2.9.4 01/2021 Deleted sub-paragraph (a).
                OM-3.1.7 01/2021 Added a new Paragraph on electronic fraud.
                OM-3.1.8 01/2021 Added a new Paragraph on electronic fraud awareness.

              • Superseded Requirements

                • OM-A.2.3

                  This Module supersedes the following provisions contained in circulars or other regulatory requirements:

                  Document Ref. Document Subject
                  Volumes 1 and 2 Module OM
                  EDBS/KH/C/33/2018 Amendments to the Operational Risk Management Module
                  Amended: July 2018
                  January 2014

          • OM-B OM-B Scope of Application

            • OM-B.1 OM-B.1 Scope

              • OM-B.1.1

                This Module applies to all financing company licensees authorised in the Kingdom, thereafter referred to in this Module as licensees.

                January 2014

          • OM-1 OM-1 General Requirements

            • OM-1.1 OM-1.1 Overview

              • OM-1.1.1

                This Module provides guidance and rules for operational risk and sets out requirements for an appropriate risk management environment, including outsourcing, electronic financing activities, business continuity and security measures.

                January 2014

              • OM-1.1.2

                Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk1, but excludes strategic and reputational risk.


                1 Legal risk includes, but is not limited to, exposure to fines, penalties, or punitive damages resulting from supervisory actions, as well as private settlements.

                January 2014

              • OM-1.1.3

                Operational risk is inherent in all types of licensees' transactions and activities, processes and systems, and the effective management of operational risk must be a fundamental element of a licensee's risk management programme. Sound operational risk governance relies upon three lines of defence:

                (a) Business line management;
                (b) An independent operational risk management function; and
                (c) Independent review functions
                January 2014

            • OM-1.2 OM-1.2 Developing an Appropriate Risk Management Environment

              • OM-1.2.1

                Licensee's management must implement policies and procedures to manage risks arising out of a licensee's activities. The licensee must maintain written policies and procedures that identify the risk tolerances approved by the Board of Directors and must clearly delineate lines of authority and responsibility for managing the risks. Licensees' employees and credit officers in particular must be fully aware of all policies and procedures that relate to their specific duties.

                January 2014

              • OM-1.2.2

                The board of directors must take the lead in establishing a strong risk management culture. The board of directors and senior management must establish a corporate culture that is guided by strong risk management and that supports and provides appropriate standards and incentives for professional and responsible behaviour. In this regard, it is the responsibility of the board of directors to ensure that a strong operational risk management culture exists throughout the whole organisation.

                January 2014

              • OM-1.2.3

                The operational risk management function must be functionally independent of the risk generating business lines and will be responsible for the design, maintenance and ongoing development of the operational risk framework within the licensee.

                January 2014

              • OM-1.2.4

                For the purpose of Paragraph OM-1.2.3, 'functionally independent' means that the risk management function cannot report hierarchically and/or functionally to any person or function that is directly responsible for risk generation.

                January 2014

              • OM-1.2.5

                The operational risk management function should include the operational risk measurement and reporting processes, risk committees and responsibility for board reporting. A key function of the operational risk management function is to challenge the business lines' inputs to, and outputs from, the licensee's risk management, risk measurement and reporting systems. The operational risk management function should have a sufficient number of personnel skilled in the management of operational risk to effectively address its many responsibilities.

                January 2014

              • OM-1.2.6

                Both the board and senior management are responsible for creating an organisational culture that places high priority on effective operational risk management and adherence to sound operating controls. Operational risk management is most effective where a licensee's culture emphasises high standards of ethical behaviour at all levels of the licensee. The board and senior management should promote an organisational culture which establishes through both actions and words the expectations of integrity for all employees in conducting the business of the licensee.

                January 2014

              • The Board of Directors

                • OM-1.2.7

                  The board of directors must establish, approve and periodically review the framework. The board of directors must oversee senior management to ensure that the policies, processes and systems are implemented effectively at all decision levels.

                  January 2014

                • OM-1.2.8

                  The board of directors must:

                  (a) Establish a management culture, and supporting processes, to understand the nature and scope of the operational risk inherent in the licensee's strategies and activities, and develop comprehensive, dynamic oversight and control environments that are fully integrated into or coordinated with the overall framework for managing all risks across the enterprise;
                  (b) Provide senior management with clear guidance and direction regarding the principles underlying the framework and approve the corresponding policies developed by senior management;
                  (c) Regularly review the framework to ensure that the licensee has identified and is managing the operational risk arising from external market changes and other environmental factors, as well as those operational risks associated with new products, activities, processes or systems, including changes in risk profiles and priorities (e.g. changing business volumes);
                  (d) Ensure that the licensee's framework is subject to effective independent review by audit or other appropriately trained parties such as the compliance function; and
                  (e) Ensure that as best practice evolves, management is availing themselves of these advances.
                  January 2014

                • OM-1.2.9

                  Strong internal controls are a critical aspect of operational risk management, and the board of directors must establish clear lines of management responsibility and accountability for implementing a strong control environment. The control environment must provide appropriate independence/separation of duties between operational risk management functions, business lines and support functions

                  January 2014

              • The Role of Committees

                • OM-1.2.10

                  A licensee's governance structure should be commensurate with the nature, size, complexity and risk profile of its activities. When designing the operational risk governance structure, a licensee must take the following into consideration:

                  (a) Committee structure;
                  (b) Committee composition; and
                  (c) Committee operation.
                  January 2014

                • OM-1.2.11

                  Sound industry practice for larger and more complex organisations with a central group function and separate business units is to utilise a board-created enterprise level risk committee for overseeing all risks, to which a management level operational risk committee reports. Depending on the nature, size and complexity of the licensee, the enterprise level risk committee may receive input from operational risk committees by country, business or functional area. Smaller and less complex organisations may utilise a flatter organisational structure that oversees operational risk directly within the board's risk management committee.

                  January 2014

                • OM-1.2.12

                  Sound industry practice is for operational risk committees (or the risk committee in smaller licensees) to include a combination of members with expertise in business activities and financial, as well as independent risk management

                  January 2014

              • Risk Appetite and Tolerance

                • OM-1.2.13

                  The board of directors must approve and review a risk appetite and tolerance statement for operational risk that articulates the nature, types and levels of operational risk that the licensee is willing to assume.

                  January 2014

                • OM-1.2.14

                  When approving and reviewing the risk appetite and tolerance statement, the board of directors must consider all relevant risks, the licensee's level of risk aversion, its current financial condition and the licensee's strategic direction. The board of directors must approve appropriate thresholds or limits for specific operational risks, and an overall operational risk appetite and tolerance.

                  January 2014

                • OM-1.2.15

                  The risk appetite and tolerance statement should encapsulate the various operational risk appetites within a licensee and ensure that they are consistent.

                  January 2014

                • OM-1.2.16

                  The board of directors must regularly review the appropriateness of limits and the overall operational risk appetite and tolerance statement. This review must consider changes in the external environment, material increases in business or activity volumes, the quality of the control environment, the effectiveness of risk management or mitigation strategies, loss experience, and the frequency, volume or nature of limit breaches. The board must monitor management adherence to the risk appetite and tolerance statement and provide for timely detection and remediation of breaches.

                  January 2014

                • OM-1.2.17

                  The licensee must ensure that the internal pricing and performance measurement mechanisms appropriately take into account operational risk. Where operational risk is not considered, risk-taking incentives might not be appropriately aligned with the risk appetite and tolerance.

                  January 2014

              • Ethics Policy

                • OM-1.2.18

                  The board of directors must establish a code of conduct or an ethics policy that sets clear expectations for integrity and ethical values of the highest standard and identify acceptable business practices and prohibited conflicts (See Section HC-2.2).

                  January 2014

                • OM-1.2.19

                  Clear expectations and accountabilities ensure that staff understand their roles and responsibilities for risk, as well as their authority to act. Strong and consistent senior management support for risk management and ethical behaviour convincingly reinforces codes of conduct and ethics, compensation strategies, and training programmes.

                  January 2014

              • Compensation Policies

                • OM-1.2.20

                  Compensation policies must be aligned to the licensee's statement of risk appetite and tolerance, long-term strategic direction, financial goals and overall safety and soundness. They must also appropriately balance risk and reward.

                  January 2014

              • Operational Risk Training

                • OM-1.2.21

                  Senior management should ensure that an appropriate level of operational risk training is available at all levels throughout the organisation. Training that is provided should reflect the seniority, role and responsibilities of the individuals for whom it is intended.

                  January 2014

              • Risk Management Framework

                • OM-1.2.22

                  Licensees must develop, implement and maintain a framework that is fully integrated into the licensee's overall risk management processes.

                  January 2014

                • OM-1.2.23

                  The framework for operational risk management chosen by an individual licensee will depend on a range of factors, including its nature, size, complexity and risk profile.

                  January 2014

                • OM-1.2.24

                  The board is responsible for establishing a management structure capable of implementing the licensee's operational risk management framework. Since a significant aspect of managing operational risk relates to the establishment of strong internal controls, it is particularly important that the board establishes clear lines of management responsibility, accountability and reporting. In addition, there should be separation of responsibilities and reporting lines between operational risk control functions, business lines and support functions in order to avoid conflicts of interest. The framework should also articulate the key processes the licensee needs to have in place to manage operational risk.

                  January 2014

                • OM-1.2.25

                  The framework must be comprehensively and appropriately documented in board of directors approved policies and must include definitions of operational risk and operational loss.

                  January 2014

                • OM-1.2.26

                  Licensees that do not adequately describe and classify operational risk and loss exposure may significantly reduce the effectiveness of their framework.

                  January 2014

                • OM-1.2.27

                  Framework documentation must clearly:

                  (a) Identify the governance structures used to manage operational risk, including reporting lines and accountabilities;
                  (b) Describe the risk assessment tools and how they are used;
                  (c) Describe the licensee's accepted operational risk appetite and tolerance, as well as thresholds or limits for inherent and residual risk, and approved risk mitigation strategies and instruments;
                  (d) Describe the licensee's approach to establishing and monitoring thresholds or limits for inherent and residual risk exposure;
                  (e) Establish risk reporting and Management Information Systems (MIS);
                  (f) Provide for a common taxonomy of operational risk terms to ensure consistency of risk identification, exposure rating and risk management objectives;
                  (g) Provide for appropriate independent review and assessment of operational risk; and
                  (h) Require the policies to be reviewed whenever a material change in the operational risk profile of the licensee occurs, and revised as appropriate.
                  January 2014

                • OM-1.2.28

                  The board should review the framework regularly to ensure that the licensee is managing the operational risks arising from external market changes and other environmental factors, as well as those operational risks associated with new products, activities or systems. This review process should also aim to assess industry best practice in operational risk management appropriate for the licensee's activities, systems and processes. If necessary, the board should ensure that the operational risk management framework is revised in light of this analysis, so that material operational risks are captured within the framework.

                  January 2014

              • Independent Review of Operational Risk

                • OM-1.2.29

                  The board of directors must ensure that the licensee's operational risk management framework is subject to effective and comprehensive independent review.

                  January 2014

                • OM-1.2.30

                  The independent review functions are the internal audit and compliance functions and the staff occupying these functions must be competent and appropriately trained and not be involved in the development, implementation and operation of the operational risk framework.

                  January 2014

                • OM-1.2.31

                  With reference to Paragraph OM-1.2.30, internal audit and compliance should not be involved with the setting of risk appetite or risk tolerance. Internal audit should be reviewing the robustness of the process of how these limits are set and why and how they are adjusted in response to changing circumstances. More details on the internal audit function and the role of the audit committee are included in Chapter HC-3.

                  January 2014

                • OM-1.2.32

                  An independent review consists of the verification of the framework on a periodic basis and is typically performed by the licensee's internal and/or external audit, but may involve other suitably qualified independent parties from external sources. Verification activities test the effectiveness of the overall framework, consistent with policies approved by the board of directors, and also test validation processes to ensure that they are independent and implemented in a manner consistent with established policies of the licensee.

                  January 2014

                • OM-1.2.33

                  Licensees should have in place adequate internal audit coverage to verify that operating policies and procedures have been implemented effectively. The board (either directly or indirectly through its audit committee) should ensure that the scope and frequency of the audit programme is appropriate to the risk exposures. Audit should periodically validate that the licensee's operational risk management framework is being implemented effectively across the licensee.

                  January 2014

              • Senior Management

                • OM-1.2.34

                  The responsibilities of the senior management of the licensee must include:

                  (a) Developing for approval by the board of directors a clear, effective and robust governance structure with well defined, transparent and consistent lines of responsibility;
                  (b) Implementing the operational risk strategy approved by the Board of Directors;
                  (c) Ensuring that the strategy is implemented consistently throughout the whole organisation;
                  (d) Ensuring that all levels of staff understand their responsibilities with respect to operational risk management;
                  (e) Developing, maintaining and implementing policies, processes and procedures for managing operational risk in all of the licensee's products, activities, processes and systems consistent with the risk appetite and tolerance;
                  (f) Developing succession plans for senior staff; and
                  (g) Developing business continuity plans for the licensee.
                  January 2014

                • OM-1.2.35

                  Senior management is responsible for establishing and maintaining robust challenge mechanisms and effective issue-resolution processes. These must include systems to report, track and, when necessary, escalate issues to ensure resolution. Licensees must be able to demonstrate that the three lines of defence approach is operating satisfactorily and to explain how the board and senior management ensure that this approach is implemented and operating in an appropriate and acceptable manner.

                  January 2014

                • OM-1.2.36

                  Senior management must translate the operational risk strategy established by the board of directors into an operational risk management framework that refers to specific policies, processes and procedures that can be implemented and verified within the different business units.

                  January 2014

                • OM-1.2.37

                  While each level of management is responsible for the appropriateness and effectiveness of policies, processes, procedures and controls within its purview, senior management should clearly assign authority, responsibility and reporting relationships to encourage and maintain this accountability.

                  January 2014

                • OM-1.2.38

                  Senior management must ensure that the necessary resources are available to manage operational risk effectively. Moreover, senior management must assess the appropriateness of the management oversight process in light of the risks inherent in a business unit's activity.

                  January 2014

                • OM-1.2.39

                  Senior management should ensure that the licensee's activities are conducted by qualified staff with the necessary experience, technical capabilities and access to resources. Staff responsible for monitoring and enforcing compliance with the institution's risk policy should have authority independent from the units they oversee.

                  January 2014

                • OM-1.2.40

                  Senior management must ensure that staff responsible for managing operational risk coordinate and communicate effectively with staff responsible for managing credit, market, and other risks, as well as with those in the licensee who are responsible for the procurement of external services such as insurance purchasing and outsourcing agreements. Failure to do so could result in significant gaps or overlaps in a licensee's overall risk management programme.

                  January 2014

                • OM-1.2.41

                  The managers of the corporate operational risk management function should be of sufficient stature within the licensee to perform their duties effectively, ideally evidenced by title commensurate with other risk management functions such as credit, market and liquidity risk.

                  January 2014

                • OM-1.2.42

                  Particular attention should be given to the quality of documentation controls and to transaction-handling practices. Policies, processes and procedures related to advanced technologies supporting high transactions volumes, in particular, should be well documented and disseminated to all relevant personnel.

                  January 2014

              • Management Information System

                • OM-1.2.43

                  The management information system of an organisation plays a key role in establishing and maintaining an effective operational risk management framework.

                  January 2014

                • OM-1.2.44

                  Communication flow serves the purpose of establishing a consistent operational risk management culture across the licensee. Reporting flow enables:

                  (a) Senior management to monitor the effectiveness of the risk management system for operational risk; and
                  (b) The Board of Directors to oversee senior management performance.
                  January 2014

            • OM-1.3 OM-1.3 Identification and Assessment

              • OM-1.3.1

                Licensees must identify and assess the operational risk inherent in all material products, activities, processes and systems to make sure the inherent risks and incentives are well understood. Licensees must also ensure that before new products, activities, processes and systems are introduced or undertaken, the operational risk inherent in them is subject to adequate assessment procedures.

                January 2014

              • OM-1.3.2

                Risk identification and assessment are fundamental characteristics of an effective operational risk management system. Effective risk identification considers both internal factors (such as the licensee's structure, the nature of the licensee's activities, the quality of the licensee's human resources, organisational changes and employee turnover) and external factors (such as changes in the broader environment and the industry and technological advances) that could adversely affect the achievement of the licensee's objectives.

                January 2014

              • OM-1.3.3

                In addition to identifying the most potentially adverse risks, licensees should assess their vulnerability to these risks. Sound risk assessment allows the licensee to better understand its risk profile and most effectively target risk management resources.

                January 2014

              • OM-1.3.4

                Amongst the possible tools used by licensees for identifying and assessing operational risk are:

                (a) Self- or Risk Assessment: a licensee assesses its operations and activities against a menu of potential operational risk vulnerabilities. This process is internally driven and often incorporates checklists and/or workshops to identify the strengths and weaknesses of the operational risk environment. Scorecards, for example, provide a means of translating qualitative assessments into quantitative metrics that give a relative ranking of different types of operational risk exposures. Some scores may relate to risks unique to a specific business line while others may rank risks that cut across business lines. Scores may address inherent risks, as well as the controls to mitigate them;
                (b) Risk Mapping: in this process, various business units, organisational functions or process flows are mapped by risk type. This exercise can reveal areas of weakness and help prioritise subsequent management action;
                (c) Risk Indicators: risk indicators are statistics and/or metrics, often financial, which can provide insight into a licensee's risk position. These indicators tend to be reviewed on a periodic basis (such as monthly or quarterly) to licensees to changes that may be indicative of risk concerns. Such indicators may include the number of failed trades, staff turnover rates and the frequency and/or severity of errors and omissions; and
                (d) Measurement: some licensees have begun to quantify their exposure to operational risk using a variety of approaches. For example, data on a licensee's historical loss experience could provide meaningful information for assessing the licensee's exposure to operational risk and developing a policy to mitigate/control the risk. An effective way of making good use of this information is to establish a framework for systematically tracking and recording the frequency, severity and other relevant information on individual loss events. Some licensees have also combined internal loss data with external loss data, scenario analyses, and risk assessment factors.
                January 2014

              • Approval Process

                • OM-1.3.5

                  Senior management must ensure that there is an approval process for all new products, activities, processes and systems that fully assesses operational risk.

                  January 2014

                • OM-1.3.6

                  In general, a licensee's operational risk exposure is increased when a licensee engages in new activities or develops new products; enters unfamiliar markets; implements new business processes or technology systems; and/or engages in businesses that are geographically distant from the head office. Moreover, the level of risk may escalate when new products activities, processes, or systems transition from an introductory level to a level that represents material sources of revenue or business-critical operations. A licensee should ensure that its risk management control infrastructure is appropriate at inception and that it keeps pace with the rate of growth of, or changes to, products activities, processes and systems.

                  January 2014

                • OM-1.3.7

                  A licensee must have policies and procedures that address the process for review and approval of new products, activities, processes and systems.

                  January 2014

                • OM-1.3.8

                  The review and approval process referred to in Paragraph OM-1.3.7 should consider:

                  (a) Inherent risks in the new product, service, or activity;
                  (b) Changes to the licensee's operational risk profile and appetite and tolerance, including the risk of existing products or activities;
                  (c) The necessary controls, risk management processes, and risk mitigation strategies;
                  (d) The residual risk;
                  (e) Changes to relevant risk thresholds or limits; and
                  (f) The procedures and metrics to measure, monitor, and manage the risk of the new product or activity.
                  January 2014

                • OM-1.3.9

                  The approval process should also ensure that appropriate investment has been made for human resources and technology infrastructure before new products are introduced. The implementation of new products, activities, processes and systems should be monitored in order to identify any material differences to the expected operational risk profile, and to manage any unexpected risks.

                  January 2014

            • OM-1.4 OM-1.4 Monitoring

              • OM-1.4.1

                Licensees must implement a process to regularly monitor operational risk profiles and material exposures to losses. There must be regular reporting of pertinent information at the board, senior management and business levels that supports the proactive management of operational risk.

                January 2014

              • OM-1.4.2

                Licensees are encouraged to continuously improve the quality of operational risk reporting. A licensee should ensure that its reports are comprehensive, accurate, consistent and actionable across business lines and products. Reports should be manageable in scope and volume; effective decision-making is impeded by both excessive amounts and paucity of data.

                January 2014

              • OM-1.4.3

                Reporting should be timely and a licensee should be able to produce reports in both normal and stressed market conditions. The frequency of monitoring should reflect the risks involved and the frequency and nature of changes in the operating environment. Monitoring should be an integrated part of a licensee's activities. The results of these monitoring activities should be included in regular management and board reports, as should compliance reviews performed by the internal audit and/or risk management functions. Reports generated by (and/or for) supervisory authorities may also inform this monitoring and should likewise be reported internally to senior management and the board, where appropriate.

                January 2014

              • OM-1.4.4

                Operational risk reports may contain internal financial, operational, and compliance indicators, as well as external market or environmental information about events and conditions that are relevant to decision making. Operational risk reports should include:

                (a) Breaches of the licensee's risk appetite and tolerance statement, as well as thresholds or limits;
                (b) Details of recent significant internal operational risk events and losses; and
                (c) Relevant external events and any potential impact on the licensee.
                January 2014

              • OM-1.4.5

                Data capture and risk reporting processes should be analysed periodically with a view to continuously enhancing risk management performance as well as advancing risk management policies, procedures and practices.

                January 2014

            • OM-1.5 OM-1.5 Control and Mitigation

              • OM-1.5.1

                Licensees must have a strong control environment that utilises:

                (a) Policies, processes and systems;
                (b) Appropriate internal controls; and
                (c) Appropriate risk mitigation and/or transfer strategies.
                January 2014

              • OM-1.5.2

                Internal controls must be designed to provide assurance that a licensee will:

                (a) Have efficient and effective operations;
                (b) Safeguard its assets;
                (c) Produce reliable financial reports; and
                (d) Comply with applicable laws and regulations.
                January 2014

              • OM-1.5.3

                Control activities are designed to address the operational risks that a licensee has identified. For all material operational risks that have been identified, the licensee should decide whether to use appropriate procedures to control and/or mitigate the risks, or bear the risks. For those risks that cannot be controlled, the licensee should decide whether to accept these risks, reduce the level of business activity involved, or withdraw from this activity completely.

                January 2014

              • OM-1.5.4

                Control processes and procedures should be established and licensees should have a system in place for ensuring compliance with a documented set of internal policies concerning the risk management system. Principal elements of this could include, for example:

                (a) Top-level reviews of the licensee's progress towards the stated objectives;
                (b) Verifying compliance with management controls;
                (c) Policies, processes and procedures concerning the review, treatment and resolution of non-compliance issues;
                (d) Evaluation of required approvals and authorisations to ensure accountability to an appropriate level of management; and
                (e) Tracking reports for approved exceptions to thresholds or limits, management overrides and other deviations from policy.
                January 2014

              • OM-1.5.5

                Although a framework of formal, written policies and procedures is critical, it needs to be reinforced through a strong control culture that promotes sound risk management practices. Both the board of directors and senior management are responsible for establishing a strong internal control culture in which control activities are an integral part of the regular activities of a licensee. Controls that are an integral part of the regular activities enable quick responses to changing conditions and avoid unnecessary costs.

                January 2014

              • OM-1.5.6

                An effective internal control system also requires that there be appropriate segregation of duties and that personnel are not assigned responsibilities which may create a conflict of interest. Assigning such conflicting duties to individuals, or a team, may enable them to conceal losses, errors or inappropriate actions. Therefore, areas of potential conflicts of interest should be identified, minimised, and subject to careful independent monitoring and review.

                January 2014

              • OM-1.5.7

                In addition to segregation of duties, licensees should ensure that other internal practices are in place as appropriate to control operational risk. Examples of these include:

                (a) Clearly established authorities and/or processes for approval;
                (b) Close monitoring of adherence to assigned risk limits or thresholds;
                (c) Maintaining safeguards for access to, and use of, licensee assets and records;
                (d) Appropriate staffing level and training to maintain expertise;
                (e) Ongoing processes to identify business lines or products where returns appear to be out of line with reasonable expectations;
                (f) Regular verification and reconciliation of transactions and accounts; and
                (g) A vacation policy that provides for officers and employees being absent from their duties for a period of not less than two consecutive weeks.
                January 2014

              • OM-1.5.8

                Some significant operational risks have low probabilities but potentially very large financial impact. Moreover, not all risk events can be controlled (e.g., natural disasters). Risk mitigation tools or programmes can be used to reduce the exposure to, or frequency and/or severity of, such events. For example, insurance policies, particularly those with prompt and certain pay-out features, can be used to externalise the risk of "low frequency, high severity" losses which may occur as a result of events such as third-party claims resulting from errors and omissions, physical loss of securities, employee or third-party fraud, and natural disasters.

                January 2014

              • OM-1.5.9

                Licensees should view risk mitigation tools as complementary to, rather than a replacement for, thorough internal operational risk control. Having mechanisms in place to quickly recognise and rectify legitimate operational risk errors can greatly reduce exposures. Careful consideration also needs to be given to the extent to which risk mitigation tools such as insurance truly reduce risk, or transfer the risk to another business sector or area, or even create a new risk (e.g. legal or counterparty risk).

                January 2014

              • OM-1.5.10

                Investments in appropriate processing technology and information technology security are also important for risk mitigation. However, licensees should be aware that increased automation could transform high-frequency, low-severity losses into low frequency, high-severity losses. The latter may be associated with loss or extended disruption of services caused by internal factors or by factors beyond the licensee's immediate control (e.g., external events). Such problems may cause serious difficulties for licensees and could jeopardise an institution's ability to conduct key business activities.

                January 2014

              • OM-1.5.11

                In some instances, licensees may decide to either retain a certain level of operational risk or self-insure against that risk. Where this is the case and the risk is material, the decision to retain or self-insure the risk should be transparent within the organisation and should be consistent with the licensee's overall business strategy and appetite for risk.

                January 2014

              • OM-1.5.12

                Licensees should assess the costs and benefits of alternative risk limitation and control strategies and should adjust their operational risk exposure using appropriate strategies, in light of their overall risk profile.

                January 2014

            • OM-1.6 OM-1.6 Succession Planning

              • OM-1.6.1

                Succession planning is an essential precautionary measure for a licensee if its leadership stability – and hence ultimately its financial stability – is to be protected. Succession planning is especially critical for smaller institutions, where management teams tend to be smaller and possibly reliant on a few key individuals.

                January 2014

              • OM-1.6.2

                The CBB requires licensees to document succession plans for their senior management team and have these at any time for onsite inspection by CBB staff. Licensees must summarise who is covered by their succession plan and confirm that the plan has been reviewed and endorsed at Board level.

                January 2014

            • OM-1.7 OM-1.7 Disclosure

              • OM-1.7.1

                A licensee's public disclosures must allow stakeholders to assess its approach to operational risk management.

                January 2014

              • OM-1.7.2

                A licensee's public disclosure of relevant operational risk management information can lead to transparency and the development of better industry practice through market discipline. The amount and type of disclosure should be commensurate with the size, risk profile and complexity of a licensee's operations, and evolving industry practice. See Section PD-1.3 on disclosure requirements.

                January 2014

              • OM-1.7.3

                A licensee should disclose its operational risk management framework in a manner that will allow stakeholders to determine whether the licensee identifies, assesses, monitors and controls/mitigates operational risk effectively.

                January 2014

              • OM-1.7.4

                A licensee's disclosures should be consistent with how senior management and the board of directors assess and manage the operational risk of the licensee.

                January 2014

              • OM-1.7.5

                A licensee must have a formal disclosure policy approved by the board of directors that addresses the licensee's approach for determining what operational risk disclosures it will make and the internal controls over the disclosure process. In addition, licensees must implement a process for assessing the appropriateness of their disclosures, including the verification and frequency of them.

                January 2014

          • OM-2 OM-2 Outsourcing

            • OM-2.1 OM-2.1 Introduction

              • OM-2.1.1

                This Chapter sets out the CBB's approach to outsourcing by licensees. It also sets out various requirements that licensees must address when considering outsourcing an activity or function.

                January 2014

              • OM-2.1.2

                In the context of this Chapter, outsourcing means an arrangement whereby a third party performs on behalf of a licensee an activity which would normally be undertaken by the licensee itself (or in the case of a new activity, one which commonly would have been performed internally by the licensee) as part of the offering of regulated financial services. Examples of services that are sometimes outsourced include data processing, cloud services, customer call centres and back-office related activities.

                Amended: October 2017
                January 2014

              • OM-2.1.3

                Most of the Directives in this Chapter are concerned with situations where the third party provider is outside the licensee. Section OM-2.8, however, sets out the CBB's requirements when a service is outsourced to a company within the licensee's group.

                January 2014

              • OM-2.1.4

                For outsourcing services that are not considered material outsourcing arrangements, licensees must submit a written notification to the CBB before committing to the new outsourcing arrangement.

                Added: October 2017

              • OM-2.1.5

                The CBB reserves the right to require a licensee to terminate or make alternative outsourcing arrangements if, among other reasons, the confidentiality of its customer information was, or is likely to be, breached or the ability of the CBB to carry out its supervisory functions in view of the outsourcing arrangement cannot be assured or executed.

                Added: October 2017

            • OM-2.2 OM-2.2 Supervisory Approach

              • OM-2.2.1

                The CBB recognises the benefits that can potentially be achieved through outsourcing an activity to a third party provider. They can include reduced costs, enhanced service quality and a reduction in management time spent on non-core activities. However, outsourcing an activity also poses potential risks. These include the ability of the service provider to maintain service quality levels, reduced control over the activity and access to relevant information, and increased legal and client confidentiality risks.

                January 2014

              • OM-2.2.2

                The CBB's approach is to allow licensees the freedom to enter into outsourcing arrangements, providing these are not core functions and these arrangements have been properly structured and associated risks addressed.

                January 2014

              • OM-2.2.3

                Once an outsourcing arrangement has been implemented, the CBB requires a licensee to continue to monitor the associated risks and the effectiveness of its mitigating controls. It will verify this through the course of its normal on-site and off-site supervisory processes, such as prudential meetings and on-site examinations. The CBB also requires access to the outsourced activity, which it may occasionally want to examine itself, through management meetings or on-site examinations.

                January 2014

              • OM-2.2.4

                Fundamental to the CBB's supervisory approach to outsourcing is that the Board and management of the licensee may not abdicate their responsibility for a licensee's business and the way its customers are treated. The Board and management remain ultimately responsible for the effectiveness of systems and controls in outsourced activities.

                January 2014

              • OM-2.2.5

                The board and senior management are responsible for understanding the operational risks associated with outsourcing arrangements and ensuring that effective risk management policies and practices are in place to manage the risk in outsourcing activities. Outsourcing policies and risk management activities should encompass:

                (a) Procedures for determining whether and how activities can be outsourced;
                (b) Processes for conducting due diligence in the selection of potential service providers;
                (c) Sound structuring of the outsourcing arrangement, including ownership and confidentiality of data, as well as termination rights;
                (d) Programmes for managing and monitoring the risks associated with the outsourcing arrangement, including the financial condition of the service provider;
                (e) Establishment of an effective control environment at the licensee and the service provider;
                (f) Development of viable contingency plans; and
                (g) Execution of comprehensive contracts and/or service level agreements with a clear allocation of responsibilities between the outsourcing provider and the licensee.
                January 2014

            • OM-2.3 OM-2.3 Prior Approval Requirements

              • OM-2.3.1

                A licensee must seek the CBB's prior written approval before committing to a new outsourcing arrangement.

                Amended: October 2017
                January 2014

              • OM-2.3.2

                The request for prior approval must:

                (a) Be made in writing to the licensee's normal supervisory point of contact;
                (b) Contain sufficient detail to demonstrate that relevant issues raised in Section OM-2.4 onward of this Chapter have been addressed; and
                (c) Be made at least 6 weeks before the licensee intends to commit to the arrangement.
                January 2014

              • OM-2.3.3

                Licensees must not outsource "core functions" which are defined as the offering of regulated financing company services, customer due diligence and approval of customers. Core functions also include arrangements that, if they failed in any way, would pose significant risks to the on-going operations of a licensee, its reputation and/or quality of service provided to its customers.

                January 2014

              • OM-2.3.4

                With reference to Paragraph OM-2.3.3, the outsourcing of all or a substantial part of functions such as loan processing and settlements would normally be considered 'core'. IT and data processing may be considered 'non-core' and may be outsourced subject to the CBB prior approval.

                January 2014

              • OM-2.3.5

                Management should carefully consider whether a proposed outsourcing arrangement falls under this Chapter's definition of 'core'. If in doubt, management should consult with the CBB.

                January 2014

              • OM-2.3.6

                The CBB will review the information provided and provide a definitive response within 6 weeks of receiving the request for approval. Where further information is requested from the licensee, however, the time taken to provide this further information will not be taken into account.

                Amended: October 2017
                January 2014

              • OM-2.3.7

                Once an activity has been outsourced, a licensee must immediately inform its normal supervisory point of contact at the CBB of any material problems encountered with the outsourcing provider. The CBB reserves the right to direct a licensee to make alternative arrangements for the outsourced activity.

                Amended: October 2017
                January 2014

            • OM-2.4 OM-2.4 Risk Assessment

              • OM-2.4.1

                Licensees must undertake a thorough risk assessment of an outsourcing proposal, before formally submitting a request for prior approval to the CBB and committing itself to an agreement.

                January 2014

              • OM-2.4.2

                The risk assessment must – amongst other things – include an analysis of:

                (a) The business case;
                (b) The suitability of the outsourcing provider including but not limited to the outsourcing provider's financial soundness, its technical competence, its commitment to the arrangement, its reputation, its adherence to international standards, and the associated country risk; and
                (c) The impact of the outsourcing on the licensee's overall risk profile and its systems and controls framework.
                Amended: October 2017
                January 2014

              • OM-2.4.3

                [This paragraph was deleted in October 2017].

                Deleted: October 2017
                January 2014

              • OM-2.4.4

                Once an outsourcing agreement has been entered into, licensees must regularly review the suitability of the outsourcing provider and the ongoing impact of the agreement on their risk profile and systems and controls framework. Such reviews must take place at least every year.

                January 2014

              • OM-2.4.5

                A licensee must nominate a relevant approved person with day-to-day responsibility for handling the relationship with the outsourcing provider and ensuring that relevant risks are addressed. The name of this person must be communicated to the CBB as part of the request for prior approval required under Section OM-2.3 or if any change occurs thereafter. Any subsequent replacement of such person must also be notified to the CBB.

                Amended: October 2017
                January 2014

            • OM-2.5 OM-2.5 Outsourcing Agreement

              • OM-2.5.1

                The activities to be outsourced and respective contractual liabilities and obligations of the outsourcing provider and licensee must be clearly specified in an outsourcing agreement. This agreement must – amongst other things – address the following points:

                (a) Control over outsourced activities:
                (i) The Board and management of licensees are held ultimately responsible by the CBB for the adequacy of systems and controls over the outsourced activities. Licensees must therefore ensure that they have adequate mechanisms for monitoring the performance of, and managing the relationship with, the outsourcing provider;
                (ii) A service level agreement ("SLA") – setting out the standards of service to be provided – must form part of the outsourcing agreement;
                (iii) Mechanisms for the regular monitoring by licensees of performance against the SLA and other targets, and for implementing remedies in case of any shortfalls, must also form part of the agreement;
                (iv) Clear reporting and escalation mechanisms must be specified in the agreement; and
                (v) Where an outsourcing provider in turn decides to sub-contract to other providers, CBB's prior written approval must be obtained, and it must obtain the prior consent of the concerned licensee before sub-contracting and the original provider must remain contractually liable to the licensee for the quality and level of service agreed, and its obligations to the licensee must remain unchanged;
                (b) Customer data confidentiality:
                (i) Licensees must ensure that outsourcing agreements comply with all applicable legal requirements regarding customer confidentiality;
                (ii) Licensees must ensure that the outsourcing provider implements adequate safeguards and procedures. Amongst other things, customer data must be properly segregated from those belonging to other clients the outsourcing provider may have. Outsourcing providers must give suitable undertakings that the company and its staff will comply with all applicable confidentiality rules. Licensees must have contractual rights to take action against the service provider in the event of a breach of confidentiality; and
                (iii) Licensees must assess the impact of using an overseas-based outsourcing provider on their ability to maintain customer data confidentiality, for instance, because of the powers of local authorities to access such data;
                (c) Access to information:
                (i) Outsourcing agreements must ensure that the licensee's internal and external auditors have timely access to any relevant information they may require to fulfill their responsibilities. Such access must allow them to conduct on-site examinations of the outsourcing provider, if required;
                (ii) Licensees must also ensure that the CBB inspectors and appointed experts have timely access to any relevant information they may reasonably require under the law. Such access must allow the CBB to conduct on-site examinations of the outsourcing provider, if required;
                (iii) Where the outsourcing provider is based overseas, the outsourcing provider must confirm in the outsourcing agreement that there are no regulatory or legal impediments to either the licensee's internal and external auditors, or the CBB inspectors and appointed experts, having the access described above. Should such restrictions subsequently be imposed, the licensee must communicate this fact to the CBB as soon as it becomes aware of the matter; and
                (iv) The outsourcing provider must commit itself, in the outsourcing agreement, to informing the licensee of any developments that may have a material impact on its ability to meet its obligations. These may include, for example, relevant control weaknesses identified by the outsourcing provider's internal or external auditors, and material adverse developments in the financial performance of the outsourcing provider;
                (d) Business continuity:
                (i) Licensees must ensure that service providers maintain, regularly review and test plans to ensure continuity in the provision of the outsourced service; and
                (ii) Licensees must have an adequate understanding of the outsourcing provider's arrangements, to understand the implications for its own contingency arrangements (see Section OM-2.6);
                (e) Termination:
                (i) Licensees must have the right to terminate the agreement should the outsourcing provider undergo a change of ownership (whether direct or indirect) that poses a potential conflict of interest; becomes insolvent; or goes into liquidation or administration;
                (ii) Termination under any other circumstances allowed under the agreement must give licensees a sufficient notice period in which they can effect a smooth transfer of the service to another provider or bring it back in-house; and
                (iii) In the event of termination, for whatever reason, the agreement must provide for the return of all customer data – where required by licensees – or destruction of the records.
                Amended: October 2017
                January 2014

            • OM-2.6 OM-2.6 Contingency Planning for Outsourcing Arrangements

              • OM-2.6.1

                Licensees must maintain and regularly review contingency plans to enable them to set up alternative arrangements – with minimum disruption to business – should the outsourcing contract be suddenly terminated or the outsourcing provider fails. This may involve the identification of alternative outsourcing providers or the provision of the service in-house. These plans must consider how long the transition would take and what interim arrangements would apply.

                January 2014

            • OM-2.7 OM-2.7 Internal Audit Outsourcing

              • OM-2.7.1

                Because of the critical importance of an effective internal audit function to a licensee's control framework, all proposals to outsource internal audit operations are subject to CBB prior approval.

                January 2014

              • OM-2.7.2

                Licensees must not outsource their internal audit function to the same firm that acts as their external auditor.

                January 2014

              • OM-2.7.3

                In all circumstances, Board and management of licensees must retain responsibility for ensuring that an adequate internal audit programme is implemented, and will be held accountable in this respect by the CBB.

                January 2014

            • OM-2.8 OM-2.8 Intragroup Outsourcing

              • OM-2.8.1

                As with outsourcing to non-group companies, the Board and management of licensees are held ultimately responsible by the CBB for the adequacy of systems and controls in activities outsourced to group companies.

                January 2014

              • OM-2.8.2

                However, the degree of formality required – in terms of contractual agreements and control mechanisms – for outsourcing within a licensee's group is likely to be less, because of common management and enhanced knowledge of other group companies.

                January 2014

              • OM-2.8.3

                A licensee must formally request prior written approval from the CBB at least 6 weeks before committing to an intragroup outsourcing. The request for approval must be made in writing to the licensee's normal supervisory point of contact, and must set out a summary of the proposed outsourcing, its rationale, and an analysis of its associated risks and proposed mitigating controls. The CBB will respond to the request for approval in the same manner and timescale as set in Section OM-2.3.

                Amended: October 2017
                January 2014

              • OM-2.8.4

                The CBB expects, as a minimum, an agreed statement of the standard of service to be provided by the group provider, including a clear statement of responsibilities allocated between the group provider and licensee.

                January 2014

              • OM-2.8.5

                The CBB also expects a licensee's management to have addressed the issues of customer confidentiality, access to information and business continuity covered above (Section OM-2.5).

                January 2014

            • OM-2.9 OM-2.9 Outsourcing of Functions Containing Customer Information

              • OM-2.9.1

                Licensees must seek the CBB's prior written approval for third party and intragroup outsourcing of functions/services containing customer information including but not limited to payment services, debt collection, card and data processing, IT function including cloud services, internal audit and electronic/internet banking services but excluding legal services.

                Amended: October 2017
                Added: July 2016

              • OM-2.9.2

                For a third party outsourcing of functions/services containing customer information, other than debt collection, IT function, internal audit, cards embossing, data/documents storing and call centres, the service providers must be licensed by the CBB and located in Bahrain. If the outsourced service is not available in Bahrain after 30th June 2017, licensees must submit to the CBB a written request, at least within 30 days of the stated deadline. The request must provide details of the circumstances under which the extension of outsourcing activities is being requested.

                Amended: July 2018
                Amended: January 2017
                Added: July 2016

              • OM-2.9.2A

                In case of an outsourcing arrangement that involves transmission of customer information to the service provider, licensees must make necessary changes to the terms of the customer agreements and send prior notices to the customer, who shall provide a consent in writing that his/her information would be transmitted to a service provider. Licensees may only effect the changes in the customer agreement following the receipt of customer consent

                Added: July 2018

              • OM-2.9.3

                Licensees must provide to the CBB quarterly progress reports on the steps and procedures taken in implementing the requirements of Paragraph OM-2.9.2. The progress report must be provided to the licensee's supervisory point of contact at the CBB and the first report must be submitted by 31st July 2016.

                Added: July 2016

              • OM-2.9.4

                For intragroup outsourcing of functions/services containing customer information, the following conditions must also be met:

                (a) [This Subparagraph was deleted in January 2021];
                (b) The service level agreement must clearly state that the CBB inspectors and appointed experts have the legal right to conduct onsite examinations of the outsourcing provider and such expenses are to be borne by the licensee;
                (c) Any report by any other regulatory authority on the quality of controls of the outsourcing provider must be submitted immediately by the licensee to the CBB.
                (d) [This sub-paragraph was deleted in October 2017].
                Amended: January 2021
                Amended: October 2017
                Added: July 2016

              • OM-2.9.5

                [This Paragraph was deleted in October 2017].

                Deleted: October 2017
                Added: July 2016

              • Clouding Services

                • OM-2.9.6

                  For the purpose of outsourcing of cloud services, licensees must ensure that, at a minimum, the following security measures are in place:

                  (a) Customer information must be encrypted and licensees must ensure that all encryption keys or similar forms of authentication are kept secure within the licensee's control;
                  (b) A secure audit trail must be maintained for all actions performed at the cloud services outsourcing provider;
                  (c) A comprehensive change management procedure must be developed to account for future changes to technology with adequate testing of such changes;
                  (d) The licensee's data must be logically segregated from other entities data at the outsourcing service provider's platform;
                  (e) The cloud service provider must provide information on measures taken at its platform to ensure adequate information security, data security and confidentiality, including but not limited to forms of protection available against unauthorized access and incident management process in cases of data breach or data loss; and
                  (f) The right to release customer information/data in case of foreign government/court orders must be the sole responsibility of the licensee, subject to the CBB Law.
                  Added: October 2017

          • OM-3 OM-3 Electronic Financing Activities

            • OM-3.1 OM-3.1 Electronic Financial Services

              • OM-3.1.1

                As the Board of Directors and senior management should take an explicit, informed and documented strategic decision as to whether and how the licensee is to provide electronic financial services. The initial decision should include the specific accountabilities, policies and controls to address risks, including those arising in a cross-border context.

                January 2014

              • OM-3.1.2

                Effective management oversight should include the review and approval of the key aspects of the licensee's security control process, such as the development and maintenance of a security control infrastructure that properly safeguards the electronic financial systems and data from both internal and external threats. The review should also include a comprehensive process for managing risks associated with increased complexity of and increasing reliance on outsourcing relationships and third-party dependencies to perform electronic financing functions.

                January 2014

              • OM-3.1.3

                Senior management should ensure that appropriate security control processes are in place for electronic financing. Such processes should include establishing appropriate authorisation privileges and authentication measures, logical and physical access controls, adequate infrastructure security to maintain appropriate boundaries and restrictions on both internal and external user activities and data integrity of transactions, records and information.

                January 2014

              • OM-3.1.4

                The existence of clear audit trails for all electronic financing transactions should be ensured and measures to preserve confidentiality of key electronic financing information should be appropriate with the sensitivity of such information.

                January 2014

              • OM-3.1.5

                To protect licensees against business, legal and reputation risk, electronic financial services should be delivered on a consistent and timely basis in accordance with high customer expectations for constant and rapid availability and potentially high transaction demand. Licensees should have the ability to deliver electronic financing services to all end-users and be able to maintain such availability in all circumstances.

                January 2014

              • OM-3.1.6

                Licensees should develop appropriate incident response plans, including communication strategies that ensure business continuity, control reputation risk and limit liability associated with disruptions in their electronic financing services.

                January 2014

              • OM-3.1.7

                Licensees must implement enhanced fraud monitoring of movements in customers’ accounts to guard against electronic frauds using various tools and measures, such as limits in value, volume and velocity.

                Added: January 2021

              • OM-3.1.8

                Licensees must have in place customer awareness communications, pre and post onboarding process, using video calls, short videos or pop-up messages, to and warn natural persons using online channels or applications about the risk of electronic frauds, and emphasise the need to secure their personal credentials and not share them with anyone, online or offline.

                Added: January 2021

          • OM-4 OM-4 Business Continuity Planning

            • OM-4.1 OM-4.1 General Requirements

              • OM-4.1.1

                To ensure an ability to operate on an ongoing basis and limit losses in the event of severe business disruption, all licensees must maintain contingency and business continuity plan (BCP) to ensure their ability to operate on an ongoing basis and limit losses in the event of severe business disruption. A BCP must address the following key areas:

                (a) Data back up and recovery (hard copy and electronic);
                (b) Continuation of all critical systems, activities, and counterparty impact;
                (c) Financial and operational assessments;
                (d) Alternate communication arrangements between the licensee and its customers and its employees;
                (e) Alternate physical location of employees; and
                (f) Communications with and reporting to the CBB and any other relevant regulators.
                January 2014

              • OM-4.1.2

                For reasons that may be beyond a licensee's control, a severe event may result in the inability of the licensee to fulfil some or all of its business obligations, particularly where the licensee's physical, telecommunication, or information technology infrastructures have been damaged or made inaccessible. This can, in turn, result in significant financial losses to the licensee. This potential event requires that licensees establish disaster recovery and business continuity plans that take into account different types of plausible scenarios to which the licensee may be vulnerable, commensurate with the size and complexity of the licensee's operations.

                January 2014

              • OM-4.1.3

                Licensees should identify critical business processes, including those where there is dependence on external vendors or other third parties, for which rapid resumption of service would be most essential. For these processes, licensees should identify alternative mechanisms for resuming service in the event of an outage. Particular attention should be paid to the ability to restore electronic or physical records that are necessary for business resumption. Where such records are backed-up at an off-site facility, or where a licensee's operations must be relocated to a new site, care should be taken that these sites are at an adequate distance from the impacted operations to minimise the risk that both primary and back-up records and facilities will be unavailable simultaneously.

                January 2014

              • OM-4.1.4

                Licensees should periodically review their disaster recovery and business continuity plans so that they are consistent with the licensee's current operations and business strategies. Moreover, these plans should be tested periodically to ensure that the licensee would be able to execute the plans in the unlikely event of a severe business disruption.

                January 2014

              • OM-4.1.5

                Effective BCPs must be comprehensive, limited not just to disruption of business premises and information technology facilities, but covering all other critical areas, which affect the continuity of critical business operations or services (e.g. liquidity, human resources and others).

                January 2014

              • OM-4.1.6

                Licensees must notify the CBB promptly if their BCP is activated. They must also provide regular progress reports – as agreed with the CBB – until the BCP is deactivated.

                January 2014

            • OM-4.2 OM-4.2 Board and Senior Management Responsibilities

              • Establishment of Policy, Processes & Responsibilities

                • OM-4.2.1

                  A licensee's Board of Directors and senior management are collectively responsible for a licensee's business continuity. The Board must endorse the policies, standards and processes for a licensee's BCP, as established by its senior management. The Board and senior management must delegate adequate resources to develop the BCP, and for its maintenance and periodic testing.

                  January 2014

                • OM-4.2.2

                  Licensees must establish a Crisis Management Team (CMT) to develop, maintain and test their BCP, as well as to respond to and manage the various stages of a crisis. The CMT must comprise members of senior management and heads of major support functions (e.g. building facilities, IT, corporate communications and human resources).

                  January 2014

                • OM-4.2.3

                  Licensees must establish (and document as part of the BCP) individuals' responsibilities in helping prepare for and manage a crisis; and the process by which a disaster is declared and the BCP initiated (and later terminated).

                  January 2014

              • Monitoring and Reporting

                • OM-4.2.4

                  The CMT must submit regular reports to the Board and senior management on the results of the testing of the BCP (refer to section OM-4.8). Major changes must be developed by the CMT, reported to senior management, and endorsed by the Board.

                  January 2014

                • OM-4.2.5

                  The Chief Executive of a licensee must sign a formal annual statement submitted to the Board on whether the recovery strategies adopted are still valid and whether the documented BCP is properly tested and maintained. The annual statement must be included in the BCP documentation and will be reviewed as part of the CBB's on-site examinations.

                  January 2014

            • OM-4.3 OM-4.3 Developing a Business Continuity Plan

              • Impact Analysis

                • OM-4.3.1

                  Licensees' BCPs must be based on:

                  (a) A business impact analysis;
                  (b) An operational impact analysis; and
                  (c) A financial impact analysis.

                  These analyses must be comprehensive, including all business functions and departments, not just IT or data processing.

                  January 2014

                • OM-4.3.2

                  The key objective of a business impact analysis is to identify the different kinds of risk to business continuity and to quantify the operational and financial impact of disruptions on a licensee's ability to conduct its critical business processes.

                  January 2014

                • OM-4.3.3

                  A typical business impact analysis is normally comprised of two stages. The first is to identify and prioritise the critical business processes that must be continued in the event of a disaster. The first stage should take account of the impact on customers and reputation, the legal implications and the financial cost associated with downtime. The second stage is a time-frame assessment. This aims to determine how quickly the licensee needs to resume critical business processes identified in stage one.

                  January 2014

                • OM-4.3.4

                  Operational impact analysis focuses on the licensee's ability to maintain communications with customers and to retrieve key activity records. It identifies the organisational implications associated with the loss of access, loss of utility, or loss of a facility. It highlights which functions may be interrupted by an outage, and the consequences to the public and customer of such interruptions.

                  January 2014

                • OM-4.3.5

                  A financial impact analysis identifies the financial losses that (both immediate and also consequent to the event) arise out of an operational disruption.

                  January 2014

              • Risk Assessment

                • OM-4.3.6

                  In developing a BCP, licensees must consider realistic threat scenarios that may (potentially) cause disruptions to their business processes.

                  January 2014

                • OM-4.3.7

                  Business continuity plans must take into account different types of likely or plausible scenarios to which the licensee will be vulnerable. The following specific scenarios must at a minimum, be considered in the BCP:

                  (a) Utilities are not available (power, telecommunications);
                  (b) Critical buildings are not available or specific facilities are not accessible;
                  (c) Software and live data are not available or are corrupted;
                  (d) Vendor assistance or (outsourced) service providers are not available;
                  (e) Critical documents or records are not available;
                  (f) Critical personnel are not available; and
                  (g) Significant equipment malfunctions (hardware or telecom).
                  January 2014

            • OM-4.4 OM-4.4 BCP – Recovery Levels & Objectives

              • OM-4.4.1

                The BCP must document strategies and procedures to maintain, resume and recover critical business operations or services. The plan must differentiate between critical and non-critical functions. The BCP must clearly describe the types of events that would lead up to the formal declaration of a business disruption and the process for activating the BCP.

                January 2014

              • OM-4.4.2

                The BCP must clearly identify alternate sites for different operations, the total number of recovery personnel, workspace requirements, and applications and technology requirements. Office facilities and records requirements must also be identified.

                January 2014

              • OM-4.4.3

                Licensees should take note that they might need to cater for processing volumes that exceed those under normal circumstances. The interdependency among critical services is another major consideration in determining the recovery strategies and priority.

                January 2014

              • OM-4.4.4

                Individual critical business and support functions must establish the minimum BCP recovery objectives for recovering essential business operations and supporting systems to a specified level of service ("recovery level") within a defined period following a disruption ("recovery time"). These recovery levels and recovery times must be approved by the senior management prior to proceeding to the development of the BCP.

                January 2014

              • List of Contacts and Responsibilities

                • OM-4.4.5

                  The BCP must contain a list of all key personnel. The list must include personal contact information on each key employee such as their home address, home telephone number, and cell phone so they may be contacted in case of a disaster or other emergency.

                  January 2014

                • OM-4.4.6

                  The BCP must contain all the necessary process steps to complete each critical business operation or service. Each process must be explained in sufficient detail to allow another employee to perform the job in case of a disaster.

                  January 2014

              • Alternate Sites for Business and Technology Recovery

                • OM-4.4.7

                  Most business continuity efforts are dependent on the availability of an alternate site (i.e. recovery site) for successful execution. The alternate site may be either an external site available through an agreement with a commercial vendor or premises owned or under the control of the licensee. A useable, functional alternate site is an integral component of BCP.

                  January 2014

                • OM-4.4.8

                  Licensees must examine the extent to which key business functions are concentrated in the same or adjacent locations and the proximity of the alternate sites to primary sites. Alternate sites must be sufficiently remote from, and do not depend upon the same physical infrastructure components as a licensee's primary business location. This minimises the risk of both sites being affected by the same disaster (e.g. they must be on separate or alternative power grids and telecommunication circuits).

                  January 2014

                • OM-4.4.9

                  Licensees' alternate sites and alternate recovery mechanisms must be readily accessible and available for occupancy (i.e. 24 hours a day, 7 days a week) within the time requirement specified in their BCP. Should the BCP so require, the alternate sites must have pre-installed workstations, power, telephones and ventilation, and sufficient space. Appropriate physical access controls such as access control systems and security guards must be implemented in accordance with the licensee's security policy.

                  January 2014

                • OM-4.4.10

                  Other than the establishment of alternate sites, licensees should also pay particular attention to the transportation logistics for relocation of operations to alternate sites. Consideration should be given to the impact a disaster may have on the transportation system (e.g. closures of roads). Some staff may have difficulty in commuting from their homes to the alternate sites. Other logistics, such as how to re-route internal and external mail to alternate sites should also be considered. Moreover, pre-arrangement with telecommunication companies for automated telephone call diversion from the primary work locations to the alternate sites should be considered.

                  January 2014

                • OM-4.4.11

                  Alternate sites for technology recovery (i.e. back-up data centres), which may be separate from the primary business site, should have sufficient technical equipment (e.g. workstations, servers, printers, etc.) of appropriate model, size and capacity to meet recovery requirements as specified by licensees' BCPs. The sites should also have adequate telecommunication (including bandwidth) facilities and pre-installed network connections as specified by their BCP to handle the expected voice and data traffic volume.

                  January 2014

                • OM-4.4.12

                  Licensees should avoid placing excessive reliance on external vendors in providing BCP support, particularly where a number of institutions are using the services of the same vendor (e.g. to provide back-up facilities or additional hardware). Licensees should satisfy themselves that such vendors do actually have the capacity to provide the services when needed and the contractual responsibilities of the vendors should be clearly specified. Licensees should recognise that outsourcing a business operation does not transfer the associated business continuity management responsibilities.

                  January 2014

                • OM-4.4.13

                  The contractual terms should include the lead-time and capacity that vendors are committed to deliver in terms of back-up facilities, technical support or hardware. The vendor should be able to demonstrate its own recoverability including the specification of another recovery site in the event that the contracted site becomes unavailable.

                  January 2014

                • OM-4.4.14

                  Certain licensees may rely on a reciprocal recovery arrangement with other institutions to provide recovery capability. Licensees should, however, note that such arrangements are often not appropriate for prolonged disruptions or an extended period of time. This arrangement could also make it difficult for licensees to adequately test their BCP. Any reciprocal recovery agreement should therefore be subject to proper risk assessment and documentation by licensees, and formal approval by the Board.

                  January 2014

            • OM-4.5 OM-4.5 Detailed Procedures for the BCP

              • OM-4.5.1

                Once the recovery levels and recovery objectives for individual business lines and support functions are determined, the development of the detailed BCP should commence. The objective of the detailed BCP is to provide detailed guidance and procedures in a crisis situation, of how to recover critical business operations or services identified in the business impact analysis stage, and to ultimately return to operations as usual.

                January 2014

              • Crisis Management Process

                • OM-4.5.2

                  A BCP must set out a Crisis Management Plan (CMP) that serves as a documented guidance to assist the CMT in dealing with a crisis situation to avoid spill over effects to the business as a whole. The overall CMP, at a minimum, must contain the following:

                  (a) A process for ensuring early detection of an emergency or a disaster situation and prompt notification to the CMT about the incident;
                  (b) A process for the CMT to assess the overall impact of the crisis situation on the licensee and to make quick decisions on the appropriate responses for action (i.e. staff safety, incident containment and specific crisis management procedures);
                  (c) Arrangements for safe evacuation from business locations (e.g. directing staff to a pre-arranged emergency assembly area, taking attendance of all employees and visitors at the time and tracking missing people through different means immediately after the disaster);
                  (d) Clear criteria for activation of the BCP and/or alternate sites;
                  (e) A process for gathering updated status information for the CMT (e.g. ensuring that regular conference calls are held among key staff from relevant business and support functions to report on the status of the recovery process);
                  (f) A process for timely internal and external communications; and
                  (g) A process for overseeing the recovery and restoration efforts of the affected facilities and the business services.
                  January 2014

                • OM-4.5.3

                  If CMT members need to be evacuated from their primary business locations, the licensee should set up a command centre to provide the necessary workspace and facilities for the CMT. Command centres should be sufficiently distanced from the licensee's primary business locations to avoid being affected by the same disaster.

                  January 2014

              • Business Resumption

                • OM-4.5.4

                  Each relevant business and support function must assign at least one member to be a part of the CMT to carry out the business resumption process for the relevant business and supported function. Appropriate recovery personnel with the required knowledge and skills must be assigned to the team.

                  January 2014

              • Technology Recovery

                • OM-4.5.5

                  Business resumption very often relies on the recovery of technology resources that include applications, hardware equipment and network infrastructure as well as electronic records. The technology requirements that are needed during recovery for individual business and support functions should be specified when the recovery strategies for the functions are determined.

                  January 2014

                • OM-4.5.6

                  Licensees should pay attention to the resilience of critical technology equipment and facilities such as the uninterruptible power supply (UPS) and the computer cooling systems. Such equipment and facilities should be subject to continuous monitoring and periodic maintenance and testing.

                  January 2014

                • OM-4.5.7

                  Appropriate personnel must be assigned with the responsibility for technology recovery. Alternative personnel need to be identified as back up for key technology recovery personnel in the case of the latter unavailability to perform the recovery process.

                  January 2014

            • OM-4.6 OM-4.6 Vital Records Management

              • OM-4.6.1

                Each BCP must clearly identify information deemed vital for the recovery of critical business and support functions in the event of a disaster as well as the relevant protection measures to be taken for protecting vital information. Licensees must refer to Chapter GR-1 when identifying vital information for business continuity. Vital information includes information stored on both electronic and non-electronic media.

                January 2014

              • OM-4.6.2

                Copies of vital records must be stored off-site as soon as possible after creation. Back-up vital records must be readily accessible for emergency retrieval. Access to back-up vital records must be adequately controlled to ensure that they are reliable for business resumption purposes. For certain critical business operations or services, licensees must consider the need for instantaneous data back up to ensure prompt system and data recovery. There must be clear procedures indicating how and in what priority vital records are to be retrieved or recreated in the event that they are lost, damaged or destroyed.

                January 2014

            • OM-4.7 OM-4.7 Other Policies Standards, and Processes

              • Employee Awareness and Training Plan

                • OM-4.7.1

                  Licensees must implement an awareness plan and business continuity training for employees to ensure that all employees are continually aware of their responsibilities and know how to remain in contact and what to do in the event of a crisis.

                  January 2014

                • OM-4.7.2

                  Key employees should be involved in the business continuity development process, as well as periodic training exercises. Cross training should be utilised to anticipate restoring operations in the absence of key employees. Employee training should be regularly scheduled and updated to address changes to the BCP.

                  January 2014

              • Public Relations & Communication Planning

                • OM-4.7.3

                  Licensees must develop an awareness program and formulate a formal strategy for communication with key external parties (e.g. CBB and other regulators, investors, customers, business partners, service providers, the media and other stakeholders) and provide for the type of information to be communicated. The strategy needs to set out all the parties the licensee must communicate to in the event of a disaster. This will ensure that consistent and up-to-date messages are conveyed to the relevant parties. During a disaster, ongoing and clear communication is likely to assist in maintaining the confidence of customers as well as the public in general.

                  January 2014

                • OM-4.7.4

                  The BCP must clearly indicate who may speak to the media and other key external parties, and have pre-arrangements for redirecting external communications to designated staff during a disaster. Important contact numbers and e-mail addresses of key external parties must be kept in a readily accessible manner (e.g. in wallet cards or licensees' intranet).

                  January 2014

                • OM-4.7.5

                  Licensees may find it helpful to prepare draft press releases as part of their BCP. This will save the CMT time in determining the main messages to convey in a chaotic situation. Important conversations with external parties should be properly logged for future reference.

                  January 2014

                • OM-4.7.6

                  As regards internal communication, the BCP should set out how the status of recovery can be promptly and consistently communicated to all staff, head office, branches and subsidiaries (where appropriate). This may entail the use of various communication channels (e.g. broadcasting of messages to mobile phones of staff, licensees websites, e-mails, intranet and instant messaging).

                  January 2014

              • Disclosure Requirements

                • OM-4.7.7

                  Licensees must disclose how their BCP addresses the possibility of a future significant business disruption and how the licensee will respond to events of varying scope. Licensees must also state whether they plan to continue business during disruptions and the planned recovery time. The licensees might make these disclosures on their website, or through mailing to key external parties upon request. In all cases, BCP disclosures must be reviewed and updated to address changes to the BCP.

                  January 2014

            • OM-4.8 OM-4.8 Maintenance, Testing and Review

              • Testing & Rehearsal

                • OM-4.8.1

                  Licensees must test their BCPs at least annually. Senior management must participate in the annual testing, and demonstrate their awareness of what they are required to do in the event of the BCP being involved. Also, the recovery and alternate personnel must participate in testing rehearsals to familiarise themselves with their responsibilities and the back-up facilities and remote sites (where applicable).

                  January 2014

                • OM-4.8.2

                  All of the BCP's related risks and assumptions must be reviewed for relevancy and appropriateness as part of the annual planning of testing. The scope of testing must be comprehensive enough to cover the major components of the BCP as well as coordination and interfaces among important parties. A testing of particular components of the BCP or a fully integrated testing must be decided depending on the situation. The following points must be included in the annual testing:

                  (a) Staff evacuation and communication arrangements (e.g. call-out trees) must be validated;
                  (b) The alternate sites for business and technology recovery must be activated;
                  (c) Important recovery services provided by vendors or counterparties must form part of the testing scope;
                  (d) Licensees must consider testing the linkage of their back up IT systems with the primary and back up systems of service providers;
                  (e) If back up facilities are shared with other parties (e.g. subsidiaries of the licensee), the licensee needs to verify whether all parties can be accommodated concurrently; and
                  (f) Recovery of vital records must be performed as part of the testing.
                  January 2014

                • OM-4.8.3

                  Formal testing reviews of the BCP must be performed to assess the thoroughness and effectiveness of the testing. Specifically, a post-mortem review report must be prepared at the completion of the testing stage for formal sign-off by licensees' senior management. If the testing results indicate weaknesses or gaps in the BCP, the plan and recovery strategies must be updated to remedy the situation.

                  January 2014

              • Periodic Maintenance and Updating of a BCP

                • OM-4.8.4

                  Licensees must have formal procedures to keep their BCP updated with respect to any changes to their business. In the event of a plan having been activated, a review process must be carried out once normal operations are restored to identify areas for improvement. If vendors are needed to provide vital recovery services, there must be formal processes for regular (say, annual) reviews of the appropriateness of the relevant service level agreement.

                  January 2014

                • OM-4.8.5

                  Individual business and support functions, with the assistance of the CMT, must review their business impact analysis and recovery strategy on an annual basis. This aims to confirm the validity of, or whether updates are needed to, the BCP requirements (including the technical specifications of equipment of the alternate sites) for the changing business and operating environment.

                  January 2014

                • OM-4.8.6

                  The contact information for key staff, counterparties, customers and service providers must be updated as soon as possible when notification of changes is received.

                  January 2014

                • OM-4.8.7

                  Significant internal changes (e.g. merger or acquisitions, business re-organisation or departure of key personnel) must be reflected in the plan immediately and reported to senior management.

                  January 2014

                • OM-4.8.8

                  Copies of the BCP document must be stored at locations separate from the primary site. A summary of key steps to be taken in an emergency situation must be made available to senior management and other key personnel.

                  January 2014

              • Audit and Independent Review

                • OM-4.8.9

                  The internal audit function of a licensee or its external auditor must conduct periodic reviews of the BCP to determine whether the plan remains realistic and relevant, and whether it adheres to the policies and standards of the licensee. This review must include assessing:

                  (a) The adequacy of business process identification;
                  (b) Threat scenario development;
                  (c) Business impact analysis and risk assessments;
                  (d) The written plan;
                  (e) Testing scenarios and schedules; and
                  (f) Communication of test results and recommendations to the Board.
                  January 2014

                • OM-4.8.10

                  Significant findings must be brought to the attention of the Board and senior management within three months of the completion of the review. Furthermore, senior management and the Board must ensure that any gaps or shortcomings reported to them are addressed in an appropriate and timely manner.

                  January 2014

            • OM-4.9 OM-4.9 Cyber Security Risk Management

              • OM-4.9.1

                To prepare for the eventuality of cyber attacks, licensees must have a cyber attack response mechanism in place. The BCP of the licensee must also be properly enhanced to account for all CBB requirements and must be regularly tested to assure that the licensee is capable of dealing with cyber attacks.

                Added: October 2016

          • OM-5 OM-5 Security Measures for Financing Companies

            • OM-5.1 OM-5.1 Physical Security Measures

              • External Measures

                • OM-5.1.1

                  Public entrances to head offices and branches must be protected by measures such as steel rolling shutters, or the external doors must be of solid steel or a similar solid material of equivalent strength and resistance to fire.

                  January 2014

                • OM-5.1.2

                  Other external entrances must have steel doors or be protected by steel rolling shutters. Preferably, all other external entrances should have the following security measures:

                  (a) Magic eye;
                  (b) Locking device (key externally and handle internally);
                  (c) Door closing mechanism;
                  (d) Contact sensor with alarm for prolonged opening time; and
                  (e) Combination access control system (e.g. access card and key slot or swipe card and password).
                  January 2014

                • OM-5.1.3

                  If additional security measures to those mentioned in Paragraph OM-5.1.2 such as security cameras, motion detectors or intruder alarms are installed, the requirement for steel external doors or protection by steel rolling shutters is waived.

                  January 2014

                • OM-5.1.4

                  External windows must have security measures such as anti blast films and movement detectors. For ground floor windows, licensees may also wish to add steel grills fastened into the wall.

                  January 2014

                • OM-5.1.5

                  Alarm systems should have the following features:

                  (a) PIR motion detectors;
                  (b) Door sensors;
                  (c) Anti vibration/movement sensors on vaults;
                  (d) External siren; and
                  (e) The intrusion detection system must be linked to the licensee's (i.e. head office) monitoring unit.
                  January 2014

              • Internal Measures

                • OM-5.1.6

                  All areas where cash is handled must be screened off from customers and other staff areas.

                  January 2014

                • OM-5.1.7

                  Access to areas where cash is handled must be restricted to authorised staff only. The design of the teller area should not allow customers to pass through it.

                  January 2014

                • OM-5.1.8

                  Panic alarm systems for staff handling cash may be installed. The choice between silent or audible panic alarms is left to individual licensees. Kick bars and/or hold up buttons may be spread throughout the teller and customer service areas and the branch manager's office.

                  January 2014

              • Cash Safety

                • OM-5.1.9

                  Cash and bearer instruments must be kept in fireproof cabinets/safes. Preferably, these cabinets/safes should be located in strong rooms.

                  January 2014

                • OM-5.1.10

                  Strong rooms must be made of reinforced solid concrete, or reinforced block work. Doors to strong rooms must be steel and preferably also have a steel shutter fitted. Dual locking devices must be installed in strong room doors. Strong room doors must be located out of the sight of customers.

                  January 2014

                • OM-5.1.11

                  Strong rooms must not contain any other openings except the entry door and where necessary, an air conditioning outlet. The air conditioning outlet must be protected with a steel grill.

                  January 2014

                • OM-5.1.12

                  Licensees must maintain a list of all maintenance, replenishment and inspection visits by staff or other authorised parties.

                  January 2014

              • CCTV Network Systems

                • OM-5.1.13

                  All head offices and branches must have a CCTV network which is connected to a central monitoring unit located in the head office.

                  January 2014

                • OM-5.1.14

                  The location and type of CCTV cameras is left to the discretion of the licensee. At a minimum, CCTV cameras must cover the following areas:

                  (a) Main entrance;
                  (b) Other external doors;
                  (c) Any other access points (e.g. ground floor windows); and
                  (d) The service's hall.
                  January 2014

                • OM-5.1.15

                  Notices of CCTV cameras in operation must be put up for the attention of the public. CCTV records must be maintained for a minimum 45-day period. The transmission rate (in terms of the number of frames per second) should be high enough to make for effective monitoring. Delayed transmission of pictures to the central monitoring unit is not acceptable. The CCTV system must be operational 24 hours per day.

                  January 2014

              • Training and Other Measures

                • OM-5.1.16

                  Licensees must establish the formal position of security manager. This person will be responsible for ensuring all licensee staff are given annual, comprehensive security training. Licensees must produce a security manual or procedures for staff, especially those dealing directly with customers. For licensees with three or more branches, this position must be a formally identified position. For licensees with one or two branches, the responsibilities of this position may be added to the duties of a member of management.

                  January 2014

                • OM-5.1.17

                  The security manager must maintain records on documented security related complaints by customers and take corrective action or make recommendations for action on a timely basis. Actions and recommendations must also be documented.

                  January 2014

                • OM-5.1.18

                  Licensees must consider safety and security issues when selecting premises for new branches. Key security issues include prominence of location (i.e. is the branch on a main street or a back street?), accessibility for emergency services, and assessment of surrounding premises (in terms of their safety or vulnerability), and the number of entrances to the branch. All licensees are required to hold an insurance blanket bond (which includes theft of cash in its cover).

                  January 2014

              • General Requirement

                • OM-5.1.19

                  Licensees must maintain up to date Payment Card Industry Data Security Standards (PCI-DSS) certification. The initial certification must be obtained by 31st December 2017. Failure to comply with this requirement will trigger a supervisory response, which may include formal enforcement measures, as set out in Module EN (Enforcement).

                  Added: January 2017

                • OM-5.1.19A

                  In order to maintain up to date PCI-DSS certification, licensees will be periodically audited by PCI authorised companies for compliance. Licensees are asked to make certified copies of such documents available if requested by the CBB.

                  Added: January 2017

              • Geolocation Limitations

                • OM-5.1.20

                  All financing companies issuing prepaid and/or credit cards must ensure that all Bahrain issued cards enable each customer to maintain a list of 'approved' countries for card ATM/Point of Sale (POS) transactions. Customers must be allowed to determine those countries in which their card must not be accepted as well as countries or merchant categories in which a card transaction would require a further level of authorisation, (for example, 2-way SMS). This requirement must be complied with by 28th February 2018.

                  Added: April 2017

              • Europay, MasterCard and Visa (EMV) Compliance

                • OM-5.1.20AA

                  All cards (credit, charge, prepaid, etc.) issued by licensees in the Kingdom of Bahrain must be EMV compliant. Moreover, all POS must be EMV compliant for accepting cards issued in the Kingdom of Bahrain. In this context, EMV compliant means using chip and online PIN authentication. However, contactless card payment transactions, where no PIN verification is required, are permitted for small amounts i.e. up to BD 20 per transaction, provided that licensees bear full responsibility in case of fraud occurrence.

                  Added: April 2018

                • OM-5.1.20AAA

                  Where contactless payments use Consumer Device Cardholder Method (CDCVM) for payment authentication and approval, then the authentication required for transactions above BD20 limit mentioned in Paragraph OM-5.1.20AA is not applicable given that the customer has al been authenticated by his device using PIN, biometric or other authentication methods. This is only applicable where the debit/credit card of the customer has al been tokenized in the payment application.

                  Added: July 2020

              • Provision of Cash Withdrawal and Payment Services through Various Channels

                • OM-5.1.20BB

                  Licensees are allowed to provide payment services using various channels, including but not limited to, contactless, cardless, QR code, e-wallets, biometrics (iris recognition, facial recognition, fingerprint, voiceprint, etc.), subject to enrolling customers through registration process wherein customers' acceptance of products/services terms and conditions are documented and customers are properly authenticated.

                  Added: April 2018

              • Prohibition of Double Swiping

                • OM-5.1.20A

                  All card acquirer licensees must communicate to the concerned merchants that the CBB has directed to stop the practice of double swiping of payment cards by merchants at the merchant's POS terminals/ECR, with effect from 15th June, 2017.

                  Added: July 2017

                • OM-5.1.20B

                  For the purpose of Paragraph OM-5.1.20A, card acquirer licensee means a CBB licensee that enters into a contractual relationship with a merchant and the payment card issuer, under a card payment scheme, for accepting and processing payment card transactions. Card acquirers include three-party payment card network operators, who have outsourced their acquiring services to third party service providers.

                  Added: July 2017

                • OM-5.1.20C

                  For the purpose of Paragraph OM-5.1.20A, double swiping means swiping of a payment card by a merchant at the POS terminal/ECR for the second time, resulting in capturing and storing of payment cardholder data and sensitive authentication data encoded on the magnetic stripe of a customer's payment card, after the merchant received the required card payment authorisation response.

                  Added: July 2017

                • OM-5.1.20D

                  All card acquirer licensees must include the following clause into the merchant agreements entered into with all their merchants and bring into force the said clause on or before 15th June, 2017: "Pursuant to the CBB directions and instructions, the merchant shall stop double swiping of a payment card at a merchant's point-of-sale (POS) terminal/electronic cash register (ECR) to capture or store cardholder and sensitive authentication data encoded on the magnetic stripe of a customer's payment card, after the merchant received the required card payment authorisation response. The merchant asserts its full compliance with the obligation contained in this clause and understands that any breach of this clause will expose the merchant to mandatory contractual and/or legal disciplinary actions by the relevant regulator and/or concerned Ministry."

                  Added: July 2017

                • OM-5.1.20E

                  All card acquirer licensees must:

                  (i) Educate the concerned merchants on the regulatory requirement and continue to follow up the progress of the implementation to comply within the period stipulated in Paragraph OM-5.1.20A; and
                  (ii) Educate and facilitate, where necessary, any merchant that has a valid business need to have cardholder data or non-sensitive information, to transmit such data/information through an integration option.
                  Added: July 2017

                • OM-5.1.21

                  Licensees must ensure, with effect from 1st October 2019, that any new POS terminals or devices support contactless payment using Near Filed Communication "NFC" technology.

                  Added: October 2019

                • OM-5.1.22

                  Licensees must ensure, that any payment card issued or reissued (credit, debit, prepaid and charge cards) on or after 12th October 2019 supports contactless payment using Near Field Communications "NFC" technology.

                  Added: October 2019

            • OM-5.2 OM-5.2 Internet Security

              • OM-5.2.1

                Licensees providing internet financial services must regularly test their systems against security breaches and verify the robustness of the security controls in place. These tests must be conducted by security professionals, such as ethical hackers, that provide penetration testing services and a vulnerability assessment of the system.

                January 2014

              • OM-5.2.2

                The penetration testing referred to in Paragraph OM-5.2.1, must be conducted each year in June and December.

                January 2014

              • OM-5.2.3

                The vulnerability assessment report, along with the steps taken to mitigate the risks must be maintained by the licensee for a 5-year period from the date of testing and must be provided to the CBB within two months following the end of the month where the testing took place, i.e. for the June test, the report must be submitted at the latest by 31st August and for the December test, by 28th February (see Section BR-1.6).

                January 2014

            • OM-5.3 OM-5.3 Cyber Security Measures

              • OM-5.3.1

                Clear ownership and management accountability of the risks associated with cyber attacks and related risk management must be established, which cover not only the IT function but also all relevant business lines. Cyber security must be made part of the licensees IT security policy.

                Added: October 2016

              • OM-5.3.2

                The Board and senior management must ensure that the cyber security controls are periodically evaluated for adequacy, taking into account emerging cyber threats and establishing a credible benchmark of cyber security controls endorsed by the Board and senior management. Should material gaps be identified, the Board and senior management must ensure that corrective action is taken immediately.

                Added: October 2016

              • OM-5.3.3

                Licensees must report to the CBB within one week, any instances of cyber attacks, whether internal or external, that compromise customer information or disrupt critical services that affect their operations. When reporting such instances, the licensee must provide the root cause analysis of the cyber attack and measures taken by them to ensure that similar events do not recur.

                Added: October 2016

        • LM LM Financing Companies Liquidity Risk Management Module

          • LM-A LM-A Introduction

            • LM-A.1 LM-A.1 Purpose

              • Executive Summary

                • LM-A.1.1

                  This Module provides detailed Rules and Guidance on risk management systems and controls required for minimum liquidity requirements for financing company licensees.

                  January 2014

                • LM-A.1.2

                  This Module expands on certain high-level requirements contained in various High-Level Standards Modules. In particular, Condition 5 of the Licensing Conditions (see Section AU-2.5) notes that financing company licensees must maintain sufficient liquid assets to meet their obligations as they fall due in the normal course of business. In addition, Principle 9 of the Principles of Business (see Paragraph PB-1.1.9) refers to the requirement to maintain adequate resources for financing company licensees to run their business in an orderly manner. Principle 10 of the Principles of Business (see Paragraph PB-1.1.10) also notes the requirement for licensees to maintain systems and controls to manage the level of risk inherent in their business and ensure compliance with the CBB Rulebook.

                  January 2014

                • LM-A.1.3

                  This Module sets out the minimum stock liquidity ratio and maturity mismatch ratios which financing company licensees must meet as a condition of their licensing. In addition, it outlines the need for proper systems and controls to ensure the prudent management of liquidity and the liquidity reporting and other requirements.

                  January 2014

                • LM-A.1.4

                  Liquidity risk is the risk of not being able to meet liabilities when they fall due, even though a firm may still be solvent. Liquidity risk in financing company licensees relates to the management of their cash flow and the risk to their meeting short-term liabilities due to liquidity problems. The purpose of these requirements is to ensure that financing company licensees hold sufficient liquid assets to meet their obligations as they fall due.

                  January 2014

              • Legal Basis

                • LM-A.1.5

                  This Module contains the Central Bank of Bahrain's ('CBB') Directive relating to the liquidity risk management of financing company licensees, and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). The Directive in this Module is applicable to all financing company licensees.

                  January 2014

            • LM-A.2 LM-A.2 Module History

              • Evolution of Module

                • LM-A.2.1

                  This Module was first issued in January 2014 by the CBB. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG-3 provides further details on Rulebook maintenance and version control.

                  January 2014

                • LM-A.2.2

                  A list of recent changes made to this Module is provided below:

                  Module Ref. Change Date Description of Changes
                  LM-1.2.1 07/2014 Clarified the requirement for the minimum stock liquidity ratio.
                       
                       
                       
                       

          • LM-B LM-B Scope of Application

            • LM-B.1 LM-B.1 Scope of Application

              • LM-B.1.1

                This Module is applicable to all financing company licensees authorised in the Kingdom of Bahrain (thereafter referred to in this Module as licensees).

                January 2014

          • LM-1 LM-1 Minimum Liquidity Requirements

            • LM-1.1 LM-1.1 General Requirements

              • LM-1.1.1

                Licensees must maintain on a continuing basis an appropriate mix of high quality liquid assets in order to meet their obligations when they fall due and to address any liquidity needs and unexpected cash flow required for funding needs.

                January 2014

              • LM-1.1.2

                To address the requirements of Paragraph LM-1.1.1, a minimum amount of liquid assets must be maintained by the licensee. The minimum level of liquid assets is determined by the minimum stock liquidity ratio (See Section LM-1.2) and maturity mismatch ratios (See Section LM-1.3) that must be complied with by the licensee.

                January 2014

              • LM-1.1.3

                Licensees must ensure that at all times they maintain the minimum stock liquidity ratio and maturity mismatch ratios outlined in Paragraph LM-1.1.2. In the event that the licensee does not comply with these ratios, it must notify the CBB by no later than the following business day of the actual level of the ratios. When providing such notification, the licensee must:

                (a) Provide to the CBB, within one week of the non-compliance, a written action plan setting out how the licensee proposes to restore its ratios to the required minimum level and describe the systems and controls that have been put in place to prevent any future non-compliance of the minimum ratios;
                (b) Report to the CBB, on a weekly basis or on another timely basis as required by the CBB, the average stock liquidity ratio until such time as it reaches 30%; and
                (c) Report to the CBB on a monthly basis or on another timely basis as required by the CBB, the negative cumulative maturity mismatch ratios until such time as the 3-month maturity does not exceed 15% and the 6-month maturity band does not exceed 20%.
                January 2014

            • LM-1.2 LM-1.2 Stock Liquidity Ratio

              • LM-1.2.1

                Licensees must maintain a minimum stock liquidity ratio of 25% on a monthly basis. Such ratio is to be calculated for Bahrain operations only.

                Amended: July 2014
                January 2014

              • LM-1.2.2

                The CBB may require licensees to maintain an average stock liquidity ratio in excess of the 25% minimum required under Paragraph LM-1.2.1, should it have concerns regarding the licensee's liquidity and/or financial position.

                January 2014

              • LM-1.2.3

                The stock liquidity ratio, expressed as a percentage, must be calculated on each business day and is the ratio of the sum of the licensee's liquid assets, net of deductions required under Paragraph LM-1.2.6, divided by the sum of qualifying liabilities.

                January 2014

              • LM-1.2.4

                The average stock liquidity ratio for a calendar month is calculated by dividing the sum of the daily stock liquidity ratio calculated in accordance with Paragraph LM-1.2.3 at the close of business on each working day during a month by the number of business days during that month.

                January 2014

              • Liquid Assets

                • LM-1.2.5

                  For purposes of Paragraph LM-1.2.3, liquid assets are defined as:

                  (a) Cash and unencumbered current accounts with financial institutions;
                  (b) Placements with financial institutions maturing within one month;
                  (c) Exchange traded financial instruments;
                  (d) GCC government securities;
                  (e) Other sovereign bonds and bills up to one year maturity, carrying a minimum rating of AA-; and
                  (f) Accounts receivable due within one month.
                  January 2014

                • LM-1.2.6

                  The liquid assets noted under Paragraph LM-1.2.5 must also meet the following requirements to be included in the calculation of the stock liquidity ratio. They must be:

                  (a) Free from encumbrances; and
                  (b) Freely available and payable.
                  January 2014

              • Qualifying Liabilities

                • LM-1.2.7

                  For purposes of Paragraph LM-1.2.3, qualifying liabilities are defined as:

                  (a) Liabilities due within one month; and
                  (b) Irrevocable commitments to provide funds within one month.
                  January 2014

                • LM-1.2.8

                  For purposes of Subparagraph LM-1.2.7 (b), irrevocable commitments include facilities:

                  (a) With a known date of drawdown within one month; and
                  (b) Without a known date of drawdown but carrying a notice period of within one month (including where the drawdown is on demand, i.e. requiring no notice period) except where conditions attached to the drawdown cannot be met in practice within one month.
                  January 2014

                • LM-1.2.9

                  Potential commitments relating to credit card facilities, which may be cancelled at any time are excluded from qualifying liabilities.

                  January 2014

            • LM-1.3 LM-1.3 Maturity Mismatch Ratios

              • LM-1.3.1

                Licensees must maintain positive cumulative maturity mismatch ratios for 3-month and 6-month maturity bands. Where negative cumulative maturity mismatch ratios occur, the negative cumulative maturity mismatch ratios, as a percentage of total liabilities, must not exceed 20% for a 3-month maturity band and 25% for a 6-month maturity band. These ratios are to be calculated on a unconsolidated basis.

                January 2014

              • LM-1.3.2

                A mismatch occurs when differences exist between the receipts from cash inflows (assets) and cash outflows (liabilities). A positive mismatch is one where the expected cash inflow, generated by revenues and assets, exceeds the expected cash outflow, from the payment of expenses and liabilities. A negative mismatch occurs when the expected inflow of cash is less than the expected outflow of funds. The amount of the mismatch is measured in cash.

                January 2014

              • LM-1.3.3

                In measuring maturity bands, cash inflows from assets and cash outflows from liabilities are slotted into time bands. The maturities used are based on a worst case scenario. Specifically, cash inflows are included based on their latest maturity and cash outflows are based on their earliest maturity.

                January 2014

              • LM-1.3.4

                A net mismatch figure is obtained by subtracting cash outflows from cash inflows for each time band. Mismatches are then calculated on a net cumulative basis.

                January 2014

              • LM-1.3.5

                The maturity mismatch ratio is calculated using the net cumulative mismatch figure obtained under Paragraph LM-1.3.4 as a percentage of total liabilities.

                January 2014

          • LM-2 LM-2 Systems and Controls

            • LM-2.1 LM-2.1 Liquidity Policy

              • LM-2.1.1

                Prudent liquidity management is the primary responsibility of senior management based on the authority and limits approved by the licensee's Board of Directors. Senior management must continuously review information on the liquidity developments and report to the board of directors on a quarterly basis.

                January 2014

              • LM-2.1.2

                Licensees must ensure that they have in place systems and controls to ensure the prudent management of liquidity. Licensees must identify and manage their liquidity risk across all their operations, and document their policies and procedures for achieving this in a liquidity risk policy.

                January 2014

              • LM-2.1.3

                On annual basis, a licensee's board of directors must review and approve the structure, strategy, policies and practices related to liquidity management (including contingency planning) and must also ensure that senior management manages and monitors liquidity risk effectively.

                January 2014

              • LM-2.1.4

                Licensees must formulate a statement of their liquidity management policies that is to be reviewed and discussed with the CBB. The objective of this review is to agree to minimum liquidity standards for the licensees. The policy statement must be properly documented, reviewed annually and approved by the Board of Directors to ensure that it remains valid under changing circumstances. While specific details of the policy statement will differ, at a minimum, it must refer to the liquidity management strategy, responsibilities, systems and contingency planning.

                January 2014

              • Stress Testing

                • LM-2.1.5

                  Licensees are encouraged to carry out stress testing to assess the resilience of their financial resources to any identified areas of material liquidity risk. This stress testing may take into account the general characteristics, and licensee's experience, and any mitigating factors that it considers relevant such as the ability to sell assets quickly and the options available to re-schedule the payment of liabilities.

                  January 2014

                • LM-2.1.6

                  Where the licensee considers that the nature of its assets or liabilities and the matching of its liabilities result in no significant liquidity risk exposure, it will not be expected to carry out stress testing. The CBB will expect it to document the reasons for its decision and be prepared to discuss these during an on-site visit.

                  January 2014

                • LM-2.1.7

                  When assessing liquidity risk, the licensee should consider the extent of mismatch between assets and liabilities and the amount of assets held in highly liquid, marketable forms should unexpected cash flows lead to a liquidity problem. The price concession of liquidating assets is a prime concern when assessing such liquidity risk and should be built into any assessment of liquidity risk management.

                  January 2014

          • LM-3 LM-3 Other Requirements

            • LM-3.1 LM-3.1 Contingency Planning

              • LM-3.1.1

                Licensees must have in place a formal contingency plan that clearly sets out their strategies for addressing liquidity shortfalls in emergency situations. The results of stress tests should also play a key role in shaping the licensee's contingency planning and in determining the strategy and tactics to deal with events of liquidity stress.

                January 2014

            • LM-3.2 LM-3.2 Liquidity Reporting Requirements

              • LM-3.2.1

                Licensees must report their stock liquidity ratio and maturity mismatch ratios on a quarterly basis to the CBB, in accordance with the requirements outlined in Chapter BR-1.3.

                January 2014

            • LM-3.3 LM-3.3 Bonds Issued by Licensee

              • LM-3.3.1

                In accordance with Article 141 of the Bahrain Commercial Companies Law, licensees must comply with the statutory requirement whereby the total value of existing bonds issued by the licensee must not exceed the issued and fully paid up capital and the undistributed reserves according to the latest balance sheet approved at the annual general meeting. This statutory requirement does not apply to bonds guaranteed by the state or by one of the public entities and bonds issued by financial institutions regulated by the CBB, and with the approval of the CBB.

                January 2014

        • TC TC Financing Companies Training and Competency Module

          • TC-A TC-A Introduction

            • TC-A.1 TC-A.1 Purpose

              • Executive Summary

                • TC-A.1.1

                  This Module presents requirements that have to be met by financing company licensees with respect to training and competency of individuals undertaking controlled functions (i.e. approved persons) (as defined in Paragraph AU-1.2.2)

                  January 2014

                • TC-A.1.2

                  Module TC provides Rules and Guidance to financing company licencees to ensure satisfactory levels of competence, in terms of an individual's knowledge, skills, experience, and professional qualifications. Financing company licencees must maintain the competence to provide regulated financing company services as outlined in Section AU-1.3. Individuals occupying controlled functions, as outlined in Paragraph AU-1.2.2, must therefore meet minimum levels of training and experience related to their functions.

                  January 2014

                • TC-A.1.3

                  The Rules build upon Principles 3 and 9 of the Principles of Business (see Module PB (Principles of Business)). Principle 3 (Due Skill, Care and Diligence) requires financing company licensees to observe high standards of integrity and fair dealing, and to be honest and straightforward in its dealings with customers. Principle 9 (Adequate Resources) requires financing company licensees to maintain adequate human, financial and other resources sufficient to run its business in an orderly manner.

                  January 2014

                • TC-A.1.4

                  Condition 4 of CBB's Licensing Conditions (Chapter AU-2.4) and Condition 1 of the Approved Persons regime (Chapter AU-3.1) impose further requirements. To satisfy Condition 4 of the CBB's Licensing Conditions, a financing company licensee's staff, taken together, must collectively provide a sufficient range of skills and experience to manage the affairs of the financing company licensee in a sound and prudent manner (AU-2.4). This condition specifies that financing company licensees must ensure their employees meet any training and competency requirements specified by the CBB. Condition 1 of the Approved Persons Conditions (AU-3.1) sets forth the 'fit and proper' requirements in relation to competence, experience and expertise required by approved persons.

                  January 2014

              • Legal Basis

                • TC-A.1.5

                  This Module contains the CBB's Directive relating to Training and Competency and is issued under the powers available to the CBB under Articles 38 and 65(b) of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). The Directive in this Module is applicable to all financing company licensees (including their approved persons).

                  January 2014

                • TC-A.1.6

                  For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

                  January 2014

            • TC-A.2 TC-A.2 Module History

              • Evolution of the Module

                • TC-A.2.1

                  This Module was first issued in January 2014. Any material changes that are subsequently made to this Module will be annotated with the calendar quarter date in which the change is made; Chapter UG-3 provides further details on Rulebook maintenance and version control.

                  January 2014

                • TC-A.2.2

                  A list of recent changes made to this Module is provided below:

                  Module Ref. Change Date Description of Changes
                  TC-B.1.3 07/2014 Clarified scope of application.
                  TC-2.3.3 04/2017 Amended Paragraph on exception to the grandfathering Rule.
                       
                       
                       

              • Superseded Requirements

                • TC-A.2.3

                  This Module does not replace any regulations or circulars in force prior to January 2014.

                  January 2014

          • TC-B TC-B Scope of Application

            • TC-B.1 TC-B.1 Scope

              • TC-B.1.1

                This Module applies to all financing company licensees authorised in the Kingdom, thereafter referred to in this Module as licensees. It covers the training and competency requirements for staff occupying controlled functions (See Chapter TC-1).

                January 2014

              • TC-B.1.2

                Persons authorised by the CBB as approved persons prior to the issuance of Module TC need not reapply for authorisation.

                January 2014

              • TC-B.1.3

                The requirements of this Module apply to approved persons holding controlled functions, including board members, in connection with the licensee's regulated financing company services, or under a contract of service.

                Amended: July 2014
                January 2014

              • TC-B.1.4

                In the case of outsourcing arrangements, the licensee should refer to the competency requirements, outlined in Appendix TC-1 for controlled functions, for assessing the suitability of the outsourcing provider.

                January 2014

              • TC-B.1.5

                Licensees must satisfy the CBB that individuals performing a controlled function for it or on its behalf are suitable and competent to carry on that controlled function.

                January 2014

              • TC-B.1.6

                In implementing this Module, licensees must ensure that individuals recruited to perform controlled functions:

                (a) Hold suitable qualifications and experience appropriate to the nature of the business;
                (b) Remain competent for the work they do; and
                (c) Are appropriately supervised.
                January 2014

          • TC-1 TC-1 Requirements for Controlled Functions

            • TC-1.1 TC-1.1 Controlled Functions

              • TC-1.1.1

                Individuals occupying controlled functions (refer to Section AU-1.2) in a licensee must be qualified and suitably experienced for their specific roles and responsibilities. The controlled functions are those of:

                (a) Board Member;
                (b) Chief Executive or General Manager;
                (c) Head of function;
                (d) Compliance Officer;
                (e) Money Laundering Reporting Officer ('MLRO'); and
                (f) Head of Shari'a Review
                January 2014

              • TC-1.1.2

                A licensee must take reasonable steps to ensure that individuals holding controlled functions are sufficiently knowledgeable about their respective fields of work to be able to guide and supervise operations that fall under their responsibilities.

                January 2014

              • TC-1.1.3

                Competence is assessed by the CBB on the basis of experience and relevant qualifications described in Appendix TC-1 as a minimum. However, the CBB reserves the right to impose a higher level of qualifications as it deems necessary.

                January 2014

              • Board Member

                • TC-1.1.4

                  Board Members collectively are responsible for the business performance and strategy of the licensee, as outlined in more details in Section HC-1.2.

                  January 2014

                • TC-1.1.5

                  When taken as a whole, the board of directors of a licensee must be able to demonstrate that it has the necessary skills and expertise, as outlined in Paragraph HC-1.2.10.

                  January 2014

              • Chief Executive or General Manager

                • TC-1.1.6

                  The chief executive or general manager (as appropriate) are responsible for the executive management and performance of the licensee within the framework or delegated authorities set by the Board. The scope of authority of the CEO is outlined in more detail in Paragraph HC-6.3.2 (a).

                  January 2014

              • Head of Function

                • TC-1.1.7

                  Heads of function, where risk acquisition or control is involved, are responsible for tracking specific functional performance goals in addition to identifying, managing, and reporting critical organisational issues upstream. Certain functions require dealing directly with clients while others do not. Both categories of functions, however, require specific qualifications and experience to meet the objectives as well as compliance requirements of the financing company licensee.

                  January 2014

                • TC-1.1.8

                  For purposes of Paragraph TC-1.1.7, licensees should contact the CBB should they require further clarification on whether a specific position falls under the definition of "Heads of Function".

                  January 2014

              • Compliance Officer

                • TC-1.1.9

                  In accordance with Paragraph AU-1.2.12, an employee of appropriate standing must be designated by the licensee for the position of compliance officer. The duties of the compliance officer include:

                  (a) Having responsibility for oversight of the licensee s compliance with the requirements of the CBB and other applicable laws and regulations;
                  (b) Raising awareness and providing training for the licensee s staff on compliance issues; and
                  (c) Reporting to the licensee s Board in respect of that responsibility.
                  January 2014

              • Money Laundering Reporting Officer (MLRO)

                • TC-1.1.10

                  The attributes and responsibilities of the MLRO are described more fully in Paragraphs FC-4.1.7 and FC-4.2.1.

                  January 2014

              • Head of Shari'a Review

                • TC-1.1.11

                  The head of Shari'a review in a licensee, dealing with Islamic products and services, is responsible for the examination of the extent of a licensee's compliance, in all its activities, with the Shari'a. This examination includes contracts, agreements, policies, products, transactions memorandum and articles of association, financial statements, reports (especially internal audit and central bank inspection), circulars, etc. The objective of the Shari'a review is to ensure that the activities carried out by a licensee do not contravene the Shari'a.

                  January 2014

            • TC-1.2 TC-1.2 Continuous Professional Development Training ("CPD")

              • CPD

                • TC-1.2.1

                  All individuals holding controlled functions in a licensee must undergo a minimum of 15 hours of CPD per annum.

                  January 2014

                • TC-1.2.2

                  A licensee must ensure that an approved person undertaking a controlled function undergoes appropriate annual review and assessment of performance.

                  January 2014

                • TC-1.2.3

                  The level of supervision should be proportionate to the level of competence demonstrated by the approved person. Supervision will include, as appropriate:

                  (a) Reviewing and assessing work on a regular basis; and
                  (b) Coaching and assessing performance against the competencies necessary for the role.
                  January 2014

                • TC-1.2.4

                  Supervisors of approved persons should have technical knowledge and relevant managerial skills.

                  January 2014

              • Record Keeping

                • TC-1.2.5

                  A licensee should, for a minimum period of five years, retain records of:

                  (a) The annual training plan for each controlled function;
                  (b) Materials used to conduct in-house training courses;
                  (c) List of participants attending such in-house training courses; and
                  (d) Results of evaluations conducted at the end of such training courses.
                  January 2014

          • TC-2 TC-2 General Requirements

            • TC-2.1 TC-2.1 Recruitment and Assessing Competence

              • Recruitment and Appointment

                • TC-2.1.1

                  If a licensee recruits or promotes an individual to undertake a controlled function, it must first file Form 3 (Approved Persons) with the CBB and obtain the express written approval of the CBB for that person to occupy the desired position. In its application, the licensee must demonstrate to the CBB that full consideration has been given to the qualifications and core competencies for controlled functions in Appendix TC-1. (See Article 65(b) of the CBB Law and Paragraph AU-2.3.1).

                  January 2014

                • TC-2.1.2

                  Licensees should refer to Module AU (Authorisation) providing detailed requirements on the appointment of individuals occupying controlled functions (approved persons).

                  January 2014

                • TC-2.1.3

                  A licensee proposing to recruit an individual has to satisfy itself, of his/her relevant qualifications and experience. The licensee should:

                  (a) Take into account the knowledge and skills required for the role, in addition to the nature and the level of complexity of the controlled function; and
                  (b) Take reasonable steps to obtain sufficient information about the individual's background, experience, training and qualifications.
                  January 2014

                • TC-2.1.4

                  The licensee must retain the recruitment records of controlled functions for a minimum period of five years following termination of their services or employment with the licensee. Such records must include, but are not limited to, the following:

                  (a) Results of the initial screening;
                  (b) Results of any employment tests;
                  (c) Results and details of any interviews conducted;
                  (d) Background and references checks; and
                  (e) Details of any professional qualifications.
                  January 2014

              • Assessing Competence

                • TC-2.1.5

                  Licensees must not allow an individual to undertake or supervise controlled functions unless that individual has been assessed by the licensee as competent in accordance with this Section.

                  January 2014

                • TC-2.1.6

                  In the case of new personnel, the licensee should ensure that they work under proper supervision. Where a person is working towards attaining a level of competence, they should be supervised by a competent person until they can demonstrate the appropriate level of competence. It is the licensee's responsibility to ensure that such arrangements are in place and working successfully.

                  January 2014

                • TC-2.1.7

                  In determining an individual's competence, licensees may assess if the person is fit and proper in accordance with Chapter AU-3.

                  January 2014

                • TC-2.1.8

                  Licensees must assess individuals as competent when they have demonstrated the ability to apply the knowledge and skills required to perform a specific controlled function.

                  January 2014

                • TC-2.1.9

                  The assessment of competence will be dependent on the nature and the level of complexity of the controlled function. Such assessment of competence of new personnel may take into account the fact that an individual has been previously assessed as competent in a similar controlled function with another licensee.

                  January 2014

                • TC-2.1.10

                  If a licensee assesses an individual as competent in accordance with Paragraph TC-2.1.8 to perform a specific controlled function, it does not necessarily mean that the individual is competent to undertake other controlled functions.

                  January 2014

                • TC-2.1.11

                  A financing company should use methods of assessment that are appropriate to the controlled function and to the individual's role.

                  January 2014

              • Record Keeping

                • TC-2.1.12

                  A licensee must, for a minimum period of five years, make and retain updated records of:

                  (a) Its recruitment procedures;
                  (b) The criteria applied in assessing competence; and
                  (c) How and when the competence decision was arrived at.
                  January 2014

                • TC-2.1.13

                  For purposes of Paragraph TC-2.1.12, the record keeping requirements apply to both current employees as well as to employees following termination of their services or employment with the company, for a minimum period of five years.

                  January 2014

                • TC-2.1.14

                  The recruitement procedures referred to in Subparagraph TC-2.1.12(a) should be designed to adequately take into account proof of the candidates' knowledge and skills and their previous activities and training.

                  January 2014

            • TC-2.2 TC-2.2 Training and Maintaining Competence

              • TC-2.2.1

                A licensee must annually determine the training needs of individuals undertaking controlled functions. It must develop a training plan to address these needs and ensure that training is planned, appropriately structured and evaluated.

                January 2014

              • TC-2.2.2

                The assessment and training plan described in Paragraph TC-2.2.1 should be aimed at ensuring that the relevant approved person maintains competence in the controlled function. An individual can develop skills and gain experience in a variety of ways. These could include on-the-job learning, individual study, and other methods. In almost every situation, and for most individuals, it is likely that competence will be developed most effectively by a mixture of training methods.

                January 2014

              • TC-2.2.3

                The training plan of licensees must include a programme for continuous professional development training ('CPD') for their staff.

                January 2014

              • TC-2.2.4

                Approved persons may choose to fulfil their CPD requirements by attending courses, workshops, conferences and seminars at local or foreign training institutions.

                January 2014

              • TC-2.2.5

                The annual training required under Paragraph TC-2.2.1 must also include the quarterly updates, if any, to the CBB Volume 5 (Financing Companies) Rulebook, in areas relevant to each controlled function.

                January 2014

              • TC-2.2.6

                Licensees should maintain appropriate training records for each individual. Licensees should note how the relevant training relates to and supports the individual's role. Training records may be reviewed during supervisory visits to assess the licensee's systems and to review how the licensee ensures that its staff are competent and remain competent for their roles.

                January 2014

              • Maintaining Competence

                • TC-2.2.7

                  A licensee must make appropriate arrangements to ensure that approved persons maintain competence.

                  January 2014

                • TC-2.2.8

                  A licensee should ensure that maintaining competence for an approved person takes into account:

                  (a) Application of technical knowledge;
                  (b) Application and development of skills; and
                  (c) Any market changes and changes to products, legislation and regulation.
                  January 2014

                • TC-2.2.9

                  A licensee may utilise the CPD schemes of relevant professional bodies to demonstrate compliance with Paragraph TC-2.2.1. In-house training, seminars, conferences, further qualifications, product presentations, computer-based training and one-to-one tuition may also be considered to demonstrate compliance with Paragraph TC-2.2.1.

                  January 2014

              • Record Keeping

                • TC-2.2.10

                  A licensee must, for a minimum period of five years, make and retain records of:

                  (a) The criteria applied in assessing continuing competence;
                  (b) The annual assessment of competence; and
                  (c) Record of CPD hours undertaken by each approved person.
                  January 2014

            • TC-2.3 TC-2.3 Transitional Period

              • TC-2.3.1

                The requirements of this Module for licensees are effective from the issuance date of this Module.

                January 2014

              • TC-2.3.2

                New applications for approved persons are subject to the requirements of this Module (See Paragraph TC-B.1.3).

                January 2014

              • TC-2.3.3

                Approved persons occupying controlled functions at the time this Module is issued will be grandfathered and not subject to the requirements of this Module, with the exception of CPD requirements in Paragraph TC-1.2.1 and Paragraph BR-1.1.2(k). However, should the approved person move to another controlled function, Paragraph TC-2.3.4 will apply.

                Amended: April 2017
                January 2014

              • TC-2.3.4

                In instances, where an approved person in one licensee moves to another licensee and occupies the same function, the CBB will exercise its discretion on whether to grandfather such approved person from the required qualifications and competencies outlined in Appendix TC-1 into the new licensee. The grandfathering criteria used by the CBB will include a comparison of the scope and size of both positions. This will also apply in instances where an approved person in one licensee moves from one department to another within the same licensee.

                January 2014

          • Appendix TC-1

            • Appendix TC-1 Qualifications and Core Competencies of Controlled Functions

              Role Core Competencies How can competence be demonstrated?
              Board Member Board Members must have:
              (a) Sufficient experience to demonstrate sound business decision-making; and
              (b) A good understanding of the industry and its regulatory environment.
              Competence is demonstrated by:
              (a)
              (i) Holding a Bachelor's Degree; and
              (ii) A minimum experience of 7 years in business or government of which at least 4 years at a senior management level;

              OR
              (b) A minimum experience of 10 years in business
              Chief Executive or General Manager These roles require:
              (a) A clear understanding of the role and responsibilities associated with this position;
              (b) A good understanding of the licensee's business, the wider industry and its regulatory environment;
              (c) Relevant experience and qualifications associated with such executive responsibilities; and
              (d) The necessary professional and leadership capabilities which qualify him for this position.
              This person should have a minimum experience of 10 years in the financial sector of which at least 7 years at a senior management level in a bank or finance company. He/she should hold a relevant academic/professional qualification, preferably MBA, Masters in finance/accounting/economics or masters in any other subject, or preferably other qualification related to banking, accounting or finance.
              Head of Function This role requires:
              (a) A clear understanding of the role and responsibilities associated with the relevant function;
              (b) A good understanding of the licensee's business, the broader industry and its regulatory environment; and
              (c) The relevant experience and qualifications to fulfill their responsibilities.
              A senior manager responsible for a specialist function should have a minimum experience of 7 years in the banking/financial industry of which at least 5 years of experience in the same function that he/she will be heading. He/she should:
              (a) Hold a relevant academic/professional qualification, preferably MBA, Masters in finance/accounting/economics or masters in any other subject, and preferably other qualification related to banking/accounting; and
              (b) Have other relevant certification(s) specific to this role. Such certifications may, depending on the function being fulfilled, include but are not limited to:
              (a) Chartered Financial Analyst (CFA);
              (b) Certificate in Securities and Financial Derivatives;
              (c) Certificate in Investment Management;
              (d) Professional Certification in Accounting; and/or
              (e) Equivalent certificates or qualifications; and/or
              (f) Advanced Diploma in Banking/ Islamic Finance or Financial Advisory Program from the BIBF or other institutions.
              Compliance Officer A Compliance Officer should:
              (a) Have the ability and experience to take responsibility for implementing and maintaining compliance policies;
              (b) Have the appropriate level of experience to demonstrate independence from other functions within the licensee; and
              (c) Have a thorough understanding of the industry and the applicable regulatory framework.
              The level of required competence varies based on the scope, magnitude and complexity of the licensee.
              The Compliance Officer should have a minimum of 3 years relevant experience in a bank, financial institution or financial regulator. He/she should:
              (a) Hold a degree from a university at bachelor level or higher or a relevant professional qualification in compliance; and
              (b) Have relevant certification(s) specific to this role. Such certifications may include but are not limited to:
              (i) International Diploma in Compliance offered by the International Compliance Association; and/or
              (ii) International Advanced Certificate in Compliance and Financial Crime offered by the International Compliance Association; and/or
              (iii) Any other relevant professional qualification deemed suitable by the CBB. These may include qualifications in areas related to the license.
              Money Laundering Reporting Officer (MLRO) The MLRO should:
              (a) Understand the business and how the Anti-Money Laundering framework applies thereto;
              (b) Have the appropriate level of experience to demonstrate independence from staff of the licensee dealing directly with customers; and
              (c) Have a thorough knowledge of the financial industry and be familiar with relevant FATF and applicable domestic regulatory requirements.
              An MLRO should have a minimum experience of 3 years in anti-money laundering or anti-money laundering related role. The MLRO should:
              (a) Hold a degree from a university at bachelor level or higher or a relevant professional qualification; and
              (b) Have relevant certification(s) specific to this role. Such certifications may include but are not limited to:
              (i) Certified Anti-Money Laundering Specialist Examination (ACAMS); and/ or
              (ii) Diploma in Anti-Money Laundering offered by the International Compliance Association; and/ or
              (iii) International Diploma in Financial Crime Prevention offered by International Compliance Association; and/or
              (iv) International Advanced Certificate in Compliance and Financial Crime offered by the International Compliance Association.
              Head of Shari'a Review A Head of Shari'a Review should:
              (a) Have appropriate level of knowledge in Islamic Finance and Shari'a principles;
              (b) Have a good understanding of the banking/financial industry and possess good knowledge of economics and finance; and
              (c) Understand how to interpret financial statements.
              The Head of Shari'a Review should have a minimum of 5 years relevant experience in a bank or financial institution dealing with Islamic products and services. He/she should:
              (a) Hold a bachelor's degree in Shari'a, which includes study in Usul Fiqh (the origin of Islamic law) and/or Fiqh Muamalat (Islamic jurisprudence) or;
              (b) Hold a university degree in banking and finance together with a qualification in Shari'a review.
              January 2014

      • Reporting Requirements

        • BR BR Financing Companies CBB Reporting Module

          • BR-A BR-A Introduction

            • BR-A.1 BR-A.1 Purpose

              • Executive Summary

                • BR-A.1.1

                  This Module sets out requirements applicable to financing company licensees regarding reporting to the CBB. These include the provision of financial information to the CBB by way of prudential returns, as well as notification to the CBB of certain specified events, some of which require prior CBB approval. This Module also outlines the methods used by the CBB in gathering information required in the supervision of financing company licensees.

                  January 2013

                • BR-A.1.2

                  This Module provides support for certain other parts of the Rulebook, mainly:

                  (a) Principles of Business;
                  (b) Public Disclosure;
                  (c) Risk Management;
                  (d) Financial Crime;
                  (e) Capital Adequacy;
                  (f) High-Level Controls;
                  (g) Business Conduct; and
                  (h) Auditors and Accounting Standards.
                  January 2013

                • BR-A.1.3

                  Unless otherwise stated, all reports referred to in this Module should be addressed to the Director of relevant supervision directorate of the CBB.

                  January 2013

              • Legal Basis

                • BR-A.1.4

                  This Module contains the CBB's Directive relating to reporting requirements applicable to financing company licensees and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ("CBB Law').

                  January 2013

                • BR-A.1.5

                  For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

                  January 2013

            • BR-A.2 BR-A.2 Module History

              • Evolution of Module

                • BR-A.2.1

                  This Module was first issued in January 2013. All subsequent changes to this Module are annotated with the end-calendar quarter date in which the change was made: UG-3 provides further details on Rulebook maintenance and version control.

                  January 2013

                • BR-A.2.2

                  A list of recent changes made to this Module is provided below:

                  Module Ref. Change Date Description of Changes
                  BR-1.5.1 04/2013 Clarified deadline to update IIS.
                  BR-2.3.9 04/2013 Corrected cross reference.
                  BR-2.3.10 04/2013 Aligned with requirements of Article 57 of the CBB Law.
                  BR-1.1.2 and BR-3.5.11 07/2013 Amended numbering of referred appendix.
                  BR-1.2.2 01/2014 Clarified format of interim financial statements.
                  BR-1.3.5 01/2014 Added liquidity reporting requirements.
                  BR-1.6 01/2014 Added new Section on Internet Security Measures.
                  BR-1.1.2 and BR1.2.4- 04/2014 Added requirement for agreed upon procedures report for annual and semi-annual disclosures.
                  BR-1.1.2 and BR-1.1.2A 10/2014 To align and update requirements dealing with new Appendix BR-5, Board and Committee meetings with the requirements under Paragraph HC-1.3.9.
                  BR-1.3 10/2014 Updated to reflect new reporting form PIRFM.
                  BR-1.2 10/2015 Added new reporting requirements dealing with draft interim financial statements and financial review report.
                  BR-2.3.12 01/2016 Corrected cross references.
                  BR-2.2.16 04/2016 Corrected cross reference.
                  BR-1.1.2 04/2017 Added sub-paragraph (k) on CPD requirements.
                  BR-1.7 04/2017 Added a new Section on Onsite Inspection Reporting.
                  BR-2.3.10 01/2020 Amended Paragraph.

          • BR-B BR-B Scope of Application

            • BR-B.1 BR-B.1 Scope of Application

              • BR-B.1.1

                The content of this Module applies to all financing company licensees authorised in the Kingdom (thereafter referred to in this Module as licensees).

                January 2013

          • BR-1 BR-1 Prudential Reporting

            • BR-1.1 BR-1.1 Annual Requirements

              • BR-1.1.1

                All licensees are required to submit to the CBB their annual audited financial statements within 3 months of their financial year end.

                January 2013

              • BR-1.1.2

                In addition to the statements required in Paragraph BR-1.1.1, licensees are required to submit to the CBB the following information within 3 months of their financial year end:

                (a) The external auditor's management letter;
                (b) Audited financial statements of all subsidiaries (whether or not consolidated) along with their management letters;
                (c) The financing company's group structure and the internal organisation chart;
                (d) A list of non-performing and rescheduled credit facilities (including name of customer, country, amount outstanding, net interest income/ profit for the year attributed to profit & loss and the reasons for attributing interest/ profit to income);
                (e) A reconciliation statement between the audited financial statements and the relevant prudential returns;
                (f) The report on controllers as required under Paragraph GR-4.1.10;
                (g) A report on the licensee's close links as required under Paragraph GR-5.1.3;
                (h) [This Sub Paragraph was deleted in October 2014];
                (i) Any supplementary information as required by the CBB; and
                (j) An agreed upon procedures report concerning the completeness of disclosures required by Module PD, Section PD-1.3 and Chapter PD-4 (see also AA-3.2.2).
                (k) Report on the number of hours completed during the previous year in Continuous Professional Development (CPD) via CPD Form in Appendix BR-22 by the approved persons specifically board of directors and management as required under Paragraph TC-1.2.1.
                Amended: April 2017
                Amended: October 2014
                Amended: April 2014
                Amended: July 2013
                Added: January 2013

              • BR-1.1.2A

                In accordance with Paragraph HC-1.3.9, licensees must submit annually a report recording the board meetings held during the year. Such report must be submitted to the CBB, within 20 calendar days of the financial year end, as an attachment to the year-end quarterly PIRFM. Reference should be made to Appendix BR-5, Board and Committee Meetings, under part B/Reporting Forms of Volume 5 for a sample of such report.

                Added: October 2014

              • BR-1.1.3

                In accordance with the provisions of Section AA-4.1, the audited financial statements and the annual reports of the licensees must be in full compliance with:

                (a) The International Financial Reporting Standards (IFRS); or
                (b) AAOIFI Financial Accounting Standards for Sharia Compliant Financing Companies and for products and activities not covered by AAOIFI, International Financial Reporting Standards (IFRS)/International Accounting Standards (IAS) must be followed; and
                (c) The disclosure requirements set out under Sections PD-1.2, PD-1.3 and PD-1.4.
                January 2013

              • Annual Report

                • BR-1.1.4

                  Licensees must submit their full printed annual report to the CBB within 4 months of the end of their financial year (See PD-1.2.6).

                  January 2013

            • BR-1.2 BR-1.2 Interim Financial Statements

              • BR-1.2.1

                Licensees that are listed companies are required to submit to the CBB reviewed (unaudited) quarterly financial statements in accordance with the requirements outlined in Volume 6 (Capital Markets).

                January 2013

              • BR-1.2.2

                Licensees that are non-listed companies are required to submit to the CBB reviewed (unaudited) semi-annual financial statements on a semi-annual basis, within two months of the date of these statements. The semi-annual financial statements are to be presented in accordance with IFRS and/or AAOIFI (for sharia-compliant licensees).

                Amended: January 2014
                January 2013

              • BR-1.2.3

                The statements mentioned under Paragraphs BR-1.2.1 and BR-1.2.2 must be in compliance with the requirements set out under Section PD-2.1.

                January 2013

              • Additional Reporting Requirements for Semi Annual Disclosures

                • BR-1.2.4

                  Licensees are required to submit to the CBB within two months of the end of the half year an agreed upon procedures report concerning the completeness of disclosures required by Paragraph PD-2.1.6.

                  Added: April 2014

              • Requirement to Submit Draft Interim and Year-end Financial Statements

                • BR-1.2.5

                  In addition to the interim financial statements requirements under Paragraphs BR-1.2.1 and BR-1.2.2, licensees must submit their draft interim and year-end financial statements to the CBB at least one week before their board meets to discuss the interim and year-end financial statements.

                  Added: October 2015

                • BR-1.2.6

                  Licensees that are listed companies must comply with Paragraph BR-1.2.5 on a quarterly basis, while non-listed licensees must comply on a semi-annual basis.

                  Added: October 2015

              • Requirement to Submit Financial Review Report

                • BR-1.2.7

                  When submitting the draft interim and year-end financial statements required under Paragraph BR-1.2.5, licensees must also submit the prescribed financial review report. The prescribed format of the report for conventional licensees is Appendix BR-11 while Islamic licensees must submit Appendix BR-12. Both appendices are included under Part B of Volume 5.

                  Added: October 2015

            • BR-1.3 BR-1.3 Quarterly Prudential Requirements

              • PIRFM

                • BR-1.3.1

                  All licensees must complete the PIRFM form (see Appendix BR-1 under Part B of Volume 5 for financing companies). This form is intended to be a financial report of the licensee on a consolidated basis.

                  Amended: October 2014
                  January 2013

                • BR-1.3.2

                  The PIRFM form referred to under Paragraph BR-1.3.1 must be submitted to the CBB on a quarterly basis within 20 calendar days of the end of the reporting date.

                  Amended: October 2014
                  January 2013

                • BR-1.3.3

                  The CBB requires all licensees to request their external auditor to conduct a review of the prudential return on a quarterly basis. The results of such review (in the form of an Agreed Upon Procedures report as shown in Appendix BR-6) must be submitted to the CBB's relevant supervision Directorate no later than 2 months from the end of the subject quarter. A licensee may apply for an exemption from this requirement provided that it meets the criteria set out under Paragraph BR-1.3.4.

                  January 2013

                • BR-1.3.4

                  Licensees which demonstrate to the satisfaction of the CBB that they have fulfilled all of the CBB's requirements with regard to Prudential Returns for at least two consecutive quarters may apply (in writing) to the CBB for an exemption from the review procedure set out in Paragraph BR-1.3.3. Such exemption may be withdrawn by the CBB at any time, should errors be detected.

                  January 2013

              • Liquidity Reporting Requirements

                • BR-1.3.5

                  In accordance with Paragraph LM-3.2.1, licensees must report their stock liquidity and maturity mismatch ratios. The reporting of these ratios is included as part of the PIRFM return required under Paragraph BR-1.3.1. Licensees must note however that the liquidity requirements are only applicable to Bahrain operations as outlined in Paragraph LM-1.2.1.

                  Amended: October 2014
                  Added: January 2014

            • BR-1.4 BR-1.4 Monthly Requirements

              • BR-1.4.1

                All licensees which are listed on a licensed exchange in Bahrain must comply with the requirements of Volume 6 of the CBB Rulebook.

                January 2013

              • Connected Counterparty Exposures

                • BR-1.4.2

                  All licensees are required to submit to the CBB their exposures to connected parties on a monthly basis on the fourth working day of the month.

                  January 2013

                • BR-1.4.3

                  For instructions relating to the reporting required as per Paragraph BR-1.4.2, reference should be made to Appendix BR-8 and for the concerned reporting forms refer to Appendix BR-7, found under Part B of Volume 5.

                  January 2013

            • BR-1.5 BR-1.5 IIS Reporting Requirements

              • Institutional Information System (IIS)

                • BR-1.5.1

                  All licensees are required to complete online non-financial information related to their institution by accessing the CBB's institutional information system (IIS). Licensees must update the required information at least on a quarterly basis or when a significant change occurs in the non-financial information included in the IIS. If no information has changed during the quarter, the licensee must still access the IIS quarterly and confirm that the information contained in the IIS is correct. Licensees must ensure that they access the IIS within 20 calendar days from the end of the related quarter and either confirm or update the information contained in the IIS.

                  Amended: April 2013
                  January 2013

                • BR-1.5.2

                  Licensees failing to comply with the requirements of Paragraph BR-1.5.1 or reporting inaccurate information may be subject to financial penalties or other enforcement action as outlined in Module (EN) Enforcement.

                  January 2013

            • BR-1.6 BR-1.6 Internet Security Measures

              • BR-1.6.1

                In accordance with Section OM-5.2, licensees providing internet financial services must regularly test their systems against security breaches and submit the vulnerability assessment report to the CBB.

                Added: January 2014

              • BR-1.6.2

                The report referred to under Paragraph BR-1.6.1 must be conducted in accordance with Section OM-5.2 and submitted to the CBB twice a year, within two months following the end of the month where the testing took place, i.e. for the June test, the report must be submitted at the latest by 31st August and for the December test, by 28th February.

                Added: January 2014

            • BR-1.7 BR-1.7 Onsite Inspection Reporting

              • BR-1.7.1

                For the purpose of onsite inspection by the CBB, licensees must submit requested documents and completed questionnaires to the Inspection Directorate at the CBB three working days ahead of inspection team entry date.

                Added: April 2017

              • BR-1.7.2

                Licensees must review the contents of the draft Inspection Report and submit to the Inspection Directorate at the CBB a written assessment of the observations/issues raised within ten working days of receipt of such report. Evidentiary documents supporting management's comments must also be included in the response package.

                Added: April 2017

              • BR-1.7.3

                Licensees' board are required to review the contents of the Inspection Report and submit within one month, of the report issue date, a final response to such report along with an action plan addressing the issues raised within the stipulated timeline.

                Added: April 2017

              • BR-1.7.4

                Licensees failing to comply with the requirements of Paragraphs BR-1.7.1 and BR-1.7.2 are subject to date sensitive requirements and other enforcement actions as outlined in Module (EN) Enforcement.

                Added: April 2017

          • BR-2 BR-2 Notifications and Approvals

            • BR-2.1 BR-2.1 Introduction

              • BR-2.1.1

                All notifications and requests for approvals required in this Chapter are to be submitted by licensees in writing.

                January 2013

              • BR-2.1.2

                In this Chapter, the term 'in writing' includes electronic communications capable of being reproduced in paper form.

                January 2013

              • BR-2.1.3

                Licensees are required to provide the CBB with a range of information to enable it to monitor the licensee's compliance with Volume 5 of the CBB Rulebook. Some of this information is provided through regular reports, whereas others are in response to the occurrence of a particular event (such as a change in name or address). The following Sections list the commonly occurring reports for which a licensee will be required to notify the CBB or seek its approval.

                January 2013

            • BR-2.2 BR-2.2 Notification Requirements

              • Matters Having a Serious Supervisory Impact

                • BR-2.2.1

                  A licensee must notify the CBB if any of the following has occurred, may have occurred or may occur in the near future:

                  (a) The licensee failing to satisfy one or more of the Principles of Business referred to in Module PB;
                  (b) Any matter which could have a significant adverse impact on the licensee's reputation;
                  (c) Any matter which could affect the licensee's ability to continue to provide adequate services to its customers and which could result in serious detriment to a customer of the licensee;
                  (d) Any matter in respect of the licensee that could result in material financial consequences to the financial system or to other licensees;
                  (e) A significant breach of any provision of the Rulebook (including a Principle);
                  (f) A breach of any requirement imposed by law, regulation, directive or any other instruction issued by the CBB;
                  (g) If a licensee becomes aware, or has information that reasonably suggests that it has or may have provided the CBB with information that was or may have been false, misleading, incomplete or inaccurate, or has or may have changed in a material way, it must notify the CBB immediately (ref. BR-3.3.2); or
                  (h) If the licensee intends to suspend any or all the licensed regulated services or ceases business, setting out how it proposes to do so and, in particular, how it will treat any of its liabilities (ref GR-7.1.2).
                  January 2013

                • BR-2.2.2

                  The circumstances that may give rise to any of the events in Paragraph BR-2.2.1 are wide-ranging and the probability of any matter resulting in such an outcome, and the severity of the outcome, may be difficult to determine. However, the CBB expects licensees to properly consider all potential events and consequences that may arise from them.

                  January 2013

                • BR-2.2.3

                  In determining whether an event that may occur in the near future should be notified to the CBB, a licensee should consider both the probability of the event happening and the severity of the outcome should it happen. Matters having a supervisory impact could also include matters relating to a controller that may directly or indirectly have an effect on the licensee.

                  January 2013

              • Legal, Professional, Administrative or other Proceedings against a Licensee

                • BR-2.2.4

                  A licensee must notify the CBB immediately of any legal, professional or administrative or other proceedings instituted against the licensee, controller or a close link of the licensee that is known to the licensee and is significant in relation to the licensee's financial resources or its reputation.

                  January 2013

                • BR-2.2.5

                  A licensee must notify the CBB of the bringing of a prosecution for, or conviction of, any offence under any relevant law against the licensee or any of its approved persons.

                  January 2013

              • Fraud, Errors and other Irregularities

                • BR-2.2.6

                  A licensee must notify the CBB immediately if one of the following events arises and the event is significant:

                  (a) It becomes aware that an employee may have committed a fraud against one of its customers;
                  (b) It becomes aware that a person, whether or not employed by it, is acting with intent to commit fraud against it;
                  (c) It identifies irregularities in its accounting or other records, whether or not there is evidence of fraud;
                  (d) It suspects that one of its employees may be guilty of serious misconduct concerning his honesty or integrity and which is connected with the licensee's regulated activities; or
                  (e) Significant conflicts of interest.
                  January 2013

              • Meaning of the Term "significant"

                • BR-2.2.7

                  For the purposes of this chapter, in determining whether a matter is significant, a licensee should have regard to:

                  (a) The size of any monetary loss or potential monetary loss to itself or its customers (either in terms of a single incident or group of similar or related incidents);
                  (b) The risk of reputational loss to the licensee; and
                  (c) Whether the incident or a pattern of incidents reflects weaknesses in the licensee's internal controls.
                  January 2013

                • BR-2.2.8

                  In addition, if the licensee may have suffered significant financial losses as a result of the incident, or may suffer reputational loss, the CBB will wish to consider this and whether the incident is indicative of weaknesses in the licensee's internal controls.

                  January 2013

              • Insolvency, Bankruptcy and Winding Up

                • BR-2.2.9

                  Except in instances where the CBB has initiated the following actions, a licensee must notify the CBB immediately of any of the following events:

                  (a) The calling of a meeting to consider a resolution for winding up the licensee, a controller or close link of the licensee;
                  (b) An application to dissolve a controller or close link of the licensee:
                  (c) The presentation of a petition for the winding up of a controller or close link of the licensee;
                  (d) The making of any proposals, or the making of, a composition or arrangement with any one or more of the licensee's creditors, for material amounts of debt;
                  (e) An application for the appointment of an administrator or trustee in bankruptcy to a controller or close link of the licensee;
                  (f) The appointment of a receiver to the licensee or to a controller or close link of the licensee (whether an administrative receiver or a receiver appointed over particular property); or
                  (g) An application against the licensee, a controller or close link of the licensee under Part 10 of the CBB Law or the Bankruptcy and Composition Law of 1987 or similar legislation in another jurisdiction.
                  January 2013

              • External Auditor

                • BR-2.2.10

                  A licensee must notify the CBB of the following:

                  (a) Removal or resignation of its external auditor (ref. AA-1.2.1); or
                  (b) A change in the partner in charge of conducting the external audit. (Ref. AA-1.3.3).
                  January 2013

              • Approved Persons

                • BR-2.2.11

                  A licensee must notify the CBB of the termination of employment of any approved persons, including reasons for their termination and arrangements for replacing them (ref. AU-4.3.8 and AU-4.5.7).

                  January 2013

              • Authorised Signatories

                • BR-2.2.12

                  At the time of authorisation (when the license is granted) or whenever a change occurs, in order to maintain an up-to-date record of authorised signatories of respective financial institutions, the CBB requires all licensees to submit to the licensee's CBB supervisory point of contact a list of specimen signatures of the officials authorised to sign on behalf of the concerned institution, together with, where appropriate, details of what they are authorised to sign for.

                  January 2013

              • Capital Adequacy Liquidity Requirements

                • BR-2.2.13

                  In the event that a licensee fails to meet any of the requirements specified in Module CA (Capital Adequacy) or Module LM (Liquidity Risk Management), it must, on becoming aware that it has breached the requirements, immediately notify the CBB in writing (ref. CA-1.1.9 and LM-1.1.3).

                  January 2013

                • BR-2.2.14

                  As specified in Article 58 of the CBB Law, a licensee must notify the CBB immediately of any matter that may affect its financial position, currently or in the future, or limit its ability to meet its obligations.

                  January 2013

              • Outsourcing Arrangements

                • BR-2.2.15

                  Licensees must immediately inform their normal supervisory contact at the CBB of any material problems or changes encountered with an outsourcing provider (ref. OM-3.3.4).

                  January 2013

              • Controllers

                • BR-2.2.16

                  If, as a result of circumstances outside the licensee's knowledge and/or control, one of the changes to their controllers specified in Paragraph GR-4.1.1 is triggered prior to CBB approval being sought or obtained, the licensee must notify the CBB on the earlier of:

                  (a) The moment the change takes effect; or
                  (b) The moment the controller becomes aware of the proposed change (ref. GR-4.1.7).
                  Amended: April 2016
                  January 2013

                • BR-2.2.17

                  A licensee must notify the CBB of any event as specified under Article 52 of the CBB Law.

                  January 2013

              • Promotional Schemes

                • BR-2.2.18

                  Licensees must notify the CBB, and send copies of the documentation relating to promotional schemes, at least ten business days prior to their launch, after ensuring that such promotional schemes are in line with the Rules under Section BC-1.

                  January 2013

              • Introduction of New or Expanded Customer Products and Facilities

                • BR-2.2.19

                  All licensees should notify the CBB of information relating to any new or expanded customer products and facilities in accordance with the requirements set out under Section BC-3.2.

                  January 2013

              • Write-offs

                • BR-2.2.20

                  All licensees must notify the CBB of any write-off of a credit facility of an amount in excess of BD100,000 or its equivalent in foreign currency.

                  January 2013

            • BR-2.3 BR-2.3 Approval Requirements

              • Branches or Subsidiaries

                • BR-2.3.1

                  In accordance with Rule AU-4.2.1, a licensee must seek prior written approval from the CBB for opening a branch or a subsidiary.

                  January 2013

                • BR-2.3.2

                  Licensees wishing to cancel an authorisation for a branch or subsidiary must obtain the CBB's written approval before ceasing the activities of the branch or subsidiary.

                  January 2013

              • Change in Name

                • BR-2.3.3

                  In accordance with Paragraph GR-2.1.1, a licensee must seek prior written approval from the CBB and give reasonable advance notice of a change in:

                  (a) The licensee's name (being its registered name if the licensee is a body corporate); and/or
                  (b) The licensee's trade name.
                  January 2013

                • BR-2.3.4

                  The request under Paragraph BR-2.3.3 must include the details of the proposed new name and the date on which the licensee intends to use the new name.

                  January 2013

              • Change of Address

                • BR-2.3.5

                  As specified in Article 51 of the CBB Law, a licensee must seek approval from the CBB and give reasonable advance notice of a change in the address of the licensee's principal place of business in Bahrain, and that of its branches.

                  January 2013

                • BR-2.3.6

                  The request under Paragraph BR-2.3.5 must include the details of the proposed new address and the date on which the licensee intends to use the new address.

                  January 2013

              • Change in Legal Status

                • BR-2.3.7

                  A licensee must seek CBB approval and give reasonable advance notice of a change in its legal status that may, in any way, affect its relationship with or limit its liability to its customers.

                  January 2013

              • Change in Paid-up or Issued Capital

                • BR-2.3.8

                  As specified in Article 57(3) of the CBB Law, a licensee must seek CBB prior approval before making any modification to its issued or paid-up capital.

                  January 2013

              • Controllers

                • BR-2.3.9

                  In accordance with Section GR-4.1, licensees must seek CBB prior approval and give reasonable advance notice of any of the following events:

                  (a) A person acquiring control or ceasing to have control of the licensee;
                  (b) An existing controller acquiring an additional type of control (such as ownership or significant influence) or ceasing to have a type of control of the licensee;
                  (c) An existing controller increasing the percentage of shares or voting power beyond 10%, 20% or 40% of the licensee; and
                  (d) An existing controller becoming or ceasing to be a parent undertaking of the licensee.
                  Amended: April 2013
                  January 2013

              • Mergers, Acquisitions, Disposals and Establishment of New Subsidiaries

                • BR-2.3.10

                  A licensee incorporated in Bahrain must seek CBB prior approval and give reasonable advance notice of its intention to enter into a:

                  (a) Merger with another undertaking; or
                  (b) Proposed acquisition, disposal or establishment of a new subsidiary undertaking; or
                  (c) Modify its memorandum or articles of association.
                  Amended: January 2020
                  Amended: April 2013
                  Added: January 2013

              • Write-offs

                • BR-2.3.11

                  Licensees should obtain the CBB's prior written approval before writing off any of the following exposures:

                  (a) To any present or former director of the licensee;
                  (b) Which are guaranteed by a director of the licensee;
                  (c) To any business entity for which the licensee or any of its directors is an agent;
                  (d) To any officer or employee of the licensee, or any other person who receives remuneration from the licensee;
                  (e) To any business entity in which the licensee (or any of its directors, officers or other persons receiving remuneration from the licensee) has a material interest as a shareholder (i.e. 5% or more), or as a director, manager, agent or guarantor; and
                  (f) To any person who is a director, manager or officer of another licensee of the CBB.
                  January 2013

              • Outsourcing Arrangements

                • BR-2.3.12

                  A licensee must seek prior approval from the CBB for the following:

                  (a) Outsourcing of their internal audit function (ref. OM-2.7);
                  (b) Intra-group outsourcing (ref. OM-2.8.3); or
                  (c) Outsourcing other core functions (OM-2.3).
                  Amended: January 2016
                  January 2013

              • Matters Having a Supervisory Impact

                • BR-2.3.13

                  A licensee must seek prior approval from the CBB for any material changes or proposed changes to the information provided to the CBB in support of an authorisation application that occurs after authorisation has been granted.

                  January 2013

                • BR-2.3.14

                  Any licensee that wishes, intends or has been requested to do anything that might contravene, in its reasonable opinion, the provisions of UNSCR 1373 (and in particular Article 1, Paragraphs c) and d) of UNSCR 1373) must seek, in writing, the prior written opinion of the CBB on the matter (ref. FC-8.2.2).

                  January 2013

                • BR-2.3.15

                  As specified in Article 57 of the CBB Law, a licensee wishing to modify its Memorandum or Articles of Association, must obtain prior written approval from the CBB.

                  January 2013

                • BR-2.3.16

                  As specified in Article 57 of the CBB Law, a licensee wishing to transfer all or a major part of its assets or liabilities inside or outside the Kingdom, must obtain prior written approval from the CBB.

                  January 2013

              • External Auditor

                • BR-2.3.17

                  A licensee must seek prior approval from the CBB for the appointment or re-appointment of its external auditor (ref. AU-2.7.1 and AA-1.1.1)

                  January 2013

              • Dividend Distribution

                • BR-2.3.18

                  Licensees, must obtain the CBB's prior written approval to any dividend proposed to be distributed to the shareholders, in accordance with Chapter GR-4.

                  January 2013

              • Approved Persons

                • BR-2.3.19

                  A licensee must seek prior approval from the CBB for the appointment of persons undertaking a controlled function (ref. Article 65 of the CBB Law, AU-1.2 and AU-4.3.1).

                  January 2013

                • BR-2.3.20

                  Licensees must seek prior CBB approval before an approved person may move from one controlled function to another within the same licensee (ref. AU-4.3.11).

                  January 2013

                • BR-2.3.21

                  If a controlled function falls vacant, a licensee making immediate interim arrangements for the controlled function affected, must obtain approval from the CBB (ref. AU-4.4.5).

                  January 2013

              • Cessation of Business

                • BR-2.3.22

                  In accordance with Paragraph GR-7.1.1 and Article 50 of the CBB Law, licensees must seek the CBB's prior approval should they wish to cease to provide or suspend any or all of the licensed regulated services of their operations and/or liquidate their business.

                  January 2013

          • BR-3 BR-3 Information Gathering by the CBB

            • BR-3.1 BR-3.1 Power to Request Information

              • BR-3.1.1

                In accordance with Article 111 of the CBB Law, licensees must provide all information that the CBB may reasonably request in order to discharge its regulatory obligations.

                January 2013

              • BR-3.1.2

                Licensees must provide all relevant information and assistance to the CBB inspectors and appointed experts on demand as required by Articles 111 and 114 of the CBB Law. Failure by licensees to cooperate fully with the CBB's inspectors or appointed experts, or to respond to their examination reports within the time limits specified, will be treated as demonstrating a material lack of cooperation with the CBB which will result in other enforcement measures being considered, as described elsewhere in Module EN. This rule is supported by Article 114(a) of the CBB Law.

                January 2013

              • BR-3.1.3

                Article 163 of the CBB Law provides for criminal sanctions where false or misleading statements are made to the CBB or any person /appointed expert appointed by the CBB to conduct an inspection or investigation on the business of the licensee or the listed licensee.

                January 2013

              • Information Requested on Behalf of other Supervisors

                • BR-3.1.4

                  The CBB may ask licensees to provide it with information at the request of or on behalf of other supervisors to enable them to discharge their functions properly. Those supervisors may include overseas supervisors or government agencies in Bahrain. The CBB may also, without notifying a licensee, pass on to those supervisors or agencies information that it al has in its possession.

                  January 2013

            • BR-3.2 BR-3.2 Access to Premises

              • BR-3.2.1

                In accordance with Article 114 of the CBB Law, a licensee must permit representatives of the CBB, or persons appointed for the purpose by the CBB to have access, with or without notice, during reasonable business hours to any of its business premises in relation to the discharge of the CBB's functions under the relevant law.

                January 2013

              • BR-3.2.2

                A licensee must take reasonable steps to ensure that its agents and providers under outsourcing arrangements permit such access to their business premises, to the CBB.

                January 2013

              • BR-3.2.3

                A licensee must take reasonable steps to ensure that each of its providers under material outsourcing arrangements deals in an open and cooperative way with the CBB in the discharge of its functions in relation to the licensee.

                January 2013

              • BR-3.2.4

                The cooperation that licensees are expected to procure from such providers is similar to that expected of licensees themselves.

                January 2013

            • BR-3.3 BR-3.3 Accuracy of Information

              • BR-3.3.1

                Licensees must take reasonable steps to ensure that all information they give to the CBB is:

                (a) Factually accurate or, in the case of estimates and judgements, fairly and properly based after appropriate enquiries have been made by the licensee; and
                (b) Complete, in that it should include everything which the CBB would reasonably and ordinarily expect to have.
                January 2013

              • BR-3.3.2

                If a licensee becomes aware, or has information that reasonably suggests that it has or may have provided the CBB with information that was or may have been false, misleading, incomplete or inaccurate, or has or may have changed in a material way, it must notify the CBB immediately. The notification must include:

                (a) Details of the information which is or may be false, misleading, incomplete or inaccurate, or has or may have changed;
                (b) An explanation why such information was or may have been provided; and
                (c) The correct information.
                January 2013

              • BR-3.3.3

                If the information in Paragraph BR-3.3.2 cannot be submitted with the notification (because it is not immediately available), it must instead be submitted as soon as possible afterwards.

                January 2013

            • BR-3.4 BR-3.4 Methods of Information Gathering

              • BR-3.4.1

                The CBB uses various methods of information gathering on its own initiative which require the cooperation of licensees:

                (a) Representatives of the CBB may make onsite visits at the premises of the licensee. These visits may be made on a regular basis, or on a sample basis, for special purposes such as theme visits (looking at a particular issue across a range of licensees), or when the CBB has a particular reason for visiting a licensee;
                (b) Appointees of the CBB may also make onsite visits at the premises of the licensee. Appointees of the CBB may include persons who are not CBB staff, but who have been appointed to undertake particular monitoring activities for the CBB, such as in the case of Appointed Experts (refer to Chapter EN-2);
                (c) The CBB may request the licensee to attend meetings at the CBB's premises or elsewhere;
                (d) The CBB may seek information or request documents by telephone, at meetings or in writing, including electronic communication; or
                (e) The CBB may require licensees to submit various documents or notifications, as per Chapter BR-2, in the ordinary course of their business such as financial reports or on the happening of a particular event in relation to the licensee such as a change in control.
                January 2013

              • BR-3.4.2

                When seeking meetings with a licensee or access to the licensee's premises, the CBB or the CBB appointee needs to have access to a licensee's documents and personnel. Such requests will be made during reasonable business hours and with proper notice. There may be instances where the CBB may seek access to the licensee's premises without prior notice. While such visits are not common, the prospect of unannounced visits is intended to encourage licensees to comply at all times with the requirements and standards imposed by the CBB as per legislation and Volume 5 of the CBB Rulebook.

                January 2013

              • BR-3.4.3

                The CBB considers that a licensee should:

                (a) Make itself readily available for meetings with representatives or appointees of the CBB;
                (b) Give representatives or appointees of the CBB reasonable access to any records, files, tapes or computer systems, which are within the licensee's possession or control, and provide any facilities which the representatives or appointees may reasonably request;
                (c) Produce to representatives or appointees of the CBB specified documents, files, tapes, computer data or other material in the licensee's possession or control as may be reasonably requested;
                (d) Print information in the licensee's possession or control which is held on computer or otherwise convert it into a readily legible document or any other record which the CBB may reasonably request;
                (e) Permit representatives or appointees of the CBB to copy documents of other material on the premises of the licensee at the licensee's expense and to remove copies and hold them elsewhere, or provide any copies, as may be reasonably requested; and
                (f) Answer truthfully, fully and promptly all questions which representatives or appointees of the CBB reasonably put to it.
                January 2013

              • BR-3.4.4

                The CBB considers that a licensee should take reasonable steps to ensure that the following persons act in the manner set out in Paragraph BR-3.4.3:

                (a) Its employees; and
                (b) Any other members of its group and their employees.
                January 2013

              • BR-3.4.5

                In gathering information to fulfill its supervisory duties, the CBB acts in a professional manner and with due regard to maintaining confidential information obtained during the course of its information gathering activities.

                January 2013

            • BR-3.5 BR-3.5 The Role of the Appointed Expert

              • Introduction

                • BR-3.5.1

                  The content of this Chapter is applicable to all licensees and appointed experts.

                  January 2013

                • BR-3.5.2

                  The purpose of the contents of this Chapter is to set out the roles and responsibilities of appointed experts when appointed pursuant to Article 114 or 121 of the CBB Law (see EN-2.1.1). These Articles empower the CBB to assign some of its officials or others to inspect or conduct investigations of licensees.

                  January 2013

                • BR-3.5.3

                  The CBB uses its own inspectors to undertake on-site examinations of licensees as an integral part of its regular supervisory efforts. In addition, the CBB may commission reports on matters relating to the business of licensees in order to help it assess their compliance with CBB requirements. Inspections may be carried out either by the CBB's own officials, by duly qualified appointed experts appointed for the purpose by the CBB, or a combination of the two.

                  January 2013

                • BR-3.5.4

                  The CBB will not, as a matter of general policy, publicise the appointment of an appointed expert, although it reserves the right to do so where this would help achieve its supervisory objectives. Both the appointed expert and the CBB are bound to confidentiality provisions restricting the disclosure of confidential information with regards to any such information obtained in the course of the investigation.

                  January 2013

                • BR-3.5.5

                  Unless the CBB otherwise permits, appointed experts should not be the same firm appointed as external auditor of the licensee.

                  January 2013

                • BR-3.5.6

                  Appointed experts will report directly to and be responsible to the CBB in this context and will specify in their report any limitations placed on them in completing their work (for example due to the licensee's group structure). The report produced by the appointed experts is the property of the CBB (but is usually shared by the CBB with the firm concerned).

                  January 2013

                • BR-3.5.7

                  Compliance by appointed experts with the contents of this Chapter will not, of itself, constitute a breach of any other duty owed by them to a particular licensee (i.e. create a conflict of interest.

                  January 2013

                • BR-3.5.8

                  The CBB may appoint one or more of its officials to work on the appointed experts' team for a particular licensee.

                  January 2013

              • The Required Report

                • BR-3.5.9

                  The scope of the required report will be determined and detailed by the CBB in the appointment letter. Commissioned appointed experts would normally be required to report on one or more of the following aspects of a licensee's business:

                  (a) Accounting and other records;
                  (b) Internal control systems;
                  (c) Returns of information provided to the CBB;
                  (d) Operations of certain departments; and/or
                  (e) Other matters specified by the CBB.
                  January 2013

                • BR-3.5.10

                  Appointed experts will be required to form an opinion on whether, during the period examined, the licensee is in compliance with the relevant provisions of the CBB Law and the CBB's relevant requirements, as well as other requirements of Bahrain Law and, where relevant, industry best practice locally and/or internationally.

                  January 2013

                • BR-3.5.11

                  The appointed experts' report should follow the format set out in Appendix BR-10, in part B of the CBB Rulebook.

                  Amended: July 2013
                  January 2013

                • BR-3.5.12

                  Unless otherwise directed by the CBB or unless the circumstances described in Paragraph BR-3.5.16 apply, the report must be discussed with the Board of directors and/or senior management in advance of it being sent to the CBB.

                  January 2013

                • BR-3.5.13

                  Where the report is qualified by exception, the report must clearly set out the risks which the licensee runs by not correcting the weakness, with an indication of the severity of the weakness should it not be corrected. Appointed experts will be expected to report on the type, nature and extent of any weaknesses found during their work, as well as the implications of a failure to address and resolve such weaknesses.

                  January 2013

                • BR-3.5.14

                  If the appointed experts conclude, after discussing the matter with the licensee, that they will give a negative opinion (as opposed to one qualified by exception) or that the issue of the report will be delayed, they must immediately inform the CBB in writing giving an explanation in this regard.

                  January 2013

                • BR-3.5.15

                  The report must be completed, dated and submitted, together with any comments by directors or management (including any proposed timeframe within which the licensee has committed to resolving any issues highlighted by the report), to the CBB within the timeframe applicable.

                  January 2013

              • Other Notifications to the CBB

                • BR-3.5.16

                  Appointed experts must communicate to the CBB, during the conduct of their duties, any reasonable belief or concern they may have that any of the requirements of the CBB, including the criteria for licensing a licensee (see Module AU), are not or have not been fulfilled, or that there has been a material loss or there exists a significant risk of material loss in the concerned licensee, or that the interests of customers are at risk because of adverse changes in the financial position or in the management or other resources of a licensee. Notwithstanding the above, it is primarily the licensee's responsibility to report such matters to the CBB.

                  January 2013

                • BR-3.5.17

                  The CBB recognises that appointed experts cannot be expected to be aware of all circumstances which, had they known of them, would have led them to make a communication to the CBB as outlined above. It is only when appointed experts, in carrying out their duties, become aware of such a circumstance that they should make detailed inquiries with the above specific duty in mind.

                  January 2013

                • BR-3.5.18

                  If appointed experts decide to communicate directly with the CBB in the circumstances set out in Paragraph BR-3.5.16, they may wish to consider whether the matter should be reported at an appropriate senior level in the licensee at the same time and whether an appropriate senior representative of the licensee should be invited to attend the meeting with the CBB.

                  January 2013

              • Permitted Disclosure by the CBB

                • BR-3.5.19

                  Information which is confidential and has been obtained under, or for the purposes of, this chapter or the CBB Law may only be disclosed by the CBB in the circumstances permitted under the Law. This will allow the CBB to disclose information to appointed experts to fulfil their duties. It should be noted, however, that appointed experts must keep this information confidential and not divulge it to a third party except with the CBB's permission and/or unless required by Bahrain Law.

                  January 2013

              • Trilateral Meeting

                • BR-3.5.20

                  The CBB may, at its discretion, call for a trilateral meeting(s) to be held between the CBB and representatives of the relevant licensee and the appointed experts. This meeting will provide an opportunity to discuss the appointed experts' examination of, and report on, the licensee.

                  January 2013

        • PD PD Financing Companies Public Disclosure Module

          • PD-A PD-A Introduction

            • PD-A.1 PD-A.1 Purpose

              • PD-A.1.1

                The purpose of this Module is to set out the detailed qualitative and quantitative public disclosure requirements that financing companies should adhere to in order to enhance corporate governance and financial transparency through better public disclosure. Such disclosures also help to protect customers and facilitate market discipline.

                January 2014

              • PD-A.1.2

                This Module provides support for certain other parts of the Rulebook, namely:

                (a) Prudential Consolidation and Deduction Requirements;
                (b) Licensing and Authorisation Requirements;
                (c) CBB Reporting Requirements;
                (d) Credit Risk Management;
                (e) Operational Risk Management;
                (f) High Level Controls;
                (g) Relationship with Audit Firms; and
                (h) Penalties and Fines.
                January 2014

              • PD-A.1.3

                This Module also provides support for certain aspects relating to disclosure requirements stipulated in the Central Bank of Bahrain and Financial Institutions Law (Decree No. 64 of 2006) and the Bahrain Commercial Companies Law (as amended).

                January 2014

              • Legal Basis

                • PD-A.1.4

                  This Module contains the Central Bank of Bahrain's ('the CBB') Directive (as amended from time to time) relating to public disclosure and disclosure to shareholders and is issued pursuant to the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). It also incorporates the requirements of Article 62 of the CBB Law with respect to the publication of financial statements. The Directive in this Module is applicable to all financing company licensees.

                  January 2014

                • PD-A.1.5

                  For an explanation of the CBB's rule-making powers and different regulatory instruments, see Section UG-1.1.

                  January 2014

            • PD-A.2 PD-A.2 General Requirements

              • PD-A.2.1

                All financing companies must have a formal disclosure policy as part of their overall communications strategy, supported by documented procedures and approved by the Board of Directors that addresses the disclosures that the company makes and the internal controls over the disclosure process. In addition, all financing companies must carry out a regular review of the validity of their disclosures (in terms of scope and accuracy) as outlined in Modules BR and AA.

                January 2014

              • PD-A.2.2

                All financing companies are required to publish their annual audited, and reviewed quarterly financial statements per the rules set out in this Module and Article 62 of the CBB Law, the Bahrain Commercial Companies Law (as amended), the Rulebook of the licensed exchange and Volume 6 (Capital Markets), where applicable. Such financial statements must be prepared in accordance with International Financial Reporting Standards (IFRS) in the case of conventional financing companies and Financial Accounting Standards (FAS) issued by the Accounting and Auditing Organisation for Islamic Financial Institutions (AAOIFI) in the case of Shari'a compliant financing companies.

                January 2014

              • PD-A.2.3

                The CBB requires that each financing company maintain an up-to-date checklist of all applicable IFRS/AAOIFI standards and also the disclosure requirements set out in this Module for full compliance purposes. Such checklists should be part of the financing company's public disclosure procedures.

                January 2014

              • PD-A.2.4

                The disclosures specified in this Module, which are in addition to those required by applicable accounting standards, must be reviewed by the financing company's external auditor based on agreed upon procedures (unless IFRS/ AAOIFI require that the concerned disclosures are audited).

                January 2014

              • PD-A.2.5

                The disclosures in this Module may be presented as an accompanying document or appendices to the Annual Report or in the Notes to the Financial Statements at the discretion of the concerned financing company.

                January 2014

              • PD-A.2.6

                The external auditor's review must also check other statements in the Annual Report such as the Chairman's report to ensure that such statements are consistent with the audited financial statements and the disclosures required by this Module. All qualitative or descriptive disclosures in the Annual Report must be based upon and reflective of facts and actual practice by the financing company (and be subject to the above review by the company's external auditor).

                January 2014

              • PD-A.2.7

                If situations arise where disclosures required in this Module are in conflict with those required under IFRS/AAOIFI and/or any listing requirements issued by the CBB or a licensed exchange, listed financing companies should first follow the CBB's requirements as contained in Volume 6 (Capital Markets). In such situations, financing companies should explain any material differences between the accounting or other disclosures and the disclosure required in this Module. This explanation does not have to take the form of a line-by-line reconciliation, but should provide stakeholders with sufficient detail to make an objective assessment of the financing company's financial and operational health. Moreover, a formal notification to the CBB is required in such a situation.

                January 2014

              • PD-A.2.8

                A financing company should decide which disclosures are relevant for it based on materiality and subject to the concurrence of the financing company's external auditor. For the financing companies' guidance, information would be regarded as material if its omission or misstatement could change or influence the assessment or decision of a user relying on that information for the purpose of making economic decisions.

                January 2014

              • PD-A.2.9

                Non-compliance with these disclosure requirements is likely to lead to enforcement actions, such as a fine, as outlined in Module EN (Enforcement) .

                January 2014

            • PD-A.3 PD-A.3 Proprietary and Confidential Information

              • PD-A.3.1

                Proprietary information encompasses information (for example on products or systems), that if shared with competitors would render a financing company's investment in these products/systems less valuable, and hence would undermine its competitive position. Information about customers is often confidential, in that it is provided under the terms of a legal agreement or counterparty relationship. This has an impact on what financing companies should reveal in terms of information about their customer base, as well as details on their internal commercial arrangements, for instance methodologies used, parameter estimates, data etc.

                January 2014

              • PD-A.3.2

                If a financing company considers that disclosure of certain information required in Section PD-1.3 may prejudice seriously its position by making public information that is either proprietary or confidential in nature, it need not disclose those specific items, subject to the prior approval of the CBB. In such situations, the CBB may require the disclosure of more general information about the subject matter of the requirement, together with the fact that, and the reason why, the specific items of information have not been disclosed. This limited exemption is not intended to conflict with the disclosure requirements under IFRS and AAOIFI, as applicable.

                January 2014

            • PD-A.4 PD-A.4 Module History

              • Evolution of Module

                • PD-A.4.1

                  This Module was first issued in January 2014 by the CBB. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG-3 provides further details on Rulebook maintenance and version control.

                  January 2014

                • PD-A.4.2

                  A list of recent changes made to this Module is provided below:

                  Module Ref. Change Date Description of Changes
                  PD-2.1.2 04/2014 Deleted requirement for non-listed licensees to publish semi-annual financial statements.
                  PD-1.3.18 10/2019 Amended Paragraph on disclosure of financial penalties.
                       
                       
                       

              • Superseded Requirements

                • PD-A.4.3

                  This Module supersedes the following provisions contained in circulars or other regulatory requirements:

                  Document Ref. Document Subject
                  Volumes 1 and 2 Module PD
                     
                  January 2014

          • PD-B PD-B Scope of Application

            • PD-B.1 PD-B.1 Scope

              • PD-B.1.1

                This Module applies to all financing company licensees authorised in the Kingdom, thereafter referred to in this Module as licensees.

                January 2014

          • PD-1 PD-1 Annual Disclosure Requirements

            • PD-1.1 PD-1.1 Introduction

              • PD-1.1.1

                The purpose of this Chapter is to set out the CBB's requirements relating to the disclosure of information in the annual audited financial statements and the Annual Report of all licensees. This Chapter also refers to the Bahrain Commercial Companies Law (as amended) and the Rulebook of the licensed exchange relating to public disclosure and reporting requirements.

                January 2014

              • PD-1.1.2

                For the purpose of this Module, the following definitions apply:

                (a) 'Interest in the shares' includes, but is not be limited to, direct and/or indirect ownership of such shares, the right of voting associated with such shares, the right to receive dividends payable on such shares, and/or any right, regardless of the form thereof, to purchase (or otherwise acquire an interest in) such shares at any time;
                (b) 'Audited financial statements' refers to the financial statements required under International Financial Reporting Standards (IFRS) and/or Accounting and Auditing Organisation for Islamic Financial Institutions (AAOIFI); and
                (c) 'Annual Report' refers to the document which contains the full audited financial statements and accompanying notes as well as any accompanying commentary by the senior officials of the company.
                January 2014

            • PD-1.2 PD-1.2 Requirements for Annual Audited Financial Statements and Annual Report

              • Submission of Annual Audited Financial Statements

                • PD-1.2.1

                  All licensees must submit their annual audited financial statements to the CBB within 3 months of the end of the licensee's financial year (as required by Article 62 of the CBB Law). Licensees' annual audited financial statements must be audited by their external auditor.

                  January 2014

                • PD-1.2.2

                  Licensees are also required to publish the annual audited financial statements on their website (see also PD-1.3.5(g)) within one week of submission to the CBB.

                  January 2014

              • Publication of Annual Audited Financial Statements

                • PD-1.2.3

                  Licensees must publish extracts from their audited annual financial statements in one Arabic and one English daily newspaper within 2 months of the end of the financial year. The newspaper disclosures may be edited, but must include at a minimum the balance sheet, the statements of income, cash flow, changes in equity and, where applicable, the statement of comprehensive income. The newspaper disclosures must also be published on the licensee's website within one week of publication.

                  January 2014

                • PD-1.2.4

                  The newspaper disclosures must include a reference to the fact that the published figures 'have been extracted from financial statements audited by XYZ auditor, who expressed an unqualified opinion on (dated report)'. Licensees must disclose in full any audit qualifications or matter of emphasis paragraphs contained within the auditor's opinion. The auditor's opinion must be made in accordance with the International Standards on Auditing as established by the International Federation of Accountants and AAOIFI's Standards on Auditing, where applicable.

                  January 2014

                • PD-1.2.5

                  Licensees must submit a copy of the newspaper extracts from their annual audited financial statements to the CBB within two business days of publication in the concerned newspapers. The copy must be accompanied by a letter clearly showing on which date and in which publications the statements were published.

                  January 2014

              • Submission of Annual Report

                • PD-1.2.6

                  All licensees must submit their full printed annual report to the CBB, including the full disclosures prescribed in this Chapter within 4 months of the end of the licensee's financial year.

                  January 2014

                • PD-1.2.7

                  Licensees are also required to place the annual report on their website (see also PD-1.3.5(g)) within one week of submission to the CBB.

                  January 2014

            • PD-1.3 PD-1.3 Disclosures in the Annual Report

              • Introduction

                • PD-1.3.1

                  Licensees should provide timely information which facilitates market participants' assessment of them. The disclosure requirements set out in this Section must be included in the Annual Report either as an appendix or in the notes to the audited financial statements at the discretion of the concerned licensee. The disclosures should be addressed in clear terms and with appropriate details to help achieve a satisfactory level of transparency.

                  January 2014

                • PD-1.3.2

                  If a licensee is unable to achieve full compliance with the requirements stated in this Chapter, a meeting should be held with the relevant Banking Supervision Director at the CBB in the presence of the concerned external auditor to discuss the reasons for such non-compliance prior to the finalisation of the Annual Report. It is the responsibility of the licensee to call for such meetings.

                  January 2014

              • Scope of Application — Qualitative Disclosures

                • PD-1.3.3

                  The following information must be disclosed in relation to the licensee, its subsidiaries and associates:

                  (a) The full legal name of the top corporate entity in the group to which the disclosure requirements apply; and
                  (b) An outline of the differences in the basis of consolidation for accounting and regulatory purposes.
                  January 2014

              • Financial Performance and Position

                • PD-1.3.4

                  The following information should be included:

                  (a) Discussion of the main factors that influenced the licensee's financial performance for the year, explaining any differences in performance between the current year and previous years and the reasons for such differences, and discussing factors that will have a significant influence on the licensee's future financial performance;
                  (b) Basic quantitative indicators of financial performance (e.g. ROAE, ROAA, NIM, cost-to-income ratios) for the past 5 years;
                  (c) A discussion of the impact of acquisitions of new businesses and discontinued business and unusual items; and
                  (d) A discussion of any changes in the capital structure and their possible impact on earnings and dividends.
                  January 2014

              • Corporate Governance and Transparency

                • PD-1.3.5

                  The following information relating to corporate governance must be disclosed in the Annual Report:

                  (a) Information about the Board structure (e.g. the size of the Board, Board committees, function of committees and membership showing executive, non-executive and independent members) and the basic organisational structure (lines of business structure and legal entity structure);
                  (b) Information about the profession, business title, and experience in years of each Board member and the qualifications and experience in years of all senior managers;
                  (c) Descriptive information on the managerial structure, including:
                  (i) Committees;
                  (ii) Segregation of duties;
                  (iii) Reporting lines; and
                  (iv) Responsibilities;
                  (d) Descriptive information on the performance-linked incentive structure for the Chief Executive, the General Manager, Managers, Shari'a Board and the Board of directors (remuneration policies, executive compensation, stock options, etc.);
                  (e) Nature and extent of transactions with related parties (as defined by IFRS and AAOIFI as appropriate — see also PD-1.3.11(d));
                  (f) Approval process for related party transactions;
                  (g) Information about any changes in the structures (as mentioned in Subparagraphs PD-1.3.5(a) to PD-1.3.5(c)) from prior periods;
                  (h) The communications strategy approved by the Board (including the use of the licensee's website) which should undertake to perform at least the following:
                  (i) The disclosure of all relevant information to stakeholders on a periodic basis in a timely manner; and
                  (ii) The provision of at least the last three years of financial data on the licensee's website;
                  (i) Distribution of ownership of shares by nationality;
                  (j) Directors' and senior managers' trading of the licensee's shares during the year, on an individual basis;
                  (k) Distribution of ownership of shares by directors and senior managers, on an individual basis;
                  (l) Distribution of ownership of shares by size of shareholder;
                  (m) Ownership of shares by government;
                  (n) The Board's functions — rather than a general statement (which could be disclosed simply as the Board's legal obligations under various laws) the 'mandate' of the Board should be set out;
                  (o) The types of material transactions that require Board approval;
                  (p) Number and names of independent board members;
                  (q) Board terms and start date for each term for each director;
                  (r) What the board does to induct, educate and orient new directors;
                  (s) Election system of directors and any termination arrangements;
                  (t) Meeting dates (number of meetings during the year);
                  (u) Attendance of directors at each meeting;
                  (v) Whether the board has adopted a written code of ethical business conduct, and if so the text of that code and a statement of how the board monitors compliance;
                  (w) Minimum number of Board committee meetings per year, the actual number of board meetings, attendance of committees' members and the work of committees and any significant issues arising during the period;
                  (x) Reference to Module HC and any amendments subsequently made by the CBB, including explanation and nature of any non-compliance with Module HC in accordance with Paragraph HC-A.1.8;
                  (y) Review of internal control processes and procedures;
                  (z) Directors responsibility with regard to the preparation of financial statements;
                  (aa) Board of Directors — whether or not the board, its committees and individual directors are regularly assessed with respect to their effectiveness and contribution;
                  (bb) Licensees must maintain a website;
                  (cc) Aggregate remuneration paid to board members;
                  (dd) Remuneration policy of the licensee for board members and senior management; and
                  (ee) Aggregate remuneration paid to senior management.
                  January 2014

                • PD-1.3.5A

                  With regards to corporate governance, licensees are subject to additional disclosure requirements on corporate governance, whereby such disclosure are for the benefit of shareholders (See Chapter PD-4).

                  January 2014

              • Capital Structure — Qualitative Disclosures

                • PD-1.3.6

                  All licensees must disclose summary information of the terms and conditions of the main features of all capital instruments listed in Paragraph PD-1.3.7 including innovative, complex or hybrid capital instruments.

                  January 2014

              • Capital Structure — Quantitative Disclosures

                • PD-1.3.7

                  All licensees must disclose the amount of core capital with separate disclosures of:

                  (a) Authorised capital;
                  (b) Paid-up share capital/common stock;
                  (c) Breakdown of reserves and retained earnings;
                  (d) Minority interests in the equity of subsidiaries;
                  (e) Other capital instruments such as subordinated debt or hybrid capital instruments; and
                  (f) Regulatory deductions from core capital (see Paragraph CA-1.1.6 for more guidance).
                  January 2014

              • Capital Adequacy

                • PD-1.3.8

                  All licensees must present a summary of the licensee's approach to assessing the adequacy of capital and adherence to the gearing requirements to support current and future activities.

                  January 2014

              • General Qualitative Disclosure Requirements

                • PD-1.3.9

                  All licensees must describe their risk management objectives and policies for each separate risk area below and provide information on whether or not strategies used have been effective throughout the reporting period. The strategies, processes and internal controls (including internal audit) must be described for each area below including the structure and organisation of the relevant risk management function, and the scope and nature of risk reporting systems and policies for hedging/mitigating risk and strategies for monitoring the continuing effectiveness of hedges/mitigants. There are also certain specific disclosures for each of these areas in addition to the general qualitative disclosures required by this Paragraph:

                  (a) Credit risk (see also PD-1.3.10 – PD-1.3.12);
                  (b) Securitisations (see also PD-1.3.13 – PD-1.3.14); and
                  (c) Operational Risk (see also PD-1.3.15 – PD-1.3.16).
                  January 2014

              • Credit Risk — Qualitative Disclosures

                • PD-1.3.10

                  All licensees must make the general qualitative disclosures outlined in Paragraph PD-1.3.9, as well as those below:

                  (a) Definition of past due and impaired credit facilities (for accounting purposes); and
                  (b) Description of the approaches for specific and collective impairment provisions and statistical methods used (where applicable).
                  January 2014

              • Credit Risk — Quantitative Disclosures

                • PD-1.3.11

                  All licensees must disclose the following:

                  (a) Total gross credit exposures (gross outstanding before any risk mitigation) plus average gross exposures over the period broken down by major types of credit exposure (as outlined under IFRS) into funded and unfunded exposures. Where the period end position is representative of the risk positions of the company during the period, average gross exposures need not be disclosed. Licensees must state that average gross exposures have not been disclosed for this reason. Where average amounts are disclosed in accordance with an accounting standard or other requirement which specifies the calculation method to be used, that method should be followed. Otherwise, the average exposures should be calculated using the most frequent interval that an entity's systems generate for management, regulatory or other reasons, provided that the resulting averages are representative of the licensee's operations. The basis used for calculating averages needs to be stated;
                  (b) Geographic distribution of exposures, broken down into significant areas by major types of credit exposure. Geographical areas may be individual countries, or groups of countries. Licensees may define the geographical area according to how they manage the concerned areas internally. The criteria used to allocate exposures to particular geographical areas should be specified;
                  (c) Distribution of exposures by industry or counterparty type, broken down by major types of credit exposure, broken down by funded and unfunded exposure;
                  (d) Intra-group transactions including exposures to related parties, and whether such transactions have been made on an arm's length basis;
                  (e) By major industry or counterparty type:
                  (i) Amount of impaired loans/facilities and past due loans/facilities (see PD-1.3.12);
                  (ii) Specific and collective impairment provisions (see PD-1.3.12);
                  (iii) Charges for specific impairment provisions and charge-offs (write-offs) during the period; and
                  (iv) Reconciliation of changes in provisions for loan impairment;
                  (f) Amount of past due credit facilities, separately broken down by significant geographic areas, including the amounts of specific and collective impairment provisions related to each geographical area (see PD-1.3.11(b) for definition of geographical area);
                  (g) Aggregate quantitative information about all outstanding credit facilities at year end not included in (f) above that have been restructured (according to the definition in the PIR instructions) during the period including:
                  (i) The balance of any restructured credit facilities ;
                  (ii) The magnitude of any restructuring activity;
                  (iii) The impact of restructured credit facilities on provisions and present and future earnings; and
                  (iv) The basic nature of concessions on all credit relationships that are restructured.
                  If full repayment is expected, the restructured credit need not be disclosed in this section after satisfactory performance for a period of six months in accordance with the modified terms; and
                  (h) Quantitative information concerning obligations with respect to recourse transactions (i.e. where the asset has been sold, but the company retains responsibility for repayment if the original counterparty defaults or fails to fulfil their obligations). Information must include the amount of assets sold and any expected losses.
                  January 2014

                • PD-1.3.12

                  For Paragraph PD-1.3.11, the following notes are provided for interpretative guidance:

                  (a) Licensees must follow the residual maturity groupings currently followed under IFRS 7, but they must also extend the periods to include 5-10 years, 10-20 years, and 20 years and over (where the licensees have exposures or liabilities of such maturity);
                  (b) In PD-1.3.11(e), licensees must provide an ageing of past due credit facilities on the following basis:
                  (i) Ageing schedule (over 3 months, over 1 year and over 3 years) of past due credit facilities and other assets; and
                  (ii) Breakdown by relevant counterparty type and geographic area;
                  (c) For specific, collective and other impairment provisions, the portion of collective impairment provisions not allocated to specific geographical areas should be shown separately; and
                  (d) The reconciliation of changes in provisions should show specific and collective impairment provisions separately.
                  January 2014

              • Securitisation — Qualitative Disclosure Requirements

                • PD-1.3.13

                  All licensees must disclose the following with respect to securitisation activities:

                  (a) The general qualitative disclosure requirement (PD-1.3.9) with respect to securitisation, including a summary of:
                  (i) The licensee's objectives in relation to its securitisation activities, including the extent to which these activities transfer credit risk of the underlying securitised exposures away from the licensee to other parties; and
                  (ii) The roles played by the licensee in the securitisation process (for example, is the licensee the originator of the underlying risks, is it an investor, is it a servicer, is it a provider of credit enhancement, is it a sponsor of an asset-backed commercial paper facility, is it a liquidity provider, or is it a swap provider?) and an indication of the licensee's involvement in each of them;
                  (b) A summary of the licensee's accounting policies for securitisation activities, including:
                  (i) Whether transactions are treated as sales or financing;
                  (ii) Recognition of gain on sale;
                  (iii) Key assumptions for valuing retained interests, including any changes since the last report and the impact of such changes; and
                  (iv) Treatment of synthetic securitisations if not covered by other accounting policies (e.g. derivatives); and
                  (c) The names of External Credit Assessment Institutions (ECAIs) used for securitisations and the type of securitisation exposure for which each agency is used.
                  January 2014

              • Securitisation — Quantitative Disclosure Requirements

                • PD-1.3.14

                  Licensees must disclose the following quantitative information with respect to securitisation activities:

                  (a) The total outstanding exposures securitised by the licensee and subject to the securitisation framework (broken down into traditional and synthetic), by exposure type. These should be categorised under bands such as credit cards, home equity, etc. Also licensees must separately report any securitisation transactions for the year of inception where they do not retain any exposure. Licensees should also clearly identify securitisations where they are acting purely as sponsors;
                  (b) Securitisations broken down by exposure type showing:
                  (i) The amount of impaired or past due assets securitised; and
                  (ii) Losses recognised by the company during the current period;
                  (c) The aggregate amount of securitisation exposures retained or purchased, broken down by exposure type; and
                  (d) Summary of current year's securitisation activity, including the amount of exposures securitised (by exposure type) and recognised gain or loss on sale by asset type.
                  January 2014

              • Operational Risk Disclosures

                • PD-1.3.15

                  All licensees must disclose the general qualitative disclosures (PD-1.3.9) and also the approach for operational risk which the licensee employs to control such risk, and disclosures of any issues considered to be individually significant.

                  January 2014

                • PD-1.3.16

                  All licensees must disclose quantitative information on any material legal contingencies including pending legal actions, and a discussion and estimate of the potential liabilities, in addition to qualitative statements about how licensees manage and control such risks.

                  January 2014

              • Compliance

                • PD-1.3.17

                  The annual report must include a declaration by the external auditor that it did not come across any violations of the requirements below during the course of its audit work that would have any material negative impact on the financial position of the licensee:

                  (a) The Bahrain Commercial Companies Law;
                  (b) The CBB Law where a violation might have had a material negative effect on the business of the licensee or on its financial position;
                  (c) The Regulations and Directives issued by the CBB, including Volume 6 (Capital Markets); and
                  (d) The Rulebook of the licensed exchange and associated Resolutions, Rules and Procedures.
                  January 2014

                • PD-1.3.18

                  The annual report must disclose the amount of any penalties paid to the CBB during the period of the report together with a factual description of the reason(s) given by the CBB for the penalty (see Module EN). Licensees which fail to comply with this requirement will be required to make the disclosure in the annual audited financial statements of the subsequent year and will be subject to enforcement action for non-disclosure.

                  Amended: October 2019
                  January 2014

            • PD-1.4 PD-1.4 Additional Disclosure in the Annual Audited Financial Statements of Licensees Listed on a Licensed Exchange

              • PD-1.4.1

                The content of this Section is applicable only to licensees listed on a licensed exchange.

                January 2014

              • PD-1.4.2

                The disclosure requirements set out in this Section for listed licensees referred to under Paragraph PD-1.4.1 are in addition to those set out in Section PD-1.3.

                January 2014

              • Interests of Approved Persons

                • PD-1.4.3

                  Without prejudice to any other requirement of Bahrain law (or any other direction of the CBB), the Directors' Report Section of the annual audited financial statements of listed licensees should contain details of the interests of approved persons in the shares of such licensees. Such details should include:

                  (a) Total interests in the shares of listed licensees by approved persons; and
                  (b) Changes in such interests from the previous financial year to the current financial year.
                  January 2014

                • PD-1.4.4

                  For the purpose of the disclosure required under Paragraph PD-1.4.3, any interests in the shares of a listed licensee held by the connected person(s) of an approved person, or any other person the control of whose interests in such shares lies ultimately with the approved person, shall be deemed to be the interests of the relevant approved person. For a definition of 'interest in the shares', see Paragraph PD-1.1.2(a).

                  January 2014

            • PD-1.5 PD-1.5 Press Release on Annual Results

              • PD-1.5.1

                Where a licensee chooses to issue a narrative press release in conjunction with or in relation to the publication of its audited annual financial statements as required under Paragraph PD-1.2.3, the press release must indicate the net income for the last quarter.

                January 2014

          • PD-2 PD-2 Quarterly Disclosure Requirements

            • PD-2.1 PD-2.1 Publication of Reviewed (Unaudited) Quarterly/Semi-Annual Financial Statements for Licensees

              • PD-2.1.1

                Licensees that are listed companies must prepare reviewed (unaudited) quarterly financial statements in accordance with IFRS and/or AAOIFI (for sharia-compliant licensees) for the first three quarters of their financial year.

                January 2014

              • PD-2.1.2

                [This Paragraph was deleted in April 2014.]

                Deleted: April 2014
                January 2014

              • PD-2.1.3

                Licensees' unaudited financial statements must be reviewed by their external auditor who must also make a statement regarding the results of such review. Such review and statement should be made in accordance with the applicable International Standard on Review Engagements.

                January 2014

              • PD-2.1.4

                Extracts from the reviewed financial statements (including at a minimum the balance sheet, the statements of income, the cash flow, changes in equity and where applicable, the statement of comprehensive income) must be published in one Arabic and one English daily newspaper widely available in Bahrain and on the licensee's website within forty-five calendar days of the end of the period to which such statements relate.

                January 2014

              • PD-2.1.5

                Licensees must submit a newspaper copy of the statements (referred to under Paragraph PD-2.1.4) to the CBB within two business days of publication. The copy should be accompanied by a letter clearly showing on which date and in which publication(s) the statements were published.

                January 2014

              • Additional Requirements for Semi Annual Disclosures

                • PD-2.1.6

                  In addition to the requirements of Paragraphs PD-2.1.1 to PD-2.1.5 above, licensees must make all the quantitative disclosures required by Section PD-1.3 with their half-yearly financial statements on their website.

                  January 2014

            • PD-2.2 PD-2.2 Special Arrangements for Newly-Established Licensees

              • PD-2.2.1

                Newly-established licensees are not required to follow the publication requirements of Section PD-2.1 for the first three quarters of their operation or until the commencement of their second financial year of operation (whichever period is the longer).

                January 2014

              • PD-2.2.2

                After the above period has expired, all newly-established locally incorporated licensees must follow the publication requirements of Section PD-2.1. Newly-established licensees must follow the requirements for annual reporting.

                January 2014

          • PD-3 PD-3 Other Public Disclosure Requirements

            • PD-3.1 PD-3.1 Press Releases Concerning Financial Statements

              • PD-3.1.1

                Licensees must obtain the CBB's prior approval before issuing any press releases regarding interim or annual financial statements. Licensees must not publish or cause to be published, any media statements until such times as CBB approval has been granted.

                January 2014

              • PD-3.1.2

                In implementing Rule PD-3.1.1, the CBB will provide the licensee with a written decision within two business days of the receipt of request for approval.

                January 2014

          • PD-4 PD-4 Corporate Governance Disclosure to Shareholders

            • PD-4.1 PD-4.1 General Requirements

              • PD-4.1.1

                In addition to the corporate governance disclosure required under Paragraph PD-1.3.5, licensees must also disclose to their shareholders the following information:

                (a) Names of shareholders owning 5% or more and, if they act in concert, a description of the voting, shareholders' or other agreements among them relating to acting in concert, and of any other direct and indirect relationships among them or with the bank licensee or other shareholders;
                (b) Information on the directorships held by the directors on other boards;
                (c) Audit fees charged by the external auditor;
                (d) Non-audit services provided by the external auditor and fees;
                (e) Reasons for any switching of auditors and reappointing of auditors; and
                (f) Conflict of Interest — any issues arising must be reported and, in addition describe any steps the board has taken or will take to ensure directors exercise independent judgment in considering transactions and agreements in respect of which a director or executive officer has a material interest.
                January 2014