• HC HC Money Changers High-Level Controls Module

    • HC-A HC-A Introduction

      • HC-A.1 HC-A.1 Purpose

        • Executive Summary

          • HC-A.1.1

            This Module contains requirements that have to be met by licencees with respect to:

            (a) The role and composition of their Boards and Board committees; and
            (b) Related high-level controls and policies.
            October 2010

          • HC-A.1.2

            These requirements specify minimum good practice standards, with regards to the function and responsibilities of Boards, their composition and size, and required standards of attendance and frequency of meetings. It also specifies basic requirements with respect to establishing policies and procedures that address the segregation of duties, internal audit and compliance arrangements, and the licensee's approach to remuneration and corporate ethics.

            October 2010

          • HC-A.1.3

            This Module supplements various provisions relating to corporate governance contained in Legislative Decree No. 21 of 2001, with respect to promulgating the Commercial Companies Law ('Commercial Companies Law 2001'). In case of conflict, the Commercial Companies Law shall prevail. Compliance with this Module does not guarantee compliance with the Commercial Companies Law.

            October 2010

        • Legal Basis

          • HC-A.1.4

            This Module contains the Central Bank of Bahrain's ('CBB') Directive (as amended from time to time) regarding High-level Control requirements applicable to licensees, and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). Requirements regarding Money Changer licensees are also included in the Regulation Organising Money Changing Business, issued in 1994 and included in this Module.

            Amended: January 2011
            October 2010

          • HC-A.1.5

            For an explanation of the CBB's rule-making powers and different regulatory instruments, see section UG-1.1.

            October 2010

      • HC-A.2 HC-A.2 Module History

        • Evolution of the Module

          • HC-A.2.1

            This Module was first issued in October 2010. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG-3 provides further details on Rulebook maintenance and version control.

          • HC-A.2.2

            A list of recent changes made to this Module is provided below:

            Module Ref. Change Date Description of Changes
            HC-A.1.4 01/2011 Clarified legal basis.
            Module HC 04/2016 Module updated to be in line, where applicable, to other Volumes of the CBB Rulebook.
            HC-2.3 and HC-2.4 07/2016 Clarified application of Rules for overseas licensees.
            HC-1.1.5 01/2020 Amended Paragraph on policy and procedures approval.
            HC-4.2 04/2020 Added a new Section on Standard for all Remuneration.
            HC-4.2.1 04/2020 Added a new Paragraph on KPIs compliance with AML/CFT requirements.

        • Superseded Requirements

          • HC-A.2.3

            This Module supersedes the following provisions contained in circulars or other regulatory requirements:

            Document Ref. Document Subject
            BSD/D(111)3179 Regarding nomination of Senior Liaison Officer.
            BC/11/98 Appointment of Approved Persons
            October 2010

        • Monitoring and Enforcement of Module HC

          • HC-A.2.4

            Disclosure and transparency are underlying principles of Module HC. Disclosure is crucial to allow outside monitoring of functions effectively. This Module looks to a combined monitoring system relying on the Board, the money changer licensee's shareholders and the CBB.

            April 2016

          • HC-A.2.5

            It is the Board's responsibility to see to the accuracy and completeness of the money changer licensee's corporate governance guidelines and compliance with Module HC. Failure to comply with this Module is subject to enforcement measures as outlined in Module EN (Enforcement).

            April 2016

    • HC-B HC-B Scope of Application

      • HC-B.1 HC-B.1 Scope of Application

        • HC-B.1.1

          The content of this Module applies to all Money Changer licensees authorised in the Kingdom of Bahrain, thereafter referred to in this Module as licensees.

          October 2010

    • HC-1 HC-1 The Board

      • HC-1.1 HC-1.1 Functions and Responsibilities

        • General Requirements

          • HC-1.1.1

            Licensees must have a Board of Directors ('the Board').

            Amended: April 2016
            October 2010

          • HC-1.1.1A

            The directors are ultimately accountable and responsible both individually and collectively for performing these responsibilities and must have sufficient expertise as a Board to understand the important issues relating to operation and control of the licensee. Although the Board may delegate certain functions to committees or management, it may not delegate its ultimate responsibility to ensure that an adequate, effective, comprehensive and transparent corporate governance framework is in place. This statement must be clearly communicated to Board members and senior management.

            April 2016

          • HC-1.1.2

            To discharge its responsibility effectively, a Board typically delegates various functions and tasks, for instance to Board sub-committees, management and other employees. When it delegates, the Board nonetheless retains ultimate responsibility for the performance of those functions and tasks.

            October 2010

          • HC-1.1.2A

            The licensee should have a written appointment agreement with each director which recites the directors' powers and duties and other matters relating to his appointment including his term, the time commitment envisaged, the committee assignment if any, his remuneration and expense reimbursement entitlement, and his access to independent professional advice when that is needed.

            April 2016

        • Specific Requirements

          • HC-1.1.3

            The Board must establish and maintain a statement of its responsibilities, defining its functions and tasks and those delegated to Board sub-committees and senior management. This statement must be clearly communicated to Board members and senior management.

            October 2010

          • HC-1.1.4

            For the purposes of HC-1.1.3, the CBB expects licensees to maintain detailed mandates for Boards and sub-committees. These mandates should be reviewed periodically by the Board. Depending on the size and complexity of the licensee concerned, the CBB also expects the Board to operate appropriate sub-committees.

            Amended: April 2016
            October 2010

          • HC-1.1.5

            The Board must approve and review at least annually the licensee's:

            (a) Strategic plans;
            (b) Management structure and responsibilities; and
            (c) Systems and controls framework (including its policies).
            Amended: January 2020
            Added: October 2010

          • HC-1.1.6

            The Board must also regularly review:

            (a) The licensee's implementation of its strategy and operational performance;
            (b) The performance of its executive management; and
            (c) The level of risk.
            October 2010

          • HC-1.1.7

            The Board must set out clearly and review on a regular basis who has authority to commit the licensee to contractual obligations. The Board must set a materiality threshold so that contractual obligations above this set threshold are regularly reported to the Board. In setting the materiality threshold, the Board must consider the financial impact the contractual obligations may have in relation to its capital.

            October 2010

          • HC-1.1.8

            The Board must must establish and disseminate to employees policies and processes for the identification, reporting and prevention or management of potential conflicts of interest, including matters such as:

            (a) Related party transactions;
            (b) The misuse of the licensee's assets; and
            (c) The use of privileged information for personal advantage ('insider trading').
            Amended: April 2016
            October 2010

          • HC-1.1.9

            The Board and its members must act with honesty, integrity, due skill and care, and in the best interests of the licensee, its shareholders and customers.

            October 2010

          • HC-1.1.10

            In assessing compliance with Paragraph HC-1.1.9, the CBB will take into account all actions of the Board and its members. The interest of the licensee includes the licensee's continued compliance with all relevant rules and regulations, and the interests of employees, customers and other stakeholders. The interest of shareholders includes the current and future value of the licensee, its status as a going concern, transparency and disclosure of information to the market.

            October 2010

          • HC-1.1.11

            The Board must oversee the process of disclosure to all stakeholders. The Board must ensure that the licensee's communications are fair, transparent, comprehensive and timely.

            October 2010

          • HC-1.1.12

            The CBB expects the Board to have effective policies and processes in place for:

            (a) Approving and reviewing at least annually the overall business performance and strategy for the licensee;
            (b) Causing financial statements to be prepared which accurately disclose the licensee's financial position;
            (c) Ensuring a formal and transparent Board nomination process;
            (d) Convening and preparing the agenda for shareholder meetings;
            (e) Monitoring conflicts of interest and preventing abusive related party transactions;
            (f) Appointing senior managers, after assessing that they have the necessary integrity, technical and managerial competence, and experience;
            (g) Overseeing succession planning, and minimizing undue reliance on key individuals;
            (d) Reviewing key senior management and Board remuneration packages and ensuring such packages are consistent with the corporate values and strategy of the licensee and encourage prudent risk taking;
            (e) Monitoring and evaluating management's performance in implementing agreed strategy and business plans, and ensuring appropriate resources are available; and
            (f) Approving budgets and reviewing performance against those budgets.
            Amended: April 2016
            October 2010

          • HC-1.1.13

            In assessing the systems and controls framework (see Paragraph HC-1.1.5), the CBB would expect the Board to be able to demonstrate that the licensee's operations, individually and collectively:

            (a) Are measured, monitored and controlled by appropriate, effective and prudent risk management systems commensurate with the scope of the licensee's activities. These should pro-actively identify as well as monitor risk. The systems should produce information on a timely basis, and in a form and quality appropriate to the needs of the different recipients;
            (b) Are supported by an appropriate control environment. The risk management and financial reporting functions must be independent of business lines and must be run by individuals not involved with the day-to-day running of the various business areas; and
            (c) Make effective use of the work of internal and external auditors. The internal audit function should be independent of the senior management, reporting to the Board. The Board should ensure that the external audit firm and its partners are truly independent of the licensee and have no financial or other relationship with the licensee. Audit findings should be used as an independent check on the information received from management about the licensee's operations and performance and the effectiveness of internal controls.
            Amended: April 2016
            October 2010

      • HC-1.2 HC-1.2 Composition

        • HC-1.2.1

          The Memorandum and Articles of Association of licensees must adequately set out procedures for the appointment, removal and retirement of Directors.

          October 2010

        • HC-1.2.2

          These should, amongst other things, include procedures for removing Directors in case of non-attendance or other failure to discharge properly their responsibilities as company Directors.

          October 2010

        • HC-1.2.2A

          The Board should have a minimum of 3 members, as agreed with the CBB.

          April 2016

        • HC-1.2.3

          To fulfil its responsibilities outlined in Section HC-1.1, the Board of licensees must periodically assess its composition and size and, where appropriate, reconstitute itself and its committees by selecting new Directors to replace long-standing members or those members whose contributions to the licensee or its committees is not adequate.

          October 2010

        • HC-1.2.4

          The Board must ensure that collectively it has sufficient expertise to understand the important issues relating to the operation and control of its company.

          October 2010

        • HC-1.2.5

          It is not expected that every Board member is proficient in all areas, but collectively the Board is expected to have the required expertise. There should also be agreed upon procedures by the Board for Directors to take independent advice if necessary at the licensee's expense. CBB also expects Board members to undertake relevant training on a regular basis to help them fulfill their responsibilities as Directors.

          October 2010

        • HC-1.2.6

          The appointment of Board members is conditional on the approval of the CBB. (See Section AU-1.2).

          October 2010

        • HC-1.2.7

          A Board member may have a maximum of two Directorships of financial institutions inside Bahrain. However, two Directorships of licensees within the same type of licensees would not be permitted. Licensees may approach the CBB for exemption from this limit where the Directorships concern financial institutions within the same group.

          Amended: April 2016
          October 2010

        • HC-1.2.8

          Unless otherwise agreed with the CBB, the chairman and/or deputy chairman must not be the same person as the CEO or general manager.

          April 2016

      • HC-1.3 HC-1.3 Meetings and Attendance

        • HC-1.3.1

          The Board must meet sufficiently often to enable it to discharge its responsibilities effectively, taking into account the licensee's scale and complexity.

          October 2010

        • HC-1.3.2

          The CBB expects that the scale and complexity of most licensees will require meetings to be held at least quarterly. For the larger, most complex licensees, more frequent Board meetings may be more appropriate.

          October 2010

        • HC-1.3.2A

          The Board must meet frequently but in no event less than four times a year. All directors must attend the meetings whenever possible and the directors must maintain informal communication between meetings.

          April 2016

        • HC-1.3.2B

          Individual board members must attend at least 75% of all Board meetings in a given financial year to enable the Board to discharge its responsibilities effectively (see table below). Voting and attendance proxies for board meetings are prohibited at all times.

          Meetings per year 75% Attendance requirement
          4 3
          5 4
          6 5
          7 5
          8 6
          9 7
          10 8
          April 2016

        • HC-1.3.2C

          The absence of Board members at Board and committee meetings must be noted in the meeting minutes. In addition, Board attendance percentage must be reported during any general assembly meeting when Board members stand for re-election (e.g. Board member XYZ attended 95% of scheduled meetings this year).

          April 2016

        • HC-1.3.2D

          In the event that a Board member has not attended at least 75% of Board meetings in any given financial year, the licensee must immediately notify the CBB indicating which member has failed to satisfy this requirement, his level of attendance and any mitigating circumstances affecting his non-attendance. The CBB shall then consider the matter and determine whether disciplinary action, including disqualification of that Board member pursuant to Article 65 of the CBB Law, is appropriate. Unless there are exceptional circumstances, it is likely that the CBB will take disciplinary action.

          April 2016

        • HC-1.3.2E

          Board members are reminded that non attendance at board meetings does not absolve them of their responsibilities as directors. It is important that each individual director should allocate adequate time and effort to discharge his responsibilities. All Directors are expected to contribute actively to the work of the Board in order to discharge their responsibilities and should make every effort to attend board meetings where major issues are to be discussed. In instances where telephonic or videoconference meetings are held, licensees are encouraged to amend their Articles of Association to provide for such meetings. Participation in board meetings by means of video or telephone conferencing is regarded as attendance and may be recorded as such.

          April 2016

        • HC-1.3.3

          Board rules must require members to step down if they are not actively participating in Board meetings.

          October 2010

        • HC-1.3.4

          The CBB expects Board members who fail to attend at least three-quarters of all Board meetings in any twelve-month period to step down, unless the Board is able to satisfy the CBB that there are valid reasons for the Director concerned to remain a Board member.

          October 2010

        • HC-1.3.5

          At least half the Board meetings of licensees in any twelve-month period must be held in the Kingdom of Bahrain.

          October 2010

        • HC-1.3.5A

          The chairman must ensure that all directors receive an agenda, minutes of prior meetings, and adequate background information in writing before each Board meeting and when necessary between meetings. All directors must receive the same Board information. At the same time, directors have a legal duty to inform themselves and they must ensure that they receive adequate and timely information and must study it carefully.

          April 2016

        • HC-1.3.6

          The Board must maintain adequate records of its meetings, such that key decisions and how they are arrived at can be traced.

          Amended: April 2016
          October 2010

      • HC-1.4 HC-1.4 Directors' Communication with Management

        • HC-1.4.1

          The Board must encourage participation by management regarding matters the Board is considering, and also by management members who by reason of responsibilities or succession, the CEO or general manager (as the case may be) believes should have exposure to the directors.

          April 2016

    • HC-2 HC-2 Approved Persons Loyalty

      • HC-2.1 HC-2.1 Personal Accountability

        • HC-2.1.1

          The Board and its members must act with honesty, integrity, due skill and care, and in the best interests of the licensee, its shareholders and clients.

          Amended: April 2016
          October 2010

        • HC-2.1.2

          In assessing compliance with Paragraph HC-2.2.1, the CBB will take into account all actions of the Board and its members. The interest of the licensee includes the licensee's continued compliance with all relevant rules and regulations, and the interests of employees, clients and other stakeholders. The interest of shareholders includes the current and future value of the licensee, its status as a going concern, transparency and disclosure of information to the market. The interest of clients includes ensuring that the licensee fulfils its obligations under its terms of business and treats all clients fairly and pays equal regard to the interests of all clients.

          Amended: April 2016
          October 2010

        • HC-2.1.3

          Each member of the board must understand that under the Company Law he is personally accountable to the licensee and the shareholders if he violates his legal duty of loyalty to the licensee, and that he can be personally sued by the licensee or the shareholders for such violations.

          Amended: April 2016
          October 2010

        • HC-2.1.4

          The duty of loyalty includes a duty not to use property of the licensee for his personal needs as though it was his own property, not to disclose confidential information of the licensee or use it for his personal profit, and to serve the licensee's interest in any transactions with the company in which he has a personal interest.

          April 2016

        • HC-2.1.5

          For purposes of Paragraph HC-2.1.4, an approved person is considered to have a "personal interest" in a transaction with the company if:

          (a) He himself;
          (b) A member of his family (i.e. spouse, father, mother, sons, daughters, brothers or sisters); or
          (c) Another company of which he is a director or controller,

          is a party to the transaction or has a material financial interest in the transaction. (Transactions and interests which are de minimis in value should not be included.)

          April 2016

        • HC-2.1.6

          A licensee's Board must establish and disseminate to all employees of the licensee a corporate code of conduct.

          April 2016

        • HC-2.1.7

          The code of conduct must establish standards by giving examples or expectations as regards:

          (a) Honesty;
          (b) Integrity;
          (c) The avoidance or disclosure of conflicts of interest;
          (d) Maintaining confidentiality;
          (e) Professionalism;
          (f) Commitment to the law and best practices; and
          (g) Reliability.
          April 2016

        • HC-2.1.8

          A Board must ensure that policies and procedures are in place to ensure that necessary customer confidentiality is maintained.

          April 2016

      • HC-2.2 HC-2.2 Segregation of Duties/Avoidance of Conflicts of Interest

        • HC-2.2.1

          Licensees must maintain an organisational structure that segregates duties in order to minimise the risk of conflicts of interest arising.

          Amended: April 2016
          October 2010

        • HC-2.2.2

          Each approved person must make every practicable effort to arrange his personal and business affairs to avoid a conflict of interest with the licensee.

          Amended: April 2016
          October 2010

        • HC-2.2.3

          Board members must absent themselves from any discussion or decision-making that involves a subject where they are incapable of providing objective advice, or which involves a subject, transaction or proposed transaction where there is a potential conflict of interest.

          Amended: April 2016
          October 2010

      • HC-2.3 HC-2.3 Disclosure of Conflicts of Interest

        • HC-2.3.1

          Each approved person must inform the entire Board of conflicts of interest as they arise. Board members must abstain from voting on the matter in accordance with the relevant provisions of the Company Law. This disclosure must include all material facts in the case of a contract or transaction involving the approved person. The approved persons must understand that any approval of a conflict transaction is effective only if all material facts are known to the authorising persons and the conflicted person did not participate in the decision.

          Amended: April 2016
          October 2010

        • HC-2.3.2

          Board members must declare annually in writing all of their interests (and those of their family) in other enterprises or activities (whether as a Director, shareholder, senior executive or other form of participation) to the Board (or appropriate Board sub-Committee).

          Amended: April 2016
          October 2010

        • HC-2.3.3

          Bahraini licensees must have in place a board approved policy on the employment of relatives of approved persons and a summary of such policy must be disclosed in the annual report of the Bahraini licensee.

          Amended: July 2016
          Amended: April 2016
          October 2010

        • HC-2.3.4

          Overseas licensees must have in place a policy on the employment of relatives of approved persons pertaining to their Bahrain operations.

          Added: July 2016

      • HC-2.4 HC-2.4 Disclosure of Conflicts of Interest to Shareholders

        • HC-2.4.1

          The licensee must disclose to its shareholders in the Annual Report any abstention from voting motivated by a conflict of interest and must disclose to its shareholders any authorisation of a conflict of interest contract or transaction in accordance with the Company Law.

          Amended: April 2016
          October 2010

        • HC-2.4.2

          The chief executive/general manager of the Bahraini licensee must disclose to the board of directors on an annual basis those individuals who are occupying controlled functions and who are relatives of any approved persons within the Bahraini licensee.

          Amended: July 2016
          Amended: April 2016
          October 2010

        • HC-2.4.3

          The chief executive/general manager of the overseas licensees must disclose to a designated officer at its head office or regional manager on an annual basis those individuals who are occupying controlled functions and who are relatives of any approved persons within the overseas licensee.

          Added: July 2016

    • HC-3 HC-3 Financial Statements Certification

      • HC-3.1 HC-3.1 Internal Control

        • HC-3.1.1

          The Board must have rigorous controls for financial audit and reporting, internal control, and compliance with law.

          April 2016

        • HC-3.1.2

          To encourage management accountability for the financial statements required by the directors, the licensee's CEO or general manager and chief financial officer must state in writing to the Board as a whole that the licensee's interim and annual financial statements present a true and fair view, in all material respects, of the licensee's financial condition and results of operations in accordance with applicable accounting standards.

          April 2016

    • HC-4 HC-4 Remuneration

      • Alignment of All Staff Remuneration with Compliance with AML/CFT Requirements

        • HC-4.2.1

          The performance evaluation and remuneration of senior management and staff of the licensee must be based on the achievement of the Key Performance Indicators (KPIs) relevant to ensuring compliance with AML/CFT requirements as specified in Paragraphs FC-2.1.3 and FC-2.1.4.

          Added: April 2020

      • HC-4.1 HC-4.1 Remuneration Policies

        • HC-4.1.1

          The review of Directors' remuneration must be a standing item on the licensee's Annual General Meeting agenda, and must be considered by shareholders at every Annual General Meeting. Directors' remuneration (including pension and severance arrangements) and bonuses must be clearly disclosed in the annual financial statements.

          April 2016

        • HC-4.1.2

          Directors' remuneration should also comply with all applicable laws, such as Legislative Decree No. 21 of 2001 (and its amendments), with respect to promulgating the Commercial Companies Law.

          April 2016

      • HC-4.2 Standard for all Remuneration

    • HC-5 HC-5 Management Structure

      • HC-5.1 HC-5.1 Establishment of Management Structure

        • HC-5.1.1

          The Board must approve and review at least annually the licensee's management structure and responsibilities.

          April 2016

        • HC-5.1.2

          The Board must appoint senior management whose authority must include management and operation of current activities of the licensee, reporting to and under the direction of the Board. The senior managers must include at a minimum:

          (a) A CEO or general manager;
          (b) A chief financial officer;
          (c) An internal auditor (see HC-5.4 and AU-1.2); and
          (d) A compliance officer (see HC-5.5 and AU-1.2).

          and must also include such other approved persons as the Board considers appropriate and as a minimum must include persons occupying controlled functions as outlined in Paragraph AU-1.2.2.

          April 2016

        • HC-5.1.3

          The licensee may appoint a corporate secretary. Whenever practical, the corporate secretary should be a person with legal or similar professional experience and training. The corporate secretary's duties include:

          (a) Arranging, recording and following up on the actions, decisions and meetings of the Board and of the shareholders (both at annual and extraordinary meetings) in books to be kept for that purpose; and
          (b) Reviewing the licensee's procedures and advising the Board directly on such matters.
          April 2016

      • HC-5.2 HC-5.2 Titles, Authorities, Duties and Reporting Responsibilities

        • HC-5.2.1

          Licensees must maintain clearly documented and communicated staff responsibilities and reporting lines.

          April 2016

        • HC-5.2.2

          For the purposes of Rule HC-5.2.1, licensees should maintain and document their delegated authority structure as well as written terms of reference for staff positions.

          April 2016

        • HC-5.2.3

          The Board must adopt by-laws prescribing each senior manager's title, authorities, duties and internal reporting responsibilities. This must be done in consultation with the CEO or general manager, to whom the other senior managers should normally report.

          April 2016

        • HC-5.2.4

          These provisions must include but should not be limited to the following:

          (a) The CEO or general manager must have authority to act generally in the licensee's name, representing the licensee's interests in concluding transactions on the licensee's behalf and giving instructions to other senior managers and licensee employees;
          (b) The chief financial officer must be responsible and accountable for:
          (i) The complete, timely, reliable and accurate preparation of the licensee's financial statements, in accordance with the accounting standards and policies of the licensee (see HC-3.1.2); and
          (ii) Presenting the Board with a balanced and understandable assessment of the licensee's financial situation;
          (c) The internal auditor's (see HC-5.4) duties must include providing an independent and objective review of the efficiency of the licensee's operations. This would include a review of the accuracy and reliability of the licensee's accounting records and financial reports as well as a review of the adequacy and effectiveness of the licensee's risk management, control, and governance processes; and
          (d) The compliance officer's (see HC-5.5) duties include maintaining effective systems and controls for compliance with applicable requirements in the Kingdom's legislation and those set by the CBB, and those established under any other statute or regulator to which they are subject.
          April 2016

        • HC-5.2.5

          The Board should also specify any limits which it wishes to set on the authority of the CEO or general manager or other senior managers, such as monetary maximums for transactions which they may authorize without separate Board approval.

          April 2016

        • HC-5.2.6

          At least annually the Board shall review and concur in a succession plan addressing the policies and principles for selecting a successor to the CEO or general manager, both in emergencies and in the normal course of business. The succession plan should include an assessment of the experience, performance, skills and planned career paths for possible successors to the CEO or general manager.

          April 2016

      • HC-5.3 HC-5.3 Chief Executive/General Manager

        • HC-5.3.1

          Licensees must appoint a person to undertake the function of Chief Executive or General Manager.

          April 2016

        • HC-5.3.2

          The Chief Executive or General Manager (as appropriate), is responsible for the executive management and performance of the licensee, within the framework of delegated authorities set by the Board. The function of Chief Executive or General Manager is a controlled function, and the person nominated to that post therefore requires prior CBB approval (see Module AU (Authorisation)).

          April 2016

        • HC-5.3.3

          Residency requirements apply to Chief Executives and General Managers (see Section AU-2.2.)

          April 2016

      • HC-5.4 HC-5.4 Internal Audit

        • HC-5.4.1

          Unless otherwise agreed with the CBB, licensees must establish an internal audit function to monitor the adequacy of their systems and controls.

          April 2016

        • HC-5.4.2

          The CBB would normally expect larger licensees to maintain the internal audit function within the organisation. The CBB will however consider allowing small licensees to outsource part or all of their internal audit function to third party providers.

          April 2016

        • HC-5.4.3

          Licensees may outsource part or all of their internal audit function, after obtaining the prior approval of the CBB. The outsourcing arrangements must provide for an adequate level of scrutiny of the licensee, and must comply with the requirements contained in Section RM-2.4. A licensee cannot outsource its internal audit function to its external auditor.

          April 2016

        • HC-5.4.4

          Prior approval from the CBB is required for significant outsourcing arrangements, including all outsourcing of internal audit. Note that in all such cases, the licensee retains ultimate responsibility for the adequacy of its outsourcing function, and is required to identify the person within the licensee responsible for internal audit: this person should be an approved person (see Section AU-1.2 and Chapter RM-2).

          April 2016

        • HC-5.4.5

          Internal audit functions must have terms of reference that clearly indicate:

          (a) The scope and frequency of audits;
          (b) Reporting lines; and
          (c) The review and approval process applied to audits.
          April 2016

        • HC-5.4.6

          Paragraph HC-5.4.5 applies irrespective of whether the internal audit function is outsourced. Where it is outsourced, the CBB would expect to see these matters addressed in the contract with the outsourcing provider.

          April 2016

        • HC-5.4.7

          Internal audit functions must report directly to the Board. They must have unrestricted access to all the appropriate records of the licensee. They must have open and regular access to the Board, the Chief Executive or general manager, and the licensee's external auditor.

          April 2016

        • HC-5.4.8

          Internal audit functions must have adequate staff levels with appropriate skills and knowledge, such that they can act as an effective challenge to the business. Where the function is not outsourced, the head of function should be a senior and experienced employee. Internal audit functions must not perform other activities that compromise their independence.

          April 2016

        • HC-5.4.9

          The CBB would expect to see in place a formal audit plan that:

          (a) Is reviewed and approved at least annually by the Board;
          (b) Is risk-based, with an appropriate scoring system; and
          (c) Covers all material areas of a licensee's operations over a reasonable timescale.
          April 2016

        • HC-5.4.10

          Internal Audit reports should also be:

          (a) Clear and prioritised, with action points directed towards identified individuals;
          (b) Timely; and
          (c) Distributed to the Board and appropriate senior management.
          April 2016

        • HC-5.4.11

          Licensees should also have processes in place to deal with recommendations raised by internal audit to ensure that they are:

          (a) Dealt with in a timely fashion;
          (b) Monitored until they are settled; and
          (c) Raised with senior management if they have not been adequately dealt with.
          April 2016

      • HC-5.5 HC-5.5 Compliance

        • HC-5.5.1

          Licensees must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements in the Kingdom's legislation and those set by the CBB, and those established under any other statute or regulator to which they are subject.

          April 2016

        • HC-5.5.2

          Depending on the nature, scale and complexity of its business, a licensee should consider having a separate compliance function. A compliance function should:

          (a) Document its organisation and responsibilities;
          (b) Be appropriately staffed with competent individuals;
          (c) Have unrestricted access to the licensee's relevant records; and
          (d) Have ultimate recourse to the Board.
          April 2016

        • HC-5.5.3

          Licensees must designate an employee, of appropriate standing and resident in Bahrain, as Compliance Officer. The duties of the Compliance Officer include:

          (a) Having responsibility for oversight of the licensee's compliance with the requirements of the CBB; and
          (b) Reporting to the licensee's Board in respect of that responsibility.
          April 2016

        • HC-5.5.4

          The Compliance Officer is a controlled function and the requirements relating to approved persons must be met (see Chapter AU-1.2). If the scale and nature of the licensee's operations are limited, then the individual who performs the function of Compliance Officer may also take on other responsibilities, providing this does not create a potential conflict of interest. The compliance function may not be combined with the internal audit function or any operational function as they are incompatible and may create a conflict of interest.

          April 2016