HC HC Money Changers High-Level Controls Module
HC-A HC-A Introduction
HC-A.1 HC-A.1 Purpose
Executive Summary
HC-A.1.1
This Module contains requirements that have to be met by
licencees with respect to:(a) The role and composition of their Boards and Board committees; and(b) Related high-level controls and policies.October 2010HC-A.1.2
These requirements specify minimum good practice standards, with regards to the function and responsibilities of Boards, their composition and size, and required standards of attendance and frequency of meetings. It also specifies basic requirements with respect to establishing policies and procedures that address the segregation of duties, internal audit and compliance arrangements, and the
licensee's approach to remuneration and corporate ethics.October 2010HC-A.1.3
This Module supplements various provisions relating to corporate governance contained in Legislative Decree No. 21 of 2001, with respect to promulgating the Commercial Companies Law ('Commercial Companies Law 2001'). In case of conflict, the Commercial Companies Law shall prevail. Compliance with this Module does not guarantee compliance with the Commercial Companies Law.
October 2010Legal Basis
HC-A.1.4
This Module contains the Central Bank of Bahrain's ('CBB') Directive (as amended from time to time) regarding High-level Control requirements applicable to
licensees , and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). Requirements regardingMoney Changer licensees are also included in the Regulation Organising Money Changing Business, issued in 1994 and included in this Module.Amended: January 2011
October 2010HC-A.1.5
For an explanation of the CBB's rule-making powers and different regulatory instruments, see section UG-1.1.
October 2010HC-A.2 HC-A.2 Module History
Evolution of the Module
HC-A.2.1
This Module was first issued in October 2010. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG-3 provides further details on Rulebook maintenance and version control.
HC-A.2.2
A list of recent changes made to this Module is provided below:
Module Ref. Change Date Description of Changes HC-A.1.4 01/2011 Clarified legal basis. Module HC 04/2016 Module updated to be in line, where applicable, to other Volumes of the CBB Rulebook. HC-2.3 and HC-2.4 07/2016 Clarified application of Rules for overseas licensees. HC-1.1.5 01/2020 Amended Paragraph on policy and procedures approval. HC-4.2 04/2020 Added a new Section on Standard for all Remuneration. HC-4.2.1 04/2020 Added a new Paragraph on KPIs compliance with AML/CFT requirements. Superseded Requirements
HC-A.2.3
This Module supersedes the following provisions contained in circulars or other regulatory requirements:
Document Ref. Document Subject BSD/D(111)3179 Regarding nomination of Senior Liaison Officer. BC/11/98 Appointment of Approved Persons October 2010Monitoring and Enforcement of Module HC
HC-A.2.4
Disclosure and transparency are underlying principles of Module HC. Disclosure is crucial to allow outside monitoring of functions effectively. This Module looks to a combined monitoring system relying on the Board, the
money changer licensee's shareholders and the CBB.April 2016HC-A.2.5
It is the Board's responsibility to see to the accuracy and completeness of the
money changer licensee's corporate governance guidelines and compliance with Module HC. Failure to comply with this Module is subject to enforcement measures as outlined in Module EN (Enforcement).April 2016HC-B HC-B Scope of Application
HC-B.1 HC-B.1 Scope of Application
HC-B.1.1
The content of this Module applies to all
Money Changer licensees authorised in the Kingdom of Bahrain, thereafter referred to in this Module aslicensees .October 2010HC-1 HC-1 The Board
HC-1.1 HC-1.1 Functions and Responsibilities
General Requirements
HC-1.1.1
Licensees must have a Board ofDirectors ('the Board').Amended: April 2016
October 2010HC-1.1.1A
The directors are ultimately accountable and responsible both individually and collectively for performing these responsibilities and must have sufficient expertise as a Board to understand the important issues relating to operation and control of the
licensee . Although the Board may delegate certain functions to committees or management, it may not delegate its ultimate responsibility to ensure that an adequate, effective, comprehensive and transparent corporate governance framework is in place. This statement must be clearly communicated to Board members andsenior management .April 2016HC-1.1.2
To discharge its responsibility effectively, a Board typically delegates various functions and tasks, for instance to Board sub-committees, management and other employees. When it delegates, the Board nonetheless retains ultimate responsibility for the performance of those functions and tasks.
October 2010HC-1.1.2A
The
licensee should have a written appointment agreement with each director which recites the directors' powers and duties and other matters relating to his appointment including his term, the time commitment envisaged, the committee assignment if any, his remuneration and expense reimbursement entitlement, and his access to independent professional advice when that is needed.April 2016Specific Requirements
HC-1.1.3
The Board must establish and maintain a statement of its responsibilities, defining its functions and tasks and those delegated to Board sub-committees and senior management. This statement must be clearly communicated to Board members and senior management.
October 2010HC-1.1.4
For the purposes of HC-1.1.3, the CBB expects
licensees to maintain detailedmandates for Boards and sub-committees. Thesemandates should be reviewed periodically by the Board. Depending on the size and complexity of thelicensee concerned, the CBB also expects the Board to operate appropriate sub-committees.Amended: April 2016
October 2010HC-1.1.5
The Board must approve and review at least annually the
licensee's :(a) Strategic plans;(b) Management structure and responsibilities; and(c) Systems and controls framework (including its policies).Amended: January 2020
Added: October 2010HC-1.1.6
The Board must also regularly review:
(a) Thelicensee's implementation of its strategy and operational performance;(b) The performance of its executive management; and(c) The level of risk.October 2010HC-1.1.7
The Board must set out clearly and review on a regular basis who has authority to commit the
licensee to contractual obligations. The Board must set a materiality threshold so that contractual obligations above this set threshold are regularly reported to the Board. In setting the materiality threshold, the Board must consider the financial impact the contractual obligations may have in relation to its capital.October 2010HC-1.1.8
The Board must must establish and disseminate to employees policies and processes for the identification, reporting and prevention or management of potential conflicts of interest, including matters such as:
(a) Related party transactions;(b) The misuse of thelicensee's assets; and(c) The use of privileged information for personal advantage ('insider trading').Amended: April 2016
October 2010HC-1.1.9
The Board and its members must act with honesty, integrity, due skill and care, and in the best interests of the
licensee , itsshareholders andcustomers .October 2010HC-1.1.10
In assessing compliance with Paragraph HC-1.1.9, the CBB will take into account all actions of the Board and its members. The interest of the
licensee includes thelicensee's continued compliance with all relevant rules and regulations, and the interests of employees,customers and other stakeholders. The interest ofshareholders includes the current and future value of thelicensee , its status as a going concern, transparency and disclosure of information to the market.October 2010HC-1.1.11
The Board must oversee the process of disclosure to all stakeholders. The Board must ensure that the
licensee's communications are fair, transparent, comprehensive and timely.October 2010HC-1.1.12
The CBB expects the Board to have effective policies and processes in place for:
(a) Approving and reviewing at least annually the overall business performance and strategy for thelicensee ;(b) Causing financial statements to be prepared which accurately disclose thelicensee's financial position;(c) Ensuring a formal and transparent Board nomination process;(d) Convening and preparing the agenda for shareholder meetings;(e) Monitoring conflicts of interest and preventing abusive related party transactions;(f) Appointing senior managers, after assessing that they have the necessary integrity, technical and managerial competence, and experience;(g) Overseeing succession planning, and minimizing undue reliance on key individuals;(d) Reviewing key senior management and Board remuneration packages and ensuring such packages are consistent with the corporate values and strategy of thelicensee and encourage prudent risk taking;(e) Monitoring and evaluating management's performance in implementing agreed strategy and business plans, and ensuring appropriate resources are available; and(f) Approving budgets and reviewing performance against those budgets.Amended: April 2016
October 2010HC-1.1.13
In assessing the systems and controls framework (see Paragraph HC-1.1.5), the CBB would expect the Board to be able to demonstrate that the
licensee's operations, individually and collectively:(a) Are measured, monitored and controlled by appropriate, effective and prudent risk management systems commensurate with the scope of thelicensee's activities. These should pro-actively identify as well as monitor risk. The systems should produce information on a timely basis, and in a form and quality appropriate to the needs of the different recipients;(b) Are supported by an appropriate control environment. The risk management and financial reporting functions must be independent of business lines and must be run by individuals not involved with the day-to-day running of the various business areas; and(c) Make effective use of the work of internal and external auditors. The internal audit function should be independent of the senior management, reporting to the Board. The Board should ensure that the external audit firm and its partners are truly independent of thelicensee and have no financial or other relationship with thelicensee . Audit findings should be used as an independent check on the information received from management about thelicensee's operations and performance and the effectiveness of internal controls.Amended: April 2016
October 2010HC-1.2 HC-1.2 Composition
HC-1.2.1
The Memorandum and Articles of Association of
licensees must adequately set out procedures for the appointment, removal and retirement ofDirectors .October 2010HC-1.2.2
These should, amongst other things, include procedures for removing
Directors in case of non-attendance or other failure to discharge properly their responsibilities as companyDirectors .October 2010HC-1.2.2A
The Board should have a minimum of 3 members, as agreed with the CBB.
April 2016HC-1.2.3
To fulfil its responsibilities outlined in Section HC-1.1, the Board of
licensees must periodically assess its composition and size and, where appropriate, reconstitute itself and its committees by selecting newDirectors to replace long-standing members or those members whose contributions to thelicensee or its committees is not adequate.October 2010HC-1.2.4
The Board must ensure that collectively it has sufficient expertise to understand the important issues relating to the operation and control of its company.
October 2010HC-1.2.5
It is not expected that every Board member is proficient in all areas, but collectively the Board is expected to have the required expertise. There should also be agreed upon procedures by the Board for
Directors to take independent advice if necessary at thelicensee's expense. CBB also expects Board members to undertake relevant training on a regular basis to help them fulfill their responsibilities asDirectors .October 2010HC-1.2.6
The appointment of Board members is conditional on the approval of the CBB. (See Section AU-1.2).
October 2010HC-1.2.7
A Board member may have a maximum of two Directorships of financial institutions inside Bahrain. However, two Directorships of
licensees within the same type oflicensees would not be permitted.Licensees may approach the CBB for exemption from this limit where the Directorships concern financial institutions within the samegroup .Amended: April 2016
October 2010HC-1.2.8
Unless otherwise agreed with the CBB, the chairman and/or deputy chairman must not be the same person as the
CEO orgeneral manager .April 2016HC-1.3 HC-1.3 Meetings and Attendance
HC-1.3.1
The Board must meet sufficiently often to enable it to discharge its responsibilities effectively, taking into account the
licensee's scale and complexity.October 2010HC-1.3.2
The CBB expects that the scale and complexity of most
licensees will require meetings to be held at least quarterly. For the larger, most complexlicensees , more frequent Board meetings may be more appropriate.October 2010HC-1.3.2A
The Board must meet frequently but in no event less than four times a year. All directors must attend the meetings whenever possible and the directors must maintain informal communication between meetings.
April 2016HC-1.3.2B
Individual board members must attend at least 75% of all Board meetings in a given financial year to enable the Board to discharge its responsibilities effectively (see table below). Voting and attendance proxies for board meetings are prohibited at all times.
Meetings per year 75% Attendance requirement 4 3 5 4 6 5 7 5 8 6 9 7 10 8 April 2016HC-1.3.2C
The absence of Board members at Board and committee meetings must be noted in the meeting minutes. In addition, Board attendance percentage must be reported during any general assembly meeting when Board members stand for re-election (e.g. Board member XYZ attended 95% of scheduled meetings this year).
April 2016HC-1.3.2D
In the event that a Board member has not attended at least 75% of Board meetings in any given financial year, the
licensee must immediately notify the CBB indicating which member has failed to satisfy this requirement, his level of attendance and any mitigating circumstances affecting his non-attendance. The CBB shall then consider the matter and determine whether disciplinary action, including disqualification of that Board member pursuant to Article 65 of the CBB Law, is appropriate. Unless there are exceptional circumstances, it is likely that the CBB will take disciplinary action.April 2016HC-1.3.2E
Board members are reminded that non attendance at board meetings does not absolve them of their responsibilities as directors. It is important that each individual director should allocate adequate time and effort to discharge his responsibilities. All Directors are expected to contribute actively to the work of the Board in order to discharge their responsibilities and should make every effort to attend board meetings where major issues are to be discussed. In instances where telephonic or videoconference meetings are held,
licensees are encouraged to amend their Articles of Association to provide for such meetings. Participation in board meetings by means of video or telephone conferencing is regarded as attendance and may be recorded as such.April 2016HC-1.3.3
Board rules must require members to step down if they are not actively participating in Board meetings.
October 2010HC-1.3.4
The CBB expects Board members who fail to attend at least three-quarters of all Board meetings in any twelve-month period to step down, unless the Board is able to satisfy the CBB that there are valid reasons for the
Director concerned to remain a Board member.October 2010HC-1.3.5
At least half the Board meetings of
licensees in any twelve-month period must be held in the Kingdom of Bahrain.October 2010HC-1.3.5A
The chairman must ensure that all directors receive an agenda, minutes of prior meetings, and adequate background information in writing before each Board meeting and when necessary between meetings. All directors must receive the same Board information. At the same time, directors have a legal duty to inform themselves and they must ensure that they receive adequate and timely information and must study it carefully.
April 2016HC-1.3.6
The Board must maintain adequate records of its meetings, such that key decisions and how they are arrived at can be traced.
Amended: April 2016
October 2010HC-1.4 HC-1.4 Directors' Communication with Management
HC-1.4.1
The Board must encourage participation by management regarding matters the Board is considering, and also by management members who by reason of responsibilities or succession, the CEO or general manager (as the case may be) believes should have exposure to the directors.
April 2016HC-2 HC-2 Approved Persons Loyalty
HC-2.1 HC-2.1 Personal Accountability
HC-2.1.1
The Board and its members must act with honesty, integrity, due skill and care, and in the best interests of the
licensee , itsshareholders andclients .Amended: April 2016
October 2010HC-2.1.2
In assessing compliance with Paragraph HC-2.2.1, the CBB will take into account all actions of the Board and its members. The interest of the
licensee includes thelicensee's continued compliance with all relevant rules and regulations, and the interests of employees, clients and other stakeholders. The interest ofshareholders includes the current and future value of thelicensee , its status as a going concern, transparency and disclosure of information to the market. The interest of clients includes ensuring that thelicensee fulfils its obligations under itsterms of business and treats all clients fairly and pays equal regard to the interests of all clients.Amended: April 2016
October 2010HC-2.1.3
Each member of the board must understand that under the Company Law he is personally accountable to the
licensee and the shareholders if he violates his legal duty of loyalty to thelicensee , and that he can be personally sued by thelicensee or the shareholders for such violations.Amended: April 2016
October 2010HC-2.1.4
The duty of loyalty includes a duty not to use property of the licensee for his personal needs as though it was his own property, not to disclose confidential information of the licensee or use it for his personal profit, and to serve the licensee's interest in any transactions with the company in which he has a personal interest.
April 2016HC-2.1.5
For purposes of Paragraph HC-2.1.4, an approved person is considered to have a "personal interest" in a transaction with the company if:
(a) He himself;(b) A member of his family (i.e. spouse, father, mother, sons, daughters, brothers or sisters); or(c) Another company of which he is a director or controller,is a party to the transaction or has a material financial interest in the transaction. (Transactions and interests which are de minimis in value should not be included.)
April 2016HC-2.1.6
A
licensee's Board must establish and disseminate to all employees of thelicensee a corporate code of conduct.April 2016HC-2.1.7
The code of conduct must establish standards by giving examples or expectations as regards:
(a) Honesty;(b) Integrity;(c) The avoidance or disclosure of conflicts of interest;(d) Maintaining confidentiality;(e) Professionalism;(f) Commitment to the law and best practices; and(g) Reliability.April 2016HC-2.1.8
A Board must ensure that policies and procedures are in place to ensure that necessary customer confidentiality is maintained.
April 2016HC-2.2 HC-2.2 Segregation of Duties/Avoidance of Conflicts of Interest
HC-2.2.1
Licensees must maintain an organisational structure that segregates duties in order to minimise the risk of conflicts of interest arising.Amended: April 2016
October 2010HC-2.2.2
Each
approved person must make every practicable effort to arrange his personal and business affairs to avoid a conflict of interest with thelicensee .Amended: April 2016
October 2010HC-2.2.3
Board members must absent themselves from any discussion or decision-making that involves a subject where they are incapable of providing objective advice, or which involves a subject, transaction or proposed transaction where there is a potential conflict of interest.
Amended: April 2016
October 2010HC-2.3 HC-2.3 Disclosure of Conflicts of Interest
HC-2.3.1
Each approved person must inform the entire Board of conflicts of interest as they arise. Board members must abstain from voting on the matter in accordance with the relevant provisions of the Company Law. This disclosure must include all material facts in the case of a contract or transaction involving the approved person. The approved persons must understand that any approval of a conflict transaction is effective only if all material facts are known to the authorising persons and the conflicted person did not participate in the decision.
Amended: April 2016
October 2010HC-2.3.2
Board members must declare annually in writing all of their interests (and those of their family) in other enterprises or activities (whether as a Director, shareholder, senior executive or other form of participation) to the Board (or appropriate Board sub-Committee).
Amended: April 2016
October 2010HC-2.3.3
Bahraini licensees must have in place a board approved policy on the employment of relatives ofapproved persons and a summary of such policy must be disclosed in the annual report of theBahraini licensee .Amended: July 2016
Amended: April 2016
October 2010HC-2.3.4
Overseas licensees must have in place a policy on the employment of relatives ofapproved persons pertaining to their Bahrain operations.Added: July 2016HC-2.4 HC-2.4 Disclosure of Conflicts of Interest to Shareholders
HC-2.4.1
The
licensee must disclose to its shareholders in the Annual Report any abstention from voting motivated by a conflict of interest and must disclose to its shareholders any authorisation of a conflict of interest contract or transaction in accordance with the Company Law.Amended: April 2016
October 2010HC-2.4.2
The
chief executive /general manager of theBahraini licensee must disclose to the board of directors on an annual basis those individuals who are occupyingcontrolled functions and who are relatives of anyapproved persons within theBahraini licensee .Amended: July 2016
Amended: April 2016
October 2010HC-2.4.3
The
chief executive /general manager of theoverseas licensees must disclose to a designated officer at its head office or regional manager on an annual basis those individuals who are occupyingcontrolled functions and who are relatives of anyapproved persons within theoverseas licensee .Added: July 2016HC-3 HC-3 Financial Statements Certification
HC-3.1 HC-3.1 Internal Control
HC-3.1.1
The Board must have rigorous controls for financial audit and reporting, internal control, and compliance with law.
April 2016HC-3.1.2
To encourage management accountability for the financial statements required by the directors, the
licensee's CEO orgeneral manager and chief financial officer must state in writing to the Board as a whole that thelicensee's interim and annual financial statements present a true and fair view, in all material respects, of thelicensee's financial condition and results of operations in accordance with applicable accounting standards.April 2016HC-4 HC-4 Remuneration
Alignment of All Staff Remuneration with Compliance with AML/CFT Requirements
HC-4.1 HC-4.1 Remuneration Policies
HC-4.1.1
The review of
Directors' remuneration must be a standing item on thelicensee's Annual General Meeting agenda, and must be considered byshareholders at every Annual General Meeting.Directors' remuneration (including pension and severance arrangements) and bonuses must be clearly disclosed in the annual financial statements.April 2016HC-4.1.2
Directors' remuneration should also comply with all applicable laws, such as Legislative Decree No. 21 of 2001 (and its amendments), with respect to promulgating the Commercial Companies Law.April 2016HC-4.2 Standard for all Remuneration
HC-5 HC-5 Management Structure
HC-5.1 HC-5.1 Establishment of Management Structure
HC-5.1.1
The Board must approve and review at least annually the
licensee's management structure and responsibilities.April 2016HC-5.1.2
The Board must appoint
senior management whose authority must include management and operation of current activities of thelicensee , reporting to and under the direction of the Board. Thesenior managers must include at a minimum:(a) ACEO orgeneral manager ;(b) A chief financial officer;(c) An internal auditor (see HC-5.4 and AU-1.2); and(d) A compliance officer (see HC-5.5 and AU-1.2).and must also include such other
approved persons as the Board considers appropriate and as a minimum must include persons occupyingcontrolled functions as outlined in Paragraph AU-1.2.2.April 2016HC-5.1.3
The
licensee may appoint a corporate secretary. Whenever practical, the corporate secretary should be a person with legal or similar professional experience and training. The corporate secretary's duties include:(a) Arranging, recording and following up on the actions, decisions and meetings of the Board and of the shareholders (both at annual and extraordinary meetings) in books to be kept for that purpose; and(b) Reviewing thelicensee's procedures and advising the Board directly on such matters.April 2016HC-5.2 HC-5.2 Titles, Authorities, Duties and Reporting Responsibilities
HC-5.2.1
Licensees must maintain clearly documented and communicated staff responsibilities and reporting lines.April 2016HC-5.2.2
For the purposes of Rule HC-5.2.1,
licensees should maintain and document their delegated authority structure as well as written terms of reference for staff positions.April 2016HC-5.2.3
The Board must adopt by-laws prescribing each
senior manager's title, authorities, duties and internal reporting responsibilities. This must be done in consultation with theCEO orgeneral manager , to whom the othersenior managers should normally report.April 2016HC-5.2.4
These provisions must include but should not be limited to the following:
(a) TheCEO orgeneral manager must have authority to act generally in thelicensee's name, representing thelicensee's interests in concluding transactions on thelicensee's behalf and giving instructions to othersenior managers andlicensee employees;(b) The chief financial officer must be responsible and accountable for:(i) The complete, timely, reliable and accurate preparation of thelicensee's financial statements, in accordance with the accounting standards and policies of thelicensee (see HC-3.1.2); and(ii) Presenting the Board with a balanced and understandable assessment of thelicensee's financial situation;(c) The internal auditor's (see HC-5.4) duties must include providing an independent and objective review of the efficiency of thelicensee's operations. This would include a review of the accuracy and reliability of thelicensee's accounting records and financial reports as well as a review of the adequacy and effectiveness of thelicensee's risk management, control, and governance processes; and(d) The compliance officer's (see HC-5.5) duties include maintaining effective systems and controls for compliance with applicable requirements in the Kingdom's legislation and those set by the CBB, and those established under any other statute or regulator to which they are subject.April 2016HC-5.2.5
The Board should also specify any limits which it wishes to set on the authority of the
CEO orgeneral manager or othersenior managers , such as monetary maximums for transactions which they may authorize without separate Board approval.April 2016HC-5.2.6
At least annually the Board shall review and concur in a succession plan addressing the policies and principles for selecting a successor to the
CEO orgeneral manager , both in emergencies and in the normal course of business. The succession plan should include an assessment of the experience, performance, skills and planned career paths for possible successors to theCEO orgeneral manager .April 2016HC-5.3 HC-5.3 Chief Executive/General Manager
HC-5.3.1
Licensees must appoint a person to undertake the function ofChief Executive orGeneral Manager .April 2016HC-5.3.2
The
Chief Executive orGeneral Manager (as appropriate), is responsible for the executive management and performance of thelicensee , within the framework of delegated authorities set by the Board. The function ofChief Executive orGeneral Manager is acontrolled function , and the person nominated to that post therefore requires prior CBB approval (see Module AU (Authorisation)).April 2016HC-5.3.3
Residency requirements apply to
Chief Executives andGeneral Managers (see Section AU-2.2.)April 2016HC-5.4 HC-5.4 Internal Audit
HC-5.4.1
Unless otherwise agreed with the CBB,
licensees must establish an internal audit function to monitor the adequacy of their systems and controls.April 2016HC-5.4.2
The CBB would normally expect larger
licensees to maintain the internal audit function within the organisation. The CBB will however consider allowing smalllicensees to outsource part or all of their internal audit function to third party providers.April 2016HC-5.4.3
Licensees may outsource part or all of their internal audit function, after obtaining the prior approval of the CBB. The outsourcing arrangements must provide for an adequate level of scrutiny of thelicensee , and must comply with the requirements contained in Section RM-2.4. Alicensee cannot outsource its internal audit function to its external auditor.April 2016HC-5.4.4
Prior approval from the CBB is required for significant outsourcing arrangements, including all outsourcing of internal audit. Note that in all such cases, the
licensee retains ultimate responsibility for the adequacy of its outsourcing function, and is required to identify the person within thelicensee responsible for internal audit: this person should be anapproved person (see Section AU-1.2 and Chapter RM-2).April 2016HC-5.4.5
Internal audit functions must have terms of reference that clearly indicate:
(a) The scope and frequency of audits;(b) Reporting lines; and(c) The review and approval process applied to audits.April 2016HC-5.4.6
Paragraph HC-5.4.5 applies irrespective of whether the internal audit function is outsourced. Where it is outsourced, the CBB would expect to see these matters addressed in the contract with the
outsourcing provider .April 2016HC-5.4.7
Internal audit functions must report directly to the Board. They must have unrestricted access to all the appropriate records of the
licensee . They must have open and regular access to the Board, theChief Executive orgeneral manager , and thelicensee's external auditor.April 2016HC-5.4.8
Internal audit functions must have adequate staff levels with appropriate skills and knowledge, such that they can act as an effective challenge to the business. Where the function is not outsourced, the
head of function should be a senior and experienced employee. Internal audit functions must not perform other activities that compromise their independence.April 2016HC-5.4.9
The CBB would expect to see in place a formal audit plan that:
(a) Is reviewed and approved at least annually by the Board;(b) Is risk-based, with an appropriate scoring system; and(c) Covers all material areas of alicensee's operations over a reasonable timescale.April 2016HC-5.4.10
Internal Audit reports should also be:
(a) Clear and prioritised, with action points directed towards identified individuals;(b) Timely; and(c) Distributed to the Board and appropriate senior management.April 2016HC-5.4.11
Licensees should also have processes in place to deal with recommendations raised by internal audit to ensure that they are:(a) Dealt with in a timely fashion;(b) Monitored until they are settled; and(c) Raised with senior management if they have not been adequately dealt with.April 2016HC-5.5 HC-5.5 Compliance
HC-5.5.1
Licensees must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements in the Kingdom's legislation and those set by the CBB, and those established under any other statute or regulator to which they are subject.April 2016HC-5.5.2
Depending on the nature, scale and complexity of its business, a
licensee should consider having a separate compliance function. A compliance function should:(a) Document its organisation and responsibilities;(b) Be appropriately staffed with competent individuals;(c) Have unrestricted access to thelicensee's relevant records; and(d) Have ultimate recourse to the Board.April 2016HC-5.5.3
Licensees must designate an employee, of appropriate standing and resident in Bahrain, asCompliance Officer . The duties of theCompliance Officer include:(a) Having responsibility for oversight of thelicensee's compliance with the requirements of the CBB; and(b) Reporting to thelicensee's Board in respect of that responsibility.April 2016HC-5.5.4
The
Compliance Officer is acontrolled function and the requirements relating toapproved persons must be met (see Chapter AU-1.2). If the scale and nature of thelicensee's operations are limited, then the individual who performs the function ofCompliance Officer may also take on other responsibilities, providing this does not create a potential conflict of interest. The compliance function may not be combined with the internal audit function or any operational function as they are incompatible and may create a conflict of interest.April 2016