• GR GR Administrators General Requirements Module

    • GR-A GR-A Introduction

      • GR-A.1 GR-A.1 Purpose

        • Executive Summary

          • GR-A.1.1

            The General Requirements Module presents a variety of different requirements that are not extensive enough to warrant their own stand-alone Module, but for the most part are generally applicable. These include requirements on books and records; on the use of corporate and trade names; and on controllers and close links. Each set of requirements is contained in its own Chapter.

            Amended: July 2011
            May 2011

        • Legal Basis

          • GR-A.1.2

            This Module contains the Central Bank of Bahrain ('CBB') Directive (as amended from time to time) regarding general requirements applicable to administrators licensees, and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). Requirements regarding transfers of business (see Chapter GR-4) and controllers (see Chapter GR-5) are also included in Regulations, to be issued by the CBB.

            May 2011

          • GR-A.1.3

            For an explanation of the CBB's rule-making powers and different regulatory instruments, see section UG-1.1.

            May 2011

      • GR-A.2 GR-A.2 Module History

        • Evolution of Module

          • GR-A.2.1

            This Module was first issued in May 2011 by the CBB. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG-3 provides further details on Rulebook maintenance and version control.

            May 2011

          • GR-A.2.2

            A list of recent changes made to this Module is detailed in the table below:

            Module Ref. Change Date Description of Changes
            GR-A.1.1 07/2011 Minor correction made to Guidance.
            GR-5.3 04/2012 Amended to be in line with other Volumes of the CBB rulebook and to reflect the issuance of Resolution No.(43) of 2011.
            GR-7 04/2012 Clarified language on cessation of business to be in line with other Volumes of the CBB Rulebook.
            GR-1.1.4 04/2013 Corrected reference to 'transaction' records.
            GR-7.1.12 10/2016 Added an additional requirement for cessation of business to be consistent with other Volumes of the CBB Rulebook.
            GR-5.1.4 01/2017 Consistency of notification timeline rule on controllers with other Volumes of the CBB Rulebook.
            GR-1.2.1 07/2017 Amended paragraph according to the Legislative Decree No. (28) of 2002.
            GR-1.2.2 07/2017 Deleted paragraph.
            GR-3.1.3 10/2017 Added additional requirement to submit when requesting no-objection letter for proposed dividend.
            GR-9.1.2 10/2017 Amended Paragraph on outsourcing, to allow the utilization of cloud services.
            GR-9.1.3A 10/2017 Added a new Paragraph on outsourcing.
            GR-9.1.6 10/2017 Amended Paragraph.
            GR-9.1.9 10/2017 Amended Paragraph.
            GR-9.1.11 10/2017 Amended Paragraph.
            GR-9.1.11A 10/2017 Added a new Paragraph on outsourcing.
            GR-9.1.16 10/2017 Amended Paragraph.
            GR-9.1.17 10/2017 Amended Paragraph.
            GR-9.2.1 10/2017 Amended Paragraph.
            GR-9.2.2 10/2017 Amended Paragraph.
            GR-9.2.4 10/2017 Amended Paragraph.
            GR-9.2.11 10/2017 Amended Paragraph.
            GR-9.2.12 10/2017 Amended Paragraph.
            GR-9.2.13 10/2017 Amended Paragraph.
            GR-9.2.18 10/2017 Amended Paragraph.
            GR-9.2.19 10/2017 Added a new paragraph for security measures related to cloud services.
            GR-9.3.3 10/2017 Amended Paragraph.
            GR-9.3.4 10/2017 Amended Paragraph.
            GR-5.1.1A 04/2019 Added a new Paragraph on exposures to controllers.
            GR-5.1.1B 04/2019 Added a new Paragraph on exposures to controllers.
            GR-1.2.1 01/2020 Amended Paragraph.
            GR-7.1.7 04/2020 Amended Paragraph.
            GR-7.1.12 04/2020 Amended Paragraph.
            GR-C 10/2020 Added a new Chapter on Provision of Financial Services on a Non-discriminatory Basis.
            GR-2.1.1 01/2022 Amended Paragraph on change in licensee corporate and legal name.
            GR-2.1.2 01/2022 Amended Paragraph on change in licensee legal name.
            GR-9 07/2022 Replaced Chapter GR-9 with new Outsourcing Requirements.

    • GR-B GR-B Scope of Application

      • GR-B.1 GR-B.1 Scope of Application

        • GR-B.1.1

          The requirements in Module GR (General Requirements) apply to all administrators licensees authorised in the Kingdom of Bahrain, thereafter referred to in this Module as licensees.

          May 2011

    • GR-C GR-C Provision of Financial Services on a Non-discriminatory Basis

      • GR-C.1 GR-C.1 Provision of Financial Services on a Non-discriminatory Basis

        • GR-C.1.1

          Administrators licensees must ensure that all regulated financial services are provided without any discrimination based on gender, nationality, origin, language, faith, religion, physical ability or social standing.

          Added: October 2020

    • GR-1 GR-1 Books and Records

      • GR-1.1 GR-1.1 General Requirements

        • GR-1.1.1

          In accordance with Articles 59 of the CBB Law, all licensees must maintain books and records (whether in electronic or hard copy form) sufficient to produce financial statements and show a complete record of the business undertaken by a licensee. These records must be retained for at least ten years according to Article 60 of the CBB Law.

          May 2011

        • GR-1.1.2

          GR-1.1.1 includes accounts, books, files and other records (e.g. trial balance, general ledger, nostro/vostro statements, reconciliations, list of counterparties). It also includes records that substantiate the value of the assets, liabilities and off-balance sheet activities of the licensee (e.g. client activity files and valuation documentation).

          May 2011

        • Corporate Records

          • GR-1.1.3

            Licensees must maintain at all times the following records in original form or in hard copy at their premises in Bahrain:

            (a) Internal policies, procedures and operating manuals;
            (b) Corporate records, including minutes of shareholders', Directors' and management meetings;
            (c) Correspondence with the CBB and records relevant to monitoring compliance with CBB requirements;
            (d) Reports prepared by the licensee's internal and external auditors; and
            (e) Employee training manuals and records.
            May 2011

          • GR-1.1.4

            Separately, Bahrain Law currently requires other transaction records to be retained for at least five years (see Ministerial Order No. 23 of 2002, Article 5(2), made pursuant to the Amiri Decree Law No. 4 of 2001).

            Amended: April 2013
            May 2011

        • Language of Records

          • GR-1.1.5

            Unless otherwise agreed to by the CBB in writing, records must be kept in either English or Arabic. Any records kept in languages other than English or Arabic must be accompanied by a certified English or Arabic translation. Records must be kept current. The records must be sufficient to allow an audit of the licensee's business or an on-site examination of the licensee by the CBB.

            May 2011

          • GR-1.1.6

            Translations produced in compliance with Rule GR-1.1.4 may be undertaken in-house, by an employee or contractor of the licensee, providing they are certified by an appropriate officer of the licensee.

            May 2011

        • Location of Records

          • GR-1.1.6

            Records must be accessible at any time from within the Kingdom of Bahrain, or as otherwise agreed with the CBB in writing.

            May 2011

          • GR-1.1.7

            Where older records have been archived, the CBB may accept that records be accessible within a reasonably short time frame (e.g. within 5 business days), instead of immediately. The CBB may also agree similar arrangements where elements of record retention and management have been centralised in another group company, whether inside or outside of Bahrain.

            May 2011

      • GR-1.2 GR-1.2 Transaction and Customer Records

        • Transaction Records

          • GR-1.2.1

            Licensees must keep completed transaction records for as long as they are relevant for the purposes for which they were made (with a minimum period in all cases of five years from the date when the transaction was terminated). Records of terminated transactions must be kept whether in hard copy or electronic format as per the Legislative Decree No. (54) of 2018 with respect to Electronic Transactions “The Electronic Communications and Transactions Law” and its amendments.

            Amended: January 2020
            Amended: July 2017
            May 2011

          • GR-1.2.2

            [This Paragraph has been deleted in July 2017].

            Deleted: July 2017
            May 2011

        • Customer Records

          • GR-1.2.3

            Record-keeping requirements with respect to customer records, including customer identification and due diligence records, are contained in Module FC (Financial Crime).

            May 2011

    • GR 2 GR 2 Corporate and Trade Names

      • GR-2.1 GR-2.1 Vetting of Names

        • GR-2.1.1

          Licensees must obtain CBB’s prior written approval for any change in their legal name. Licensees must notify the CBB of any change in their corporate name at least one week prior to effecting the proposed change.

          Amended: January 2022
          Added: May 2011

        • GR-2.1.2

          In approving a change in a legal name, the CBB seeks to ensure that it is sufficiently distinct as to reduce possible confusion with other unconnected businesses, particularly those operating in the financial services sector.

          Amended: January 2022
          Added: May 2011

      • GR-2.2 GR-2.2 Publication of Documents by the Licensee

        • GR-2.2.1

          Any written communication, including stationery, business cards or other business documentation published by the licensee, or used by its employees (agents, representatives, financial advisers or introducers) must include a statement that the licensee is regulated by the CBB and the type of license (administrator).

          May 2011

    • GR-3 GR-3 Dividends

      • GR-3.1 GR-3.1 CBB Non-Objection

        • GR-3.1.1

          Licensees must obtain a letter of no-objection from the CBB to any dividend proposed and prior to submitting a proposal for a distribution of profits to a shareholder vote.

          May 2011

        • GR-3.1.2

          The CBB will grant a no-objection letter where it is satisfied that the level of dividend proposed is unlikely to leave the licensee vulnerable — for the foreseeable future — to breaching the CBB's financial resources requirements, taking into account (as appropriate) trends in the licensee's business volumes, expenses, trend performance and investment environment.

          May 2011

        • GR-3.1.3

          To facilitate the prior approval required under Paragraph GR-3.1.1, licensees subject to Paragraph GR-3.1.1 must provide the CBB with:

          (a) The licensee's intended percentage and amount of proposed dividends for the coming year;
          (b) A letter of no objection from the licensee's external auditor on such profit distribution; and
          (c) A detailed analysis of the impact of the proposed dividend on the capital adequacy requirements outlined in Module CA (Capital Adequacy) and the liquidity position of the licensee.
          Amended: October 2017
          May 2011

    • GR-4 GR-4 Business Transfers

      • GR-4.1 GR-4.1 CBB Approval

        • GR-4.1.1

          Licensee must seek prior written approval from the CBB before transferring any of its business to a third party.

          May 2011

        • GR-4.1.2

          Rule GR-4.1.1 is intended to apply to circumstances where a licensee wishes to sell all or part of its business to a third party. It does not apply where a licensee is simply transferring client assets to a third party, on instruction from the client concerned.

          May 2011

        • GR-4.1.3

          In all cases, CBB approval to transfer business will only be given where:

          (a) The transfer of business will not damage or otherwise prejudice the legitimate interests of the licensee's customers;
          (b) The transferee is duly licensed to undertake the business which it is to receive; and
          (c) The CBB is satisfied that the transfer will not breach any applicable laws or regulations, and would not create any supervisory concerns.
          May 2011

        • GR-4.1.4

          In assessing the criteria outlined in Paragraph GR-4.1.3, the CBB will, amongst other factors, take into account the financial strength of the transferee; its capacity to manage the business being transferred; its track record in complying with applicable regulatory requirements; and (where applicable) its track record in treating customers fairly. The CBB will also take into account the impact of the transfer on the transferor, and any consequences this may have for the transferor‟s remaining customers.

          May 2011

        • GR-4.1.5

          Licensees seeking to obtain the CBB's permission to transfer business must apply to the CBB in writing, in the form of a covering letter together with supporting attachments. Unless otherwise directed by the CBB, the application must provide:

          (a) Full details of the business to be transferred;
          (b) The rationale for the proposed transfer;
          (c) If applicable, an assessment of the impact of the transfer on any customers directly affected by the transfer, and any mitigating factors or measures;
          (d) If applicable, an assessment of the impact of the transfer on the transferor's remaining business and customers, and any mitigating factors or measures; and
          (e) Evidence that the proposed transfer has been duly authorised by the transferor (such as a certified copy of a Board resolution approving the transfer).
          May 2011

        • GR-4.1.6

          Licensees intending to apply to transfer business are advised to contact the CBB at the earliest possible opportunity, prior to submitting a formal application, in order that the CBB may determine the nature and level of documentation to be provided and the need for an auditor or other expert opinion to be provided to support the application. The documentation specified in Paragraph GR-4.1.6 may be varied by the CBB, depending on the nature of the proposed transfer, such as the materiality of the business concerned and its impact on customers.

          May 2011

        • GR-4.1.7

          The CBB's approval may be given subject to any conditions deemed appropriate by the CBB. In all cases where additional requirements are imposed, the CBB shall state the reasons for doing so.

          May 2011

        • GR-4.1.8

          At its discretion, the CBB may require that a notice of proposed transfer of business be published in the Official Gazette, and/or in at least two local daily newspapers (one in Arabic, the other in English), in order to give affected customers the right to comment on the proposed transfer. Where such a requirement has been imposed, the CBB's decision on the application will also be published in the Official Gazette and in at least two local daily newspapers. In all such cases, the costs of publication must be met by the transferor.

          May 2011

        • GR-4.1.9

          Publication under paragraph GR-4.1.8 will generally only be required where a proposed transfer involves a large number of customers or is otherwise deemed necessary in order to protect customer interests.

          May 2011

        • GR-4.1.10

          The requirements in this Chapter are based on the powers available to the CBB in Article 68 of the CBB Law.

          May 2011

    • GR-5 GR-5 Controllers

      • GR-5.1 GR-5.1 Key Provisions

        • GR-5.1.1

          Whenever they are aware of such cases, licensees must obtain prior approval from the CBB, as required under Paragraph BR-2.3.8, for any changes in the percentage holding of a controller or a new controller (as defined in Section GR-5.2).

          May 2011

        • GR-5.1.1A

          Licensees must not incur or otherwise have an exposure (either directly or indirectly) to their controllers, including subsidiaries and associated companies of such controllers.

          Added: April 2019

        • GR-5.1.1B

          For the purpose of Paragraph GR-5.1.1A, licensees that already have an exposure to controllers must have an action plan agreed with the CBB's supervisory point of contact to address such exposures within a timeline agreed with the CBB.

          Added: April 2019

        • GR-5.1.2

          Articles 52 to 56 of the CBB Law require notification to the CBB of all controllers of licensees and of listed companies; it further gives the CBB the right to refuse approval of controllers if deemed damaging to the interests of the market, customers, or in contravention of the criteria set by the CBB.

          May 2011

        • GR-5.1.3

          Requests for approval under Paragraph GR-5.1.1 must be made by submitting a duly completed Form 2 (Application for Authorisation of Controller) to the CBB. Notification must be made by the controller or intended controller, and by the licensee where it is aware of the change.

          May 2011

        • GR-5.1.4

          If, as a result of circumstances outside the licensee's knowledge and/or control, changes specified in Paragraph GR-5.1.1 are triggered prior to CBB approval being sought or obtained, the licensee must notify the CBB no later than 15 calendar days on which those changes have occurred.

          Amended: January 2017
          May 2011

        • GR-5.1.5

          For approval under Rule GR-5.1.1 to be granted, the applicant must satisfy the CBB that the proposed change in controller poses no undue risks to the licensee or its customers, and is not damaging to the interests of the market, as defined in the suitability criteria for controllers, contained in Section GR-5.3.

          May 2011

        • GR-5.1.6

          An approval of controller is valid for the period specified in the approval letter issued by the CBB. The CBB may impose any restrictions that it considers necessary to be observed when granting its approval.

          May 2011

        • GR-5.1.7

          The approval process is specified in Section GR-5.4.

          May 2011

        • GR-5.1.8

          Licensees must submit, within 3 months of their financial year-end, a report on their controllers. This report must identify all controllers of the licensee, as defined in Section GR-5.2.

          May 2011

      • GR-5.2 GR-5.2 Definition of Controller

        • GR-5.2.1

          A controller of a licensee is a natural or legal person who, either alone or with his associates:

          (a) Holds 10% or more of the shares in the licensee ('L'), or is able to exercise (or control the exercise of) more than 10% of the voting power in L; or
          (b) Holds 10% or more of the shares in a parent undertaking ('P') of L, or is able to exercise (or control the exercise of) more than 10% of the voting power in P; or
          (c) Is able to exercise significant influence over the management of L or P.
          May 2011

        • GR-5.2.2

          For the purposes of Paragraph GR-5.2.1, 'associate' includes:

          (a) In the case of natural persons, the spouse or child of the controller;
          (b) An undertaking of which a controller is a Director;
          (c) A person who is an employee or partner of the controller; and
          (d) If the controller is a corporate entity, a Director of the controller, a subsidiary of the controller, or a Director of any subsidiary undertaking of the controller.
          May 2011

        • GR-5.2.3

          Associate also includes any other person or undertaking with which the controller has entered into an agreement or arrangement as to the acquisition, holding or disposal of shares or other interests in the licensee, or under which they undertake to act together in exercising their voting power in relation to the licensee.

          May 2011

      • GR-5.3 GR-5.3 Suitability of Controllers

        • GR-5.3.1

          All new controllers or prospective controllers (as defined in Section GR-5.2) of a Bahraini specialised licensee must obtain the approval of the CBB. Any increases to existing controllers' holdings or voting control (as outlined under Paragraph BR-2.3.8) must also be approved by the CBB and are subject to the conditions outlined in this Section. Such changes in existing controllers (as defined in the Section GR-5.2) or new/prospective controllers of a licensee must satisfy the CBB of their suitability and appropriateness according to the criteria outlined in Paragraphs GR-5.3.2 to GR-5.3.5. The CBB will issue an approval notice or notice of refusal of a controller according to the approval process outlined in Section GR-5.4 and Paragraph GR-5.1.6.

          Amended: April 2012
          May 2011

        • GR-5.3.1A

          In line with Resolution No.(43) of 2011, the CBB may require, on a case-by-case basis, and at its sole discretion that at least one of the controllers is a regulated financial institution holding at least 20% of the licensee's shares.

          Added: April 2012

        • GR-5.3.2

          In assessing the suitability of controllers who are natural persons, the CBB has regard to their professional and personal conduct, including, but not limited to, the following:

          (a) The propriety of a person's conduct, whether or not such conduct resulted in conviction for a criminal offence, the contravention of a law or regulation, or the institution of legal or disciplinary proceedings;
          (b) A conviction or finding of guilt in respect of any offence, other than a minor traffic offence, by any court or competent jurisdiction;
          (c) Any adverse finding in a civil action by any court or competent jurisdiction, relating to fraud, misfeasance or other misconduct in connection with the formation or management of a corporation or partnership;
          (d) Whether the person has been the subject of any disciplinary proceeding by any government authority, regulatory agency or professional body or association;
          (e) The contravention of any financial services legislation or regulation;
          (f) Whether the person has ever been refused a license, authorisation, registration or other authority;
          (g) Dismissal or a request to resign from any office or employment;
          (h) Disqualification by a court, regulator or other competent body, as a Director or as a manager of a corporation;
          (i) Whether the person has been a Director, partner or manager of a corporation or partnership which has gone into liquidation or administration or where one or more partners or managers have been declared bankrupt whilst the person was connected with that partnership or corporation;
          (j) The extent to which the person, has been truthful and open with regulators;
          (k) Whether the person has ever been adjudged bankrupt, entered into any arrangement with creditors in relation to the inability to pay due debts, or failed to satisfy a judgement debt under a court order or has defaulted on any debts;
          (l) The financial resources of the person and the likely stability of their shareholding, and their track record as a controller or significant investor in financial institutions;
          (m) Existing Directorships or ownership of more than 20% of the capital or voting rights of any financial institution in the Kingdom of Bahrain or elsewhere, and the potential for conflicts of interest that such Directorships or ownership may imply;
          (n) The legitimate interests of investors, creditors and shareholders (including minority shareholders) of the licensee;
          (o) Whether the approval of a controller is or could be detrimental to Bahrain's financial sector; and
          (p) Whether the person is able to deal with existing shareholders and the Board in a constructive and co-operative manner.
          May 2011

        • GR-5.3.3

          Natural persons who intend to take a stake of 20% or more in a licensee are subject to enhanced scrutiny, given the CBB's position as home supervisor of such licensees. The level of scrutiny and the expected compliance with the above standards become more onerous as the level of proposed ownership increases. Natural persons will not normally be approved to take majority control (i.e. a stake of 50% or more of either the capital or voting rights) of a licensee.

          Amended: April 2012
          May 2011

        • GR-5.3.4

          In assessing the suitability of controllers who are legal persons, CBB has regard to their financial standing, judicial and regulatory record, and standards of business practice and reputation, including, but not limited to, the following:

          (a) The financial strength of the controller, its parent(s) and other members of its group, its implications for the licensee and the likely stability of the controller's shareholding;
          (b) Whether the controller or members of its group has ever entered into any arrangement with creditors in relation to the inability to pay due debts;
          (c) The controller's jurisdiction of incorporation, location of Head Office, group structure and close links, and the implications for the licensee as regards effective supervision of the licensee and potential conflicts of interest;
          (d) The controller's (and other group members') propriety and general standards of business conduct, including the contravention of any laws or regulations, or the institution of disciplinary proceedings by a government authority, regulatory agency or professional body;
          (e) Any adverse finding in a civil action by any court or competent jurisdiction, relating to fraud, misfeasance or other misconduct;
          (f) Any criminal actions instigated against the controller or other members of its group, whether or not this resulted in an adverse finding;
          (g) The extent to which the controller or other members of its group have been truthful and open with regulators and supervisors;
          (h) Whether the person has ever been refused a license, authorisation, registration or other authority;
          (i) The person's track record as a controller or investor in financial institutions;
          (j) The legitimate interests of investors, creditors and shareholders of the licensee;
          (k) Whether their approval as a controller is or could be detrimental to Bahrain's financial sector; and
          (l) Whether the person is able to deal with existing shareholders and the Board in a constructive manner.
          May 2011

        • GR-5.3.5

          Legal persons who intend to take a stake of 20% or more in a licensee are subject to enhanced scrutiny, given the CBB's position as home supervisor of such licensees. The level of scrutiny and of expected compliance with the above standards becomes more onerous as the level of proposed ownership increases. In particular, unregulated legal persons will not normally be approved to take majority control (i.e. a stake of 50% or more of either the capital or voting rights of a licensee, unless the proposed parent is a well-established business (that satisfies the above conditions), and its ownership would not pose undue conflicts of interest. Regulated legal persons will normally only be approved to take majority control where — in addition to the above conditions — the resulting group would be subject to effective consolidated supervision in accordance with relevant international standards; and the home supervisor of the parent entity has agreed to the proposed acquisition, as well as to the sharing of relevant prudential information for supervisory purposes (expressed, if necessary, through the signing of a Memorandum of Understanding between the CBB and the home supervisor, setting out their respective supervisory responsibilities).

          Amended: April 2012
          May 2011

        • GR-5.3.6

          The CBB may contact references and supervisory bodies in connection with any information provided to support an application for controller. The CBB may also ask for further information, in addition to that provided in the Form 2, if required to satisfy itself as to the suitability of the applicant.

          May 2011

      • GR-5.4 GR-5.4 Approval Process

        • GR-5.4.1

          Within 3 months of receipt of an approval request under Paragraph GR-5.1.1, the CBB will issue a written notice of approval (or of refusal, if it is not satisfied that the person concerned is suitable to become a controller of the licensee). The notice of refusal will specify the reasons for the objection and specify the applicant's right of appeal. Where an approval notice is given, it will specify the period for which it is valid and any conditions that may be applied.

          May 2011

        • GR-5.4.2

          Article 53 allows the CBB up to 3 months in which to respond to an application, although the CBB normally aims to respond within 30 calendar days. Notices of refusal have to be approved by an Executive Director of the CBB. The applicant has 30 calendar days from the date of a notice in which to appeal a decision to refuse the application or any conditions imposed as a condition of approval. The CBB then has 30 calendar days from the date of the appeal in which to consider any mitigating evidence submitted and make a final determination. See Module EN (Enforcement).

          May 2011

        • GR-5.4.3

          Where a person has become a controller by virtue of their shareholding in contravention of Paragraph GR-5.1.1, or a notice of refusal has been served on them under Paragraph GR-5.4.1 and the period of appeal has expired, the CBB may, by notice in writing served on the person concerned, instruct the person concerned to transfer such shares, or refrain from exercising voting rights in respect of such shares.

          May 2011

        • GR-5.4.4

          If the person concerned fails to take the action specified under Paragraph GR-5.4.3, then the CBB may seek a court order to take appropriate measures: these may include forcing the person to sell their shares.

          May 2011

        • GR-5.4.5

          The powers available to the CBB that are described in Paragraphs GR-5.4.3 and GR-5.4.4 are specified in Article 56 of the CBB Law.

          May 2011

        • GR-5.4.6

          In addition to the above requirements, licensees are encouraged to notify the CBB as soon as they become aware of events that are likely to lead to major changes in their controllers. Any supervisory implications of such changes can then be discussed prior to the filing of a formal approval request.

          May 2011

    • GR-6 GR-6 Close Links

      • GR-6.1 GR-6.1 Key Provisions

        • GR-6.1.1

          Condition 3 of the CBB‟s licensing conditions specifies, amongst other things, that licensees must satisfy the CBB that their close links do not prevent the effective supervision of the licensee and otherwise pose no undue risks to the licensee. (See Paragraph AU-2.3.1).

          May 2011

        • GR-6.1.2

          Applicants for a license must provide details of their close links, as provided for under Form 1 (Application for a License). (See Paragraph AU-5.1.1).

          May 2011

        • GR-6.1.3

          Licensees must submit to the CBB, within 3 months of their financial year-end, a report on their close links. The report must identify all undertakings closely linked to the licensee, as defined in Section GR-6.2.

          May 2011

      • GR-6.2 GR-6.2 Definition of Close Links

        • GR-6.2.1

          A licensee ('L') has close links with another undertaking ('U'), if:

          (a) U is a parent undertaking of L;
          (b) U is a subsidiary undertaking of L;
          (c) U is a subsidiary undertaking of a parent undertaking of L;
          (d) U, or any other subsidiary undertaking of its parent, owns or controls 20% or more of the voting rights or capital of L; or
          (e) L, any of its parent or subsidiary undertakings, or any of the subsidiary undertakings of its parent, owns or controls 20% or more of the voting rights or capital of U.
          May 2011

      • GR-6.3 GR-6.3 Assessment Criteria

        • GR-6.3.1

          In assessing whether a licensee's close links may prevent the effective supervision of the firm, or otherwise poses no undue risks to the licensee, the CBB takes into account the following:

          (a) Whether the CBB will receive adequate information from the licensee, and those with whom the licensee has close links, to enable it to determine whether the licensee is complying with CBB requirements;
          (b) The structure and geographical spread of the licensee, its group and other undertakings with which it has close links, and whether this might hinder the provision of adequate and reliable flows of information to the CBB, for instance because of operations in territories which restrict the free flow of information for supervisory purposes; and
          (c) Whether it is possible to assess with confidence the overall financial position of the group at any particular time, and whether there are factors that might hinder this, such as group members having different financial year ends or auditors, or the corporate structure being unnecessarily complex and opaque.
          May 2011

    • GR-7 GR-7 Cessation of Business

      • GR-7.1 GR-7.1 CBB Approval

        • GR-7.1.1

          As specified in Article 50 of the CBB Law, a licensee wishing to cease to provide or suspend all or any of its licensed regulated services, completely or at any of its branches, must obtain prior written approval from the CBB.

          Amended: April 2012
          May 2011

        • GR-7.1.2

          If the licensee wishes to transfer client assets to a third party, it must also comply with the requirements contained in Chapter GR-4.

          Amended: April 2012
          May 2011

        • GR-7.1.2A

          If the licensee wishes to liquidate its business, the CBB will revise its license to restrict the firm from entering into new business. The licensee must continue to comply with all applicable CBB requirements until such time as it is formally notified by the CBB that its obligations have been discharged and that it may surrender its license.

          Added: April 2012

        • GR-7.1.3

          Licensees seeking to obtain the CBB's permission to cease business must apply to the CBB in writing, in the form of a formal request together with supporting documents. Unless otherwise directed by the CBB, the following requirements must be provided in support of the request:

          (a) Full details of the business to be terminated;
          (b) The rationale for the cessation;
          (c) How the licensee proposes to cease business;
          (d) Notice of an Extraordinary Meeting setting out the agenda to discuss and approve the cessation, and inviting the CBB for such meeting;
          (e) Evidence that the proposed cessation has been duly authorised by the licensee (such as a certified copy of a Board resolution approving the cessation);
          (f) Formal request to the CBB for the appointment of a liquidator acceptable to the CBB;
          (g) A cut-off date by which the licensee will stop its operations;
          (h) If the licensee wishes to cease its whole business, confirmation that the licensee will not enter into new business with effect from the cut-off date;
          (i) Once the CBB has given its approval to an application to cease business, the licensee must publish a notice of its intention to cease business in two local daily newspapers (one in Arabic, the other in English). Notices must also be displayed in the premises (including any branch offices) of the licensee concerned. These notices must be given not less than 30 calendar days before the cessation is to take effect, and must include such information as the CBB may specify;
          (j) The audited accounts of the licensee as of the last date on which it stopped operations. The commencement of such accounts should be the beginning of the financial year of the licensee;
          (k) If applicable, an assessment of the impact of the cessation on any customers directly affected by the cessation, and any mitigating factors or measures;
          (l) If applicable, an assessment of the impact of the cessation on the licensee's remaining business and customers, and any mitigating factors or measures; and
          (m) The final liquidator's report of the licensee.
          Amended: April 2012
          May 2011

        • GR-7.1.4

          Licensees intending to apply to cease business are advised to contact the CBB at the earliest possible opportunity, prior to submitting a formal application, in order that the CBB may determine the nature and level of documentation to be provided and the need for an auditor or other expert opinion to be provided to support the application. The documentation specified in Paragraph GR-7.1.3 may be varied by the CBB, depending on the nature of the proposed cessation, such as the materiality of the business concerned and its impact on customers.

          May 2011

        • GR-7.1.5

          Approval to cease business will generally be given where adequate arrangements have been made to offer alternative arrangements to any affected customers. The CBB's approval may be given subject to any conditions deemed appropriate by the CBB. In all cases where additional requirements are imposed, the CBB shall state the reasons for doing so.

          May 2011

        • GR-7.1.6

          The notice referred to in Subparagraph GR-7.1.3 (i) must include a statement that written representations concerning the liquidation may be submitted to the CBB before a specified day, which shall not be later than thirty calendar days after the day of the first publication of the notice. The CBB will not decide on the application until after considering any representations made to the CBB before the specified day.

          Amended: April 2012
          May 2011

        • GR-7.1.7

          Upon satisfactorily meeting the requirements set out in GR-7.1.3, the licensee must surrender the original license certificate issued by the Licensing Directorate at the time of establishment, and submit confirmation of the cancellation of its Commercial Registration from the Ministry of Industry and Commerce.

          Amended: April 2020
          Added: May 2011

        • GR-7.1.8

          Where the CBB has given its approval to cancel or amend a license, then it will also publish its decision in the Official Gazette, as well as in two local daily newspapers (one in Arabic, the other in English), once this decision has been implemented.

          Amended: April 2012
          May 2011

        • GR-7.1.8A

          The publication cost of the notices referred to in Paragraph GR-7.1.8 is to be met by the licensee concerned.

          Added: April 2012

        • GR-7.1.9

          The licensee must continue to comply with all applicable CBB requirements, until such time as it is formally notified by the CBB that its obligations have been discharged.

          May 2011

        • GR-7.1.10

          A licensee in liquidation must continue to meet its contractual and regulatory obligations to customers and creditors.

          May 2011

        • GR-7.1.11

          If no objections to the liquidation are upheld by the CBB, the CBB may then issue a written notice of approval for the surrender of the license.

          Added: April 2012

        • GR-7.1.12

          Upon satisfactorily meeting the requirements set out in GR-7.1.3, the licensees must surrender the original license certificate issued by the Licensing Directorate at the time of establishment, and submit confirmation of the cancellation of its commercial registration from the Ministry of Industry, Commerce and Tourism.

          Amended: April 2020
          Added: October 2016

    • GR-8 GR-8 Professional Indemnity Coverage

      • GR-8.1 GR-8.1 Key Provisions

        • GR-8.1.1

          Licensees must maintain professional indemnity coverage. The professional indemnity coverage must be obtained from an insurance firm acceptable to the CBB and licensed in the Kingdom of Bahrain.

          May 2011

        • GR-8.1.2

          Upon request, licensees must provide to the CBB evidence of the coverage in force required under Paragraph GR-8.1.1.

          May 2011

        • GR-8.1.3

          A licensee is encouraged to assess its insurance needs, through professional advice, to ensure its adequacy to the level of business undertaken, notwithstanding the minimum limit of indemnity.

          May 2011

        • GR-8.1.4

          The minimum limit of indemnity is BD 75,000.

          May 2011

        • GR-8.1.5

          The maximum excess or deductible allowable under the policy shall be BD 15,000.

          May 2011

        • GR-8.1.6

          In accordance with Paragraph EN-B.3.1, licensees may not enter into or make a claim under a contract of insurance that is intended to, or has the effect of, indemnifying them from the financial penalties provided for in Module EN.

          May 2011

        • GR-8.1.7

          The requirement to maintain insurance coverage will normally be met by the licensee concerned obtaining an insurance policy from an insurance firm. The CBB may also accept an insurance policy issued at group level, e.g. issued with respect to the parent of the licensee, provided the terms of the policy explicitly provide coverage with respect to the licensee.

          May 2011

        • GR-8.1.8

          Unless otherwise agreed in writing with the CBB, the policy must contain a clause that it may not be cancelled or lapsed without the prior approval of the CBB. The policy must also contain a provision for an automatic extended reporting period in the event that the policy is cancelled or lapsed, such that claims relating to the period during which the policy was in force may subsequently still be reported.

          May 2011

    • GR-9 GR-9 Outsourcing Requirements

      • GR-9.1 GR-9.1 Outsourcing Arrangements

        • GR-9.1.1

          This Chapter sets out the CBB’s approach to outsourcing by licensees. It also sets out various requirements that licensees must address when considering outsourcing an activity or function.

          Amended: July 2022
          May 2011

        • GR-9.1.2

          In the context of this Chapter, ‘outsourcing’ means an arrangement whereby a third party performs on behalf of a licensee an activity which commonly would have been performed internally by the licensee. Examples of services that are typically outsourced include data processing, cloud services, customer call centres and back-office related activities.

          Amended: July 2022
          Amended: October 2017
          May 2011

        • GR-9.1.3

          In the case of branches of foreign entities, the CBB may consider a third-party outsourcing arrangement entered into by the licensee’s head office/regional office or other offices of the foreign entity as an intragroup outsourcing, provided that the head office/regional office submits to the CBB a letter of comfort which includes, but is not limited to, the following conditions:

          i. The head office/regional office declares its ultimate responsibility of ensuring that adequate control measures are in place; and
          ii. The head office/regional office is responsible to take adequate rectification measures, including compensation to the affected customers, in cases where customers suffer any loss due to inadequate controls applied by the third-party service provider.
          Amended: July 2022
          May 2011

        • GR-9.1.4

          The licensee must not outsource the following functions:

          (i) Compliance;
          (ii) AML/CFT;
          (iii) Financial control;
          (iv) Risk management; and
          (v) Business line functions offering regulated services directly to the customers (refer to Regulation No. (1) of 2007 and its amendments for the list of CBB regulated services).
          Amended: July 2022
          May 2011

        • GR-9.1.5

          For the purposes of Paragraph GR-9.1.4, certain support activities, processes and systems under these functions may be outsourced (e.g. call centres, data processing, credit recoveries, cyber security, e-KYC solutions) subject to compliance with Paragraph GR-9.1.7. However, strategic decision-making and managing and bearing the principal risks related to these functions must remain with the licensee.

          Amended: July 2022
          May 2011

        • GR-9.1.6

          Branches of foreign entities may be allowed to outsource to their head office, the risk management function stipulated in Subparagraph GR-9.1.4 (iv), subject to CBB’s prior approval.

          Amended: July 2022
          Amended: October 2017
          May 2011

        • GR-9.1.7

          Licensees must comply with the following requirements:

          (i) Prior CBB approval is required on any outsourcing to a third-party outside Bahrain (excluding cloud data services). The request application must:
          a. include information on the legal and technical due diligence, risk assessment and detailed compliance assessment; and
          b. be made at least 30 calendar days before the licensee intends to commit to the arrangement.
          (ii) Post notification to the CBB, within 5 working days from the date of signing the outsourcing agreement, is required on any outsourcing to an intragroup entity within or outside Bahrain or to a third-party within Bahrain, provided that the outsourced service does not require a license, or to a third-party cloud data services provider inside or outside Bahrain.
          (iii) Licensees must have in place sufficient written requirements in their internal policies and procedures addressing all strategic, operational, logistical, business continuity and contingency planning, legal and risks issues in relation to outsourcing.
          (iv) Licensees must sign a service level agreement (SLA) or equivalent with every outsourcing service provider. The SLA must clearly address the scope, rights, confidentiality and encryption requirements, reporting and allocation of responsibilities. The SLA must also stipulate that the CBB, external auditors, internal audit function, compliance function and where relevant the Shari’a coordination and implementation and internal Shari’a audit functions of the licensee have unrestricted access to all relevant information and documents maintained by the outsourcing service provider in relation to the outsourced activity.
          (v) Licensees must designate an approved person to act as coordinator for monitoring and assessing the outsourced arrangement.
          (vi) Licensee must submit to the CBB any report by any other regulatory authority on the quality of controls of an outsourcing service provider immediately after its receipt or after coming to know about it.
          (vii) Licensee must inform its normal supervisory point of contact at the CBB of any material problems encountered with the outsourcing service provider if they remain unresolved for a period of three months from its identification date.
          Amended: July 2022
          May 2011

        • GR-9.1.8

          For the purpose of Subparagraph GR-9.1.7 (iv), licensees as part of their assessments may use the following:

          a) Independent third-party certifications on the outsourcing service provider’s security and other controls;
          b) Third-party or internal audit reports of the outsourcing service provider; and
          c) Pooled audits organized by the outsourcing service provider, jointly with its other clients.

          When conducting on-site examinations, licensees should ensure that the data of the outsourcing service provider’s other clients is not negatively impacted, including impact on service levels, availability of data and confidentiality.

          Amended: July 2022
          May 2011

        • GR-9.1.9

          For the purpose of Subparagraph GR-9.1.7 (i), the CBB will provide a definitive response to any prior approval request for outsourcing within 10 working days of receiving the request complete with all the required information and documents.

          Amended: July 2022
          Amended: October 2017
          May 2011

      • GR-9.2 [This Section was deleted in July 2022]

      • GR-9.3 [This Section was deleted in July 2022]

      • GR-9.4 [This Section was deleted in July 2022]