• GR GR Administrators General Requirements Module

    • GR-A GR-A Introduction

      • GR-A.1 GR-A.1 Purpose

        • Executive Summary

          • GR-A.1.1

            The General Requirements Module presents a variety of different requirements that are not extensive enough to warrant their own stand-alone Module, but for the most part are generally applicable. These include requirements on books and records; on the use of corporate and trade names; and on controllers and close links. Each set of requirements is contained in its own Chapter.

            Amended: July 2011
            May 2011

        • Legal Basis

          • GR-A.1.2

            This Module contains the Central Bank of Bahrain ('CBB') Directive (as amended from time to time) regarding general requirements applicable to administrators licensees, and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). Requirements regarding transfers of business (see Chapter GR-4) and controllers (see Chapter GR-5) are also included in Regulations, to be issued by the CBB.

            May 2011

          • GR-A.1.3

            For an explanation of the CBB's rule-making powers and different regulatory instruments, see section UG-1.1.

            May 2011

      • GR-A.2 GR-A.2 Module History

        • Evolution of Module

          • GR-A.2.1

            This Module was first issued in May 2011 by the CBB. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change was made: Chapter UG-3 provides further details on Rulebook maintenance and version control.

            May 2011

          • GR-A.2.2

            A list of recent changes made to this Module is detailed in the table below:

            Module Ref. Change Date Description of Changes
            GR-A.1.1 07/2011 Minor correction made to Guidance.
            GR-5.3 04/2012 Amended to be in line with other Volumes of the CBB rulebook and to reflect the issuance of Resolution No.(43) of 2011.
            GR-7 04/2012 Clarified language on cessation of business to be in line with other Volumes of the CBB Rulebook.
            GR-1.1.4 04/2013 Corrected reference to 'transaction' records.
            GR-7.1.12 10/2016 Added an additional requirement for cessation of business to be consistent with other Volumes of the CBB Rulebook.
            GR-5.1.4 01/2017 Consistency of notification timeline rule on controllers with other Volumes of the CBB Rulebook.
            GR-1.2.1 07/2017 Amended paragraph according to the Legislative Decree No. (28) of 2002.
            GR-1.2.2 07/2017 Deleted paragraph.
            GR-3.1.3 10/2017 Added additional requirement to submit when requesting no-objection letter for proposed dividend.
            GR-9.1.2 10/2017 Amended Paragraph on outsourcing, to allow the utilization of cloud services.
            GR-9.1.3A 10/2017 Added a new Paragraph on outsourcing.
            GR-9.1.6 10/2017 Amended Paragraph.
            GR-9.1.9 10/2017 Amended Paragraph.
            GR-9.1.11 10/2017 Amended Paragraph.
            GR-9.1.11A 10/2017 Added a new Paragraph on outsourcing.
            GR-9.1.16 10/2017 Amended Paragraph.
            GR-9.1.17 10/2017 Amended Paragraph.
            GR-9.2.1 10/2017 Amended Paragraph.
            GR-9.2.2 10/2017 Amended Paragraph.
            GR-9.2.4 10/2017 Amended Paragraph.
            GR-9.2.11 10/2017 Amended Paragraph.
            GR-9.2.12 10/2017 Amended Paragraph.
            GR-9.2.13 10/2017 Amended Paragraph.
            GR-9.2.18 10/2017 Amended Paragraph.
            GR-9.2.19 10/2017 Added a new paragraph for security measures related to cloud services.
            GR-9.3.3 10/2017 Amended Paragraph.
            GR-9.3.4 10/2017 Amended Paragraph.
            GR-5.1.1A 04/2019 Added a new Paragraph on exposures to controllers.
            GR-5.1.1B 04/2019 Added a new Paragraph on exposures to controllers.
            GR-1.2.1 01/2020 Amended Paragraph.
            GR-7.1.7 04/2020 Amended Paragraph.
            GR-7.1.12 04/2020 Amended Paragraph.
            GR-C 10/2020 Added a new Chapter on Provision of Financial Services on a Non-discriminatory Basis.

    • GR-B GR-B Scope of Application

      • GR-B.1 GR-B.1 Scope of Application

        • GR-B.1.1

          The requirements in Module GR (General Requirements) apply to all administrators licensees authorised in the Kingdom of Bahrain, thereafter referred to in this Module as licensees.

          May 2011

    • GR-C GR-C Provision of Financial Services on a Non-discriminatory Basis

      • GR-C.1 GR-C.1 Provision of Financial Services on a Non-discriminatory Basis

        • GR-C.1.1

          Administrators licensees must ensure that all regulated financial services are provided without any discrimination based on gender, nationality, origin, language, faith, religion, physical ability or social standing.

          Added: October 2020

    • GR-1 GR-1 Books and Records

      • GR-1.1 GR-1.1 General Requirements

        • GR-1.1.1

          In accordance with Articles 59 of the CBB Law, all licensees must maintain books and records (whether in electronic or hard copy form) sufficient to produce financial statements and show a complete record of the business undertaken by a licensee. These records must be retained for at least ten years according to Article 60 of the CBB Law.

          May 2011

        • GR-1.1.2

          GR-1.1.1 includes accounts, books, files and other records (e.g. trial balance, general ledger, nostro/vostro statements, reconciliations, list of counterparties). It also includes records that substantiate the value of the assets, liabilities and off-balance sheet activities of the licensee (e.g. client activity files and valuation documentation).

          May 2011

        • Corporate Records

          • GR-1.1.3

            Licensees must maintain at all times the following records in original form or in hard copy at their premises in Bahrain:

            (a) Internal policies, procedures and operating manuals;
            (b) Corporate records, including minutes of shareholders', Directors' and management meetings;
            (c) Correspondence with the CBB and records relevant to monitoring compliance with CBB requirements;
            (d) Reports prepared by the licensee's internal and external auditors; and
            (e) Employee training manuals and records.
            May 2011

          • GR-1.1.4

            Separately, Bahrain Law currently requires other transaction records to be retained for at least five years (see Ministerial Order No. 23 of 2002, Article 5(2), made pursuant to the Amiri Decree Law No. 4 of 2001).

            Amended: April 2013
            May 2011

        • Language of Records

          • GR-1.1.5

            Unless otherwise agreed to by the CBB in writing, records must be kept in either English or Arabic. Any records kept in languages other than English or Arabic must be accompanied by a certified English or Arabic translation. Records must be kept current. The records must be sufficient to allow an audit of the licensee's business or an on-site examination of the licensee by the CBB.

            May 2011

          • GR-1.1.6

            Translations produced in compliance with Rule GR-1.1.4 may be undertaken in-house, by an employee or contractor of the licensee, providing they are certified by an appropriate officer of the licensee.

            May 2011

        • Location of Records

          • GR-1.1.6

            Records must be accessible at any time from within the Kingdom of Bahrain, or as otherwise agreed with the CBB in writing.

            May 2011

          • GR-1.1.7

            Where older records have been archived, the CBB may accept that records be accessible within a reasonably short time frame (e.g. within 5 business days), instead of immediately. The CBB may also agree similar arrangements where elements of record retention and management have been centralised in another group company, whether inside or outside of Bahrain.

            May 2011

      • GR-1.2 GR-1.2 Transaction and Customer Records

        • Transaction Records

          • GR-1.2.1

            Licensees must keep completed transaction records for as long as they are relevant for the purposes for which they were made (with a minimum period in all cases of five years from the date when the transaction was terminated). Records of terminated transactions must be kept whether in hard copy or electronic format as per the Legislative Decree No. (54) of 2018 with respect to Electronic Transactions “The Electronic Communications and Transactions Law” and its amendments.

            Amended: January 2020
            Amended: July 2017
            May 2011

          • GR-1.2.2

            [This Paragraph has been deleted in July 2017].

            Deleted: July 2017
            May 2011

        • Customer Records

          • GR-1.2.3

            Record-keeping requirements with respect to customer records, including customer identification and due diligence records, are contained in Module FC (Financial Crime).

            May 2011

    • GR 2 GR 2 Corporate and Trade Names

      • GR-2.1 GR-2.1 Vetting of Names

        • GR-2.1.1

          Licensees must seek prior approval from the CBB for their corporate name and any trade names.

          May 2011

        • GR-2.1.2

          In approving a corporate or trade name, the CBB seeks to ensure that it is sufficiently distinct as to reduce possible confusion with other unconnected businesses, particularly those operating in the financial services sector.

          May 2011

      • GR-2.2 GR-2.2 Publication of Documents by the Licensee

        • GR-2.2.1

          Any written communication, including stationery, business cards or other business documentation published by the licensee, or used by its employees (agents, representatives, financial advisers or introducers) must include a statement that the licensee is regulated by the CBB and the type of license (administrator).

          May 2011

    • GR-3 GR-3 Dividends

      • GR-3.1 GR-3.1 CBB Non-Objection

        • GR-3.1.1

          Licensees must obtain a letter of no-objection from the CBB to any dividend proposed and prior to submitting a proposal for a distribution of profits to a shareholder vote.

          May 2011

        • GR-3.1.2

          The CBB will grant a no-objection letter where it is satisfied that the level of dividend proposed is unlikely to leave the licensee vulnerable — for the foreseeable future — to breaching the CBB's financial resources requirements, taking into account (as appropriate) trends in the licensee's business volumes, expenses, trend performance and investment environment.

          May 2011

        • GR-3.1.3

          To facilitate the prior approval required under Paragraph GR-3.1.1, licensees subject to Paragraph GR-3.1.1 must provide the CBB with:

          (a) The licensee's intended percentage and amount of proposed dividends for the coming year;
          (b) A letter of no objection from the licensee's external auditor on such profit distribution; and
          (c) A detailed analysis of the impact of the proposed dividend on the capital adequacy requirements outlined in Module CA (Capital Adequacy) and the liquidity position of the licensee.
          Amended: October 2017
          May 2011

    • GR-4 GR-4 Business Transfers

      • GR-4.1 GR-4.1 CBB Approval

        • GR-4.1.1

          Licensee must seek prior written approval from the CBB before transferring any of its business to a third party.

          May 2011

        • GR-4.1.2

          Rule GR-4.1.1 is intended to apply to circumstances where a licensee wishes to sell all or part of its business to a third party. It does not apply where a licensee is simply transferring client assets to a third party, on instruction from the client concerned.

          May 2011

        • GR-4.1.3

          In all cases, CBB approval to transfer business will only be given where:

          (a) The transfer of business will not damage or otherwise prejudice the legitimate interests of the licensee's customers;
          (b) The transferee is duly licensed to undertake the business which it is to receive; and
          (c) The CBB is satisfied that the transfer will not breach any applicable laws or regulations, and would not create any supervisory concerns.
          May 2011

        • GR-4.1.4

          In assessing the criteria outlined in Paragraph GR-4.1.3, the CBB will, amongst other factors, take into account the financial strength of the transferee; its capacity to manage the business being transferred; its track record in complying with applicable regulatory requirements; and (where applicable) its track record in treating customers fairly. The CBB will also take into account the impact of the transfer on the transferor, and any consequences this may have for the transferor‟s remaining customers.

          May 2011

        • GR-4.1.5

          Licensees seeking to obtain the CBB's permission to transfer business must apply to the CBB in writing, in the form of a covering letter together with supporting attachments. Unless otherwise directed by the CBB, the application must provide:

          (a) Full details of the business to be transferred;
          (b) The rationale for the proposed transfer;
          (c) If applicable, an assessment of the impact of the transfer on any customers directly affected by the transfer, and any mitigating factors or measures;
          (d) If applicable, an assessment of the impact of the transfer on the transferor's remaining business and customers, and any mitigating factors or measures; and
          (e) Evidence that the proposed transfer has been duly authorised by the transferor (such as a certified copy of a Board resolution approving the transfer).
          May 2011

        • GR-4.1.6

          Licensees intending to apply to transfer business are advised to contact the CBB at the earliest possible opportunity, prior to submitting a formal application, in order that the CBB may determine the nature and level of documentation to be provided and the need for an auditor or other expert opinion to be provided to support the application. The documentation specified in Paragraph GR-4.1.6 may be varied by the CBB, depending on the nature of the proposed transfer, such as the materiality of the business concerned and its impact on customers.

          May 2011

        • GR-4.1.7

          The CBB's approval may be given subject to any conditions deemed appropriate by the CBB. In all cases where additional requirements are imposed, the CBB shall state the reasons for doing so.

          May 2011

        • GR-4.1.8

          At its discretion, the CBB may require that a notice of proposed transfer of business be published in the Official Gazette, and/or in at least two local daily newspapers (one in Arabic, the other in English), in order to give affected customers the right to comment on the proposed transfer. Where such a requirement has been imposed, the CBB's decision on the application will also be published in the Official Gazette and in at least two local daily newspapers. In all such cases, the costs of publication must be met by the transferor.

          May 2011

        • GR-4.1.9

          Publication under paragraph GR-4.1.8 will generally only be required where a proposed transfer involves a large number of customers or is otherwise deemed necessary in order to protect customer interests.

          May 2011

        • GR-4.1.10

          The requirements in this Chapter are based on the powers available to the CBB in Article 68 of the CBB Law.

          May 2011

    • GR-5 GR-5 Controllers

      • GR-5.1 GR-5.1 Key Provisions

        • GR-5.1.1

          Whenever they are aware of such cases, licensees must obtain prior approval from the CBB, as required under Paragraph BR-2.3.8, for any changes in the percentage holding of a controller or a new controller (as defined in Section GR-5.2).

          May 2011

        • GR-5.1.1A

          Licensees must not incur or otherwise have an exposure (either directly or indirectly) to their controllers, including subsidiaries and associated companies of such controllers.

          Added: April 2019

        • GR-5.1.1B

          For the purpose of Paragraph GR-5.1.1A, licensees that already have an exposure to controllers must have an action plan agreed with the CBB's supervisory point of contact to address such exposures within a timeline agreed with the CBB.

          Added: April 2019

        • GR-5.1.2

          Articles 52 to 56 of the CBB Law require notification to the CBB of all controllers of licensees and of listed companies; it further gives the CBB the right to refuse approval of controllers if deemed damaging to the interests of the market, customers, or in contravention of the criteria set by the CBB.

          May 2011

        • GR-5.1.3

          Requests for approval under Paragraph GR-5.1.1 must be made by submitting a duly completed Form 2 (Application for Authorisation of Controller) to the CBB. Notification must be made by the controller or intended controller, and by the licensee where it is aware of the change.

          May 2011

        • GR-5.1.4

          If, as a result of circumstances outside the licensee's knowledge and/or control, changes specified in Paragraph GR-5.1.1 are triggered prior to CBB approval being sought or obtained, the licensee must notify the CBB no later than 15 calendar days on which those changes have occurred.

          Amended: January 2017
          May 2011

        • GR-5.1.5

          For approval under Rule GR-5.1.1 to be granted, the applicant must satisfy the CBB that the proposed change in controller poses no undue risks to the licensee or its customers, and is not damaging to the interests of the market, as defined in the suitability criteria for controllers, contained in Section GR-5.3.

          May 2011

        • GR-5.1.6

          An approval of controller is valid for the period specified in the approval letter issued by the CBB. The CBB may impose any restrictions that it considers necessary to be observed when granting its approval.

          May 2011

        • GR-5.1.7

          The approval process is specified in Section GR-5.4.

          May 2011

        • GR-5.1.8

          Licensees must submit, within 3 months of their financial year-end, a report on their controllers. This report must identify all controllers of the licensee, as defined in Section GR-5.2.

          May 2011

      • GR-5.2 GR-5.2 Definition of Controller

        • GR-5.2.1

          A controller of a licensee is a natural or legal person who, either alone or with his associates:

          (a) Holds 10% or more of the shares in the licensee ('L'), or is able to exercise (or control the exercise of) more than 10% of the voting power in L; or
          (b) Holds 10% or more of the shares in a parent undertaking ('P') of L, or is able to exercise (or control the exercise of) more than 10% of the voting power in P; or
          (c) Is able to exercise significant influence over the management of L or P.
          May 2011

        • GR-5.2.2

          For the purposes of Paragraph GR-5.2.1, 'associate' includes:

          (a) In the case of natural persons, the spouse or child of the controller;
          (b) An undertaking of which a controller is a Director;
          (c) A person who is an employee or partner of the controller; and
          (d) If the controller is a corporate entity, a Director of the controller, a subsidiary of the controller, or a Director of any subsidiary undertaking of the controller.
          May 2011

        • GR-5.2.3

          Associate also includes any other person or undertaking with which the controller has entered into an agreement or arrangement as to the acquisition, holding or disposal of shares or other interests in the licensee, or under which they undertake to act together in exercising their voting power in relation to the licensee.

          May 2011

      • GR-5.3 GR-5.3 Suitability of Controllers

        • GR-5.3.1

          All new controllers or prospective controllers (as defined in Section GR-5.2) of a Bahraini specialised licensee must obtain the approval of the CBB. Any increases to existing controllers' holdings or voting control (as outlined under Paragraph BR-2.3.8) must also be approved by the CBB and are subject to the conditions outlined in this Section. Such changes in existing controllers (as defined in the Section GR-5.2) or new/prospective controllers of a licensee must satisfy the CBB of their suitability and appropriateness according to the criteria outlined in Paragraphs GR-5.3.2 to GR-5.3.5. The CBB will issue an approval notice or notice of refusal of a controller according to the approval process outlined in Section GR-5.4 and Paragraph GR-5.1.6.

          Amended: April 2012
          May 2011

        • GR-5.3.1A

          In line with Resolution No.(43) of 2011, the CBB may require, on a case-by-case basis, and at its sole discretion that at least one of the controllers is a regulated financial institution holding at least 20% of the licensee's shares.

          Added: April 2012

        • GR-5.3.2

          In assessing the suitability of controllers who are natural persons, the CBB has regard to their professional and personal conduct, including, but not limited to, the following:

          (a) The propriety of a person's conduct, whether or not such conduct resulted in conviction for a criminal offence, the contravention of a law or regulation, or the institution of legal or disciplinary proceedings;
          (b) A conviction or finding of guilt in respect of any offence, other than a minor traffic offence, by any court or competent jurisdiction;
          (c) Any adverse finding in a civil action by any court or competent jurisdiction, relating to fraud, misfeasance or other misconduct in connection with the formation or management of a corporation or partnership;
          (d) Whether the person has been the subject of any disciplinary proceeding by any government authority, regulatory agency or professional body or association;
          (e) The contravention of any financial services legislation or regulation;
          (f) Whether the person has ever been refused a license, authorisation, registration or other authority;
          (g) Dismissal or a request to resign from any office or employment;
          (h) Disqualification by a court, regulator or other competent body, as a Director or as a manager of a corporation;
          (i) Whether the person has been a Director, partner or manager of a corporation or partnership which has gone into liquidation or administration or where one or more partners or managers have been declared bankrupt whilst the person was connected with that partnership or corporation;
          (j) The extent to which the person, has been truthful and open with regulators;
          (k) Whether the person has ever been adjudged bankrupt, entered into any arrangement with creditors in relation to the inability to pay due debts, or failed to satisfy a judgement debt under a court order or has defaulted on any debts;
          (l) The financial resources of the person and the likely stability of their shareholding, and their track record as a controller or significant investor in financial institutions;
          (m) Existing Directorships or ownership of more than 20% of the capital or voting rights of any financial institution in the Kingdom of Bahrain or elsewhere, and the potential for conflicts of interest that such Directorships or ownership may imply;
          (n) The legitimate interests of investors, creditors and shareholders (including minority shareholders) of the licensee;
          (o) Whether the approval of a controller is or could be detrimental to Bahrain's financial sector; and
          (p) Whether the person is able to deal with existing shareholders and the Board in a constructive and co-operative manner.
          May 2011

        • GR-5.3.3

          Natural persons who intend to take a stake of 20% or more in a licensee are subject to enhanced scrutiny, given the CBB's position as home supervisor of such licensees. The level of scrutiny and the expected compliance with the above standards become more onerous as the level of proposed ownership increases. Natural persons will not normally be approved to take majority control (i.e. a stake of 50% or more of either the capital or voting rights) of a licensee.

          Amended: April 2012
          May 2011

        • GR-5.3.4

          In assessing the suitability of controllers who are legal persons, CBB has regard to their financial standing, judicial and regulatory record, and standards of business practice and reputation, including, but not limited to, the following:

          (a) The financial strength of the controller, its parent(s) and other members of its group, its implications for the licensee and the likely stability of the controller's shareholding;
          (b) Whether the controller or members of its group has ever entered into any arrangement with creditors in relation to the inability to pay due debts;
          (c) The controller's jurisdiction of incorporation, location of Head Office, group structure and close links, and the implications for the licensee as regards effective supervision of the licensee and potential conflicts of interest;
          (d) The controller's (and other group members') propriety and general standards of business conduct, including the contravention of any laws or regulations, or the institution of disciplinary proceedings by a government authority, regulatory agency or professional body;
          (e) Any adverse finding in a civil action by any court or competent jurisdiction, relating to fraud, misfeasance or other misconduct;
          (f) Any criminal actions instigated against the controller or other members of its group, whether or not this resulted in an adverse finding;
          (g) The extent to which the controller or other members of its group have been truthful and open with regulators and supervisors;
          (h) Whether the person has ever been refused a license, authorisation, registration or other authority;
          (i) The person's track record as a controller or investor in financial institutions;
          (j) The legitimate interests of investors, creditors and shareholders of the licensee;
          (k) Whether their approval as a controller is or could be detrimental to Bahrain's financial sector; and
          (l) Whether the person is able to deal with existing shareholders and the Board in a constructive manner.
          May 2011

        • GR-5.3.5

          Legal persons who intend to take a stake of 20% or more in a licensee are subject to enhanced scrutiny, given the CBB's position as home supervisor of such licensees. The level of scrutiny and of expected compliance with the above standards becomes more onerous as the level of proposed ownership increases. In particular, unregulated legal persons will not normally be approved to take majority control (i.e. a stake of 50% or more of either the capital or voting rights of a licensee, unless the proposed parent is a well-established business (that satisfies the above conditions), and its ownership would not pose undue conflicts of interest. Regulated legal persons will normally only be approved to take majority control where — in addition to the above conditions — the resulting group would be subject to effective consolidated supervision in accordance with relevant international standards; and the home supervisor of the parent entity has agreed to the proposed acquisition, as well as to the sharing of relevant prudential information for supervisory purposes (expressed, if necessary, through the signing of a Memorandum of Understanding between the CBB and the home supervisor, setting out their respective supervisory responsibilities).

          Amended: April 2012
          May 2011

        • GR-5.3.6

          The CBB may contact references and supervisory bodies in connection with any information provided to support an application for controller. The CBB may also ask for further information, in addition to that provided in the Form 2, if required to satisfy itself as to the suitability of the applicant.

          May 2011

      • GR-5.4 GR-5.4 Approval Process

        • GR-5.4.1

          Within 3 months of receipt of an approval request under Paragraph GR-5.1.1, the CBB will issue a written notice of approval (or of refusal, if it is not satisfied that the person concerned is suitable to become a controller of the licensee). The notice of refusal will specify the reasons for the objection and specify the applicant's right of appeal. Where an approval notice is given, it will specify the period for which it is valid and any conditions that may be applied.

          May 2011

        • GR-5.4.2

          Article 53 allows the CBB up to 3 months in which to respond to an application, although the CBB normally aims to respond within 30 calendar days. Notices of refusal have to be approved by an Executive Director of the CBB. The applicant has 30 calendar days from the date of a notice in which to appeal a decision to refuse the application or any conditions imposed as a condition of approval. The CBB then has 30 calendar days from the date of the appeal in which to consider any mitigating evidence submitted and make a final determination. See Module EN (Enforcement).

          May 2011

        • GR-5.4.3

          Where a person has become a controller by virtue of their shareholding in contravention of Paragraph GR-5.1.1, or a notice of refusal has been served on them under Paragraph GR-5.4.1 and the period of appeal has expired, the CBB may, by notice in writing served on the person concerned, instruct the person concerned to transfer such shares, or refrain from exercising voting rights in respect of such shares.

          May 2011

        • GR-5.4.4

          If the person concerned fails to take the action specified under Paragraph GR-5.4.3, then the CBB may seek a court order to take appropriate measures: these may include forcing the person to sell their shares.

          May 2011

        • GR-5.4.5

          The powers available to the CBB that are described in Paragraphs GR-5.4.3 and GR-5.4.4 are specified in Article 56 of the CBB Law.

          May 2011

        • GR-5.4.6

          In addition to the above requirements, licensees are encouraged to notify the CBB as soon as they become aware of events that are likely to lead to major changes in their controllers. Any supervisory implications of such changes can then be discussed prior to the filing of a formal approval request.

          May 2011

    • GR-6 GR-6 Close Links

      • GR-6.1 GR-6.1 Key Provisions

        • GR-6.1.1

          Condition 3 of the CBB‟s licensing conditions specifies, amongst other things, that licensees must satisfy the CBB that their close links do not prevent the effective supervision of the licensee and otherwise pose no undue risks to the licensee. (See Paragraph AU-2.3.1).

          May 2011

        • GR-6.1.2

          Applicants for a license must provide details of their close links, as provided for under Form 1 (Application for a License). (See Paragraph AU-5.1.1).

          May 2011

        • GR-6.1.3

          Licensees must submit to the CBB, within 3 months of their financial year-end, a report on their close links. The report must identify all undertakings closely linked to the licensee, as defined in Section GR-6.2.

          May 2011

      • GR-6.2 GR-6.2 Definition of Close Links

        • GR-6.2.1

          A licensee ('L') has close links with another undertaking ('U'), if:

          (a) U is a parent undertaking of L;
          (b) U is a subsidiary undertaking of L;
          (c) U is a subsidiary undertaking of a parent undertaking of L;
          (d) U, or any other subsidiary undertaking of its parent, owns or controls 20% or more of the voting rights or capital of L; or
          (e) L, any of its parent or subsidiary undertakings, or any of the subsidiary undertakings of its parent, owns or controls 20% or more of the voting rights or capital of U.
          May 2011

      • GR-6.3 GR-6.3 Assessment Criteria

        • GR-6.3.1

          In assessing whether a licensee's close links may prevent the effective supervision of the firm, or otherwise poses no undue risks to the licensee, the CBB takes into account the following:

          (a) Whether the CBB will receive adequate information from the licensee, and those with whom the licensee has close links, to enable it to determine whether the licensee is complying with CBB requirements;
          (b) The structure and geographical spread of the licensee, its group and other undertakings with which it has close links, and whether this might hinder the provision of adequate and reliable flows of information to the CBB, for instance because of operations in territories which restrict the free flow of information for supervisory purposes; and
          (c) Whether it is possible to assess with confidence the overall financial position of the group at any particular time, and whether there are factors that might hinder this, such as group members having different financial year ends or auditors, or the corporate structure being unnecessarily complex and opaque.
          May 2011

    • GR-7 GR-7 Cessation of Business

      • GR-7.1 GR-7.1 CBB Approval

        • GR-7.1.1

          As specified in Article 50 of the CBB Law, a licensee wishing to cease to provide or suspend all or any of its licensed regulated services, completely or at any of its branches, must obtain prior written approval from the CBB.

          Amended: April 2012
          May 2011

        • GR-7.1.2

          If the licensee wishes to transfer client assets to a third party, it must also comply with the requirements contained in Chapter GR-4.

          Amended: April 2012
          May 2011

        • GR-7.1.2A

          If the licensee wishes to liquidate its business, the CBB will revise its license to restrict the firm from entering into new business. The licensee must continue to comply with all applicable CBB requirements until such time as it is formally notified by the CBB that its obligations have been discharged and that it may surrender its license.

          Added: April 2012

        • GR-7.1.3

          Licensees seeking to obtain the CBB's permission to cease business must apply to the CBB in writing, in the form of a formal request together with supporting documents. Unless otherwise directed by the CBB, the following requirements must be provided in support of the request:

          (a) Full details of the business to be terminated;
          (b) The rationale for the cessation;
          (c) How the licensee proposes to cease business;
          (d) Notice of an Extraordinary Meeting setting out the agenda to discuss and approve the cessation, and inviting the CBB for such meeting;
          (e) Evidence that the proposed cessation has been duly authorised by the licensee (such as a certified copy of a Board resolution approving the cessation);
          (f) Formal request to the CBB for the appointment of a liquidator acceptable to the CBB;
          (g) A cut-off date by which the licensee will stop its operations;
          (h) If the licensee wishes to cease its whole business, confirmation that the licensee will not enter into new business with effect from the cut-off date;
          (i) Once the CBB has given its approval to an application to cease business, the licensee must publish a notice of its intention to cease business in two local daily newspapers (one in Arabic, the other in English). Notices must also be displayed in the premises (including any branch offices) of the licensee concerned. These notices must be given not less than 30 calendar days before the cessation is to take effect, and must include such information as the CBB may specify;
          (j) The audited accounts of the licensee as of the last date on which it stopped operations. The commencement of such accounts should be the beginning of the financial year of the licensee;
          (k) If applicable, an assessment of the impact of the cessation on any customers directly affected by the cessation, and any mitigating factors or measures;
          (l) If applicable, an assessment of the impact of the cessation on the licensee's remaining business and customers, and any mitigating factors or measures; and
          (m) The final liquidator's report of the licensee.
          Amended: April 2012
          May 2011

        • GR-7.1.4

          Licensees intending to apply to cease business are advised to contact the CBB at the earliest possible opportunity, prior to submitting a formal application, in order that the CBB may determine the nature and level of documentation to be provided and the need for an auditor or other expert opinion to be provided to support the application. The documentation specified in Paragraph GR-7.1.3 may be varied by the CBB, depending on the nature of the proposed cessation, such as the materiality of the business concerned and its impact on customers.

          May 2011

        • GR-7.1.5

          Approval to cease business will generally be given where adequate arrangements have been made to offer alternative arrangements to any affected customers. The CBB's approval may be given subject to any conditions deemed appropriate by the CBB. In all cases where additional requirements are imposed, the CBB shall state the reasons for doing so.

          May 2011

        • GR-7.1.6

          The notice referred to in Subparagraph GR-7.1.3 (i) must include a statement that written representations concerning the liquidation may be submitted to the CBB before a specified day, which shall not be later than thirty calendar days after the day of the first publication of the notice. The CBB will not decide on the application until after considering any representations made to the CBB before the specified day.

          Amended: April 2012
          May 2011

        • GR-7.1.7

          Upon satisfactorily meeting the requirements set out in GR-7.1.3, the licensee must surrender the original license certificate issued by the Licensing Directorate at the time of establishment, and submit confirmation of the cancellation of its Commercial Registration from the Ministry of Industry and Commerce.

          Amended: April 2020
          Added: May 2011

        • GR-7.1.8

          Where the CBB has given its approval to cancel or amend a license, then it will also publish its decision in the Official Gazette, as well as in two local daily newspapers (one in Arabic, the other in English), once this decision has been implemented.

          Amended: April 2012
          May 2011

        • GR-7.1.8A

          The publication cost of the notices referred to in Paragraph GR-7.1.8 is to be met by the licensee concerned.

          Added: April 2012

        • GR-7.1.9

          The licensee must continue to comply with all applicable CBB requirements, until such time as it is formally notified by the CBB that its obligations have been discharged.

          May 2011

        • GR-7.1.10

          A licensee in liquidation must continue to meet its contractual and regulatory obligations to customers and creditors.

          May 2011

        • GR-7.1.11

          If no objections to the liquidation are upheld by the CBB, the CBB may then issue a written notice of approval for the surrender of the license.

          Added: April 2012

        • GR-7.1.12

          Upon satisfactorily meeting the requirements set out in GR-7.1.3, the licensees must surrender the original license certificate issued by the Licensing Directorate at the time of establishment, and submit confirmation of the cancellation of its commercial registration from the Ministry of Industry, Commerce and Tourism.

          Amended: April 2020
          Added: October 2016

    • GR-8 GR-8 Professional Indemnity Coverage

      • GR-8.1 GR-8.1 Key Provisions

        • GR-8.1.1

          Licensees must maintain professional indemnity coverage. The professional indemnity coverage must be obtained from an insurance firm acceptable to the CBB and licensed in the Kingdom of Bahrain.

          May 2011

        • GR-8.1.2

          Upon request, licensees must provide to the CBB evidence of the coverage in force required under Paragraph GR-8.1.1.

          May 2011

        • GR-8.1.3

          A licensee is encouraged to assess its insurance needs, through professional advice, to ensure its adequacy to the level of business undertaken, notwithstanding the minimum limit of indemnity.

          May 2011

        • GR-8.1.4

          The minimum limit of indemnity is BD 75,000.

          May 2011

        • GR-8.1.5

          The maximum excess or deductible allowable under the policy shall be BD 15,000.

          May 2011

        • GR-8.1.6

          In accordance with Paragraph EN-B.3.1, licensees may not enter into or make a claim under a contract of insurance that is intended to, or has the effect of, indemnifying them from the financial penalties provided for in Module EN.

          May 2011

        • GR-8.1.7

          The requirement to maintain insurance coverage will normally be met by the licensee concerned obtaining an insurance policy from an insurance firm. The CBB may also accept an insurance policy issued at group level, e.g. issued with respect to the parent of the licensee, provided the terms of the policy explicitly provide coverage with respect to the licensee.

          May 2011

        • GR-8.1.8

          Unless otherwise agreed in writing with the CBB, the policy must contain a clause that it may not be cancelled or lapsed without the prior approval of the CBB. The policy must also contain a provision for an automatic extended reporting period in the event that the policy is cancelled or lapsed, such that claims relating to the period during which the policy was in force may subsequently still be reported.

          May 2011

    • GR-9 GR-9 Outsourcing Risk

      • GR-9.1 GR-9.1 Outsourcing Risk

        • GR-9.1.1

          Licensees must identify all material outsourcing contracts and ensure that the risks associated with such contracts are adequately controlled. In particular, licensees must comply with the specific requirements set out in this Chapter.

          May 2011

        • GR-9.1.2

          Outsourcing means an arrangement whereby a third party performs on behalf of a licensee an activity that was previously undertaken by the licensee itself (or in the case of a new activity, one which ordinarily would have been performed internally by the licensee). Examples of services that are typically outsourced include data processing, cloud services, customer call centres and back-office related activities.

          Amended: October 2017
          May 2011

        • GR-9.1.3

          For purposes of GR-9.1.1, a contract is 'material' where, if it failed in any way, it would pose significant risks to the on-going operations of a licensee, its reputation and/or the quality of service provided to its customers. For instance, the outsourcing of all or a substantial part of functions such as customer sales and relationship management, settlements and processing, IT and data processing and financial control, would normally be considered "material". Management should carefully consider whether a proposed outsourcing arrangement falls under this Chapter's definition of "material". If in doubt, management should consult with the CBB.

          May 2011

        • GR-9.1.3A

          For outsourcing services that are not considered material outsourcing arrangements, licenses must submit a written notification to the CBB before committing to the new outsourcing arrangement.

          Added: October 2017

        • GR-9.1.4

          Licensees must retain ultimate responsibility for functions or activities that are outsourced. In particular, licensees must ensure that they continue to meet all their regulatory obligations with respect to outsourced activities.

          May 2011

        • GR-9.1.5

          Licensees must not contract out their regulatory obligations and must take reasonable care to supervise the discharge of outsourced functions, if any.

          May 2011

      • Supervisory Approach

        • GR-9.1.6

          Licensees must seek the CBB's prior written approval before committing to a new material outsourcing arrangement.

          Amended: October 2017
          May 2011

        • GR-9.1.7

          Licensees may not outsource their core business function or activities to third parties.

          May 2011

        • GR-9.1.8

          The prior approval request in GR-9.1.6 must:

          (a) Be made in writing to the licensee's normal supervisory contact; and
          (b) Contain sufficient detail to demonstrate that relevant issues raised in this Chapter have been addressed; and
          (c) Be made at least 6 weeks before the licensee intends to commit to the arrangement.
          May 2011

        • GR-9.1.9

          The CBB will review the information provided and provide a definitive response within a reasonable period of time of receiving the request for approval. The CBB may also contact home or host supervisors to seek their comments — in such cases, the 6 week turnaround is also subject to the speed of their response.

          Amended: October 2017
          May 2011

        • GR-9.1.10

          Once an activity has been outsourced, a licensee must continue to monitor the associated risks and the effectiveness of its mitigating controls.

          May 2011

        • GR-9.1.11

          Licensees must immediately inform their normal supervisory contact at the CBB of any material problems encountered with an outsourcing provider. The CBB may direct the licensee to make alternative arrangements for the outsourced activity.

          Amended: October 2017
          May 2011

        • GR-9.1.11A

          The CBB reserves the right to require a licensee to terminate or make alternative outsourcing arrangements if, among other reasons, the confidentiality of its customer information was, or is likely to be, breached or the ability of the CBB to carry out its supervisory functions in view of the outsourcing arrangement cannot be assured or executed.

          Added: October 2017

        • GR-9.1.12

          The CBB requires ongoing access to the outsourced activity, which it may occasionally want to examine itself, through management meetings or on-site examinations.

          May 2011

      • Risk Assessment

        • GR-9.1.13

          Licensees must undertake a thorough risk assessment of an outsourcing proposal, before formally notifying the CBB and committing itself to an agreement.

          May 2011

        • GR-9.1.14

          Before entering into, or significantly changing, an outsourcing arrangement, a licensee should:

          (a) Analyse how the arrangement will fit with its organisation and reporting structure; business strategy; overall risk profile; and ability to meet its regulatory obligations;
          (b) Consider whether the agreements establishing the arrangement will allow it to monitor and control its operational risk exposure relating to the outsourcing;
          (c) Conduct appropriate due diligence of the service provider's financial stability and expertise;
          (d) Consider how it will ensure a smooth transition of its operations from its current arrangements to a new or changed outsourcing arrangement (including what will happen on the termination of the contract); and
          (e) Consider any concentration risk implications such as the business continuity implications that may arise if a single service provider is used by several firms.
          May 2011

        • GR-9.1.15

          In negotiating its contract with a service provider, a licensee should have regard to:

          (a) Reporting or notification requirements it may wish to impose on the service provider;
          (b) Whether sufficient access will be available to its internal auditor, external auditor and to the CBB;
          (c) Information ownership rights, confidentiality agreements and Chinese walls to protect customer and other information (including arrangements at the termination of the contract);
          (d) The adequacy of any guarantees and indemnities;
          (e) The extent to which the service provider must comply with the licensee's policies and procedures (covering, for example, information security);
          (f) The extent to which a service provider will provide business continuity for outsourcing operations, and whether exclusive access to its resources is agreed;
          (g) The need for continued availability of software following difficulty at a third party supplier; and
          (h) The processes for making changes to the outsourcing arrangement (for example, changes in processing volumes, activities and other contractual terms) and the conditions under which the licensee or service provider can choose to change or terminate the outsourcing arrangement, such as where there is:
          (i) A change of ownership or control (including insolvency or receivership) of the service provider or firm;
          (ii) Significant change in the business operations (including subcontracting) of the service provider or firm; or
          (iii) Inadequate provision of services that may lead to the firm being unable to meet its regulatory obligations.
          May 2011

        • GR-9.1.16

          Licensees must maintain and regularly review contingency plans to enable them to set up alternative arrangements — with minimum disruption to business — should the outsourcing contract be suddenly terminated or the outsourcing provider fail. This may involve the identification of alternative outsourcing providers or the provision of the service in-house. These plans should consider how long the transition would take and what interim arrangements would apply.

          Amended: October 2017
          May 2011

        • GR-9.1.17

          A licensee must nominate a relevant approved person within the licensee to handle the responsibility of the day-to-day relationship with the outsourcing provider and to ensure that relevant risks are addressed. The CBB should be informed of the designated individual as part of the request for prior approval required under Rule GR-9.1.6. Any subsequent replacement of such person must also be notified to the CBB.

          Amended: October 2017
          May 2011

        • GR-9.1.18

          All material outsourcing arrangements by a licensee must be the subject of a legally enforceable contract. Where the outsourcing provider interacts directly with a licensee's customers, the contract must — where relevant — reflect the licensee's own standards regarding client care. Once an outsourcing agreement has been entered into, licensees must regularly review the suitability of the outsourcing provider and the on-going impact of the agreement on their risk profile and systems and controls framework.

          May 2011

      • GR-9.2 GR-9.2 Outsourcing Agreement

        • GR-9.2.1

          The activities to be outsourced and respective contractual liabilities and obligations of the outsourcing provider and licensee must be clearly specified in an outsourcing agreement. This agreement must — amongst other things — address the issues identified below in this Section.

          Amended: October 2017
          May 2011

        • Control over Outsourced Activities

          • GR-9.2.2

            The Board and management of licensees are held ultimately responsible by the CBB for the adequacy of systems and controls in outsourced activities. Licensees must therefore ensure they have adequate mechanisms for monitoring the performance of, and managing the relationship with, the outsourcing provider.

            Amended: October 2017
            May 2011

          • GR-9.2.3

            Clear reporting and escalation mechanisms must be specified in the agreement.

            May 2011

          • GR-9.2.4

            Where an outsourcing provider in turn decides to sub-contract to other providers, CBB's prior written approval must be obtained, and the original provider must remain contractually liable to the licensee for the quality and level of service agreed, and its obligations to the licensee must remain unchanged.

            Amended: October 2017
            May 2011

        • Customer Data Confidentiality

          • GR-9.2.5

            Licensees must ensure that outsourcing agreements comply with all applicable legal requirements regarding customer confidentiality.

            May 2011

          • GR-9.2.6

            Licensees must ensure that the outsourcing provider implements adequate safeguards and procedures.

            May 2011

          • GR-9.2.7

            For the purposes of GR-9.2.6, the implementation of adequate safeguards would include the proper segregation of customer data from those belonging to other customers of the outsourcing provider. Outsourcing providers should give suitable undertakings that the company and its staff will comply with all applicable confidentiality rules. Licensees should have contractual rights to take action against the service provider in the event of breach of confidentiality.

            May 2011

          • GR-9.2.8

            Licensees must ensure that they retain title under any outsourcing agreements for data, information and records that form part of the prudential records of the licensee.

            May 2011

          • GR-9.2.9

            Licensees must assess the impact of using an overseas-based outsourcing provider on their ability to maintain customer data confidential, for instance, because of the powers of local authorities to access such data.

            May 2011

        • Access to Information

          • GR-9.2.10

            Outsourcing agreements must ensure that the licensee's internal and external auditors have timely access to any relevant information they may require to fulfil their responsibilities. Such access must allow them to conduct on-site examinations of the outsourcing provider, if required.

            May 2011

          • GR-9.2.11

            Licensees must also ensure that the CBB inspectors and appointed experts have timely access to any relevant information they may reasonably require to fulfil its responsibilities under the law. Such access must allow the CBB to conduct on-site examinations of the outsourcing provider, if required.

            Amended: October 2017
            May 2011

          • GR-9.2.12

            Where the outsourcing provider is based overseas, the outsourcing provider must confirm in the outsourcing agreement that there are no regulatory or legal impediments to either the licensee's internal and external auditors, or the CBB inspectors and appointed experts, having the access described in GR-9.2.10 and GR-9.2.11 above. Should such restrictions be imposed, the licensee must communicate this fact to the CBB as soon as it becomes aware of the matter.

            Amended: October 2017
            May 2011

          • GR-9.2.13

            The outsourcing provider must commit itself, in the outsourcing agreement, to informing the licensee of any developments that may have a material impact on its ability to meet its obligations. These may include, for example, relevant control weaknesses identified by the outsourcing provider's internal or external auditors, and material adverse developments in the financial performance of the outsourcing provider.

            Amended: October 2017
            May 2011

        • Business Continuity

          • GR-9.2.14

            Licensees must ensure that service providers maintain, regularly review and test plans to ensure continuity in the provision of the outsourced service.

            May 2011

          • GR-9.2.15

            Licensees must have an adequate understanding of the outsourcing provider's contingency arrangements, to understand the implications for the licensee's own contingency arrangements.

            May 2011

        • Termination

          • GR-9.2.16

            Licensees must have a right to terminate the agreement should the outsourcing provider:

            (a) Undergo a change of ownership (whether direct or indirect) that poses a potential conflict of interest;
            (b) Becomes insolvent; or
            (c) Goes into liquidation or administration.
            May 2011

          • GR-9.2.17

            Termination under any other circumstances allowed under the agreement must give licensees a sufficient notice period in which they can effect a smooth transfer of the service to another provider or bring it back in-house.

            May 2011

          • GR-9.2.18

            In the event of termination, for whatever reason, the agreement must provide for the return of all customer data — where required by licenseesor destruction of the records.

            Amended: October 2017
            May 2011

        • Cloud Services

          • GR-9.2.19

            For the purpose of outsourcing of cloud services, licensees must ensure that, at a minimum, the following security measures are in place:

            (a) Customer information must be encrypted and licensees must ensure that all encryption keys or similar forms of authentication are kept secure within the licensee's control;
            (b) A secure audit trail must be maintained for all actions performed at the cloud services outsourcing provider;
            (c) A comprehensive change management procedure must be developed to account for future changes to technology with adequate testing of such changes;
            (d) The licensee's data must be logically segregated from other entities data at the outsourcing service provider's platform;
            (e) The cloud service provider must provide information on measures taken at its platform to ensure adequate information security, data security and confidentiality, including but not limited to forms of protection available against unauthorized access and incident management process in cases of data breach or data loss; and
            (f) The right to release customer information/data in case of foreign government/court orders must be the sole responsibility of the licensee, subject to the CBB Law.
            Added: October 2017

      • GR-9.3 GR-9.3 Intra-Group Outsourcing

        • GR-9.3.1

          As with outsourcing to non-group companies, the Board and management of licensees are held ultimately responsible by the CBB for the adequacy of systems and controls in activities outsourced to group companies.

          May 2011

        • GR-9.3.2

          However, the degree of formality required — in terms of contractual agreements and control mechanisms — for outsourcing within a licensee's group is likely to be less, because of common management and enhanced knowledge of other group companies.

          May 2011

        • GR-9.3.3

          Licensees must obtain CBB prior written approval before committing to a material intra-group outsourcing. The request for approval must be made in writing to the licensee's normal supervisory contact at least 6 weeks prior to committing to the outsourcing, and must set out a summary of the proposed outsourcing, its rationale, and an analysis of its associated risks and proposed mitigating controls.

          Amended: October 2017
          May 2011

        • GR-9.3.4

          The CBB will respond to the request for approval in the same manner and timescale as set out in RM-7.1.8 above.

          Amended: October 2017
          May 2011

        • GR-9.3.5

          The CBB expects, as a minimum, an agreed statement of the standard of service to be provided by the group provider, including a clear statement of responsibilities allocated between the group provider and licensee.

          May 2011

        • GR-9.3.6

          The CBB also expects a licensee's management to have addressed the issues of customer confidentiality, access to information and business continuity.

          May 2011

        • GR-9.3.7

          Licensees may not outsource their core business activities, including the internal audit function, to their group.

          May 2011

      • GR-9.4 GR-9.4 Internal Audit Outsourcing

        • GR-9.4.1

          Licensees may not outsource their internal audit function to the same firm that acts as their external auditor.

          May 2011

        • GR-9.4.2

          Licensees may outsource their internal audit function for a maximum period of one year, following which a licensee is expected to establish an internal audit function commensurate with the nature, scale and complexity of its business.

          May 2011

        • GR-9.4.3

          The CBB will only consider a licensee not having a separate internal audit function where its activities are limited in scale and complexity. In such case, it may continue to outsource this function for a period determined by the CBB.

          May 2011

        • GR-9.4.4

          In all circumstances, Board and management of licensees must retain responsibility for ensuring that an adequate internal audit programme is implemented, and will be held accountable in this respect by the CBB.

          May 2011

        • GR-9.4.5

          Due to the critical importance of an effective internal audit function to an licensee's control framework, all proposals to outsource internal audit operations are to be considered 'material outsourcing agreements'.

          May 2011