Back Custom print Link Text Only Rich Text Print

  • AU-1 AU-1 Authorisation Requirements

    • AU-1.1 AU-1.1 Ancillary Service Provider Licensees

      • General Prohibitions

        • AU-1.1.1

          No person may:

          (a) Undertake (or hold themselves out to undertake) regulated ancillary services, by way of business within or from the Kingdom of Bahrain unless duly licensed by the CBB;
          (b) Hold themselves out to be licensed by the CBB unless they have as a matter of fact been so licensed; or
          (c) Market any financial services in the Kingdom of Bahrain unless:
          (i) Allowed to do so by the terms of a license issued by the CBB;
          (ii) The activities come within the terms of an exemption granted by the CBB by way of a Directive; or
          (iii) Has obtained the express written permission of the CBB to offer financial services.
          April 2016

        • AU-1.1.2

          In accordance with Resolution No.(16) for the year 2012 and for the purpose of Subparagraph AU-1.1.1(c), the word 'market' refers to any promotion, offering, announcement, advertising, broadcast or any other means of communication made for the purpose of inducing recipients to purchase or otherwise acquire financial services in return for monetary payment or some other form of valuable consideration.

          April 2016

        • AU-1.1.3

          Persons in breach of Subparagraph AU-1.1.1(c) are considered in breach of Resolution No.(16) for the year 2012 and are subject to penalties under Articles 129 and 161 of the CBB Law (see also Section EN-9.3).

          April 2016

      • Licensing

        • AU-1.1.4

          Persons wishing to be licensed to undertake any of the regulated ancillary services within or from the Kingdom of Bahrain must apply in writing to the CBB. An application for a license must be in the form prescribed by the CBB as indicated in Chapter AU-4.

          April 2016

        • AU-1.1.5

          An application for a license must be in the form prescribed by the CBB (Form 1) and must contain:

          (a) A business plan specifying the type of business to be conducted;
          (b) Application forms (Form 2) for all controllers; and
          (c) Application forms (Form 3) for all controlled functions.
          April 2016

        • AU-1.1.6

          The CBB will review the application and duly advise the applicant in writing when it has:

          (a) Granted the application without conditions;
          (b) Granted the application subject to conditions specified by the CBB; or
          (c) Refused the application, stating the grounds on which the application has been refused and the process for appealing against that decision.
          April 2016

        • AU-1.1.7

          Detailed rules and guidance regarding information requirements and processes for license applications can be found in Section AU-4.1. As specified in Paragraph AU-4.1.14, the CBB will provide a formal decision on license application within 60 calendar days of all required documentation having been submitted in a form acceptable to the CBB.

          April 2016

        • AU-1.1.8

          In granting new licenses, the CBB will specify the specific categories of regulated ancillary service for which a license has been granted.

          April 2016

        • AU-1.1.9

          All applicants for ancillary service provider license must satisfy the CBB that they meet, by the date of their license, the minimum conditions for licensing, as specified in Chapter AU-2. Once licensed, licensees must be in compliance with these criteria on an on-going basis.

          April 2016

    • AU-1.2 AU-1.2 Definition of Regulated Ancillary Services

      • AU-1.2.1

        Regulated ancillary services are any of the following activities, carried on by way of business:

        (a) Permitted services undertaken by third party administrators (TPA);
        (b) Card processing;
        (c) Services undertaken by Credit reference bureau;
        (d) Permitted payment services provided by payment service provider (PSP);
        (e) Shari'a advisory/review services;
        (ee) Permitted activities of a crowdfunding platform operator;
        (f) Providing account information services;
        (g) Providing payment initiation services; and
        (h) Any other ancillary services that are related to the financial services industry.
        Amended: October 2019
        Amended: December 2018
        Amended: October 2017
        April 2016

      • AU-1.2.2 AU-1.2.2

        For the purposes of Paragraph AU-1.2.1, carrying on a regulated ancillary service by way of business means:

        (a) Undertaking any of the regulated ancillary service activities as defined in Section AU-1.2, for commercial gain; or
        (b) Holding oneself out as willing and able to engage in such activities.
        Amended: October 2019
        April 2016

        • AU-1.2.1A

          Where licensees are undertaking regulated activities in accordance with Shari'a, all transactions and contracts concluded by licensees must comply with Sharia standards issued by the Accounting and Auditing Organisation for Islamic Financial Institutions (AAOIFI). The validity of the contract or transaction is not impacted, if at a later date, the relevant AAOIFI Sharia standards are amended.

          Added: October 2020

        • AU-1.2.3

          While Paragraph AU-1.2.1 covers different activities under regulated ancillary services, only the license itself will specify the list of activities the licensee has been authorised to carry out. For existing ancillary service providers at April 2016, no new license will be issued.

          April 2016

        • Third Party Administrators (TPAs)

          • AU-1.2.4

            TPA refers to processing claims in connection with insurance coverage offered by insurance firms.

            April 2016

          • AU-1.2.5

            Notwithstanding Paragraph AU-1.2.4, TPAs are also allowed to offer their services to self-funded schemes outside Bahrain.

            Amended: October 2019
            April 2016

          • AU-1.2.5A

            When TPAs process claims for insurance firms, the CBB regards this activity as an outsourced activity and insurance firms should refer to Chapter RM-7 Outsourcing Risk under Volume 3 (Insurance) of the CBB Rulebook.

            April 2016

        • Card Processing

          • AU-1.2.5

            Card processing includes:

            (a) The act of processing or transmitting debit/credit/prepaid card holder and transaction related data;
            (b) Integrating customer delivery channels to enterprises to enable data transactions at delivery channels (e.g. ATMs, POS, Interactive Voice Response, mobile, internet);
            (c) Hosting and managing card program;
            (d) Approving and authenticating payment transactions as per financial institutions rules;
            (e) Providing technical service support for E-commerce and M-commerce transactions;
            (f) Interfacing with external networks/institutions (e.g. national switch, VISA, MasterCard), enabling automated exchange of transactions between the enterprise and external networks;
            (g) Reporting and customising reporting engine;
            (h) Call centre outsourcing services; and
            (i) Online and mobile portals for bank customers.
            April 2016

        • Credit Reference Bureau

          • AU-1.2.6

            A credit reference bureau is a company licensed by the CBB as an ancillary services provider that receives, stores, analyses and classifies the credit information of customers and issues credit reports and provides the members of the credit reference bureau with such reports upon their request.

            April 2016

          • AU-1.2.7

            For purposes of Paragraph AU-1.2.6, 'customers' refers to customers of the members of the credit reference bureau as defined under Article (68 bis) b) 3) of the CBB Law.

            April 2016

        • Payment Service Provider ("PSP")

          • AU-1.2.8

            Payment service providers, may act as an intermediary for the following services:

            (a) Services enabling cash to be placed in clients' money account and all of the operations required for operating the account;
            (b) Services enabling cash withdrawals from clients' money account and all of the operations required for operating the account;
            (c) The settlement of the direct debits of payment transactions;
            (d) Integrating customer delivery channels to enterprises to enable transactions at delivery channels (e.g. ATMs, POS, Interactive Voice Response, mobile, internet); and
            (e) Interfacing with external networks/institutions (e.g. national switch, VISA, MasterCard), enabling automated exchange of transactions between the enterprise and external networks.
            Amended: January 2019
            Amended: April 2017
            April 2016

          • AU-1.2.9

            Payment service providers also facilitate the payment of high volume periodic/repetitive bills (e.g. utility bills, phone bills etc), and customer initiated payments.

            April 2016

          • AU-1.2.10

            For purposes of Paragraph AU-1.2.8, clients' money account is defined as an account held in a retail bank which is used for the execution of payment transactions. The CBB has the right to stop this clients' money account at any time.

            Amended: January 2019
            April 2016

          • AU-1.2.10A

            When issuing any multi-purpose, electronic or otherwise, pre-paid cards, payment service providers must comply with the following requirements:

            (a) The maximum balance limit under each natural person must not exceed BD2,500;
            (bb) The maximum balance limit for each legal person must not exceed BD10,000 (Loading and transaction size).
            (b) The payment service provider must obtain a bank guarantee of BD100,000 from a retail bank licensed in the Kingdom of Bahrain; instead of the bank guarantee amount required under Paragraph AU-4.1.12.
            (c) Comply with all the requirements outlined under Module FC (Financial Crime);
            (d) All pre-paid plastic cards must be EMV compliant (chip and PIN and online authentication);
            (e) Any pre-paid card which is inactive for a period of six months must be placed in a dormant list; and
            (f) All transactions on pre-paid cards must be made through the client money account with a retail bank in Bahrain (See also Chapter GR-15, Client Money Requirements).
            Amended: April 2023
            Amended: July 2022
            Amended: January 2019
            Amended: October 2018
            Amended: October 2017
            Added: April 2017

          • AU-1.2.10B

            In addition to the requirements listed under Paragraph AU 1.2.10A, Payment service providers must maintain up to date Payment Card Industry Data Security Standards (PCI-DSS) certification. The initial certification must be obtained by 31st December 2017.

            Added: April 2017

          • AU-1.2.10C

            In order to maintain up to date PCI-DSS certification, payment service providers will be periodically audited by PCI authorised companies for compliance. Licensees are asked to make certified copies of such documents available if requested by the CBB.

            Added: April 2017

          • AU-1.2.11

            When a customer load cash into the card through kiosk or company/bank counter, the payment service provider must update the amount into the card immediately, and must deposit the relevant cash amount into the clients' money account within 24 hours.

            Amended: January 2019
            Amended: April 2017
            April 2016

          • AU-1.2.11A

            When owning or operating Cash Dispensing Machines (CDM) or Kiosks, payment service providers must comply with the requirements stated in Paragraphs AU-1.2.11B to Paragraph AU-1.2.11I.

            Added: April 2019

          • AU-1.2.11B

            Payment service providers must obtain CBB's prior written approval for owning or operating any Cash Dispensing Machine (CDM) or Kiosk.

            Added: April 2019

          • AU-1.2.11C

            Payment service providers must submit a written application to the Supervisory Point of Contact (SPoC) at the CBB, detailing the type of CDM or Kiosk, the proposed location(s) and the proposed security measures.

            Added: April 2019

          • AU-1.2.11D

            The application referred to in Paragraph AU-1.2.11C will be assessed on its individual merits, and at the CBB's sole discretion, taking into account factors which the CBB considers relevant including, but not limited to:

            (a) The suitability of the location(s) in question;
            (b) The level of overall activities of the applicant in the market as well as the size and make-up of its customer base; and
            (c) The type and range of facilities which the applicant proposes to offer through the CDM or Kiosk at the proposed location(s).
            Added: April 2019

          • AU-1.2.11E

            In addition to the information required by the CBB, further information/clarification may be requested by the CBB before it takes a decision regarding the application. The CBB's decision in this regard will be communicated to the applicant payment service provider in writing.

            Added: April 2019

          • AU-1.2.11F

            CDMs or Kiosks may be owned individually or jointly by ancillary service providers.

            Added: April 2019

          • AU-1.2.11G

            Payment service providers must not charge their customers for cash withdrawal transactions. When a customer uses CDMs, Kiosks or ATMs belonging to other banks or PSPs, the acquiring PSP/ bank may apply a charge capped at 100 fils per transaction to the issuing PSP.

            Added: April 2019

          • AU-1.2.11H

            Payment service providers must obtain the CBB's prior written approval for the termination/suspension of any of its CDMs or Kiosks.

            Added: April 2019

          • AU-1.2.11I

            The CBB may, at its sole discretion, require a payment service provider to terminate/suspend a CDM or Kiosk at any time.

            Added: April 2019

          • AU-1.2.11J

            Payment service providers must ensure they have a robust internal technological infrastructure and direct technical access to the EFTS, on an uninterrupted basis (24 X 7 days and 365 days in the year), to send, authorise and receive Fawri+/Fawateer direct credits on a real-time basis.

            Amended: April 2019
            Added: October 2018

          • AU-1.2.11K

            Payment service providers must maintain a daily value limit of BD1,000 for the total Fawri+ and Fawateer transactions (with assured immediate finality, i.e. within 30 seconds) for each STV card/IBAN account per day.

            Amended: April 2019
            Added: October 2018

          • AU-1.2.11L

            [This Paragraph was moved to BR-1.1.6 in July 2020].

            Amended: July 2020
            Amended: April 2019
            Added: January 2019

        • Shari'a Advisory/Review Services

          • AU-1.2.12

            Shari'a advisory/review services refer to:

            (a) Regular assessment on Shari'a compliance in the activities and operations of Islamic financial institutions or any financial institution offering regulated Islamic financial services, by those qualified to offer Shari'a review services, with the objective of ensuring that the activities and operations carried out by these financial institutions do not contravene the Shari'a principles. The services include the examination and evaluation of the financial institutions' level of compliance to the Shari'a, remedial rectification measures to resolve non-compliance and control mechanism to avoid recurrences. The examination includes contracts, agreements, policies, products, transactions, memorandum and articles of association, financial statements and reports;
            (b) Issuance of Shari'a pronouncements on any aspect of the Islamic financial institution's activities or operations; and
            (c) Ad-hoc Shari'a advisory services for products and services governed by financial services.
            April 2016

          • AU-1.2.13

            In offering Shari'a advisory/review services, the licensee must not offer services to the same client where this may lead to a conflict of interest in terms of services offered. As an example, if the licensee has offered services under Subparagraph AU-1.2.12(b), no service can be offered under Subparagraph AU-1.2.12(a) in relation to the pronouncement.

            April 2016

        • Crowdfunding Platform Operator

          • AU-1.2.14

            Crowdfunding platform operator refers to a person licensed by the CBB to operate an online portal or other electronic media through which people lend money to businesses (Person to Business-P2B), and businesses lend money to other businesses (Business to Business – B2B) for the purpose of gaining a financial return in the form of interest/profit payment and a repayment of credit over a pre-specified period of time (financing-based crowdfunding), and/or raising of capital by issuance of ordinary shares, or other equity instruments like preferred shares (equity-based crowdfunding).

            Amended: April 2022
            Amended: January 2019
            Added: October 2017

          • AU-1.2.15

            The role of crowdfunding platform operator is restricted to arranging deals, bringing together borrowers and lenders, in case of financing-based crowdfunding, and investors and issuers, in case of equity-based crowdfunding. Crowdfunding platform operators are strictly prohibited to provide any advice on deals.

            Added: October 2017

          • AU-1.2.16

            Crowdfunding Platform Operator must not undertake Business to Person (B2P) or Person to Person (P2P) lending/investing.

            Amended: January 2019
            Added: October 2017

          • AU-1.2.17

            Crowdfunding platform operators may raise funds for borrowers/issuers based in the Kingdom of Bahrain or abroad.

            Added: October 2017

          • AU-1.2.18

            [This Paragraph was deleted in April 2022].

            Deleted: April 2022
            Added: October 2017

          • AU-1.2.19

            [This Paragraph was deleted in April 2022].

            Deleted: April 2022
            Added: October 2017

          • AU-1.2.20

            [This Paragraph was deleted in April 2022].

            Deleted: April 2022
            Added: October 2017

        • Account Information Service Provider (AISP)

          • AU-1.2.21

            Account Information Services Provider (AISP) refers to a person licensed by the CBB to provide account information services using an online portal, mobile or smart phone application, device or other electronic media which a consenting customer can use to obtain aggregate or consolidated information about his account balances with licensed banks, financing companies and other licensees.

            Amended: October 2019
            Added: December 2018

          • AU-1.2.22

            The role of an AISP is restricted to providing the technology or other means in order to provide account information to the customer and the handling of communication or electronic documents between the customer and the licensees should the terms of the offer include such services. AISPs must not receive or otherwise handle customer funds in the course of providing account information services.

            Added: December 2018

        • Payment Initiation Service Provider (PISP)

          • AU-1.2.23

            Payment Initiation Service Provider (PISP) refers to a person licensed by the CBB to initiate payment or credit transfers for the customer from an account held with a licensed bank, financing company or PSP.

            Amended: October 2019
            Amended: January 2019
            Added: December 2018

          • AU-1.2.24

            The role of a PISP is restricted to providing the technology or other means in order to initiate a payment order and the handling of communication or electronic documents between the customer and the licensees should the terms of the offer include such services. PISPs must not receive or otherwise handle customer funds in the course of providing payment initiation information services.

            Added: December 2018

        • Insurance Cover

          • AU-1.2.25

            AISPs and PISPs must, at all times, hold an insurance cover against liabilities arising from cyber security breaches.

            Added: December 2018

    • AU-1.3 AU-1.3 Approved Persons

      • General Requirements

        • AU-1.3.1

          Licensees must obtain the CBB's prior written approval for any person wishing to undertake a controlled function at a licensee. The approval from the CBB must be obtained prior to their appointment.

          April 2016

        • AU-1.3.2

          Controlled functions are those occupied by board members and persons in executive positions and include:

          (a) Member of the Board of Directors;
          (b) Chief executive or general manager and their deputies;
          (c) Head of function;
          (d) Compliance officer; and
          (e) Money Laundering Reporting Officer (for PSPs).
          April 2016

        • AU-1.3.3

          Combination of the above controlled functions is subject to the requirements contained in Module HC.

          April 2016

      • Basis for Approval

        • AU-1.3.4

          Approval under Paragraph AU-1.3.1 is only granted by the CBB, if it is satisfied that the person is fit and proper to hold the particular position in the licensee concerned. 'Fit and proper' is determined by the CBB on a case-by-case basis. The definition of 'fit and proper' and associated guidance is provided in Section AU-3.1.

          April 2016

        • AU-1.3.5

          The chief executive or general manager means a person who is responsible for the conduct of the licensee (regardless of actual title). The chief executive or general manager must be resident in Bahrain. This person is responsible for the conduct of the whole of the firm.

          April 2016

        • AU-1.3.6

          Head of function means a person who exercises major managerial responsibilities, is responsible for a significant business or operating unit, or has senior managerial responsibility for maintaining accounts or other records of the licensee.

          April 2016

        • AU-1.3.7

          Whether a person is a head of function will depend on the facts in each case and is not determined by the presence or absence of the word in their job title. Examples of head of function might include, depending on the scale, nature and complexity of the business, a deputy chief executive; heads of departments such as risk management, compliance or internal audit; the chief financial officer; head of business department, etc..

          April 2016

        • AU-1.3.8

          Where a licensee is in doubt as to whether a function should be considered a controlled function it must discuss the case with the CBB.

          April 2016

        • AU-1.3.9

          All licensees must designate an employee, of appropriate standing and resident in Bahrain, as compliance officer. The compliance officer must report to senior management and must have access to the board of directors. The duties of the compliance officer include:

          (a) Assisting senior management/head of function to identify and assess the main compliance risks facing the licensees and the plans to manage them;
          (b) Advising senior management/head of function on compliance with laws, rules and standards, including keeping them informed on developments in the area;
          (c) Assisting senior management/head of function in educating staff on compliance issues, and acting as a contact point within the licensee for compliance queries from staff members;
          (d) Establishing written guidance to staff on the appropriate implementation of compliance with laws, rules and standards through policies and procedures and other documents such as compliance manuals, internal codes of conduct and practice guidelines;
          (e) On a pro-active basis, identifying, documenting and assessing the compliance risks associated with the licensee's business activities, including the development of new products and business practices, the proposed establishment of new types of business or customer relationships, or material changes in the nature of such relationships;
          (f) Monitoring and testing compliance by performing sufficient and representative compliance testing; and
          (g) Reporting on a regular basis to the board of directors or the Audit committee of the board of directors.
          April 2016