AU-1.2 AU-1.2 Definition of Regulated Ancillary Services
AU-1.2.1
Regulated ancillary services are any of the following activities, carried on by way of business:
(a) Permitted services undertaken by third party administrators (TPA);(b)Card processing ;(c) Services undertaken byCredit reference bureau ;(d) Permitted payment services provided by payment service provider (PSP);(e) Shari'a advisory/review services;(ee) Permitted activities of a crowdfunding platform operator;(f) Providing account information services;(g) Providing payment initiation services; and(h) Any other ancillary services that are related to the financial services industry.Amended: October 2019
Amended: December 2018
Amended: October 2017
April 2016AU-1.2.2 AU-1.2.2
For the purposes of Paragraph AU-1.2.1, carrying on a regulated ancillary service by way of business means:
(a) Undertaking any of the regulated ancillary service activities as defined in Section AU-1.2, for commercial gain; or(b) Holding oneself out as willing and able to engage in such activities.Amended: October 2019
April 2016AU-1.2.1A
Where licensees are undertaking regulated activities in accordance with Shari'a, all transactions and contracts concluded by licensees must comply with Sharia standards issued by the Accounting and Auditing Organisation for Islamic Financial Institutions (AAOIFI). The validity of the contract or transaction is not impacted, if at a later date, the relevant AAOIFI Sharia standards are amended.
Added: October 2020AU-1.2.3
While Paragraph AU-1.2.1 covers different activities under regulated ancillary services, only the license itself will specify the list of activities the licensee has been authorised to carry out. For existing
ancillary service providers at April 2016, no new license will be issued.April 2016Third Party Administrators (TPAs)
AU-1.2.4
TPA refers to processing claims in connection with insurance coverage offered by insurance firms.
April 2016AU-1.2.5
Notwithstanding Paragraph AU-1.2.4, TPAs are also allowed to offer their services to self-funded schemes outside Bahrain.
Amended: October 2019
April 2016AU-1.2.5A
When TPAs process claims for insurance firms, the CBB regards this activity as an outsourced activity and insurance firms should refer to Chapter RM-7 Outsourcing Risk under Volume 3 (Insurance) of the CBB Rulebook.
April 2016Card Processing
AU-1.2.5
Card processing includes:(a) The act of processing or transmitting debit/credit/prepaid card holder and transaction related data;(b) Integrating customer delivery channels to enterprises to enable data transactions at delivery channels (e.g. ATMs, POS, Interactive Voice Response, mobile, internet);(c) Hosting and managing card program;(d) Approving and authenticating payment transactions as per financial institutions rules;(e) Providing technical service support for E-commerce and M-commerce transactions;(f) Interfacing with external networks/institutions (e.g. national switch, VISA, MasterCard), enabling automated exchange of transactions between the enterprise and external networks;(g) Reporting and customising reporting engine;(h) Call centre outsourcing services; and(i) Online and mobile portals for bank customers.April 2016Credit Reference Bureau
AU-1.2.6
A
credit reference bureau is a company licensed by the CBB as an ancillary services provider that receives, stores, analyses and classifies thecredit information of customers and issuescredit reports and provides themembers of the credit reference bureau with such reports upon their request.April 2016AU-1.2.7
For purposes of Paragraph AU-1.2.6, 'customers' refers to customers of the
members of the credit reference bureau as defined under Article (68 bis) b) 3) of the CBB Law.April 2016Payment Service Provider ("PSP")
AU-1.2.8
Payment service providers, may act as an intermediary for the following services:
(a) Services enabling cash to be placed in clients' money account and all of the operations required for operating the account;(b) Services enabling cash withdrawals from clients' money account and all of the operations required for operating the account;(c) The settlement of the direct debits of payment transactions;(d) Integrating customer delivery channels to enterprises to enable transactions at delivery channels (e.g. ATMs, POS, Interactive Voice Response, mobile, internet); and(e) Interfacing with external networks/institutions (e.g. national switch, VISA, MasterCard), enabling automated exchange of transactions between the enterprise and external networks.Amended: January 2019
Amended: April 2017
April 2016AU-1.2.9
Payment service providers also facilitate the payment of high volume periodic/repetitive bills (e.g. utility bills, phone bills etc), and customer initiated payments.
April 2016AU-1.2.10
For purposes of Paragraph AU-1.2.8, clients' money account is defined as an account held in a retail bank which is used for the execution of payment transactions. The CBB has the right to stop this clients' money account at any time.
Amended: January 2019
April 2016AU-1.2.10A
When issuing any multi-purpose, electronic or otherwise, pre-paid cards, payment service providers must comply with the following requirements:
(a) The maximum balance limit under each natural person must not exceed BD2,500;(bb) The maximum balance limit for each legal person must not exceed BD10,000 (Loading and transaction size).(b) The payment service provider must obtain a bank guarantee of BD100,000 from a retail bank licensed in the Kingdom of Bahrain; instead of the bank guarantee amount required under Paragraph AU-4.1.12.(c) Comply with all the requirements outlined under Module FC (Financial Crime);(d) All pre-paid plastic cards must be EMV compliant (chip and PIN and online authentication);(e) Any pre-paid card which is inactive for a period of six months must be placed in a dormant list; and(f) All transactions on pre-paid cards must be made through theclient money account with a retail bank in Bahrain (See also Chapter GR-15, Client Money Requirements).Amended: April 2023
Amended: July 2022
Amended: January 2019
Amended: October 2018
Amended: October 2017
Added: April 2017AU-1.2.10B
In addition to the requirements listed under Paragraph AU 1.2.10A, Payment service providers must maintain up to date Payment Card Industry Data Security Standards (PCI-DSS) certification. The initial certification must be obtained by 31st December 2017.
Added: April 2017
AU-1.2.10C
In order to maintain up to date PCI-DSS certification, payment service providers will be periodically audited by PCI authorised companies for compliance.
Licensees are asked to make certified copies of such documents available if requested by the CBB.Added: April 2017
AU-1.2.11
When a customer load cash into the card through kiosk or company/bank counter, the payment service provider must update the amount into the card immediately, and must deposit the relevant cash amount into the clients' money account within 24 hours.
Amended: January 2019
Amended: April 2017
April 2016AU-1.2.11A
When owning or operating Cash Dispensing Machines (CDM) or Kiosks, payment service providers must comply with the requirements stated in Paragraphs AU-1.2.11B to Paragraph AU-1.2.11I.
Added: April 2019AU-1.2.11B
Payment service providers must obtain CBB's prior written approval for owning or operating any Cash Dispensing Machine (CDM) or Kiosk.
Added: April 2019AU-1.2.11C
Payment service providers must submit a written application to the Supervisory Point of Contact (SPoC) at the CBB, detailing the type of CDM or Kiosk, the proposed location(s) and the proposed security measures.
Added: April 2019AU-1.2.11D
The application referred to in Paragraph AU-1.2.11C will be assessed on its individual merits, and at the CBB's sole discretion, taking into account factors which the CBB considers relevant including, but not limited to:
(a) The suitability of the location(s) in question;(b) The level of overall activities of the applicant in the market as well as the size and make-up of its customer base; and(c) The type and range of facilities which the applicant proposes to offer through the CDM or Kiosk at the proposed location(s).Added: April 2019AU-1.2.11E
In addition to the information required by the CBB, further information/clarification may be requested by the CBB before it takes a decision regarding the application. The CBB's decision in this regard will be communicated to the applicant payment service provider in writing.
Added: April 2019AU-1.2.11F
CDMs or Kiosks may be owned individually or jointly by ancillary service providers.
Added: April 2019AU-1.2.11G
Payment service providers must not charge their customers for cash withdrawal transactions. When a customer uses CDMs, Kiosks or ATMs belonging to other banks or PSPs, the acquiring PSP/ bank may apply a charge capped at 100 fils per transaction to the issuing PSP.
Added: April 2019AU-1.2.11H
Payment service providers must obtain the CBB's prior written approval for the termination/suspension of any of its CDMs or Kiosks.
Added: April 2019AU-1.2.11I
The CBB may, at its sole discretion, require a payment service provider to terminate/suspend a CDM or Kiosk at any time.
Added: April 2019AU-1.2.11J
Payment service providers must ensure they have a robust internal technological infrastructure and direct technical access to the EFTS, on an uninterrupted basis (24 X 7 days and 365 days in the year), to send, authorise and receive Fawri+/Fawateer direct credits on a real-time basis.
Amended: April 2019
Added: October 2018AU-1.2.11K
Payment service providers must maintain a daily value limit of BD1,000 for the total Fawri+ and Fawateer transactions (with assured immediate finality, i.e. within 30 seconds) for each STV card/IBAN account per day.
Amended: April 2019
Added: October 2018AU-1.2.11L
[This Paragraph was moved to BR-1.1.6 in July 2020].
Amended: July 2020
Amended: April 2019
Added: January 2019Shari'a Advisory/Review Services
AU-1.2.12
Shari'a advisory/review services refer to:
(a) Regular assessment on Shari'a compliance in the activities and operations of Islamic financial institutions or any financial institution offering regulated Islamic financial services, by those qualified to offer Shari'a review services, with the objective of ensuring that the activities and operations carried out by these financial institutions do not contravene the Shari'a principles. The services include the examination and evaluation of the financial institutions' level of compliance to the Shari'a, remedial rectification measures to resolve non-compliance and control mechanism to avoid recurrences. The examination includes contracts, agreements, policies, products, transactions, memorandum and articles of association, financial statements and reports;(b) Issuance of Shari'a pronouncements on any aspect of the Islamic financial institution's activities or operations; and(c) Ad-hoc Shari'a advisory services for products and services governed by financial services.April 2016AU-1.2.13
In offering Shari'a advisory/review services, the
licensee must not offer services to the same client where this may lead to a conflict of interest in terms of services offered. As an example, if the licensee has offered services under Subparagraph AU-1.2.12(b), no service can be offered under Subparagraph AU-1.2.12(a) in relation to the pronouncement.April 2016Crowdfunding Platform Operator
AU-1.2.14
Crowdfunding platform operator refers to a person licensed by the CBB to operate an online portal or other electronic media through which people lend money to businesses (Person to Business-P2B), and businesses lend money to other businesses (Business to Business – B2B) for the purpose of gaining a financial return in the form of interest/profit payment and a repayment of credit over a pre-specified period of time (financing-based crowdfunding), and/or raising of capital by issuance of ordinary shares, or other equity instruments like preferred shares (equity-based crowdfunding).Amended: April 2022
Amended: January 2019
Added: October 2017AU-1.2.15
The role of
crowdfunding platform operator is restricted to arranging deals, bringing together borrowers and lenders, in case of financing-based crowdfunding, and investors and issuers, in case of equity-based crowdfunding.Crowdfunding platform operators are strictly prohibited to provide any advice on deals.Added: October 2017AU-1.2.16
Crowdfunding Platform Operator must not undertake Business to Person (B2P) or Person to Person (P2P) lending/investing.Amended: January 2019
Added: October 2017AU-1.2.17
Crowdfunding platform operators may raise funds for borrowers/issuers based in the Kingdom of Bahrain or abroad.Added: October 2017AU-1.2.18
[This Paragraph was deleted in April 2022].
Deleted: April 2022
Added: October 2017AU-1.2.19
[This Paragraph was deleted in April 2022].
Deleted: April 2022
Added: October 2017AU-1.2.20
[This Paragraph was deleted in April 2022].
Deleted: April 2022
Added: October 2017Account Information Service Provider (AISP)
AU-1.2.21
Account Information Services Provider (AISP) refers to a person licensed by the CBB to provide account information services using an online portal, mobile or smart phone application, device or other electronic media which a consenting customer can use to obtain aggregate or consolidated information about his account balances with licensed banks, financing companies and other licensees.
Amended: October 2019
Added: December 2018AU-1.2.22
The role of an AISP is restricted to providing the technology or other means in order to provide account information to the customer and the handling of communication or electronic documents between the customer and the licensees should the terms of the offer include such services. AISPs must not receive or otherwise handle customer funds in the course of providing
account information services .Added: December 2018Payment Initiation Service Provider (PISP)
AU-1.2.23
Payment Initiation Service Provider (PISP) refers to a person licensed by the CBB to initiate payment or credit transfers for the customer from an account held with a licensed bank, financing company or PSP.
Amended: October 2019
Amended: January 2019
Added: December 2018AU-1.2.24
The role of a PISP is restricted to providing the technology or other means in order to initiate a payment order and the handling of communication or electronic documents between the customer and the licensees should the terms of the offer include such services. PISPs must not receive or otherwise handle customer funds in the course of providing
payment initiation information services .Added: December 2018Insurance Cover
AU-1.2.25
AISPs and PISPs must, at all times, hold an insurance cover against liabilities arising from cyber security breaches.
Added: December 2018
