Back Custom print Link Text Only Rich Text Print

  • HC-5 HC-5 Management Structure

    • HC-5.1 HC-5.1 Establishment of Management Structure

      • HC-5.1.1

        The Board must approve and review at least annually the licensee's management structure and responsibilities.

        April 2016

      • HC-5.1.2

        The Board must appoint senior management whose authority must include management and operation of current activities of the licensee, reporting to and under the direction of the Board. The senior managers must include at a minimum:

        (a) A CEO or general manager;
        (b) A chief financial officer;
        (c) An internal auditor (see HC-5.4 and AU-1.2); and
        (d) A compliance officer (see HC-5.5 and AU-1.2).

        and must also include such other approved persons as the Board considers appropriate and as a minimum must include persons occupying controlled functions as outlined in Paragraph AU-1.2.2.

        April 2016

      • HC-5.1.3

        The licensee may appoint a corporate secretary. Whenever practical, the corporate secretary should be a person with legal or similar professional experience and training. The corporate secretary's duties include:

        (a) Arranging, recording and following up on the actions, decisions and meetings of the Board and of the shareholders (both at annual and extraordinary meetings) in books to be kept for that purpose; and
        (b) Reviewing the licensee's procedures and advising the Board directly on such matters.
        April 2016

    • HC-5.2 HC-5.2 Titles, Authorities, Duties and Reporting Responsibilities

      • HC-5.2.1

        Licensees must maintain clearly documented and communicated staff responsibilities and reporting lines.

        April 2016

      • HC-5.2.2

        For the purposes of Rule HC-5.2.1, licensees should maintain and document their delegated authority structure as well as written terms of reference for staff positions.

        April 2016

      • HC-5.2.3

        The Board must adopt by-laws prescribing each senior manager's title, authorities, duties and internal reporting responsibilities. This must be done in consultation with the CEO or general manager, to whom the other senior managers should normally report.

        April 2016

      • HC-5.2.4

        These provisions must include but should not be limited to the following:

        (a) The CEO or general manager must have authority to act generally in the licensee's name, representing the licensee's interests in concluding transactions on the licensee's behalf and giving instructions to other senior managers and licensee employees;
        (b) The chief financial officer must be responsible and accountable for:
        (i) The complete, timely, reliable and accurate preparation of the licensee's financial statements, in accordance with the accounting standards and policies of the licensee (see HC-3.1.2); and
        (ii) Presenting the Board with a balanced and understandable assessment of the licensee's financial situation;
        (c) The internal auditor's (see HC-5.4) duties must include providing an independent and objective review of the efficiency of the licensee's operations. This would include a review of the accuracy and reliability of the licensee's accounting records and financial reports as well as a review of the adequacy and effectiveness of the licensee's risk management, control, and governance processes; and
        (d) The compliance officer's (see HC-5.5) duties include maintaining effective systems and controls for compliance with applicable requirements in the Kingdom's legislation and those set by the CBB, and those established under any other statute or regulator to which they are subject.
        April 2016

      • HC-5.2.5

        The Board should also specify any limits which it wishes to set on the authority of the CEO or general manager or other senior managers, such as monetary maximums for transactions which they may authorize without separate Board approval.

        April 2016

      • HC-5.2.6

        At least annually the Board shall review and concur in a succession plan addressing the policies and principles for selecting a successor to the CEO or general manager, both in emergencies and in the normal course of business. The succession plan should include an assessment of the experience, performance, skills and planned career paths for possible successors to the CEO or general manager.

        April 2016

    • HC-5.3 HC-5.3 Chief Executive/General Manager

      • HC-5.3.1

        Licensees must appoint a person to undertake the function of Chief Executive or General Manager.

        April 2016

      • HC-5.3.2

        The Chief Executive or General Manager (as appropriate), is responsible for the executive management and performance of the licensee, within the framework of delegated authorities set by the Board. The function of Chief Executive or General Manager is a controlled function, and the person nominated to that post therefore requires prior CBB approval (see Module AU (Authorisation)).

        April 2016

      • HC-5.3.3

        Residency requirements apply to Chief Executives and General Managers (see Section AU-2.2.)

        April 2016

    • HC-5.4 HC-5.4 Internal Audit

      • HC-5.4.1

        Unless otherwise agreed with the CBB, licensees must establish an internal audit function to monitor the adequacy of their systems and controls.

        April 2016

      • HC-5.4.2

        The CBB would normally expect larger licensees to maintain the internal audit function within the organisation. The CBB will however consider allowing small licensees to outsource part or all of their internal audit function to third party providers.

        April 2016

      • HC-5.4.3

        Licensees may outsource part or all of their internal audit function, after obtaining the prior approval of the CBB. The outsourcing arrangements must provide for an adequate level of scrutiny of the licensee, and must comply with the requirements contained in Section RM-2.4. A licensee cannot outsource its internal audit function to its external auditor.

        April 2016

      • HC-5.4.4

        Prior approval from the CBB is required for significant outsourcing arrangements, including all outsourcing of internal audit. Note that in all such cases, the licensee retains ultimate responsibility for the adequacy of its outsourcing function, and is required to identify the person within the licensee responsible for internal audit: this person should be an approved person (see Section AU-1.2 and Chapter RM-2).

        April 2016

      • HC-5.4.5

        Internal audit functions must have terms of reference that clearly indicate:

        (a) The scope and frequency of audits;
        (b) Reporting lines; and
        (c) The review and approval process applied to audits.
        April 2016

      • HC-5.4.6

        Paragraph HC-5.4.5 applies irrespective of whether the internal audit function is outsourced. Where it is outsourced, the CBB would expect to see these matters addressed in the contract with the outsourcing provider.

        April 2016

      • HC-5.4.7

        Internal audit functions must report directly to the Board. They must have unrestricted access to all the appropriate records of the licensee. They must have open and regular access to the Board, the Chief Executive or general manager, and the licensee's external auditor.

        April 2016

      • HC-5.4.8

        Internal audit functions must have adequate staff levels with appropriate skills and knowledge, such that they can act as an effective challenge to the business. Where the function is not outsourced, the head of function should be a senior and experienced employee. Internal audit functions must not perform other activities that compromise their independence.

        April 2016

      • HC-5.4.9

        The CBB would expect to see in place a formal audit plan that:

        (a) Is reviewed and approved at least annually by the Board;
        (b) Is risk-based, with an appropriate scoring system; and
        (c) Covers all material areas of a licensee's operations over a reasonable timescale.
        April 2016

      • HC-5.4.10

        Internal Audit reports should also be:

        (a) Clear and prioritised, with action points directed towards identified individuals;
        (b) Timely; and
        (c) Distributed to the Board and appropriate senior management.
        April 2016

      • HC-5.4.11

        Licensees should also have processes in place to deal with recommendations raised by internal audit to ensure that they are:

        (a) Dealt with in a timely fashion;
        (b) Monitored until they are settled; and
        (c) Raised with senior management if they have not been adequately dealt with.
        April 2016

    • HC-5.5 HC-5.5 Compliance

      • HC-5.5.1

        Licensees must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements in the Kingdom's legislation and those set by the CBB, and those established under any other statute or regulator to which they are subject.

        April 2016

      • HC-5.5.2

        Depending on the nature, scale and complexity of its business, a licensee should consider having a separate compliance function. A compliance function should:

        (a) Document its organisation and responsibilities;
        (b) Be appropriately staffed with competent individuals;
        (c) Have unrestricted access to the licensee's relevant records; and
        (d) Have ultimate recourse to the Board.
        April 2016

      • HC-5.5.3

        Licensees must designate an employee, of appropriate standing and resident in Bahrain, as Compliance Officer. The duties of the Compliance Officer include:

        (a) Having responsibility for oversight of the licensee's compliance with the requirements of the CBB; and
        (b) Reporting to the licensee's Board in respect of that responsibility.
        April 2016

      • HC-5.5.4

        The Compliance Officer is a controlled function and the requirements relating to approved persons must be met (see Chapter AU-1.2). If the scale and nature of the licensee's operations are limited, then the individual who performs the function of Compliance Officer may also take on other responsibilities, providing this does not create a potential conflict of interest. The compliance function may not be combined with the internal audit function or any operational function as they are incompatible and may create a conflict of interest.

        April 2016