• Part A

    • High Level Standards

      • HC HC Money Changers High-Level Controls Module [Version from 1 October 2010 to 31 March 2016]

        • HC-2.3.4 [Version from 1 October 2010 to 31 March 2016]

          Prior approval from the CBB is required for significant outsourcing arrangements, including all outsourcing of internal audit. Note that in all such cases, the licensee retains ultimate responsibility for the adequacy of its outsourcing function, and is required to identify the person within the licensee responsible for internal audit: this person should be an approved person (see Section AU-1.2 and Chapter RM-2).

          October 2010

        • HC-2.3.5 [Version from 1 October 2010 to 31 March 2016]

          Internal audit functions must have terms of reference that clearly indicate:

          (a)The scope and frequency of audits;
          (b)Reporting lines; and
          (c)The review and approval process applied to audits.
          October 2010

        • HC-2.3.6 [Version from 1 October 2010 to 31 March 2016]

          Paragraph HC-2.3.5 applies irrespective of whether the internal audit function is outsourced. Where it is outsourced, the CBB would expect to see these matters addressed in the contract with the outsourcing provider.

          October 2010

        • HC-2.3.7 [Version from 1 October 2010 to 31 March 2016]

          Internal audit functions must report directly to the Audit Committee or, where none exists, to the Board. They must have unrestricted access to all the appropriate records of the licensee. They must have open and regular access to the Audit Committee, the Board, the Chief Executive, and the licensee's external auditor.

          October 2010

        • HC-2.3.8 [Version from 1 October 2010 to 31 March 2016]

          Internal audit functions must have adequate staff levels with appropriate skills and knowledge, such that they can act as an effective challenge to the business. Where the function is not outsourced, the head of the function should be a senior and experienced employee. Internal audit functions must not perform other activities that compromise their independence.

          October 2010

        • HC-2.3.9 [Version from 1 October 2010 to 31 March 2016]

          The CBB would expect to see in place a formal audit plan that:

          (a) Is reviewed and approved at least annually by the Audit Committee or, where none exists, the Board;
          (b) Is risk-based, with an appropriate scoring system; and
          (c) Covers all material areas of a licensee's operations over a reasonable timescale.
          October 2010

        • HC-2.3.10 [Version from 1 October 2010 to 31 March 2016]

          Internal Audit reports should also be:

          (a) Clear and prioritised, with action points directed towards identified individuals;
          (b) Timely; and
          (c) Distributed to the Audit Committee or Board and appropriate senior management.
          October 2010

        • HC-2.3.11 [Version from 1 October 2010 to 31 March 2016]

          Licensees should also have processes in place to deal with recommendations raised by internal audit to ensure that they are:

          (a) Dealt with in a timely fashion;
          (b) Monitored until they are settled; and
          (c) Raised with senior management if they have not been adequately dealt with.
          October 2010

        • HC-2.4.3 [Version from 1 October 2010 to 31 March 2016]

          Licensees must designate an employee, of appropriate standing and resident in Bahrain, as Compliance Officer. The duties of the Compliance Officer include:

          (a) Having responsibility for oversight of the licensee's compliance with the requirements of the CBB; and
          (b) Reporting to the licensee's Board in respect of that responsibility.
          October 2010

        • HC-2.4.4 [Version from 1 October 2010 to 31 March 2016]

          The Compliance Officer is a controlled function and the requirements relating to approved persons must be met (see Chapter AU-1.2). If the scale and nature of the licensee's operations are limited, then the individual who performs the function of Compliance Officer may also take on other responsibilities, providing this does not create a potential conflict of interest. The compliance function may not be combined with the internal audit function or any operational function as they are incompatible and may create a conflict of interest.

          October 2010

        • HC-2.5 HC-2.5 Remuneration Policies [Version from 1 October 2010 to 31 March 2016]

          • HC-2.5.1 [Version from 1 October 2010 to 31 March 2016]

            The review of Directors' remuneration must be a standing item on the licensee's Annual General Meeting agenda, and must be considered by shareholders at every Annual General Meeting. Directors' remuneration (including pension and severance arrangements) and bonuses must be clearly disclosed in the annual financial statements.

            October 2010

          • HC-2.5.2 [Version from 1 October 2010 to 31 March 2016]

            Directors' remuneration should also comply with all applicable laws, such as Legislative Decree No. 21 of 2001, with respect to promulgating the Commercial Companies Law.

            October 2010

        • HC-2.6 HC-2.6 Corporate Ethics [Version from 1 October 2010 to 31 March 2016]

          • HC-2.6.1 [Version from 1 October 2010 to 31 March 2016]

            A licensee's Board must establish and disseminate to all employees of the licensee a corporate code of conduct.

            October 2010

          • HC-2.6.2 [Version from 1 October 2010 to 31 March 2016]

            The code of conduct must establish standards by giving examples or expectations as regards:

            (a) Honesty;
            (b) Integrity;
            (c) The avoidance or disclosure of conflicts of interest;
            (d) Maintaining confidentiality;
            (e) Professionalism;
            (f) Commitment to the law and best practises; and
            (g) Reliability.
            October 2010

          • HC-2.6.3 [Version from 1 October 2010 to 31 March 2016]

            The Board must ensure that policies and procedures are in place to ensure that necessary customer confidentiality is maintained.

            October 2010