HC-6 HC-6 Management Structure
HC-6.1 HC-6.1 Principle
HC-6.1.1
The Board of
licensees must establish a clear and efficient management structure.October 2019HC-6.2 HC-6.2 Establishment of Management Structure
HC-6.2.1
The Board must approve and review at least annually the
licensees' management structure, responsibilities and authorities.October 2019HC-6.2.2
The Board must appoint
senior management whose authority must include management and operation of current activities of thelicensees , reporting to and under the direction of the Board. Thesenior managers must include at a minimum:(a) ACEO ;(b) A chief financial officer;(c) An internal auditor;(e) must also include such otherapproved persons as the Board considers appropriate and as a minimum must include persons occupyingcontrolled functions as outlined in Paragraph AU-1.3.2.October 2019HC-6.2.3
For purposes of HC-6.2.2 given the nature, scale and complexity of its business,
licensees may appoint a part-time or a seconded internal auditor.October 2019HC-6.3 HC-6.3 Titles, Authorities, Duties and Reporting Responsibilities
HC-6.3.1
Licensees must maintain clearly documented and communicated staff responsibilities and reporting lines.October 2019HC-6.3.2
For the purposes of Rule HC-6.3.1,
licensees should maintain and document their delegated authority structure as well as written terms of reference for staff positions.October 2019HC-6.3.3
For the purpose of Paragraph HC-6.3.1, the responsibilities and reporting lines must among other matters include the following:
(a) TheCEO must have authority to act generally in thelicensee's name, representing thelicensee's interests in concluding transactions on thelicensee's behalf and giving instructions to otherapproved persons andlicensee employees;(b) The chief financial officer must be responsible and accountable for:(i) The complete, timely, reliable and accurate preparation of thelicensee's financial statements, in accordance with the accounting standards and policies of thelicensee (see HC-3.4.1); and(ii) Presenting the Board with a balanced and understandable assessment of thelicensee's financial situation;(c) The internal auditor's (see HC-6.4) duties must include providing an independent and objective review of the efficiency of thelicensee's operations. This would include a review of the accuracy and reliability of thelicensee's accounting records and financial reports as well as a review of the adequacy and effectiveness of thelicensee's risk management, control, and governance processes; and(d) The compliance officer's (see HC-6.5) duties include maintaining effective systems and MLRO controls for compliance with applicable requirements in the Kingdom's legislation and those set by the CBB, and those established under any other statute or regulator to which they are subject.October 2019HC-6.3.4
The Board must also specify any limits which it wishes to set on the authority of the
CEO or othersenior managers , such as monetary maximums for transactions which they may authorize without separate Board approval.October 2019HC-6.4 HC-6.4 Internal Audit
HC-6.4.1
Licensees must consider establishing an internal audit function commensurate with the size, complexity and nature of its business to monitor the adequacy of their systems and controls.October 2019HC-6.4.2
The internal audit function must be independent of the
senior management , reporting either to the Board or its Audit committee. The internal audit function must not be combined with any other function.October 2019HC-6.4.3
Where
licensees outsource part or all of their internal audit function, the outsourcing arrangements must provide for an adequate level of scrutiny of thelicensees . Alicensee cannot outsource its internal audit function to its external auditor.October 2019HC-6.4.4
Prior approval from the CBB is required for material outsourcing arrangements, including all outsourcing of internal audit. Note that in all such cases, the
licensee retains ultimate responsibility for the adequacy of its outsourcing function, and is required to identify the person within thelicensee responsible for internal audit: this person should be anapproved person (see Section AU-1.2).October 2019HC-6.4.5
Internal audit functions must have terms of reference that clearly indicate:
(a) The scope and frequency of audits;(b) Reporting lines; and(c) The review and approval process applied to audits.October 2019HC-6.4.6
Internal audit function must report directly to the Board/Audit committee. They must have unrestricted access to all the appropriate records of the
licensees . They must have open and regular access to the Audit Committee, the Board, theChief Executive , and thelicensees ' external auditor.October 2019HC-6.5 HC-6.5 Compliance/MLRO
HC-6.5.1
Licensees must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements in the Kingdom's legislation and those set by the CBB, and those established under any other statute or regulator to which they are subject.October 2019HC-6.5.2
Depending on the nature, scale and complexity of its business,
licensees should consider having a separate compliance function. A compliance function should:(a) Document its organisation and responsibilities;(b) Be appropriately staffed with competent individuals;(c) Have unrestricted access to thelicensees ' relevant records; and(d) Have ultimate recourse to the Board.October 2019HC-6.5.3
The compliance function/MLRO must not be combined with the internal audit function or any other operational function as such combination may lead to a conflict of interest.
October 2019
