Back Custom print Link Text Only Rich Text Print

  • CRA-A CRA-A Introduction

    • CRA-A.1 CRA-A.1 Purpose

      • Executive Summary

        • CRA-A.1.1

          The purpose of this Module is to provide the CBB's Directive concerning trading, dealing, advisory services, portfolio management services in crypto-assets as principal, as agent, as custodian and as a crypto-asset exchange within or from the Kingdom of Bahrain. The key requirements relevant to these activities are outlined in this Module while the licensees are also subject to other relevant Modules of the CBB Rulebook Volume 6. This Directive is supported by Article 44(c) of the Central Bank of Bahrain ('CBB') and Financial Institutions Law (Decree No. 64 of 2006) ('CBB Law').

          Amended: April 2023
          Added: April 2019

        • CRA-A.1.2

          This Module must be read in conjunction with other parts of the Rulebook, mainly:

          a) [This Subparagraph was deleted in 2023].
          b) High-level Controls (corporate governance);
          c) Market Intermediaries and Representatives;
          d) Anti-Money Laundering and Combating Financial Crime;
          e) Dispute Resolution, Arbitration and Disciplinary Proceedings;
          f) International Cooperation and Exchange of Information;
          g) Market Surveillance, Investigation & Enforcement;
          h) Prohibition of Market Abuse and Manipulation; and
          i) Training and Competency.
          Amended: April 2023
          Added: April 2019

      • Legal Basis

        • CRA-A.1.3

          This Module contains the CBB's Directive (as amended from time-to-time) relating to licensees providing regulated crypto-asset services (henceforth referred to as licensees) as defined in the Rulebook and is issued under the powers available to the CBB under Article 38 of the CBB Law. Licensees must also comply with the relevant Modules of the Rulebook Volume 6.

          Added: April 2019

        • CRA-A.1.4

          For an explanation of the CBB's Rule-making powers and different regulatory instruments, see Section UG-1.1.

          Added: April 2019

    • CRA-A.2 CRA-A.2 Module History

      • CRA-A.2.1

        This Module was first issued in February 2019. Changes made subsequently to this Module are annotated with the calendar quarter date in which the change was made as detailed in the table below. Chapter UG 3 provides further details on Rulebook maintenance and version control.

        Module Ref.Change DateDescription of Changes
        CRA-1.1.6(f)04/2019Amended sub-paragraph.
        CRA-1.1.6(g)04/2019Moved to sub-paragraph (f).
        CRA-1.6.304/2019Added License fee table based on Category.
        CRA-1.6.1004/2019Amended Paragraph.
        CRA-1.2.1910/2019Changed from Rule to Guidance.
        CRA-1.2.2010/2019Changed from Rule to Guidance.
        CRA-1.2.2110/2019Changed from Rule to Guidance.
        CRA-1.4.110/2019Changed from Rule to Guidance.
        CRA-B.101/2020Added reference to cyber security risk.
        CRA-4.1.101/2020Amended reference to CRA-4.1.1 (r).
        CRA-5.2.6-CRA-5.2.901/2020Added new Paragraphs on the requirements of IT System Audit.
        CRA-5.3.601/2020Removed “at least annually” for security tests.
        CRA-5.801/2020Added these terms: Cyber Security Risk, Cyber Security Incident, Cyber Security Threats.
        CRA-5.8.19A01/2020Added a new Paragraph on requirements to submit a comprehensive report on cyber security incident.
        CRA-5.8.2401/2020Deleted Paragraph.
        CRA-5.8.2501/2020Deleted Paragraph.
        CRA-5.8.25A01/2020Added a new Paragraph on requirements for periodic assessments of cyber security threats.
        CRA-5.8.28-CRA-5.8.2901/2020Added new Paragraphs on the requirement for cyber security insurance.
        CRA-7.1.101/2020Amended Paragraph.
        CRA-7.1.1A01/2020Added a new Paragraph on references to Module AML.
        CRA-7.1.201/2020Deleted Paragraph.
        CRA-7.1.301/2020Added clarification that simplified customer due diligence is not allowed.
        CRA-7.1.501/2020Added a new Paragraph on reference to Module AML and removed transaction record details.
        Appendix-101/2020Added reference to cyber security incident.
        Appendix-201/2020Amended Mitigation and aggravating factors.
        CRA-4.1.1A10/2020Added a new Paragraph on Provision of Financial Services on a Non-discriminatory Basis.
        CRA-10.1.901/2022Amended Paragraph on the submission of the written assessment of the observations/issues raised in the Inspection draft report.
        CRA-10.3.101/2022Amended Paragraph on change in licensee corporate and legal name.
        CRA-10.3.201/2022Amended Paragraph on change in licensee legal name.
        CRA-6.607/2022Replaced Section with new Outsourcing Requirements.
        CRA04/2023Amended Module including a new Chapter on Digital Token Offerings and enhancements to cyber security requirements.
        CRA-5.910/2023Added a new Section on cyber hygiene practices.
        CRA-4.1.1007/2025Added a new Paragraph on stablecoin reporting reference to SIO Module.

      • Effective Date

        • CRA-A.2.2

          The contents of this Module are effective from the date of release of the Module or the changes to the Module unless specified otherwise.

          Amended: April 2023
          Added: April 2019