CRA-4 CRA-4 Business Standards and Ongoing Obligations
CRA-4.1 CRA-4.1 General Obligations
CRA-4.1.1
In the course of undertaking
regulated crypto-asset services , alicensee must:(a) Ensure that the regulated activities are undertaken in a fair, orderly and transparent manner;(b) Manage any risks associated with its business and operations prudently;(c) Not act contrary to the interests of its clients and its investors;(d) Maintain proper arrangements to enforce compliance with the CBB Law, Rules and Regulations and develop, implement and adhere to a “crypto-asset compliance policy”, tailored to meet specific crypto-asset services requirements. The crypto asset compliance policy must reflect a clear comprehension and understanding of compliance responsibilities with respect tocrypto-assets ;(e) Act with due skill, care and diligence in all dealings withclients ;(f) Identifyclients ' specific requirements in relation to the services about which they are enquiring;(g) Provide sufficient information to enableclients to make informed decisions when purchasing services offered to them;(h) Provide sufficient and timely documentation toclients to confirm that their transaction arrangements are in place and provide all necessary information about their rights and responsibilities;(i) Maintain fair treatment ofclients through the lifetime of theclient relationships, and ensure thatclients are kept informed of important events and are not mislead;(j) Ensure complaints fromclients are dealt with fairly and promptly;(k) Take appropriate measures to safeguard any money andcrypto-assets handled on behalf ofclients and maintain confidentiality ofclient information;(l) Use or arrange to use a well-designed Business Continuity Plan and Disaster Recovery Plan;(m) Ensure that all its employees or representatives are provided with the required education, qualifications and experience and they fully understand the Rules and regulations of the CBB;(n) Ensure that there are sufficient and appropriate records, books and systems in place to record all transactions and maintain an audit trail;(o) Have an operating manual and internal policies;(p) Provide to the CBB, for its review and comment, the draft agenda at least 5 business days prior to, the shareholders' meetings (i.e. ordinary and extraordinary general assembly);(q) Ensure that any agenda items to be discussed or presented during the course of meetings which requires the CBB's prior approval, have received the necessary approval, prior to the meeting taking place;(r) Invite a representative of the CBB to attend any shareholders' meeting that will take place. The invitation must be provided to the CBB at least 5 business days prior to the meeting taking place; and(s) Within one month of any shareholders' meetings referred to in Paragraph CRA-4.1.1(p), provide to the CBB a copy of the minutes of the meeting.(t) [This Subparagraph was deleted in April 2023].Amended: April 2023
Amended: January 2020
Added: April 2019CRA-4.1.1A
Licensees must ensure that all regulated financial services are provided without any discrimination based on gender, nationality, origin, language, faith, religion, physical ability or social standing.Added: October 2020CRA-4.1.2
A
licensee must establish and document keyman risk management measures that include arrangements in place should individuals holding encryption keys or passcodes to stored assets, including wallets, or information be unavailable unexpectedly due to death, disability or other unforeseen circumstances.Amended: April 2023
Added: April 2019CRA-4.1.3
A
licensee must ensure that it maintains no encrypted accounts that cannot be retrieved in the future for any reason. It must also advise its clients who maintain wallets with firms outside Bahrain (i.e. not CBB licensees) and not licensed by the CBB about any associated risks.Amended: April 2023
Added: April 2019CRA-4.1.4
Licensees must use appropriate technology and wherever appropriate third-party services to identify the situations referred to below, and other additional mitigating or preventive actions as necessary to mitigate the money laundering and terror financing risks involved. The situations include amongst others:(a) The use of proxies, any unverifiable or high-risk IP geographical locations, disposable email addresses or mobile numbers, or frequently changing the devices used to conduct transactions; and(b) Transactions involving tainted wallet addresses such as “darknet” marketplace transactions and those involving tumblers.Added: April 2023CRA-4.1.5
Licensees must establish and maintain adequate and effective systems and processes, including suspicious transaction indicators to monitor transactions with a client or counterparty involvingcrypto- assets and conduct appropriate enquiry and evaluation of potentially suspicious transactions identified. In particular:(a) Identify transactions with wallet addresses or their equivalent which are compromised or tainted; and(b) Employ technology solutions which enable the tracking ofcrypto-assets through multiple transactions to more accurately identify the source and destination of thesecrypto- assets .Added: April 2023CRA-4.1.6
For the purposes of CRA-4.1.5(a), a wallet address is compromised or tainted where there is reasonable suspicion that it is used for the purpose of conducting fraud, identity theft, extorting ransom or any other criminal activity.
Added: April 2023Suitability and Appropriateness Assessment for Retail Clients
CRA-4.1.7
Licensees , prior to offering portfolio management service, investment advice or complex products such as but not limited to derivative products, margin or leverage products or products with features that may make it difficult for a retail investor to understand the essential characteristics of the product and its risks (including the pay-out structure and how the product may perform in different market and economic conditions), must undertake a suitability and appropriateness assessment for retail clients (investors other thanaccredited investors ) to determine the suitability and appropriateness of crypto-assets products and services for retail clients.Licensees must gather sufficient information from every retail client to be in a position to decide whether the crypto-asset product and/or services are suitable and appropriate for the client.Added: April 2023CRA-4.1.8
Licensees may seek the following information for the purposes of suitability and appropriateness assessment:(a) Client’s knowledge and experience:(i) the types of investment services and transaction which the client is familiar with;(ii) the nature, volume and frequency of the client’s transactions with trading and investments; and(iii) the level of education, profession or (if relevant) former profession of the client.(b) Client’s financial situation:(i) the source and extent of the client’s regular income;(ii) the client’s assets, including liquid assets, investments and real property;(iii) the client’s regular financial commitments;(iv) the ability to bear losses.(c) Client’s investment objective:(i) the client’s investment horizon;(ii) the client’s risk preferences, risk profile and risk tolerance; and(iii) the purposes of the investment.Added: April 2023Transaction with Unknown Counterparties
CRA-4.1.9
A
licensee should take reasonable measures to avoid transactions with another crypto-asset entity, infrastructure or service provider where the counterparty is unknown or anonymous (e.g., via certain peer to peer or decentralised exchanges) at any stage of its business process.Added: April 2023CRA-4.1.10
In accordance with the reporting requirements under Section 8.1, specifically SIO-8.1.1 and SIO-8.1.7, of the Stablecoin Issuance and Offering (SIO) Module,
licensees providing services inapproved stablecoins to their clients must provide necessary information as required under SIO-8.1.1 to thestablecoin issuer . The information must be calculated as this information stands on the following reporting reference dates: 31stMarch, 30thJune, 30thSeptember and 31stDecember and the report must be submitted to thestablecoin issuer no later than 7 days from the end of the respective reporting period. The value of the transactions referred to in Paragraph SIO- 8.1.1(c) and (d) must be reported in Bahraini Dinar by using the relevant exchange rate applicable at the end of each calendar day during the applicable reporting period.Added: July 2025CRA-4.2 CRA-4.2 Auditors and Accounting Standards
CRA-4.2.1
Licensees must appoint external auditor for its accounts for every financial year. While appointing an auditor,licensees must exercise due skill, care and diligence in the selection and appointment of the auditor and must take into consideration the auditor’s experience and track record of auditingcrypto-asset related businesses.Amended: April 2023
Added: April 2019CRA-4.2.1A
In accordance with Article 61(b) of the CBB Law, if a licensee fails to appoint an auditor within four months from the beginning of the financial year, the CBB shall appoint such auditor.
Added: April 2023CRA-4.2.1B
The
licensee must pay the fees of the auditor regardless of the manner in which such auditor is appointed.Added: April 2023CRA-4.2.1C
An auditor must not be the chairman or a director in the
licensee’s board or a managing director, agent, representative or taking up any administrative work therein, or supervising its accounts, or a next of kin to someone who is responsible for the administration or accounts of alicensee , or having an extraordinary interest in a licensee.Added: April 2023CRA-4.2.1D
If any of the circumstances referred to in rule CRA-4.2.1C occurs after the appointment of the auditor, the
licensee must appoint another external auditor.Added: April 2023CRA-4.2.1E
Licensees must provide the external auditor with all information and assistance necessary for carrying out his duties.Added: April 2023CRA-4.2.1F
The duties of the external auditor must include the preparation of a report on the final accounts. The report must contain a statement on whether the licensee’s accounts are correct and reflect the actual state of affairs of the
licensee according to the auditing standards prescribed by the CBB, and whether thelicensee has provided the auditor with all required information and clarifications.Added: April 2023CRA-4.2.1G
The final audited accounts must be presented to the general meeting of the licensee together with the auditor’s report. A copy of these documents must be sent to the CBB at least 15 days before the date of the general meeting.
Added: April 2023CRA-4.2.2
Audited financial statements of a
licensee must be prepared in accordance with the International Financial Accounting Standards (IFRS) or AAOIFI standards as appropriate.Added: April 2019Annual Audited Financial statements
CRA-4.2.3
Licensees must submit to the CBB their annual audited financial statements no later than 3 months from the end of thelicensee's financial year. The financial statements must include the statement of financial position (balance sheet), the statements of income, cash flow and changes in equity and where applicable, the statement of comprehensive income.Added: April 2019Annual Report
CRA-4.2.4
Licensees must submit a soft copy (electronic) of their full annual report to the CBB within 4 months of the end of their financial year.Amended: April 2023
Added: April 2019Reviewed (Unaudited) Quarterly Financial Statements
CRA-4.2.5
Licensees must submit to the CBB unaudited quarterly financial statements (in the same format as their Annual Audited Accounts), reviewed by thelicensee’s external auditor, on a quarterly basis within 45 calendar days from the end of each of the first 3 quarters of their financial year.Added: April 2023CRA-4.3 CRA-4.3 Listing of Crypto-assets
CRA-4.3.1
This section outlines the frameworks, criteria and obligations for listing of crypto-assets by a
licensee .Amended: April 2023
Added: April 2019CRA-4.3.2
[This Paragraph was deleted in April 2023].
Deleted: April 2023
Added: April 2019CRA-4.3.2A
Licensees are allowed to undertake spot trading (spot market) incrypto-assets .Added: April 2023CRA-4.3.2B
The CBB may, at its sole discretion, allow a
licensee to list and conduct trading activities in derivatives ofcrypto-assets such as, but not limited to, futures, options, indices, contract for difference (CFD’s), swaps etc provided the CBB is satisfied that thelicensee has a comprehensive derivative transactions risk management framework. The aforementioned risk management framework should provide appropriate measure to mitigate, amongst others, market risk, credit risk, liquidity risk, settlement risk, operational risk and legal risk. In addition, the derivative transaction risk management framework should also include guidelines for stress testing, back testing, settlement process, margin methodology, derivative product selection policy, client exposure limit and suitability and appropriateness policy.Added: April 2023CRA-4.3.3
[This Paragraph was deleted in April 2023].
Deleted: April 2023
Added: April 2019CRA-4.3.4
[This Paragraph was deleted in April 2023].
Deleted: April 2023
Added: April 2019CRA-4.3.5
[This Paragraph was deleted in April 2023].
Deleted: April 2023
Added: April 2019Crypto-asset Listing Policy
CRA-4.3.6
Licensees must establish and adopt a board approvedcrypto-asset listing policy in accordance with the framework stipulated in this Section.Added: April 2023CRA-4.3.7
Licensees must, prior to commencement of business operations, provide a copy of thecrypto-asset listing policy to the CBB. Unless the CBB raises specific concerns with respect to the board approvedcrypto-asset listing policy,licensees may implement the policy and self-certifycrypto-assets for listing on its platform.Added: April 2023CRA-4.3.8
Prior to listing a
crypto-asset , alicensee must notify the CBB of its intent to list thecrypto-asset , provide the findings of the risk assessment undertaken in accordance with Paragraph CRA- 4.3.14 along with the board resolution approving thecrypto-asset . Thelicensee must confirm in its notification to CBB that the proposed newcrypto-asset complies with the requirements of itscrypto-asset listing policy.Added: April 2023CRA-4.3.9
Licensees must provide a list of all thecrypto-assets listed on its platform no later than 10 days from the end of each quarter.Added: April 2023CRA-4.3.10
The
crypto-asset listing policy referred to in Paragraph CRA-4.3.6 must include robust procedures that comprehensively address all steps involved in the review and approval of crypto-assets.Licensees must have necessary monitoring capability (e.g. via monitoring systems, internal monitoring control, on-chain analysis etc.) in place before listing of thecrypto-asset on its platform.Added: April 2023CRA-4.3.11
The
crypto-asset listing policy should help establish a mechanism for approval of acrypto-asset only if thelicensee unambiguously concludes that the listing and trading of thecrypto-asset is consistent with the CBB’s approach to establish a fair, transparent and orderly crypto-asset market, complies with applicable laws, rules and regulations and is not detrimental to the interest of the market or client.Added: April 2023CRA-4.3.12
Licensees must not listcrypto-assets that facilitate or may facilitate the obfuscation or concealment of the identity of a client or counterparty orcrypto-assets that are designed to, or substantially used to circumvent laws and regulations.Licensees must ensure that they only listcrypto-assets to which they have in place the necessary AML monitoring capabilities.Added: April 2023CRA-4.3.13
Licensees must ensure that:(a) Decisions to approve or disapprove each newcrypto-asset is taken in accordance with the crypto-asset listing policy;(b) Any actual or potential conflicts of interest in connection with the review and decision-making process have been assessed and effectively addressed, whether such actual or potential conflicts of interest are related to thelicensee’s board members, shareholders employees, their families, or any other party;(c) Records are readily available for the CBB’s review, of thecrypto-asset listing policy’s application to eachcrypto-asset . This includes the final approval for listing of acrypto-asset , the documents reviewed including an assessment of all associated material risks in connection with eachcrypto-asset approval or disapproval, such as reviews and sign-offs by various departments of thelicensee , such as the legal, compliance, cybersecurity, and operations department etc.;(d) Thecrypto-asset listing policy is reviewed annually to ensure that it continues to properly identify, assess, and mitigate the relevant risks and to ensure the robustness of the governance, monitoring and oversight framework;(e) It informs the CBB immediately, at any time after the submission of itscrypto-asset listing policy to CBB, if the said policy ceases to comply with the general framework laid out in this Section; and(f) It does not make any changes or revisions to itscrypto-asset listing policy without the prior written approval of its Board. A copy of the revisedcrypto-asset listing policy along with the written Board approval must be submitted to the CBB.Added: April 2023Risk Assessment
CRA-4.3.14
Licensees must establish criteria and undertake a comprehensive risk assessment of thecrypto-assets that it intends to list on its platform. The assessment must include, but are not limited to, the following:(a)Licensees must conduct a thorough due diligence process to ensure that thecrypto-asset is created or issued for lawful and legitimate purposes, and not for evading compliance with applicable laws and regulations (e.g., by facilitating money laundering or other illegal activities) and that the process is subject to a strong governance and control framework.(b)Licensees must consider the following factors while undertaking the due diligence:(i) The technological experience, track record and reputation of the issuer and its development team;(ii) The availability of a reliable multi-signature hardware wallet solution;(iii) The protocol and the underlying infrastructure, including whether it is: (1) a separate blockchain with a new architecture system and network or it leverages an existing blockchain for synergies and network effects, (2) scalable, (3) new and/or innovative or (4) thecrypto-asset has an innovative use or application;(iv) The relevant consensus protocol;(v) Developments in markets in which the issuer operates;(vi) The geographic distribution of thecrypto-asset and the relevant trading pairs, if any;(vii) Whether thecrypto-asset has any in-built anonymization functions; and(viii)Crypto-asset exchanges on which thecrypto-asset is traded.(c) Operational risks associated with acrypto-asset . This includes the resulting demands on thelicensee’s resources, infrastructure, and personnel, as well as its operational capacity for continued client on-boarding and client support based on reasonable forecasts considering the overall operations of thelicensee ;(d) Risks associated with any technology or systems enhancements or modification requirements necessary to ensure timely adoption or listing of any newcrypto-asset ;(e) Risks related to cybersecurity: Whether thecrypto-asset is and will be able to withstand, adapt and respond to cyber security vulnerabilities, including size, testing, maturity, and ability to allow the appropriate safeguarding of secure private keys;(f) Traceability/Monitoring of thecrypto-asset : Whetherlicensees are able to demonstrate the origin and destination of the specificcrypto-asset , whether thecrypto-asset enables the identification of counterparties to each trade, and whether transactions in thecrypto-asset can be adequately monitored;(g) Market risks, including minimum market capitalisation, price volatility, concentration ofcrypto-asset holdings or control by a small number of individuals or entities, price manipulation, and fraud;(h) Risks relating to code defects and breaches and other threats concerning acrypto-asset and its supporting blockchain, or the practices and protocols that apply to them;(i) Risks relating to potential non-compliance with the requirements of the licensee’s condition and regulatory obligations as a result of the listing of newcrypto-asset ;(j) Legal risks associated with the newcrypto-asset , including any pending or potential civil, regulatory, criminal, or enforcement action relating to the issuance, distribution, or use of the newcrypto-asset ; and(k) Type of distributed ledger: whether there are issues relating to the security and/or usability of a distributed ledger technology used for the purposes of the crypto-asset, whether thecrypto-asset leverages an existing distributed ledger for network and other synergies and whether this is a new distributed ledger that has been demonstrably stress tested.Added: April 2023Periodic Monitoring
CRA-4.3.15
Licensees must have policies and procedures in place to monitor the listedcrypto-assets to ensure that continued use of thecrypto-asset remains prudent. This includes:(a) Periodic re-evaluation ofcrypto-assets , including whether material changes have occurred, with a frequency and level of scrutiny tailored to the risk level of individualcrypto-assets , provided that the frequency of re-evaluation must at a minimum be annual;(b) Implementation of control measures to manage risks associated with individualcrypto-assets ; and(c) The existence of a process for de-listing ofcrypto-assets , including notice to affected clients and counterparties in the case of such de-listing.Added: April 2023Disclosure
CRA-4.3.16
Licensees must make disclosures, which are easily accessible and prominently visible to clients, for each listed crypto-asset, containing at a minimum, the following information:(a) Details about the crypto-asset: the type of crypto-asset (payment token, asset token, utility token, stablecoin etc.), its function and details about the asset(s) where acrypto-asset is backed by asset(s);(b) The risks related to the specific crypto-asset such as, but not limited to, price volatility and cyber-security; and(c) Any other information that would assist clients to make an informed investment decision.Added: April 2023CRA-4.3.17
Licensees must prominently display on their platform the following statement, “THE CENTRAL BANK OF BAHRAIN HAS NEITHER REVIEWED NOR APPROVED THE LISTED CRYPTO-ASSETS”.
Added: April 2023CRA-4.3.18
Where the CBB determines that undertaking regulated services in a
crypto-asset may be detrimental to the financial sector of the Kingdom of Bahrain and/or it may affect the legitimate interest of clients, thelicensees , based on the instruction of the CBB, must delist thecrypto-asset . In such scenarios, thelicensee shall remain responsible for orderly settlement of trade and any liability arising due to the delisting of thecrypto-asset .Added: April 2023CRA-4.4 CRA-4.4 Dealing with Clients
CRA-4.4.1
Licensees must not undertake transactions with a person(s) unless they have been registered as a client(s) in accordance with the requirements of this Module.Added: April 2019CRA-4.4.2
Licensees must ensure their compliance with the applicable laws and regulations in the jurisdictions to which they provide regulatedcrypto-asset services.Amended: April 2023
Added: April 2019CRA-4.4.3
Licensees must not register an applicant as a client where the applicant and/or the beneficial owner(s) or the ultimate beneficial owner is/are domiciled in Non-Cooperative Countries or Territories ('NCCTS'). Paragraph AML-9.1.1(a) and (b) of Module AML provides the basis for identification of the Non-Cooperative Countries or Territories.Added: April 2019CRA-4.4.4
Licensees must, at the time of registration, verify and obtain a signed statement from applicants confirming whether or not the applicant is acting on their own.Added: April 2019CRA-4.4.5
Prior to commencement of business transactions,
licensees must:(a) Seek and register bank accounts details and other types of accounts details to be used for receipt or transfer of fiat funds (such as credit cards and pre-paid cards) of the clients; and(b) Verify the bank accounts and other types of accounts details provided by a client to ensure that the bank accounts and other accounts are in the name of the registered client.Amended: April 2023
Added: April 2019CRA-4.4.6
The bank accounts and other accounts details provided by the client must be used for the purpose of transfer of fiat funds between the client and the
licensee . Alicensee must not deposit and/or withdraw fiat funds through any account other than those accounts which are in the name of the client and registered with thelicensee for the said purpose.Amended: April 2023
Added: April 2019CRA-4.4.7
Where an applicant’s IP address is masked, a
licensee must take reasonable steps to unmask the IP address or decline to provide services to that applicant.Added: April 2023CRA-4.4.8
Licensees must not allow a single client to open multiple accounts.Added: April 2023CRA-4.4.9
At the time of registration,
licensees must set a trading limit, position limit or both with reference to the client’s financial situation with a view to ensuring that the client has sufficient financial capability to be able to assume the risks and bear the potential trading losses. The limit applicable to a client must be reviewed by thelicensee on a periodic basis and in light of any material change in the client’s financial situation.Added: April 2023CRA-4.5 CRA-4.5 Client Protection
Segregation and Handling of Clients' Assets
CRA-4.5.1
Licensees undertakingregulated crypto-asset service and authorised to holdclients’ assets must apply the same standards and comply with the requirements of segregation and handling ofclients’ assets Rules set out in this Section.Amended: April 2023
Added: April 2019CRA-4.5.1A
For the purpose of this Module, “clients assets” means
crypto-assets , money and other assets received or held on behalf of a client by thelicensee and anycrypto-assets , money or other assets accruing therefrom.Added: April 2023CRA-4.5.2
For purposes of safeguarding client's rights in relation to
crypto-assets andclient money which are held or controlled by thelicensee , alicensee must hold clients' money and/or tocrypto-assets in specially created and segregated accounts. These accounts must be identified separately from any other accounts used to hold money and/or tocrypto-assets belonging to thelicensee .Amended: April 2023
Added: February 2019CRA-4.5.3
A
licensee must obtain a written declaration from the entities with whom thelicensee has depositedclient assets that the said entity renounces and will not attempt to enforce or execute, any charge, right of set-off or other claim against the account.Amended: April 2023
Added: April 2019Client Money Client Money
CRA-4.5.4
A
licensee must properly handle and safeguardclient money . The arrangement to handle and safeguardclient money , must include, but not be limited to the following:(a) Establishing one or more client bank accounts with a retail bank licensed in the Kingdom of Bahrain for safekeeping ofclient money ;(b)Client money must not be paid out of a client bank account other than for:(i) Paying the client on whose behalf it is being held;(ii) Meeting the client’s settlement obligations in respect of dealings incrypto-assets carried out by thelicensee for the client, being the client on whose behalf it is being held;(iii) Paying money that the client owes to thelicensee in respect of the conduct ofregulated crypto-asset services ; or(iv) Paying in accordance with the client’s written instructions, including standing authorities or one-off directions; and(c) Not used for licensee’s own use or given as collateral for any purpose to a third party or be subject to any restrictions.Amended: April 2023
Added: April 2019CRA-4.5.5
Client money must be received by thelicensee directly into a client bank account.Added: April 2019CRA-4.5.5A
A
licensee must match any unidentified receipts in its client bank accounts with all relevant information in order to establish the nature of any payment and the identity of the person who has made it. Where the receipt is notclient money , within one business day of becoming so aware, that amount of money should be paid out of the client bank account.Added: April 2023Reconciliation of Clients' Money
CRA-4.5.6
Licensees must reconcile, at least on a monthly basis, the balance on each client's money account as recorded by thelicensee with the balance on that account as set out in the statement issued by the entity with whom thelicensee has deposited clients' money.Added: April 2019CRA-4.5.7
Licensees must also reconcile, at least on a monthly basis, the total of the balances on all clients' money accounts as recorded by thelicensee with the total of the corresponding credit balances in respect of each of its clients as recorded by thelicense .Added: April 2019CRA-4.5.7A
Licensees must ensure that theclient money reconciliations referred to in Paragraphs CRA-4.5.6 and CRA-4.5.7 are completed within 10 business days from the end of the months. Any differences, shortfalls and excess balances must be investigated, and corrective measures taken to restore correct client asset balance.Added: April 2023Risk Disclosure to Clients
CRA-4.5.8
As part of establishing a relationship with a
client , and prior to entering into an initial transaction with such client,licensee must disclose in clear, conspicuous, and legible writing in both Arabic and English languages, all material risks associated withcrypto-asset products and services including at a minimum, the following:(a) Acrypto-asset is not a legal tender and is not backed by the government;(b) legislative and regulatory changes or actions at national level or international level may adversely affect the use, transfer, exchange, and value ofcrypto-assets ;(c) transactions incrypto-assets may be irreversible, and, accordingly, losses due to fraudulent or accidental transactions may not be recoverable;(d) somecrypto-asset transactions may be deemed to be made when recorded on a public ledger, which is not necessarily the date or time that theclient initiates the transaction;(e) the value ofcrypto-assets may be derived from the continued willingness of market participants to exchangefiat currency forcrypto-asset , which may result in the potential for permanent and total loss of value of a particularcrypto-asset should the market for thatcrypto-asset disappear;(f) the volatility and unpredictability of the price ofcrypto-assets relative tofiat currency may result in significant loss over a short period of time;(g) [This Subparagraph was deleted in April 2023];(h) the nature ofcrypto-assets means that any technological difficulties experienced by thelicensee may prevent the access or use of a client'scrypto-assets ; and(i) any investor protection mechanism.Amended: April 2023
Added: April 2019Disclosure of General Terms and Conditions
CRA-4.5.9
When registering a new
client , and prior to entering into transactions with suchclient , alicensee must disclose in clear, conspicuous, and legible writing in both Arabic and English languages, all relevant terms and conditions associated with its products and services including at a minimum, the following:(a) theclient's liability for unauthorizedcrypto-asset transactions;(b) theclient's right to stop payment of a preauthorizedcrypto-asset transfer and the procedure to initiate such a stop-payment order;(c) under what circumstances thelicensee will disclose information concerning the client's account to third parties;(d) theclient's right to receive periodic account statements from thelicensee ;(e) theclient's right to receive a confirmation note or other evidence of a transaction;(f) theclient's right to prior notice of a change in thelicensee's rules or policies or terms and conditions; and(g) [This Subparagraph was deleted in April 2023].(h) cybersecurity risks associated withcrypto-assets including the risk of partial or full loss ofcrypto-assets in the event of a cyber-attack, and measures that have been put in place to mitigate the cyber security risks.Amended: April 2023
Added: April 2019CRA-4.5.9A
In addition to the disclosure requirements stipulated in Paragraph CRA-4.5.9, Category-1, Category-2 and Category-3
crypto-asset licensees must disclose, in writing, the following information to clients:(a) How they execute and routeclient’s order and source liquidity (e.g. whether they pass or route orders to an exchange to execute). Where thelicensee routesclient orders to one or more crypto-asset exchanges for execution, it must disclose details of all the crypto-asset exchanges;(b) Whether it may carry trading incrypto-assets as principal, and if so, whether, it may trade against client’s position; and(c) How it determines the prices of thecrypto-assets it quotes to clients.Added: April 2023Disclosure of the Terms of Transactions
CRA-4.5.10
Prior to each transaction in a
crypto-asset with aclient , alicensee must furnish to theclient a written disclosure in clear, conspicuous, and legible writing in both Arabic or English languages, containing the terms and conditions of the transaction, which must include, at a minimum, to the extent applicable:(a) the amount of the transaction;(b) any fees, expenses, and charges borne by the client, including applicable exchange rates;(c) the type and nature of thecrypto-asset transaction;(d) a warning that once executed the transaction may not be undone; and(e) such other disclosures as are customarily given in connection with a transaction of this nature.Amended: April 2023
Added: April 2019Acknowledgement of Disclosure
CRA-4.5.11
A
licensee must ensure that all disclosures required in this Section are acknowledged as received by clients.Added: April 2019Confirmation Note
CRA-4.5.12
Upon completion of any transaction, a
licensee must provide to the client a confirmation note containing the following information:(a) the type, value, date, and precise time of the transaction;(b) the fee charged;(c) the exchange rate, if applicable;(d) the name and contact information of thelicensee , including a telephone number established by thelicensee to answer questions and register complaints;Added: April 2019CRA-4.5.12A
Where a
client undertakes more than one transaction, thelicensee may prepare a single confirmation note which:(a) Records all of those transactions; and(b) In respect of each of those transactions includes all of the information which would have been required to be included in the confirmation note.Added: April 2023CRA-4.5.12B
Licensees must provide the confirmation note to the client no later than the end of the business day on which the transaction was undertaken.Added: April 2023CRA-4.5.13
[This Paragraph was deleted in April 2023].
Deleted: April 2023
Added: April 2019Prevention of Fraud
CRA-4.5.14
Licensees must take reasonable steps to detect and prevent fraud, including by establishing and maintaining a written anti-fraud policy. The anti-fraud policy must, at a minimum, include:(a) the identification and assessment of fraud-related risk areas;(b) procedures and controls to protect against identified risks;(c) allocation of responsibility for monitoring risks and establish real-time/near real-time fraud risk monitoring and surveillance system; and(d) procedures for the periodic evaluation and revision of the anti-fraud procedures, controls, and monitoring mechanisms.Amended: April 2023
Added: April 2019CRA-4.5.14A
A
client account must be considered dormant if theclient does not trade for a period of 12 (twelve) continuous months. All the accounts designated as dormant need to be monitored carefully in order to avoid unauthorized transactions in the account.Added: April 2023CRA-4.5.14B
If a
client wishes to make his/her account active after 12 continuous months or thereafter, thelicensee must ensure that the client submits a request to reactivate his/her account. In case there is any change in the information such as; address, contact details, email ID, bank account, financial disclosure provided in KYC at the time of registration asclient , the same must be submitted along with the request. After verification of the updated / revised details and approval from the compliance officer or money laundering reporting officer (MLRO), the account can be made active and transactions can take place.Added: April 2023Client Agreements and Statements
CRA-4.5.15
Licensees must not provide aregulated crypto-asset service to a client as mentioned unless there is a client agreement entered into between thelicensee and theclient containing the key information specified in Rule CRA-4.5.16.Amended: April 2023
Added: April 2019CRA-4.5.16
The client agreement referred to in Rule CRA-4.5.15 must include:
(a) the name and address of thelicensee ;(b) the regulatory status of thelicensee ;(c) when and how the client agreement is to come into force and how the agreement may be amended or terminated;(d) details of fees, costs and other charges and the basis upon which thelicensee will impose those fees, costs and other charges;(e) sufficient details of the service that thelicensee will provide, including where relevant, information about any product or other restrictions applying to thelicensee in the provision of its services and how such restrictions impact on the service offered by thelicensee ; or if there are no such restrictions, a statement to that effect;(f) details of any conflicts of interests;(g) any soft dollar arrangements;(h) key particulars of thelicensee's complaints handling procedures or dispute resolution procedure; and(i) thecrypto-asset risk disclosure referred to in Rule CRA-4.5.8 and disclosure of general terms and conditions referred to in Rule CRA-4.5.9.Amended: April 2023
Added: April 2019CRA-4.5.16A
Licensees must provide periodic statements i.e. confirmation note, monthly statement of account and annual statement of account to their clients.Licensees may provide to their clients the periodic statement information through their website and/or application. Where alicensee provides the periodic statement through its website and application, the licensee is not required to send the periodic statement to their clients separately.Added: April 2023Monthly Statement of Account
CRA-4.5.17
A
licensee must prepare and provide a monthly statement of account to the client no later than 7 business days following the month where any of the following circumstances apply:(a) During a month, thelicensee has provided a confirmation note (refer CRA-4.5.12) or has received funds from the client;(b) At any time during a month, the client has an account balance (funds) that is not nil; or(c) At any time during a month,crypto-assets are held for the account of the client.Added: April 2023CRA-4.5.18
The monthly statement of account referred to in Paragraph CRA-4.5.17 must include the following information:
(a) The name and address of thelicensee ;(b) The name, address and account number of the client;(c) The date on which the statement of account is issued;(d) The outstanding balance of that account as at the beginning and as at the end of the month;(e) Details of all transactions undertaken by the client during the month;(f) Inward and outward transfer ofcrypto-assets during the month;(g) The quantity, and, in so far as readily ascertainable, the market price and total value of eachcrypto-asset held at the end of the month;(h) Details of all funds credited to and fees and charges levied during the month; and(i) Details of any restrictions, such as blocks pursuant to an order by a court or other competent authority.Added: April 2023Duty to Provide Statement of Account on Request
CRA-4.5.19
Where a
licensee receives a request from a client for a statement of account it must provide the client, as soon as practicable after the date of the request but no later than 5 working days from the date of the request, such statement of account which must include the information required as per Paragraph CRA-4.5.18 for the period specified by the client.Added: April 2023CRA-4.5.20
Where a
licensee provides the statement of account at the request of the client (refer to CRA-4.5.19), it may impose a reasonable charge on the client for providing the statement of account.Added: April 2023CRA-4.5.21
A
licensee must prepare and provide a statement of account to the client, on an annual basis, no later than the end of the seventh business day after the end of the financial year except under following circumstances:(a) There are no transactions;(b) The account balance (funds) is nil; and(c) The balance ofcrypto-assets held on behalf of the client is nil.Added: April 2023No Restriction on Withdrawal of Client Assets
CRA-4.5.22
Where a
client requests for withdrawal ofclient assets , alicensee , unless the restriction is pursuant to a freeze or block order from a court or due to factors related to money laundering and terror financing (suspicious transactions), must not impose restriction on withdrawal of theclient assets held under its control.Added: April 2023CRA-4.6 CRA-4.6 Marketing and Promotion
CRA-4.6.1
In all advertising and marketing materials,
licensees and any person or entity acting on its behalf, must not, directly or by implication, make any false, misleading, or deceptive representations or omissions.Added: April 2019CRA-4.6.1A
Licensees must ensure that all advertising and marketing materials adhere to the principles of fair competition. While comparative advertisement in product or service promotion is acceptable, the intent and connotation of comparative advertisement should be to inform and never to discredit or unfairly target competitors, competing products or services.Added: April 2023CRA-4.6.2
Licensees must not advertise its products, services, or activities in the Kingdom of Bahrain without including the name of thelicensee and a statement that thelicensee is "Licensed by the CBB as a crypto-asset service provider (Licensing category-...)".Amended: April 2023
Added: April 2019CRA-4.6.3
Licensees must not make use of the name of the CBB in any promotion in such a way that would indicate endorsement or approval of its products or services.Added: April 2019CRA-4.6.4
[This Paragraph was deleted in April 2023].
Deleted: April 2023
Added: April 2019CRA-4.6.5
Licensees , at a minimum, must make the following information available on its website:(a) The services being offered;(b) Its trading and operational rules as well as admission and removal rules and criteria;(c) Its admission and trading fees and charges, including illustrative examples of how the fees and charges are calculated, for ease of understanding by clients;(d) The relevant material information for eachcrypto-asset , including providing clients with access to up-to-date whitepaper or information, and providing clients with material information as soon as reasonably practicable to enable clients to appraise the position of their investments (for example, any major events in relation to acrypto-asset or any other material information);(e) The rights and obligations of thelicensee and the client;(f) Arrangements for dealing with settlement failures in respect of transactions executed on its platform;(g) Detailed documentation of market models, order types as well as deposit and withdrawal processes for fiat currencies andcrypto-assets ;(h) Where applicable, client’s liability for unauthorisedcrypto asset transactions;(i) Client’s right to stop transfer of a preauthorisedcrypto-asset and the procedure for initiating such a stop-transfer order;(j) Circumstances under which thelicensee may disclose the client’s confidential information to third parties, including regulators;(k) Client’s right to prior notice of any change in thelicensee’s rules, policies and terms and conditions;(l) Dispute resolution mechanisms, including complaints procedures; and(m) System upgrades and maintenance procedures and schedules.Licensees must, as soon as practicable thereafter, publish any revisions or updates on its website and circulate them to the users of its platforms, identifying the amendments which have been made and providing an explanation for making them.Added: April 2023Promotion
CRA-4.6.6
Licensees must ensure that all the following requirements are met with regards to promotion of products or services:(a) They do not involve a breach of Bahrain law or any other relevant applicable law, rules or regulation;(b) All documentation concerning promotions is in a language that clients can fully understand;(c) Clients to whom promotions are directed must have equal opportunity in terms of access and treatment;(d) The communication concerning promotions must be clear, concise, truthful, unambiguous and complete to enable clients to make a fully informed decision;(e) Where the promotion involves communication of earnings potential or benefits associated with the products or services promoted, all costs, charges or levies and risks are also disclosed; and(f) Licensees using social media platforms as a medium of promotion must provide a reference or link to more comprehensive information available elsewhere.Added: April 2023CRA-4.7 CRA-4.7 Complaints
CRA-4.7.1
Licensees must establish and maintain written policies and procedures to resolve complaints in a fair and timely manner.Amended: April 2023
Added: April 2019CRA-4.7.2
A
licensee must provide, in a clear and conspicuous manner on their website and in all physical locations the following disclosures:(a) thelicensee's mailing address, email address, and telephone number for the receipt of complaints; and(b) [This Subparagraph was deleted in April 2023];(c) the CBB's mailing address, website, and telephone number.Amended: April 2023
Added: April 2019CRA-4.7.3
Licensees must notify to the CBB any change in their complaint policies or procedures within seven days prior to the implementation of the new complaint policy.Amended: April 2023
Added: April 2019CRA-4.7.4
The complaint handling procedures of a
licensee must provide for:(a) The receipt of written complaints;(b) The appropriate investigation of complaints;(c) An appropriate decision-making process in relation to the response to a customer complaint;(d) Notification of the decision to the customer;(e) The recording of complaints; and(f) How to deal with complaints when a business continuity plan (BCP) is operative.Added: April 2019CRA-4.7.5
A
licensee's internal complaint handling procedures must be designed to ensure that:(a) All complaints are handled fairly, effectively and promptly;(b) [This Subparagraph was deleted in April 2023];(c) The number of unresolved complaints referred to the CBB is minimized;(d) The employee responsible for the resolution of complaints has the necessary authority to resolve complaints or has ready access to an employee who has the necessary authority;(e) Relevant employees are aware of thelicensee 's internal complaint handling procedures that they comply with them and receive training periodically to be kept abreast of changes in procedures; and(f) Complaints are investigated by an employee of sufficient competence who, where appropriate, was not directly involved in the matter which is the subject of a complaint.Amended: April 2023
Added: April 2019Response of Complaints
CRA-4.7.6
Licensees must acknowledge in writing customer written complaints within 5 working days of receipt.Added: April 2019CRA-4.7.7
Licensees must respond to a client complaint promptly and within a period of 4 weeks of receiving the complaint or provide the complainant with an appropriate explanation as to why thelicensee is not, at that time, in a position to respond and must indicate by when thelicensee will respond.Amended: April 2023
Added: April 2019Redress
CRA-4.7.8
Licensees must decide and communicate how it proposes to provide the customer with redress. Where appropriate, thelicensee must explain the options open to the customer and the procedures necessary to obtain the redress.Added: April 2019CRA-4.7.9
Where a
licensee decides that redress in the form of compensation is appropriate, thelicensee must provide the complainant with fair compensation and must comply with any offer of compensation made by it which the complainant accepts.Added: April 2019CRA-4.7.10
Where a
licensee decides that redress in a form other than compensation is appropriate, it must provide the redress as soon as practicable.Added: April 2019CRA-4.7.11
A
licensee must inform the clients who have filed a complaint with the licensee and are not satisfied with the response received as per Paragraph CRA-4.7.7, about their right to forward the complaint to the Consumer Protection Unit at the CBB within 30 calendar days from the date of receiving the letter from thelicensee .Amended: April 2023
Added: April 2019Reporting of Complaints
CRA-4.7.12
Licensees must submit to the Consumer Protection Unit at the CBB, a quarterly report summarising the following:(a) The number of complaints received during the quarter;(b) The substance of the complaints;(c) The number of days it took thelicensee to acknowledge and to respond to the complaints; and(d) The status of the complaint, including whether resolved or not, and whether redress was provided.Amended: April 2023
Added: April 2019CRA-4.7.13
Where no complaints have been received by the
licensee within the quarter, a 'nil' report must be submitted to the Consumer Protection Unit at the CBB.Amended: April 2023
Added: April 2019Record of Complaints
CRA-4.7.14
A
licensee must maintain a record of all client complaints. The record of each complaint must include:(a) The identity of the complainant;(b) The substance of the complaint;(c) The status of the complaint, including whether resolved or not, and whether redress was provided; and(d) All correspondence in relation to the complaint.Such records must be retained by the
licensee for a period of 10 years from the date of receipt of the complaint.Added: April 2023CRA-4.8 CRA-4.8 Professional Indemnity Coverage
Key Provisions
CRA-4.8.1
Licensees handlingclient asset and/orclient money must maintain a professional indemnity coverage (insurance policy) in accordance with the scope of coverage provided in Paragraph CRA-4.8.3.Amended: April 2023
Added: April 2019CRA-4.8.2
For the purposes of Paragraph CRA-4.8.1,
licensees must maintain professional indemnity coverage for an amount that is determined based on its assessment of the potential risk exposure. Such amount, however, must not be less than BD100,000.Added: April 2019CRA-4.8.3
Licensees must ensure that the Professional Indemnity Coverage, inter alia:(a) covers any legal liability in consequence of any negligent act, error or omission in the conduct of thelicensee's business by thelicensee or any person employed by it or otherwise acting for it, including consultants under a contract for service with thelicensee ;(b) covers legal defence costs which may arise in consequence of any negligent act, error or omission in the conduct of thelicensee's business by thelicensee or any person employed by it or otherwise acting for it, including consultants under a contract for service with thelicensee ;(c) Covers any legal liability in consequence of any dishonest, fraudulent, criminal or malicious act, error or omission of any person at any time employed by thelicensee , or otherwise acting for it, including consultants under a contract for service with thelicensee ; and(d) covers loss of and damage to documents and records belonging to thelicensee or which are in the care, custody or control of thelicensee or for which thelicensee is responsible; including also liability and costs and expenses incurred in replacing, restoring or reconstructing the documents or records; including also consequential loss resulting from the loss or damage to the documents or records.Amended: April 2023
Added: April 2019CRA-4.8.4
The professional indemnity coverage must be obtained from an insurance firm acceptable to the CBB and licensed in the Kingdom of Bahrain.
Licensees must submit a Professional Indemnity Insurance Return (Form PIIR) on an annual basis. Additionally, they must provide, upon request, evidence to the CBB of the coverage in force.Added: April 2019CRA-4.8.5
[This Paragraph was deleted in April 2023].
Deleted: April 2023
Added: April 2019CRA-4.8.6
The requirement to maintain professional indemnity coverage will normally be met by the
licensee obtaining an insurance policy from an insurance firm. The CBB may also accept an insurance indemnity policy issued at group level, e.g. issued with respect to the parent of thelicensee , provided the terms of the policy explicitly provide indemnity coverage with respect to thelicensee and meets the requirements of Paragraphs CRA-4.8.1, CRA-4.8.2 and CRA-4.8.3.Amended: April 2023
Added: April 2019CRA-4.8.7
Upon written application to the CBB, the requirement in Rule CRA-4.8.1 may instead be met by the
licensee depositing with a retail bank licensed to operate in the Kingdom of Bahrain, an amount, specified by the CBB, to be held in escrow against future claims. This amount will not be less than the minimum required policy limit.Added: April 2019CRA-4.8.8
The policy must contain a clause that it may not be cancelled or lapsed without the prior notification of the CBB. The policy must also contain a provision for an automatic extended reporting period in the event that the policy is cancelled or lapsed, such that claims relating to the period during which the policy was in force may subsequently still be reported.
Amended: April 2023
Added: April 2019CRA-4.9 CRA-4.9 Other Obligations
Obligation to Maintain Proper Records
CRA-4.9.1
[This Paragraph was deleted in April 2023].
Deleted: April 2023
Added: April 2019Obligation to Maintain Confidentiality
CRA-4.9.2
A
licensee must maintain the confidentiality of all client information in accordance with the requirements of the Personal Data Protection Law (PDPL).Amended: April 2023
Added: April 2019Records of Telephone conversations and Electronic Communications
CRA-4.9.3
[This Paragraph was deleted in April 2023].
Deleted: April 2023
Added: April 2019CRA-4.10 CRA-4.10 Matters Requiring Approval of CBB
CRA-4.10.1
A
licensee must comply with the following Rules of relating to a change of shareholding held by substantial shareholders, or a transfer of business or substantially all its assets or liabilities in the same manner set out in:(a) Section MIR-5 (Substantial Shareholding in a Licensed Member);(b) Section MIR-6 (Control of a Licensed Member); and(c) Section MIR-7 (Business Transfer).Amended: April 2023
Added: April 2019Dividends
CRA-4.10.2
Licensees must obtain the CBB's prior written approval to any dividend proposed to be distributed to the shareholders, before announcing the proposed dividend by way of press announcement or any other means of communication and prior to submitting a proposal for a distribution of profits to a shareholder vote.Added: April 2019CRA-4.10.3
One of the factors that the CBB will consider while determining whether to grant an approval is when it is satisfied that the level of dividend proposed is unlikely to leave the
licensee vulnerable to breaching the CBB's financial resources requirements, taking into account, as appropriate, the trends in thelicensee's business volumes, profitability, expenses and performance.Added: April 2019CRA-4.10.4
To facilitate the prior approval required under Paragraph CRA-4.10.2,
licensees must provide the CBB with:(a) Thelicensee 's intended percentage and amount of proposed dividends for the coming year;(b) A letter of no objection from thelicensee 's external auditor on such profit distribution; and(c) A detailed analysis of the impact of the proposed dividend on the capital adequacy requirements outlined in Chapter CRA-3 (Minimum Capital Requirements) and the liquidity position of thelicensee .Amended: April 2023
Added: April 2019CRA-4.11 CRA-4.11 Compliance
CRA-4.11.1
Licensees must establish, implement and maintain adequate policies and procedures designed to detect any risk of failure by thelicensee to comply with its obligations under the CBB Law, its regulations, resolutions and directives (including these Rules), as well as to detect the associated risks, and must put in place adequate measures and procedures designed to minimize such risk and to enable the CBB to exercise its powers effectively.Amended: April 2023
Added: April 2019CRA-4.11.2
For the purposes of Paragraph CRA-4.11.1,
licensees should take into account the nature, scale and complexity of its business and the nature and range ofregulated crypto-asset services undertaken in the course of the business.Added: April 2019CRA-4.11.3
Licensees must establish and maintain a permanent and effective compliance function which operates independently and has, as a minimum, the following responsibilities:(a) to monitor and, on a regular basis, to assess the adequacy and effectiveness of the measures and procedures put in place, and the actions taken to address any deficiencies in thelicensee's compliance with its obligations;(b) to draw up and implement a compliance monitoring plan; and(c) to advise and assist the relevant persons responsible for carrying outregulated crypto-asset services to comply with thelicensee's legal and regulatory obligations.Added: April 2019CRA-4.11.4
In order to enable the compliance function to discharge its responsibilities properly,
licensees must ensure that the following conditions, as a minimum, are satisfied:(a) the compliance function must have the necessary authority, resources, expertise and access to all relevant information;(b) a Compliance Officer must be appointed and shall be responsible for the compliance function and for any reporting as to compliance required by these Rules;(c) the relevant persons involved in the compliance function must not be involved in the performance of services or activities which they monitor; and(d) the method of determining the remuneration of the relevant persons involved in the compliance function must not compromise their objectivity.Amended: April 2023
Added: April 2019CRA 4.11.5
The CBB may exempt a
licensee from the requirements Paragraph CRA-4.11.4(c) if thelicensee is able to demonstrate to the satisfaction of the CBB, that in view of the nature, scale and complexity of its business, and the nature and range of regulated crypto-asset services and related activities, the requirement under Paragraph CRA-4.11.4(c) is not proportionate and that its compliance function continues to be independent, objective and effective.Added: April 2019CRA-4.11.6
The CBB may, at its discretion, allow the compliance officer of a
licensee to also act as thelicensee's Money Laundering Reporting Officer, provided thelicensee is able to demonstrate to the satisfaction of the CBB, that the nature, scale and complexity of the business is such that both the functions can be carried out effectively by the compliance officer without compromising on supervisory objectives.Amended: April 2023
Added: April 2019CRA-4.12 CRA-4.12 Additional requirements applicable to Crypto-asset Exchange Licensees
Listing and Trading of Crypto-assets
CRA-4.12.1
[This Paragraph was deleted in April 2023].
Deleted: April 2023
Added: April 2019CRA-4.12.2
[This Paragraph was deleted in April 2023].
Deleted: April 2023
Added: April 2019CRA-4.12.3
[This Paragraph was deleted in April 2023].
Deleted: April 2023
Added: April 2019Suspension of trading and delisting
CRA-4.12.4
Where a licensed
crypto-asset exchange decides to delist or suspend the trading of one or morecrypto-assets , it must notify the CBB with the rationale for the suspension or delisting of the crypto-asset.Amended: April 2023
Added: April 2019CRA-4.12.5
Without prejudice to the right of the CBB to demand suspension or delisting of a
crypto-asset from trading, a licensedcrypto-asset exchange must suspend or delist from trading acrypto-asset which no longer complies with the Rules of the licensedcrypto-asset exchange unless such suspension or delisting would likely cause significant damage to the clients' interests or the orderly functioning of the market.Amended: April 2023
Added: April 2019CRA-4.12.6
Where a licensed
crypto-asset exchange decides to suspends or delists from trading acrypto-asset , it must by way of a public announcement inform the clients' regarding the date of suspension or delisting of thecrypto-asset .Amended: April 2023
Added: April 2019CRA-4.12.7
Where a llicensed
crypto-asset exchange has suspended or delisted acrypto-asset from trading, the CBB may require that otherlicensees , which fall under its jurisdiction and trade the same crypto-asset, also suspend or delist thatcrypto-asset from trading, where the suspension or delisting is due to suspected market abuse, a take-over bid or the non-disclosure of inside information about the issuer orcrypto-asset except where such suspension or delisting could cause significant damage to the clients' interests or the orderly functioning of the market.Amended: April 2023
Added: April 2019Order Matching
CRA-4.12.8
A licensed
crypto-asset exchange must ensure expedient and accurate verification of trades and matching settlement instructions.Added: April 2019CRA-4.12.9
A licensed
crypto-asset exchange must ensure that it has necessary systems and controls to verify the existence of funds andcrypto-assets , as applicable, of clients submitting orders.Amended: April 2023
Added: April 2019Pre-trade transparency
CRA-4.12.10
A licensed
crypto-asset exchange must disclose to its clients and the public as appropriate, on a continuous basis during normal trading, the following information relating to trading ofcrypto-assets on its platform:(a) the current bid and offer prices and volume;(b) the depth of trading interest shown at the prices and volumes advertised through its systems for thecrypto-assets ; and(c) any other information relating tocrypto-assets which would promote transparency relating to trading.Amended: April 2023
Added: April 2019CRA-4.12.11
A licensed
crypto-asset exchange must use appropriate mechanisms to enable pre-trade information to be made available to the public in an easy to access and uninterrupted manner.Added: April 2019Post-trade transparency
CRA-4.12.12
A licensed
crypto-asset exchange must disclose the price, volume and time of the transactions executed in respect ofcrypto-assets to the public as close to real-time as is technically possible on a non-discretionary basis. A licensedcrypto-asset exchange must use adequate mechanisms to enable post-trade information to be made available to the public in an easy to access and uninterrupted manner, at least during business hours.Amended: April 2023
Added: April 2019Client Record Keeping
CRA-4.12.13
A licensed
crypto-asset exchange must keep, for at least 10 years, the relevant data relating to all orders and all transactions incrypto-assets which are carried out through their systems.Amended: April 2023
Added: April 2019CRA-4.12.14
For the purposes of Paragraph CRA-4.12.10, the records must contain the relevant data that constitute the characteristics of the order, including those that link an order with the executed transaction(s) that stems from that order. This shall include:
(a) details of the names and numbers of thecrypto- assets bought or sold;(b) the quantity;(c) the dates and times of execution;(d) the transaction prices; and(e) a designation to identify the clients in relation to which that transaction has been executed;Amended: April 2023
Added: April 2019CRA-4.12.15
A licensed
crypto-asset exchange must maintain adequate resources and have back-up facilities in place in order to be capable of reporting at all times.Added: April 2019CRA-4.12.16
[This Paragraph was deleted in April 2023].
Deleted: April 2023
Added: April 2019CRA-4.12.17
[This Paragraph was deleted in April 2023].
Deleted: April 2023
Added: April 2019Exchange Systems
CRA-4.12.18
A licensed
crypto-asset exchange must have in place effective systems, procedures and arrangements to reject orders that exceed pre-determined volume and price thresholds or are clearly erroneous.Added: April 2019CRA-4.12.19
A licensed
crypto-asset exchange must be able to temporarily halt or constrain trading if there is a significant price movement in acrypto-asset on its platform or a related platform during a short period and, in exceptional cases, to be able to cancel, vary or correct any transaction.Amended: April 2023
Added: April 2019CRA-4.12.20
A licensed
crypto-asset exchange must report the reasons for halting trading and any material changes to those reasons to the CBB in a consistent and comparable manner.Added: April 2019CRA-4.12.21
A licensed
crypto-asset exchange must ensure that its fee structures are transparent, fair and non-discriminatory and that they do not create incentives to place, modify or cancel orders or to execute transactions in a way which contributes to disorderly trading conditions or market abuse.Added: April 2019CRA-4.12.22
A licensed
crypto-asset exchange must ensure that its Rules on co-location services are transparent, fair and non-discriminatory.Added: April 2019CRA-4.12.23
A licensed
crypto-asset exchange must be able to identify, by means of flagging from its clients, orders generated by algorithmic trading, the different algorithms used for the creation of orders and the relevant persons initiating those orders.Amended: April 2023
Added: April 2019CRA-4.12.24
A licensed
crypto-asset exchange must, upon request by the CBB, make available to the CBB, data relating to the order book or give the CBB access to the order book so that it is able to monitor trading.Added: April 2019Settlement
CRA-4.12.25
A licensed
crypto-asset exchange must establish procedures that enable the confirmation of relevant details of transactions incrypto-assets .Amended: April 2023
Added: April 2019CRA-4.12.26
A licensed
crypto-asset exchange's settlement procedures must clearly define the point at which settlement is final.Added: April 2019CRA-4.12.27
A licensed
crypto-asset exchange must complete final settlement no later than the end of the trade date, and preferably intraday or in real time, to reduce settlement risk.Added: April 2019CRA-4.12.28
A licensed
crypto-asset exchange must clearly define the point after which unsettled payments, transfer instructions, or other obligations may not be revoked by a client.Added: April 2019CRA-4.12.29
A licensed
crypto-asset exchange must minimize and strictly control the credit and liquidity risk arising from money settlements.Added: April 2019CRA-4.12.30
A licensed
crypto-asset exchange must clearly state its obligations with respect to the delivery ofcrypto-assets and should identify, monitor, and manage the risks associated with such delivery.Amended: April 2023
Added: April 2019CRA-4.12.31
A licensed
crypto-asset exchange must have in place adequate systems to safeguard against settlement failures as well as resolution systems which cater for such failures. Such systems should be clearly documented in the licensed crypto-asset exchange's policies, procedures and rules.Amended: April 2023
Added: April 2019CRA-4.12.32
A licensed
crypto-asset exchange must establish a system that monitors settlement failures of transactions incrypto-assets . Upon occurrence of such events, thelicensed crypto-asset exchange must immediately report to the CBB, details of the settlement failure and any other relevant information.Amended: April 2023
Added: April 2019Rules of a Licensed Crypto-asset Exchange
CRA-4.12.33
A licensed
crypto-asset exchange must issue clear and transparent Rules in order to ensure that anycrypto-assets being traded on its platform is being traded in a fair, orderly and efficient manner. Such rules, and any changes or amendments thereto are to be approved by the CBB.Amended: April 2023
Added: April 2019CRA 4.12.34
The CBB may require a licensed
crypto-asset exchange to effect any changes to its Rules, as it may deem necessary.Added: April 2019CRA-4.12.35
The Rules must, inter alia, include Sections on:
(a) the administration of the licensedcrypto-asset exchange , including but not limited to governance, compliance and risk management;(b) how the licensedcrypto-asset exchange operates, including the client on boarding procedure, the procedure for the listing ofcrypto-assets , trading procedures, pre- and post-trade transparency, market monitoring, custody and safekeeping arrangements, record keeping, and fees;(c) the reporting of suspicious transactions;(d) settlement and resolution mechanisms in the event of settlement failure;(e) suspension and removal from trading;(f) business continuity; and(g) Actions or measures which the licensedcrypto-asset exchange can take against itsclients .Amended: April 2023
Added: April 2019Inability to Discharge Functions
CRA-4.12.36
Where, due to the occurrence of any event or circumstances, a licensed
crypto-asset exchange is unable to discharge any of its functions whatsoever, it must on the day of such occurrence immediately notify the CBB of its inability to discharge that function, specifying:(a) the event or circumstance causing it to become unable to discharge any of its functions;(b) the functions which the licensed crypto-asset exchange is unable to discharge; and(c) what action, if any, is being taken or is being proposed by the licensed crypto-asset exchange in order to deal with the situation and, in particular, to be able to recommence discharging that function.Added: April 2019Actions or Measures
CRA-4.12.37
Where a licensed
crypto-asset exchange has taken any action against any of itsclients , including the suspension of theclient from trading, the blacklisting or expelling of aclient or any other action, in respect of a breach of its rules, that licensedcrypto-asset exchange must immediately notify the CBB of that event, providing:(a) The name of the person concerned;(b) Brief description of the breach;(c) Details of the action or measure taken by the licensedcrypto-asset exchange ; and(d) The reasons for taking that action or measure.Amended: April 2023
Added: April 2019
