CRA-A.2.1
This Module was first issued in February 2019. Changes made subsequently to this Module are annotated with the calendar quarter date in which the change was made as detailed in the table below. Chapter UG 3 provides further details on Rulebook maintenance and version control.
| Module Ref. | Change Date | Description of Changes |
| CRA-1.1.6(f) | 04/2019 | Amended sub-paragraph. |
| CRA-1.1.6(g) | 04/2019 | Moved to sub-paragraph (f). |
| CRA-1.6.3 | 04/2019 | Added License fee table based on Category. |
| CRA-1.6.10 | 04/2019 | Amended Paragraph. |
| CRA-1.2.19 | 10/2019 | Changed from Rule to Guidance. |
| CRA-1.2.20 | 10/2019 | Changed from Rule to Guidance. |
| CRA-1.2.21 | 10/2019 | Changed from Rule to Guidance. |
| CRA-1.4.1 | 10/2019 | Changed from Rule to Guidance. |
| CRA-B.1 | 01/2020 | Added reference to cyber security risk. |
| CRA-4.1.1 | 01/2020 | Amended reference to CRA-4.1.1 (r). |
| CRA-5.2.6-CRA-5.2.9 | 01/2020 | Added new Paragraphs on the requirements of IT System Audit. |
| CRA-5.3.6 | 01/2020 | Removed “at least annually” for security tests. |
| CRA-5.8 | 01/2020 | Added these terms: Cyber Security Risk, Cyber Security Incident, Cyber Security Threats. |
| CRA-5.8.19A | 01/2020 | Added a new Paragraph on requirements to submit a comprehensive report on cyber security incident. |
| CRA-5.8.24 | 01/2020 | Deleted Paragraph. |
| CRA-5.8.25 | 01/2020 | Deleted Paragraph. |
| CRA-5.8.25A | 01/2020 | Added a new Paragraph on requirements for periodic assessments of cyber security threats. |
| CRA-5.8.28-CRA-5.8.29 | 01/2020 | Added new Paragraphs on the requirement for cyber security insurance. |
| CRA-7.1.1 | 01/2020 | Amended Paragraph. |
| CRA-7.1.1A | 01/2020 | Added a new Paragraph on references to Module AML. |
| CRA-7.1.2 | 01/2020 | Deleted Paragraph. |
| CRA-7.1.3 | 01/2020 | Added clarification that simplified customer due diligence is not allowed. |
| CRA-7.1.5 | 01/2020 | Added a new Paragraph on reference to Module AML and removed transaction record details. |
| Appendix-1 | 01/2020 | Added reference to cyber security incident. |
| Appendix-2 | 01/2020 | Amended Mitigation and aggravating factors. |
| CRA-4.1.1A | 10/2020 | Added a new Paragraph on Provision of Financial Services on a Non-discriminatory Basis. |
| CRA-10.1.9 | 01/2022 | Amended Paragraph on the submission of the written assessment of the observations/issues raised in the Inspection draft report. |
| CRA-10.3.1 | 01/2022 | Amended Paragraph on change in licensee corporate and legal name. |
| CRA-10.3.2 | 01/2022 | Amended Paragraph on change in licensee legal name. |
| CRA-6.6 | 07/2022 | Replaced Section with new Outsourcing Requirements. |
| CRA | 04/2023 | Amended Module including a new Chapter on Digital Token Offerings and enhancements to cyber security requirements. |
| CRA-5.9 | 10/2023 | Added a new Section on cyber hygiene practices. |
| CRA-4.1.10 | 07/2025 | Added a new Paragraph on stablecoin reporting reference to SIO Module. |