BackText onlyPrint

You need the Flash plugin.

Download Macromedia Flash Player



Location: Central Bank of Bahrain Volume 5—Specialised Licensees > Specific Modules (By Type of Licensee) > Type 7: Ancillary Service Providers > Part A > High Level Standards > AU Ancillary Service Providers Authorisation Module > AU-1 Authorisation Requirements > AU-1.2 Definition of Regulated Ancillary Services > AU-1.2.1
  • AU-1.2 Definition of Regulated Ancillary Services

    • AU-1.2.1

      Regulated ancillary services are any of the following activities, carried on by way of business:

      (a) Third party administrators (TPA);
      (b) Card processingG ;
      (c) Credit reference bureauG ;
      (d) Payment service provider (PSP);
      (e) Shari'a advisory/review services;
      (ee) Crowdfunding platform operator; and
      (f) Providing account information services;
      (g) Providing payment initiation services and
      (h) Any other ancillary services that are related to the financial services industry.
      Amended: December 2018
      Amended: October 2017
      April 2016

    • AU-1.2.2

      For the purposes of Rule AU-1.2.1, carrying on a regulated ancillary service by way of business means:

      (a) Undertaking any of the regulated ancillary service activities as defined in Section AU-1.2, for commercial gain; or
      (b) Holding oneself out as willing and able to engage in such activities.
      April 2016

    • AU-1.2.3

      While Paragraph AU-1.2.1 covers different activities under regulated ancillary services, only the license itself will specify the list of activities the licensee has been authorised to carry out. For existing ancillary service providersG at April 2016, no new license will be issued.

      April 2016

    • Third Party Administrators (TPAs)

      • AU-1.2.4

        TPA refers to processing claims in connection with insurance coverage offered by insurance firms.

        April 2016

      • AU-1.2.5

        Notwithstanding Rule AU-1.2.4, TPAs are also allowed to offer their services to self-funded schemes outside Bahrain.

        April 2016

      • AU-1.2.5A

        When TPAs process claims for insurance firms, the CBB regards this activity as an outsourced activity and insurance firms should refer to Chapter RM-7 Outsourcing Risk under Volume 3 (Insurance) of the CBB Rulebook.

        April 2016

    • Card Processing

      • AU-1.2.5

        Card processingG includes:

        (a) The act of processing or transmitting debit/credit/prepaid card holder and transaction related data;
        (b) Integrating customer delivery channels to enterprises to enable data transactions at delivery channels (e.g. ATMs, POS, Interactive Voice Response, mobile, internet);
        (c) Hosting and managing card program;
        (d) Approving and authenticating payment transactions as per financial institutions rules;
        (e) Providing technical service support for E-commerce and M-commerce transactions;
        (f) Interfacing with external networks/institutions (e.g. national switch, VISA, MasterCard), enabling automated exchange of transactions between the enterprise and external networks;
        (g) Reporting and customising reporting engine;
        (h) Call centre outsourcing services; and
        (i) Online and mobile portals for bank customers.
        April 2016

    • Credit Reference Bureau

      • AU-1.2.6

        A credit reference bureauG is a company licensed by the CBB as an ancillary services provider that receives, stores, analyses and classifies the credit informationG of customers and issues credit reportsG and provides the members of the credit reference bureauG with such reports upon their request.

        April 2016

      • AU-1.2.7

        For purposes of Paragraph AU-1.2.6, 'customers' refers to customers of the members of the credit reference bureauG as defined under Article (68 bis) b) 3) of the CBB Law.

        April 2016

    • Payment Service Provider ("PSP")

      • AU-1.2.8

        Payment service providers, may act as an intermediary for the following services:

        (a) Services enabling cash to be placed in clients' money account and all of the operations required for operating the account;
        (b) Services enabling cash withdrawals from clients' money account and all of the operations required for operating the account;
        (c) The settlement of the direct debits of payment transactions;
        (d) Integrating customer delivery channels to enterprises to enable transactions at delivery channels (e.g. ATMs, POS, Interactive Voice Response, mobile, internet); and
        (e) Interfacing with external networks/institutions (e.g. national switch, VISA, MasterCard), enabling automated exchange of transactions between the enterprise and external networks.
        Amended: January 2019
        Amended: April 2017
        April 2016

      • AU-1.2.9

        Payment service providers also facilitate the payment of high volume periodic/repetitive bills (e.g. utility bills, phone bills etc), and customer initiated payments.

        April 2016

      • AU-1.2.10

        For purposes of Paragraph AU-1.2.8, clients' money account is defined as an account held in a retail bank which is used for the execution of payment transactions. The CBB has the right to stop this clients' money account at any time.

        Amended: January 2019
        April 2016

      • AU-1.2.10A

        When issuing any multi-purpose, electronic or otherwise, pre-paid cards, payment service providers must comply with the following requirements:

        (a) The maximum balance limit under each natural person must not exceed BD1,000 and the maximum single transaction value limit must not exceed BD500;
        (bb) The maximum balance limit for each legal person must not exceed BD10,000 (Loading and transaction size).
        (b) The payment service provider must obtain a bank guarantee of BD100,000 from a retail bank licensed in the Kingdom of Bahrain; instead of the bank guarantee amount required under Paragraph AU-4.1.12.
        (c) Comply with all the requirements outlined under Module FC (Financial Crime) and Module CL (Client Money);
        (d) All pre-paid plastic cards must be EMV compliant (chip and PIN and online authentication);
        (e) Any pre-paid card which is inactive for a period of six months must be placed in a dormant list;
        (f) All transactions on pre-paid cards must be made through clients' money account with a retail bank in Bahrain.
        Amended: January 2019
        Amended: October 2018
        Amended: October 2017
        Added: April 2017

      • AU-1.2.10B

        In addition to the requirements listed under Paragraph AU 1.2.10A, Payment service providers must maintain up to date Payment Card Industry Data Security Standards (PCI-DSS) certification. The initial certification must be obtained by 31st December 2017.

        Added: April 2017

      • AU-1.2.10C

        In order to maintain up to date PCI-DSS certification, payment service providers will be periodically audited by PCI authorised companies for compliance. LicenseesG are asked to make certified copies of such documents available if requested by the CBB.

        Added: April 2017

      • AU-1.2.11

        When a customer load cash into the card through kiosk or company/bank counter, the payment service provider must update the amount into the card immediately, and must deposit the relevant cash amount into the clients' money account within 24 hours.

        Amended: January 2019
        Amended: April 2017
        April 2016

      • AU-1.2.11A

        When owning or operating Cash Dispensing Machines (CDM) or Kiosks, payment service providers must comply with the requirements stated in Paragraphs AU-1.2.11B to Paragraph AU-1.2.11I.

        Added: April 2019

      • AU-1.2.11B

        Payment service providers must obtain CBB's prior written approval for owning or operating any Cash Dispensing Machine (CDM) or Kiosk.

        Added: April 2019

      • AU-1.2.11C

        Payment service providers must submit a written application to the Supervisory Point of Contact (SPoC) at the CBB, detailing the type of CDM or Kiosk, the proposed location(s) and the proposed security measures.

        Added: April 2019

      • AU-1.2.11D

        The application referred to in Paragraph AU-1.2.11C will be assessed on its individual merits, and at the CBB's sole discretion, taking into account factors which the CBB considers relevant including, but not limited to:

        (a) The suitability of the location(s) in question;
        (b) The level of overall activities of the applicant in the market as well as the size and make-up of its customer base; and
        (c) The type and range of facilities which the applicant proposes to offer through the CDM or Kiosk at the proposed location(s).
        Added: April 2019

      • AU-1.2.11E

        In addition to the information required by the CBB, further information/clarification may be requested by the CBB before it takes a decision regarding the application. The CBB's decision in this regard will be communicated to the applicant payment service provider in writing.

        Added: April 2019

      • AU-1.2.11F

        CDMs or Kiosks may be owned individually or jointly by ancillary service providers.

        Added: April 2019

      • AU-1.2.11G

        Payment service providers must not charge their customers for cash withdrawal transactions. When a customer uses CDMs, Kiosks or ATMs belonging to other banks or PSPs, the acquiring PSP/ bank may apply a charge capped at 100 fils per transaction to the issuing PSP.

        Added: April 2019

      • AU-1.2.11H

        Payment service providers must obtain the CBB's prior written approval for the termination/suspension of any of its CDMs or Kiosks.

        Added: April 2019

      • AU-1.2.11I

        The CBB may, at its sole discretion, require a payment service provider to terminate/suspend a CDM or Kiosk at any time.

        Added: April 2019

      • AU-1.2.11J

        Payment service providers must ensure they have a robust internal technological infrastructure and direct technical access to the EFTS, on an uninterrupted basis (24 X 7 days and 365 days in the year), to send, authorise and receive Fawri+/Fawateer direct credits on a real-time basis.

        Amended: April 2019
        Added: October 2018

      • AU-1.2.11K

        Payment service providers must maintain a daily value limit of BD1,000 for the total Fawri+ and Fawateer transactions (with assured immediate finality, i.e. within 30 seconds) for each STV card/IBAN account per day.

        Amended: April 2019
        Added: October 2018

      • AU-1.2.11L

        Payment Service Providers must perform an independent audit on clients' money account every 6 months and submit the report to the CBB.

        Amended: April 2019
        Added: January 2019

    • Shari'a Advisory/Review Services

      • AU-1.2.12

        Shari'a advisory/review services refer to:

        (a) Regular assessment on Shari'a compliance in the activities and operations of Islamic financial institutions or any financial institution offering regulated Islamic financial services, by those qualified to offer Shari'a review services, with the objective of ensuring that the activities and operations carried out by these financial institutions do not contravene the Shari'a principles. The services include the examination and evaluation of the financial institutions' level of compliance to the Shari'a, remedial rectification measures to resolve non-compliance and control mechanism to avoid recurrences. The examination includes contracts, agreements, policies, products, transactions, memorandum and articles of association, financial statements and reports;
        (b) Issuance of Shari'a pronouncements on any aspect of the Islamic financial institution's activities or operations; and
        (c) Ad-hoc Shari'a advisory services for products and services governed by financial services.
        April 2016

      • AU-1.2.13

        In offering Shari'a advisory/review services, the licenseeG must not offer services to the same client where this may lead to a conflict of interest in terms of services offered. As an example, if the licensee has offered services under Subparagraph AU-1.2.12(b), no service can be offered under Subparagraph AU-1.2.12(a) in relation to the pronouncement.

        April 2016

    • Crowdfunding Platform Operator

      • AU-1.2.14

        Crowdfunding platform operatorG refers to a person licensed by the CBB to operate an e-platform which takes place on an online portal, on which people lend money to businesses (Person to Business-P2B), and businesses lend money to other businesses (Business to Business – B2B) for the purpose of gaining a financial return in the form of interest/profit payment and a repayment of credit over a pre-specified period of time (financing-based crowdfunding), and/or raising of capital by issuance of ordinary shares by closed, private, family companies, start-up and small and medium size companies, entities engaged in real estate projects (equity-based crowdfunding).

        Amended: January 2019
        Added: October 2017

      • AU-1.2.15

        The role of crowdfunding platform operatorG is restricted to arranging deals, bringing together borrowers and lenders, in case of financing-based crowdfunding, and investors and issuers, in case of equity-based crowdfunding. Crowdfunding platform operatorsG are strictly prohibited to provide any advice on deals.

        Added: October 2017

      • AU-1.2.16

        Crowdfunding Platform OperatorG must not undertake Business to Person (B2P) or Person to Person (P2P) lending/investing.

        Amended: January 2019
        Added: October 2017

      • AU-1.2.17

        Crowdfunding platform operatorsG may raise funds for borrowers/issuers based in the Kingdom of Bahrain or abroad.

        Added: October 2017

      • AU-1.2.18

        For Shari'a-compliant financing-based crowdfunding the term lender refers to the financier and the term borrower refers to the fundraiser

        Added: October 2017

      • AU-1.2.19

        For the purpose of financing-based crowdfunding, licensees must also comply with the requirements stipulated in General Requirements Module (Module GR) for Ancillary Service Providers-Volume 5.

        Added: October 2017

      • AU-1.2.20

        For the purpose of equity-based crowdfunding, licensees must also comply with the requirements stipulated in Markets and Exchanges Module (Module MAE) of Volume 6.

        Added: October 2017

    • Account Information Service Provider (AISP)

      • AU-1.2.21

        AISP refers to a person licensed by the CBB to provide account information services using an online portal, mobile or smart phone application, device or other electronic media which a consenting customer can use to obtain aggregate or consolidated information about his account balances with licensed banks, financing companies and other licensees.

        Added: December 2018

      • AU-1.2.22

        The role of an AISP is restricted to providing the technology or other means in order to provide account information to the customer and the handling of communication or electronic documents between the customer and the licensees should the terms of the offer include such services. AISPs must not receive or otherwise handle customer funds in the course of providing account information servicesG .

        Added: December 2018

    • Payment Initiation Service Provider (PISP)

      • AU-1.2.23

        PISP refers to a person licensed by the CBB to initiate payment or credit transfers for the customer from an account held with a licensed bank, financing company or PSP.

        Added: December 2018

      • AU-1.2.24

        The role of a PISP is restricted to providing the technology or other means in order to initiate a payment order and the handling of communication or electronic documents between the customer and the licensees should the terms of the offer include such services. PISPs must not receive or otherwise handle customer funds in the course of providing payment initiation information servicesG .

        Added: December 2018

    • Insurance Cover

      • AU-1.2.25

        AISPs and PISPs must, at all times, hold an insurance cover against liabilities arising from cyber security breaches.

        Added: December 2018

Back to top