Central Bank of Bahrain -Rulebooks & Regulatory Update

CBB Volume 4: Contents

Central Bank of Bahrain Volume 4—Investment Business

High Level Standards

Business Standards

CA Capital Adequacy

BC Business Conduct

CL Client Assets

RM Risk Management

Chapter RM-A Introduction

Chapter RM-B Scope of Application

Chapter RM-1 General Requirements

Chapter RM-2 Counterparty Risk

Chapter RM-3 Liquidity Risk

Chapter RM-4 Market Risk

Chapter RM-5 Operational Risk

Chapter RM-6 Derivative Transactions Risk

Chapter RM-7 Outsourcing Risk

RM-7.1 Outsourcing Risk

RM-7.2 Outsourcing Agreement

RM-7.3 Intra-group Outsourcing

RM-7.3.6

RM-7.4 Internal Audit Outsourcing

Chapter RM-8 Group Risk

Chapter RM-9 Cyber Security Risk

FC Financial Crime

TC Training and Competency

GS Group Supervision

DA Digital Financial Advice

Reporting Requirements

Enforcement & Redress

Quarterly Updates

Ad-hoc Communications

Archived Part A

RM-7.3 Intra-group Outsourcing

RM-7.3.1
As with outsourcing to non-group companies, the Board and management of licensees are held ultimately responsible by the CBB for the adequacy of systems and controls in activities outsourced to group companies.

Adopted: July 2007

RM-7.3.2
However, the degree of formality required — in terms of contractual agreements and control mechanisms — for outsourcing within a licensee's group is likely to be less, because of common management and enhanced knowledge of other group companies.

Adopted: July 2007

RM-7.3.3
Investment firm licensees must obtain CBB prior written approval before committing to a material intra-group outsourcing. The request for approval must be made in writing to the licensee's normal supervisory contact at least 6 weeks prior to committing to the outsourcing, and must set out a summary of the proposed outsourcing, its rationale, and an analysis of its associated risks and proposed mitigating controls.

Amended: October 2017
Amended: April 2008
Adopted: July 2007

RM-7.3.4
The CBB will respond to the request for approval in Paragraph RM-7.3.3 in the same manner and timescale as set out in Paragraph RM-7.1.9 and will also consider the issue of considerable outsourcing as outlined in Paragraph RM-7.1.9A.

Amended: October 2017
Amended: July 2013
Amended: April 2008
Adopted: July 2007

RM-7.3.5
The CBB expects, as a minimum, an agreed statement of the standard of service to be provided by the group provider, including a clear statement of responsibilities allocated between the group provider and licensee.

Adopted: July 2007

RM-7.3.6
The CBB also expects a licensee's management to have addressed the issues of customer confidentiality, access to information and business continuity.

Adopted: July 2007

RM-7.3.7
Investment firm licensees may not outsource their core business activities, including the internal audit function, to their group. The outsourcing of certain functions is subject to the provisions of Modules RM (Risk Management), HC (High-Level Controls) and FC (Financial Crime).

Adopted: October 2009