Chapter 2 - Licensed Bodies PDF

Chapter Two Licensed Bodies **Introduction 39** **1. General Provisions 39** **2. Licensing Financial Activities 44** **3. Further Licence Applicant Requirements 47** **This syllabus area will provide approximately 14 of the 100 examination questions**38 39 Introduction This chapter draws on the Securities and Commodities Authority (the SCA or the Authority) Decision No. 13 of 2021 titled 'Regulations Manual of the Financial Activities and Status Regularisation Mechanisms'. This decision lays down various obligations and expectations for firms applying to be licensed bodies -- to gain a licence from the Authority to perform one or more of the financial activities that were detailed at the conclusion of Chapter 1. 1\. General Provisions 1.1 Legal Status, Place of Business and Close Ties **Learning Objective** 2.1.1 Know the obligations of licensed bodies in relation to: disclosure of legal status (Article 8); state of emergency (Article 9); place of business (Article 10); close ties (Article 11) The disclosure of a licensed body's legal status, including the fact that it is licensed by the Authority, is important. It enables those that might suffer from perceived or actual misbehaviour at the hands of a licensed firm to raise their concerns with the regulator. The decision's requirements include that each licensed body discloses its legal status by adhering to the following: 1. Disclosing to third parties that it is licensed by the Authority and is subject to the Authority's control and supervision, alongside the licence category and the financial activity it conducts. 2. Including a letterhead in all its documents and work papers to the effect that it is a body licensed by the Authority, along with its licence number and addresses. This must be included whether it is delivered by hand, fax or email, or published or delivered by any other electronic means (such as on the firm's website). This requirement applies to any communications with the Authority or clients, including client agreements and other documents. 40 1. Refraining from setting any condition that exempts or limits the responsibilities arising from practising its financial activity. Any condition, including an exemption or limitation from responsibility, will be null and void unless there is a *force majeure* or a state of emergency. 2. Refraining from using, utilising, or copying the Authority's logo for any reason. If there is a desire to use the Authority's logo for a specific reason, written permission is required. Article 9 of the decision provides some common-sense provisions to cover emergencies such as fire, electricity interruption, or loss of connections. The decision specifies that, in the case of an emergency that is out of the licensed firm's control and cannot be avoided after taking reasonable steps and procedures, the firm is not required to adhere to the normal disclosure of legal status. However, the licensed body must notify the Authority immediately after knowing about any case of emergency and indicate its expected effects and the procedures that have been taken or suggested to be taken to deal with this case, and the way to manage or treat this as soon as possible in order to mitigate the probable losses for the body and its clients. The SCA's decision also puts requirements on a licensed firm's place of business. The head office of the licensed body must be within the geographic boundaries of the State, unless the firm has obtained the approval of the Authority (and any other concerned authorities) to practise its financial activity within another geographic boundary. The head office of the licensed body means the place in which it conducts supervision, regulation, management, control, and takes decisions on its operations (including its employees) to practice its financial activity inside the State. The head office is also required to be the address of the licensed body inside the State to communicate with the Authority or third parties. The licensed body may also establish one or more branches to practise the financial activity, after obtaining the Authority's approval. In circumstances where a transaction relates to the financial activity that is conducted by the branch, communication may take place between the branch and the Authority. The head office and any branch of the licensed body must be actual, physical offices, and the Authority has the right to inspect either in order to check the licensed body's readiness to practise the financial activity. The Authority also uses the decision to make sure that any close ties between the licensed firm and others do not make effective supervision difficult or impossible. It requires a licensed body to notify the Authority of any close ties and make sure that these ties will not impede the Authority's supervision and control, and that the person intended to be tied with has fulfilled the standards of efficiency and appropriateness required of the Authority. The licensed body must also be ready to provide the Authority with the required documents and information related to these ties upon request. The Authority may, under the efficiency and appropriateness procedures, the licence requirements, and the **capital market institutions'** requirements demand to end or amend close ties if it sees that they are not consistent with the required conditions or may impede the Authority's supervision and control. The Authority may take what it deems as appropriate actions and apply sanctions for any failures to comply, which can include the cancellation of the licence.41 1.2 Inspections and Investigations **Learning Objective** 2.1.2 Know the obligations of licensed bodies in relation to: control and investigation (Article 12); contact with the authority (Article 13); providing information to the Authority and the capital market institutions (Article 14) The Authority may control and inspect the licensed body to confirm the extent to which it has complied with applicable laws and regulations. It may investigate any violations detected during inspections or included in the complaints or the reports received by the Authority. Licensed bodies are also required to reply to enquiries from the Authority, within the time determined by the Authority, and licensed bodies must enable their employees to attend investigations or meetings required by the Authority. Furthermore, the Authority may request any information, documents, or records from the licensed body or its employees, for control and inspection purposes from the electronic and non-electronic records, the computer data and systems, and other technical systems, or electronic means as long as they relate to financial paper transactions or to practising the licensed financial activity. The licensed body must then provide the Authority with what it demands, in a timely manner, along with enabling it to access, review and obtain a copy at the licensed body's head office at its own expense. The Authority may oblige the licensed body to make and utilise an electronic link with the Authority or any of the capital market institutions. 42 In addition to investigating violations of the applicable legislations with the licensed firm, the Authority may investigate with members of the board of directors and/or the partners and/or its senior management and/or the employees of the licensed body and/or any of the investors or third parties. This may include requests for information or documents related to the investigation. Contact between the licensed body and the Authority may be in Arabic or English, but documents must be submitted in Arabic. However, the Authority may accept documents in English at its discretion, but in cases of contradiction, the Arabic language will supersede. Contact with the Authority must be through the permitted contact persons with both the necessary capacity and competence. Any application, complaint, or grievance submitted by incompetent or unauthorised persons will not be accepted. Moreover, it is the licensed body that remains responsible for any contact with the Authority using the licensed body's papers, documents, emails, or any other means of contact of the licensed body by persons who have no competence, capacity, or authorisation from that licensed body. Article 14 covers the Authority's expectations in respect of information provided to it and to the capital market institutions. 'Information' means any notices, notifications, disclosures, reports, correspondence sent to the Authority, as well as replies or answers to its requests or enquiries. The licensed body must do the following: 1. Make sure that all information and documents required to practise the financial activity or required by the Authority or any of the capital market institutions are submitted in a timely manner, along with ensuring that all of them are true, accurate, complete and well-founded. 2. Provide the Authority or any of the capital market institutions with the mentioned information and documents through the electronic systems specified for the same. In case of failing to submit using this method, they must be submitted according to the following: a\. In written form. b\. Detailing the name of the person who submits the documents or information, their job description and capacity to submit the same, as well as their contact number. c\. The documents or information must be forwarded to the concerned department at the Authority, any of the capital market institutions, or to the office of the CEO of any of these authorities in case of failing to know the concerned department. d\. The documents or information can be delivered by registered mail, by hand, or by email. 1. Notify the concerned entity at the Authority or any of the capital market institutions immediately after the licensed body discovers that any of the submitted documents or information are incorrect, misleading, incomplete, inaccurate, not updated, or have been changed. If this is the case, the relevant information and documents should be identified, showing the reasons behind the issues. 2. Maintain sufficient evidence to prove the delivery and submission of the information and documents upon request. 43 1.3 Sanctions Available to the Authority **Learning Objective** 2.1.3 Know the sanctions available to the Authority in the event of a violation of its provisions (Article 17) Without prejudice to the fines mentioned in the companies' law or any related laws, the Authority may, in case of violating its provisions, place any of the administrational sanctions declared below: 1. Serve a notice. 2. Impose a financial fine of not more than AED 100,000. 3. Suspend the licensed body from practising the financial activity for a period of not more than one year. 4. Suspend any financial activity practised without a licence, and prevent any normal person from carrying out any tasks or works related thereto without obtaining an approval. The Authority may seek the assistance of the concerned authorities to execute its decision or close the violated head office. The Authority may cancel the licence of the licensed body or cancel the approval to practise the financial activity in any of the following cases: 1. Failing to meet one of the licence conditions or the conditions of practising the financial activity. 2. Severe violation of any of the duties or obligations. 3. Submitting data or documents that are incorrect, misleading, or forged to the Authority. 4. Failing to pay the annual fee prescribed to renew the financial activity, or failure to pay any of the fines prescribed by the Authority. 5. Where a final judicial judgment has been issued declaring bankruptcy, or where there are significant risks that will lead to bankruptcy. 6. If the licensed body is a party in a lawsuit which would adversely affect its ability to practise the financial activity. 7. If the licensed body is dissolved or liquidated. 8. If the licensed body, for a period of six months from the date of obtaining the category licence, did not practice a single financial activity as a minimum stated within the licence. The reasons behind the decision to cancel the licence or the financial activity will determine the way of disposing of the guarantee deposited at the Authority, or any of the capital market institutions, or keeping the same until settling all the obligations of the licensed body against its clients or any of the capital market institutions or the Authority The cancellation decision will be published at the expense of the licensed body in two daily newspapers issued in the State, one of which is in Arabic. The Authority may oblige the previously licensed body to transfer the records and the data of the contracted bodies, the clients, their accounts, and their securities to another licensed body or to any of the capital market institutions. 44 The Authority may, if the licensed body's authorised employees commit any violation, impose any of the following administrational sanctions: 1. Serve a notice. 2. Suspension from practising their profession for a period of not more than two months. 3. Cancel the approval. 4. Impose a financial fine of not more than AED 100,000. The board of the Authority may publish the names of the violators of the law provisions or the decisions issued, and publish the fines and sanctions, in any way it determines is appropriate. The Authority also has the right to refer the violator to public prosecution. 2\. Licensing Financial Activities This section details the provisions related to licensing categories and practising financial activities, along with regulatory approval of professional jobs in order to be able to practise any of those financial activities legally and appropriately. It also outlines some of the obligations related to the licensed body and the members of its board of directors, partners, senior management or employees. 2.1 Licensed Financial Activities and Categories **Learning Objective** 2.2.1 Know the types of licensed financial activities (Chapter 2, Article 1); licence categories (Chapter 2, Article 2) As already encountered in Chapter 1 of this workbook, the Authority can license the following financial activities: 1. Trading broker. 2. Trading and clearing broker. 3. Trading broker in the international markets. 4. Trading broker of OTC derivatives and currencies in the spot market. 5. Securities dealer. 6. Financial consultations. 7. Financial adviser (issuance manager). 8. Listing adviser. 9. Promotion. 10. Definition. 11. General clearing. 12. Securities portfolios management. 13. Investment funds foundation and management (the management company). 14. Management of investment funds' investments. 15. Administrative services of investment funds. 16. Safe custody. 45 1. Registrar of private joint stock companies. 2. Issuer of covered warrants. 3. Deposit bank. 4. Deposit bank's agent. 5. Credit rating. Furthermore, the financial activities licence is divided into five categories: 1. First category -- Dealing in securities. 2. Second category -- Dealing in investment. 3. Third category -- Keeping, clearing and registration. 4. Fourth category -- Credit rating agencies. 5. Fifth category -- Arrangement and advice. 2.2 Initial Approval Conditions **Learning Objective** 2.2.2 Know the requirements for meeting initial approval conditions: financial eligibility (Chapter 2, section 3, Article 2); experience and efficiency (Chapter 2, section 3, Article 2); honesty and integrity (Chapter 2, section 3, Article 2); compliance (Chapter 2, section 3, Article 2); professional record (dismissal, sanction or licence cancellation) (Chapter 2, section 3, Article 2); feasibility study & work plan (Chapter 2, section 3, Article 2); resources (Chapter 2, section 3, Article 2); appropriateness of the company, its board and senior management (Chapter 2, section 3, Article 2) An applicant for a licence from the Authority must meet several conditions to gain initial approval including the following: 1\. **Financial eligibility** -- Not having refrained from paying commercial debts even if this is not accompanied by a bankruptcy declaration, rehabilitation in the event of a bankruptcy declaration, complying with the payment of banking loans for commercial purposes and the financial obligations resulting from a judicial decision or judgment, not having repeatedly had returned cheques because of commercial works and clarifying the extent of financial capability to meet incidental and future obligations. 2\. **Experience and efficiency** -- Availability of the required experience, establishment of previous experience and clarifying the extent of the experience in the same field, along with clarifying the ability to practise the financial activity and managing risks effectively. 3\. **Honesty and integrity** -- Provision of valid and complete information and documents. Moreover, the relevant records shall not include any matters that may cause prejudice or damage to the safety or reputation of the Authority or the State. There shall not be any judicial lawsuit, reports or investigations into prosecution concerning honesty and integrity, either inside or outside the State. Furthermore, there must not be a judgment or decision issued by courts or prosecutions over any breach of honesty, fraud or deception. 4\. **Compliance** -- Clarifying the extent of compliance with legislations whether the legislations related to practising the financial activity or the relevant applicable legislations. Furthermore, the professional record issued by the Authority or any other controlling or regulating authority inside or outside the State shall not include any administrative sanctions. 46 The name of the entity must not be listed in the sanctions lists issued by the UN and the other foreign organisations, particularly those who are concerned with encountering **money laundering**, terrorism financing and illegal organisations. Moreover, the licensed body, its partners or the members of its board of directors shall not have committed any crime or serious violation inside or outside the State within the five years before the filing request, not have committed any moderate violation inside or outside the State within two years before filing the request, and not be subject to any administrative or criminal investigations inside or outside the State while the request is being filed or studied. 5\. **Professional record** -- There shall not be dismissal or sanction of licence cancellation by other supervisory authorities or governmental institutions whether local or foreign. This shall be ensured by obtaining a copy of the professional record or by direct communication with those authorities. 6\. **Feasibility study and work plan** -- Submission of a realistic and logical study and work plan for practising the financial activity. This shall be evaluated by analysis of the logic of the bases, assumptions and plans that are relied upon in comparison with the same sector. 7\. **Availability of sufficient resources** -- The financial allocation according to the feasibility study and the work plan related to the potential or future obligations shall be sufficient and the required means shall be available for management of the risks related to financial activity practice. 8\. **Appropriateness of the company, the members of the board of directors and the senior management** -- Meeting the Authority's efficiency and appropriateness standards.47 3\. Further Licence Applicant Requirements **Learning Objective** 2.3.1 Know requirements for licence applicants in relation to: governance (Chapter 4, Article 2, point 6); administration (Chapter 4, Article 2, point 7); employees (Chapter 4, Article 2, point 8); behaviour (Chapter 4, Article 2, point 9); bonuses (Chapter 4, Article 2, point 10); technical systems (Chapter 4, Article 2, point 12) Further licensing conditions and requirements include the following: 3.1 Governance, Administration, Employees, and Technical Systems 3.1.1 Governance Regulation Licence applicants must provide governance guides that shall include the following: a\. The number of the members of the board of directors or the board of managers and the senior management, provided that they shall be formed of sufficient number of members who shall have knowledge, skill, and various experiences to perform their tasks effectively. b\. Clear duties and responsibilities of the members of the board of directors including application of governance and according to the nature and volume of works. c\. The commercial targets of the licence applicant that are previously specified and the strategies for achieving such targets along with effective supervision or management thereof. d\. The framework according to the best standards, and as suitable to the nature and volume of the financial activity, and as sufficient to enhance sound and wise management, and to protect the interests of clients and stakeholders. The licence applicant must also obtain an acknowledgment from the members of the board of directors, or the board of managers and the senior management upon appointment, that they have knowledge and full awareness of the limits of their duties and responsibilities. 3.1.2 Administration Regulation Licence applicants must provide a regulatory structure and a management work regulatory guide including the following: 1. The administrative hierarchy among the members of the senior management board and the main and approved jobs, including clear specification of the persons responsible for works. 2. The mechanism of separating between tasks and approved jobs in order to avoid conflicts of interest. 3. Specifying and clarifying the senior management's responsibility for managing the licence applicant's daily works according to the commercial targets and strategies approved by the board of directors, along with observing the employees' works and supervising them effectively. 48 1. Specifying the senior officer who represents the senior management and who bears responsibility for mistakes resulting from practising the following: a\. Distribution of tasks and responsibilities among employees. b\. Supervising works and tasks and the extent of complying with them. c\. Observing the work of the employees and workers of the licensed body and supervising them appropriately. 3.1.3 Employees Regulation Licence applicants must provide a guide for the required rules and regulations for ensuring that all its employees meet the efficiency and appropriateness standards expected of the Authority. These rules and regulations should apply to those employed and those assisting for a limited term to perform specific tasks, and natural persons to whom tasks have been outsourced. The rules and regulations must include the following: 1. A mechanism of revising and updating the rules and regulations related to the employees. 2. A mechanism of keeping the employees' data in a record that will be continuously updated and certified on the website that includes the tasks and responsibilities of every one of them and the date of practising the tasks. 3. Keeping the employees' data for a period of ten years from the date of the last update. There must also be behaviour regulation, including a professional code of ethics, that prohibits committing, participating in, or contributing to any behaviour that may represent any of the following: a\. A financial crime under the applicable legislations. b\. Wrong practices and violations of the applicable legislations. c\. Practices or rumours that affect the reputation of the Authority or any of the capital market institutions. Licence applicants must also provide evidence clarifying any bonus mechanism according to the work goals, the strategies, the specified risk factors, the nature of jobs and roles and the results thereof and the long-term interests according to the nature of the financial activity. 3.1.4 Technical Systems The licence applicant must have the technical systems and technical and electronic programs required to practise the financial activity, along with clarifying the mechanism of updating them continuously, including an information safety and protection system for encountering and managing cyber risks, along with provision of a guide including the following: 1. The mechanism of encountering cyber risks and the method of dealing with them and managing them. 2. The procedures to immediately notify the Authority and the entities concerned with cyber security in the State after any hack or breach of cyber security. 49 3.2 Risk Management, Compliance and Internal Audit **Learning Objective** 2.3.2 Know requirements for licence applicants in relation to: risk management (Chapter 4, Article 2, point 13); compliance (Chapter 4, Article 2, point 14); internal audit (Chapter 4, Article 2, point 15) 3.2.1 Risk Management Each licence applicant must submit a risk management guide that includes the following: a\. Development and implementation of policies and procedures for managing risks encountered by the firm or its clients so that the risks officer becomes able to provide advice to the board of directors and senior management concerning those risks. b\. Clarifying, evaluating, managing, observing and controlling risks along with counting and defining potential risks that may be encountered, and the method of dealing with them. Specifically, controlling and reporting on them should be sufficient to enable the continuing practice of the firm's financial activity. The licence applicant must acknowledge that it has the knowledge and awareness of the risks and likely resultant effects. 3.2.2 Compliance Licence applicants must provide a compliance regulation guide that includes the policies and procedures that clarify programs, mechanisms, procedures, and periodicity of ensuring compliance with all relevant applicable legislations, namely the following: a\. The procedures and mechanisms required to enable the compliance officer to have access to sufficient resources in order to perform the tasks and works independently, including the provision of a sufficient number of qualified employees under supervision. b\. The procedures and mechanisms that ensure that the compliance officer shall have access to all records and to the board of directors and the senior management without any restrictions. c\. The procedures of immediate reporting on compliance violations and the proposed mechanisms for rectifying them. 3.2.3 Internal Audit Each licence applicant must provide a guide regulating the internal audit processes in order to observe the extent of appropriateness and efficiency of the rules, procedures and bylaws. It must include the following: 1. The procedures and mechanisms required to enable the internal auditor to act independently, and not face interference nor merge the job with any other. 50 1. The procedures followed to ensure that the internal auditor shall, at all times, have access to the relevant records and information and to produce photocopies thereon, moreover, if required, to resort to the board of directors, the senior officer or the relevant committee formed by its board of directors for this purpose. 2. The mechanism of informing the financial auditor immediately of any matter that may affect the financial position of the licensed body. 3. Documentation of the structure, responsibilities and procedures of the internal auditor position. 3.3 Information Confidentiality and Reporting Breaches **Learning Objective** 2.3.3 Know requirements for licence applicants in relation to: information confidentiality (Chapter 4, Article 2, point 17); reporting violations and legal breaches (Chapter 4, Article 2, point 19) 3.3.1 Information Confidentiality Applicants for a financial activities licence must provide a guide clarifying the mechanism it uses to protect the confidentiality of information and to ensure it is not inappropriately leaked or disclosed. Such disclosure should only be made in the following circumstances: 1. If disclosure is required under applicable legislation in the State. 2. If the client agrees to disclose. 3. If disclosure is reasonably necessary to perform a particular financial service for the client. 4. If the information is no longer confidential. 5. If the disclosure is made upon request of judicial or supervisory entities in the State, such as the Authority or the capital market institutions. 3.3.2 Reporting Breaches Licence applicants must also provide a guide clarifying their policies in relation to 'whistleblowing' -- encouraging employees to inform senior management and the Authority about any essential violations they come across while performing their job tasks. The whistleblowing policies should include a mechanism for protecting the reporting employee (the 'whistleblower') from any unfair prejudice by keeping their identity confidential whilst the reported violation is investigated. Furthermore, the Authority should be informed of any violation of the relevant legislations as well as other reports on any violation or breach of the rules, regulations, technical rules or the used technique.51 3.4 Complaints Handling **Learning Objective** 2.3.4 Know requirements for licence applicants in relation to complaints (Chapter 4, Article 2, point 20) The licence applicants must clarify the policies and procedures for dealing with, and investigating any complaints filed by clients. Such complaints must be dealt with justly, orderly and immediately. The policies and procedures must include the following: 1. Recording any complaint immediately after receiving it along with providing the complainant with the contact details and name of the employee in charge, the procedures of complaints handling services, the durations and the mechanism of keeping all its details, documents and correspondences, along with the procedures taken concerning it according to the legal periods. 2. Notifying the complainant periodically of the procedures taken to handle the complaint. 3. Notifying the complainant by letter on the date of the decision made in the complaint. 4. Other settlement mechanisms for handling any complaint that the complainant who filed it was not satisfied with the settlement, and the mechanism of providing suitable contact details upon request. 5. Providing a copy of the complaints handling procedures for free to any client upon request. 6. Ensuring that the employee that is the subject of the complaint does not participate in managing and providing the financial services concerning which the complaint was filed. 7. Ensuring that the employee to whom the complaint was referred has sufficient powers to settle the complaint or is able to communicate with the decision maker. 8. Referring the complaint to another body where necessary: a\. Notifying the complainant that the complaint will be referred to another body in a dated letter. b\. In the event that the complainant agrees, the complaint shall be immediately referred along with notifying the complainant in writing of the complaint referral date, the person responsible for the complaint in the body to which the complaint was referred and the contact and communication details. c\. Continue handling any part of the complaint that was not referred. d\. In the event that the complainant refuses referral or does not respond within a period of not more than ten business days, the complaint shall be considered within the limits of the available documents and information or returned to the complainant, along with provision of evidence proving the same in order to file the complaint to the relevant or competent body.52 3.5 Outsourcing and Cloud Computing **Learning Objective** 2.3.5 Know requirements for licence applicants in relation to: general outsourcing (Chapter 4, Article 2, point 21, First); cloud computing (Chapter 4, Article 2, point 21, Second); outsourcing to an out-of-state party (Chapter 4, Article 2, point 29, Third) There are further expectations placed on licence applicants in respect of outsourcing. Licence applicants must provide an outsourcing guide that includes the mechanism for outsourcing tasks to a specialised legal personality (the outsourced party) inside or outside the State as the case may be, taking care to not assign any approved job or tasks unless expressly allowed. The guide must include the following: Firstly, certain **general outsourcing provisions**: 1. Procedures to ensure due diligence in choosing the appropriate outsourced party. 2. Procedures for effective supervision of outsourced jobs and tasks and to ensure that the outsourced party will maintain the outsourcing conditions, along with effective handling of any failure by it, default or breach of relevant applicable legislations. 3. Procedures followed for outsourcing jobs or tasks, along with ensuring that there are plans of emergency and management of outsourcing risks according to the Emergency Crisis and Disasters Management Authority. 4. Procedures for ensuring that the outsourcing arrangements will not adversely affect meeting the obligations towards the clients and the Authority and will not impede supervision and control. 5. Ensuring that the outsourced party maintains confidentiality of data and information. 6. There must not be outsourcing of all the main tasks of the license applicant entity to other parties resulting in the entity remaining without any essential tasks. 7. Documents establishing compliance with the following: a\. Entering into a written outsourcing contract with the outsourced party and providing the Authority with a copy immediately after entering into the contract, and with any subsequent amendment or change. The contract must include a provision that grants the Authority the right to enter the headquarters of the outsourced party, if required, concerning the financial activity, to review the relevant documents and date and to take any of them. b\. Providing the Authority with the required information and documents upon request and immediately. c\. Full cooperation and coordination with the Authority whether by the outsourced party or the licensed body. d\. Bearing full responsibility for any failure in performing the tasks or responsibilities or any breach of the obligations or violation of the relevant applicable legislations. e\. Ensuring that the outsourced party has no outsourcing agreement terminated with any other licensed body for reasons related to a breach of its obligations or violation by it of the applicable legislations in the year before the outsourcing. f\. Ensuring that the outsourced party obtained the Authority's approval according to its conditions in the event that it desires to provide its services for more than one licensed body. 53 Secondly, certain additional provisions on **outsourcing using cloud computing**: For licence applicants using cloud computing for providing or giving computer services and resources via the internet (such as servers, databases, programs, networks, storage spaces, applications, etc), the following are required: 1. Confirmation of the licence applicant's clear understanding of the risks arising from cloud computing. 2. Ensuring that the servers for the cloud computing of the outsourced party and all other servers and computer resources are inside the State. 3. Ensuring that the outsourced party will not review the information and data and will keep such information confidential. 4. Ensuring that the outsourced party will provide an audit report from an external auditor on data and information security annually, sending a copy to the Authority and a copy to the capital market institutions (if the licence applicant is a member of any of them). 5. Ensuring that the outsourced party is able to keep and not lose or miss the data and information ('zero data loss') and protect them from any violation for ten years, along with keeping back-up copies of the data and information during that period. 6. Ensuring that the outsourced party is able to meet any additional requirements specified by the capital market institutions if the licensed body is a member of any of them. 7. Providing an exit strategy plan to handle cases of contract termination with the outsourced party in order to ensure maintenance of all data and information and valid transfer without missing data or infringing laws and regulations. 54 Thirdly, some additional provisions when **outsourcing to a party outside the State**: Licence applicants must comply with the following if outsourcing to a party outside the State (cross border): 1. Not outsourcing any approved jobs, tasks or services to any abroad entity unless expressly allowed, provided that the economic or legislative conditions of the State in which the outsourcing entity works does not prevent the outsourced party from performing its obligations towards the licensed body. 2. Informing the Authority and the capital market institutions -- in the event that the licensed body is a member -- if the supervisory authority, to which the outsourced party is subject, requests to review the data of the licensed body. 3.6 Record Keeping Requirements **Learning Objective** 2.3.6 Know record keeping requirements for licence applicants (Chapter 4, Article 2, point 22) Licence applicants must have procedures for keeping all electronic and non-electronic records related to the licensed body, the required technical guides and regulations, the practice of works, the clients' transactions and data, the account opening agreements made with them, and everything related to practising the works and practising the financial activity. The mechanisms and procedures must enable the licensed body to recover any of those records or data from the archive within a period not exceeding three business days. The procedures must include the following: 1. The powers to review the records (according to the competence, responsibilities and legal duties of the role). 2. Clarification of the mechanism of keeping the records in a safe place for a period of not less than ten years, keeping back-up copies thereof for the same period, and protecting them from being exposed to any damage. 55 End of Chapter Questions Think of an answer for each question and refer to the appropriate section for confirmation. **1. Why is disclosure of legal status, including the licence, required for licensed bodies?** *Answer reference: Section 1.1* **2. What provisions exist in the event of a licensed firm facing an emergency, such as an electricity interruption?** *Answer reference: Section 1.1* **3. Where does a licensed firm's head office have to be?** *Answer reference: Section 1.1* **4. What is required before a licensed firm sets up a branch?** *Answer reference: Section 1.1* **5. What is the perceived danger of a licensed body having 'close ties'?** *Answer reference: Section 1.1* **6. What is expected of a licensed body that receives enquiries from the Authority?** *Answer reference: Section 1.2* **7. What language must be used for submitting documents to the Authority?** *Answer reference: Section 1.2* **8. What is the maximum fine that the Authority can impose as an administrational sanction?** *Answer reference: Section 1.3* **9. How long can a firm be suspended under the administrative sanctions?** *Answer reference: Section 1.3* **10. How many different types of financial activities can the Authority license?** *Answer reference: Section 2.1* **11. What are the five categories of licence that are granted by the Authority?** *Answer reference: Section 2.1* **12. Initial approval conditions include 'honesty and integrity' which includes considerations of what?** *Answer reference: Section 2.2* **13. How do previous serious violations impact initial approval?** *Answer reference: Section 2.2* **14. What areas are considered to be 'further licence applicant requirements'?** *Answer reference: Section 3*56 **15. Are bonus schemes allowed at licensed bodies?** *Answer reference: Section 3.1.3* **16. What is expected of a licensed applicant in relation to risk management?** *Answer reference: Section 3.2.1* **17. What is expected of a licensed applicant in relation to internal audit?** *Answer reference: Section 3.2.3* **18. What is expected of a licensed applicant in relation to 'whistleblowing'?** *Answer reference: Section 3.3.2* **19. Are there any restrictions on a licensed body outsourcing to others?** *Answer reference: Section 3.5* **20. How long do records need to be kept?** *Answer reference: Section 3.6*

Chapter 2 - Licensed Bodies PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue