• CTRL Division 3.1.C CTRL Division 3.1.C Governing bodies — role and obligations

    • CTRL 3.1.4 Governing body’s general role

      An authorised firm’s governing body has overall responsibility for the firm. That responsibility includes approving and overseeing the implementation of the firm’s strategic objectives, corporate governance framework and corporate culture.

       

      Derived from QFCRA RM/2012-4 (as from 1st July 2013)
      Amended by QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.5 Governing body’s obligations not to be repudiated

      A governing body cannot relieve itself of an obligation under this Division by repudiating the obligation or allocating it to another person or body.

       

      Derived from QFCRA RM/2012-4 (as from 1st July 2013)
      Amended by QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.6 Allocation of responsibilities

      (1) The governing body of an authorised firm retains primary responsibility for all of the firm’s operations at all times. The firm’s senior management is responsible for effectively implementing the governing body’s business strategy consistently with the governing body’s policies and risk appetite and under the governing body’s supervision.
      (2) The governing body must give the individual who exercises the senior executive function for the firm a written document that sets out his or her responsibilities. The individual must acknowledge, in writing, having received that document, and must confirm in the acknowledgement that he or she understands, and undertakes to carry out, those responsibilities.
      (3) Unless the governing body specifically allocates a responsibility, it retains it.
      (4) The individual who exercises the firm’s senior executive function must give each individual who exercises a controlled function for the firm a written document that sets out that individual’s responsibilities.
      (5) The individual who exercises the firm’s senior executive function must obtain the governing body’s approval (or the approval of the body’s audit committee, if any) of the content of the document given to the individual who exercises the internal audit function.
      (6) The individual who exercises the firm’s senior executive function must consult with the governing body (or the body’s risk committee, if any) in relation to the content of the document given to the individual who exercises the risk management function.
      (7) The individual who exercises the firm’s senior executive function must not attempt, in a document referred to in subrule (4), to restrict, limit or compromise any right, duty, responsibility or authority conferred by these rules or any other Rules on an individual who exercises any other controlled function.
      (8) Each such individual must acknowledge, in writing, having received that document, and must confirm in the acknowledgement that he or she understands, and undertakes to carry out, those responsibilities.
      (9) Unless the individual who exercises the senior executive function specifically allocates a responsibility, he or she retains it.
      (10) The allocation of a responsibility by the governing body does not remove or reduce the body’s duty to oversee the individual who exercises the firm’s senior executive function and the firm’s senior management. Also, the allocation of a responsibility by the individual who exercises the senior executive function does not remove or reduce the individual’s duty to exercise oversight in relation to the other controlled functions.
      (11) The scope of the responsibilities allocated to an individual who exercises a controlled function for the firm must not be less than the scope of the controlled function as set out in these rules and INDI.
      (12) The allocation of responsibilities referred to in this rule is separate from operational authorities and limits exercised by the individual who exercises the firm’s senior executive function and the firm’s senior management (such as limits on loan approvals, underwriting, claims handling, investments, or signing cheques).
      (13) The governing body:
      (a) must ensure that the firm’s business can be adequately managed by the body, the individual who exercises the firm’s senior executive function and the firm’s senior management; and
      (b) must consider whether the firm’s senior management (other than the individual who exercises the senior executive function, and the individual who exercises the risk management function for a QFC insurer) ought to be ordinarily resident in Qatar to exercise their functions properly.
      Note The individual who exercises the senior executive function for an authorised firm, and the individual who exercises the risk management function for a QFC insurer, are al required by these rules to be ordinarily resident in Qatar — see respectively rules 4.1.4 (2) and 6.2.3 (4) (b).

       

      Amended by QFCRA RM/2014-6 (as from 1st January 2015)
      Amended by QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.7 General obligations — decision-making

      An authorised firm’s governing body:

      (a) must ensure that it has access to sufficient information and independent advice about the firm’s affairs to make informed decisions and discharge its responsibilities effectively; and
      (b) must be mindful of the legitimate interests of shareholders, customers and other stakeholders when making decisions.

       

      Derived from QFCRA RM/2012-4 (as from 1st July 2013)
      Amended by QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.8 General obligations — engagement

      An authorised firm’s governing body:

      (a) must keep up with material changes in the firm’s business and external environment; and
      (b) must act in a timely manner to protect the firm’s long-term interests.

       

      Derived from QFCRA RM/2012-4 (as from 1st July 2013)
      Amended by QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.9 General obligations — accountability

      An authorised firm’s governing body is accountable for:

      (a) the development and oversight of the firm’s business strategy and objectives;
      (b) the firm’s risk management framework;
      (c) the firm’s internal controls and assurance framework; and
      (d) the firm’s financial soundness.

       

      Derived from QFCRA RM/2012-4 (as from 1st July 2013)
      Amended by QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.10 CTRL 3.1.10 General obligations — culture and values

      An authorised firm’s governing body must play the leading role in establishing the firm’s corporate culture and values.

       

      Derived from QFCRA RM/2012-4 (as from 1st July 2013)
      Amended by QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.1.10 Guidance

        To comply with this obligation, the governing body may need to develop and oversee a code of conduct or code of ethics for all employees that defines acceptable and unacceptable behaviour, and reminds them not to engage in illegal activity.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.11 General obligations — own structure

      An authorised firm’s governing body:

      (a) must have a well-designed governance structure;
      Guidance
      The governing body should maintain and periodically update rules, by-laws or other similar documents setting out its organisation, rights, responsibilities and key activities.
      (b) must allocate sufficient time and attention for its members to perform their duties effectively; and
      (c) must consider how it can best perform its role, and in particular whether to create 1 or more committees to make recommendations to the body on matters about which the body must make decisions.

       

      Derived from QFCRA RM/2012-4 (as from 1st July 2013)
      Amended by QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.12 General obligations — oversight

      An authorised firm’s governing body:

      (a) must provide effective oversight of the individual who exercises the firm’s senior executive function and the firm’s senior management;
      (b) must hold the individual who exercises the senior executive function and the firm’s senior management accountable for their actions;
      (c) must set out the possible consequences (including dismissal) if those actions are not aligned with the body’s performance expectations;
      (d) must deal prudently with any conflicts of interest that may arise by ensuring that no individual or group of individuals unduly influences the body’s decision-making;
      (e) must approve the organisational structure and corporate governance framework through which the firm is managed and controlled;
      (f) must ensure that the firm has succession plans for its key functions;
      (g) must establish direct and independent contact with the firm’s audit and risk functions (if any);
      (h) must ensure that the firm has effective policies, procedures and controls to deter, prevent, detect, report and remedy fraud, and must ensure that appropriate resources are allocated for that purpose; and
      (i) must maintain transparency and disclosure.

       

      Deleted by QFCRA RM/2014-6 (as from 1st January 2015)
      Amended by QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.13 General obligations — subsidiaries

      If an authorised firm that is incorporated in the QFC has 1 or more subsidiaries, wherever incorporated, the firm’s governing body must ensure that the firm seeks to promote good governance in those subsidiaries.

      Note For detailed obligations in relation to subsidiaries, see rule 3.3.18.

       

      Derived from QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.14 Specific obligations — approving and updating plans

      (1) An authorised firm’s governing body:
      (a) must approve strategic and business plans appropriate to the nature, scale and complexity of the firm’s business; and
      (b) must update the plans regularly to take account of changes in the business environment.
      (2) The strategic and business plans may be combined in 1 document.

       

      Derived from QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.15 Specific obligations — appointment etc of individuals for certain functions

      (1) A decision about the appointment, remuneration, disciplining or dismissal, or the assessment of the performance, of either of the following individuals:
      (a) an individual who is approved to exercise the senior executive function for an authorised firm;
      (b) an authorised firm’s internal auditor;
      may be made only by:
      (c) the firm’s governing body;
      (d) any relevant committee of the governing body; or
      (e) the chair of the governing body, after consulting the governing body.
      (2) A decision about the appointment, remuneration, disciplining or dismissal, or the assessment of the performance, of any of the following individuals:
      (a) an individual who is approved to exercise the risk management function for an authorised firm;
      (b) an individual who is approved to exercise the compliance oversight function for an authorised firm;
      (c) an authorised firm’s approved actuary;
      may be made only by:
      (d) the firm’s governing body or any relevant committee of the governing body; or
      (e) the firm’s senior management, after consulting the governing body or the relevant committee of the governing body.

       

      Derived from QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.16 CTRL 3.1.16 Specific obligations — remuneration policy

      (1) An authorised firm’s governing body must establish and maintain, for itself and the whole firm, a remuneration policy appropriate to the nature, scale and complexity of the firm’s business.
      Note Appropriate records must be kept of the firm’s remuneration policies and procedures — see GENE, rule 6.1.1.
      (2) The policy must set out the firm’s remuneration arrangements, including:
      (a) the objectives and structure of any performance-based component;
      (b) performance measures that are in line with the firm’s risk management strategy;
      (c) the forms and mix of remuneration; and
      Examples
      1 fixed and variable components
      2 cash and equity-related benefits
      3 termination payments.
      (d) eligibility for, and the timing of, payments.
      (3) The policy:
      (a) must be aligned to the firm’s culture, its risk appetite statement, its long-term strategic direction and viability, financial goals and overall safety and soundness; and
      Note For the requirement for a risk appetite statement, see rule 7.1.2 (5) (a).
      (b) must appropriately balance risk and reward.
      (4) The forms and mix of remuneration (in particular, performance-based remuneration) must be consistent with sound risk management.
      (5) The timing of payments must take into account the timeframes within which risks associated with individuals’ performance are likely to materialise.
      (6) The policy:
      (a) must permit any performance-based component of an individual’s remuneration (or such a component of the remuneration of a class of individuals) to be deferred or reduced (including reduced to zero) if necessary:
      (i) to protect the firm’s financial soundness; or
      (ii) to respond to significant unexpected or unintended consequences of the firm’s activities; and
      (b) if the policy provides for part of an individual’s remuneration to be based on performance, must provide for that part to be repayable to the firm by an individual who received it if the firm is later satisfied that:
      (i) the individual failed to meet the relevant performance measures; or
      (ii) by excessive risk-taking, he or she contributed significantly to a negative financial performance by the firm.
      (7) The policy must prohibit an individual who has received deferred remuneration in the form of equity, or in any other form that is linked to the firm’s equity, from hedging his or her economic exposures to the resultant equity price risk before the equity or other remuneration is fully vested.
      (8) A remuneration package offered by the firm (including any performance-based component):
      (a) must encourage behaviour that supports the firm’s long-term financial soundness and risk management strategy;
      (b) must align remuneration with prudent risk-taking; and
      (c) must incorporate adjustments to reflect:
      (i) the outcomes of the firm’s activities;
      (ii) the risks related to those activities, taking account of the cost of the associated capital; and
      (iii) the time necessary for the outcomes of those activities to be reliably measured.
      (9) The governing body must periodically review the remuneration policy.

       

      Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.1.16 Guidance

        1 Guaranteed bonuses should generally not be offered because such bonuses are not consistent with sound risk management and performance-based rewards.
        2 Remuneration payments should be linked to performance over time and should be designed in a way that does not reward failure.
        3 Any deferral of payment to an individual must take into account the risks associated with his or her performance that may materialise during the period of deferment (for example, the risk of an increase in the cost of capital required to support the risks that he or she took; uncertainties in the timing and likelihood of future revenues and expenses).
        4 The application of any deferral of payment may vary depending on:
        • the level of seniority or responsibility of the individual to whom the payment is due
        • the nature of risks to which the firm is exposed
        • any other relevant matters.
        5 Nothing in rule 3.1.16 prevents a firm from adopting the remuneration policy of a member of the firm’s corporate group, provided that:
        • the policy is approved by the firm’s governing body
        • the policy complies with rule 3.1.16.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.17 Specific obligations — business resilience and continuity plan

      (1) An authorised firm’s governing body must establish a business resilience and continuity plan to ensure, so far as practicable, that the firm can continue to fulfil its obligations under the law applicable in the QFC in the event of an interruption.
      (2) The body must keep the plan under review and must ensure that it is tested at intervals determined by the body.
      (3) The interval between tests must be appropriate to the nature, scale and complexity of the firm’s business but must not be longer than 18 months.
      (4) The Regulatory Authority may direct the firm to test the plan at any time in a way that the Authority considers appropriate.

       

      Derived from QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.18 CTRL 3.1.18 Specific obligations — avoiding or mitigating conflicts of interest

      (1) An authorised firm’s governing body must ensure that each part of the firm’s corporate governance framework, and of its risk management framework, is designed:
      (a) to avoid conflicts of interest (or to mitigate such conflicts if it is not possible to avoid them); and
      (b) to deal effectively with any conflict of interest that arises.
      (2) The frameworks must require that:
      (a) any conflict of interest that arises must be reported:
      (i) to the firm’s senior management, or, if the firm is a branch, to the body that is responsible for the branch; and
      (ii) if it is not addressed within a reasonable time by the senior management, to the firm’s governing body; and
      (b) every 6 months, the firm’s senior management must give the governing body a written summary of all conflicts of interest addressed by the senior management during the period.
      (3) In this rule and rule 3.1.19, a reference to a firm’s governing body is a reference to the board, membership, committee or body (whatever it is called) that is responsible for the firm’s corporate governance framework and risk management framework in relation to conflicts of interest and periodic review.

       

      Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.1.18 Guidance

        A conflict of interest involving a member of the firm’s governing body is to be dealt with under the governing body’s own conflicts policy, governance manual or terms of reference.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.19 Specific obligations — periodic review

      (1) An authorised firm’s governing body must ensure that the firm’s corporate governance framework and risk management framework are reviewed at least once every 3 years by:
      (a) the firm’s internal auditor; or
      (b) an independent and objective external reviewer.
      Note For the meaning of governing body in this rule, see rule 3.1.18 (3).
      (2) The person who carries out the review must report in writing to the body within 30 days after the review is completed.
      (3) The firm must give a copy of the report to the Regulatory Authority within 30 days after the firm’s governing body receives the report.
      (4) The Authority may direct an authorised firm to carry out more frequent reviews than are required by subrule (1).

       

      Derived from QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.20 Specific obligations — keeping minutes

      (1) The governing body of an authorised firm that is incorporated as a company in the QFC, and each committee of such a body, must maintain appropriate records of its deliberations and decisions, sufficient to show that the body or committee is effective and has carried out its responsibilities.
      (2) The governing body of a branch must maintain appropriate records of its deliberations and decisions, sufficient to show that the governing body is effective and has carried out its responsibilities.

       

      Derived from QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 3.1.21 Specific obligations — independence of certain employees

      (1) An authorised firm’s governing body must ensure that each employee to whom a responsibility is allocated within the firm’s internal controls framework is sufficiently free from influence for the framework to be effective in achieving its purposes.
      (2) The requirement in subrule (1) is satisfied if reasonable measures have been taken to ensure that:
      (a) no such employee is remunerated in a way that would tend to undermine his or her independence and objectivity in performing his or her duties;
      Note For the requirements relating to a firm’s remuneration policy, see rule 3.1.16.
      (b) no such employee is involved in performing a function that generates, or is intended to generate, revenue for the firm;
      (c) no such employee is limited or restricted as to the matters that he or she can investigate or report on in the exercise of his or her function;
      (d) the reports and conclusions of such an employee can be honest and candid, without fear of reprisal; and
      (e) pressure or influence is not applied to such an employee to modify his or her reports or conclusions.

       

      Derived from QFCRA RM/2020-4 (as from 1st July 2021)