• QFCRA Rules

    • Anti-Money Laundering and Combating the Financing of Terrorism (General Insurance) Rules 2019 (AMLG)

      Anti-Money Laundering and Combating the Financing of Terrorism (General Insurance) Rules 2019 (AMLG)
      AMLG Chapter 1:
      General provisions
      AMLG Part 1.1 Introductory
      AMLG Part 1.2 Key AML/CFT principles
      AMLG Part 1.3 Key terms
      AMLG Chapter 2:
      General AML and CFT responsibilities
      AMLG Part 2.1 The firm
      AMLG Part 2.2 Senior management
      AMLG Part 2.3 MLRO and Deputy MLRO
      AMLG Chapter 3:
      The risk-based approach
      AMLG 3.1.1 Firms must conduct risk assessment and decide risk mitigation
      AMLG 3.1.2 Approach to risk mitigation must be based on suitable methodology
      AMLG Chapter 4:
      Know your customer
      AMLG Part 4.1 Know your customer — general
      AMLG Part 4.2 Know your customer — key terms
      AMLG Part 4.3 Customer due diligence and ongoing monitoring
      AMLG Chapter 5:
      Reporting and tipping-off
      AMLG Part 5.1 Reporting requirements
      AMLG Part 5.2 Tipping-off
      AMLG Chapter 6:
      Screening and training requirements
      AMLG Part 6.1.Screening procedures
      AMLG Part 6.2 AML/CFT training programme
      AMLG Chapter 7:
      Providing documentary evidence of compliance
      AMLG Part 7.1 General record-keeping obligations
      AMLG Part 7.2 Particular record-keeping obligations
      AMLG Glossary

      • AMLG Chapter 1 AMLG Chapter 1 General provisions

        • AMLG Part 1.1 AMLG Part 1.1 Introductory

          • AMLG 1.1.1 Name of rules

            These rules are the Anti-Money Laundering and Combating the Financing of Terrorism (General Insurance) Rules 2019 (AMLG).

            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 1.1.2 Commencement

            These rules commence on 1 February 2020.

            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 1.1.4 Application of these rules

            These rules apply to general insurance firms.

            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 1.1.5 Effect of definitions, notes and examples

            (1) A definition in the Glossary also applies to any instructions or document made under these rules.
            (2) A note in or to these rules is explanatory and is not part of these rules. However, examples and guidance are part of these rules.
            (3) An example is not exhaustive, and may extend, but does not limit, the meaning of these rules or the particular provision of these rules to which it relates.

            Note Under FSR, Article 17 (4), guidance is indicative of the view of the Regulator at the time and in the circumstances in which it was given.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

        • AMLG Part 1.2 AMLG Part 1.2 Key AML/CFT principles

          • AMLG 1.2.1 Principle 1 — responsibilities

            The Governing Body of a firm is responsible for approving the policies, procedures, systems and controls necessary to ensure the effective prevention of money laundering and terrorism financing. The senior management of the firm must ensure that the policies, procedures, systems and controls are implemented, and that they appropriately and adequately address the requirements of the AML/CFT Law and these rules.

            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 1.2.2 Principle 2 — risk-based approach

            A firm must adopt a risk-based approach to these rules and their requirements.

            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 1.2.3 Principle 3 — know your customer

            A firm must know each of its customers to the extent appropriate for the customer's risk profile.

            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 1.2.4 Principle 4 — effective reporting

            A firm must have effective measures in place to ensure that there is internal and external reporting whenever money laundering or terrorism financing is known or suspected.

            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 1.2.5 Principle 5 — high standard screening and appropriate training

            A firm must:

            (a) have adequate screening procedures to ensure high standards when appointing or employing officers and employees; and
            (b) have an appropriate ongoing AML/CFT training programme for its officers and employees.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 1.2.6 Principle 6 — evidence of compliance

            A firm must be able to provide documentary evidence of its compliance with the requirements of the AML/CFT Law and these rules.

            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

        • AMLG Part 1.3 AMLG Part 1.3 Key terms

          • AMLG 1.3.1 What are a firm and a general insurance firm?

            (1) A general insurance firm (or firm) is an entity that has an authorisation (granted under the Financial Services Regulations, Part 5) to conduct, in or from the QFC, only either or both of the following regulated activities:
            (a) general insurance business;
            (b) insurance mediation (within the meaning given by IMEB, rule 1.2.2) in relation to either or both of:
            (i) general insurance contracts; and
            (ii) pure protection contracts.
            Note A firm that conducts any other regulated activity (whether or not it also conducts a regulated activity mentioned in rule 1.3.1) in or from the QFC must comply with the Anti-Money Laundering and Combating the Financing of Terrorism Rules 2019 — see those rules.
            (2) In subrule (1):
            general insurance business and general insurance contract have the same respective meanings as in PINS.
            pure protection contract means a long term insurance contract (within the meaning given by PINS) that meets all of the following conditions:
            (a) the benefits under the contract are payable only on death or for incapacity due to injury, sickness or infirmity;
            (b) either:
            (i) the contract has no surrender value; or
            (ii) the consideration for the contract consists of a single premium and its surrender value does not exceed that premium;
            (c) the contract makes no provision for its conversion or extension in a way that would result in it ceasing to comply with paragraph (a) or (b);
            (d) the contract is not a reinsurance contract (within the meaning given by PINS).
            regulated activities has the same meaning as in the Financial Services Regulations.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 1.3.2 Who is a customer?

            (1) A customer, in relation to a firm, includes any person who engages in, or who has contact with the firm with a view to engaging in, any transaction with the firm or a member of the firm's group:
            (a) on the person's own behalf; or
            (b) as agent for or on behalf of another person.
            (2) To remove any doubt, customer also includes:
            (a) any person receiving a service offered by the firm (or by a member of the firm's group) in the normal course of its business; and
            (b) a client or investor, or prospective client or investor, of the firm or a member of the firm's group.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

      • AMLG Chapter 2 AMLG Chapter 2 General AML and CFT responsibilities

        • AMLG Part 2.1 AMLG Part 2.1 The firm

          • AMLG 2.1.1 Firms to develop AML/CFT programme

            (1) A firm must develop a programme against money laundering and terrorism financing.
            (2) The type and extent of the measures adopted by the firm as part of its programme must be appropriate having regard to the risk of money laundering and terrorism financing and the size, complexity and nature of its business.
            (3) However, the programme must, as a minimum, include:
            (a) developing, establishing and maintaining internal policies, procedures, systems and controls to identify and prevent money laundering and terrorism financing;
            (b) adequate screening procedures to ensure high standards when appointing or employing officers or employees;

            Note See also Part 6.1 (Screening procedures).
            (c) an appropriate ongoing training programme for its officers and employees;

            Note See also Part 6.2 (AML/CFT training programme).
            (d) an independent review and testing of the firm's compliance with its AML/CFT policies, procedures, systems and controls in accordance with subrule (4);
            (e) appropriate compliance management arrangements; and

            Note See:
            •   rule 2.1.5 (Compliance by officers, employees, agents)
            •   rule 2.1.6 (Application of AML/CFT Law requirements, policies to branches and associates)
            •   rule 2.1.7 (Application of AML/CFT Law requirements, policies to outsourced functions and activities).
            (f) the appropriate ongoing assessment and review of the policies, procedures, systems and controls.

            Note See also rule 2.1.4 (Assessment and review of policies).
            (4) The review and testing of the firm's compliance with its AML/CFT policies, procedures, systems and controls must be adequately resourced and must be conducted at least once every 2 years. The person making the review must be professionally competent, qualified and skilled, and must be independent of:
            (a) the function being reviewed; and
            (b) the division, department, unit or other part of the firm where that function is performed.
            Note The review and testing may be conducted by the firm's internal auditor, external auditor, risk specialist, consultant or an MLRO from another branch of the firm. Testing would include, for example, sample testing the firm's AML/CFT programme, screening of employees, record making and retention and ongoing monitoring for customers.
            (5) The firm must make and keep a record of the results of its review and testing under subrule (4) and must give the Regulator a copy of the record by 31 July 2021 and every 2 years thereafter.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 2.1.2 Policies must be risk-sensitive, appropriate and adequate

            A firm's AML/CFT policies, procedures, systems and controls must be risk-sensitive, appropriate and adequate having regard to the risk of money laundering and terrorism financing and the size, complexity and nature of its business.

            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 2.1.3 Matters to be covered by policies

            (1) A firm's AML/CFT policies, procedures, systems and controls must, as a minimum, cover:
            (a) CDD and ongoing monitoring;
            (b) record making and retention;
            (c) detection of suspicious transactions;
            (d) internal and external reporting obligations;
            (e) communication of the policies, procedures, systems and controls to the firm's officers and employees; and
            (f) anything else required under the AML/CFT Law or these rules.
            (2) Without limiting subrule (1), the firm's AML/CFT policies, procedures, systems and controls must:
            (a) provide for the identification and scrutiny of:
            (i) complex or unusual large transactions, and unusual patterns of transactions, that have no apparent economic or visible lawful purpose; and
            (ii) any other transactions that the firm considers particularly likely by their nature to be related to money laundering or terrorism financing;
            (b) require the taking of enhanced CDD to identify and prevent the use for money laundering or terrorism financing of products and transactions that might favour anonymity;
            (c) before any function or activity is outsourced by the firm, require an assessment to be made and documented of the money laundering and terrorism financing risks associated with the outsourcing;
            (d) require the risks associated with the outsourcing of a function or activity by the firm to be monitored on an ongoing basis; and
            (e) require everyone in the firm to comply with the requirements of the AML/CFT Law and these rules in relation to the making of suspicious transaction reports;
            (f) set out the conditions that must be satisfied to permit a customer to use the business relationship even before the customer's identity (or the identity of the beneficial owner of the customer) is verified;
            (g) ensure that there are appropriate systems and measures to enable the firm to implement any targeted financial sanction that may be required under Law No. (27) of 2019 on Combating Terrorism, and for complying with any other requirements of that law; and

            Note Targeted financial sanction is defined in the Glossary.
            (h) be designed to ensure that the firm can otherwise comply, and does comply, with the AML/CFT Law and these rules.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 2.1.4 Assessment and review of policies

            A firm must annually assess the adequacy and effectiveness of its AML/CFT policies, procedures, systems and controls in identifying and preventing money laundering and terrorism financing.

            Note For other annual assessments and reviews, see:

            •   rule 2.3.8 (Minimum annual report by MLRO)
            •   rule 2.3.9 (Consideration of MLRO reports)
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 2.1.5 Compliance by officers, employees, agents

            (1) A firm must ensure that its officers, employees, agents and contractors, wherever they are, comply with:
            (a) the requirements of the AML/CFT Law and these rules; and
            (b) its AML/CFT policies, procedures, systems and controls;
            except so far as the law of another jurisdiction prevents this subrule from applying.
            (2) Without limiting subrule (1), the firm's AML/CFT policies, procedures, systems and controls must:
            (a) require officers, employees, agents and contractors, wherever they are, to provide the firm's MLRO with suspicious transaction reports for transactions in, from or to this jurisdiction; and
            (b) provide timely, unrestricted access by the firm's senior management and MLRO, and by the Regulator and FIU, to documents and information of the firm, wherever they are held, that relate directly or indirectly to its customers or accounts or to transactions in, from or to this jurisdiction;
            except so far as the law of another jurisdiction prevents this subrule from applying.
            (3) Subrule (2) (a) does not prevent a suspicious transaction report also being made in another jurisdiction for a transaction in, from or to this jurisdiction.
            (4) This rule does not prevent the firm from applying higher, consistent standards in its AML/CFT policies, procedures, systems and controls in relation to customers whose transactions or operations extend over 2 or more jurisdictions.
            (5) If the law of another jurisdiction prevents a provision of this rule from applying to an officer, employee, agent or contractor of the firm, the firm must immediately tell the Regulator about the matter.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 2.1.6 Application of AML/CFT Law requirements, policies to branches and associates

            (1) This rule applies to a firm if:
            (a) it has a branch or associate in Qatar; or
            (b) it has a branch in a foreign jurisdiction, or an associate in a foreign jurisdiction over which it can exercise control.
            (2) The firm must ensure that the branch or associate, and the officers, employees, agents and contractors of the branch or associate, wherever they are, comply with:
            (a) the requirements of the AML/CFT Law and these rules; and
            (b) the firm's AML/CFT policies, procedures, systems and controls;
            except so far as the law of another jurisdiction prevents this subrule from applying.
            (3) Without limiting subrule (2), the firm's AML/CFT policies, procedures, systems and controls must:
            (a) require the branch or associate, and the officers, employees, agents and contractors of the branch or associate, wherever they are, to provide suspicious transaction reports for transactions in, from or to this jurisdiction to the firm's MLRO; and
            (b) provide timely, unrestricted access by the firm's senior management and MLRO, and by the Regulator and FIU, to documents and information of the branch or associate, wherever they are held, that relate directly or indirectly to its customers or accounts or to transactions in, from or to this jurisdiction;
            except so far as the law of another jurisdiction prevents this subrule from applying.
            (4) Subrule (3) (a) does not prevent a suspicious transaction report also being made in another jurisdiction for a transaction in, from or to this jurisdiction.
            (5) Despite subrule (2), if the AML/CFT requirements of this jurisdiction and another jurisdiction differ, the branch or associate must apply the requirements that impose the highest standard, except so far as the law of another jurisdiction prevents this subrule from applying.
            (6) Also, this rule does not prevent the firm and its branches, or the firm and the other members of its group, from applying higher, consistent standards in their AML/CFT policies, procedures, systems and controls in relation to customers whose transactions or operations extend across the firm and its branches or the firm and the other members of its group.
            (7) If the law of a foreign jurisdiction prevents a provision of this rule from applying to the branch or associate or any of its officers, employees, agents or contractors, the firm:
            (a) must immediately tell the Regulator about the matter; and
            (b) must apply additional measures to manage the money laundering and terrorism financing risks (for example, by requiring the branch or associate to give to the firm additional information and reports).
            (8) If the Regulator is not satisfied with the additional measures applied by the firm under subrule (7) (b), the Regulator may, on its own initiative, apply additional supervisory measures by, for example, directing the firm:
            (a) in the case of a branch — to suspend the transactions through the branch in the foreign jurisdiction; or
            (b) in the case of an associate — to suspend the transactions of the associate insofar as they relate to Qatar.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 2.1.7 Application of AML/CFT Law requirements, policies to outsourced functions and activities

            (1) This rule applies if a firm outsources any of its functions or activities to a third party.

            Note See also rule 2.1.3 (2) (c) and (d) (Matters to be covered by policies) for other requirements relating to outsourcing.
            (2) The firm, and its senior management, remain responsible for ensuring that the AML/CFT Law and these rules are complied with.
            (3) The firm must, through a service level agreement or otherwise, ensure that the third party, and the officers, employees, agents and contractors of the third party, wherever they are, comply with the following in relation to the outsourcing:
            (a) the requirements of the AML/CFT Law and these rules;
            (b) the firm's AML/CFT policies, procedures, systems and controls;
            except so far as the law of another jurisdiction prevents this subrule from applying.
            (4) Without limiting subrule (3), the firm's AML/CFT policies, procedures, systems and controls must:
            (a) require the third party, and the officers, employees, agents and contractors of the third party, wherever they are, to provide suspicious transaction reports for transactions in, from or to this jurisdiction involving the firm (or the third party on its behalf) to the firm's MLRO; and
            (b) provide timely, unrestricted access by the firm's senior management and MLRO, and by the Regulator and FIU, to documents and information of the third party, wherever they are held, that relate directly or indirectly to the firm's customers or accounts or to transactions in, from or to this jurisdiction involving the firm (or the third party on its behalf);
            except so far as the law of another jurisdiction prevents this subrule from applying.
            (5) Subrule (4) (a) does not prevent a suspicious transaction report also being made in another jurisdiction for a transaction in, from or to this jurisdiction.
            (6) If the law of another jurisdiction prevents a provision of this rule from applying to the third party or any of its officers, employees, agents or contractors:
            (a) the third party must immediately tell the firm about the matter; and
            (b) the firm must immediately tell the Regulator about the matter.
            (7) This rule is in addition to any other provision of the Regulator's Rules about outsourcing.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

        • AMLG Part 2.2 AMLG Part 2.2 Senior management

          Note for Part 2.2

          Principle 1 (see rule 1.2.1) requires the senior management of a firm to ensure that the firm's policies, procedures, systems and controls are implemented, and that they appropriately and adequately address the requirements of the AML/CFT Law and these rules.

          Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 2.2.1 Overall senior management responsibility

            The senior management of a firm is responsible for the effectiveness of the firm's policies, procedures, systems and controls in identifying and preventing money laundering and terrorism financing.

            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 2.2.2 Particular responsibilities of senior management

            (1) The senior management of a firm must ensure:
            (a) that the firm develops, establishes and maintains effective AML/CFT policies, procedures, systems and controls in accordance with these rules;
            (b) that the firm has adequate screening procedures to ensure high standards when appointing or employing officers or employees;
            (c) that the firm identifies, designs, delivers and maintains an appropriate ongoing AML/CFT training programme for its officers and employees;

            Note See Part 6.2 (AML/CFT training programme) for details of the firm's training requirements.
            (d) that independent review and testing of the firm's compliance with its AML/CFT policies, procedures, systems and controls are conducted in accordance with rule 2.1.1 (4);
            (e) that regular and timely information is made available to senior management about the management of the firm's money laundering and terrorism financing risks;
            (f) that the firm's money laundering and terrorism financing risk management policies and methodology are appropriately documented, including the firm's application of them;
            (g) that there is at all times an MLRO for the firm who:
            (i) has sufficient seniority, knowledge, experience and authority;
            (ii) has an appropriate knowledge and understanding of the legal and regulatory responsibilities of the role, the AML/CFT Law and these rules;
            (iii) has sufficient resources, including appropriate staff and technology, to carry out the role in an effective, objective and independent way;
            (iv) has timely, unrestricted access to all information of the firm relevant to AML and CFT, including, for example:
            (A) all customer identification documents and all source documents, data and information;
            (B) all other documents, data and information obtained from, or used for, CDD and ongoing monitoring; and
            (C) all transaction records; and
            (v) has appropriate back-up arrangements to cover absences, including a Deputy MLRO to act as MLRO; and
            (h) that a firm-wide AML/CFT compliance culture is promoted within the firm;

            Guidance

            The Regulator expects a firm's senior management to ensure that there is an AML/CFT culture within the firm where:
            •   senior management consistently enforces a top-down approach to its AML/CFT responsibilities;
            •   there is a demonstrable and sustained firm-wide commitment to the AML/CFT principles and compliance with the AML/CFT Law, these rules and the firm's AML/CFT policies, procedures, systems and controls;
            •   AML/CFT risk management and regulatory requirements are embedded at all levels of the firm and in all elements of its business or activities.
            (i) that appropriate measures are taken to ensure that money laundering and terrorism financing risks are taken into account in the day-to-day operation of the firm, including in relation to:
            (i) the development of new products;
            (ii) the taking on of new customers; and
            (iii) changes in the firm's business profile; and
            (j) that all reasonable steps have been taken so that a report required to be given to the Regulator for AML or CFT purposes is accurate, complete and given promptly.
            (2) This rule does not limit the particular responsibilities of the senior management of the firm.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

        • AMLG Part 2.3 AMLG Part 2.3 MLRO and Deputy MLRO

          • AMLG Division 2.3.A AMLG Division 2.3.A Appointment of MLRO and Deputy MLRO

            • AMLG 2.3.1 Appointment — MLRO and Deputy MLRO

              (1) A firm must ensure that there is at all times an MLRO and a Deputy MLRO for the firm.
              (2) Accordingly, the firm must, from time to time, appoint an individual as its MLRO and another individual as its Deputy MLRO.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

            • AMLG 2.3.2 Eligibility to be MLRO or Deputy MLRO

              (1) The MLRO and Deputy MLRO for a firm must:
              (a) be employed at the management level by the firm, or by a legal person in the same group, whether as part of its governing body, management or staff; and
              (b) have sufficient seniority, knowledge, experience and authority for the role, and in particular:
              (i) to act independently; and
              (ii) to report directly to the firm's senior management.
              (2) If a general insurance firm proposes to appoint as MLRO an individual who is not ordinarily resident in Qatar, the firm must satisfy the Regulator that the MLRO function can be adequately exercised by an MLRO who is not resident in Qatar.
              (3) If the Regulator considers that the MLRO function for the firm cannot be adequately exercised by an MLRO who is not resident in Qatar, the Regulator may direct the firm to appoint as MLRO an individual who is ordinarily resident in Qatar.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG Division 2.3.B AMLG Division 2.3.B Roles of MLRO and Deputy MLRO

            • AMLG 2.3.3 General responsibilities of MLRO

              The MLRO for a firm is responsible for:

              (a) overseeing the implementation of the firm's AML/CFT policies, procedures, systems and controls in relation to this jurisdiction, including the operation of the firm's risk-based approach;
              (b) ensuring that appropriate policies, procedures, systems and controls are developed, established and maintained across the firm to monitor the firm's day-to-day operations:
              (i) for compliance with the AML/CFT Law, these rules, and the firm's AML/CFT policies, procedures, systems and controls; and
              (ii) to assess, and regularly review, the effectiveness of the policies, procedures, systems and controls in identifying and preventing money laundering and terrorism financing;
              (c) being the firm's key person in implementing the firm's AML/CFT strategies in relation to this jurisdiction;
              (d) supporting and coordinating senior management focus on managing the firm's money laundering and terrorism financing risks in individual business areas;
              (e) helping to ensure that the firm's wider responsibility for identifying and preventing money laundering and terrorism financing is addressed centrally; and
              (f) promoting a firm-wide view to be taken of the need for AML/CFT monitoring and accountability.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

            • AMLG 2.3.4 Particular responsibilities of MLRO

              (1) The MLRO for a firm is responsible for:
              (a) receiving, investigating and assessing internal suspicious transaction reports for the firm;
              (b) making suspicious transaction reports to the FIU and telling the Regulator about them;
              (c) acting as central point of contact between the firm, and the FIU, the Regulator and other State authorities, in relation to AML and CFT issues;
              (d) responding promptly to any request for information by the FIU, the Regulator and other State authorities in relation to AML and CFT issues;
              (e) receiving and acting on government, regulatory and international findings about AML and CFT issues;
              (f) monitoring the appropriateness and effectiveness of the firm's AML/CFT training programme;
              (g) reporting to the firm's senior management on AML and CFT issues;
              (h) keeping the Deputy MLRO informed of significant AML/CFT developments (whether internal or external); and
              (i) exercising any other functions given to the MLRO, whether under the AML/CFT Law, these rules or otherwise.
              (2) If the Regulator issues guidance, the MLRO must bring it to the attention of the firm's senior management. The firm must make and keep a record of:
              (a) whether the senior management took the guidance into account;
              (b) any action that the senior management took as a result; and
              (c) the reasons for taking or not taking action.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

            • AMLG 2.3.5 Role of Deputy MLRO

              (1) The Deputy MLRO for a firm acts as the firm's MLRO during absences of the MLRO and whenever there is a vacancy in the MLRO's position.
              (2) When the Deputy MLRO acts as MLRO, these rules apply in relation to the Deputy MLRO as if the Deputy MLRO were the MLRO.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

            • AMLG 2.3.6 How MLRO must carry out role

              The MLRO for a firm must act honestly, reasonably and independently, particularly in:

              (a) receiving, investigating and assessing internal suspicious transaction reports; and
              (b) deciding whether to make, and making, suspicious transaction reports to the FIU.

              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG Division 2.3.C AMLG Division 2.3.C Reporting by MLRO to senior management

            • AMLG 2.3.7 MLRO reports

              (1) The senior management of a firm must, on a regular basis, decide what reports should be given to it by the MLRO, and when the reports should be given to it, to enable it to discharge its responsibilities under the AML/CFT Law and these rules.
              (2) However, the MLRO must give the senior management a report that complies with rule 2.3.8 (Minimum annual report by MLRO) for each calendar year. The report must be given in time to enable compliance with rule 2.3.9 (2).
              (3) To remove any doubt, subrule (2) does not limit the reports:
              (a) that the senior management may require to be given to it; or
              (b) that the MLRO may give to the senior management on the MLRO's own initiative to discharge the MLRO's responsibilities under the AML/CFT Law and these rules.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

            • AMLG 2.3.8 Minimum annual report by MLRO

              (1) This rule sets out the minimum requirements that must be complied with in relation to the report that must be given to the senior management by the MLRO for each calendar year (see rule 2.3.7 (2)).
              (2) The report must assess the adequacy and effectiveness of the firm's AML/CFT policies, procedures, systems and controls in identifying and preventing money laundering and terrorism financing.
              (3) The report must include the following for the period to which it relates:
              (a) the numbers and types of internal suspicious transaction reports made to the MLRO;
              (b) the number of these reports that have, and the number of these reports that have not, been passed on to the FIU;
              (c) the reasons why reports have or have not been passed on to the FIU;
              (d) the numbers and types of breaches by the firm of the AML/CFT Law, these rules, or the firm's AML/CFT policies, procedures, systems and controls;
              (e) areas where the firm's AML/CFT policies, procedures, systems and controls should be improved, and proposals for making appropriate improvements;
              (f) a summary of the AML/CFT training delivered to the firm's officers and employees;
              (g) areas where the firm's AML/CFT training programme should be improved, and proposals for making appropriate improvements;
              (h) the number and types of customers of the firm that are categorised as high risk;
              (i) progress in implementing any AML/CFT action plans;

              Note These provisions require action plans:
              •   rule 2.3.9 (1) (b) (Consideration of MLRO reports)
              •   rule 6.2.2 (3) (b) (Training must be maintained and reviewed).
              (j) the outcome of any relevant quality assurance or audit reviews in relation to the firm's AML/CFT policies, procedures, systems and controls;
              (k) the outcome of any review of the firm's risk assessment policies, procedures, systems and controls.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

            • AMLG 2.3.9 Consideration of MLRO reports

              (1) The senior management of a firm must promptly:
              (a) consider each report made to it by the MLRO; and
              (b) if the report identifies deficiencies in the firm's compliance with the AML/CFT Law or these rules — prepare or approve an action plan to remedy the deficiencies.
              (2) For the report that must be given for each calendar year under rule 2.3.7 (2), the senior management must confirm in writing that it has considered the report and, if an action plan is required, has approved such a plan. The firm's MLRO must give the Regulator a copy of the report and confirmation before 1 June of the next year.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG Division 2.3.D AMLG Division 2.3.D Additional obligations of firm with non-resident MLRO

            • AMLG 2.3.10 Annual reports

              A firm whose MLRO is not ordinarily resident in Qatar must report to the Regulator, in a form approved for this rule under the General Rules 2005, before 1 June in each year.

              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

            • AMLG 2.3.11 Visits by non-resident MLRO

              A firm whose MLRO is not ordinarily resident in Qatar must ensure that the MLRO inspects the firm's operations in Qatar frequently enough to allow him or her to assess the accuracy and reliability of the information supplied to the Regulator in the reports required by rule 2.3.10.

              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

            • AMLG 2.3.12 Regulator may direct firm to appoint resident MLRO

              (1) This rule applies if, for any reason, the Regulator considers that the MLRO function for a firm is not being adequately exercised by an individual who is not ordinarily resident in Qatar.
              (2) The Regulator may direct the firm:
              (a) to require the individual to be ordinarily resident in Qatar; or
              (b) to appoint another individual who is ordinarily resident in Qatar.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

      • AMLG Chapter 3 AMLG Chapter 3 The risk-based approach

        Note for Chapter 3

        Principle 2 (see rule 1.2.2) requires a firm to adopt a risk-based approach to these rules and their requirements.

        Derived by QFCRA RM/2019-9 (as from 1st February 2020)

        • AMLG 3.1.1 Firms must conduct risk assessment and decide risk mitigation

          (1) A firm:
          (a) must conduct, at regular and appropriate intervals, an assessment (a business risk assessment) of the money laundering and terrorism financing risks that it faces, including risks identified in the National Risk Assessment and those that may arise from:
          (i) the types of customers that it has (and proposes to have) (customer risk);
          (ii) the products and services that it provides (and proposes to provide) (product risk);
          (iii) the technologies that it uses (and proposes to use) to provide those products and services (interface risk); and
          (iv) the jurisdictions with which its customers are (or may become) associated (jurisdiction risk); and

          Examples of 'associated' jurisdictions for a customer
          1 the jurisdiction where the customer lives or is incorporated or otherwise established
          2 each jurisdiction where the customer conducts business or has assets.
          (b) must decide what action is needed to mitigate those risks.
          (2) The firm must be able to demonstrate:
          (a) how it determined the risks that it faces;
          (b) how it took into consideration the National Risk Assessment and other sources in determining those risks;
          (c) when and how it conducted the business risk assessment; and
          (d) how the actions it has taken after the assessment have mitigated, or have failed to mitigate, the risks it faces.
          (3) If the firm fails to take into account the National Risk Assessment and other sources or fails to assess any of the risks it faces, it must give the reasons for its failure to do so, if required by the Regulator.
          Derived by QFCRA RM/2019-9 (as from 1st February 2020)

        • AMLG 3.1.2 Approach to risk mitigation must be based on suitable methodology

          (1) The intensity of a firm's approach to the mitigation of its money laundering and terrorism financing risks must be based on a suitable methodology (a threat assessment methodology) that addresses the risks that it faces.
          (2) A firm must be able to demonstrate that its threat assessment methodology:
          (a) includes:
          (i) identifying the purpose and intended nature of the business relationship with each customer; and
          (ii) assessing the risk profile of the business relationship by scoring the relationship;
          (b) is suitable for the size, complexity and nature of the firm's business;
          (c) is designed to enable the firm:
          (i) to identify and recognise any changes in its money laundering and terrorism financing risks; and
          (ii) to change its threat assessment methodology as needed; and
          (d) includes assessing risks posed by:
          (i) new products and services; and
          (ii) new or developing technologies.
          (3) A firm must also be able to demonstrate that its practice matches its threat assessment methodology.
          Derived by QFCRA RM/2019-9 (as from 1st February 2020)

      • AMLG Chapter 4 AMLG Chapter 4 Know your customer

        • AMLG Part 4.1 AMLG Part 4.1 Know your customer — general

          Note for Part 4.1

          Principle 3 (see rule 1.2.3) requires a firm to know each of its customers to the extent appropriate for the customer's risk profile.

          Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 4.1.1 Know your customer principle — general

            The know your customer principle requires every firm to know who its customers are, and to have the necessary customer identification documentation, data and information to evidence this.

            Note Principle 6 (see rule 1.2.6) requires a firm to be able to provide documentary evidence of its compliance with the requirements of the AML/CFT Law and these rules.

            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

        • AMLG Part 4.2 AMLG Part 4.2 Know your customer — key terms

          • AMLG 4.2.1 What is ongoing monitoring?

            Ongoing monitoring, in relation to a customer of a firm, consists of:

            (a) scrutinising transactions conducted under the business relationship with the customer to ensure that the transactions are consistent with the firm's knowledge of the customer, the customer's business and risk profile, and, where necessary, the source of the customer's wealth and funds; and
            (b) reviewing the firm's records of the customer to ensure that documents, data and information collected using CDD and ongoing monitoring for the customer are kept up-to-date and relevant.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 4.2.2 Who is an applicant for business?

            An applicant for business, in relation to a firm, is a person seeking to form a business relationship, or carry out a one-off transaction, with the firm.

            Examples of applicants for business

            1 A person dealing with a firm on his or her own behalf is an applicant for business for the firm.
            2 If a person (A) is acting as agent for a principal in dealing with a firm and A deals with the firm in his or her own name on behalf of a client of the principal, A (and not the client) is an applicant for business for the firm.
            3 If an individual claiming to represent a company, partnership or other legal person applies to a firm to conduct business on behalf of the legal person, the legal person (and not the individual claiming to represent it) is an applicant for business for the firm.
            4 If a company manager or company formation agent (C) introduces a client company to a firm, the client company (and not C) is an applicant for business for the firm.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

        • AMLG Part 4.3 AMLG Part 4.3 Enhanced CDD and ongoing monitoring

          • AMLG 4.3.1 Enhanced CDD and ongoing monitoring — general

            A firm must, on a risk-sensitive basis, conduct enhanced CDD and enhanced ongoing monitoring:

            (a) in cases where it is required to do so under the AML/CFT Law or these rules;
            (b) if required by the Regulator or the NAMLTF Committee to do so;
            (c) in cases where the Financial Action Task Force calls upon its members to require enhanced CDD and enhanced ongoing monitoring; and
            (d) in any other situation that by its nature can present a higher risk of money laundering or terrorism financing.

            Examples

            A greater degree of CDD and monitoring would be necessary in the following cases:
            •   a customer who is associated with terrorist acts
            •   a customer from a jurisdiction with impaired international cooperation
            •   a customer from a non-cooperative, high risk or sanctioned jurisdiction
            •   a customer from a jurisdiction with high propensity for corruption.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 4.4.2 Measures required for enhanced CDD or ongoing monitoring

            A firm that is required to conduct enhanced CDD or enhanced ongoing monitoring must include the following measures, as appropriate to either or both requirements:

            (a) obtain additional information about the customer (for example, profession, volume of assets and information available through public databases and open sources);
            (b) update customer identification and beneficial owner identification;
            (c) obtain additional information on the purpose and intended nature of the business relationship;
            (d) obtain additional information on the sources of the customer's wealth and funds;
            (e) obtain information on the reasons for the expected transactions or the transactions that have been carried out;
            (f) obtain senior management approval before establishing or continuing a business relationship;
            (g) implement additional and continuous controls by identifying transactions and patterns of transactions that need additional scrutiny and review;
            (h) make the first of any required payments to the customer through an account in a bank that is regulated and supervised (at least for AML and CFT purposes) by the Regulator or by an equivalent regulatory or governmental authority, body or agency in another jurisdiction.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 4.4.3 Other measures in addition to enhanced CDD and ongoing monitoring

            In addition to the enhanced CDD and enhanced ongoing monitoring in this Part, a firm must conduct, on a risk-sensitive basis:

            (a) countermeasures proportionate to the risks specified in circulars published by the NAMLTF Committee based on relevant findings of international organisations, governments and other bodies; and
            (b) other measures determined by the NAMLTF Committee on its own initiative.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

      • AMLG Chapter 5 AMLG Chapter 5 Reporting and tipping-off

        • AMLG Part 5.1 AMLG Part 5.1 Reporting requirements

          Note for Part 5.1

          Principle 4 (see rule 1.2.4) requires a firm to have effective measures in place to ensure there is internal and external reporting whenever money laundering or terrorism financing is known or suspected.

          Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG Division 5.1.A AMLG Division 5.1.A Reporting requirements — general

            • AMLG 5.1.1 Unusual and inconsistent transactions

              (1) A transaction that is unusual or inconsistent with a customer's known legitimate business and risk profile does not of itself make it suspicious.

              Note 1 The key to recognising unusual or inconsistent transactions is for a firm to know its customers well enough under Chapter 4 (Know your customer).

              Note 2 A firm's AML/CFT policies, procedures, systems and controls must provide for the identification and scrutiny of certain transactions (see rule 2.1.3 (2) (a)).
              (2) A firm must consider the following matters in deciding whether an unusual or inconsistent transaction is a suspicious transaction:
              (a) whether the transaction has no apparent or visible economic or lawful purpose;
              (b) whether the transaction has no reasonable explanation;
              (c) whether the size or pattern of the transaction is out of line with any earlier pattern or the size or pattern of transactions of similar customers;
              (d) whether the customer has failed to give an adequate explanation for the transaction or to fully provide information about it;
              (e) whether the transaction involves the use of a newly established business relationship or is for a one-off transaction;
              (f) whether the transaction involves the use of offshore accounts, companies or structures that are not supported by the customer's economic needs;
              (g) whether the transaction involves the unnecessary routing of funds through third parties.
              (3) Subrule (2) does not limit the matters that the firm may consider.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG Division 5.1.B AMLG Division 5.1.B Internal reporting

            • AMLG 5.1.2 Internal reporting policies

              (1) A firm must have clear and effective policies, procedures, systems and controls for the internal reporting of all known or suspected instances of money laundering or terrorism financing.
              (2) The policies, procedures, systems and controls must enable the firm to comply with the AML/CFT Law and these rules in relation to the prompt making of internal suspicious transaction reports to the firm's MLRO.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

            • AMLG 5.1.3 Access to MLRO

              A firm must ensure that all its officers and employees have direct access to the firm's MLRO and that the reporting lines between them and the MLRO are as short as possible.

              Note The MLRO is responsible for receiving, investigating and assessing internal suspicious transaction reports for the firm (see rule 2.3.4 (a)).

              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

            • AMLG 5.1.4 Obligation of officer or employee to report to MLRO

              (1) This rule applies to an officer or employee of a firm if, in the course of his or her office or employment, the officer or employee knows or suspects, or has reasonable grounds to know or suspect, that funds are:
              (a) the proceeds of crime;
              (b) related to terrorism financing; or
              (c) linked or related to, or are to be used for, terrorism, terrorist acts or by terrorist organisations.
              (2) The officer or employee must promptly make a suspicious transaction report to the firm's MLRO.
              (3) The officer or employee must make the report:
              (a) irrespective of the amount of any transaction relating to the funds;
              (b) whether or not any transaction relating to the funds involves tax matters; and
              (c) even though:
              (i) no transaction has been, or will be, conducted by the firm in relation to the funds;
              (ii) for an applicant for business — no business relationship has been, or will be, entered into by the firm with the applicant;
              (iii) for a customer — the firm has terminated any relationship with the customer; and
              (iv) any attempted money laundering or terrorism financing activity in relation to the funds has failed for any other reason.
              (4) If the officer or employee makes a suspicious transaction report to the MLRO (the internal report) in relation to the applicant for business or customer, the officer or employee must promptly give the MLRO details of every subsequent transaction of the applicant or customer (whether or not of the same nature as the transaction that gave rise to the internal report) until the MLRO tells the officer or employee not to do so.

              Note An officer or employee who fails to make a report under this rule:
              (a) may commit an offence against the AML/CFT Law; and
              (b) may also be dealt with under the Financial Services Regulations, Part 9 (Disciplinary and enforcement powers).
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

            • AMLG 5.1.5 Obligations of MLRO on receipt of internal report

              (1) If the MLRO of a firm receives a suspicious transaction report (whether under this Division or otherwise), the MLRO must promptly:
              (a) if the firm's policies, procedures, systems and controls allow an initial report to be made orally and the initial report is made orally — properly document the report;
              (b) give the individual making the report a written acknowledgment for the report, together with a reminder about the provisions of Part 5.2 (Tipping-off);
              (c) consider the report in light of all other relevant information held by the firm about the applicant for business, customer or transaction to which the report relates;
              (d) decide whether the transaction is suspicious; and
              (e) give written notice of the decision to the individual who made the report.
              (2) A reference in this rule to the MLRO includes a reference to a person acting under rule 5.1.7 (3) (b) (Obligation of firm to report to FIU) in relation to the making of a report on the firm's behalf.

              Note Under rule 2.3.5 the Deputy MLRO acts as the MLRO during absences of the MLRO and whenever there is a vacancy in the MLRO's position.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG Division 5.1.C AMLG Division 5.1.C External reporting

            • AMLG 5.1.6 External reporting policies

              (1) A firm must have clear and effective policies, procedures, systems and controls for reporting to the FIU all known or suspected instances of money laundering or terrorism financing.
              (2) The policies, procedures, systems and controls must enable the firm:
              (a) to comply with the AML/CFT Law and these rules in relation to the prompt making of suspicious transaction reports to the FIU; and
              (b) to cooperate effectively with the FIU and law enforcement agencies in relation to suspicious transaction reports made to the FIU.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

            • AMLG 5.1.7 Obligation of firm to report to FIU

              (1) This rule applies to a firm if the firm knows or suspects, or has reasonable grounds to know or suspect, that funds are:
              (a) the proceeds of crime;
              (b) related to terrorism financing; or
              (c) linked or related to, or are to be used for, terrorism, terrorist acts or by terrorist organisations.
              (2) The firm must promptly make a suspicious transaction report to the FIU and must ensure that any proposed transaction mentioned in the report does not proceed without consulting with the FIU.
              (3) The report must be made on the firm's behalf by:
              (a) the MLRO; or
              (b) if the report cannot be made by the MLRO (or Deputy MLRO) for any reason — by a person who is employed (as described in rule 2.3.2 (1) (a)) at the management level by the firm, or by a legal person in the same group, and who has sufficient seniority, knowledge, experience and authority to investigate and assess internal suspicious transaction reports.
              Note Under rule 2.3.5 the Deputy MLRO acts as the MLRO during absences of the MLRO and whenever there is a vacancy in the MLRO's position.
              (4) The firm must make the report:
              (a) whether or not an internal suspicious transaction report has been made under Division 5.1.B (Internal reporting) in relation to the funds;
              (b) irrespective of the amount of any transaction relating to the funds;
              (c) whether or not any transaction relating to the funds involves tax matters; and
              (d) even though:
              (i) no transaction has been, or will be, conducted by the firm in relation to the funds;
              (ii) for an applicant for business — no business relationship has been, or will be, entered into by the firm with the applicant;
              (iii) for a customer — the firm has terminated any relationship with the customer; and
              (iv) any attempted money laundering or terrorism financing activity in relation to the funds has failed for any other reason.
              (5) The report must be made in the form (if any) approved by the FIU and in accordance with the unit's instructions. The report must include a statement about:
              (a) the facts or circumstances on which the firm's knowledge or suspicion is based, or the grounds for the firm's knowledge or suspicion; and
              (b) if the firm knows or suspects that the funds belong to a third person — the facts or circumstances on which that knowledge or suspicion is based, or the grounds for the firm's knowledge or suspicion.
              Note A firm that fails to make a report under this rule:
              (a) may commit an offence against the AML/CFT Law; and
              (b) may also be dealt with under the Financial Services Regulations, Part 9 (Disciplinary and enforcement powers).
              (6) If a firm makes a report to the FIU under this rule about a proposed transaction, it must immediately tell the Regulator that it has made a report to the FIU under this rule.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

            • AMLG 5.1.8 Obligation not to destroy records relating to customer under investigation

              (1) This rule applies if:
              (a) a firm makes a suspicious transaction report to the FIU in relation to an applicant for business or a customer; or
              (b) the firm knows that an applicant for business or customer is under investigation by a law enforcement agency in relation to money laundering or terrorism financing.
              (2) The firm must not destroy any records relating to the applicant for business or customer without consulting with the FIU.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

            • AMLG 5.1.9 Firm may restrict or terminate business relationship

              (1) This Division does not prevent a firm from restricting or terminating, for normal commercial reasons, its business relationship with a customer after the firm makes a suspicious transaction report about the customer to the FIU.
              (2) The firm must ensure that restricting or terminating the business relationship does not inadvertently result in tipping-off the customer.
              (3) If the firm restricts or terminates a business relationship with a customer, it must immediately tell the Regulator about the restriction or termination.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG Division 5.1.D AMLG Division 5.1.D Reporting records

            • AMLG 5.1.10 Reporting records to be made by MLRO

              The MLRO of a firm must make and keep records:

              (a) showing the details of each internal suspicious transaction report the MLRO receives;
              (b) necessary to demonstrate how rule 5.1.5 (Obligations of MLRO on receipt of internal report) was complied with in relation to each internal suspicious transaction report; and
              (c) showing the details of each suspicious transaction report made to the FIU by the firm.
              Derived by QFCRA RM/2019-9 (as from 1st February 2020)

        • AMLG Part 5.2 AMLG Part 5.2 Tipping-off

          • AMLG 5.2.1 What is tipping-off?

            Tipping-off, in relation to an applicant for business or a customer of a firm, is the unauthorised act of disclosing information that:

            (a) may result in the applicant or customer, or a third party (other than the FIU or the Regulator), knowing or suspecting that the applicant or customer is or may be the subject of:
            (i) a suspicious transaction report; or
            (ii) an investigation relating to money laundering or terrorism financing; and
            (b) may prejudice the prevention or detection of offences, the apprehension or prosecution of offenders, the recovery of proceeds of crime, or the identification and prevention of money laundering or terrorism financing.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 5.2.2 Firm must ensure no tipping-off occurs

            (1) A firm must ensure that:
            (a) its officers and employees are aware of, and sensitive to:
            (i) the issues surrounding tipping-off; and
            (ii) the consequences of tipping-off; and
            (b) it has policies, procedures, systems and controls to prevent tipping-off within the firm or its group.
            (2) If a firm believes, on reasonable grounds, that an applicant for business or a customer may be tipped off by conducting CDD or ongoing monitoring, the firm may make a suspicious transaction report to the FIU instead of conducting the CDD or monitoring.
            (3) If the firm acts under subrule (2), the MLRO must make and keep records to demonstrate the grounds for the belief that conducting CDD or ongoing monitoring would have tipped off an applicant for business or a customer.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 5.2.3 Information relating to suspicious transaction reports to be safeguarded

            (1) A firm must take all reasonable measures to ensure that information relating to suspicious transaction reports is safeguarded and, in particular, that information relating to a suspicious transaction report is not disclosed to any person (other than a member of the firm's senior management) without the consent of the firm's MLRO.
            (2) The MLRO must not consent to information relating to a suspicious transaction report being disclosed to a person unless the MLRO is satisfied that disclosing the information to the person would not constitute tipping-off.
            (3) If the MLRO gives consent, the MLRO must make and keep records to demonstrate how the MLRO was satisfied that disclosing the information to the person would not constitute tipping-off.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 5.2.4 When advice not considered to be tipping-off

            (1) This rule applies to lawyers, notaries, other independent legal professionals, and accountants acting as independent legal professionals.
            (2) The act of a lawyer, notary, other legal professional or accountant in disclosing relevant information in the course of advising a person against engaging in an illegal act does not constitute tipping-off.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

      • AMLG Chapter 6 AMLG Chapter 6 Screening and training requirements

        • AMLG Part 6.1 AMLG Part 6.1 Screening procedures

          Note for Part 6.1

          Principle 5 (see rule 1.2.5 (a)) requires a firm to have adequate screening procedures to ensure high standards when appointing or employing officers and employees.

          Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 6.1.1 Screening procedures — particular requirements

            (1) In this rule:
            higher-impact individual, in relation to a firm, means an individual who has a role in identifying and preventing money laundering or terrorism financing under the firm's AML/CFT programme.

            Examples
            1 a senior manager of the firm
            2 the firm's MLRO or Deputy MLRO
            3 an individual whose role in the firm includes conducting any other activity with or for a customer
            (2) A firm's screening procedures for the appointment or employment of officers and employees must ensure that an individual is not appointed or employed unless:
            (a) for a higher-impact individual — the firm is satisfied that the individual has the appropriate character, knowledge, skills and abilities to act honestly, reasonably and independently; or
            (b) for any other individual — the firm is satisfied about the individual's integrity.
            (3) The procedures must, as a minimum, provide that, before appointing or employing a higher-impact individual, the firm must:
            (a) obtain references about the individual;
            (b) obtain information about the individual's employment history and qualifications;
            (c) obtain details of any regulatory action taken in relation to the individual;
            (d) obtain details of any criminal convictions of the individual; and
            (e) take reasonable steps to confirm the accuracy and completeness of information that it has obtained about the individual.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

        • AMLG Part 6.2 AMLG Part 6.2 AML/CFT training programme

          Note for Part 6.2

          Principle 5 (see rule 1.2.5 (b)) also requires a firm to have an appropriate ongoing AML/CFT training programme for its officers and employees.

          Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 6.2.1 Appropriate AML/CFT training programme to be delivered

            (1) A firm must identify, design, deliver and maintain an appropriate ongoing AML/CFT training programme for its officers and employees.
            (2) The programme must ensure that the firm's officers and employees are aware, and have an appropriate understanding, of:
            (a) their legal and regulatory responsibilities and obligations, particularly those under the AML/CFT Law and these rules;
            (b) their role in identifying and preventing money laundering and terrorism financing, and the liability that they, and the firm, may incur for:
            (i) involvement in money laundering or terrorism financing; and
            (ii) failure to comply with the AML/CFT Law and these rules;
            (c) how the firm is managing money laundering and terrorism financing risks, how risk management techniques are being applied by the firm, the roles of the MLRO and Deputy MLRO, and the importance of CDD and ongoing monitoring;
            (d) money laundering and terrorism financing threats, techniques, methods and trends, the vulnerabilities of the products offered by the firm, and how to recognise suspicious transactions; and
            (e) the firm's processes for making internal suspicious transaction reports, including how to make effective and efficient reports to the MLRO whenever money laundering or terrorism financing is known or suspected.
            (3) The training must enable the firm's officers and employees to seek and assess the information that is necessary for them to decide whether a transaction is suspicious.
            (4) In making a decision about what is appropriate training for its officers and employees, the firm must consider:
            (a) their differing needs, experience, skills and abilities;
            (b) their differing functions, roles and levels in the firm;
            (c) the degree of supervision over, or independence exercised by, them;
            (d) the availability of information that is needed for them to decide whether a transaction is suspicious;
            (e) the size of the firm's business and the risk of money laundering and terrorism financing;
            (f) the outcome of reviews of their training needs; and
            (g) any analysis of suspicious transaction reports showing areas where training needs to be improved.
            Examples
            1 training for new employees needs to be different to the training for employees who have been with the firm for some time and are already aware of the firm's policies, processes, systems and controls
            2 the training for employees who deal with customers face-to-face needs to be different to the training for employees who deal with customers non-face-to-face.
            (5) Subrule (4) does not limit the matters that the firm may consider.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 6.2.2 Training must be maintained and reviewed

            (1) A firm's AML/CFT training must include ongoing training to ensure that its officers and employees:
            (a) maintain their AML/CFT knowledge, skills and abilities;
            (b) are kept up to date with new AML/CFT developments, including the latest money laundering and terrorism financing techniques, methods and trends; and
            (c) are trained on changes to the firm's AML/CFT policies, procedures, systems and controls.
            (2) A firm must, at regular and appropriate intervals, carry out reviews of the AML/CFT training needs of its officers and employees and must ensure that the needs are met.
            (3) The firm's senior management must promptly:
            (a) consider the outcomes of each review; and
            (b) if a review identifies deficiencies in the firm's AML/CFT training — prepare or approve an action plan to remedy the deficiencies.
            Note It is the MLRO's responsibility to monitor the firm's AML/CFT training programme (see rule 2.3.4 (f)).
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

      • AMLG Chapter 7 AMLG Chapter 7 Providing documentary evidence of compliance

        Note for Chapter 7

        Principle 6 (see rule 1.2.6) requires a firm to be able to provide documentary evidence of its compliance with the requirements of the AML/CFT Law and these rules.

        Derived by QFCRA RM/2019-9 (as from 1st February 2020)

        • AMLG Part 7.1 AMLG Part 7.1 General record-keeping obligations

          • AMLG 7.1.1 Records about compliance

            (1) A firm must make the records necessary:
            (a) to enable it to comply with the AML/CFT Law and these rules; and
            (b) to demonstrate at any time whether the firm has complied with the AML/CFT Law and these rules.
            (2) Without limiting rule (1) (b), the firm must make the records necessary to demonstrate how:
            (a) the key AML/CFT principles in Part 1.2 have been complied with;
            (b) the firm's senior management has complied with responsibilities under the AML/CFT Law and these rules;
            (c) the firm's risk-based approach has been designed and implemented;
            (d) each of the firm's risks have been mitigated;
            (e) CDD and ongoing reviews were conducted for each customer; and
            (f) CDD and ongoing monitoring were enhanced where required by the AML/CFT Law or these rules.
            Examples of records that must be kept
            1 documents and data obtained while conducting CDD
            2 account files
            3 business correspondence
            4 results of analysis of suspicious transaction reports
            Note See also rule 5.1.10 for reporting records to be made by MLRO.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 7.1.2 How long records must be kept

            (1) All records made by a firm for the AML/CFT Law or these rules must be kept for at least 10 years after the day they are made.
            (2) All records made by a firm in relation to a customer for the purposes of AML/CFT Law or these rules must be kept for at least the longer of the following:
            (a) if the firm has (or has had) a business relationship with the customer — 10 years after the day the business relationship with the customer ends;
            (b) if the firm has not had a business relationship with the customer or had a business relationship with the customer and carried out a one-off transaction for the customer after the relationship ended — 10 years after the day the firm last completed a transaction with or for the customer.
            (3) If the day the business relationship with the customer ended is unclear, it is taken to have ended on the day the firm last completed a transaction for or with the customer.
            (4) This rule is subject to rule 5.1.8 (Obligation not to destroy records relating to customer under investigation).
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 7.1.3 Retrieval of records

            (1) A firm must ensure that all types of records kept for the AML/CFT Law and these rules can be retrieved without undue delay.
            (2) Without limiting subrule (1), a firm must establish and maintain systems that enable it to respond fully and quickly to inquiries from the FIU and law enforcement authorities about:
            (a) whether it maintains, or has maintained during the previous 10 years, a business relationship with any person; and
            (b) the nature of the relationship.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

        • AMLG Part 7.2 AMLG Part 7.2 Particular record-keeping obligations

          • AMLG 7.2.1 Records for customers and transactions

            (1) A firm must make and keep records in relation to:
            (a) its business relationship with each customer; and
            (b) each transaction that it conducts with or for a customer.
            (2) The records must:
            (a) comply with the requirements of the AML/CFT Law and these rules;
            (b) enable an assessment to be made of the firm's compliance with:
            (i) the AML/CFT Law and these rules; and
            (ii) its AML/CFT policies, procedures, systems and controls;
            (c) enable any transaction effected by or through the firm to be reconstructed;
            (d) enable the firm to comply with any request, direction or order by a competent authority, judicial officer or court for the production of documents, or the provision of information, within a reasonable time;
            (e) indicate the nature of any evidence that it obtained in relation to an applicant for business, customer or transaction; and
            (f) for any such evidence — include a copy of the evidence itself or, if this is not practicable, information that would enable a copy of the evidence to be obtained.
            (3) This rule is additional to any provision of the AML/CFT Law or any other provision of these rules.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

          • AMLG 7.2.2 Training records

            A firm must make and keep records of the AML/CFT training provided for the firm's officers and employees, including, as a minimum:

            (a) the dates the training was provided;
            (b) the nature of the training; and
            (c) the names of the individuals to whom the training was provided.
            Derived by QFCRA RM/2019-9 (as from 1st February 2020)

      • AMLG Glossary

        (see rule)

        activity includes operation.

        AML means anti-money laundering.

        AML/CFT Law means Law No. (20) of 2019 on Combating Money Laundering and Terrorism Financing and includes any Regulations made under it.

        another jurisdiction means a jurisdiction other than this jurisdiction.

        applicant for business has the meaning given by rule 4.2.2.

        associate, in relation to a legal person (A), means any of the following:

        (a) a legal person in the same group as A;
        (b) a subsidiary of A.

        business day means any day that is not a Friday, Saturday or a public holiday in Qatar.

        CDD means customer due diligence.

        CFT means combating the financing of terrorism.

        customer has the meaning given by rule 1.3.2.

        Deputy MLRO, in relation to a firm, means the firm's deputy money laundering reporting officer.

        director, of a firm, means a person appointed to direct the firm's affairs, and includes:

        (a) a person named as director; and
        (b) any other person in accordance with whose instructions the firm is accustomed to act.

        document means a record of information in any form (including electronic form), and includes, for example:

        (a) anything in writing or on which there is writing; and
        (b) anything on which there are figures, marks, numbers, perforations, symbols or anything else having a meaning for individuals qualified to interpret them; and
        (c) a drawing, map, photograph or plan; and
        (d) any other item or matter (in whatever form) that is, or could reasonably be considered to be, a record of information.

        employee, in relation to a person (A), means an individual:

        (a) who is employed or appointed by A, whether under a contract of service or services or otherwise; or
        (b) whose services are, under an arrangement between A and a third party, placed at the disposal and under the control of A.

        entity means any kind of entity, and includes, for example, any person.

        exercise a function means exercise or perform the function.

        firm has the meaning given by rule 1.3.1.

        FIU means the Financial Intelligence Unit established under the AML/CFT Law.

        foreign jurisdiction means a jurisdiction other than Qatar (which includes the Qatar Financial Centre).

        function means any function, authority, duty or power.

        funds means assets or properties of every kind (whether physical or non-physical, tangible or intangible or movable or immovable, however acquired, and of any value), including:

        (a) financial assets and all related rights;
        (b) economic resources such as oil and other natural resources, and all related rights;
        (c) legal documents or instruments in any form, including electronic or digital copies, evidencing title to, or share in, such assets or resources;
        (d) any interest, dividends or other income on such assets or resources; and
        (e) any value accruing from, or generated by, such assets or resources, which could be used to obtain funds, goods or services.

        general insurance firm has the meaning given by rule 1.3.1.

        governing body, of a firm, means its board of directors, committee of management or other governing body (whatever it is called).

        group, in relation to a firm, means 2 or more entities consisting of:

        (a) a parent company or other legal person exercising control, and coordinating functions, over the rest of the group for the application of group supervision; and
        (b) 1 or more branches or subsidiaries that are subject to AML/CFT policies, procedures systems and controls at group level.

        IMEB means the Insurance Mediation Business Rules 2011.

        instrument means an instrument of any kind, and includes, for example, any writing or other document.

        jurisdiction means any kind of legal jurisdiction, and includes, for example:

        (a) Qatar;
        (b) a foreign country (whether or not an independent sovereign jurisdiction), or a state, province or other territory of such a foreign country; and
        (c) the Qatar Financial Centre or a similar jurisdiction.

        legal person means an entity (other than an individual) on which the legal system of a jurisdiction confers rights and imposes duties, and includes, for example:

        (a) any entity that can establish a permanent customer relationship with a financial institution; and
        (b) any entity that can own, deal with, or dispose of, property.

        Examples

        1 a company
        2 any other corporation
        3 a partnership, whether or not incorporated
        4 an association or other undertaking, whether or not incorporated
        5 a jurisdiction, its government or any of its organs, agencies or instrumentalities

        MLRO, in relation to a firm, means the firm's money laundering reporting officer.

        money laundering has the same meaning as in the AML/CFT Law, Chapter 2, Article (2).

        NAMLTF Committee means the National Anti-Money Laundering and Terrorism Financing Committee established under the AML/CFT Law.

        National Risk Assessment means the series of activities prepared and supervised by the NAMLTF Committee to identify and analyse the threats faced by Qatar and its financial system from money laundering, terrorism financing, and the financing of the proliferation of weapons of mass destruction.

        office includes position.

        outsourcing, in relation to a firm, is any form of arrangement that involves the firm relying on a third-party service provider (including a member of its group) for the exercise of a function, or the conduct of an activity, that would otherwise be exercised or conducted by the firm, but does not include:

        (a) discrete advisory services, including, for example, the provision of legal advice, procurement of specialised training, billing, and physical security;
        (b) supply arrangements and functions, including, for example, the supply of electricity or water and the provision of catering and cleaning services; or
        (c) the purchase of standardised services, including, for example, market information services and the provision of prices.

        parent entity, in relation to a legal person (A), means any of the following:

        (a) a legal person that holds a majority of the voting power in A;
        (b) a legal person that is a member of A (whether direct or indirect, or through legal or beneficial entitlement) and alone, or together with 1 or more associates, holds a majority of the voting power in A;
        (c) a parent entity of any legal person that is a parent entity of A.

        person means:

        (a) an individual (including an individual occupying an office from time to time); or
        (b) a legal person.

        PINS means the Insurance Business Rules 2006.

        proceeds of crime means funds derived or obtained, directly or indirectly, from a predicate offence (within the meaning given by the AML/CFT Law, Chapter 1), including any income, interest, revenue or other product from such funds, whether or not the funds have been converted or transferred, in whole or in part, into other properties or investment yields.

        product includes the provision of a service.

        QFC means Qatar Financial Centre.

        senior management, of a firm, means the firm's senior managers, jointly and separately.

        senior manager, of a firm, means an individual employed by the firm, or by a member of the firm's group, who has responsibility either alone or with others for management and supervision of 1 or more elements of the firm's business or activities that are conducted in, from or to this jurisdiction.

        subsidiary — a legal person (A) is a subsidiary of another legal person (B) if B is a parent entity of A.

        suspicious transaction report, in relation to a firm, means a suspicious transaction report to the firm's MLRO or by the firm to the FIU.

        targeted financial sanction means asset freezing or any prohibition to prevent funds from being made available, directly or indirectly, for the benefit of persons or entities listed in accordance with the Law No. (27) of 2019 on Combating Terrorism.

        Note Under the Law on Combating Terrorism, the National Counter Terrorism Committee is responsible for implementing the requirements relating to targeted financial sanctions. For how to implement targeted financial sanctions, see guidelines under that Law.

        terrorist means an individual who:

        (a) commits, or attempts to commit, a terrorist act by any means, directly or indirectly, unlawfully and wilfully;
        (b) participates as an accomplice in a terrorist act;
        (c) organises or directs others to commit a terrorist act; or
        (d) contributes to the commission of a terrorist act by a group of persons acting with a common purpose if the contribution is made intentionally and with the aim of furthering the terrorist act or with the knowledge of the intention of the group to commit a terrorist act.

        terrorism financing has the same meaning as in the AML/CFT Law, Chapter 2, Article (3).

        terrorist act has the same meaning as in the AML/CFT Law, Chapter 1.

        terrorist organisation means a group of terrorists.

        the Regulator means the Qatar Financial Centre Regulatory Authority.

        this jurisdiction means the QFC.

        tipping-off has the meaning given by rule 5.2.1.

        transaction means a transaction or attempted transaction of any kind, and includes, for example:

        (a) the giving of advice;
        (b) the provision of any service; and
        (c) the conducting of any other business or activity.

        writing means any form of writing, and includes, for example, any way of representing or reproducing words, numbers, symbols or anything else in legible form (for example, by printing or photocopying).

        Derived by QFCRA RM/2019-9 (as from 1st February 2020)

    • Anti-Money Laundering and Combating the Financing of Terrorism Rules 2019 (AML/CFTR)

      Anti-Money Laundering and Combating the Financing of Terrorism Rules 2019 (AML/CFTR)
      AML/CFTR Chapter 1:
      General provisions
      AML/CFTR Part 1.1 Introductory
      AML/CFTR Part 1.2 Key AML/CFT principles
      AML/CFTR Part 1.3 Key terms
      AML/CFTR Chapter 2:
      General AML and CFT responsibilities
      AML/CFTR Part 2.1 The firm
      AML/CFTR Part 2.2 Senior management
      AML/CFTR Part 2.3 MLRO and Deputy MLRO
      AML/CFTR Chapter 3:
      The risk-based approach
      AML/CFTR Part 3.1 The risk-based approach generally
      AML/CFTR Part 3.2 Customer risk
      AML/CFTR Part 3.3 Product risk
      AML/CFTR Part 3.4 Interface risk
      AML/CFTR Part 3.5 Jurisdiction risk
      AML/CFTR Chapter 4:
      Know your customer
      AML/CFTR Part 4.1 Know your customer — general
      AML/CFTR Part 4.2 Know your customer — key terms
      AML/CFTR Part 4.3 Customer due diligence and ongoing monitoring
      AML/CFTR Part 4.4 Enhanced CDD and ongoing monitoring
      AML/CFTR Part 4.5 Simplified CDD and ongoing monitoring
      AML/CFTR Part 4.6 Customer identification documentation
      AML/CFTR Chapter 5:
      Reporting and tipping-off
      AML/CFTR Part 5.1 Reporting requirements
      AML/CFTR Part 5.2 Tipping-off
      AML/CFTR Chapter 6:
      Screening and training requirements
      AML/CFTR Part 6.1.Screening procedures
      AML/CFTR Part 6.2 AML/CFT training programme
      AML/CFTR Chapter 7:
      Providing documentary evidence of compliance
      AML/CFTR Part 7.1 General record-keeping obligations
      AML/CFTR Part 7.2 Particular record-keeping obligations
      AML/CFTR Glossary

      • AML/CFTR Chapter 1 AML/CFTR Chapter 1 General provisions

        • AML/CFTR Part 1.1 AML/CFTR Part 1.1 Introductory

          • AML/CFTR 1.1.1 Name of rules

            These rules are the Anti-Money Laundering and Combating the Financing of Terrorism Rules 2019 (AML/CFTR).

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.1.2 Commencement

            These rules commence on 1 February 2020.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.1.4 Application of these rules

            (1) These rules apply to firms that conduct business or activities in or from this jurisdiction.
            (2) A reference in these rules to a firm is a reference to a firm that conducts, and so far as it conducts, business or activities in or from this jurisdiction, unless these rules otherwise provide.
            (3) However, these rules do not apply to a firm to which the Anti-Money Laundering and Combating the Financing of Terrorism (General Insurance) Rules 2019 (AMLG) apply. A reference in these rules to a firm does not include such a firm.

            Note The AMLG apply to a firm that conducts only either or both of (a) general insurance business and (b) insurance mediation in relation to either or both of general insurance contracts and non-investment insurance contracts.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.1.5 Effect of definitions, notes and examples

            (1) A definition in the Glossary also applies to any instructions or document made under these rules.
            (2) A note in or to these rules is explanatory and is not part of these rules. However, examples and guidance are part of these rules.
            (3) An example is not exhaustive, and may extend, but does not limit, the meaning of these rules or the particular provision of these rules to which it relates.

            Note Under FSR, art 17 (4), guidance is indicative of the view of the Regulatory Authority at the time and in the circumstances in which it was given.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.1.6 References to particular currencies

            In these rules, the specification of an amount of money in a particular currency is also taken to specify the equivalent sum in any other currency at the relevant time.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 1.2 AML/CFTR Part 1.2 Key AML/CFT principles

          • AML/CFTR 1.2.1 Principle 1 — responsibilities

            The Governing Body of a firm is responsible for approving the policies, procedures, systems and controls necessary to ensure the effective prevention of money laundering and terrorism financing. The senior management of the firm must ensure that the policies, procedures, systems and controls are implemented, and that they appropriately and adequately address the requirements of the AML/CFT Law and these rules.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.2.2 Principle 2 — risk-based approach

            A firm must adopt a risk-based approach to these rules and their requirements.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.2.3 Principle 3 — know your customer

            A firm must know each of its customers to the extent appropriate for the customer's risk profile.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.2.4 Principle 4 — effective reporting

            A firm must have effective measures in place to ensure that there is internal and external reporting whenever money laundering or terrorism financing is known or suspected.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.2.5 Principle 5 — high standard screening and appropriate training

            A firm must:

            (a) have adequate screening procedures to ensure high standards when appointing or employing officers and employees; and
            (b) have an appropriate ongoing AML/CFT training programme for its officers and employees.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.2.6 Principle 6 — evidence of compliance

            A firm must be able to provide documentary evidence of its compliance with the requirements of the AML/CFT Law and these rules.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 1.3 AML/CFTR Part 1.3 Key terms

          • AML/CFTR 1.3.1 What is a firm?

            A firm is a financial institution or a DNFBP.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.3.2 What is a financial institution?

            (1) A financial institution is any entity that conducts, as a business, 1 or more of the following activities for or on behalf of a customer:
            (a) accepting deposits or other repayable funds from the public, including, for example, private banking;
            (b) lending (including consumer credit and mortgage credit), the purchase of debts and equity whether with or without the right to recourse, and financing commercial transactions;
            (c) financial leasing, other than financial leasing arrangements in relation to consumer products;
            (d) transferring money or value, whether in the formal sector or informal sector (such as an alternative remittance activity), but does not include the provision to a financial institution of services consisting solely of the provision of messaging or other support services for transmitting funds;
            (e) issuing or managing means of payment, including, for example, credit and debit cards, cheques, travellers' cheques, money orders, bankers' drafts and electronic money;
            (f) providing financial guarantees or commitments;
            (g) trading in:
            (i) money market instruments, including, for example, cheques, bills, certificates of deposit and derivatives;
            (ii) foreign exchange;
            (iii) exchange, interest rate and index instruments;
            (iv) transferable securities; or
            (v) commodity futures;
            (h) participating in securities issues and providing financial services related to securities issues;
            (i) undertaking individual or collective portfolio management;
            (j) safekeeping or administering cash or liquid securities on behalf of other entities;
            (k) otherwise investing, administering or managing funds on behalf of other entities;
            (l) underwriting or placing life insurance and other investment-related insurance, whether as insurer or insurance intermediary;
            (m) money or currency changing;
            (n) any other activity or transaction prescribed by a decision of the Council of Ministers under Article 2 of the Implementing Regulations of Law No. (20) of 2019 on Combatting Money Laundering and Terrorism Financing.
            (2) Despite subrule (1), every authorised firm (other than an authorised firm that is a firm within the meaning given by the Anti-Money Laundering and Combating Terrorist Financing (General Insurance) Rules 2012, rule 1.3.1) is a financial institution.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.3.3 What is a DNFBP?

            (1) A designated non-financial business or profession (or DNFBP) is any of the following:
            (a) a real estate agent, if the agent acts for clients in relation to the buying or selling of real estate (or both);
            (b) a dealer in precious metals or stones, if the dealer engages in cash transactions with customers with a value (or, for transactions that are or appear to be linked, with a total value) of at least QR 50,000;
            (c) a lawyer, notary, other independent legal professional, or accountant, whether a sole practitioner, partner or employed professional in a professional firm, if the person prepares, executes or conducts transactions for clients in relation to all or any of the following activities:
            (i) buying or selling real estate;
            (ii) managing client money, securities or other assets;
            (iii) managing bank, savings or securities accounts;
            (iv) organising contributions for the creation, operation or management of companies or other entities;
            (v) creating, operating or managing legal persons or legal arrangements;
            (vi) buying or selling business entities;
            (d) a trust and company service provider, if the provider prepares or conducts transactions for clients on a commercial basis in relation to all or any of the following activities:
            (i) acting as a formation agent of legal persons;
            (ii) acting, or arranging for another person to act, as a director or secretary of a company or a partner of a partnership, or having a similar position in relation to other legal persons;
            (iii) providing a registered office, business address or accommodation, or providing a correspondence or administration address, for a company, a partnership or any other legal person or legal arrangement;
            (iv) acting as, or arranging for another person to act as, a trustee of an express trust;
            (v) acting as, or arranging for another person to act as, a nominee shareholder for another entity;
            (e) any other business or professional entity prescribed by a decision of the Council of Ministers under Chapter 1 of the AML/CFT Law, definition of DNFBP;
            but does not include a financial institution.
            (2) A DNFBP is also any auditor, tax consultant or insolvency practitioner, whether a sole practitioner, partner or employed professional in a professional firm, if the person prepares or conducts transactions for clients in relation to all or any of the activities mentioned in subrule (1) (c) (i) to (vi), but does not include a financial institution.
            (3) Subrules (1) (c) and (2) do not apply to:
            (a) a professional employed by a business that is not a legal professional, accounting, auditing, tax consultancy or insolvency business; or
            (b) a professional employed by a government agency.
            (4) If an entity that has been granted a licence by the Qatar Financial Centre Authority (other than a financial institution) proposes to conduct any activity mentioned in subrule (1) in or from this jurisdiction, the firm is taken to be a DNFBP.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.3.4 Who is a customer?

            (1) A customer, in relation to a firm, includes any person who engages in, or who has contact with the firm with a view to engaging in, any transaction with the firm or a member of the firm's group:
            (a) on the person's own behalf; or
            (b) as agent for or on behalf of another person.
            (2) To remove any doubt, customer also includes:
            (a) any person receiving a service offered by the firm (or by a member of the firm's group) in the normal course of its business; and
            (b) a client or investor, or prospective client or investor, of the firm or a member of the firm's group.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.3.5 Who is the beneficial owner?

            (1) The beneficial owner is:
            (a) for an account — the individual who ultimately owns, or exercises effective control, over the account;
            (b) for a transaction — the individual for whom, or on whose behalf, the transaction is ultimately being, or is ultimately to be, conducted (whether by proxy, trusteeship or mandate, or by any other form of representation); or
            (c) for a legal person or legal arrangement — the individual who ultimately owns, or exercises effective control over, the person or arrangement.
            (2) Without limiting subrule (1) (a), the beneficial owner for an account includes any individual in accordance with whose instructions any of the following are accustomed to act:
            (a) the signatories of the account (or any of them);
            (b) any individual who, directly or indirectly, instructs the signatories (or any of them).
            (3) Without limiting subrule (1) (c), the beneficial owner for a corporation includes:
            (a) an individual who, directly or indirectly, owns or controls at least 20% of the shares or voting rights of the corporation; and
            (b) an individual who, directly or indirectly, otherwise exercises control over the corporation's management.
            (4) Without limiting subrule (1) (c), the beneficial owner for a legal arrangement that administers and distributes funds includes:
            (a) if the beneficiaries and their distributions have already been decided — an individual who is to receive at least 20% of the funds of the arrangement;
            (b) if the beneficiaries or their distributions have not already been decided — the class of individuals in whose main interest the arrangement is established or operated as beneficial owner; and
            (c) an individual who, directly or indirectly, exercises control over at least 20% (by value) of the property of the arrangement.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.3.6 Politically exposed persons, their family members and associates

            (1) A politically exposed person (PEP) means an individual who is, or has been, entrusted with prominent public functions. Unless the context requires otherwise, a reference to a PEP in these rules includes a family member of the PEP or a close associate of the PEP.

            Examples of persons who can be PEPs
            1 Heads of State or of government
            2 senior politicians
            3 senior government, judicial or military officials
            4 members of Parliament
            5 important political party officials
            6 senior executives of state owned companies
            7 members of senior management (directors, deputy directors and members of the board or equivalent functions) in international organisations.
            (2) A family member of a PEP means an individual related to the PEP by blood, or by marriage, up to the second degree.

            Examples of individuals related to a PEP in the first or second degree
            1 the PEP's father and mother
            2 the PEP's husband or wife
            3 the PEP's father-in-law or mother-in law
            4 the PEP's son or daughter
            5 the PEP's stepson or stepdaughter
            6 the PEP's grandfather and grandmother
            7 the PEP's brother or sister
            8 the PEP's brother-in-law or sister-in-law
            9 the PEP's grandson or granddaughter
            (3) A person is a close associate of a PEP if the person:
            (a) is in partnership with the PEP in a legal person or legal arrangement;
            (b) is associated with the PEP through a business or social relationship; or
            (c) is a beneficial owner of a legal person or legal arrangement owned, or effectively controlled, by the PEP.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)
            Amended by QFCRA RM/2020-1 (as from 15th August 2020)

          • AML/CFTR 1.3.7 What is correspondent banking?

            Correspondent banking is the provision of banking services by a bank (the correspondent) to another bank (the respondent).

            Examples of banking services that may be provided to respondent

            1 cash management (including interest-bearing accounts in different currencies)
            2 wire transfers
            3 cheque clearing
            4 payable-through accounts
            5 foreign exchange
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.3.8 What is a shell bank?

            (1) A shell bank is a bank that:
            (a) has no physical presence in the jurisdiction in which it is incorporated and licensed (however described); and
            (b) is not affiliated with a regulated financial services group that is subject to effective consolidated supervision.
            (2) For this rule, physical presence in a jurisdiction is a presence involving effective management that has the authority to make decisions, and not merely the presence of a local agent or low-level staff.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 1.3.9 What is a correspondent securities relationship?

            A correspondent securities relationship is a relationship under which services in relation to securities are provided by a firm (the correspondent) to another firm (the respondent).

            Examples of services in relation to securities

            buying, selling, lending or otherwise holding securities

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR Chapter 2 AML/CFTR Chapter 2 General AML and CFT responsibilities

        • AML/CFTR Part 2.1 AML/CFTR Part 2.1 The firm

          • AML/CFTR 2.1.1 Firms to develop AML/CFT programme

            (1) A firm must develop a programme against money laundering and terrorism financing.
            (2) The type and extent of the measures adopted by the firm as part of its programme must be appropriate having regard to the risk of money laundering and terrorism financing and the size, complexity and nature of its business.
            (3) However, the programme must, as a minimum, include:
            (a) developing, establishing and maintaining internal policies, procedures, systems and controls to prevent money laundering and terrorism financing;
            (b) adequate screening procedures to ensure high standards when appointing or employing officers or employees;

            Note See also Part 6.1 (Screening procedures).
            (c) an appropriate ongoing training programme for its officers and employees;

            Note See also Part 6.2 (AML/CFT training programme).
            (d) an independent review and testing of the firm's compliance with its AML/CFT policies, procedures, systems and controls in accordance with subrule (4);
            (e) appropriate compliance management arrangements; and

            Note See also:
            •   rule 2.1.5 (Compliance by officers, employees, agents etc)
            •   rule 2.1.6 (Application of AML/CFT Law requirements, policies etc to branches and associates)
            •   rule 2.1.7 (Application of AML/CFT Law requirements, policies etc to outsourced functions and activities).
            (f) the appropriate ongoing assessment and review of the policies, procedures, systems and controls.

            Note See also rule 2.1.4 (Assessment and review of policies etc).
            (4) The review and testing of the firm's compliance with its AML/CFT policies, procedures, systems and controls must be adequately resourced and must be conducted at least once every 2 years. The person making the review must be professionally competent, qualified and skilled, and must be independent of:
            (a) the function being reviewed; and
            (b) the division, department, unit or other part of the firm where that function is performed.
            Note The review and testing may be conducted by the firm's internal auditor, external auditor, risk specialist, consultant or an MLRO from another branch of the firm. Testing would include, for example, sample testing the firm's AML/CFT programme, screening of employees, record making and retention and ongoing monitoring for customers.
            (5) The firm must make and keep a record of the results of its review and testing under subrule (4) and must give the Regulator a copy of the record by 31 July 2021 and every 2 years thereafter.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 2.1.2 Policies etc must be risk-sensitive, appropriate and adequate

            A firm's AML/CFT policies, procedures, systems and controls must be risk-sensitive, appropriate and adequate having regard to the risk of money laundering and terrorism financing and the size, complexity and nature of its business.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 2.1.3 Matters to be covered by policies etc

            (1) A firm's AML/CFT policies, procedures, systems and controls must, as a minimum, cover:
            (a) CDD and ongoing monitoring;
            (b) record making and retention;
            (c) the detection of suspicious transactions;
            (d) the internal and external reporting obligations;
            (e) the communication of the policies, procedures, systems and controls to the firm's officers and employees; and
            (f) anything else required under the AML/CFT Law or these rules.
            (2) Without limiting subrule (1), the firm's AML/CFT policies, procedures, systems and controls must:
            (a) provide for the identification and scrutiny of:
            (i) complex or unusual large transactions, and unusual patterns of transactions, that have no apparent economic or visible lawful purpose; and
            (ii) any other transactions that the firm considers particularly likely by their nature to be related to money laundering or terrorism financing;
            (b) require the taking of enhanced CDD to prevent the use for money laundering or terrorism financing of products and transactions that might favour anonymity;
            (c) provide appropriate measures to reduce the risks associated with establishing business relationships with PEPs;
            (d) before any function or activity is outsourced by the firm, require an assessment to be made and documented of the money laundering and terrorism financing risks associated with the outsourcing;
            (e) require the risks associated with the outsourcing of a function or activity by the firm to be monitored on an ongoing basis;
            (f) require everyone in the firm to comply with the requirements of the AML/CFT Law and these rules in relation to the making of suspicious transaction reports;
            (g) set out the conditions that must be satisfied to permit a customer to use the business relationship even before the customer's identity (or the identity of the beneficial owner of the customer) is verified;

            Note For the situations when verification of identity may be delayed, see rules 4.3.5 and 4.5.1 (2).
            (h) ensure that there are appropriate systems and measures to enable the firm to implement any targeted financial sanction that may be required under Law No. (27) of 2019 on Combating Terrorism, and for complying with any other requirements of that law; and

            Note Targeted financial sanction is defined in the Glossary.
            (i) be designed to ensure that the firm can otherwise comply, and does comply, with the AML/CFT Law and these rules.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 2.1.4 Assessment and review of policies etc

            A firm must carry out regular assessments of the adequacy of, and at least annually review the effectiveness of, its AML/CFT policies, procedures, systems and controls in preventing money laundering and terrorism financing.

            Note For other annual assessments and reviews, see:

            •   rule 2.3.8 (Minimum annual report by MLRO)
            •   rule 2.3.9 (Consideration of MLRO reports)
            •   rule 3.3.5 (3) (Correspondent banking relationships generally)
            •   rule 3.3.12 (3) (Correspondent securities relationships generally).
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 2.1.5 Compliance by officers, employees, agents etc

            (1) A firm must ensure that its officers, employees, agents and contractors, wherever they are, comply with:
            (a) the requirements of the AML/CFT Law and these rules; and
            (b) its AML/CFT policies, procedures, systems and controls;
            except so far as the law of another jurisdiction prevents this subrule from applying.
            (2) Without limiting subrule (1), the firm's AML/CFT policies, procedures, systems and controls:
            (a) must require officers, employees, agents and contractors, wherever they are, to provide the firm's MLRO with suspicious transaction reports for transactions in, from or to this jurisdiction; and
            (b) must provide timely, unrestricted access by the firm's senior management and MLRO, and by the Regulator and FIU, to documents and information of the firm, wherever they are held, that relate directly or indirectly to its customers or accounts or to transactions in, from or to this jurisdiction;
            except so far as the law of another jurisdiction prevents this subrule from applying.
            (3) Subrule (2) (a) does not prevent a suspicious transaction report also being made in another jurisdiction for a transaction in, from or to this jurisdiction.
            (4) This rule does not prevent the firm from applying higher, consistent standards in its AML/CFT policies, procedures, systems and controls in relation to customers whose transactions or operations extend over 2 or more jurisdictions.
            (5) If the law of another jurisdiction prevents a provision of this rule from applying to an officer, employee, agent or contractor of the firm, the firm must immediately tell the Regulator about the matter.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 2.1.6 Application of AML/CFT Law requirements, policies etc to branches and associates

            (1) This rule applies to a firm if:
            (a) it has a branch or associate in Qatar; or
            (b) it has a branch in a foreign jurisdiction, or an associate in a foreign jurisdiction over which it can exercise control.
            (2) The firm must ensure that the branch or associate, and the officers, employees, agents and contractors of the branch or associate, wherever they are, comply with:
            (a) the requirements of the AML/CFT Law and these rules; and
            (b) the firm's AML/CFT policies, procedures, systems and controls;
            except so far as the law of another jurisdiction prevents this subrule from applying.
            (3) Without limiting subrule (2), the firm's AML/CFT policies, procedures, systems and controls:
            (a) must require the branch or associate, and the officers, employees, agents and contractors of the branch or associate, wherever they are, to provide to the firm's MLRO suspicious transaction reports for transactions in, from or to this jurisdiction; and
            (b) must provide timely, unrestricted access by the firm's senior management and MLRO, and by the Regulator and FIU, to documents and information of the branch or associate, wherever they are held, that relate directly or indirectly to its customers or accounts or to transactions in, from or to this jurisdiction;
            except so far as the law of another jurisdiction prevents this subrule from applying.
            (4) Subrule (3) (a) does not prevent a suspicious transaction report also being made in another jurisdiction for a transaction in, from or to this jurisdiction.
            (5) Despite subrule (2), if the AML/CFT requirements of this jurisdiction and another jurisdiction differ, the branch or associate must apply the requirements that impose the highest standard, except so far as the law of another jurisdiction prevents this subrule from applying.
            (6) Also, this rule does not prevent the firm and its branches, or the firm and the other members of its group, from applying higher, consistent standards in their AML/CFT policies, procedures, systems and controls in relation to customers whose transactions or operations extend across the firm and its branches or the firm and the other members of its group.
            (7) If the law of another jurisdiction prevents a provision of this rule from applying to the branch or associate or any of its officers, employees, agents or contractors, the firm:
            (a) must immediately tell the Regulator about the matter; and
            (b) must apply additional measures to manage the money laundering and terrorism financing risks (for example, by requiring the branch or associate to give to the firm additional information and reports).
            (8) If the Regulator is not satisfied with the additional measures applied by the firm under subrule (7) (b), the Regulator may, on its own initiative, apply additional supervisory measures by, for example, directing the firm:
            (a) in the case of a branch — to suspend the transactions through the branch in the foreign jurisdiction; or
            (b) in the case of an associate — to suspend the transactions of the associate insofar as they relate to Qatar.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 2.1.7 Application of AML/CFT Law requirements, policies etc to outsourced functions and activities

            (1) This rule applies if a firm outsources any of its functions or activities to a third party.

            Note See also rule 2.1.3 (2) (d) and (e) (Matters to be covered by policies etc) for other requirements relating to outsourcing.
            (2) The firm, and its senior management, remain responsible for ensuring that the AML/CFT Law and these rules are complied with.
            (3) The firm must, through a service level agreement or otherwise, ensure that the third party, and the officers, employees, agents and contractors of the third party, wherever they are, comply with the following in relation to the outsourcing:
            (a) the requirements of the AML/CFT Law and these rules;
            (b) the firm's AML/CFT policies, procedures, systems and controls;
            except so far as the law of another jurisdiction prevents this subrule from applying.
            (4) Without limiting subrule (3), the firm's AML/CFT policies, procedures, systems and controls:
            (a) must require the third party, and the officers, employees, agents and contractors of the third party, wherever they are, to provide suspicious transaction reports for transactions in, from or to this jurisdiction involving the firm (or the third party on its behalf) to the firm's MLRO; and
            (b) must provide timely, unrestricted access by the firm's senior management and MLRO, and by the Regulator and FIU, to documents and information of the third party, wherever they are held, that relate directly or indirectly to the firm's customers or accounts or to transactions in, from or to this jurisdiction involving the firm (or the third party on its behalf);
            except so far as the law of another jurisdiction prevents this subrule from applying.
            (5) Subrule (4) (a) does not prevent a suspicious transaction report also being made in another jurisdiction for a transaction in, from or to this jurisdiction.
            (6) If the law of another jurisdiction prevents a provision of this rule from applying to the third party or any of its officers, employees, agents or contractors:
            (a) the third party must immediately tell the firm about the matter; and
            (b) the firm must immediately tell the Regulator about the matter.
            (7) If the firm is an authorised firm, this rule is in addition to any other provision of the Regulator's Rules about outsourcing.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 2.2 AML/CFTR Part 2.2 Senior management

          Note for Part 2.2

          Principle 1 (see rule 1.2.1) requires the senior management of a firm to ensure that the firm's policies, procedures, systems and controls are implemented, and that they appropriately and adequately address the requirements of the AML/CFT Law and these rules.

          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 2.2.1 Overall senior management responsibility

            The senior management of a firm is responsible for the effectiveness of the firm's policies, procedures, systems and controls in preventing money laundering and terrorism financing.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 2.2.2 Particular responsibilities of senior management

            (1) The senior management of a firm must ensure:
            (a) that the firm develops, establishes and maintains effective AML/CFT policies, procedures, systems and controls in accordance with these rules;
            (b) that the firm has adequate screening procedures to ensure high standards when appointing or employing officers or employees;
            (c) that the firm identifies, designs, delivers and maintains an appropriate ongoing AML/CFT training programme for its officers and employees;

            Note See Part 6.2 (AML/CFT training programme) for details of the firm's training requirements.
            (d) that independent review and testing of the firm's compliance with its AML/CFT policies, procedures, systems and controls are conducted in accordance with rule 2.1.1 (4);
            (e) that regular and timely information is made available to senior management about the management of the firm's money laundering and terrorism financing risks;
            (f) that the firm's money laundering and terrorism financing risk management policies and methodology are appropriately documented, including the firm's application of them;
            (g) that there is at all times an MLRO for the firm who:
            (i) has sufficient seniority, knowledge, experience and authority;
            (ii) has an appropriate knowledge and understanding of the legal and regulatory responsibilities of the role, the AML/CFT Law and these rules;
            (iii) has sufficient resources, including appropriate staff and technology, to carry out the role in an effective, objective and independent way;
            (iv) has timely, unrestricted access to all information of the firm relevant to AML and CFT, including, for example:
            (A) all customer identification documents and all source documents, data and information;
            (B) all other documents, data and information obtained from, or used for, CDD and ongoing monitoring; and
            (C) all transaction records; and
            (v) has appropriate back-up arrangements to cover absences, including a Deputy MLRO to act as MLRO;
            (h) that a firm-wide AML/CFT compliance culture is promoted within the firm;

            Guidance

            The Regulatory Authority expects a firm's senior management to ensure that there is an AML/CFT culture within the firm where:
            •   senior management consistently enforces a top-down approach to its AML/CFT responsibilities;
            •   there is a demonstrable and sustained firm-wide commitment to the AML/CFT principles and compliance with the AML/CFT Law, these rules and the firm's AML/CFT policies, procedures, systems and controls;
            •   AML/CFT risk management and regulatory requirements are embedded at all levels of the firm and in all elements of its business or activities.
            (i) that appropriate measures are taken to ensure that money laundering and terrorism financing risks are taken into account in the day-to-day operation of the firm, including in relation to:
            (i) the development of new products;
            (ii) the taking on of new customers; and
            (iii) changes in the firm's business profile; and
            (j) that all reasonable steps have been taken so that a report required to be given to the Regulator for AML or CFT purposes is accurate, complete and given promptly.
            (2) This rule does not limit the particular responsibilities of the senior management of the firm.

            Note See, for example, Division 2.3.C (Reporting by MLRO to senior management).
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 2.3 AML/CFTR Part 2.3 MLRO and Deputy MLRO

          • AML/CFTR Division 2.3.A AML/CFTR Division 2.3.A Appointment of MLRO and Deputy MLRO

            • AML/CFTR 2.3.1 Appointment — MLRO and Deputy MLRO

              (1) A firm must ensure that there is at all times an MLRO and a Deputy MLRO for the firm.
              (2) Accordingly, the firm must, from time to time, appoint an individual as its MLRO and another individual as its Deputy MLRO.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 2.3.2 Eligibility to be MLRO or Deputy MLRO

              (1) The MLRO and Deputy MLRO for a firm:
              (a) must be employed at the management level by the firm, or by a legal person in the same group, whether as part of its governing body, management or staff; and
              (b) must have sufficient seniority, knowledge, experience and authority for the role, and in particular:
              (i) to act independently; and
              (ii) to report directly to the firm's senior management.
              (2) The MLRO for a QFC insurer (other than a QFC captive insurer) that is a company incorporated under the Companies Regulations 2005, or a QFC bank, must be ordinarily resident in Qatar.
              (3) In the case of any other firm:
              (a) if the firm proposes to appoint as MLRO an individual who is not ordinarily resident in Qatar, the firm must satisfy the Regulator that the MLRO function can be adequately exercised by an MLRO who is not resident in Qatar; and
              (b) if the Regulator considers that the MLRO function for the firm cannot be adequately exercised by an MLRO who is not resident in Qatar, the Regulator may direct the firm to appoint as MLRO an individual who is ordinarily resident in Qatar.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR Division 2.3.B AML/CFTR Division 2.3.B Roles of MLRO and Deputy MLRO

            • AML/CFTR 2.3.3 General responsibilities of MLRO

              The MLRO for a firm is responsible for:

              (a) overseeing the implementation of the firm's AML/CFT policies, procedures, systems and controls in relation to this jurisdiction, including the operation of the firm's risk-based approach;
              (b) ensuring that appropriate policies, procedures, systems and controls are developed, established and maintained across the firm to monitor the firm's day-to-day operations:
              (i) for compliance with the AML/CFT Law, these rules, and the firm's AML/CFT policies, procedures, systems and controls; and
              (ii) to assess, and regularly review, the effectiveness of the policies, procedures, systems and controls in preventing money laundering and terrorism financing;
              (c) being the firm's key person in implementing the firm's AML/CFT strategies in relation to this jurisdiction;
              (d) supporting and coordinating senior management focus on managing the firm's money laundering and terrorism financing risks in individual business areas;
              (e) helping to ensure that the firm's wider responsibility for preventing money laundering and terrorism financing is addressed centrally; and
              (f) promoting a firm-wide view to be taken of the need for AML/CFT monitoring and accountability.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 2.3.4 Particular responsibilities of MLRO

              (1) The MLRO for a firm is responsible for:
              (a) receiving, investigating and assessing internal suspicious transaction reports for the firm;
              (b) making suspicious transaction reports to the FIU and telling the Regulator about them;
              (c) acting as central point of contact between the firm, and the FIU, the Regulator and other State authorities, in relation to AML and CFT issues;
              (d) responding promptly to any request for information by the FIU, the Regulator and other State authorities in relation to AML and CFT issues;
              (e) receiving and acting on government, regulatory and international findings about AML and CFT issues;
              (f) monitoring the appropriateness and effectiveness of the firm's AML/CFT training programme;
              (g) reporting to the firm's senior management on AML and CFT issues;
              (h) keeping the Deputy MLRO informed of significant AML/CFT developments (whether internal or external); and
              (i) exercising any other functions given to the MLRO, whether under the AML/CFT Law, these rules or otherwise.
              (2) If the Regulator issues guidance, the MLRO must bring it to the attention of the firm's senior management. The firm must make and keep a record of:
              (a) whether the senior management took the guidance into account;
              (b) any action that the senior management took as a result; and
              (c) the reasons for taking or not taking action.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 2.3.5 Role of Deputy MLRO

              (1) The Deputy MLRO for a firm acts as the firm's MLRO during absences of the MLRO and whenever there is a vacancy in the MLRO's position.
              (2) When the Deputy MLRO acts as MLRO, these rules apply in relation to the Deputy MLRO as if the Deputy MLRO were the MLRO.
              (3) However, to remove any doubt, rule 2.3.2 (2) (Eligibility to be MLRO or Deputy MLRO) does not apply in relation to the Deputy MLRO of a QFC insurer (other than a QFC captive insurer) that is a company incorporated under the Companies Regulations 2005 or a QFC bank when the Deputy MLRO acts as MLRO.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 2.3.6 How MLRO must carry out role

              The MLRO for a firm must act honestly, reasonably and independently, particularly in:

              (a) receiving, investigating and assessing internal suspicious transaction reports; and
              (b) deciding whether to make, and making, suspicious transaction reports to the FIU.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR Division 2.3.C AML/CFTR Division 2.3.C Reporting by MLRO to senior management

            • AML/CFTR 2.3.7 MLRO reports

              (1) The senior management of a firm must, on a regular basis, decide what reports should be given to it by the MLRO, and when the reports should be given to it, to enable it to discharge its responsibilities under the AML/CFT Law and these rules.
              (2) However, the MLRO must give the senior management a report that complies with rule 2.3.8 (Minimum annual report by MLRO) for each calendar year. The report must be given in time to enable compliance with rule 2.3.9 (2).
              (3) To remove any doubt, subrule (2) does not limit the reports:
              (a) that the senior management may require to be given to it; or
              (b) that the MLRO may give to the senior management on the MLRO's own initiative to discharge the MLRO's responsibilities under the AML/CFT Law and these rules.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 2.3.8 Minimum annual report by MLRO

              (1) This rule sets out the minimum requirements that must be complied with in relation to the report that must be given to the senior management by the MLRO for each calendar year (see rule 2.3.7 (2)).
              (2) The report must assess the adequacy and effectiveness of the firm's AML/CFT policies, procedures, systems and controls in preventing money laundering and terrorism financing.
              (3) The report must include the following for the period to which it relates:
              (a) the numbers and types of internal suspicious transaction reports made to the MLRO;
              (b) the number of these reports that have, and the number of these reports that have not, been passed on to the FIU;
              (c) the reasons why reports have or have not been passed on to the FIU;
              (d) the numbers and types of breaches by the firm of the AML/CFT Law, these rules, or the firm's AML/CFT policies, procedures, systems and controls;
              (e) areas where the firm's AML/CFT policies, procedures, systems and controls should be improved, and proposals for making appropriate improvements;
              (f) a summary of the AML/CFT training delivered to the firm's officers and employees;
              (g) areas where the firm's AML/CFT training programme should be improved, and proposals for making appropriate improvements;
              (h) the number and types of customers of the firm that are categorised as high risk;
              (i) progress in implementing any AML/CFT action plans;

              Note These provisions require action plans:
              •   rule 2.3.9 (b) (Consideration of MLRO reports)
              •   rule 4.3.4 (3) and (4) (When CDD may not be required — acquired businesses)
              •   rule 6.2.2 (3) (b) (Training must be maintained and reviewed).
              (j) the outcome of any relevant quality assurance or audit reviews in relation to the firm's AML/CFT policies, procedures, systems and controls;
              (k) the outcome of any review of the firm's risk assessment policies, procedures, systems and controls.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 2.3.9 Consideration of MLRO reports

              (1) The senior management of a firm must promptly:
              (a) consider each report made to it by the MLRO; and
              (b) if the report identifies deficiencies in the firm's compliance with the AML/CFT Law or these rules — approve an action plan to remedy the deficiencies.
              (2) For the report that must be given for each calendar year under rule 2.3.7 (2), the senior management must confirm in writing that it has considered the report and, if an action plan is required, has approved such a plan. The firm's MLRO must give the Regulator a copy of the report and confirmation before 1 June of the next year.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR Division 2.3.D AML/CFTR Division 2.3.D Additional obligations etc of firm with non-resident MLRO

            • AML/CFTR 2.3.10 Annual reports

              A firm whose MLRO is not ordinarily resident in Qatar must report to the Regulator, in a form approved for this rule under the General Rules 2005, before 1 June in each year.

              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 2.3.11 Visits by non-resident MLRO

              A firm whose MLRO is not ordinarily resident in Qatar must ensure that the MLRO inspects the firm's operations in Qatar frequently enough to allow him or her to assess the accuracy and reliability of the information supplied to the Regulator in the reports required by rule 2.3.10.

              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 2.3.12 Regulatory Authority may direct firm to appoint resident MLRO

              (1) This rule applies if, for any reason, the Regulator considers that the MLRO function for a firm is not being adequately exercised by an individual who is not ordinarily resident in Qatar.
              (2) The Regulator may direct the firm:
              (a) to require the individual to be ordinarily resident in Qatar; or
              (b) to appoint another individual who is ordinarily resident in Qatar.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR Chapter 3 AML/CFTR Chapter 3 The risk-based approach

        • AML/CFTR Part 3.1 AML/CFTR Part 3.1 The risk-based approach generally

          Note for Part 3.1

          Principle 2 (see rule 1.2.2) requires a firm to adopt a risk-based approach to these rules and their requirements.

          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.1.1 Firms must conduct risk assessment and decide risk mitigation

            (1) A firm:
            (a) must conduct, at regular and appropriate intervals, an assessment (a business risk assessment) of the money laundering and terrorism financing risks that it faces, including risks identified in the National Risk Assessment and those that may arise from:
            (i) the types of customers that it has (and proposes to have) (customer risk);
            (ii) the products and services that it provides (and proposes to provide) (product risk);
            (iii) the technologies that it uses (and proposes to use) to provide those products and services (interface risk); and
            (iv) the jurisdictions with which its customers are (or may become) associated (jurisdiction risk); and

            Examples of 'associated' jurisdictions for a customer
            1 the jurisdiction where the customer lives or is incorporated or otherwise established
            2 each jurisdiction where the customer conducts business or has assets.
            (b) must decide what action is needed to mitigate those risks.
            (2) The firm must be able to demonstrate:
            (a) how it determined the risks that it faces;
            (b) how it took into consideration the National Risk Assessment and other sources in determining those risks;
            (c) when and how it conducted the business risk assessment; and
            (d) how the actions it has taken after the assessment have mitigated, or have failed to mitigate, the risks it faces.
            (3) If the firm fails to take into account the National Risk Assessment and other sources or fails to assess any of the risks it faces, it must give the reasons for its failure to do so, if required by the Regulator.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.1.2 Approach to risk mitigation must be based on suitable methodology

            (1) The intensity of a firm's approach to the mitigation of its money laundering and terrorism financing risks must be based on a suitable methodology (a threat assessment methodology) that addresses the risks that it faces.
            (2) A firm must be able to demonstrate that its threat assessment methodology:
            (a) includes:
            (i) identifying the purpose and intended nature of the business relationship with each customer; and
            (ii) assessing the risk profile of the business relationship by scoring the relationship;

            Note 1 Business relationship is defined in rule 4.2.4.

            Note 2 For scoring the business relationship in relation to customer risk, product risk, interface risk and jurisdiction risk, see rule 3.2.3, rule 3.3.3, rule 3.4.3 and rule 3.5.3, respectively.
            (b) is suitable for the size, complexity and nature of the firm's business;
            (c) is designed to enable the firm:
            (i) to identify and recognise any changes in its money laundering and terrorism financing risks; and
            (ii) to change its threat assessment methodology as needed; and
            (d) includes assessing risks posed by:
            (i) new products and services; and
            (ii) new or developing technologies.
            (3) A firm must also be able to demonstrate that its practice matches its threat assessment methodology.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.1.3 Risk profiling a business relationship

            (1) In developing the risk profile of a business relationship with a customer, a firm must consider at least the following 4 risk elements in relation to the relationship:
            (a) customer risk;
            (b) product risk;
            (c) interface risk;
            (d) jurisdiction risk.
            (2) The firm must identify any other risk elements that are relevant to the business relationship, especially because of the size, complexity and nature of its business and any business of its customer.
            (3) The firm must also consider the risk elements (if any) identified under subrule (2) in relation to the business relationship.
            (4) Together the 4 risk elements mentioned in subrule (1), and any other risk elements identified under subrule (2), combine to produce the risk profile of the business relationship.
            (5) This risk profile must be taken into account in deciding the intensity of the CDD and ongoing monitoring to be conducted for the customer.

            Note Each of the 4 risk elements mentioned in subrule (1) is dealt with in the following Parts of this Chapter.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 3.2 AML/CFTR Part 3.2 Customer risk

          Note for Part 3.2

          This Part relates to the risks posed by the types of customers of a firm.

          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.2.1 Risk assessment for customer risk

            (1) A firm must assess and document the risks of money laundering, terrorism financing and other illicit activities posed by different types of customers.

            Examples of types of customers
            1 salaried employees with no other significant sources of income or wealth
            2 publicly listed companies
            3 legal arrangements
            4 PEPs
            (2) The intensity of the CDD and ongoing monitoring conducted for a particular customer must be proportionate to the perceived or potential level of risk posed by the relationship with that customer.

            Example

            The duration of the relationship with the customer and the frequency of transactions may affect the intensity of CDD and ongoing monitoring.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.2.2 Policies etc for customer risk

            A firm must have policies, procedures, systems and controls to address the specific risks of money laundering, terrorism financing and other illicit activities posed by different types of customers.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.2.3 Scoring business relationships — types of customers

            A firm must include, in its methodology, a statement of the basis on which business relationships with customers will be scored, having regard to the different types of customers it has (and proposes to have).

            Example

            The risk to the firm from a salaried employee whose only transactions are derived from electronic payments made by the employee's employer are likely to be much lower than the risk to the firm from an individual whose transactions are cash-based with no discernible source for those funds.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.2.4 Persons associated with terrorist acts etc — enhanced CDD and ongoing monitoring

            (1) This rule applies to a customer of a firm if the firm knows or suspects that the customer is an individual, charity, non-profit organisation or other entity:
            (a) that is associated with, or involved in, terrorist acts, terrorism financing or a terrorist organisation; or
            (b) that is subject to sanctions or other international initiatives.
            (2) Irrespective of the risk score otherwise obtained for the customer, the firm must conduct enhanced CDD and enhanced ongoing monitoring for the customer.

            Note See rule 4.2.2 (What is ongoing monitoring?) and rule 4.3.13 (Ongoing monitoring required).
            (3) A decision to enter into a business relationship with the customer must only be taken with senior management approval after enhanced CDD has been conducted.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.2.5 Measures for PEPs

            A firm must, as a minimum, adopt the following measures to reduce the risks associated with establishing and maintaining business relationships with PEPs:
            (a) the firm must have clear policies, procedures, systems and controls for business relationships with PEPs;
            (b) the firm must establish and maintain an appropriate risk management system to decide whether a potential or existing customer, or the beneficial owner of a potential or existing customer, is a PEP;

            Examples of measures forming part of a risk management system
            1 seeking relevant information from customers
            2 referring to publicly available information
            3 having access to, and referring to, commercial electronic databases of PEPs
            (c) decisions to enter into business relationships with PEPs must only be taken with senior management approval after enhanced CDD has been conducted;
            (d) if an existing customer, or the beneficial owner of an existing customer, is subsequently found to be, or to have become, a PEP—the relationship may be continued only with senior management approval;
            (e) the firm must take reasonable measures to establish the sources of wealth and funds of customers and beneficial owners identified as PEPs;
            (f) PEPs must be subject to enhanced ongoing monitoring.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)
            Amended by QFCRA RM/2020-1 (as from 15th August 2020)

          • AML/CFTR 3.2.6 Legal persons, legal arrangements and facilities—risk assessment process

            (1) A firm's risk assessment process must include a recognition of the risks posed by legal persons, legal arrangements and facilities.

            Examples of legal persons
            1 companies
            2 partnerships
            Example of legal arrangement

            express trust

            Examples of facilities
            1 nominee shareholdings
            2 powers of attorney
            (2) In assessing the risks posed by a legal person or legal arrangement, a firm must ensure that the risk profile of the person or arrangement takes into account the risks posed by any beneficial owners, officers, shareholders, trustees, settlors, beneficiaries, managers and other relevant entities.
            (3) In assessing the risks posed by a facility, a firm must ensure that the facility's risk profile takes into account the risks posed by any reduction in transparency, or any increased ability to conceal or obscure.
            (4) Subrules (2) and (3) do not limit the matters to be reflected in the risk profile of a legal person, legal arrangement or facility.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.2.7 Measures for persons in terrorist list

            (3) A firm must, from the outset of its dealings with an applicant for business and on an ongoing basis during the business relationship, check whether the person is listed:
            (a) under a relevant resolution of the UN Security Council; or
            (b) in a Terrorist Designation Order published by the National Counter Terrorism Committee of the State.
            (4) If the person is listed, the firm:
            (a) must not establish, or continue, a relationship with, or carry out a transaction with or for the person;
            (b) must make a suspicious transaction report to the FIU; and
            (c) must immediately tell the Regulator.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 3.3 AML/CFTR Part 3.3 Product risk

          Notes for Part 3.3

          1 This Part relates to the risks posed by the types of products offered by a firm.
          2 Product includes the provision of a service (see Glossary).
          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.3.1 Risk assessment for product risk

            (1) A firm must assess and document the risks of money laundering, terrorism financing and other illicit activities posed by the types of products it offers (and proposes to offer).

            Examples of types of products
            1 savings accounts
            2 e-money products
            3 payable-through accounts
            4 wire transfers
            5 life insurance contracts
            (2) The intensity of the CDD and ongoing monitoring conducted in relation to a particular type of product must be proportionate to the perceived or potential level of risk posed by the type of product.

            Example

            The level of deposits and the volume of transactions and operations that a customer has may affect the intensity of CDD and ongoing monitoring.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.3.2 Policies etc for product risk

            A firm must have policies, procedures, systems and controls to address the specific risks of money laundering, terrorism financing and other illicit activities posed by the types of products it offers (and proposes to offer).

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.3.3 Scoring business relationships — types of products

            A firm must include, in its methodology, a statement of the basis on which business relationships with customers will be scored, having regard to the types of products it offers (and proposes to offer) to them.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.3.4 Products with fictitious or false names or no names

            (1) A financial institution must not permit any of its products to be used if the product:
            (a) uses a fictitious or false name for a customer; or
            (b) does not identify the customer's name.
            (2) Subrule (1) does not prevent the financial institution from providing a level of privacy to the customer within the financial institution itself by not including the customer's name or details on the account name or customer file if:
            (a) records of the customer's details are kept in a more secure environment in the firm itself; and
            (b) the records are available to the financial institution's senior management and MLRO, and to the Regulator and FIU.
            (3) Without limiting subrule (1), if the financial institution has numbered accounts, the financial institution must maintain them in a way that enables it to fully comply with the AML/CFT Law and these rules.

            Example for subrule (3)

            The financial institution could properly identify the customer for an account in accordance with the AML/CFT Law and these rules and make the customer identification records available to the MLRO, other appropriate officers and employees, the Regulator and the FIU.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.3.5 Correspondent banking relationships generally

            (1) Before a bank (the correspondent) establishes a correspondent banking relationship with a bank (the respondent) in a foreign jurisdiction, the correspondent must do all of the following:
            (a) gather sufficient information about the respondent to understand fully the nature of its business;
            (b) decide from publicly available information the respondent's reputation and the quality of its regulation and supervision;
            (c) assess the respondent's AML/CFT policies, procedures, systems and controls, and decide that they are adequate and effective;
            (d) obtain senior management approval to establish the relationship;
            (e) document the respective responsibilities of the respondent and correspondent, including in relation to AML and CFT matters;
            (f) be satisfied that, in relation to the respondent's customers that will have direct access to accounts of the correspondent, the respondent:
            (i) will have conducted CDD for the customers and verified the customers' identities;
            (ii) will conduct ongoing monitoring for the customers; and
            (iii) will be able to provide to the correspondent, on request, the documents, data or information obtained in conducting CDD and ongoing monitoring for the customers.
            (2) Without limiting subrule (1) (b), in making a decision for that provision, the correspondent must consider all of the following:
            (a) whether the respondent has been the subject of any investigation, or civil or criminal proceeding, relating to money laundering or terrorism financing;
            (b) the respondent's financial position;
            (c) whether it is regulated and supervised (at least for AML and CFT purposes) by a regulatory or governmental authority, body or agency equivalent to the Regulator in each foreign jurisdiction in which it operates;
            (d) whether each foreign jurisdiction in which it operates has an effective AML/CFT regime;
            (e) if the respondent is a subsidiary of another legal person — the following additional matters:
            (i) the other person's domicile and location (if different);
            (ii) its reputation;
            (iii) whether it is regulated and supervised (at least for AML and CFT purposes) by a regulatory or governmental authority, body or agency equivalent to the Regulator in each jurisdiction in which it operates;
            (iv) whether each foreign jurisdiction in which it operates has an effective AML/CFT regime;
            (v) its ownership, control and management structure (including whether it is owned, controlled or managed by a PEP).
            (3) If the correspondent establishes a correspondent banking relationship with the respondent, the correspondent must:
            (a) if the respondent is in a high risk jurisdiction — conduct enhanced ongoing monitoring of the volume and nature of the transactions conducted under the relationship; and
            (b) in any case — at least annually review the relationship and the transactions conducted under it.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.3.6 Shell banks

            (1) A shell bank must not be established in, or operate in or from, this jurisdiction.

            Note Shell bank is defined in rule 1.3.8.
            (2) A financial institution must not enter into, or continue, a correspondent banking relationship or correspondent securities relationship with a shell bank.
            (3) A financial institution must not enter into, or continue:
            (a) a correspondent banking relationship with a bank in any jurisdiction if the bank is known to permit its accounts to be used by a shell bank; or
            (b) a correspondent securities relationship with a firm in any jurisdiction if the firm is known to permit its accounts to be used by a shell bank.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.3.7 Payable-through accounts

            (1) The rule applies if:
            (a) a bank (the correspondent) has a correspondent banking relationship with a bank (the respondent) in a foreign jurisdiction; and
            (b) under the relationship, a customer of the respondent who is not a customer of the correspondent may have direct access to an account of the correspondent.
            (2) The correspondent must not allow the customer to have access to the account unless the correspondent is satisfied that the respondent:
            (a) has conducted CDD for the customer and verified the customer's identity;
            (b) conducts ongoing monitoring for the customer; and
            (c) can provide to the correspondent, on request, the documents, data and information obtained in conducting CDD and ongoing monitoring for the customer.
            (3) If:
            (a) the correspondent asks the respondent for documents, data or information mentioned in subrule (2) (c); and
            (b) the respondent fails to satisfactorily comply with the request;
            the correspondent must immediately terminate the customer's access to accounts of the correspondent and consider making a suspicious transaction report to the FIU.
            (4) Payable-through accounts are correspondent accounts that are used directly by third parties to transact business on their own behalf.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.3.8 Powers of attorney

            (1) This rule applies to a power of attorney if it authorises the holder to exercise control over assets of the grantor.
            (2) Before becoming involved in or associated with a transaction involving the power of attorney, a firm must conduct CDD for both the holder and the grantor.
            (3) For subrule (2), the holder and the grantor are both taken to be customers of the firm.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.3.9 Bearer negotiable instruments

            (1) In this rule:
            bearer negotiable instrument means:
            (a) a monetary instrument in bearer form such as a traveller's cheque;
            (b) a negotiable instrument, including cheque, promissory note, and money order that is either in bearer form, endorsed without restriction, made out to a fictitious payee, or otherwise in such form that title thereto passes upon delivery;
            (c) an incomplete instrument including a cheque, promissory note and money order signed, but with the payee's name omitted;
            (d) a bearer share; or
            (e) a share warrant to bearer.
            (2) A firm must have adequate AML/CFT customer due diligence policies, procedures, systems and controls for risks related to the use of bearer negotiable instruments.
            (3) Before becoming involved in or associated with a transaction involving the conversion of a bearer negotiable instrument, or the surrender of coupons for a bearer negotiable instrument for payment of dividend, bonus or a capital event, a firm must conduct enhanced CDD for the holder of the instrument and any beneficial owner.
            (4) For subrule (3), the holder and any beneficial owner are taken to be customers of the firm.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.3.10 Wire transfers

            (1) This rule applies to a transaction conducted by a financial institution (the ordering financial institution) by electronic means on behalf of a person (the originator) with a view to making an amount of money available to a person (the recipient) at another financial institution (the beneficiary financial institution).
            (2) This rule applies to the transaction whether or not:
            (a) the originator and recipient are the same person;
            (b) the transaction is conducted through intermediary financial institutions; or
            (c) the ordering financial institution, the beneficiary financial institution or any intermediary financial institution is outside Qatar.
            (3) However, this rule does not apply to a transaction conducted using a credit or debit card if:
            (a) the card number accompanies all transfers flowing from the transaction; and

            Examples of transfers that may flow from the transaction
            1 withdrawals from a bank account through an ATM
            2 cash advances from a credit card
            3 payments for goods and services
            (b) the card is not used as a payment system to effect a money transfer.
            (4) Also, this rule does not apply:
            (a) to transfers from 1 financial institution to another; or
            (b) if the originator and recipient are both financial institutions acting on their own behalf.
            (5) If the ordering financial institution is in Qatar, it:
            (a) must obtain and keep full originator information; and
            (b) must conduct CDD for the originator;
            unless the beneficiary financial institution and all intermediary financial institutions (if any) are in Qatar and the transaction involves the transfer of less than QR 3,500.

            Note Full originator information is defined in the Glossary.
            (6) To remove any doubt, the ordering financial institution needs only to comply with subrule (5) once for the originator.
            (7) If the ordering financial institution is in Qatar and the beneficiary financial institution or any intermediary financial institution is outside Qatar, the ordering financial institution must include full originator information and full recipient information in a message or payment form accompanying the transfer.

            Note Full recipient information is defined in the Glossary.
            (8) However, if several separate transfers from the same originator are bundled in a batch file for transmission to several recipients in a foreign jurisdiction, the ordering financial institution needs only to include the originator's account number or unique reference number in relation to each individual transfer if the batch file (in which the individual transfers are batched) contains full originator information, and full recipient information for each recipient, that is fully traceable in the foreign jurisdiction.
            (9) If the ordering financial institution, the beneficiary financial institution and all intermediary financial institutions (if any) are in Qatar, the ordering financial institution must include full originator information and full recipient information in a message or payment form accompanying the transfer unless:
            (a) the transaction involves the transfer of less than QR 3,500; or
            (b) both of the following conditions are satisfied:
            (i) full originator information and full recipient information can be made available to the beneficiary financial institution, the Regulator, the FIU and law enforcement authorities within 3 business days after the day the information is requested;
            (ii) law enforcement authorities can compel immediate production of the information.
            (10) Each intermediary financial institution (if any) must ensure that all information relating to the originator and recipient that the financial institution receives in a message or payment form accompanying the transfer is transmitted to the next financial institution.
            (11) If the beneficiary financial institution is in Qatar and is aware that full originator information or full recipient information has not been provided in a message or payment form accompanying the transfer (and is not fully traceable using a batch file as mentioned in subrule (8)), it must:
            (a) either:
            (i) reject the transfer; or
            (ii) obtain the missing or incomplete information from the ordering financial institution; and
            (b) using a risk-sensitive approach, decide whether a suspicious transaction report should be made to the FIU.
            (12) If the ordering financial institution has regularly failed to provide the required information about the originators or recipients of transactions and the beneficiary financial institution is in Qatar, the beneficiary financial institution:
            (a) must take appropriate steps to ensure that the ordering financial institution does not contravene this rule; and
            (b) must report the matter to the FIU.
            Examples of steps
            1 issuing warnings and setting deadlines for the provision of information
            2 rejecting future transfers from the ordering financial institution
            3 restricting or terminating any business relationship with the ordering financial institution
            (13) Despite anything in these rules, no money or value may be transferred by electronic means to a person listed:
            (a) under a relevant resolution of the UN Security Council; or
            (b) in a Terrorist Designation Order published by the National Counter Terrorism Committee of the State.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.3.11 Additional obligations of firms involved in wire transfers

            (1) A firm that acts as an intermediary financial institution in a cross-border wire transfer and a firm (the beneficiary financial institution) that makes money available to the recipient after the cross-border wire transfer must take reasonable measures, on a risk-sensitive basis, to identify transfers to this jurisdiction that lack full originator information or full recipient information. The measures may include following-up (whether during, or after, the transfer) on information that is lacking about the originator or recipient.
            (2) A firm that acts as intermediary financial institution or beneficiary financial institution must develop, establish and maintain policies, procedures, systems and controls to determine:
            (a) when to execute, reject or suspend a wire transfer that lacks the full originator information or full recipient information; and
            (b) when to take appropriate follow-up action.
            (3) A firm that acts as intermediary financial institution in a cross-border wire transfer must ensure that all originator and recipient information accompanying the transfer is retained with it.
            (4) A firm that acts as ordering financial institution, intermediary financial institution or beneficiary financial institution must keep full originator information and full recipient information for at least 10 years after:
            (a) if the firm acted as ordering financial institution—the day the originator asked the firm to make the wire transfer;
            (b) if the firm acted as intermediary financial institution—the day the firm transmitted the information to another intermediary or to the beneficiary financial institution; or
            (c) if the firm acted as beneficiary financial institution—the day the money received via wire transfer is made available to the recipient.
            (5) If a wire transfer between 2 financial institutions in Qatar (domestic wire transfer) is necessary to effect a cross-border wire transfer and, because of technical limitations, the full originator information and full recipient information cannot remain with the domestic wire transfer, the intermediary financial institution to which the domestic wire transfer is made must, if the intermediary financial institution is a firm, make and keep a record of the information received by it from the ordering financial institution or other intermediary financial institution in relation to the transaction. The record must be kept for 10 years after the day it is made.
            (6) If a cross-border wire transfer is effected by the same firm as both ordering and beneficiary financial institutions, or if a firm controls both the originator and recipient of the wire transfer, the firm must take into account the information obtained from both sides of the transfer in considering whether to make a suspicious transaction report. If the firm suspects that the transfer may involve money laundering or terrorism financing, it must:
            (a) make a report in each jurisdiction affected by the transfer; and
            (b) make available, to the FIU (or its equivalent) in the jurisdiction, information relevant to the transfer.
            (7) For wire transfers of more than QR 3,500, the beneficiary financial institution must verify the identity of the recipient before making money available, except if the recipient's identity has previously been verified.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.3.12 Correspondent securities relationships generally

            (1) Before a firm (the correspondent) establishes a correspondent securities relationship with another firm (the respondent) in a foreign jurisdiction, the correspondent must do all of the following:
            (a) gather sufficient information about the respondent to understand fully the nature of its business;
            (b) decide from publicly available information the respondent's reputation and the quality of its regulation and supervision;
            (c) assess the respondent's AML/CFT policies, procedures, systems and controls, and decide that they are adequate and effective;
            (d) obtain senior management approval to establish the relationship;
            (e) document its responsibilities and those of the respondent, including in relation to AML and CFT matters;
            (f) be satisfied that, in relation to the respondent's customers that will have direct access to accounts of the correspondent, the respondent:
            (i) will have conducted CDD for the customers and verified the customers' identities; and
            (ii) will conduct ongoing monitoring for the customers; and
            (iii) will be able to provide to the correspondent, on request, the documents, data or information obtained in conducting CDD and ongoing monitoring for the customers.
            (2) Without limiting subrule (1) (b), in making a decision for that provision, the correspondent must consider all of the following:
            (a) whether the respondent has been the subject of any investigation, or civil or criminal proceeding, relating to money laundering or terrorism financing;
            (b) the respondent's financial position;
            (c) whether it is regulated and supervised (at least for AML and CFT purposes) by a regulatory or governmental authority, body or agency equivalent to the Regulator in each foreign jurisdiction in which it operates;
            (d) whether each foreign jurisdiction in which it operates has an effective AML/CFT regime;
            (e) if the respondent is a subsidiary of another legal person—the following additional matters:
            (i) the other person's domicile and location (if different);
            (ii) its reputation;
            (iii) whether it is regulated and supervised (at least for AML and CFT purposes) by a regulatory or governmental authority, body or agency equivalent to the Regulator in each jurisdiction in which it operates;
            (iv) whether each foreign jurisdiction in which it operates has an effective AML/CFT regime;
            (v) its ownership, control and management structure (including whether it is owned, controlled or managed by a PEP).
            (3) If the correspondent establishes a correspondent securities relationship with the respondent, the correspondent must:
            (a) if the respondent is in a high risk jurisdiction—conduct enhanced ongoing monitoring of the volume and nature of the transactions conducted under the relationship; and
            (b) in any case—at least annually review the relationship and the transactions conducted under it.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 3.4 AML/CFTR Part 3.4 Interface risk

          Note for Part 3.4

          This Part relates to the risks posed by the mechanisms through which business relationships with a firm are started or conducted.

          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR Division 3.4.A AML/CFTR Division 3.4.A Interface risks—general

            • AML/CFTR 3.4.1 Risk assessment for interface risk

              (1) A firm must assess and document the risks of money laundering, terrorism financing and other illicit activities posed by the mechanisms through which its business relationships are started and conducted.
              (2) The intensity of the CDD and ongoing monitoring conducted in relation to a particular mechanism must be proportionate to the perceived or potential level of risk posed by the mechanism.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 3.4.2 Policies etc for interface risk

              (1) A firm must have policies, procedures, systems and controls to address the specific risks of money laundering, terrorism financing and other illicit activities posed by the types of mechanisms through which its business relationships are started and conducted.
              (2) Without limiting subrule (1), the policies, procedures, systems and controls must include measures:
              (a) to prevent the misuse of technological developments in money laundering and terrorism financing schemes; and
              (b) to manage any specific risks associated with non-face-to-face business relationships or transactions.
              Examples of non-face-to-face business relationships or transactions
              1 business relationships concluded over the Internet or through the post
              2 services and transactions provided or conducted over the Internet, using ATMs or by telephone or fax
              3 electronic point of sale transactions using prepaid, reloadable or account-linked value cards
              Examples of policies, procedures, systems and controls for par (b)
              1 requiring third party certification of identification documents presented by or for non-face-to-face customers
              2 requiring additional identification documents for non-face-to-face customers
              3 developing independent contact with non-face-to-face customers
              4 requiring first payments by or for non-face-to-face customers to be made through accounts in the customers' names with financial institutions subject to similar customer due diligence standards
              (3) The policies, procedures, systems and controls must apply in relation to establishing business relationships and conducting ongoing monitoring.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 3.4.3 Scoring business relationships—interface risk

              A firm must include, in its methodology, a statement of the basis on which business relationships with customers will be scored, having regard to the mechanisms through which its business relationships are started or conducted.

              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 3.4.4 Electronic verification of identification documentation

              (1) A firm may rely on electronic verification of identification documentation if it complies with the risk-based approach and other requirements of these rules.
              (2) However, the firm must make and keep a record that clearly demonstrates the basis on which it relied on the electronic verification of identification documentation.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 3.4.5 Payment processing using on-line services

              A financial institution may permit payment processing to take place using on-line services if it ensures that the processing is subject to:

              (a) the same monitoring as its other services; and
              (b) the same risk-based methodology.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 3.4.6 Concession for certain non-face-to-face transactions

              (1) This rule applies if:
              (a) a customer of a firm would normally be required to produce evidence of identity before transacting business with the firm involving the making of a payment;
              (b) it is reasonable in all the circumstances for payment to be made by post or electronically, or for details of the payment to be given by telephone; and
              (c) payment is to be made from an account held in the customer's name at a financial institution.
              (2) However, this rule does not apply if:
              (a) initial or future payments can be received from third parties;
              (b) cash withdrawals can be made, unless the withdrawals can only be made by the customer on a face-to-face basis where identity can be confirmed; or

              Example of exception

              a passbook account where evidence of identity is required to make withdrawals
              (c) redemption or withdrawal proceeds can be paid to a third party or to an account that cannot be confirmed as belonging to the customer, unless the proceeds can only be paid to an executor or personal representative on the death of the customer.
              (3) If this rule applies, the firm may waive identification requirements for the customer.
              (4) However, a repayment may be made to another firm only if the other firm has confirmed that the amount of the repayment is either to be paid to the customer or reinvested elsewhere in the name of the customer.
              (5) This rule applies to a joint account as if a reference to the customer included a reference to any of the customers.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR Division 3.4.B AML/CFTR Division 3.4.B Reliance on others generally

            • AML/CFTR 3.4.7 Activities to which Division 3.4.B does not apply

              This Division does not apply to a firm in relation to CDD conducted for the firm:

              (a) by a third-party service provider under an outsourcing;
              (b) by an agent under a contractual arrangement between the firm and the agent;
              (c) if the firm is a bank — under a correspondent banking relationship to which the firm is a party; or
              (d) under a correspondent securities relationship to which the firm is a party.

              Note See:

              •   rule 2.1.5 (Compliance by officers, employees, agents etc)
              •   rule 2.1.7 (Application of AML/CFT Law requirements, policies etc to outsourced functions and activities)
              •   rule 3.3.5 (Correspondent banking relationships generally)
              •   rule 3.3.12 (Correspondent securities relationships generally).
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 3.4.8 Reliance on certain third parties generally

              (1) A firm may rely on introducers, intermediaries or other third parties to conduct some elements of CDD for a customer, or to introduce business to the firm, if it does so under, and in accordance with, this Division.
              (2) However, the firm (and, in particular, its senior management) remains responsible for the proper conduct of CDD and ongoing monitoring for its customers.
              (3) In determining whether to rely on a third party for purposes of this rule, the firm must have regard to any relevant findings published by international organisations, governments and other bodies about the jurisdiction where the third party is located.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 3.4.9 Introducers

              (1) This rule applies in relation to a customer introduced to a firm by a third party (the introducer) if:
              (a) the introducer's function in relation to the customer is merely to introduce the customer to the firm; and
              (b) the firm is satisfied that the introducer:
              (i) is regulated and supervised (at least for AML and CFT purposes) by the Regulator or by an equivalent regulatory or governmental authority, body or agency in another jurisdiction;
              (ii) is subject to the AML/CFT Law and these rules or to equivalent legislation of another jurisdiction;
              (iii) is based, or incorporated or otherwise established, in Qatar or a foreign jurisdiction that has an effective AML/CFT regime; and
              (iv) is not subject to a secrecy law or anything else that would prevent the firm from obtaining any information or original documentation about the customer that the firm may need for AML and CFT purposes.
              (2) The firm may rely on the CDD conducted by the introducer for the customer and need not:
              (a) conduct CDD itself for the customer; or
              (b) obtain any of the original documents obtained by the introducer in conducting CDD for the customer.
              (3) However, the firm must not start a business relationship with the customer relying on subrule (2) unless:
              (a) it has received from the introducer an introducer's certificate for the customer;
              (b) it has received from the introducer all information about the customer obtained from the CDD conducted by the introducer for the customer that it would need if it had conducted the CDD itself; and
              (c) it has, or can immediately obtain from the introducer on request, a copy of every document relating to the customer that it would need if it were conducting CDD itself for the customer.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 3.4.10 Group introductions

              (1) This rule applies in relation to a customer introduced to a financial institution in Qatar (the local firm) by another financial institution (B) in the same group, whether in or outside Qatar, if:
              (a) B or another financial institution in the group (the relevant financial institution) has conducted CDD for the customer; and
              (b) subject to subrule (2), the local firm is satisfied that all of the following conditions have been met:
              (i) the relevant financial institution is regulated and supervised (at least for AML and CFT purposes) by the Regulator or by an equivalent regulatory or governmental authority, body or agency in another jurisdiction;
              (ii) it is subject to the AML/CFT Law and these rules or to equivalent legislation of another jurisdiction;
              (iii) it is based, or incorporated or otherwise established, in Qatar or a foreign jurisdiction that has an effective AML/CFT regime;
              (iv) the local firm has all information about the customer obtained from the CDD conducted by the relevant financial institution for the customer that the firm would need if it had conducted the CDD itself;
              (v) the local firm has, or can immediately obtain from the relevant financial institution on request, a copy of every document relating to the customer that it would need if it were conducting CDD itself for the customer.
              (2) The local firm need not satisfy itself that all of the conditions in subrule (1) (b) have been met if the Regulator (or the equivalent regulatory or governmental authority, body or agency in another jurisdiction where the relevant financial institution is established) has determined that:
              (a) the group's AML/CFT programme, CDD and record-keeping requirements comply with AML/CFT Law and these rules;
              (b) the group's implementation of the programme and compliance with the requirements are subject to effective consolidated supervision by the Regulator or its equivalent; and
              (c) the group's AML/CFT policies, procedures, systems and controls adequately mitigate risks related to operations in high risk jurisdictions.
              (3) The local firm may rely on the CDD conducted by the relevant financial institution and need not:
              (a) conduct CDD itself for the customer; or
              (b) obtain any of the original documents obtained by the relevant financial institution in conducting CDD for the customer.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 3.4.11 Intermediaries

              (1) This rule applies to a firm in relation to a customer of an intermediary, wherever located, if the customer is introduced to the firm by the intermediary.

              Example of intermediary

              a fund manager who has an active, ongoing business relationship with a customer in relation to the customer's financial affairs and holds funds on the customer's behalf
              (2) The firm may treat the intermediary as its customer, and need not conduct CDD itself for the intermediary's customer, if the firm is satisfied that all of the following conditions have been met:
              (a) the intermediary is a firm;
              (b) it is regulated and supervised (at least for AML and CFT purposes) by the Regulator or by an equivalent regulatory or governmental authority, body or agency in another jurisdiction;
              (c) it is subject to the AML/CFT Law and these rules or to equivalent legislation of another jurisdiction;
              (d) it is based, or incorporated or otherwise established, in Qatar or a foreign jurisdiction that has an effective AML/CFT regime;
              (e) the firm has all information about the customer obtained from the CDD conducted by the intermediary for the customer that the firm would need if it had conducted the CDD itself;
              (f) the firm has, or can immediately obtain from the intermediary on request, a copy of every document relating to the customer that it would need if it were conducting CDD itself for the customer.
              (3) If the firm is not satisfied that all of the conditions in subrule (2) have been met, the firm must conduct CDD itself for the customer.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR Division 3.4.C AML/CFTR Division 3.4.C Third party certification—identification documents

            • AML/CFTR 3.4.12 Third party certification of identification documents

              (1) A firm must not rely, for CDD, on the certification of an identification document by a third party rather than sighting the document itself unless it is reasonable for it to rely on that certification.
              (2) Without limiting subrule (1), the firm must not rely on the certification of an identification document by a third party unless the third party is an individual approved under subrule (3).
              (3) The senior management of the firm may approve an individual under this subrule if the firm's MLRO has certified that the MLRO is satisfied, on the basis of satisfactory documentary evidence, that the individual:
              (a) adheres to appropriate ethical or professional standards;
              (b) is readily contactable; and
              (c) conducts his or her occupation or profession in Qatar or a foreign jurisdiction with an effective AML/CFT regime.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 3.5 AML/CFTR Part 3.5 Jurisdiction risk

          Note for Part 3.5

          This Part relates to the risks posed by the types of jurisdiction with which customers are (or may become) associated.

          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.5.1 Risk assessment for jurisdiction risk

            (1) A firm must assess and document the risks of involvement in money laundering, terrorism financing and other illicit activities posed by the different types of jurisdictions with which its customers are (or may become) associated.

            Examples of 'associated' jurisdictions for a customer
            1 the jurisdiction where the customer lives or is incorporated or otherwise established
            2 each jurisdiction where the customer conducts business or has assets
            (2) The intensity of the CDD and ongoing monitoring conducted for customers associated with a particular jurisdiction must be proportionate to the perceived or potential level of risk posed by the jurisdiction.

            Examples of jurisdictions requiring enhanced CDD
            1 jurisdictions with ineffective AML/CFT regimes
            2 jurisdictions with impaired international cooperation
            3 jurisdictions subject to international sanctions
            4 jurisdictions with high propensity for corruption
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.5.2 Policies etc for jurisdiction risk

            A firm must have policies, procedures, systems and controls to address the specific risks of money laundering, terrorism financing and other illicit activities posed by the types of jurisdictions with which its customers are (or may become) associated.

            Examples of 'associated' jurisdiction for a customer

            See examples to rule 3.5.1 (1).

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.5.3 Scoring business relationships—types of associated jurisdictions

            A firm must include, in its methodology, a statement of the basis on which business relationships with customers will be scored, having regard to the types of jurisdictions with which customers are (or may become) associated.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.5.4 Decisions about effectiveness of AML/CFT regimes in other jurisdictions

            (1) This rule applies to a firm in making a decision about whether a jurisdiction has an effective AML/CFT regime.
            (2) The firm must consider the following 3 factors in relation to the jurisdiction:
            (a) legal framework;
            (b) enforcement and supervision;
            (c) international cooperation.
            (3) In considering these 3 factors, the firm must have regard to the relevant findings about jurisdictions published by international organisations, governments and other bodies.

            Example of international organisation

            FATF
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.5.5 Jurisdictions with impaired international cooperation

            A firm must guard against customers or introductions from jurisdictions where the ability to cooperate internationally is impaired and must, therefore, subject business relationships from these jurisdictions to enhanced CDD and enhanced ongoing monitoring.

            Examples of impairment

            failings in the jurisdiction's judicial or administrative arrangements

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.5.6 Non-cooperative, high risk and sanctioned jurisdictions

            A firm must conduct enhanced CDD and enhanced ongoing monitoring in relation to transactions conducted under a business relationship if a source of wealth or funds of the relationship derives from a jurisdiction:

            (a) that is identified by FATF as a non-cooperative or high risk country or territory (however described); or
            (b) that is subject to international sanctions.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 3.5.7 Jurisdictions with high propensity for corruption

            (1) A firm:
            (a) must assess and document the jurisdictions that are more vulnerable to corruption; and
            (b) must conduct enhanced CDD and enhanced ongoing monitoring for customers from high risk jurisdictions whose line of business is more vulnerable to corruption.

            Example of line of business more vulnerable to corruption

            arms sales
            (2) If a firm's policy permits the acceptance of PEPs as customers, the firm must take additional measures to mitigate the additional risk posed by PEPs from jurisdictions with a high propensity for corruption.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR Chapter 4 AML/CFTR Chapter 4 Know your customer

        • AML/CFTR Part 4.1 AML/CFTR Part 4.1 Know your customer — general

          Note for Part 4.1

          Principle 3 (see rule 1.2.3) requires a firm to know each of its customers to the extent appropriate for the customer's risk profile.

          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.1.1 Know your customer principle — general

            The know your customer principle requires every firm to know who its customers are, and to have the necessary customer identification documentation, data and information to evidence this.

            Note Principle 6 (see rule 1.2.6) requires a firm to be able to provide documentary evidence of its compliance with the requirements of the AML/CFT Law and these rules.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.1.2 Overview of CDD requirements

            (1) As a general rule, a firm must not establish a business relationship with a customer unless:
            (a) all the relevant parties (including any beneficial owner) have been identified and verified; and
            (b) the purpose and intended nature of the business expected to be conducted with the customer has been clarified.
            (2) Once an ongoing relationship has been established, any regular business undertaken with the customer must be assessed at regular intervals against the expected pattern of activity of the customer. Any unexpected activity can then be examined to decide whether there is a suspicion of money laundering or terrorism financing.
            (3) If the firm does not obtain satisfactory evidence of identity for all the relevant parties, the firm must not establish the business relationship or carry out a transaction with or for them and must consider making a suspicious transaction report to the FIU.
            (4) This rule provides a simplified explanation of some of the customer due diligence requirements in this Chapter and is subject to the more detailed provisions of this Chapter.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.1.3 Customer identification documents

            The application of CDD to a customer should result in the firm obtaining a set of documents which are collectively known as the 'customer identification documents'. These documents, which are summarised in figure 4.1.3, form the basis of the firm's knowledge of the customer and should drive the risk-profiling and therefore the intensity of the CDD and ongoing monitoring the firm must conduct for the customer.

            Figure 4.1.3 Customer identification documents

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 4.2 AML/CFTR Part 4.2 Know your customer — key terms

          • AML/CFTR 4.2.1 What is customer due diligence?

            (1) Customer due diligence (or CDD), in relation to a customer of a firm, is all of the following measures:
            (a) identifying the customer;
            (b) verifying the customer's identity using reliable, independent source documents, data or information;
            (c) establishing whether the customer is acting on behalf of another person (in particular whether the customer is acting as a trustee);
            (d) obtaining information about the sources of the customer's wealth and funds;
            (e) obtaining information about the purpose and intended nature of the business relationship.
            Note For paragraphs (d) and (e), see generally Part 4.6 (Customer identification documentation). For the extent and detail of the information to be obtained, see rule 4.6.3 (Risks associated with the economic activity — general), rule 4.6.4 (2) (Risks associated with the economic activity — source of wealth and funds) and rule 4.6.5 (2) (Risks associated with the economic activity — purpose and intended nature of business relationship).
            (2) If the customer is acting on behalf of another person (A), CDD also includes:
            (a) verifying that the customer is authorised to act on behalf of A;
            (b) identifying A; and
            (c) verifying A's identity using reliable, independent source documents, data or information.
            (3) If the customer is a legal person or legal arrangement, CDD also includes:
            (a) verifying that any person (B) purporting to act on behalf of the customer is authorised to act on behalf of the customer;
            (b) identifying B;
            (c) verifying B's identity using reliable, independent source documents, data or information;
            (d) verifying the legal status of the customer;
            (e) taking reasonable measures, on a risk-sensitive basis:
            (i) to understand the customer's ownership and control structure; and
            (ii) to establish the individuals who ultimately own or control the customer, including the individuals who exercise ultimate effective control over the customer; and
            (f) establishing whether B is a beneficial owner.
            (4) If the customer is a legal person or legal arrangement, and a person purporting to act on behalf of the customer is not a beneficial owner of the customer, CDD also includes:
            (a) identifying the beneficial owner; and
            (b) verifying the beneficial owner's identity using reliable, independent source documents, data or information.
            (5) For subrule (3) (e) (ii), examples of the measures required include:
            (a) if the customer is a company — identifying the individuals with a controlling interest and the individuals who comprise the mind and management of the customer; and

            Note See rule 4.6.8 (Customer identification documentation — corporations).
            (b) if the customer is a legal arrangement — identifying the parties to the arrangement, including the person exercising effective control over the arrangement.

            Note See rule 4.3.9 (Extent of CDD — legal persons and arrangements) and rule 4.6.11 (Customer identification documentation — legal arrangements).
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.2.2 What is ongoing monitoring?

            Ongoing monitoring, in relation to a customer of a firm, consists of:

            (a) scrutinising transactions conducted under the business relationship with the customer to ensure that the transactions are consistent with the firm's knowledge of the customer, the customer's business and risk profile, and, where necessary, the source of the customer's wealth and funds; and
            (b) reviewing the firm's records of the customer to ensure that documents, data and information collected during CDD and ongoing monitoring for the customer are kept up-to-date and relevant.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.2.3 Who is an applicant for business?

            An applicant for business, in relation to a firm, is a person seeking to form a business relationship, or carry out a one-off transaction, with the firm.

            Examples of applicants for business

            1 A person dealing with a firm on his or her own behalf is an applicant for business for the firm.
            2 If a person (A) is acting as agent for a principal (for example, as an authorised manager of a discretionary investment service for clients) in dealing with a firm and A deals with the firm in his or her own name on behalf of a client of the principal, A (and not the client) is an applicant for business for the firm.
            3 If a person (B) provides funds to a firm and wants an investment purchased with the funds to be registered in the name of another person (for example, a grandchild), B (and not the other person) is an applicant for business for the firm.
            4 If an intermediary introduces a client to a firm as a potential investor and gives the client's name as the investor, the client (and not the intermediary) is an applicant for business for the firm.
            5 If a person seeks advice from, or access to an execution-only dealing service with, a firm in his or her own name and on his or her own behalf, the person is an applicant for business for the firm.
            6 If a professional agent introduces a third party to a firm so the third party can be given advice or make an investment in his or her own name, the third party (and not the professional agent) is an applicant for business for the firm.
            7 If an individual claiming to represent a company, partnership or other legal person applies to a firm to conduct business on behalf of the legal person, the legal person (and not the individual claiming to represent it) is an applicant for business for the firm.
            8 If a company manager or company formation agent (C) introduces a client company to a firm, the client company (and not C) is an applicant for business for the firm.
            9 If a trust is introduced to a firm, the settlor of the trust is an applicant for business for the firm.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.2.4 What is a business relationship?

            A business relationship means a regular relationship between a customer and a firm in connection with a service that the customer receives from the firm.

            Note A relationship that, when contact is established, is reasonably expected by a firm to be merely transitory does not constitute a business relationship.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.2.5 What is a one-off transaction?

            A one-off transaction, in relation to a firm, is a transaction carried out by the firm for a customer otherwise than in the course of a business relationship with the customer.

            Examples

            1 a one-off foreign currency transaction
            2 an isolated instruction to purchase shares
            3 a one-off wire transfer
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 4.3 AML/CFTR Part 4.3 Customer due diligence and ongoing monitoring

          • AML/CFTR 4.3.1 Firm to assess applicants for business

            A firm must decide, from the outset of its dealings with an applicant for business, whether the person is seeking to establish a business relationship with the firm or is an occasional customer seeking to carry out a one-off transaction.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.3.2 When CDD required — basic requirement

            (1) A firm must conduct CDD for a customer when:
            (a) it establishes a business relationship with the customer;
            (b) it conducts a one-off transaction for the customer with a value (or, for transactions that are or appear (whether at the time or later) to be linked, with a total value) of at least QR 50,000;

            Note A firm must have systems and controls to identify one-off transactions that are linked to the same person (see rule 4.3.15 (1)).
            (c) it suspects the customer of money laundering or terrorism financing; or
            (d) it has doubts about the veracity or adequacy of documents, data or information previously obtained in relation to the customer for the purposes of identification or verification.
            Note CDD must also be conducted under rule 3.3.8 (Powers of attorney) and rule 3.3.10 (Wire transfers).
            (2) This rule is subject to:
            •   rule 3.4.9 (Introducers)
            •   rule 3.4.10 (Group introductions)
            •   rule 3.4.11 (Intermediaries)
            •   rule 4.3.4 (When CDD may not be required — acquired businesses)
            •   rule 5.2.2 (2) (Firm must ensure no tipping-off occurs).
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.3.3 Firm unable to complete CDD for customer

            (1) This rule applies if a firm cannot complete CDD for a customer.

            Examples
            1 the firm is unable to verify the customer's identity using reliable, independent source, data or information
            2 the customer exercises cancellation or cooling-off rights
            (2) The firm:
            (a) must immediately terminate any relationship with the customer;
            (b) must not establish a relationship with, or carry out a transaction with or for, the customer; and
            (c) must consider whether it should make a suspicious transaction report to the FIU.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.3.4 When CDD may not be required — acquired businesses

            (1) This rule applies if a firm acquires the business of another firm, either in whole or as a product portfolio (for example, the mortgage book).
            (2) The firm is not required to conduct CDD for all customers acquired with the business if:
            (a) all customer account records are acquired with the business; and
            (b) due diligence inquiries before the acquisition did not give rise to doubt that the AML/CFT procedures followed for the business were being conducted in accordance with the AML/CFT Law and these rules or the law of another jurisdiction that has an effective AML/CFT regime.
            (3) However, if the AML/CFT procedures followed by the acquired business were not conducted (or it is not possible to establish whether they were conducted) in accordance with the AML/CFT Law and these rules or the law of another jurisdiction that has an effective AML/CFT regime, the firm's senior management must prepare or approve, and document, an action plan that ensures that the firm conducts CDD for all of the customers acquired with the business as soon as possible.
            (4) Also, if subrule (3) does not apply, but full customer records are not available to the firm for all of the customers acquired with the business, the firm's senior management must prepare or approve, and document, an action plan that ensures that the firm conducts CDD for all of the customers for whom full customer records are not available to the firm as soon as possible.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.3.5 Timing of CDD — establishment of business relationship

            (1) A firm must conduct CDD for a customer before it establishes a business relationship with the customer.
            (2) However, the CDD may be conducted during the establishment of the relationship if:
            (a) this is necessary in order not to interrupt the normal conduct of business; and

            Examples of where it may be necessary in order not to interrupt the normal conduct of business
            1 non-face-to-face business
            2 securities transactions
            (b) there is little risk of money laundering or terrorism financing and these risks are effectively managed;

            Examples of measures to effectively manage risks
            1 limiting the number, types and amount of transactions that may be conducted during the establishment of the relationship
            2 monitoring large or complex transactions being carried out outside the expected norms for the relationship
            (c) the CDD is completed as soon as practicable after contact is first established with the customer; and
            (d) the CDD is conducted in accordance with the policies, procedures, systems and controls on the use of the business relationship even before the customer's identity is verified.
            Note Under rule 2.1.3 (2) (g), a firm must have policies, procedures, systems and controls that set out the conditions that must be satisfied to permit a customer to use the business relationship even before the customer's identity (or the identity of the beneficial owner of the customer) is verified.
            (3) Also, CDD may be conducted for the beneficiary under a life insurance contract after the business relationship has been established if they are conducted at or before:
            (a) the time of payout; or
            (b) the time the beneficiary exercises a right vested under the contract.
            (4) In addition, CDD for a bank account holder may be conducted after the account has been opened if there are adequate safeguards in place to ensure that:
            (a) the account is not closed before they are completed; and
            (b) no payments are made from the account, and no other transactions are carried out by or on behalf of the account holder, before they are completed.
            (5) If the firm establishes a business relationship with the customer under subrule (2), (3) or (4) but cannot complete CDD for the customer, the firm:
            (a) must immediately terminate any relationship with the customer;
            (b) must not carry out a transaction with or for the customer; and
            (c) must consider whether it should make a suspicious transaction report to the FIU.
            (6) Subrule (5) (c) does not apply if the firm:
            (a) is a lawyer, notary, other legal professional, accountant, auditor, tax consultant or insolvency practitioner; and
            (b) is:
            (i) providing legal advice to the client; or
            (ii) defending or representing the client in, or concerning, legal proceedings, including providing advice on instituting or avoiding legal proceedings.
            Note For lawyers, notaries, other legal professionals and accountants, see rule 5.2.4 on giving advice and tipping-off.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.3.6 Timing of CDD — one-off transactions

            (1) A firm must conduct CDD for a customer before it conducts a one-off transaction for the customer.
            (2) If the firm cannot complete CDD for the customer, the firm:
            (a) must immediately terminate any relationship with the customer;
            (b) must not carry out the transaction with or for the customer; and
            (c) must consider whether it should make a suspicious transaction report to the FIU.
            (3) Subrule (2) (c) does not apply if the firm:
            (a) is a lawyer, notary, other legal professional, accountant, auditor, tax consultant or insolvency practitioner; and
            (b) is:
            (i) providing legal advice to the client; or
            (ii) defending or representing the client in, or concerning, legal proceedings, including providing advice on instituting or avoiding legal proceedings.
            Note For lawyers, notaries, other legal professionals and accountants, see rule 5.2.4 on giving advice and tipping-off.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.3.7 When CDD required — additional requirement for existing customers

            (1) A firm must also conduct CDD for existing customers at other appropriate times on a risk-sensitive basis.
            (2) Without limiting subrule (1), a firm must conduct CDD for an existing customer if there is a material change in the nature or ownership of the customer.
            (3) Without limiting subrule (2), a firm must decide whether to conduct CDD for a customer if:
            (a) the firm's customer documentation standards change substantially;
            (b) there is a material change in the way an account is operated or in any other aspect of the business relationship with the customer;
            (c) a significant transaction with or for the customer is about to take place; or
            (d) the firm becomes aware that it lacks sufficient information about the customer.
            Note See rule 3.3.4 (Products with fictitious or false names or no names).
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.3.8 Extent of CDD — general requirement

            (1) A firm must:
            (a) decide, consistently with these rules, the extent of CDD for a customer on a risk-sensitive basis depending on, among other factors, the customer risk, the product risk, the interface risk and the jurisdiction risk; and
            (b) be able to demonstrate to the Regulator that the extent of the is appropriate in view of the risks of money laundering and terrorism financing.
            (2) Without limiting subrule (1), a firm must conduct enhanced CDD for a customer if, for example, the business relationship of the customer is assessed as carrying a higher money laundering or terrorism financing risk.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.3.9 Extent of CDD — legal persons and arrangements

            (1) This rule applies if a firm is required to conduct CDD for a legal person (other than a corporation) or a legal arrangement.
            (2) If the firm identifies the class of persons in whose main interest the legal person or legal arrangement is established or operated as a beneficial owner, the firm is not required to identify all the members of the class.
            (3) However, if the CDD is required to be conducted for a legal arrangement and the beneficiaries and their contributions have already been decided, the firm must identify each beneficiary who is to receive at least 20% of the funds of the arrangement (by value).

            Note See also rule 4.6.11 (Customer identification documentation — legal arrangements).
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.3.10 CDD for beneficiaries of life insurance policies — general

            (1) A financial institution must conduct the either of the following measures on each beneficiary of a life insurance policy or other investment-related insurance policy as soon as the beneficiary is identified or designated:
            (a) for an identified beneficiary (whether a natural or legal person or a legal arrangement) — recording the beneficiary's name;
            (b) for a beneficiary designated by characteristics or class (for example, spouse or children at the time that the insured event occurs) or by some other means (for example, under a will)) — obtaining enough information about the beneficiary to satisfy the financial institution that it will be able to establish the identity of the beneficiary at the time of the payout.
            (2) The institution must verify the identity of each beneficiary at the time of the payout.
            (3) In deciding whether enhanced CDD is applicable, a financial institution must consider the beneficiary of a life insurance policy as a risk factor. If the financial institution decides that a beneficiary who is a legal person or a legal arrangement presents a higher risk, the enhanced CDD should include reasonable measures to identify, and verify the identity of, the beneficiary's beneficial owner at the time of payout.
            (4) If a financial institution is unable to comply with this rule, it must consider making a suspicious transaction report to the FIU.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.3.11 CDD for PEPs as beneficiaries of life insurance policies

            (1) Before making a payout from a life insurance policy, a financial institution must take reasonable measures to determine whether the beneficiary, or the beneficial owner of the beneficiary, of the policy is a PEP.
            (2) If the beneficiary or its beneficial owner is a PEP and the PEP presents a higher risk, the firm:
            (a) must inform its senior management;
            (b) must conduct enhanced CDD of its business relationship with the policyholder; and
            (c) must make a suspicious transaction report to the FIU.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.3.12 CDD for purchaser and vendor of real estate

            A DNFBP acting as real estate agent in relation to a transaction for the sale of real property must conduct CDD on both the buyer and seller of the property (even if the DNFBP acts for only 1 of the parties to the transaction).

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.3.13 Ongoing monitoring required

            (1) A firm must conduct ongoing monitoring for each customer.

            Note See rule 4.2.2 (What is ongoing monitoring?).
            (2) Without limiting subrule (1), the firm must pay special attention to all complex, unusual large transactions, or unusual patterns of transactions, that have no apparent or visible economic or lawful purpose.

            Examples
            1 significant transactions relative to the business relationship with the customer
            2 transactions that exceed set limits
            3 very high turnover inconsistent with the size of the balance
            4 transactions that fall outside the regular pattern of an account's activity
            (3) The firm must examine as far as possible the background and purpose of a transaction mentioned in subrule (2) and must make a record of its findings.
            (4) A record made for subrule (2) must be kept for at least 10 years after the day it is made.
            (5) This rule is subject to rule 5.2.2 (2) (Firm must ensure no tipping-off occurs).
            (6) In this rule:
            transaction, in relation to insurance business, means the insurance product itself, the premium payment and the benefits.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.3.14 Procedures for ongoing monitoring

            (1) A firm must have policies, procedures, systems and controls for ongoing monitoring for its customers.
            (2) The systems and controls:
            (a) must flag transactions for further examination; and
            (b) must provide for:
            (i) the prompt further examination of these transactions by a senior independent person;
            (ii) appropriate action to be taken on the findings of the further examination; and
            (iii) if there is knowledge or suspicion of money laundering or terrorism financing raised by the findings — a report to be made promptly to the firm's MLRO.
            (3) The monitoring provided by the systems and controls may be:
            (a) in real time (that is, transactions are reviewed as they take place or are about to take place); or
            (b) after the event (that is, transactions are reviewed after they have taken place).
            (4) The monitoring may be, for example:
            (a) by reference to particular types of transactions or the customer's risk profile;
            (b) by comparing the transactions of the customer, or the customer's risk profile, with those of customers in a similar peer group; or
            (c) through a combination of those approaches.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.3.15 Linked one-off transactions

            (1) A firm must have systems and controls to identify one-off transactions that are linked to the same person.

            Note See rule 4.2.5 (What is a one-off transaction?).
            (2) If a firm knows or suspects, or has reasonable grounds to know or suspect, that a series of linked one-off transactions involves money laundering or terrorism financing, the firm must make a suspicious transaction report to the FIU.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 4.4 AML/CFTR Part 4.4 Enhanced CDD and ongoing monitoring

          • AML/CFTR 4.4.1 Enhanced CDD and ongoing monitoring — general

            A firm must, on a risk-sensitive basis, conduct enhanced CDD and enhanced ongoing monitoring:

            (a) in cases where it is required to do so under the AML/CFT Law or these rules;
            (b) if required by the Regulator or the NAMLTF Committee;
            (c) in cases where FATF calls upon its members to require enhanced CDD and enhanced ongoing monitoring; and
            (d) in any other case that by its nature can present a higher risk of money laundering or terrorism financing.

            Note Enhanced CDD or enhanced ongoing monitoring is required under:

            •   rule 2.1.3 (2) (b) (Matters to be covered by policies etc)
            •   rule 3.2.4 (Persons associated with terrorist acts etc — enhanced CDD and ongoing monitoring)
            •   rule 3.2.5 (c) and (f) (Measures for PEPs)
            •   rule 3.3.5 (3) (a) (Correspondent banking relationships generally)
            •   rule 3.3.9 (3) (Bearer shares and share warrants to bearer)
            •   rule 3.3.12 (3) (a) (Correspondent securities relationships generally)
            •   rule 3.5.1 (2) examples (Risk assessment for jurisdiction risk)
            •   rule 3.5.5 (Jurisdictions with impaired international cooperation)
            •   rule 3.5.6 (Non-cooperative, high risk and sanctioned jurisdictions)
            •   rule 3.5.7 (1) (b) (Jurisdictions with high propensity for corruption)
            •   rule 4.3.8 (2) (Extent of CDD — general requirement)
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.4.2 Measures required for enhanced CDD or ongoing monitoring

            A firm that is required to conduct enhanced CDD or enhanced ongoing monitoring must include the following measures, as appropriate to either or both requirements:

            (a) obtain additional information about the customer (for example, profession, volume of assets and information available through public databases and open sources);
            (b) update customer identification and beneficial owner identification;
            (c) obtain additional information on the purpose and intended nature of the business relationship;
            (d) obtain additional information on the sources of the customer's wealth and funds;
            (e) obtain information on the reasons for the expected transactions or the transactions that have been carried out;
            (f) obtain senior management approval before establishing or continuing a business relationship;
            (g) implement additional and continuous controls by identifying transactions and patterns of transactions that need additional scrutiny and review;
            (h) make the first of any required payments to the customer through an account in a bank that is regulated and supervised (at least for AML and CFT purposes) by the Regulator or by an equivalent regulatory or governmental authority, body or agency in another jurisdiction.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.4.3 Measures in addition to enhanced CDD and ongoing monitoring

            In addition to the enhanced CDD and enhanced ongoing monitoring in this Part, a firm must conduct, on a risk-sensitive basis:

            (a) countermeasures proportionate to the risks specified in circulars published by the NAMLTF Committee based on relevant findings of international organisations, governments and other bodies; and
            (b) other measures determined by the NAMLTF Committee on its own initiative.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 4.5 AML/CFTR Part 4.5 Simplified CDD and ongoing monitoring

          • AML/CFTR 4.5.1 Simplified CDD — general

            Except if there is a suspicion of money laundering or terrorism financing, a firm may conduct, for a customer, simplified CDD under rules 4.5.2 to 4.5.4 when:

            (a) it establishes a business relationship with the customer; or
            (b) it conducts a one-off transaction for the customer to which rule 4.3.2 (1) (b) (When CDD required — basic requirement) applies.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.5.2 Customer with low level of risk

            A firm may conduct simplified CDD for a customer who presents a low level of risk. The CDD must be commensurate to the level of risk and may include:

            (a) despite rule 4.3.5, verifying the identity of the customer or beneficial owner after (rather than before) the business relationship has been established;
            (b) despite rule 4.3.6, verifying the identity of the customer or beneficial owner after (rather than before) a one-off transaction with a value of at least QR 50,000;
            (c) reducing the intensity, extent and frequency of updates of customer identification; and
            (d) not collecting information, or not carrying out measures, to determine the purpose and intended nature of the business relationship, and instead inferring that purpose and nature from the transactions carried out under that relationship.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.5.3 Listed, regulated public companies

            A firm may conduct simplified CDD for a customer if the customer is a public company whose securities are listed on a regulated financial market that subjects public companies to disclosure obligations consistent with international standards of disclosure.

            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.5.4 Certain life insurance contracts

            A firm may conduct simplified CDD for a customer in relation to a life insurance contract if:

            (a) either:
            (i) the annual premium is not more than QR 3,000; or
            (ii) if there is a single premium — the premium is not more than QR 7,500;
            (b) the contract is in writing;
            (c) the beneficiary is not anonymous;
            (d) the nature of the contract allows for the timely CDD if there is a suspicion of money laundering or terrorism financing; and
            (e) the benefits of the contract or a related transaction cannot be realised for the benefit of third parties, except on death or survival to a predetermined advanced age, or similar events.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 4.5.5 Simplified ongoing monitoring

            This Part applies to ongoing monitoring in relation to a customer that presents a low level of risk. The ongoing measures must be commensurate to the level of risk and may include the reduction, based on a reasonable threshold determined by the firm, of the intensity, extent and frequency of:

            (a) the firm's scrutiny of the customer's transactions; and
            (b) the firm's review of its records of the customer.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 4.6 AML/CFTR Part 4.6 Customer identification documentation

          • AML/CFTR Division 4.6.A AML/CFTR Division 4.6.A Customer identification documentation — general

            • AML/CFTR 4.6.1 Elements of customer identification documentation

              Customer identification documentation relates to 2 distinct elements, namely:

              (a) the customer; and
              (b) the nature of the customer's economic activity.

              Note See rule 4.1.3 (Customer identification documents).

              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 4.6.2 Records of customer identification documentation etc

              (1) A firm must make and keep a record of all the customer identification documentation that it obtains in conducting CDD and ongoing monitoring for a customer.
              (2) Without limiting subrule (1), a firm must make and keep a record of how and when each of the steps of the CDD for a customer were satisfactorily completed by the firm.
              (3) This rule applies in relation to a customer irrespective of the nature and risk profile of the customer.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR Division 4.6.B AML/CFTR Division 4.6.B Customer identification documentation — the economic activity

            • AML/CFTR 4.6.3 Risks associated with the economic activity — general

              (1) A firm must take into account that the risks associated with money laundering and the financing of terrorism arise from the fact that either:
              (a) the funds that are going to be put through a business relationship derive from crime and the business relationship will be used to channel these funds; or
              (b) proceeds of crime will be mixed with proceeds of legitimate economic activity to disguise their origin.
              (2) A firm must properly address these risks using the following approach:
              (a) identify the sources of the customer's wealth and funds;

              Note By establishing that the sources are not from criminal activity, the firm substantially mitigates the customer risk.
              (b) identify the purpose and intended nature of the business relationship.

              Note By establishing this, the firm can adequately monitor transactions conducted under the business relationship and assess how these correspond to transactions intended to be conducted under the relationship. In the assessment of where these differ, the firm can better work out whether money laundering or terrorism financing is taking place.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 4.6.4 Risks associated with the economic activity — source of wealth and funds

              (1) In conducting CDD for an applicant for business who is seeking to establish a business relationship, a firm must obtain, and document, information on the source of the applicant's wealth and funds.

              Note Information obtained can assist the firm in establishing the money laundering and terrorism financing risks posed by both the customer risk and the jurisdiction risk. In certain cases the product risk will also be affected by establishing the source of the wealth and funds.
              (2) The firm must obtain, and document, the information to an appropriate level having regard to the applicant's risk profile and must document this information.
              (3) If the applicant's risk profile is not low risk, the firm must verify the source of the applicant's wealth and funds using reliable, independent source documents, data or information, and must document this verification.
              (4) Information documented under this rule forms part of the firm's customer identification documentation.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 4.6.5 Risks associated with the economic activity — purpose and intended nature of business relationship

              (1) In conducting CDD for an applicant for business who is seeking to establish a business relationship, a firm must obtain, and document, information about the purpose and intended nature of the business relationship.
              (2) The extent and detail of this information must be sufficient to allow the firm:
              (a) to readily identify differences between the actual transactions conducted under the relationship and the stated purpose and intended nature of the relationship;
              (b) to increase information requirements to satisfy itself that money laundering or financing of terrorism has not taken place; and
              (c) if it is not satisfied about the information received — to consider making a suspicious transaction report to the FIU.
              (3) Information documented under this rule forms part of the firm's customer identification documentation.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR Division 4.6.C AML/CFTR Division 4.6.C Customer identification documentation — particular applicants for business

            • AML/CFTR 4.6.6 Customer identification documentation — individuals

              (1) This rule applies if an applicant for business for a firm is an individual.
              (2) If the individual's risk profile is low risk, the firm may satisfy the customer identification requirements by confirming the individual's name and likeness by sighting:
              (a) an official government-issued document that has the individual's name and a photograph of the individual;

              Examples
              1 a valid Qatari ID card
              2 a valid passport
              3 a valid driving licence with a photograph
              (b) a document from a reliable, independent source that bears the individual's name and a photograph of the individual; or
              (c) other documents from reliable, independent sources.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 4.6.7 Customer identification documentation — multiple individual applicants

              (1) This rule applies if 2 or more individuals are joint applicants for business for a firm.
              (2) The identities of all of them must be verified in accordance with these rules.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 4.6.8 Customer identification documentation — corporations

              (1) This rule applies if an applicant for business for a firm is a corporation.
              (2) If the corporation's risk profile is low risk, the firm may, subject to subrule (3), satisfy the customer identification requirements by:
              (a) either:
              (i) obtaining a copy of the certificate of incorporation or trade (or an equivalent document), which includes:
              (A) the corporation's full name; and
              (B) the corporation's registered number; or
              (ii) performing a search in the jurisdiction of incorporation and confirming all the matters that would be confirmed by a certificate (or equivalent document) mentioned in subparagraph (i);
              (b) confirming the corporation's registered office business address;
              (c) obtaining a copy of the corporation's latest available report and audited accounts; and
              (d) obtaining a copy of the board resolution authorising:
              (i) the establishing of the relationship with the firm; and
              (ii) persons to act on its behalf in relation to the relationship, including by operating any accounts.
              (3) If the corporation has a multi-layered ownership or control structure, the firm:
              (a) must obtain an understanding of the corporation's ownership and control at each level of the structure using reliable, independent source documents, data or information; and
              (b) must document its understanding of the corporation's ownership and control at each level of the structure.
              (4) Without limiting subrule (3), if the corporation has a multi-layered ownership or control structure, the customer identification requirements for each intermediate legal person must include reliable, independent source documents, data or information verifying:
              (a) the legal person's existence; and
              (b) its registered shareholdings and management.
              Example

              If corporation applicant for business (A) is a subsidiary of another corporation (B) that is in turn a subsidiary of a third corporation (C), the firm must comply with subrule (3) and (4) in relation to B as well as C.
              (5) The firm must conduct additional CDD if the corporation:
              (a) is incorporated in a foreign jurisdiction; or
              (b) has no direct business links to Qatar.
              (6) If the corporation, or the corporation's parent entity, is listed in a stock exchange that has disclosure requirements that enable the customer's or owner's identity to be verified in a fully transparent way, the firm:
              (a) need not identify, nor verify the identity of, the shareholders of the corporation or the shareholders of the parent entity; and
              (b) may instead satisfy the customer identification requirements by obtaining information from a public register, the corporation or parent entity itself, or other reliable sources.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 4.6.9 Customer identification documentation — unincorporated partnerships and associations

              (1) This rule applies if an applicant for business for a firm is an unincorporated partnership, or an association that conducts business (the applicant).
              (2) If the firm does not know the applicant's partners or directors, the firm must verify the identity of all of the partners or directors using reliable, independent source documents, data or information.
              (3) If the applicant is a partnership with a formal partnership agreement, the firm must obtain a mandate from the partnership authorising:
              (a) the establishing of the relationship with the firm; and
              (b) persons to act on behalf of the partnership in relation to the relationship, including by operating any accounts.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 4.6.10 Customer identification documentation — charities

              (1) This rule applies if an applicant for business for a firm is a charity.
              (2) The firm must conduct CDD for the charity according to its legal form.

              Examples of legal forms of charities
              1 company limited by shares
              2 trust
              3 unincorporated association
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 4.6.11 Customer identification documentation — legal arrangements

              (1) This rule applies if an applicant for business for a firm is a legal arrangement.
              (2) In conducting a risk assessment for the legal arrangement, the firm must take into account the different money laundering and terrorism financing risks that are posed by arrangements of different sizes and areas of activity. This subrule does not limit the matters the firm may take into account.

              Examples

              Some legal arrangements have a limited purpose (for example, inheritance tax planning) or have a limited range of activities. Others have more extensive activities and connections including financial links with other jurisdictions.
              (3) The firm must, as a minimum, obtain the following information about the legal arrangement:
              (a) the arrangement's full name;
              (b) the nature and purpose of the arrangement;

              Examples of the nature of arrangements

              discretionary, testamentary, bare
              (c) the jurisdiction where the arrangement was established;
              (d) the identities of the parties to the arrangement;

              Examples of parties to a trust

              settlor, trustee, protector and beneficiary
              (e) the beneficial owner of the arrangement.
              Note Under rule 1.3.5 (1) (c) and 1.3.5 (4), the beneficial owner of a legal arrangement is the individual who ultimately owns, or exercises effective control over, the arrangement and includes:
              (a) if the beneficiaries and their distributions have already been decided — an individual who is to receive at least 20% of the funds of the arrangement; and
              (b) if the beneficiaries or their distributions have not already been decided — the class of individuals in whose main interest the arrangement is established or operated as beneficial owner; and
              (c) an individual who, directly or indirectly, exercises control over at least 20% (by value) of the property of the arrangement.
              (4) The firm must verify the identity of an applicant that is a legal arrangement using reliable, independent source documents, data or information that show:
              (a) the name, nature and proof of existence of the arrangement; and
              (b) the terms of the arrangement.
              (5) The firm must verify that any person purporting to act on behalf of the legal arrangement is so authorised, and must identify and verify the identity of that person.
              (6) The firm:
              (a) must understand, and if necessary obtain information on, the purpose and intended nature of the business relationship; and
              (b) must understand the nature of the business of the legal arrangement and its ownership and control structure.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 4.6.12 Customer identification documentation — clubs and societies

              (1) This rule applies if an applicant for business for a firm is a club or society (the applicant).
              (2) In conducting a risk assessment for the applicant, the firm must take into account the different money laundering and terrorism financing risks that are posed by clubs and societies of different types and areas of activity.
              (3) Subrule (2) does not limit the matters the firm may take into account.
              (4) If the applicant's risk profile is low risk, the firm must, as a minimum, obtain the following information about the applicant:
              (a) the applicant's full name;
              (b) the applicant's legal status;
              (c) the applicant's purpose, including any constitution;
              (d) the names of all of the applicant's officers.
              (5) The firm must also verify the identities of the applicant's officers who have authority:
              (a) to establish a relationship with the firm on the applicant's behalf; or
              (b) to act on behalf of the applicant for the relationship, including by operating any account or by giving instructions about the use, transfer or disposal of any of the applicant's assets.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 4.6.13 Customer identification documentation — governmental bodies

              (1) This rule applies if an applicant for business for a firm is a multi-jurisdictional entity, a government department or a local authority (the applicant).
              (2) The firm must, as a minimum, obtain the following information about the applicant:
              (a) the applicant's legal status;
              (b) the applicant's ownership and control, as appropriate;
              (c) the applicant's main address.
              (3) The firm must also verify the identities of the persons who have authority:
              (a) to establish a relationship with the firm on the applicant's behalf; or
              (b) to act on behalf of the applicant for the relationship, including by operating any account or by giving instructions about the use, transfer or disposal of any of the applicant's assets.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 4.6.14 Other requirements for customer identification of legal persons

              (1) In addition to the customer identification documentation required for particular applicants under this Division, a firm must verify the identity of an applicant that is a legal person using reliable, independent source documents, data or information that show:
              (a) the name, legal form and proof of existence of the legal person;
              (b) the mandates, declarations, resolutions and other sources of power that regulate and bind the legal person;
              (c) the names of the persons holding senior management positions in the legal person; and
              (d) the address of the registered office of the legal person and, if different, its principal place of business.
              (2) The firm must verify that any person purporting to act on behalf of the legal person is so authorised, and must identify and verify the identity of that person.
              (3) The firm must:
              (a) understand, and if necessary obtain information on, the purpose and intended nature of the business relationship; and
              (b) understand the nature of the business of the legal person and its ownership and control structure.
              (4) For subrule (3) (b), the firm must identify, and verify the identity of:
              (a) the individual who is the beneficial owner of the legal person; or
              (b) if no individual can be identified as the beneficial owner of the legal person (or if there is doubt that an individual is the beneficial owner) — the legal person's most senior manager.
              Note Under rule 1.3.5 (1) (c) and 1.3.5 (3), the beneficial owner of a legal person is the individual who ultimately owns, or exercises effective control over, the person and includes, for a corporation:
              (a) an individual who, directly or indirectly, owns or controls at least 20% of the shares or voting rights of the corporation; and
              (b) an individual who, directly or indirectly, otherwise exercises control over the corporation's management.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR Chapter 5 AML/CFTR Chapter 5 Reporting and tipping-off

        • AML/CFTR Part 5.1 AML/CFTR Part 5.1 Reporting requirements

          Note for Part 5.1

          Principle 4 (see rule 1.2.4) requires a firm to have effective measures in place to ensure there is internal and external reporting whenever money laundering or terrorism financing is known or suspected.

          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR Division 5.1.A AML/CFTR Division 5.1.A Reporting requirements — general

            • AML/CFTR 5.1.1 Unusual and inconsistent transactions

              (1) A transaction that is unusual or inconsistent with a customer's known legitimate business and risk profile does not of itself make it suspicious.

              Note 1 The key to recognising unusual or inconsistent transactions is for a firm to know its customers well enough under Chapter 4 (Know your customer).

              Note 2 A firm's AML/CFT policies, procedures, systems and controls must provide for the identification and scrutiny of certain transactions (see rule 2.1.3 (2) (a)).
              (2) A firm must consider the following matters in deciding whether an unusual or inconsistent transaction is a suspicious transaction:
              (a) whether the transaction has no apparent or visible economic or lawful purpose;
              (b) whether the transaction has no reasonable explanation;
              (c) whether the size or pattern of the transaction is out of line with any earlier pattern or the size or pattern of transactions of similar customers;
              (d) whether the customer has failed to give an adequate explanation for the transaction or to fully provide information about it;
              (e) whether the transaction involves the use of a newly established business relationship or is for a one-off transaction;
              (f) whether the transaction involves the use of offshore accounts, companies or structures that are not supported by the customer's economic needs;
              (g) whether the transaction involves the unnecessary routing of funds through third parties.
              (3) Subrule (2) does not limit the matters that the firm may consider.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR Division 5.1.B AML/CFTR Division 5.1.B Internal reporting

            • AML/CFTR 5.1.2 Internal reporting policies etc

              (1) A firm must have clear and effective policies, procedures, systems and controls for the internal reporting of all known or suspected instances of money laundering or terrorism financing.
              (2) The policies, procedures, systems and controls must enable the firm to comply with the AML/CFT Law and these rules in relation to the prompt making of internal suspicious transaction reports to the firm's MLRO.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 5.1.3 Access to MLRO

              A firm must ensure that all its officers and employees have direct access to the firm's MLRO and that the reporting lines between them and the MLRO are as short as possible.

              Note The MLRO is responsible for receiving, investigating and assessing internal suspicious transaction reports for the firm (see rule 2.3.4 (a)).

              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 5.1.4 Obligation of officer or employee to report to MLRO etc

              (1) This rule applies to an officer or employee of a firm if, in the course of his or her office or employment, the officer or employee knows or suspects, or has reasonable grounds to know or suspect, that funds are:
              (a) the proceeds of crime;
              (b) related to terrorism financing; or
              (c) linked or related to, or are to be used for, terrorism, terrorist acts or by terrorist organisations.
              (2) The officer or employee must promptly make a suspicious transaction report to the firm's MLRO.
              (3) The officer or employee must make the report:
              (a) irrespective of the amount of any transaction relating to the funds;
              (b) whether or not any transaction relating to the funds involves tax matters; and
              (c) even though:
              (i) no transaction has been, or will be, conducted by the firm in relation to the funds;
              (ii) for an applicant for business — no business relationship has been, or will be, entered into by the firm with the applicant;
              (iii) for a customer — the firm has terminated any relationship with the customer; and
              (iv) any attempted money laundering or terrorism financing activity in relation to the funds has failed for any other reason.
              (4) If the officer or employee makes a suspicious transaction report to the MLRO (the internal report) in relation to the applicant for business or customer, the officer or employee must promptly give the MLRO details of every subsequent transaction of the applicant or customer (whether or not of the same nature as the transaction that gave rise to the internal report) until the MLRO tells the officer or employee not to do so.

              Note An officer or employee who fails to make a report under this rule:
              (a) may commit an offence against the AML/CFT Law; and
              (b) may also be dealt with under the Financial Services Regulations, Part 9 (Disciplinary and enforcement powers).
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 5.1.5 Obligations of MLRO on receipt of internal report

              (1) If the MLRO of a firm receives a suspicious transaction report (whether under this Division or otherwise), the MLRO must promptly:
              (a) if the firm's policies, procedures, systems and controls allow an initial report to be made orally and the initial report is made orally — properly document the report;
              (b) give the individual making the report a written acknowledgment for the report, together with a reminder about the provisions of Part 5.2 (Tipping-off);
              (c) consider the report in light of all other relevant information held by the firm about the applicant for business, customer or transaction to which the report relates;
              (d) decide whether the transaction is suspicious; and
              (e) give written notice of the decision to the individual who made the report.
              (2) A reference in this rule to the MLRO includes a reference to a person acting under rule 5.1.7 (3) (b) (Obligation of firm to report to FIU etc) in relation to the making of a report on the firm's behalf.

              Note Under rule 2.3.5 the Deputy MLRO acts as the MLRO during absences of the MLRO and whenever there is a vacancy in the MLRO's position.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR Division 5.1.C AML/CFTR Division 5.1.C External reporting

            • AML/CFTR 5.1.6 External reporting policies etc

              (1) A firm must have clear and effective policies, procedures, systems and controls for reporting to the FIU all known or suspected instances of money laundering or terrorism financing.
              (2) The policies, procedures, systems and controls must enable the firm:
              (a) to comply with the AML/CFT Law and these rules in relation to the prompt making of suspicious transaction reports to the FIU; and
              (b) to cooperate effectively with the FIU and law enforcement agencies in relation to suspicious transaction reports made to the FIU.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 5.1.7 Obligation of firm to report to FIU etc

              (1) This rule applies to a firm if the firm knows or suspects, or has reasonable grounds to know or suspect, that funds are:
              (a) the proceeds of crime;
              (b) related to terrorism financing; or
              (c) linked or related to, or are to be used for, terrorism, terrorist acts or by terrorist organisations.
              (2) The firm must promptly make a suspicious transaction report to the FIU and must ensure that any proposed transaction mentioned in the report does not proceed without consulting with the FIU.
              (3) The report must be made on the firm's behalf by:
              (a) the MLRO; or
              (b) if the report cannot be made by the MLRO (or Deputy MLRO) for any reason — by a person who is employed (as described in rule 2.3.2 (1) (a)) at the management level by the firm, or by a legal person in the same group, and who has sufficient seniority, knowledge, experience and authority to investigate and assess internal suspicious transaction reports.
              Note Under rule 2.3.5 the Deputy MLRO acts as the MLRO during absences of the MLRO and whenever there is a vacancy in the MLRO's position.
              (4) The firm must make the report:
              (a) whether or not an internal suspicious transaction report has been made under Division 5.1.B (Internal reporting) in relation to the funds;
              (b) irrespective of the amount of any transaction relating to the funds;
              (c) whether or not any transaction relating to the funds involves tax matters; and
              (d) even though:
              (i) no transaction has been, or will be, conducted by the firm in relation to the funds;
              (ii) for an applicant for business — no business relationship has been, or will be, entered into by the firm with the applicant;
              (iii) for a customer — the firm has terminated any relationship with the customer; and
              (iv) any attempted money laundering or terrorism financing activity in relation to the funds has failed for any other reason.
              (5) The report must be made in the form (if any) approved by the FIU, and in accordance with the unit's instructions. The report must include a statement about:
              (a) the facts or circumstances on which the firm's knowledge or suspicion is based or the grounds for the firm's knowledge or suspicion; and
              (b) if the firm knows or suspects that the funds belong to a third person — the facts or circumstances on which that knowledge or suspicion is based or the grounds for the firm's knowledge or suspicion.
              Note A firm that fails to make a report under this rule:
              (a) may commit an offence against the AML/CFT Law; and
              (b) may also be dealt with under the Financial Services Regulations, Part 9 (Disciplinary and enforcement powers).
              (6) If a firm makes a report to the FIU under this rule about a proposed transaction, it must immediately tell the Regulator that it has made a report to the FIU under this rule.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 5.1.8 Obligation not to destroy records relating to customer under investigation etc

              (1) This rule applies if:
              (a) a firm makes a suspicious transaction report to the FIU in relation to an applicant for business or a customer; or
              (b) the firm knows that an applicant for business or customer is under investigation by a law enforcement agency in relation to money laundering or terrorism financing.
              (2) The firm must not destroy any records relating to the applicant for business or customer without consulting with the FIU.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

            • AML/CFTR 5.1.9 Firm may restrict or terminate business relationship

              (1) This Division does not prevent a firm from restricting or terminating, for normal commercial reasons, its business relationship with a customer after the firm makes a suspicious transaction report about the customer to the FIU.
              (2) The firm must ensure that restricting or terminating the business relationship does not inadvertently result in tipping-off the customer.
              (3) If the firm restricts or terminates a business relationship with a customer, it must immediately tell the Regulator about the restriction or termination.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR Division 5.1.D AML/CFTR Division 5.1.D Reporting records

            • AML/CFTR 5.1.10 Reporting records to be made by MLRO etc

              The MLRO of a firm must make and keep records:

              (a) showing the details of each internal suspicious transaction report the MLRO receives;
              (b) necessary to demonstrate how rule 5.1.5 (Obligations of MLRO on receipt of internal report) was complied with in relation to each internal suspicious transaction report; and
              (c) showing the details of each suspicious transaction report made to the FIU by the firm.
              Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 5.2 AML/CFTR Part 5.2 Tipping-off

          • AML/CFTR 5.2.1 What is tipping-off?

            Tipping-off, in relation to an applicant for business or a customer of a firm, is the unauthorised act of disclosing information that:

            (a) may result in the applicant or customer, or a third party (other than the FIU or the Regulator), knowing or suspecting that the applicant or customer is or may be the subject of:
            (i) a suspicious transaction report; or
            (ii) an investigation relating to money laundering or terrorism financing; and
            (b) may prejudice the prevention or detection of offences, the apprehension or prosecution of offenders, the recovery of proceeds of crime, or the prevention of money laundering or terrorism financing.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 5.2.2 Firm must ensure no tipping-off occurs

            (1) A firm must ensure that:
            (a) its officers and employees are aware of, and sensitive to:
            (i) the issues surrounding tipping-off; and
            (ii) the consequences of tipping-off; and
            (b) it has policies, procedures, systems and controls to prevent tipping-off within the firm or its group.
            (2) If a firm believes, on reasonable grounds, that an applicant for business or a customer may be tipped off by conducting CDD or ongoing monitoring, the firm may make a suspicious transaction report to the FIU instead of conducting CDD or monitoring.
            (3) If the firm acts under subrule (2), the MLRO must make and keep records to demonstrate the grounds for the belief that conducting CDD or ongoing monitoring would have tipped off an applicant for business or a customer.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 5.2.3 Information relating to suspicious transaction reports to be safeguarded

            (1) A firm must take all reasonable measures to ensure that information relating to suspicious transaction reports is safeguarded and, in particular, that information relating to a suspicious transaction report is not disclosed to any person (other than a member of the firm's senior management) without the consent of the firm's MLRO.
            (2) The MLRO must not consent to information relating to a suspicious transaction report being disclosed to a person unless the MLRO is satisfied that disclosing the information to the person would not constitute tipping-off.
            (3) If the MLRO gives consent, the MLRO must make and keep records to demonstrate how the MLRO was satisfied that disclosing the information to the person would not constitute tipping-off.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 5.2.4 When advice not considered to be tipping-off

            (1) This rule applies to lawyers, notaries, other independent legal professionals, and accountants acting as independent legal professionals.
            (2) The act of a lawyer, notary, other legal professional or accountant in disclosing relevant information in the course of advising a person against engaging in an illegal act does not constitute tipping-off.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR Chapter 6 AML/CFTR Chapter 6 Screening and training requirements

        • AML/CFTR Part 6.1 AML/CFTR Part 6.1 Screening procedures

          Note for Part 6.1

          Principle 5 (see rule 1.2.5 (a)) requires a firm to have adequate screening procedures to ensure high standards when appointing or employing officers and employees.

          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 6.1.1 Screening procedures — particular requirements

            (1) In this rule:
            higher-impact individual, in relation to a firm, means an individual who has a role in preventing money laundering or terrorism financing under the firm's AML/CFT programme.

            Examples
            1 a senior manager of the firm
            2 the firm's MLRO or Deputy MLRO
            3 an individual whose role in the firm includes conducting any other activity with or for a customer
            (2) A firm's screening procedures for the appointment or employment of officers and employees must ensure that an individual is not appointed or employed unless:
            (a) for a higher-impact individual — the firm is satisfied that the individual has the appropriate character, knowledge, skills and abilities to act honestly, reasonably and independently; or
            (b) for any other individual — the firm is satisfied about the individual's integrity.
            (3) The procedures must, as a minimum, provide that, before appointing or employing a higher-impact individual, the firm must:
            (a) obtain references about the individual;
            (b) obtain information about the individual's employment history and qualifications;
            (c) obtain details of any regulatory action taken in relation to the individual;
            (d) obtain details of any criminal convictions of the individual; and
            (e) take reasonable steps to confirm the accuracy and completeness of information that it has obtained about the individual.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 6.2 AML/CFTR Part 6.2 AML/CFT training programme

          Note for Part 6.2

          Principle 5 (see rule 1.2.5 (b)) also requires a firm to have an appropriate ongoing AML/CFT training programme for its officers and employees.

          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 6.2.1 Appropriate AML/CFT training programme to be delivered etc

            (1) A firm must identify, design, deliver and maintain an appropriate ongoing AML/CFT training programme for its officers and employees.
            (2) The programme must ensure that the firm's officers and employees are aware, and have an appropriate understanding, of:
            (a) their legal and regulatory responsibilities and obligations, particularly those under the AML/CFT Law and these rules;
            (b) their role in preventing money laundering and terrorism financing, and the liability that they, and the firm, may incur for:
            (i) involvement in money laundering or terrorism financing; and
            (ii) failure to comply with the AML/CFT Law and these rules;
            (c) how the firm is managing money laundering and terrorism financing risks, how risk management techniques are being applied by the firm, the roles of the MLRO and Deputy MLRO, and the importance of CDD and ongoing monitoring;
            (d) money laundering and terrorism financing threats, techniques, methods and trends, the vulnerabilities of the products offered by the firm, and how to recognise suspicious transactions; and
            (e) the firm's processes for making internal suspicious transaction reports, including how to make effective and efficient reports to the MLRO whenever money laundering or terrorism financing is known or suspected.
            (3) The training must enable the firm's officers and employees to seek and assess the information that is necessary for them to decide whether a transaction is suspicious.
            (4) In making a decision about what is appropriate training for its officers and employees, the firm must consider:
            (a) their differing needs, experience, skills and abilities;
            (b) their differing functions, roles and levels in the firm;
            (c) the degree of supervision over, or independence exercised by, them;
            (d) the availability of information that is needed for them to decide whether a transaction is suspicious;
            (e) the size of the firm's business and the risk of money laundering and terrorism financing;
            (f) the outcome of reviews of their training needs; and
            (g) any analysis of suspicious transaction reports showing areas where training needs to be improved.
            Examples
            1 training for new employees needs to be different to the training for employees who have been with the firm for some time and are already aware of the firm's policies, processes, systems and controls
            2 the training for employees who deal with customers face-to-face needs to be different to the training for employees who deal with customers non-face-to-face
            (5) Subrule (4) does not limit the matters that the firm may consider.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 6.2.2 Training must be maintained and reviewed

            (1) A firm's AML/CFT training must include ongoing training to ensure that its officers and employees:
            (a) maintain their AML/CFT knowledge, skills and abilities;
            (b) are kept up to date with new AML/CFT developments, including the latest money laundering and terrorism financing techniques, methods and trends; and
            (c) are trained on changes to the firm's AML/CFT policies, procedures, systems and controls.
            (2) A firm must, at regular and appropriate intervals, carry out reviews of the AML/CFT training needs of its officers and employees and must ensure that the needs are met.
            (3) The firm's senior management must promptly:
            (a) consider the outcomes of each review; and
            (b) if a review identifies deficiencies in the firm's AML/CFT training — prepare or approve an action plan to remedy the deficiencies.
            Note It is the MLRO's responsibility to monitor the firm's AML/CFT training programme (see rule 2.3.4 (f)).
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR Chapter 7 AML/CFTR Chapter 7 Providing documentary evidence of compliance

        Note for Chapter 7

        Principle 6 (see rule 1.2.6) requires a firm to be able to provide documentary evidence of its compliance with the requirements of the AML/CFT Law and these rules.

        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 7.1 AML/CFTR Part 7.1 General record-keeping obligations

          • AML/CFTR 7.1.1 Records about compliance

            (1) A firm must make the records necessary:
            (a) to enable it to comply with the AML/CFT Law and these rules; and
            (b) to demonstrate at any time whether the firm has complied with the AML/CFT Law and these rules.
            (2) Without limiting rule (1) (b), the firm must make the records necessary to demonstrate how:
            (a) the key AML/CFT principles in Part 1.2 have been complied with;
            (b) the firm's senior management has complied with responsibilities under the AML/CFT Law and these rules;
            (c) the firm's risk-based approach has been designed and implemented;
            (d) each of the firm's risks have been mitigated;
            (e) CDD and ongoing reviews were conducted for each customer; and
            (f) CDD and ongoing monitoring were enhanced where required by the AML/CFT Law or these rules.
            Examples of records that must be kept
            1 documents and data obtained while conducting CDD
            2 account files
            3 business correspondence
            4 results of analysis of suspicious transaction reports
            Note See also rule 5.1.10 for reporting records to be made by MLRO and rule 4.3.13 (4) for records on monitoring of complex, unusual or large transactions.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 7.1.2 How long records must be kept

            (1) All records made by a firm for the AML/CFT Law or these rules must be kept for at least 10 years after the day they are made.
            (2) All records made by a firm in relation to a customer for the purposes of the AML/CFT Law or these rules must be kept for at least the longer of the following:
            (a) if the firm has (or has had) a business relationship with the customer — 10 years after the day the business relationship with the customer ends;
            (b) if the firm has not had a business relationship with the customer or had a business relationship with the customer and carried out a one-off transaction for the customer after the relationship ended — 10 years after the day the firm last completed a transaction with or for the customer.
            (3) If the day the business relationship with the customer ended is unclear, it is taken to have ended on the day the firm last completed a transaction with or for the customer.
            (4) This rule is subject to rule 5.1.8 (Obligation not to destroy records relating to customer under investigation etc).
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 7.1.3 Retrieval of records

            (1) A firm must ensure that all types of records kept for the AML/CFT Law and these rules can be retrieved without undue delay.
            (2) Without limiting subrule (1), a firm must establish and maintain systems that enable it to respond fully and quickly to inquiries from the FIU and law enforcement authorities about:
            (a) whether it maintains, or has maintained during the previous 10 years, a business relationship with any person; and
            (b) the nature of the relationship.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR Part 7.2 AML/CFTR Part 7.2 Particular record-keeping obligations

          • AML/CFTR 7.2.1 Records for customers and transactions

            (1) A firm must make and keep records in relation to:
            (a) its business relationship with each customer; and
            (b) each transaction that it conducts with or for a customer.
            (2) The records must:
            (a) comply with the requirements of the AML/CFT Law and these rules;
            (b) enable an assessment to be made of the firm's compliance with:
            (i) the AML/CFT Law and these rules; and
            (ii) its AML/CFT policies, procedures, systems and controls;
            (c) enable any transaction effected by or through the firm to be reconstructed;
            (d) enable the firm to comply with any request, direction or order by a competent authority, judicial officer or court for the production of documents, or the provision of information, within a reasonable time;
            (e) indicate the nature of any evidence that it obtained in relation to an applicant for business, customer or transaction; and
            (f) for any such evidence — include a copy of the evidence itself or, if this is not practicable, information that would enable a copy of the evidence to be obtained.
            (3) This rule is additional to any provision of the AML/CFT Law or any other provision of these rules.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

          • AML/CFTR 7.2.2 Training records

            A firm must make and keep records of the AML/CFT training provided for the firm's officers and employees, including, as a minimum:

            (a) the dates the training was provided;
            (b) the nature of the training; and
            (c) the names of the individuals to whom the training was provided.
            Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR Glossary

        (see rule 1.1.5)

        account, in relation to a financial institution, means an account of any kind with the financial institution, and includes anything else that involves a similar relationship between the financial institution and a customer.

        activity includes operation.

        AML means anti-money laundering.

        AML/CFT Law means Law No. (20) of 2019 on Combating Money Laundering and Terrorism Financing and includes any Regulations made under it.

        another jurisdiction means a jurisdiction other than this jurisdiction.

        applicant for business has the meaning given by rule 4.2.3.

        associate, in relation to a legal person (A), means any of the following:

        (a) a legal person in the same group as A;
        (b) a subsidiary of A.

        authorised firm means a person that has an authorisation granted under the Financial Services Regulations, Part 5.

        beneficial owner has the meaning given by rule 1.3.5.

        beneficiary, of a trust, means a person, or a person included in a class of persons, for whose benefit the trust property is held by the trustee.

        business day means any day that is not a Friday, Saturday or a public holiday in Qatar.

        business relationship has the meaning given by rule 4.2.4.

        CDD means customer due diligence.

        CFT means combating the financing of terrorism.

        correspondent banking has the meaning given by rule 1.3.7.

        correspondent securities relationship has the meaning given by rule 1.3.9.

        customer has the meaning given by rule 1.3.4.

        customer due diligence (or CDD) has the meaning given by rule 4.2.1.

        Deputy MLRO, in relation to a firm, means the firm's deputy money laundering reporting officer.

        designated non-financial business or profession (or DNFBP) has the meaning given by rule 1.3.3.

        director, of a firm, means a person appointed to direct the firm's affairs, and includes:

        (a) a person named as director; and
        (b) any other person in accordance with whose instructions the firm is accustomed to act.

        DNFBP means a designated non-financial business or profession.

        document means a record of information in any form (including electronic form), and includes, for example:

        (a) anything in writing or on which there is writing;
        (b) anything on which there are figures, marks, numbers, perforations, symbols or anything else having a meaning for individuals qualified to interpret them;
        (c) a drawing, map, photograph or plan; and
        (d) any other item or matter (in whatever form) that is, or could reasonably be considered to be, a record of information.

        employee, in relation to a person (A), means an individual:

        (a) who is employed or appointed by A, whether under a contract of service or services or otherwise; or
        (b) whose services are, under an arrangement between A and a third party, placed at the disposal and under the control of A.

        entity means any kind of entity, and includes, for example, any person.

        exercise a function means exercise or perform the function.

        FATF means the Financial Action Task Force, the inter-governmental body that sets standards, and develops and promotes policies, to combat money laundering and terrorism financing, and includes any successor entity.

        firm has the meaning given by rule 1.3.1.

        financial institution has the meaning given by rule 1.3.2.

        FIU means the Financial Intelligence Unit established under the AML/CFT Law.

        foreign jurisdiction means a jurisdiction other than Qatar (which includes the Qatar Financial Centre).

        full originator information means:

        (a) the originator's name;
        (b) the originator's account number or, if there is no account number, a unique reference number (being numbers that are traceable to the originator);
        (c) the originator's address, national identity number, customer identification number, or date and place of birth.

        full recipient information means the recipient's name and the recipient's account number or, if there is no account number, a unique reference number (being numbers that are traceable to the recipient).

        function means any function, authority, duty or power.

        funds means assets or properties of every kind (whether physical or non-physical, tangible or intangible or movable or immovable, however acquired, and of any value), including:

        (a) financial assets and all related rights;
        (b) economic resources such as oil and other natural resources, and all related rights;
        (c) legal documents or instruments in any form, including electronic or digital copies, evidencing title to, or share in, such assets or resources;
        (d) any interest, dividends or other income on such assets or resources; and
        (e) any value accruing from, or generated by, such assets or resources, which could be used to obtain funds, goods or services.

        governing body, of a firm, means its board of directors, committee of management or other governing body (whatever it is called).

        group, in relation to a firm, means 2 or more entities consisting of:

        (a) a parent company or other legal person exercising control, and coordinating functions, over the rest of the group for the application of group supervision; and
        (b) 1 or more branches or subsidiaries that are subject to AML/CFT policies, procedures systems and controls at group level.

        instrument means an instrument of any kind, and includes, for example, any writing or other document.

        insurance business has the meaning given by the Insurance Business Rules 2006.

        jurisdiction means any kind of legal jurisdiction, and includes, for example:

        (a) Qatar;
        (b) a foreign country (whether or not an independent sovereign jurisdiction), or a state, province or other territory of such a foreign country; and
        (c) the Qatar Financial Centre or a similar jurisdiction.

        legal arrangement means an express trust or similar legal arrangement.

        legal person means an entity (other than an individual) on which the legal system of a jurisdiction confers rights and imposes duties, and includes, for example:

        (a) any entity that can establish a permanent customer relationship with a financial institution; and
        (b) any entity that can own, deal with, or dispose of, property.

        Examples

        1 a company
        2 any other corporation
        3 a partnership, whether or not incorporated
        4 an association or other undertaking, whether or not incorporated
        5 a jurisdiction, its government or any of its organs, agencies or instrumentalities

        MLRO, in relation to a firm, means the firm's money laundering reporting officer.

        money laundering has the same meaning as in the AML/CFT Law, Chapter 2, Article (2).

        NAMLTF Committee means the National Anti-Money Laundering and Terrorism Financing Committee established under the AML/CFT Law.

        National Risk Assessment means the series of activities prepared and supervised by the NAMLTF Committee to identify and analyse the threats faced by Qatar and its financial system from money laundering, terrorism financing, and the financing of the proliferation of weapons of mass destruction.

        non-profit organisation means a legal person, legal arrangement or other organisation that engages in raising or disbursing funds for:

        (a) charitable, religious, cultural, educational, social, fraternal or similar purposes; or
        (b) carrying out other types of charitable works for public benefit.

        office includes position.

        one-off transaction has the meaning given by rule 4.2.5.

        ongoing monitoring has the meaning given by rule 4.2.2.

        outsourcing, in relation to a firm, is any form of arrangement that involves the firm relying on a third-party service provider (including a member of its group) for the exercise of a function, or the conduct of an activity, that would otherwise be exercised or conducted by the firm, but does not include:

        (a) discrete advisory services, including, for example, the provision of legal advice, procurement of specialised training, billing, and physical security; or
        (b) supply arrangements and functions, including, for example, the supply of electricity or water and the provision of catering and cleaning services; or
        (c) the purchase of standardised services, including, for example, market information services and the provision of prices.

        parent entity, in relation to a legal person (A), means any of the following:

        (a) a legal person that holds a majority of the voting power in A;
        (b) a legal person that is a member of A (whether direct or indirect, or through legal or beneficial entitlement) and alone, or together with 1 or more associates, holds a majority of the voting power in A;
        (c) a parent entity of any legal person that is a parent entity of A.

        PEP means a politically exposed person.

        person means:

        (a) an individual (including an individual occupying an office from time to time); or
        (b) a legal person.

        politically exposed person (or PEP) has the meaning given by rule 1.3.6.

        proceeds of crime means funds derived or obtained, directly or indirectly, from a predicate offence (within the meaning given by the AML/CFT Law, Chapter 1), including any income, interest, revenue or other product from such funds, whether or not the funds have been converted or transferred, in whole or in part, into other properties or investment yields.

        product includes the provision of a service.

        QFC bank means an authorised firm that is:

        (a) a deposit-taker, within the meaning of the Banking Business Prudential Rules 2014; or
        (b) an Islamic bank or Islamic investment dealer, within the respective meanings of the Islamic Banking Business Prudential Rules 2015.

        QFC captive insurer has the meaning given by the Captive Insurance Business Rules 2011.

        QFC insurer means an authorised firm that has an authorisation to conduct insurance business.

        senior management, of a firm, means the firm's senior managers, jointly and separately.

        senior manager, of a firm, means an individual employed by the firm, or by a member of the firm's group, who has responsibility either alone or with others for management and supervision of 1 or more elements of the firm's business or activities that are conducted in, from or to this jurisdiction.

        settlor, in relation to a trust, means the person who created the trust.

        shell bank has the meaning given by rule 1.3.8.

        subsidiary — a legal person (A) is a subsidiary of another legal person (B) if B is a parent entity of A.

        suspicious transaction report, in relation to a firm, means a suspicious transaction report to the firm's MLRO or by the firm to the FIU.

        targeted financial sanction means asset freezing or any prohibition to prevent funds from being made available, directly or indirectly, for the benefit of persons or entities listed in accordance with the Law No. (27) of 2019 on Combating Terrorism.

        Note Under the Law on Combating Terrorism, the National Counter Terrorism Committee is responsible for implementing the requirements relating to targeted financial sanctions. For how to implement targeted financial sanctions, see guidelines under that Law.

        terrorist means an individual who:

        (a) commits, or attempts to commit, a terrorist act by any means, directly or indirectly, unlawfully and wilfully;
        (b) participates as an accomplice in a terrorist act;
        (c) organises or directs others to commit a terrorist act; or
        (d) contributes to the commission of a terrorist act by a group of persons acting with a common purpose if the contribution is made intentionally and with the aim of furthering the terrorist act or with the knowledge of the intention of the group to commit a terrorist act.

        terrorism financing has the same meaning as in the AML/CFT Law, Chapter 2, Article (3).

        terrorist act has the same meaning as in the AML/CFT Law, Chapter 1.

        terrorist organisation means a group of terrorists.

        the Regulator means the Qatar Financial Centre Regulatory Authority.

        the State means the State of Qatar.

        this jurisdiction means the Qatar Financial Centre.

        tipping-off has the meaning given by rule 5.2.1.

        transaction means a transaction or attempted transaction of any kind, and includes, for example:

        (a) the giving of advice;
        (b) the provision of any service; and
        (c) the conducting of any other business or activity.

        writing means any form of writing, and includes, for example, any way of representing or reproducing words, numbers, symbols or anything else in legible form (for example, by printing or photocopying).

        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • Banking Business Prudential Rules 2020 (BANK)

      Click here to view earlier versions of Banking Business Prudential Rules 2020 (BANK).

      Banking Business Prudential Rules 2014 (BANK)
      BANK Chapter 1:
      General
      BANK Part 1.1 Preliminary
      BANK Part 1.2 Principles relating to banking business
      BANK Part 1.3 Banking business firms
      BANK Chapter 2:
      Prudential reporting requirements
      BANK 2.1.1 Introduction
      BANK 2.1.2 Information about financial group
      BANK 2.1.3 Financial group and prudential risk
      BANK 2.1.4 Preparing returns
      BANK 2.1.5 Giving information
      BANK 2.1.6 Accounts and statements to use international standards
      BANK 2.1.7 Signing returns
      BANK 2.1.8 Firm to notify authority
      BANK Chapter 3:
      Capital adequacy
      BANK Part 3.1 General
      BANK Part 3.2 Initial and ongoing capital requirements
      BANK Part 3.3 Capital buffers and other requirements
      BANK Part 3.4 Leverage ratio
      BANK Chapter 4:
      Credit risk
      BANK Part 4.1 General
      BANK Part 4.2 Credit risk management policy
      BANK Part 4.3 Credit risk assessment
      BANK Part 4.4 Risk-weighted assets approach
      BANK Part 4.5 Credit risk mitigation
      BANK Part 4.6 Securitisation and re-securitisation
      BANK Part 4.7 Provisioning
      BANK Part 4.8 Transactions with related parties
      BANK Chapter 5:
      Concentration risk and large exposures
      BANK Part 5.1 General
      BANK Part 5.2 Concentration risk
      BANK Part 5.3 Large exposures
      BANK Part 5.4 Powers of Regulatory Authority
      BANK Chapter 6:
      Market risk
      BANK Part 6.1.General
      BANK Part 6.2 Foreign exchange risk
      BANK Part 6.3 Written options risk
      BANK Part 6.4 Commodities risk
      BANK Part 6.5 Traded equity position risk
      BANK Part 6.6 Traded interest rate risk
      BANK Chapter 7:
      Operational risk
      BANK Part 7.1 Introductory
      BANK Part 7.2 Operational risk management
      BANK Part 7.3 Collection and reporting of operational loss data
      BANK Part 7.4 Operational risk capital requirement
      BANK Chapter 8:
      Interest rate risk in the banking book
      BANK 8.1.1 Introduction
      BANK 8.1.2 Interest rate risk in the banking book
      BANK 8.1.3 Requirement — interest rate risk in the banking book
      BANK 8.1.4 Role of governing body — interest rate risk in the banking book
      BANK 8.1.5 Policies — management of interest rate risk in the banking book
      BANK 8.1.6 Assumptions and adjustments
      BANK 8.1.7 Floating-rate exposures
      BANK 8.1.8 New products and activities
      BANK 8.1.9 Stress-testing and interest rate risk in the banking book
      BANK 8.1.10 Duty to notify authority of decline in value
      BANK 8.1.11 Relation to internal capital adequacy assessment
      BANK Chapter 9:
      Liquidity risk
      BANK Part 9.1 Liquidity risk management — introductory
      BANK Part 9.2 Liquidity risk management — firms' obligations in detail
      BANK Part 9.3 Liquidity coverage ratio — liquidity risk group A banking business firms
      BANK Part 9.4 Minimum liquidity ratio — liquidity risk group B banking business firms
      BANK Part 9.5 Net stable funding ratio — liquidity risk group A banking business firms
      BANK Part 9.6 Net stable funding ratio — liquidity risk group B banking business firms
      BANK Part 9.7 Limits on net cumulative maturity mismatch
      BANK Part 9.8 Monitoring
      BANK Chapter 9:
      Liquidity risk [Deleted]
      BANK 9.1.1 Introduction [Deleted]
      BANK 9.1.2 Liquidity risk tolerance [Deleted]
      BANK 9.1.3 Requirements — managing liquidity and withstanding liquidity stress [Deleted]
      BANK 9.1.4 Notification about liquidity concerns [Deleted]
      BANK 9.1.5 Role of governing body — liquidity risk [Deleted]
      BANK 9.1.6 Policies — liquidity risk environment [Deleted]
      BANK 9.1.7 Funding strategy [Deleted]
      BANK 9.1.8 Contingency funding plan [Deleted]
      BANK 9.1.9 Stress-testing and liquidity risk tolerance [Deleted]
      BANK 9.1.10 Relation to internal capital adequacy assessment [Deleted]
      BANK 9.1.11 Firms that conduct foreign currency business [Deleted]
      BANK 9.1.12 Management of encumbered assets [Deleted]
      BANK 9.1.13 Consequences of breaches and changes [Deleted]
      BANK 9.1.14 Liquidity coverage ratio [Deleted]
      BANK 9.1.15 Net stable funding ratio [Deleted]
      BANK Chapter 10:
      Group risk
      BANK Part 10.1 General
      BANK Part 10.2 Group capital requirement and resources
      BANK Chapter 11:
      Islamic financial managers - [Deleted]
      BANK Part 11.1 Unrestricted PSIA managers - [Deleted]
      BANK Part 11.2 Other Islamic financial managers - [Deleted]
      BANK Part 11.3 Displaced commercial risk, equity investment risk and rate of return risk - [Deleted]
      BANK Chapter 12:
      Collateral and customer mandates for investment dealers
      BANK Part 12.1 Collateral
      BANK Part 12.2 Customer mandates
      BANK Chapter 13:
      Transitional
      BANK 13.1.1 Definitions for Chapter 13
      BANK 13.1.2 Authorised firms to remain authorised
      BANK 13.1.3 Modifications and waivers
      BANK 13.1.4 Powers of Regulatory Authority not diminished
      Recognised exchanges
      BANK Glossary

       

       

      Amended by QFCRA RM/2017-2 (as from 1st April 2017).
      Amended by QFCRA RM/2020-2 (as from 1st January 2021).

       

       

      • BANK Chapter 1 BANK Chapter 1 General

        • BANK Part 1.1 BANK Part 1.1 Preliminary

          • BANK 1.1.1 Introduction

            (1) These rules are the Banking Business Prudential Rules 2014 (or BANK).
            (2) These rules establish the prudential framework for banking business firms. They are based on the Basel Accords and the Basel Core Principles for Effective Banking Supervision issued by the Basel Committee on Banking Supervision.

            Note The Basel Committee is the primary global standard-setter for the prudential regulation of banks and provides a forum for cooperation on banking supervisory matters. Its mandate is to strengthen the regulation, supervision and practices of banks and regulators worldwide and thereby enhance financial stability.
            Amended by QFCRA RM/2015-1 (as from 1st July 2015).

          • BANK 1.1.2 Commencement

            These rules commence on 1 January 2015.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 1.1.3 Effect of definitions, notes and examples

            (1) A definition in the glossary to these rules also applies to any instructions or document made under these rules.
            (2) A note in or to these rules is explanatory and is not part of these rules. However, examples and guidance are part of these rules.
            (3) An example is not exhaustive, and may extend, but does not limit, the meaning of these rules or the particular provision of these rules to which it relates.

            Note Under FSR, art 17 (4), guidance is indicative of the view of the Regulatory Authority at the time and in the circumstances in which it was given.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 1.1.3A References to particular currencies

            In these rules, the specification of an amount of money in a particular currency is also taken to specify the equivalent sum in any other currency at the relevant time.

            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 1.1.4 BANK 1.1.4 Application of these rules — general

            Except as stated otherwise, these rules apply to an entity that has, or is applying for, an authorisation to conduct banking business.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 1.1.4 Guidance

              1 These rules apply to a banking business firm regardless of whether the firm conducts other regulated activities — see rules 1.3.2 (2) and 1.3.3 (2). The following Rules also apply to such a firm:
              •   if the Investment Management and Advisory Rules 2014 (INMA) also applies to it — those Rules
              •   in relation to its dealings with customers — CIPR.
              2 It is possible for a firm both to be authorised as a banking business firm under these rules (that is, as a deposit-taker or an investment dealer) and to hold an authorisation under INMA. Both these rules and INMA would apply to such a firm to some degree. In relation to such a firm, however, the capital requirements in these rules apply. If that firm complies with the capital requirements in these rules, it is taken to comply with the minimum capital and liquid assets requirements in INMA — see INMA, rule 3.3.1(2).
              Amended by QFCRA RM/2019-4 (as from 1st January 2020)
              Amended by QFCRA RM/2020-6 (as from 15th October 2020).

          • BANK 1.1.5 Application of these rules — branches

            (1) Chapter 3 (capital adequacy and capital requirements) does not apply to a banking business firm that is a branch insofar as that chapter would require the branch to hold capital.
            (2) However, the Regulatory Authority may require a branch to have capital resources or to comply with any other capital requirement if the authority considers it necessary or desirable to do so in the interest of effective supervision of the branch.
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 1.1.6 Requirement for policy also requires procedures and systems

            In these rules, a requirement for a banking business firm to have a policy also requires such a firm to have the procedures, systems, processes, controls and limits needed to give effect to the policy.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 1.1.7 Responsibility for principles

            (1) A banking business firm’s governing body is responsible for the firm’s compliance with the principles and requirements set out in these rules.
            (2) The governing body must ensure that the firm’s senior management establishes and implements policies to give effect to these rules. The governing body must approve significant policies and any changes to them (other than formal changes) and must ensure that the policies are fully integrated with each other.
             
            Note 1 The significant policies relate to the adequacy of capital and the management of prudential risk and group risk, as set out in the following Chapters.

            Note 2 For the requirements for an authorised firm’s general risk management strategy — see CTRL.
            (3) The governing body must review the firm’s significant policies from time to time, taking into account changed operating circumstances, activities and risks. The interval between reviews must be appropriate for the nature, scale and complexity of the firm’s business, but must not be longer than 12 months.
            (4) The governing body must ensure that the policies are made known to, and understood by, all relevant staff.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).
            Amended by QFCRA RM/2020-2 (as from 1st january 2021)

          • BANK 1.1.8 Evaluation of information given to firm

            A banking business firm’s governing body must evaluate the suitability and effectiveness of the information and reports that it and the firm’s senior management receive under these rules. The test of suitability and effectiveness is whether the information and reports are suitable for effectively overseeing and implementing the principles and requirements set out in these rules.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 1.1.9 Stress-testing

            In carrying out stress-testing and developing its stress-testing scenarios, a banking business firm must consider the Basel Committee's recommended standards for stress-testing.

            Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

        • BANK Part 1.2 BANK Part 1.2 Principles relating to banking business

          • BANK 1.2.1 Principle 1 — capital adequacy

            A banking business firm must have capital, of adequate amount and appropriate quality, for the nature, scale and complexity of its business and for its risk profile.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 1.2.2 Principle 2 — credit risk and problem assets

            (1) A banking business firm must have an adequate credit risk management policy that takes into account the firm’s risk tolerance, its risk profile and the market and macroeconomic conditions.
            (2) The firm must have adequate policies for the early identification and management of problem assets, and the maintenance of adequate provisions and reserves.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 1.2.3 Principle 3 — transactions with related parties

            A banking business firm must enter into transactions with related parties on an arm’s-length basis in order to avoid conflicts of interest.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 1.2.4 Principle 4 — concentration risk

            A banking business firm must have adequate policies to identify, measure, evaluate, manage and control or mitigate concentrations of risk in a timely way.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 1.2.5 Principle 5 — market risk

            A banking business firm must have an adequate market risk management policy that takes into account the firm’s risk tolerance, its risk profile, the market and macroeconomic conditions and the risk of a significant deterioration in market liquidity. The firm must have adequate policies to identify, measure, evaluate, manage and control or mitigate market risk in a timely way.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 1.2.6 Principle 6 — operational risk

            A banking business firm must have an adequate operational risk management policy that takes into account the firm's risk tolerance, its risk profile, and market and macroeconomic conditions. The firm must have adequate policies to identify, measure, evaluate, manage and control or mitigate operational risk in a timely way.

            Amended by QFCRA RM/2015-1 (as from 1st July 2015).

          • BANK 1.2.7 Principle 7 — interest rate risk in the banking book

            A banking business firm must have an adequate management policy for interest rate risk in the banking book that takes into account the firm’s risk tolerance, its risk profile and the market and macroeconomic conditions. The firm must have policies to identify, measure, evaluate, manage and control or mitigate interest rate risk in the banking book on a timely basis.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 1.2.8 Principle 8 — liquidity risk

            A banking business firm must have prudent and appropriate quantitative and qualitative liquidity requirements. The firm must have policies that enable the firm to comply with those requirements and to manage liquidity risk prudently.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 1.2.9 Principle 9 — group risk

            A banking business firm must effectively manage risks arising from its membership in a group.

            Note For the governing body's responsibilities relating to:

            •   capital adequacy — see rule 3.1.3
            •   credit risk and problem assets — see rule 4.1.4
            •   transactions with related parties — see rule 4.8.4
            •   concentration risk — see rule 5.1.4
            •   market risk — see rule 6.1.5
            •   operational risk — see rule 7.2.1
            •   IRRBB — see rule 8.1.4
            •   liquidity risk — see rule 9.1.5
            •   group risk — see rule 10.1.4.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).
            Amended by QFCRA RM/2020-2 (as from 1st january 2021)

        • BANK Part 1.3 BANK Part 1.3 Banking business firms

          • BANK 1.3.1 BANK 1.3.1 Introduction

            (1) Banking business comprises the activities of deposit taking, providing credit facilities and dealing in investments as principal. An authorised firm that has an authorisation to conduct any of those activities is a banking business firm.
            (2) However, an authorised firm that is an Islamic bank or Islamic investment dealer (within the respective meanings of the Islamic Banking Business Prudential Rules 2015) is not a banking business firm.

            Note An authorised firm that is an Islamic bank or Islamic investment dealer is an Islamic banking business firm — see the Islamic Banking Business Prudential Rules 2015.
            (3) A banking business firm may be a deposit-taker or an investment dealer.
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • Guidance

              A firm that conducts any of the activities that make up banking business, or a combination of those activities, will need to consider the extent to which its business model is subject to the prudential requirements set out in these rules. These rules are designed to address the different prudential risks that could arise from the broad range of business models, risk appetites and risk profiles of banking business firms.

              For example, a firm that solely conducts the activity of dealing in investments as principal (that is, an investment dealer) will need to consider the extent to which its activities in buying, selling, subscribing to or underwriting investments attract prudential risks that are subject to the requirements of these rules. In contrast, a firm that is a deposit-taker and that also deals in investments as principal would be subject to a broader range of prudential requirements. In both examples, these rules apply in accordance with the nature, scale and complexity of the firm's business.

              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 1.3.2 Deposit-taker

            (1) An authorised firm is a deposit-taker if it is authorised to conduct either or both of the regulated activities of deposit taking and providing credit facilities.
            (2) A firm is a deposit-taker even if it is also authorised to conduct any other regulated activity or activity. The authorisation for deposit taking or providing credit facilities makes the firm a deposit-taker.
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 1.3.3 Investment dealer

            (1) An authorised firm is an investment dealer if:
            (a) it is authorised to conduct the regulated activity of dealing in investments as principal; and
            (b) it is not a deposit-taker.
            (2) A firm is an investment dealer even if it is also authorised to conduct any other regulated activity (except deposit taking and providing credit facilities). The authorisation for dealing in investments (and the absence of an authorisation that would make it a deposit-taker) makes the firm an investment dealer.
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 1.3.4 Islamic financial manager [Deleted]

            Deleted by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 1.3.5 Legal form that firms must take

            (1) A deposit-taker must be:
            (a) a limited liability company incorporated under the Companies Regulations 2005; or
            (b) a branch registered with the QFC Companies Registration Office.
            (2) An investment dealer must be:
            (a) a limited liability company incorporated under the Companies Regulations 2005;
            (b) a branch registered with the QFC Companies Registration Office; or
            (c) a limited liability partnership incorporated under the Limited Liability Partnerships Regulations 2005.
            Note Branch is defined in the glossary.
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

      • BANK Chapter 2 BANK Chapter 2 Prudential reporting requirements

        • BANK 2.1.1 Introduction

          (1) This Chapter sets out the prudential reporting requirements for a banking business firm.
          (2) Prudential returns of a banking business firm must reflect the firm's management accounts, financial statements and ancillary reports. A firm's returns, accounts, statements and reports must all be prepared using the same standards and practices, and must be easily reconcilable with one another.
          (3) A return is referred to as a solo return if it reflects 1 firm's accounts, statements and reports.
          (4) A consolidated return deals with the accounts, statements and reports of a firm consolidated with those of the other members of its financial group.

          Note Financial group is defined in rule 10.1.2(2) and is used for consolidated reporting instead of 'corporate group'.
          Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK 2.1.2 BANK 2.1.2 Information about financial group

          If directed by the Regulatory Authority, a banking business firm must give the authority the following information about its financial group:

          (a) details about the entities in the group;
          (b) the structure of the group;
          (c) how the group is managed;
          (d) any other information that the authority requires.
          Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 2.1.2 Guidance [Deleted]

            Deleted by QFCRA RM/2015-3 (as from 1st January 2016).

        • BANK 2.1.3 Financial group and prudential risk

          (1) If a banking business firm is part of a financial group, credit risk, market risk, operational risk, IRRBB and liquidity risk (collectively referred to as prudential risk) apply on a consolidated basis to the firm and the other members that make up the financial group.
          (2) Done on a consolidated basis means done not just to include the financial activities or items of the firm but those of the other members of its financial group as well.

          Note A banking business firm must have systems to enable it to calculate its financial group capital requirement and resources — see rule 10.1.3(3). The firm must ensure that its financial group capital resources exceed its financial group capital requirement — see rule 10.2.2(1).
          Amended by QFCRA RM/2015-1 (as from 1st July 2015).

        • BANK 2.1.4 Preparing returns

          (1) A banking business firm must prepare the prudential returns that it is required to prepare by notice published by the Regulatory Authority on an approved website. Such a notice may also require banking business firms to give other information to the authority.
          (2) The firm must give the return to the Regulatory Authority within the period stated in the notice.
          (3) The Regulatory Authority may, by written notice:
          (a) require a firm to prepare additional prudential returns;
          (b) exempt a firm from a requirement to prepare annual, biannual, quarterly or monthly returns (or a particular return); or
          (c) extend the period within which to give a return.
          (4) An exemption may be subject to 1 or more conditions. The firm must comply with any condition attached to an exemption.
          (5) The firm must prepare and give prudential returns in accordance with the Regulatory Authority’s instructions. The instructions may require that the return be prepared or given through the authority’s electronic submission system.
          (6) The instructions may be set out in these rules, in the return itself, in a separate document published by the authority on an approved website or by written notice. These instructions, wherever or however they are given, are collectively referred to as instructions for preparing returns.

          Note Instructions may be in the form of formulae or blank spaces that the firm must use or fill in and that automatically compute the amounts to be reported.
          Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK 2.1.5 Giving information

          (1) The Regulatory Authority may, by written notice, require a banking business firm to give it information additional to that required under these rules.
          (2) A banking business firm must give information to the Regulatory Authority in accordance with the authority’s instructions and within the period stated in the notice. The authority may extend the period within which to give the information.
          (3) The Regulatory Authority may exempt a banking business firm from giving information. The firm must comply with any condition attached to an exemption.
          Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK 2.1.6 Accounts and statements to use international standards

          (1) A banking business firm must prepare and keep its financial accounts and statements in accordance with IFRS, US GAAP or other accounting standards approved in writing by the Regulatory Authority.
          (2) If the firm decides to prepare and keep its financial accounts and statements in accordance with a standard other than the one it has previously used, it must notify the authority in writing before beginning to do so.
          Amended by QFCRA RM/2015-3 (as from 1st January 2016).

        • BANK 2.1.7 Signing returns

          (1) A prudential return must be signed by 2 individuals.
          (2) If the individuals approved to exercise the finance function and the senior executive function for the firm are available, they must sign the return. If either or both of those individuals is or are unable to sign, the return must be signed by 1 or 2 of the individuals approved to exercise the following functions:
          (a) the risk management function;
          (b) the compliance oversight function;
          (c) the executive governance function.
          (3) In subrule (2), finance function, senior executive function, risk management function, compliance oversight function and executive governance function have the same meanings as in CTRL.
          Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK 2.1.8 Firm to notify authority

          (1) A banking business firm must notify the Regulatory Authority if it becomes aware, or has reasonable grounds to believe, that the firm has breached, or is about to breach, a prudential requirement.
          (2) In particular, the firm must notify the authority as soon as practicable of:
          (a) any breach (or foreseen breach) of its minimum capital requirement;
          (b) any concern (including because of projected losses) it has about its capital adequacy;
          (c) any indication of significant adverse change in the market pricing of, or trading in, the capital instruments of the firm or its financial group (including pressure on the firm to purchase its own equity or debt);
          (d) any other significant adverse change in its capital; and
          (e) any significant departure from its ICAAP.

          Note For a banking business firm's ICAAP — see rule 3.1.5.
          (3) The firm must also notify the authority of any measures taken or planned to deal with any breach, prospective breach or concern.
          Derived from QFCRA RM/2014-2 (as from 1st January 2015).

      • BANK Chapter 3 BANK Chapter 3 Capital adequacy

        • BANK Part 3.1 BANK Part 3.1 General

          • BANK 3.1.1 Introduction

            (1) This Chapter sets out capital adequacy requirements.
            (2) A banking business firm's total regulatory capital is the sum of its tier 1 capital and tier 2 capital. The categories and elements of regulatory capital, as well as the limits, restrictions and adjustments to which they are subject are set out in this Chapter.
            (3) Capital supports the firm's operation by providing a buffer to absorb losses from its activities and, in the event of problems, it enables the firm to continue to operate in a sound and viable manner while the problems are resolved. Capital management must be an integral part of a banking business firm's credit risk management process and must align the firm's risk tolerance and risk profile with its capacity to absorb losses.

            Note For the governing body's responsibilities in relation to capital management and capital adequacy — see rule 3.1.3(2).
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 3.1.2 Chapter 3 and its application to branches

            (1) This chapter does not apply to a banking business firm that is a branch insofar as this chapter would require the branch to hold capital.
            (2) A branch is required to comply with the reporting requirements under this chapter. In relation to the branch’s ICAAP, the branch may rely on the head office’s ICAAP (if available) to demonstrate compliance.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 3.1.3 BANK 3.1.3 Governing body's responsibilities

            (1) A banking business firm's governing body must consider whether the minimum financial resources required by these rules are adequate to ensure that there is no significant risk that the firm's liabilities cannot be met as they fall due. The firm must obtain additional financial resources if its governing body considers that the minimum required does not adequately reflect the risks of its business.
            (2) The governing body is also responsible for:
            (a) ensuring that capital management is part of the firm's overall risk management and is aligned with its risk tolerance and risk profile;
            (b) ensuring that the firm has, at all times, financial resources of the kinds and amounts required by these rules;
            Note Financial resources is a broader concept than captial resources. Financial resources could include liquid assets (such as cash in hand), irrevocable lines of credit and irrevocable guarantees.
            (c) ensuring that the firm has capital, of adequate amount and appropriate quality, for the nature, scale and complexity of its business and for its risk profile;
            (d) ensuring that the amount of capital it has exceeds its minimum capital requirement;
            (e) monitoring the adequacy and appropriateness of the firm's systems and controls and the firm's compliance with them; and
            (f) approving the firm's ICAAP and any significant changes to it.
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 3.1.3 Guidance

              1 A banking business firm's risk management strategy will usually refer to risk tolerance although risk appetite may also be used. The terms 'risk tolerance' and 'risk appetite' embrace all relevant definitions used by different institutions and supervisory authorities. These 2 terms are used interchangeably to describe both the absolute risks a firm is open to take (which some may call risk appetite) and the actual limits within its risk appetite that a firm pursues (which some call risk tolerance).
              2 If the firm is a member of a financial group, the authority expects the capital of the financial group to be apportioned among the group's members, based on the allocation of risks between them.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 3.1.4 Systems and controls

            (1) A banking business firm must have adequate systems and controls to allow it to calculate and monitor its minimum capital requirement.
            (2) The systems and controls must be in writing and must be appropriate for the nature, scale and complexity of its business and for its risk profile.
            (3) The systems and controls must enable the firm to show at all times whether it complies with this Chapter.
            (4) The systems and controls must enable the firm to manage available capital in anticipation of events or changes in market conditions.
            (5) The systems and controls must include ICAAP, and the firm must have contingency arrangements to maintain or increase its capital in times of stress.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 3.1.5 Internal capital adequacy assessment

            (1) A banking business firm's internal capital adequacy assessment process or ICAAP is the process by which the firm continuously demonstrates that it has implemented methods and procedures to ensure that it has adequate capital resources to support the nature and level of its risks.
            (2) A firm's ICAAP (and any significant changes to it) must be in writing and must have been approved by the firm's governing body. A copy of the ICAAP must be given to the Regulatory Authority on request.
            (3) An ICAAP must reflect the nature, scale and complexity of the firm's operations and must include:
            (a) adequate policies and staff to continuously identify, measure, evaluate, manage and control or mitigate the risks arising from its activities, and monitor the capital held against such risks;
            (b) a strategy for ensuring that adequate capital is maintained over time, including specific capital targets set out in the context of its risk tolerance, risk profile and capital requirements;
            (c) plans for how capital targets are to be met and the means available for obtaining additional capital, if required;
            (d) procedures for monitoring its compliance with its capital requirements and capital targets;
            (e) triggers to alert senior management to, and specified actions to avert and rectify, possible breaches of capital requirements;
            (f) procedures for reporting on the ICAAP and its outcomes to the firm's governing body and senior management, and for ensuring that the ICAAP is taken into account in making business decisions;
            (g) policies about the effect on capital of significant risks not covered by explicit capital requirements;
            (h) triggers, scope and procedures for reviewing the ICAAP under rule 1.1.7(3) and in the light of changed conditions and factors affecting the firm's risk tolerance, risk profile and capital;
            (i) procedures for stress-testing and the review of stress scenarios;
            (j) procedures for reporting the results of reviews; and
            (k) an adequate recovery plan for restoring the firm's financial situation after a significant deterioration.
            (4) In addition to the periodic review under rule 1.1.7(3), a firm's ICAAP must be reviewed by an appropriately qualified person at least once every 3 years. The person must be independent of the conduct of the firm's capital management.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 3.1.6 Use of internal models

            (1) The Regulatory Authority's requirements for banking business firms to maintain adequate capital and manage prudential risk are based on the approaches set out by the Basel Committee on Banking Supervision in the Basel Accords. The Accords allow firms to use internal models to assess capital adequacy and prudential risk, and this rule governs the use of such models.
            (2) A firm must not use its own model to assess capital adequacy or prudential risk unless the Regulatory Authority has approved the model. The authority may approve a model subject to 1 or more conditions.
            (3) In making its decision, the authority will take into account:
            (a) the nature, scale and complexity of the firm's business;
            (b) the standards proposed by the firm, the rigour of its compliance with them, and the ease with which the authority can assess that compliance;
            (c) whether the model can be relied upon as a reasonable reflection of the risks undertaken by the firm; and
            (d) any other matter that the authority considers relevant.
            (4) The authority may revoke the approval if it is satisfied that the firm has failed to comply with any condition specified by the authority or any standard proposed by the firm.
            (5) The firm must not stop using an approved model, or make significant changes to it, without the authority's approval.

            Note The use of internal models to measure IRRBB is allowed under rule 8.1.5(b).
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 3.1.7 References to particular currencies [Deleted]

            Deleted by QFCRA RM/2019-6 (as from 1st January 2020).

        • BANK Part 3.2 BANK Part 3.2 Initial and ongoing capital requirements

          • BANK Division 3.2.A BANK Division 3.2.A Required capital and ratios

            • BANK 3.2.1 Introduction

              (1) A banking business firm is expected to meet minimum risk-based capital requirements for exposure to credit risk, market risk and operational risk. The firm's capital adequacy ratios (consisting of CET 1 ratio, total tier 1 ratio and total capital ratio) are calculated by dividing its regulatory capital by total risk-weighted assets.
              (2) Total risk-weighted assets of a banking business firm is the sum of:
              (a) the firm's risk-weighted on-balance-sheet and off-balance-sheet items calculated in accordance with Part 4.4; and
              (b) 12.5 times the sum of the firm's market and operational risk capital requirements (to the extent that each of those requirements applies to the firm).
              Note For how to calculate the firm’s market risk and operational risk capital requirements, see rule 6.1.1(3) and Part 7.4, respectively.
              (3) In this Part:

              consolidated subsidiary, of a banking business firm, means:
              (a) a subsidiary of the firm; or
              (b) a subsidiary of a subsidiary of the firm.
              Amended by QFCRA RM/2015-1 (as from 1st July 2015).
              Amended by QFCRA RM/2020-2 (as from 1st January 2021)

            • BANK 3.2.2 Required tier 1 capital on authorisation

              An entity must have, at the time it is authorised, tier 1 capital at least equal to the base capital requirement for the activity applied for. The Regulatory Authority will not grant an authorisation unless it is satisfied that the entity complies with this requirement.

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 3.2.3 Required ongoing capital

              (1) A banking business firm must have at all times capital at least equal to the higher of:
              (a) its base capital requirement; and
              (b) its risk-based capital requirement.

              Note A firm whose minimum capital requirement is its risk-based capital requirement is subject to the additional requirement to maintain a capital conservation buffer — see rule 3.3.2.
              (2) The amount of capital that a firm must have is its minimum capital requirement.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 3.2.4 Base capital requirement

              The base capital requirement for a banking business firm is:

              (a) for a deposit-taker — QR 35 million; or
              (b) for an investment dealer — QR7 million.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 3.2.5 Risk-based capital requirement

              The risk-based capital requirement for a banking business firm is the sum of:

              (a) its credit risk capital requirement;
              (b) its market risk capital requirement; and
              (c) its operational risk capital requirement.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 3.2.6 Capital adequacy ratios

              (1) A banking business firm's capital adequacy is measured against 3 capital ratios expressed as percentages of its total risk-weighted assets.
              (2) A firm's minimum capital adequacy ratios are:
              (a) a CET 1 capital ratio of 4.5%;
              (b) a tier 1 capital ratio of 6%; and
              (c) a regulatory capital ratio of 8%.
              Note Under rule 3.3.2, at least 2.5% (by way of a capital conservation buffer) must be held by a banking business firm in addition to the minimum capital adequacy ratios. The firm's CET 1 capital plus capital conservation buffer must therefore be no less than 7% of its total risk-weighted assets.
              (3) The Regulatory Authority may, if it believes it is prudent to do so, increase any or all of a firm's minimum capital adequacy ratios. The authority will notify the firm in writing about a new capital adequacy ratio and the timeframe for meeting it.
              (4) A firm must maintain at all times capital adequacy ratios higher than the required minimum so that adequate capital is maintained in the context of the firm's risk tolerance, risk profile and capital requirements, and as an additional buffer to absorb losses and problems from market volatility. These higher ratios are the firm's risk-based capital adequacy ratios.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK Division 3.2.B BANK Division 3.2.B Elements of regulatory capital

            • BANK 3.2.7 Regulatory capital

              (1) The regulatory capital of a firm is the sum of its tier 1 capital and tier 2 capital.
              (2) Tier 1 capital is the sum of a firm's CET 1 capital and additional tier 1 capital. Tier 1 capital is also known as going-concern capital because it is meant to absorb losses while the firm is viable.

              Note For the elements of CET 1 capital and additional tier 1 capital — see rules 3.2.8 and 3.2.10.
              (3) Tier 2 capital is the sum of the elements set out in rule 3.2.12. Tier 2 capital is also known as gone-concern capital because it is meant to absorb losses after the firm ceases to be viable.
              (4) For these rules, the 3 categories of regulatory capital are CET 1 capital, additional tier 1 capital and tier 2 capital.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 3.2.8 Common equity tier 1 capital

              Common equity tier 1 capital (or CET 1 capital) is the sum of the following elements:

              (a) common shares issued by a banking business firm that satisfy the criteria in rule 3.2.9 for classification as common shares (or the equivalent for non-joint stock companies);
              (b) share premium resulting from the issue of instruments included in CET 1 capital;

              Note Share premium is also known as stock surplus and constitutes additional paid-in capital.
              (c) retained earnings;
              (d) accumulated other comprehensive income and other disclosed reserves (for example, the foreign currency translation reserve mentioned in rule 6.2.2 (4));
              (e) common shares, issued by a consolidated subsidiary of the firm and held by third parties, that satisfy the criteria in rule 3.2.16 for inclusion in CET 1 capital;
              (f) regulatory adjustments applied in the calculation of CET 1 capital in accordance with Division 3.2.D.
              Note Retained earnings and other comprehensive income include appropriated profit or loss.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 3.2.9 Criteria for classification as common shares

              (1) An instrument issued by a banking business firm is classified as a common share and included in CET 1 capital if all of the criteria in subrules (2) to (15) are satisfied.
              (2) The instrument is the most subordinated claim in case of the liquidation of the firm.
              (3) The holder of the instrument is entitled to a claim on the residual assets that is proportional to its share of issued capital, after all senior claims have been repaid in liquidation. The claim must be unlimited and variable and must be neither fixed nor capped.
              (4) The principal amount of the instrument is perpetual and never repayable except in liquidation. Discretionary repurchases and other discretionary means of reducing capital allowed by law do not constitute repayment.

              Note Under rule 3.3.6, the Regulatory Authority's approval is required for a reduction in capital.
              (5) The firm does nothing to create an expectation at issuance that the instrument will be bought back, redeemed or cancelled. The statutory or contractual terms do not provide anything that might give rise to such an expectation.
              (6) Distributions are paid out of distributable items of the firm (including retained earnings) and the amount of distributions:
              (a) is not tied or linked to the amount paid in at issuance; and
              (b) is not subject to a contractual cap (except to the extent that a firm may not pay distributions that exceed the amount of its distributable items).
              (7) There are no circumstances under which the distributions are obligatory. Non-payment of distributions does not constitute default.
              (8) Distributions are paid only after all legal and contractual obligations have been met and payments on more senior capital instruments have been made. There are no preferential distributions and in particular none for any other elements classified as the highest quality issued capital.
              (9) It is the issued capital that takes the first and proportionately greatest share of any losses as they occur. Within the highest quality capital, each instrument absorbs losses on a going-concern basis proportionately and equally with all the others.

              Note This criterion is taken to be satisfied even if the instrument includes a permanent write-down mechanism.
              (10) The paid-in amount is recognised as equity capital (rather than as a liability) for determining balance-sheet insolvency.
              (11) The paid-in amount is classified as equity in accordance with the relevant accounting standards.

              Note For the firm's choice and use of accounting standards — see rule 2.1.6.
              (12) The instrument is directly issued and paid-in, and the firm has not directly or indirectly funded the purchase of the instrument.
              (13) The paid-in amount is neither secured nor covered by a guarantee of the firm or a related party, nor subject to any other arrangement that legally or economically enhances the seniority of the holder's claim in relation to the claims of the firm's creditors.
              (14) The instrument is issued only with the approval of the owners of the firm, either given directly by the owners or, if permitted by the applicable law, given by its governing body or by other persons authorised by the owners.
              (15) The instrument is clearly and separately disclosed on the firm's balance sheet.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 3.2.10 Additional tier 1 capital

              Additional tier 1 capital is the sum of the following elements:

              (a) instruments issued by a banking business firm that satisfy the criteria in rule 3.2.11 for inclusion in additional tier 1 capital (and are not included in CET 1 capital);
              (b) share premium resulting from the issue of instruments included in additional tier 1 capital;

              Note Share premium is also known as stock surplus and constitutes additional paid-in capital.
              (c) instruments, issued by consolidated subsidiaries of the firm and held by third parties, that satisfy the criteria in rule 3.2.17 for inclusion in additional tier 1 capital (and are not included in CET 1 capital);
              (d) regulatory adjustments applied in the calculation of additional tier 1 capital in accordance with Division 3.2.D.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 3.2.11 Criteria for inclusion in additional tier 1 capital

              (1) An instrument is included in additional tier 1 capital if all of the criteria in subrules (2) to (16) are satisfied.
              (2) The instrument is paid-in.
              (3) The instrument is the most subordinated claim after those of depositors, general creditors and holders of the subordinated debt of the firm.
              (4) The paid-in amount is neither secured nor covered by a guarantee of the firm or a related party, nor subject to any other arrangement that legally or economically enhances the seniority of the holder's claim in relation to the claims of the firm's creditors.
              (5) The instrument is perpetual. It has no maturity date and there are no step-ups or other incentives to redeem.
              (6) If the instrument is callable by the firm, it can only be called 5 years or more after the instrument is paid-in and only with the approval of the Regulatory Authority. The firm must not do anything to create an expectation that the exercise of the option will be approved, and, if the exercise is approved, the firm:
              (a) must replace the called instrument with capital of the same or better quality and at conditions sustainable for the income capacity of the firm; or
              (b) must demonstrate to the authority that its capital will exceed the firm's minimum capital requirement after the option is exercised.
              (7) A repayment of principal through repurchase, redemption or other means must be approved by the Regulatory Authority. The firm must not assume, or create a market expectation, that such approval will be given.
              (8) The instrument must provide for the firm to have at all times discretion not to make a distribution or pay a dividend or coupon. The exercise of the discretion must not impose restrictions on the firm (except in relation to distributions to common shareholders) and must not constitute default.
              (9) Dividends and coupons must be paid out of distributable items.
              (10) The instrument must not have a credit-sensitive-dividend feature under which a dividend or coupon is periodically reset based (wholly or partly) on the firm's credit standing.
              (11) The instrument must not contribute to the firm's liabilities exceeding its assets if such a balance-sheet test forms part of any insolvency law applying in the jurisdiction where the instrument was issued.
              (12) An instrument classified as a liability for accounting purposes must have principal loss absorption through conversion to common shares, or a write-down mechanism that allocates losses to the instrument, at a pre-specified trigger point. The conversion must be made in accordance with rule 3.2.14.
              (13) A write-down of the instrument has the following effects:
              (a) reducing the claim of the instrument in liquidation;
              (b) reducing the amount repaid when a call option is exercised;
              (c) reducing or eliminating dividend or coupon payments on the instrument.
              (14) Neither the firm nor a related party over which the firm exercises control has purchased the instrument, nor has the firm directly or indirectly funded the purchase of the instrument.
              (15) The instrument has no features that hinder recapitalisation. For example, it must not require the firm to compensate investors if a new instrument is issued at a lower price during a specified period.
              (16) If the instrument is issued by a special purpose vehicle, the proceeds are immediately available without limitation to the firm through an instrument that satisfies the other criteria for additional tier 1 capital.

              Note For the treatment of instruments issued by a special purpose vehicle — see rule 3.2.19.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 3.2.12 Tier 2 capital

              Tier 2 capital is the sum of the following elements:

              (a) instruments issued by the firm that satisfy the criteria in rule 3.2.13 for inclusion in tier 2 capital (and are not included in tier 1 capital);
              (b) share premium resulting from the issue of instruments included in tier 2 capital;

              Note Share premium is also known as stock surplus and constitutes additional paid-in capital.
              (c) instruments, issued by consolidated subsidiaries of the firm and held by third parties, that satisfy the criteria in rule 3.2.18 for inclusion in tier 2 capital (and are not included in tier 1 capital);
              (d) regulatory adjustments applied in the calculation of tier 2 capital in accordance with Division 3.2.D;
              (e) general provisions or general reserves held against future, presently unidentified losses (but only up to a maximum of 1.25% of risk-weighted assets for credit risk, calculated using the standardised approach in Part 4.3).
              Note General provisions and reserves are freely available to meet losses that subsequently materialise and therefore qualify for inclusion in tier 2 capital. In contrast, provisions for identified deterioration of particular assets or known liabilities, whether individual or grouped, should be excluded because they would not be available to meet losses.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 3.2.13 Criteria for inclusion in tier 2 capital

              (1) An instrument is included in tier 2 capital if all the criteria in subrules (2) to (11) are satisfied.
              (2) The instrument is paid-in.
              (3) The instrument is the most subordinated claim after those of depositors, general creditors and holders of the subordinated debt of the firm.
              (4) The paid-in amount is neither secured nor covered by a guarantee of the firm or a related party, nor subject to any other arrangement that legally or economically enhances the seniority of the holder's claim in relation to the claims of the firm's depositors and general creditors.
              (5) The original maturity of the instrument is at least 5 years.
              (6) The recognition in regulatory capital in the remaining 5 years before maturity is amortised on a straight line basis and there are no step-ups or other incentives to redeem.
              (7) If the instrument is callable by the firm, it can only be called 5 years or more after the instrument is paid-in and only with the approval of the Regulatory Authority. The firm must not do anything to create an expectation that the exercise of the option will be approved, and, if the exercise is approved, the firm:
              (a) must replace the called instrument with capital of the same or better quality and at conditions sustainable for the income capacity of the firm; or
              (b) must demonstrate to the authority that its capital will exceed the firm's minimum capital requirement after the option is exercised.
              (8) The holder has no right to accelerate future scheduled payments of coupon or principal, except in bankruptcy or liquidation.
              (9) The instrument does not have a credit-sensitive-dividend feature under which a dividend or coupon is periodically reset based (wholly or partly) on the firm's credit standing.
              (10) Neither the firm nor a related party over which the firm exercises control has purchased the instrument, nor has the firm directly or indirectly funded the purchase of the instrument.
              (11) If the instrument is issued by a special purpose vehicle, the proceeds are immediately available without limitation to the firm through an instrument that satisfies the other criteria for tier 2 capital.

              Note For the treatment of instruments issued by a special purpose vehicle — see rule 3.2.19.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 3.2.14 BANK 3.2.14 Requirements — loss absorption at point of non-viability

              (1) This rule applies to an additional tier 1 or tier 2 instrument issued by a banking business firm. It sets out additional requirements to ensure loss absorption at the point of non-viability.
              (2) The terms and conditions of an instrument must give the Regulatory Authority the discretion to direct that the instrument be written-off or converted to common equity on the happening of a trigger event.
              (3) The firm must be able to issue the required number of shares specified in the instrument if a trigger event happens. The issuance of any new shares because of a trigger event must happen before any public sector injection of capital so that capital provided by the public sector is not diluted.
              (4) Trigger event, in relation to the firm that issued the instrument, is the earliest of:
              (a) a decision of the Regulatory Authority that a write-off (without which the firm would become non-viable) is necessary; and
              (b) a decision by the relevant authority in Qatar to make a public sector injection of capital, or give equivalent support (without which injection or support the firm would become non-viable, as determined by that authority).
              (5) If the firm is a member of a financial group and the firm wishes the instrument to be included in the group’s capital in addition to its solo capital, the trigger event must be the earliest of:
              (a) the decision in subrule (4) (a);
              (b) the decision in subrule (4) (b);
              (c) a decision, by the relevant authority in the firm’s home jurisdiction, that a write-off (without which the firm would become non-viable) is necessary; and
              (d) a decision, by the relevant authority in the jurisdiction of the financial regulator that regulates the parent entity of the firm, to make a public sector injection of capital, or give equivalent support, in that jurisdiction (without which injection or support the firm would become non-viable, as determined by that authority).
              (6) Any compensation paid to the holder of an instrument because of a write-off must be paid immediately in the form of common shares (or the equivalent for non-joint-stock companies).
              (7) If the firm is a member of a financial group, any common shares paid as compensation to the holder of the instrument must be common shares of the firm or of the parent entity of the group.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 3.2.14 Guidance

                Conversion or write-off under this rule would be limited to the extent necessary to enable the Regulatory Authority to conclude that the firm is viable without further conversion or write-off.

                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK Division 3.2.C BANK Division 3.2.C Inclusion of third parties’ interests

            • BANK 3.2.15 Introduction

              This Division sets out the criteria and formulae for the inclusion, in a banking business firm's regulatory capital, of interests held by third parties.

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 3.2.16 Criteria for third party interests — common equity tier 1 capital

              (1) For rule 3.2.8 (e), a common share, issued by a consolidated subsidiary of a banking business firm and held by a third party as a non-controlling interest, may be included in the firm's CET 1 capital if:
              (a) the share would be included in the firm's CET 1 capital had it been issued by the firm; and
              (b) the subsidiary that issued the share is itself a deposit-taker or investment dealer (or an equivalent entity in its home jurisdiction).
              (2) The amount to be included in the consolidated CET 1 capital of a banking business firm is calculated in accordance with the following formula:

              NCI((CET1sMin) × SS)


              where:

              NCI is the total of the non-controlling interests of third parties in a consolidated subsidiary of the firm.

              CET1s is the amount of CET 1 capital of the subsidiary.

              Min is the lower of:

              (a) 1.07 × (minimum CET 1 capital requirement of the subsidiary); and
              (b) 1.07 × (the part of the consolidated minimum CET 1 capital requirement that relates to the subsidiary).
              SS means the percentage of the shares in the subsidiary (being shares included in CET 1 capital) held by those third parties.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 3.2.17 Criteria for third party interests — additional tier 1 capital

              (1) For rule 3.2.10(c), an instrument (including a common share) issued by a consolidated subsidiary of a banking business firm and held by a third party as a non-controlling interest may be included in the firm's additional tier 1 capital if the instrument would be included in the firm's additional tier 1 capital had it been issued by the firm.

              Note Any amount already included in CET 1 capital must not be included in additional tier 1 capital — see rule 3.2.10(c).
              (2) The amount to be included in the consolidated additional tier 1 capital of a banking business firm is calculated in accordance with the following formula:

              NCI((T1sMin) × SS)

              where:

              NCI is the total of the non-controlling interests of third parties in a consolidated subsidiary of the firm.

              T1s is the amount of additional tier 1 capital of the subsidiary.

              Min is the lower of:

              (a) 1.07 × (minimum additional tier 1 capital requirement of the subsidiary); and
              (b) 1.07 × (the part of the consolidated minimum additional tier 1 capital requirement that relates to the subsidiary).
              SS means the percentage of the shares in the subsidiary (being shares included in additional tier 1 capital) held by those third parties.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 3.2.18 Criteria for third party interests — tier 2 capital

              (1) For rule 3.2.12 (c), an instrument (including a common share and any other tier 1 capital instrument) issued by a consolidated subsidiary of a banking business firm and held by a third party as a non-controlling interest may be included in the firm's tier 2 capital if the instrument would be included in the firm's tier 2 capital had it been issued by the firm.

              Note Any amount already included in CET 1 capital or additional tier 1 capital must not be included in tier 2 capital — see rule 3.2.12 (c).
              (2) The amount to be included in the consolidated tier 2 capital of a banking business firm is calculated in accordance with the following formula:

              NCI((T2sMin) × SS)

              where:

              NCI is the total of the non-controlling interests of third parties in a consolidated subsidiary of the firm.

              T2s is the amount of tier 2 capital of the subsidiary.

              Min is the lower of:

              (a) 1.07 × (minimum tier 2 capital requirement of the subsidiary); and
              (b) 1.07 × (the part of the consolidated minimum tier 2 capital requirement that relates to the subsidiary).
              SS means the percentage of the shares in the subsidiary (being shares included in tier 2 capital) held by those third parties.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 3.2.19 Treatment of third party interests from special purpose vehicles

              (1) An instrument issued out of a special purpose vehicle and held by a third party must not be included in a banking business firm's CET 1 capital. Such an instrument may be included in the firm's additional tier 1 or tier 2 capital (and treated as if it had been issued by the firm itself directly to the third party), if:
              (a) the instrument satisfies the criteria for inclusion in the relevant category of regulatory capital; and
              (b) the only asset of the special purpose vehicle is its investment in the capital of the firm and that investment satisfies the criterion in rule 3.2.11(16) or 3.2.13(11) for the immediate availability of the proceeds.
              (2) An instrument described in subrule (1) that is issued out of a special purpose vehicle through a consolidated subsidiary of a banking business firm may be included in the firm's consolidated additional tier 1 or tier 2 capital if the instrument satisfies the criteria in rule 3.2.17 or 3.2.18, as the case requires. Such an instrument is treated as if it had been issued by the subsidiary itself directly to the third party.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK Division 3.2.D BANK Division 3.2.D Regulatory adjustments

            • BANK Subdivision 3.2.D.1 BANK Subdivision 3.2.D.1 General

              • BANK 3.2.20 Introduction

                (1) Regulatory adjustments to a banking business firm’s capital may be required to avoid double-counting, or artificial inflation, of its capital. They may also be required in relation to assets that cannot readily be converted into cash.
                (2) Adjustments can be made to all 3 categories of regulatory capital, but most of them are to CET 1 capital.
                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 3.2.21 Approaches to valuation and adjustment

                (1) A banking business firm must use the same approach for valuing regulatory adjustments to its capital as it does for balance-sheet valuations. An item that is deducted from capital must be valued in the same way as it would be for inclusion in the firm’s balance sheet.
                (2) The firm must use the corresponding deduction approach and the threshold deduction rule in making adjustments to its capital.
                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 3.2.22 Definitions for Division 3.2.D

                In this Division:

                entity concerned means any of the following entities:

                (a) a banking business firm;
                (b) any other financial or insurance entity;
                (c) an entity over which a banking business firm exercises control.
                Note Exercise control is defined in the glossary.

                significant investment, by a banking business firm in an entity concerned, means an investment of 10% or more in the common shares, or other instruments that qualify as capital, of the entity concerned. Investment includes a direct, indirect and synthetic holding of capital instruments.

                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK Subdivision 3.2.D.2 BANK Subdivision 3.2.D.2 Adjustments to common equity tier 1 capital

              • BANK 3.2.23 Form of adjustments

                Adjustments to CET 1 capital must be made in accordance with this Subdivision. Regulatory adjustments are generally in the form of deductions, but they may also be in the form of recognition or derecognition of items in the calculation of a firm’s capital.

                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 3.2.24 Goodwill and intangible assets

                A banking business firm must deduct from CET 1 capital the amount of its goodwill and other intangible assets (except mortgage servicing rights). The amount must be net of any related deferred tax liability that would be extinguished if the goodwill or assets become impaired or derecognised under IFRS or any other relevant accounting standards.

                Note For the treatment of mortgage servicing rights — see rule 3.2.41 (Deductions from common equity tier 1 capital).

                Amended by QFCRA RM/2015-3 (as from 1st January 2016).

              • BANK 3.2.25 Deferred tax assets

                (1) A banking business firm must deduct from CET 1 capital the amount of deferred tax assets (except those that relate to temporary differences) that depend on the future profitability of the firm.
                (2) A deferred tax asset may be netted with a deferred tax liability only if the asset and liability relate to taxes levied by the same taxation authority and offsetting is explicitly permitted by that authority. A deferred tax liability must not be used for netting if it has already been netted against a deduction of goodwill, other intangible assets or defined benefit pension assets.

                Note Any deferred tax liability that may be netted must be allocated pro rata between deferred tax assets under this rule and those under the threshold deduction rule. For the treatment of deferred tax assets that relate to temporary differences (for example, allowance for credit losses) — see rule 3.2.41 (Deductions from common equity tier 1 capital).
                Amended by QFCRA RM/2015-3 (as from 1st January 2016).

              • BANK 3.2.26 Cash flow hedge reserve

                In the calculation of CET 1 capital, a banking business firm must derecognise the amount of the cash flow hedge reserve that relates to the hedging of items that are not fair valued on the balance sheet (including projected cash flows).

                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 3.2.27 Cumulative gains and losses from changes to own credit risk

                In the calculation of CET 1 capital, a banking business firm must derecognise all unrealised gains and unrealised losses that have resulted from changes in the fair value of liabilities that are due to changes in the firm’s own credit risk.

                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 3.2.28 Defined benefit pension fund assets

                (1) A banking business firm must deduct from CET 1 capital the amount of a defined benefit pension fund that is an asset on the firm’s balance sheet. The amount must be net of any related deferred tax liability that would be extinguished if the asset becomes impaired or derecognised under IFRS or any other relevant accounting standards.
                (2) The firm may apply to the Regulatory Authority for approval to offset from the deduction any asset in the defined benefit pension fund to which the firm has unrestricted and unfettered access. Such an asset must be assigned the risk-weight that would be assigned if it were owned directly by the firm.
                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 3.2.29 Securitisation gains on sale

                In the calculation of CET 1 capital, a banking business firm must derecognise any increase in equity capital or CET 1 capital from a securitisation or resecuritisation transaction (for example, an increase associated with expected future margin income resulting in a gain-on-sale).

                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 3.2.30 Higher capital imposed on overseas branch

                (1) If a banking business firm has an overseas branch, the firm must deduct from CET 1 capital whichever is the higher of any capital requirement imposed by the Regulatory Authority or the financial regulator in the jurisdiction in which the branch is located.
                (2) This rule does not apply if the overseas branch is a consolidated entity of the banking business firm. A branch is a consolidated entity if it is included in the firm’s consolidated returns.
                (3) Despite subrule (2), if the financial regulator in the jurisdiction in which a branch is located imposes a capital requirement for the foreign branch, a banking firm must deduct from CET 1 capital the amount of any shortfall between the actual capital held by the foreign branch and that capital requirement.
                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 3.2.31 Assets lodged or pledged to secure liabilities

                (1) A banking business firm must deduct from CET 1 capital the amount of any assets lodged or pledged by the firm if:
                (a) the assets were lodged or pledged to secure liabilities incurred by the firm; and
                (b) the assets are not available to meet the liabilities of the firm.
                (2) The Regulatory Authority may determine that, in the circumstances, the amount of assets lodged or pledged need not be deducted from the firm’s CET 1 capital. The determination must be in writing.
                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 3.2.32 Acknowledgments of debt

                (1) A banking business firm must deduct from CET 1 capital the net present value of an acknowledgement of debt outstanding issued by it to directly or indirectly fund instruments that qualify as CET 1 capital.
                (2) This rule does not apply if the acknowledgement is subordinated in rank similar to that of instruments that qualify as CET 1 capital.
                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 3.2.33 Accumulated losses

                A banking business firm must deduct from CET 1 capital the amount of any accumulated losses.

                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK Subdivision 3.2.D.3 BANK Subdivision 3.2.D.3 Deductions from categories of regulatory capital

              • BANK 3.2.34 Deductions using corresponding deduction approach

                (1) The deductions that must be made from CET 1 capital, additional tier 1 capital or tier 2 capital under the corresponding deduction approach are set out in this Subdivision. A banking business firm must examine its holdings of index securities and any underlying holdings of capital to determine whether any deductions are required as a result of such indirect holdings.
                (2) Deductions must be made from the same category for which the capital would qualify if it were issued by the banking business firm itself or, if there is not enough capital at that category, from the next higher category.

                Example

                If the amount of tier 2 capital is insufficient to cover the amount of deductions from that category, the shortfall must be deducted from additional tier 1 capital and, if additional tier 1 capital is still insufficient, the remaining amount must be deducted from CET 1 capital.
                (3) The corresponding deduction approach applies regardless of whether the positions or exposures are held in the banking book or trading book.
                Amended by QFCRA RM/2015-3 (as from 1st January 2016).

              • BANK 3.2.35 Investments in own shares and capital instruments

                (1) A banking business firm must deduct direct or indirect investments in its own common shares or own capital instruments (except those that have been derecognised under IFRS or any other relevant accounting standards). The firm must also deduct any of its own common shares or instruments that it is contractually obliged to purchase.
                (2) The gross long positions may be deducted net of short positions in the same underlying exposure only if the short positions involve no counterparty risk. However, gross long positions in its own shares resulting from holdings of index securities may be netted against short positions in its own shares resulting from short positions in the same underlying index, even if those short positions involve counterparty risk.
                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 3.2.36 Reciprocal cross holdings

                A banking business firm must deduct reciprocal cross holdings in shares, or other instruments that qualify as capital, of an entity concerned.

                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 3.2.37 Non-significant investments — aggregate is less than 10% of firm's common equity tier 1 capital

                (1) This rule applies if:
                (a) a banking business firm makes a non-significant investment in an entity concerned;
                (b) the entity concerned is an unconsolidated entity (that is, the entity is not one that is included in the firm's consolidated returns);
                (c) the firm does not own 10% or more of the common shares of the entity concerned; and
                (d) after applying all other regulatory adjustments, the total of the deductions required to be made under this rule is less than 10% of the firm's CET 1 capital.
                (2) A banking business firm must deduct any investments in common shares, or other instruments that qualify as capital, of an entity concerned.
                (3) The amount to be deducted is the net long position (that is, the gross long position net of short positions in the same underlying exposure if the maturity of the short position either matches the maturity of the long position or has a residual maturity of at least 1 year).
                (4) Underwriting positions held for more than 5 business days must also be deducted.
                (5) If a capital instrument is required to be deducted and it is not possible to determine whether it should be deducted from CET 1 capital, additional tier 1 capital or tier 2 capital, the deduction must be made from CET 1 capital.
                Amended by QFCRA RM/2015-3 (as from 1st January 2016).

              • BANK 3.2.38 Non-significant investments — aggregate is 10% or more of firm's common equity tier 1 capital

                (1) This rule applies if, after applying all other regulatory adjustments, the total of the deductions required to be made under rule 3.2.37 is 10% or more of the firm's CET 1 capital.
                (2) A banking business firm must deduct the amount by which the total of the deductions required to be made under rule 3.2.37 exceeds 10% of the firm's CET 1 capital. This amount to be deducted is referred to as the excess.
                (3) How much of the excess gets to be deducted from each category of regulatory capital under the corresponding deduction approach is calculated in accordance with the following formula:



                A is the amount of CET 1 capital, additional tier 1 capital or tier 2 capital of the banking business firm, as the case requires.

                B is the total capital holdings of the firm.
                Amended by QFCRA RM/2015-1 (as from 1st July 2015).

              • BANK 3.2.39 Significant investments

                (1) This rule applies if:
                (a) a banking business firm makes a significant investment in an entity concerned;
                (b) the entity concerned is an unconsolidated entity (that is, the entity is not one that is included in the firm's consolidated returns); and
                (c) the firm owns 10% or more of the common shares of the entity concerned.
                (2) A banking business firm must deduct the total amount of investments in the entity concerned (other than investments in common shares, or other instruments that qualify as CET 1 capital, of the entity).

                Note For the treatment of investments in common shares, or other instruments that qualify as CET 1 capital, of an entity concerned, see rule 3.2.41 (Deductions from common equity tier 1 capital).
                (3) The amount to be deducted is the net long position (that is, the gross long position net of short positions in the same underlying exposure if the maturity of the short position either matches the maturity of the long position or has a residual maturity of at least 1 year).
                (4) Underwriting positions held for more than 5 business days must also be deducted.
                (5) If a capital instrument is required to be deducted and it is not possible to determine whether it should be deducted from CET 1 capital, additional tier 1 capital or tier 2 capital, the deduction must be made from CET 1 captial.
                Amended by QFCRA RM/2015-3 (as from 1st January 2016).

              • BANK 3.2.40 Firms may use estimates or exclude deductions

                (1) If it is impractical for a banking business firm to examine and monitor the firm's exposures to the capital of entities concerned (including through holdings of indexed securities), the firm may apply to the Regulatory Authority for approval to use an estimate of such exposures. The authority will grant such an approval only after the firm satisfies the authority that the estimate is conservative, well-founded and reasonable.
                (2) A banking business firm may also apply to the Regulatory Authority for approval not to deduct an investment made to resolve, or provide financial assistance to reorganise, a distressed entity.
                Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK Subdivision 3.2.D.4 BANK Subdivision 3.2.D.4 Threshold deduction rule

              • BANK 3.2.41 Deductions from common equity tier 1 capital

                (1) In addition to the other deductions to CET 1 capital under this Chapter, deductions may be required to CET 1 capital under the threshold deduction rule.
                (2) The threshold deduction rule provides recognition for particular assets that are considered to have some limited capacity to absorb losses. The following items come within the threshold deduction rule:
                (a) significant investments in the common shares, or other instruments that qualify as CET 1 capital, of an unconsolidated entity concerned;
                (b) mortgage servicing rights;
                (c) deferred tax assets that relate to temporary differences (for example, allowance for credit losses).
                (3) Instead of full deduction, the items that come within the threshold deduction rule receive limited recognition when calculating CET 1 capital. The total of each of the items in subrule (2) do not require adjustment from CET 1 capital and are risk-weighted at 300% (for items listed on a recognised exchange) or 400% (for items not so listed) provided that:
                (a) each item is no more than 10% of the firm's CET 1 capital (net of all regulatory adjustments except those under this Subdivision); or
                (b) in total, the 3 items are no more than 15% of the firm's CET 1 capital (net of all regulatory adjustments except those under this Subdivision).
                (4) A banking business firm must deduct from CET 1 capital any amount in excess of the threshold in subrule (3)(a) or (b).
                Amended by QFCRA RM/2015-3 (as from 1st January 2016).

        • BANK Part 3.3 BANK Part 3.3 Capital buffers and other requirements

          • BANK 3.3.1 Introduction

            (1) The capital adequacy framework contains 2 additional measures for conserving capital through the capital conservation buffer and the counter-cyclical capital buffer.
            (2) The capital conservation buffer promotes the conservation of capital and the build-up of a buffer above the minimum in times of economic growth and credit expansion, so that the buffer can be drawn down in periods of stress. It imposes an obligation to restrict a firm's distributions when capital falls below the capital conservation buffer minimum.
            (3) The counter-cyclical capital buffer is a macroprudential tool that can be used to mitigate the build-up of a system-wide risk such as excess aggregate credit growth. It is intended to ensure that the banking system has a buffer of capital to protect it against future potential losses.
            (4) These 2 buffers and other requirements on capital are set out in this Part.
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 3.3.2 Capital conservation buffer

            (1) A banking business firm whose risk-based capital requirement is higher than its base capital requirement must maintain a minimum capital conservation buffer of:
            (a) 2.5% of the firm's total risk-weighted assets; or
            (b) a higher amount that the Regulatory Authority may, by written notice, set from time to time.
            (2) A firm's capital conservation buffer must be made up of CET 1 capital above the amounts used to meet the firm's CET 1 capital ratio, tier 1 capital ratio and regulatory capital ratio in rule 3.2.6(2).
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 3.3.3 Capital conservation ratios

            (1) If a banking business firm's capital conservation buffer falls below the required minimum, the firm must immediately conserve its capital by restricting its distributions.

            Note A payment made by a firm that does not reduce its CET 1 capital is not a distribution for the purposes of this Part. Distributions include, for example, dividends, share buybacks and discretionary bonus payments.
            (2) This rule sets out, in column 3 of table 3.3.3, the minimum capital conservation ratios for banking business firms that are required to maintain a capital conservation buffer. Capital conservation ratio is the percentage of earnings that a firm must not distribute if its CET 1 capital ratio falls within the corresponding ratio in column 2 of that table.
            (3) Earnings means distributable profits calculated before deducting elements subject to the restrictions on distributions. Earnings must be calculated after notionally deducting the tax that would have been payable had none of the distributable items been paid.

            Note The effect of calculating earnings after tax is that the tax consequence of the distribution is reversed out.
            (4) A banking business firm must have adequate systems and controls to ensure that the amount of distributable profits and maximum distributable amount are calculated accurately. The firm must be able to demonstrate that accuracy if directed by the Regulatory Authority.
            (5) If the firm is a member of a financial group, the capital conservation buffer applies at group level.

            Table 3.3.3 Minimum capital conservation ratios

            column 1 item column 2 CET1 capital ratio column 3 minimum capital conservation ratio (% of earnings)
            1 4.5% to 5.125% 100
            2 > 5.125% to 5.75% 80
            3 > 5.75% to 6.375% 60
            4 > 6.375% to 7.0% 40
            5 >7% 0



            Examples of application of table

            Assume that a firm's minimum CET 1 capital ratio is 4.5% and an additional 2.5% capital conservation buffer (which must be made up of CET 1 capital) is required for a total of 7% CET 1 capital ratio. Based on table 3.3.3:

            1 If a firm's CET 1 capital ratio is 4.5% or more but less than 5.125%, the firm needs to conserve 100% of its earnings.
            2 If a firm's CET 1 capital ratio is 5.125% or more but less than 5.75%, the firm needs to conserve 80% of its earnings and must not distribute more than 20% of those earnings by way of dividends, share buybacks and discretionary bonus payments.
            3 A firm with a CET 1 capital ratio of more than 7% can distribute 100% of its earnings.
            Amended by QFCRA RM/2018-1 (as from 1st May 2018).

          • BANK 3.3.4 Powers of Regulatory Authority

            (1) The Regulatory Authority may impose a restriction on capital distributions by a firm even if the amount of the firm’s CET 1 capital is greater than its CET 1 capital ratio and required capital conservation buffer.
            (2) The Regulatory Authority may, by written notice, impose a limit on the period during which a banking business firm may operate within a specified capital conservation ratio.
            (3) A banking business firm may apply to the Regulatory Authority to make a distribution in excess of a limit imposed by this Part. The authority will grant approval only if it is satisfied that the firm has appropriate measures to raise capital equal to, or greater than, the amount the firm wishes to distribute above the limit.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 3.3.5 Counter-cyclical capital buffer

            (1) If imposed by the Regulatory Authority, the counter-cyclical capital buffer would require a firm to have additional CET 1 capital against possible future losses from system-wide risks such as excess credit growth.
            (2) The Regulatory Authority may, by written notice, require banking business firms to have additional CET 1 capital as a counter-cyclical capital buffer. The buffer set by the authority will not exceed 2.5% of total risk-weighted assets.
            (3) The Regulatory Authority will notify banking business firms of any decision to set, or increase, a counter-cyclical capital buffer within a reasonable period of not more than 1 year before the date when the decision takes effect. However, a decision to remove or decrease a counter-cyclical capital buffer will take effect immediately.
            (4) If a counter-cyclical capital buffer applies to a firm, the capital conservation ratios (and capital distribution restrictions) in rule 3.3.3 apply to the firm as if its minimum capital conservation buffer were increased by the amount of the counter-cyclical capital buffer.
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 3.3.6 Capital reductions

            (1) A banking business firm must not reduce its capital and reserves without the Regulatory Authority's written approval.

            Examples of ways to reduce capital
            •   a share buyback or the redemption, repurchase or repayment of capital instruments issued by the firm
            •   trading in the firm's own shares or capital instruments outside an arrangement agreed with the authority
            •   a special dividend.
            (2) A banking business firm planning a reduction must prepare a forecast (for at least 2 years) showing its projected capital after the reduction. The firm must satisfy the authority that the firm's capital will still comply with these rules after the reduction.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 3.3.7 Authority can require other matters

            Despite anything in these rules, the Regulatory Authority may require a banking business firm to have capital resources, comply with any other capital requirement or use a different approach to, or method for, capital management. The authority may also require a firm to carry out stress-testing at any time.

            Note Under FSR, article 16, the Regulatory Authority may modify or waive the application of a prudential requirement to an authorised firm or firms.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK Part 3.4 BANK Part 3.4 Leverage ratio

          • BANK 3.4.1 Introduction

            The leverage ratio is a simple, transparent, non-risk-based measure to help restrict the build-up of leverage in the banking system. Excessive leverage can expose banking businesses to higher financial risk, with potential damage to the overall financial system, and to the economy if a de-leveraging process takes place.

            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.2 Objectives of leverage ratio requirements

            The leverage ratio supplements the risk-based capital requirements of the rest of this Chapter. The objectives of limiting banking business firms' leverage ratios are as follows:

            (a) to constrain the build-up of leverage in the banking sector, to help avoid destabilising deleveraging that can damage the broader financial system and the economy;
            (b) to reinforce the risk-based requirements in Parts 3.1 to 3.3 with a simple, non-risk-based backstop measure;
            (c) to serve as a broad measure of the sources of leverage, both on and off the balance-sheet.
            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.3 How to calculate leverage ratio

            A banking business firm's leverage ratio LR is calculated by means of the following formula:

            where:

            tier 1 capital has the meaning given by rule 3.2.7 (2).

            total exposure measure is the total amount of all the firm's exposures, calculated in accordance with rule 3.4.5.

            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.4 Minimum leverage ratio

            (1) A banking business firm must maintain a leverage ratio of at least 3%.
            (2) The Regulatory Authority may direct a banking business firm to maintain a leverage ratio higher than 3% if the Authority considers it necessary to do so because of the firm's risk profile or other particular circumstances.
            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.5 How to calculate total exposure measure — general

            (1) A banking business firm's total exposure measure is the sum of:
            (a) on-balance-sheet exposures (except on-balance-sheet derivatives exposures and SFT exposures) (see rule 3.4.7);
            (b) its derivatives exposures (see rules 3.4.12 to 3.4.17);
            (c) its SFT exposures (see rules 3.4.18 and 3.4.19); and
            (d) its off-balance-sheet exposures (see rule 3.4.20).
            Guidance

            SFT exposures are exposures from securities financing transactions such as repurchase agreements, reverse repurchase agreements, security lending and borrowing, and margin lending contracts, where the value of the contracts depends on the market valuation of securities and the contracts are typically subject to margin agreements.
            (2) When a banking business firm is calculating its total exposure measure, it must follow the accounting standard that the firm normally uses, except that:
            (a) on-balance-sheet, non-derivatives exposures must be included net of specific provisions or accounting valuation adjustments;
            (b) except as specified otherwise in this Part, the firm must not take account of physical or financial collateral, guarantees or other credit risk mitigation techniques; and
            (c) loans and deposits must not be netted.
            Note For the permitted accounting standards, see rule 2.1.6.
            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.6 Modification of calculation

            (1) The Regulatory Authority may, by written notice, modify the calculation of a banking business firm's total exposure measure by, for example:
            (a) allowing the firm not to take account of a particular exposure or class of exposures;
            (b) directing the firm to apply a different risk-weight to an exposure or class of exposures;
            (c) directing the firm to take account of an exposure or class of exposures that would not otherwise be taken account of.
            (2) The Authority may give a notice under subrule (1) on the application of the firm or on the Authority's own initiative.
            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.7 How to calculate on-balance-sheet exposures

            (1) When a banking business firm calculates its total exposure measure, it must include all on-balance-sheet items on the assets side of its balance-sheet, including the collateral of derivatives contracts and securities financing contracts.
            (2) On-balance-sheet non-derivative assets must be measured using their balance-sheet (that is, unweighted) values less deductions for associated provisions.
            (3) If the firm holds an asset in a fiduciary capacity, it may exclude the asset if the asset meets the accounting criteria for de-recognition and, if applicable, the accounting criteria for deconsolidation.
            (4) Items that are deducted completely from the firm's tier 1 capital (such as goodwill) must also be deducted from its total exposure measure.
            (5) The amount of an investment in the capital of an unconsolidated financial entity that is wholly or partly deducted from the firm's CET 1 or additional tier 1 capital under the corresponding deduction approach (set out in Subdivision 3.2.D.3) or the threshold deduction approach (set out in Subdivision 3.2.D.4) must be deducted from the firm's total exposure measure. An unconsolidated financial entity is a financial entity (that is, an entity involved in banking or other financial activity, or insurance) that is not included in the firm's consolidated returns.
            (6) Liability items must not be deducted from the firm's total exposure measure.
            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.8 Effect of trade-date accounting

            (1) In calculating its on-balance-sheet exposures, a banking business firm that uses trade-date accounting must reverse out any offsetting that is recognised under the applicable accounting standard between cash receivables for unsettled sales and cash payables for unsettled purchases.
            (2) The firm may offset between those receivables and payables (regardless of whether the offsetting is recognised under the applicable accounting standard) if the following conditions are met:
            (a) the assets bought and sold that are associated with the payables and receivables are fair valued through income and are included in the firm's trading book;
            (b) the contracts are settled on a delivery-versus-payment (DVP) basis.
            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.9 Effect of settlement-date accounting

            A banking business firm that uses settlement-date accounting must calculate its on-balance-sheet exposures as set out in rule 3.4.20.

            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.10 Treatment of cash pooling arrangements

            (1) For the purpose of calculating a banking business firm's on-balance-sheet exposures, if the firm operates a cash pooling arrangement that entails a transfer at least daily of the balances of each participating customer's account into a single balance, the customers' account balances are taken to be transformed into a single balance on the transfer if, after the transfer, the firm is not liable for the balances individually.

            Guidance

            Thus, the basis of the leverage ratio exposure is the single account balance and not those of the individual customer accounts.
            (2) If the transfer does not occur daily, a transformation into a single account balance is taken to occur, and the single account balance may be taken as the basis of the exposure measure, if all of the following conditions are met:
            (a) as well as providing for the individual customers' accounts, the arrangement provides for a single account into which of all the participating customers' account balances can be transferred;
            (b) the firm:
            (i) has a legally enforceable right to transfer each participating customer's account balance into a single account so that the bank is not liable for the balances individually, and
            (ii) at any time, the firm has the discretion and is able to do so;
            (c) the Regulatory Authority considers that the customers' account balances are transferred to a single account sufficiently often;
            (d) either:
            (i) there are no maturity mismatches among the customers' accounts; or
            (ii) all of those accounts are either overnight or on demand;
            (e) the firm pays interest and charges fees based on the combined balance of the customers' accounts that are covered by the arrangement.
            (3) If the conditions in subrule (2) are not met, the firm's leverage ratio exposure measure must be based on the individual balances of the participating customer accounts.
            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.11 Calculation of derivatives exposure — single derivative contracts not covered by eligible bilateral netting agreement

            For a single derivative contract that is not covered by an eligible bilateral netting agreement, a banking business firm must calculate its exposure as follows:

            exposure = 1.4 × (RC + PFCE)

            where:

            RC = max {(VCVMr + CVMp), 0} (in which V is the mark-to-market value of the contract; CVMr is any cash variation margin received that meets the conditions set out in rule 3.4.17 and does not reduce V under the relevant accounting standard; and CVMp is any cash variation margin provided by the firm that meets those conditions).

            PFCE is the potential future credit exposure add-on amount over the remaining life of the contract, calculated as set out in rule 4.4.11.

            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.12 Calculation of derivatives exposure — contracts covered by eligible bilateral netting agreement

            (1) For contracts covered by an eligible bilateral netting agreement, a banking business firm must calculate its derivatives exposure as follows:

            where:

            NRC = max {∑Mi, 0} (in which {∑Mi is the sum of the positive and negative mark-to-market values of all the contracts covered by the agreement).

            PFCEadj is the potential future credit exposure in relation to the contracts covered by the relevant netting agreement (see rule 3.4.13).

            (2) A bilateral netting agreement is an eligible bilateral netting agreement if:
            (a) it is in writing;
            (b) it creates a single legal obligation that covers all contracts and collateral to which it applies, so that, if the counterparty fails to perform due to default, liquidation or bankruptcy or other similar circumstances, each party has the following rights:
            (i) the right to terminate and close-out, in a timely way, all contracts covered by the agreement;
            (ii) the right to net gains and losses on contracts (including the value of any collateral) terminated and closed out under the agreement so that the firm would have either a claim to receive or an obligation to pay only the net sum of the close-out values of the individual contracts;

            Note For forward contracts, swaps, options and similar derivative contracts, this right would include the positive and negative mark-to-market values of the individual contracts.
            (iii) the right to liquidate or set-off collateral;
            (c) it is supported by a written, reasoned legal opinion that in the event of a counterparty's default, liquidation, insolvency, bankruptcy or other similar circumstances:
            (i) the relevant courts and authorities would find that the other party's claims and obligations are limited to the single net sum determined in the agreement; and
            (ii) in particular, in the insolvency or external administration of the counterparty, the netting will be recognised under all relevant laws, so that it would not be possible for a liquidator or other external administrator of the counterparty to claim a gross amount from the other party while only being liable to pay a dividend in insolvency to that party (as separate money flows); and
            (d) it is not subject to a walkaway clause.
            (3) A banking business firm that has obtained a legal opinion about the enforceability of a netting agreement:
            (a) must ensure that the opinion is not based on unduly restrictive assumptions or subject to unduly restrictive qualifications;
            (b) must review the assumptions regarding the enforceability of the agreement and must ensure they are specific, factual and adequately explained in the opinion; and
            (c) must review and assess all assumptions, qualifications and omissions in the opinion to decide whether they give rise to any doubt about the enforceability of the agreement.
            (4) If the legal opinion covers a group of which the firm is a member, the firm may rely on the opinion in relation to a netting agreement to which the firm is a party, if the group and the firm have satisfied themselves that the opinion applies to the agreement.
            (5) A banking business firm must not rely on a netting agreement if there is any doubt about whether the agreement is enforceable.
            (6) A banking business firm may rely on a general legal opinion about the enforceability of a netting agreement in a particular jurisdiction if the firm is satisfied that the opinion applies to a netting agreement of that type.
            (7) A banking business firm must satisfy itself that a netting agreement and its supporting general legal opinion apply to each counterparty, to each contract and product type undertaken with the counterparty, and in all jurisdictions where contracts are originated.
            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.13 Calculating PFCEadj

            (1) PFCEadj, in relation to the contracts covered by a particular eligible bilateral netting agreement, is calculated by the formula:
            PFCEadj = 0.4 (PFCEgross) + 0.6 (NGR × PFCEgross)
            where PFCEgross and NGR are calculated according to the standardised approach for measuring counterparty credit risk.

            Guidance

            The standardised approach for measuring counterparty credit risk is set out in Annex 4 of the Basel II framework (June 2006), as amended by:
            (i) Basel III: A global regulatory framework for more resilient banks and banking systems (June 2011), available at www.bis.org/publ/bcbs189.pdf;
            (ii) The standardised approach for measuring counterparty credit risk exposures (April 2014), available at www.bis.org/publ/bcbs279.pdf; and
            (iii) Capital requirements for bank exposures to central counterparties (April 2014), available at www.bis.org/publ/bcbs282.pdf.
            Note NGR reflects the risk-reducing portfolio effects of netted contracts in relation to current credit exposure.
            (2) When calculating PFCEgross, the firm may treat matching contracts included in a netting agreement as a single contract with a notional principal equivalent to the net receipts on the contracts. For that purpose, matching contracts means forward foreign exchange and other similar market-related contracts in which the notional principal is equivalent to cash flows, and those cash flows fall due on the same value date and are in the same currency.
            (3) The firm must calculate NGR in relation to a particular eligible bilateral netting agreement using either the counterparty-by-counterparty approach (set out in subrule (4)), or the aggregate approach (set out in subrule (6)). The firm must use 1 approach consistently, and must notify the Regulatory Authority of the approach that it uses.
            (4) Under the counterparty-by-counterparty approach, NGR is applied to each counterparty to calculate the exposure for contracts covered by the netting agreement with that counterparty:

            (5) In calculating GCCE, negative mark-to-market values for individual contracts with a counterparty may not be used to offset positive mark-to-market values for other contracts with that counterparty.
            (6) Under the aggregate approach, a single NGR is calculated and applied to all counterparties in calculating the exposure for contracts with each of those counterparties:

            (7) In calculating GCCEaggregate, negative mark-to-market values of contracts with a particular counterparty may not be used to offset positive mark-to-market values of contracts with that counterparty or any other counterparty included in the aggregate calculations.
            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.14 Cross-product netting not permitted

            Cross-product netting (that is, netting between derivatives and securities financing contracts) is not permitted. If a banking business firm is a party to a cross-product netting agreement that otherwise meets the criteria for an eligible bilateral netting agreement, the firm may perform netting separately in each product category if all the other conditions for netting in the category are met.

            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.15 Treatment of written credit derivatives

            (1) The effective notional amount for a written credit derivative that is leveraged or otherwise enhanced by the structure of the contract is obtained by adjusting the notional amount of the contract in accordance with this rule, to reflect the true exposure that results from the leverage or enhancement.
            (2) The effective notional amount may be reduced in either or both of the following ways:
            (a) by the negative change in fair value amount that has been incorporated into the calculation of tier 1 capital in relation to the derivative;
            (b) by the effective notional amount of an offsetting purchased credit derivative on the same reference entity, if the conditions set out in subrule (3) are satisfied.
            (3) The conditions for paragraph (2) (b) are the following:
            (a) the written and the offsetting derivatives refer to the same legal entity;
            (b) the remaining maturity of the offsetting derivatives is equal to or greater than the remaining maturity of the written derivatives;
            (c) for single-name credit derivatives:
            (i) the credit protection purchased is on a reference obligation that ranks equally with, or is junior to, the reference obligation of the written derivatives; and
            (ii) a credit event on the senior reference asset would result in a credit event on the subordinated reference asset;
            (d) for tranched products, the purchased protection is on a reference obligation with the same level of seniority;
            (e) if the firm purchases protection on a pool of reference names, the protection is economically equivalent to buying protection separately on each individual name in the pool, and the pool of reference entities and the level of subordination in both contracts are identical.
            (4) When the effective notional amount is included in the exposure as described in subrule (2), and a deduction of offsetting purchased credit derivatives is made (see subrule (2) (b)), the effective notional amount of the offsetting credit protection must also be reduced by any resulting positive change in the firm's tier 1 capital.
            (5) When the effective notional amount is included in the exposure as described in subrule (2), but no deduction of offsetting purchased credit derivatives is made (see subrule (2) (b)):
            (a) if an eligible bilateral netting agreement applies, the firm may deduct the individual PFCE add-on amount from PFCEgross; or
            (b) if no such netting agreement applies, the firm may set PFCE for rule 3.4.13 to 0.
            (6) However, no adjustments may be made to NGR.
            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.16 Treatment of collateral

            (1) When a banking business firm is calculating its derivatives exposures, the firm must not deduct collateral that it has received from counterparties.
            (2) The firm must gross up its exposures by the amount of any collateral provided by the firm if the provision of the collateral has reduced the value of the firm's balance-sheet assets under the relevant accounting standard.
            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.17 Treatment of cash variation margin

            (1) If all of the following conditions are met, a banking business firm may treat the cash portion of variation margin exchanged between counterparties as a form of pre-settlement payment:
            (a) either of the following is true:
            (i) the trades are cleared through a qualifying central counterparty;

            Note For the meaning of qualifying central counterparty, see the Glossary.
            (ii) the cash received by the counterparty is not segregated;
            (b) the variation margin is calculated and exchanged every day, based on mark-to-market valuation of derivatives positions;
            (c) the variation margin is received in the same currency as the currency of settlement of the relevant derivative contract;
            (d) the variation margin exchanged is the full amount that would be necessary to fully extinguish the mark-to-market exposure of the derivative, subject to the threshold and minimum transfer amounts applicable to the counterparty;
            (e) derivative contracts and variation margins are covered by a single master netting agreement (MNA) between the counterparties;
            (f) the MNA explicitly stipulates that the counterparties agree to settle net any payment obligations covered by it, taking into account any variation margin received or provided if a credit event occurs involving either counterparty;
            (g) the MNA is legally enforceable and effective in all the relevant jurisdictions, including in the event of default, bankruptcy or insolvency.
            (2) If the conditions in subrule (1) are met, the firm may use the cash portion of the variation margin received to reduce the replacement cost portion (that is, NRC or RC, defined in rules 3.4.11 and 3.4.13 respectively) of the exposure, and may deduct the resulting receivables assets from the exposure, as follows:
            (a) if the firm receives cash variation margin from a counterparty, it may reduce only the replacement cost portion of the exposure amount of the derivatives asset by the amount of cash received if the positive mark-to-market value of the derivatives contract or contracts has not already been reduced by that amount;
            (b) if the firm provides cash variation margin to a counterparty, it may deduct the resulting receivable from its exposure, if the cash variation margin has been recognised as an asset.
            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.18 SFT exposures — firm acting as principal

            (1) When a banking business firm is acting as a principal in a securities financing contract, its total exposure measure must include the sum of:
            (a) its gross SFT assets as recognised for accounting purposes, adjusted in accordance with subrule (2); and
            (b) a measure of exposure to counterparty credit risk (CCR), calculated in accordance with subrule (3).
            (2) The firm's gross SFT assets as recognised for accounting purposes are adjusted as follows:
            (a) by excluding the value of any securities, received under a securities financing contract, that the firm has recognised as an asset on its balance-sheet;
            (b) cash payables and cash receivables in securities financing contracts with the same counterparty may be measured net if all the following criteria are met:
            (i) the contracts have the same explicit final settlement date;
            (ii) the right to set off the amount owed to the counterparty against the amount owed by it is legally enforceable both currently in the normal course of business and in the event of default, insolvency or bankruptcy;
            (iii) either:
            (A) the firm and the counterparty intend to settle net or settle simultaneously; or
            (B) the contracts are subject to a settlement mechanism that results in the functional equivalent of net settlement (that is, the cash flows of the contracts are equivalent to a single net amount on the settlement date).
            Guidance

            To achieve that equivalence, both contracts are settled through the same settlement system and the settlement arrangements are supported by cash or intraday credit facilities intended to ensure that settlement of both contracts will occur by the end of the business day, and the linkages to collateral flows do not result in the unwinding of net cash settlement. The failure of any one contract in the settlement mechanism should delay settlement of only the matching cash leg or create an obligation to the settlement mechanism, supported by an associated credit facility.
            (3) The measure of exposure to CCR is calculated as follows:
            (a) for exposures covered by a qualifying master netting agreement, the current exposure is:

            max {(∑Ei – ∑Ci), 0};

            where:

            Ei is the total fair value of securities and cash lent to the counterparty for all contracts covered by the agreement.

            Ci is the total fair value of cash and securities received from the counterparty for those contracts;
            (b) if there is no qualifying master netting agreement, the current exposure for contracts with a counterparty must be calculated contract by contract.
            (4) A bilateral netting agreement is a qualifying master netting agreement for paragraph (3) (a) only if:
            (a) it is legally enforceable in each relevant jurisdiction on an event of default, regardless of whether the counterparty is insolvent or bankrupt;
            (b) it provides the non-defaulting party with the right to terminate and close out, in a timely way, all contracts under the agreement on an event of default, including the insolvency or bankruptcy of the counterparty;
            (c) it provides for the netting of gains and losses on contracts (including the value of any collateral) terminated and closed out under it so that a single net amount is owed by one party to the other; and
            (d) it allows for the prompt monetisation or setoff of collateral on an event of default.
            (5) Positions held in the firm's banking book may be netted against positions held in its trading book only if both of the following conditions are satisfied:
            (a) all the contracts are marked to market daily;
            (b) any collateral is recognised as eligible financial collateral in the banking book.

            Note For the meaning of eligible financial collateral, see the Glossary and rule 4.5.7.
            (6) For a securities financing contract that is treated, under the relevant accounting standard, as a sale, the firm must reverse all the sales-related accounting entries, and then calculate its exposure as if the contract had been treated as a financing contract under subrules (1) to (3) for the purposes of determining its SFT exposures.
            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.19 SFT exposures — firm acting as agent

            (1) If a banking business firm that is acting as an agent in a securities financing contract provides an indemnity or guarantee to a customer or counterparty for any difference between the value of the security or cash that the customer has lent and the value of the collateral that the borrower has provided, the firm must calculate its exposure in accordance with rule 3.4.18 (3).
            (2) The firm may apply the treatment in subrule (1) only if:
            (a) the firm's exposure to the contract is limited to the guaranteed difference between the value of the security or cash that its customer has lent and the value of the collateral that the borrower has provided; and
            (b) the firm does not own or control the underlying cash or security.
            (3) If the firm is exposed to the underlying security or cash in the contract to a greater extent than a guarantee for the difference, the firm must include, in the exposure, a further exposure equal to the full amount of the security or cash.

            Example

            The firm might be further exposed by managing collateral received in its own name or on its own account rather than on the customer's or borrower's account, by on-lending or managing unsegregated collateral, cash or securities.

            Note When a banking business firm that is acting as agent in a securities financing contract does not provide an indemnity or guarantee to any of the parties, the firm has no exposure to the contract, and must set the relevant exposure to zero.
            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

          • BANK 3.4.20 Other off-balance-sheet exposures

            (1) When a banking business firm calculates its total exposure measure, it must include all off-balance-sheet items (for example, letters of credit, guarantees, commitments that are cancellable (either conditionally or unconditionally) and liquidity facilities).
            (2) If the firm is the sponsor or originator of a securitisation, securitised assets that are de-recognised from the firm's balance-sheet are not to be taken into account.
            (3) To calculate its other off-balance-sheet exposures, the firm must apply the applicable credit conversion factor (CCF) set out in table 3.4.20 to the gross notional amount of the exposure.
            (4) For an undertaking to provide a commitment on an off-balance-sheet item, the firm must apply the lower of the 2 applicable CCFs.

            Table 3.4.20 CCFs for other off-balance-sheet exposures

            Item Exposure CCF
            1 Commitments (other than securitisation liquidity facilities) with an original maturity of up to 1 year 20%
            2 Commitments (other than securitisation liquidity facilities) with an original maturity of over 1 year 50%
            3 Commitments that are unconditionally cancellable at any time without notice, or that effectively provide for automatic cancellation if the borrower's creditworthiness deteriorates 10%
            4 Direct credit substitutes (for example, general guarantees of indebtedness (including standby letters of credit serving as financial guarantees for loans and securities) and acceptances (including endorsements with the character of acceptances)) 100%
            5 Forward asset purchases, forward deposits and partly-paid shares and securities that represent commitments with certain drawdown 100%
            6 Certain contract-related contingent items (for example, performance bonds, bid bonds, warranties and standby letters of credit related to particular contracts) 50%
            7 Note issuance facilities and revolving underwriting facilities 50%
            8 Short-term self-liquidating trade letters of credit arising from the movement of goods (for example, documentary credits collateralised by the underlying shipment) 20% (for both issuing and confirming firms)
            9 Off-balance-sheet securitisation exposures (except an eligible liquidity facility or an eligible servicer cash advance facility) 100%
            10 Eligible liquidity facilities and eligible servicer cash advance facilities 50%
            11 Liquidity facilities and servicer cash advance facilities (if undrawn and able to be unconditionally cancelled without notice) 10%
            (5) For items 9 and 10 in table 3.4.20, an eligible liquidity facility or eligible servicer cash advance facility is one that complies with all of the following conditions:
            (a) the extent of the facility is expressly stated in a written agreement, and there is no explicit or implied recourse to the firm beyond the specified contractual obligations;
            (b) the facility is provided on an arm's-length basis, is subject to the firm's normal credit approval and review processes and is transacted on market terms and conditions;
            (c) the facility is limited to a specified amount;
            (d) either the facility has a fixed termination date, or both of the following are true:
            (i) the facility ends at the earlier of:
            (A) the scheduled maturity of the securitisation; and
            (B) the date on which the securitisation winds up;
            (ii) the firm has the right, at its absolute discretion, to withdraw from the commitment at any time after a reasonable period of notice;
            (e) subject to reasonable qualifications, the SPE and investors concerned have the express right to select another party to provide the facility;
            (f) the facility is documented in a manner that clearly separates it from any other facility or service provided by the firm, so that the firm's obligations under the facility stand alone;
            (g) the facility documentation clearly identifies and limits the circumstances under which it may be drawn;
            (h) drawdowns under the facility are limited to the total of:
            (i) the amount that is likely to be fully repaid from the liquidation of the underlying exposures; and
            (ii) any credit enhancements provided by parties other than the originator;
            (i) the facility does not cover any losses incurred in a pool before a drawdown under the facility;
            (j) in the case of a liquidity facility, it is not structured in a way that results in significant continuous drawdown;
            (k) the facility is subject to an asset quality test that precludes it from being drawn to cover credit risk exposures that are in default;
            (l) in the case of a liquidity facility, if the facility is required to fund externally rated securities, it can only be used to fund securities that are rated investment grade by an ECRA at the time of funding;
            (m) the facility cannot be drawn after all applicable credit enhancements from which it would benefit have been exhausted;
            (n) repayments of draws on the facility:
            (i) are not subordinated to investors' claims (other than claims in relation to interest rate or currency derivative contracts, fees or other such payments), and
            (ii) are not subject to waiver or deferral.

            Explanatory note

            This amendment inserts a new Part 3.4 dealing with leverage ratio in place of the present placeholder text.

            Inserted by QFCRA RM/2019-6 (as from 1st January 2020).

      • BANK Chapter 4 BANK Chapter 4 Credit risk

        • BANK Part 4.1 BANK Part 4.1 General

          • BANK 4.1.1 Introduction

            (1) This Chapter sets out the requirements for a banking business firm’s credit risk management policy (including credit risk assessments and the use of ratings from ECRAs) to implement the risk-based framework for capital adequacy and the early identification and management of problem assets.
            (2) This Chapter also deals with the following means to determine regulatory capital and control or mitigate credit risk:
            (a) the risk-weighted assets approach;
            (b) CRM techniques;
            (c) provisioning.
            (3) To guard against abuses and to address conflicts of interest, this Chapter requires transactions with related parties to be at arm’s length.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.1.2 BANK 4.1.2 Credit risk

            Credit risk is:

            (a) the risk of default by counterparties; and
            (b) the risk that an asset will lose value because its credit quality has deteriorated.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.1.2 Guidance

              Credit risk may result from on-balance-sheet and off-balance-sheet exposures, including loans and advances, investments, inter-bank lending, derivative transactions, securities financing transactions and trading activities. It can exist in a firm's trading book or banking book.

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.1.3 Requirements — management of credit risk and problem assets

            (1) A banking business firm must manage credit risk by adopting a prudent credit risk management policy that allows its credit risk to be identified, measured, evaluated, managed and controlled or mitigated.
            (2) The policy must also provide for problem assets to be recognised, measured and reported. The policy must set out the factors that must be taken into account in identifying problem assets.
            (3) Problem assets include impaired credits and other assets if there is reason to believe that the amounts due may not be collectable in full or in accordance with their terms.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.1.4 Role of governing body — credit risk

            A banking business firm’s governing body must ensure that the firm’s credit risk management policy enables the firm to obtain a comprehensive firm-wide view of its credit risk and covers the full credit lifecycle (including credit underwriting, credit evaluation, and the management of the firm’s trading and banking activities).

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK Part 4.2 BANK Part 4.2 Credit risk management policy

          • BANK 4.2.1 Credit risk management policy

            (1) A banking business firm must establish and implement a credit risk management policy:
            (a) that is appropriate for the nature, scale and complexity of its business and for its risk profile; and
            (b) that enables the firm to identify, measure, evaluate, manage and control or mitigate credit risk.
            (2) The objective of the policy is to give the firm the capacity to absorb any existing and estimated future losses arising from credit risk.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.2.2 BANK 4.2.2 Policies — general credit risk environment

            A banking business firm's credit risk management policy must establish:

            (a) a well-documented and effectively-implemented process for assuming credit risk that does not rely unduly on external credit ratings;
            (b) well-defined criteria for approving credit (including prudent underwriting standards), and renewing, refinancing and restructuring existing credit;
            (c) a process for identifying the approving authority for credit, given its size and complexity;
            (d) effective credit risk administration, including:
            (i) regular analysis of counterparties' ability and willingness to repay; and
            (ii) monitoring of documents, legal covenants, contractual requirements, and collateral and other CRM techniques;
            (e) effective systems for the accurate and timely identification, measurement, evaluation, management and control or mitigation of credit risk, and reporting to the firm's governing body and senior management;
            (f) procedures for tracking and reporting exceptions to, and deviations from, credit limits or policies;
            (g) prudent and appropriate credit limits that are consistent with the firm's risk tolerance, risk profile and capital; and
            (h) effective controls for the quality, reliability and relevance of data and validation procedures.
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 4.2.2 Guidance

              Depending on the nature, scale and complexity of a banking business firm's credit risk, and how often it provides credit or incurs credit risk, the firm's credit risk management policy should include:

              (a) how the firm defines and measures credit risk;
              (b) the firm's business aims in incurring credit risk, including:
              •   identifying the types and sources of credit risk that the firm will permit itself to be exposed to (and the limits on that exposure) and those that it will not;
              •   setting out the degree of diversification that the firm requires, the firm's tolerance for risk concentrations and the limits on exposures and concentrations; and
              •   stating the risk-return trade-off that the firm is seeking to achieve;
              (c) the kinds of credit to be offered, and ceilings, pricing, profitability, maximum maturities and ratios for each kind of credit;
              (d) a ceiling for the total credit portfolio (in terms, for example, of loan-to-deposit ratio, undrawn commitment ratio, a maximum amount or a percentage of the firm's capital);
              (e) portfolio limits for maximum gross exposures by region or country, by industry or sector, by category of counterparty (such as banks, non-bank financial entities and corporate counterparties), by product, by counterparty and by connected counterparties;
              (f) limits, terms and conditions, approval and review procedures and records kept for lending to connected counterparties;
              (g) types of collateral, loan-to-value ratios and criteria for accepting guarantees;
              (h) the detailed limits for credit risk, and a credit risk structure, that:
              •   takes into account all significant risk factors, including intra-group exposures;
              •   is commensurate with the scale and complexity of the firm's activities; and
              •   is consistent with the firm's business aims, historical performance, and the amount of capital it is willing to risk;
              (i) procedures for:
              •   approving new products and activities that give rise to credit risk;
              •   regular risk position and performance reporting; and
              •   approving and reporting exceptions to limits;
              (j) allocating responsibilities for implementing the credit risk management policy and monitoring adherence to, and the effectiveness of, the policy; and
              (k) the required information systems, staff and other resources.
              Amended by QFCRA RM/2015-1 (as from 1st July 2015).

          • BANK 4.2.3 BANK 4.2.3 Policies — credit decisions

            (1) A banking business firm's credit risk management policy must ensure that credit decisions are free of conflicts of interest and are made on an arm's-length basis. In particular, the credit approval and credit review functions must be independent of the credit initiation function.

            Guidance

            1 This rule does not prevent arrangements such as an employee loan scheme, so long as the policy ensures that the scheme's terms, conditions and limits are generally available to employees and adequately address the risks and conflicts that arise from loans under it.
            2 The credit risk management policy of a banking business firm should clearly set out who has the authority to approve loans to employees. The authority of a credit committee or credit officer should be appropriate for the products or portfolio and should be commensurate with the committee's or officer's credit experience and expertise.
            3 Each authority to approve should be reviewed regularly to ensure that it remains appropriate for current market conditions and the committee's or officer's performance.
            4 A banking business firm's remuneration policy should be consistent with its credit risk management policy and should not encourage officers to attempt to generate short-term profits by taking an unacceptably high level of risk.
            (2) The policy must state that decisions relating to the following are made at the appropriate level of the firm's senior management or governing body:
            (a) exposures exceeding a stated amount or percentage of the firm's capital;
            (b) exposures that, in accordance with criteria set out in the policy, are especially risky;
            (c) exposures that are outside the firm's core business.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.2.3 Guidance

              1 The level at which credit decisions are made should vary depending on the kind and amount of credit and the nature, scale and complexity of the firm's business. For some firms, a credit committee with formal terms of reference might be appropriate; for others, individuals with pre-assigned limits would do.
              2 A banking business firm should ensure, through periodic independent audits, that the credit approval function is properly managed and that credit exposures comply with prudential standards and internal limits. The results of audits should be reported directly to the governing body, credit committee or senior management, as appropriate.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.2.4 Policies — monitoring, testing and access

            (1) A banking business firm's credit risk management policy must provide for monitoring the total indebtedness of each counterparty and any risk factors that might result in default (including any significant unhedged foreign exchange risk).
            (2) The policy must include stress-testing the firm's credit exposures at intervals appropriate for the nature, scale and complexity of the firm's business and for its risk profile. It must also include a yearly review of stress scenarios, and procedures to make any necessary changes arising from the review.

            Note The firm's ICAAP sets out how these monitoring and testing are to be achieved. ICAAP includes procedures to continuously identify, measure, evaluate, manage and control or mitigate the risks arising from the firm's activities, and the capital held against such risks — see rules 3.1.4 and 3.1.5.
            (3) A firm must give the Regulatory Authority full access to information in its credit portfolio. The firm must also give the authority access to staff involved in assuming, managing and reporting on credit risk.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK Part 4.3 BANK Part 4.3 Credit risk assessment

          • BANK 4.3.1 BANK 4.3.1 Introduction

            This Part sets out a standardised approach for credit risk assessment and requires a banking business firm to establish and implement policies to identify, measure, evaluate, manage and control or mitigate credit risk and to calculate its credit risk capital requirement.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.3.1 Guidance

              1 Credit risk assessment under this Part is different from the evaluation (often called credit assessment) made by a firm as part of its credit approval process.
              2 Credit assessment is part of the firm's internal commercial decision-making for approving or refusing credit; it consists of the evaluation of a prospective counterparty's repayment ability. In contrast, credit risk assessment is done by the firm (using ratings and risk-weights set out in these rules) as part of calculating its credit risk capital requirement.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 4.3.2 BANK 4.3.2 Policies — credit risk assessment

            A banking business firm must establish and implement appropriate policies to enable it to assess credit risk when the credit is granted or the risk is incurred and afterwards. In particular, the policies must enable the firm:

            (a) to measure credit risk (including the credit risk of off-balance-sheet items, such as derivatives, in credit equivalent terms);
            (b) to effectively use its internal credit risk assessment;
            (c) to rate and risk-weight a counterparty;
            (d) to monitor the condition of individual credits;
            (e) to administer its credit portfolio, including keeping the credit files current, getting up-to-date financial information on counterparties, and the electronic storage of important documents;
            (f) to ensure that the value of collateral and the value of the other CRM techniques used by the firm are assessed regularly;
            (g) to assess whether its CRM techniques are effective; and
            (h) to calculate its credit risk capital requirement.
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 4.3.2 Guidance

              A banking business firm involved in loan syndications or consortia should not rely on other parties' assessments of the credit risk involved but should carry out a full assessment based on its own credit risk management policy.

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.3.3 Categories of credits

            (1) Unless a banking business firm has established something more detailed, the firm must classify credits into 1 of the 5 categories in table 4.3.3. Nothing in the table prevents a banking business firm from classifying a credit under a higher risk category than the table requires.
            (2) Unless there is good reason not to do so, the same category must be given to all credit exposures to the same counterparty.

            Table 4.3.3 Categories of credit

            column 1 item column 2 category column 3 description
            1 performing In this category, there is no uncertainty about timely repayment of the outstanding amounts. This category comprises credits that are currently in regular payment status with prompt payments.
            2 special mention This category comprises:
            (a) credits with deteriorating or potentially deteriorating credit quality that may adversely affect the counterparty's ability to make scheduled payments on time;
            (b) credits that are 30 to 90 days in arrears;
            (c) credits showing weakness arising from the customer's financial position;
            (d) credits affected by market circumstances or any other industry-related concerns; and
            (e) credits that have been restructured and are not classified into a higher risk category.
            3 substandard This category comprises:
            (a) credits that show definite deterioration in credit quality and impaired repayment ability of the counterparty; and
            (b) credits that are 91 to 180 days in arrears.
            4 doubtful This category comprises:
            (a) credits that show significant credit quality deterioration, worse than those in the substandard category, to the extent that the prospect of full recovery of all the outstanding amounts is questionable and the probability of a credit loss is high (though the exact amount of loss cannot be determined yet); and
            (b) credits that are 181 to 270 days in arrears.
            5 loss This category comprises:
            (a) credits that are assessed as uncollectable;
            (b) credits where the probability of recovering the amount due is very low; and
            (c) credits that are more than 270 days in arrears.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.3.4 Policies — problem assets

            A banking business firm’s credit risk management policy must facilitate the firm’s collection of past-due obligations, and its management of problem assets through:

            (a) monitoring of their credit quality;
            (b) early identification and ongoing oversight; and
            (c) review of their classification, provisioning and write-offs.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.3.5 Impaired credits

            (1) Impaired credit means a credit that is categorised as substandard, doubtful or loss. For the purpose of applying risk-weights, interest is suspended on an impaired credit.
            (2) A large exposure that is an impaired credit must be managed individually in terms of its valuation, categorisation and provisioning.

            Note For large exposures — see rule 5.3.1. For the provisioning of impaired credits — see rule 4.7.3.
            (3) The review of impaired credits and other problem assets may be done individually, or by class, but must be done at least once a month.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.3.6 Restructuring, refinancing and re-provisioning of credits

            (1) A credit is a restructured credit if it has been re-aged, extended, deferred, renewed, rewritten or placed in a workout program. Unless there is good reason to do so, a restructured credit can never be classified as performing.
            (2) A restructured credit may be reclassified to a more favourable category, but only by 1 rating up from its category before the restructure. The credit may be reclassified 1 further category up after 180 days of satisfactory performance under the terms of the new contract.
            (3) The refinancing of a special mention or impaired credit must not be used to reclassify the credit to a more favourable category.

            Note A banking business firm must not restructure, refinance or reclassify assets with a view to circumventing the requirements on provisioning — see rule 4.7.5.
            (4) The Regulatory Authority may require a special mention credit to be managed individually, and may set a higher level of provision for the credit, if the authority is of the view that market circumstances or any other industry-related concerns require such action.

            Note For the provisioning of special mention credits — see rule 4.7.3.
            Amended by QFCRA RM/2015-1 (as from 1st July 2015).

          • BANK 4.3.7 Using external credit rating agencies

            (1) A banking business firm must use only a solicited credit risk rating determined by an ECRA in determining the risk-weights for the firm's exposures.
            (2) A rating is a solicited rating if the rating was initiated and paid for by the issuer of the instrument, the rated counterparty or any other entity in the same corporate group as the issuer or rated counterparty.
            (3) The firm must use the ratings determined by an ECRA consistently and in accordance with these rules and its credit risk management policy.

            Example

            A firm that chooses to use ratings determined by an ECRA for exposures belonging to a class must consistently use those ratings for all the exposures belonging to that class. The firm must not selectively pick between ECRAs or ratings in determining risk-weights.
            (4) Unsolicited ratings must not be used except with the written approval of the Regulatory Authority or in accordance with a direction of the authority. The authority may give a written direction setting out conditions that must be satisfied before a firm may use an unsolicited rating.
            (5) The firm must ensure that the relevant rating takes into account the total amount of the exposure (that is, the principal and any interest due).
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 4.3.7A Multiple assessments

            (1) If there is only 1 assessment by an ECRA for a particular claim or asset, that assessment must be used to determine the risk-weight of the claim or asset.
            (2) If there are 2 assessments by ECRAs and the assessments map into different risk weights, the higher risk-weight must be applied.
            (3) If there are 3 or more assessments with different risk weights, the assessments corresponding to the 2 lowest risk-weights should be referred to, and the higher of those 2 risk-weights must be applied.
            Inserted by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 4.3.8 Choosing between issuer and issue ratings

            (1) If a banking business firm invests in an instrument with an issue-specific rating, the risk-weight to be applied to the instrument must be based on that rating.
            (2) If the firm invests in an unrated instrument and the issuer of the instrument is assigned a rating that results in a lower risk-weight than the risk-weight normally applied to an unrated position, the firm may apply the lower risk-weight to the instrument but only if the claim for the instrument has the same priority as, or is senior to, the claims to which the issuer rating relates. If the instrument is junior to the claims to which the issuer rating relates, the firm must apply the risk-weight normally applied to an unrated position.
            (3) If the firm invests in an unrated instrument and the issuer of the instrument is assigned a rating that results in a higher risk-weight than the risk-weight normally applied to an unrated position, the firm must apply the higher risk-weight to the instrument if the claim for that instrument has the same priority as, or is junior to, the claims to which the issuer rating relates.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.3.9 Ratings within financial group

            A banking business firm must not use a credit risk rating for 1 entity in a financial group to determine the risk-weight for an unrated entity in the same group. If the rated entity has guaranteed the unrated entity's exposure to the firm, the guarantee may be recognised for risk-weighting purposes if it satisfies the criteria in Division 4.5.C.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.3.10 Using foreign currency and domestic currency ratings

            If an issuer rating is assigned to a counterparty and a banking business firm applies a risk-weight to an unrated position based on the rating of an equivalent exposure to the same counterparty:

            (a) the firm must use that counterparty’s domestic-currency rating for any exposure denominated in the currency of the counterparty’s place of residence or incorporation; and
            (b) the firm must use that counterparty’s foreign-currency rating for any exposure denominated in a foreign currency.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.3.11 Using short-term ratings

            (1) A short-term credit risk rating must be used only for short-term claims relating to banks and corporations (such as those arising from the issuance of commercial paper). The rating is taken to be issue-specific and must be used only to assign risk-weights for claims arising from a rated facility.
            (2) If a short-term rated exposure is assigned a risk-weight of 50%, an unrated short-term exposure to the same counterparty cannot be assigned a risk-weight lower than 100%.
            (3) If a short-term facility of an issuer is assigned a risk-weight of 150% based on the facility’s credit risk rating, all unrated claims of the issuer (whether long-term or short-term) must be assigned a risk-weight of 150%.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK Part 4.4 BANK Part 4.4 Risk-weighted assets approach

          • BANK Division 4.4.A BANK Division 4.4.A General

            • BANK 4.4.1 Requirement to risk-weight

              (1) A banking business firm must apply risk-weights to its on-balance-sheet and off-balance-sheet items using the risk-weighted assets approach.
              (2) Risk-weights are based on credit ratings or fixed risk-weights and are broadly aligned with the likelihood of counterparty default. A firm may use the ratings determined by an ECRA if allowed to do so by these rules.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 4.4.2 Relation to CRM techniques

              If a claim or asset to which a risk-weight must be applied by a banking business firm is secured by eligible financial collateral or a guarantee (or there is mortgage indemnity insurance, or a credit derivative instrument or netting agreement), the CRM techniques in Part 4.5 may be used to reduce the firm's credit risk capital requirement.

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.4.3 Risk-weight to be applied

              A banking business firm must apply the risk-weight set out in this Part for a claim or asset.

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.4.4 Firm must assess all credit exposures

              (1) A banking business firm must assess all credit exposures (rated or unrated) to determine whether the risk-weights applied to them are appropriate. The determination must be based on each exposure's inherent risk.
              (2) If there are reasonable grounds to believe that the inherent risk of an exposure is significantly higher than that implied by the risk-weight assigned to it, the firm must consider the higher risk (and apply a higher risk-weight) in calculating the credit risk capital requirement.
              (3) A banking business firm must not rely only on a rating determined by an ECRA to assess the risks associated with an exposure. The firm must also carry out its own credit risk assessment of each exposure.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 4.4.5 Commitments included in calculation

              A banking business firm must take into account all commitments in calculating its credit risk capital requirement, whether or not those commitments contain material adverse change clauses or other provisions that are intended to relieve the firm of its obligations under particular conditions.

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.4.6 Authority can determine risk-weights and impose requirements

              (1) Despite anything in these rules, the Regulatory Authority may determine the risk-weighted amount of a particular on-balance-sheet or off-balance-sheet item of a banking business firm if the authority considers that the firm has not risk-weighted the item appropriately. The determination must be in writing.
              (2) The authority may also impose specific capital requirements or limits on significant risk exposures, including those that the authority considers have not been adequately transferred or mitigated.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK Division 4.4.B BANK Division 4.4.B Risk-weighted assets approach — on-balance-sheet items

            • BANK 4.4.7 Calculating total risk-weighted items

              (1) A banking business firm's total risk-weighted on-balance-sheet items is the sum of the risk-weighted amounts of each of its on-balance-sheet items.
              (2) The risk-weighted amount of an on-balance-sheet item is calculated by multiplying its exposure (after taking into account any applicable CRM technique) by the applicable risk-weight in table 4.4.7A.
              (3) If column 3 of table 4.4.7A states that the risk weight is "based on ECRA rating", the applicable risk-weight for the claim or asset is that in table 4.4.7B. If a claim or asset's risk-weight is to be based on the ECRA rating and there is no such rating from an ECRA, the firm must apply the risk-weight in the last column of table 4.4.7B.
              (4) For table 4.4.7A, investment property is land, a building or part of a building (or any combination of land and building) held to earn rentals or for capital appreciation or both.
              (5) Investment property does not include property held for use in the production or supply of goods or services, for administrative purposes, or for sale in the ordinary course of business. A real estate asset owned by a banking business firm as a result of a counterparty default is treated as 'other item' and risk-weighted at 100% but only for a period of 3 years starting from the date when the firm records the asset on its books.

              Table 4.4.7A Risk-weights for on-balance-sheet items

              column 1 item column 2 description of claim or assests column 3 risk-weight %
              1 cash  
                (a) notes, gold bullion 0
                (b) cash items in the process of collection 20
              2 claims on sovereigns 0
                (a) claims on Qatar including Qatar Central Bank 0
                (b) claims on GCC sovereigns including respective central banks 0
                (c) claims on other sovereigns based on ECRA rating
              3 claims on public sector enterprises:  
                (a) claims on non-commercial public sector enterprises in Qatar 0
                (b) claims on non-commercial public sector enterprises in other GCC countries, denominated in the relevant enterprise's domestic currency 0
                (c) claims on non-commercial public sector enterprises in other GCC countries, not denominated in the relevant enterprise's domestic currency based on ECRA rating
                (d) claims on other sovereign non-commercial public sector enterprises based on ECRA rating
                (e) claims on commercial public sector enterprises based on ECRA rating
              4 claims on multilateral development banks:  
                (a) claims on multilateral development banks eligible for 0% risk-weight 0
                (b) claims on other multilateral development banks based on ECRA rating
              5 claims on banks (financial undertakings)  
                (a) claims on banks with an original maturity of more than 3 months based on ECRA rating
                (b) claims on banks with an original maturity of 3 months or less based on ECRA rating
              6 claims on securities and investment entities  
                (a) claims on securities and investment entities that are subject to capital requirements similar to banks based on ECRA rating
                (b) claims on securities and investment entities that are not subject to capital requirements similar to banks based on ECRA rating
              7 claims on corporates based on ECRA rating
              8 claims on small and medium enterprises 100
              9 claims on securitisation exposures based on ECRA rating
              10 claims secured against mortgages  
                (a) residential mortgages  
               
              (i) if the loan-to-value ratio is 0% to 80%
              35
               
              (ii) if the loan-to-value ratio is more than 80% but less than 100%
              75
               
              (iii) if the loan-to-value ratio is 100% or more
              100
                (b) commercial mortgages 100
              11 Unsettled and failed transactions — delivery-versus-payment transactions:  
                (a) 5 to 15 days 100
                (b) 16 to 30 days 625
                (c) 31 to 45 days 937.5
                (d) 46 or more days 1250
              12 Unsettled and failed transactions — non-delivery-versus-payment transactions 100
              13 investments in funds  
                (a) rated funds based on ECRA rating
                (b) unrated funds that are listed 100
                (c) unrated funds that are unlisted 150
              14 equity exposures  
                (a) equity exposures that are not deducted from capital and are listed on a recognised exchange 300
                (b) equity exposures that are not deducted from capital and are not listed on a recognised exchange 400
              15 investment property 150
              16 all other items 100

              Note for table 4.4.7A

              The Basel Committee on Banking Supervision (BCBS) publishes a list of multilateral development banks that qualify for 0% risk weight. The list was originally included in the document Basel II: International Convergence of Capital Measurement and Capital Standards: A Revised Framework—Comprehensive Version¸ published by the BCBS on 30 June 2006 (available at http://www.bis.org/publ/bcbs128.pdf), and has been updated by BCBS newsletters. BCBS newsletters are available at http://www.bis.org/list/bcbs_nl/index.htm. As at November 2016 the list is as follows:

              •    the African Development Bank
              •    the Asian Development Bank
              •    the Caribbean Development Bank
              •    the Council of Europe Development Bank
              •    the European Bank for Reconstruction and Development
              •    the European Investment Bank
              •    the European Investment Fund
              •    the Inter-American Development Bank
              •    the International Development Association
              •    the International Finance Facility for Immunization
              •    the Islamic Development Bank
              •    the Nordic Investment Bank
              •    the World Bank Group (comprising the International Bank for Reconstruction and Development, the International Finance Corporation and the Multilateral Investment Guarantee Agency).

              Examples of MDBs that do not qualify for 0% risk weight are:

              •    the Arab Bank for Economic Development in Africa
              •    the Asian Infrastructure Investment Bank
              •    the Black Sea Trade and Development Bank
              •    the Development Bank of Latin America
              •    the Central American Bank for Economic Integration
              •    the Development Bank of Central African States
              •    the East African Development Bank
              •    the Economic Cooperation Organization Trade and Development Bank
              •    the Eurasian Development Bank
              •    the International Finance Facility for Immunisation
              •    the International Fund for Agricultural Development
              •    the International Investment Bank
              •    the New Development Bank
              •    the OPEC Fund for International Development
              •    the West African Development Bank.

              Table 4.4.7B Risk-weights based on ratings determined by ECRAs

              item description of claim or asset AAA to AA- A+ to A- BBB+ to BBB- BB+ to BB- B+ to B- below B- unrated
              1 claims on other sovereigns 0 20 50 100 100 150 100
              2 claims on non-commercial public sector enterprises in other GCC countries, not denominated in the relevant enterprise's domestic currency 0 20 50 100 100 150 100
              3 claims on other sovereign non-commercial public sector enterprises - 20 50 100 100 100 150 100
              4 claims on commercial public sector enterprises 20 50 100 100 100 150 100
              5 claims on multilateral development banks not eligible for 0% risk-weight 20 50 50 100 100 150 50
              6 claims on banks with an original maturity of more than 3 months 20 50 50 100 100 150 50
              7 claims on banks with an original maturity of 3 months or less 20 20 20 50 50 150 20
              8 claims on securities and investment entities that are subject to capital requirements similar to banks 20 50 50 100 100 150 50
              9 claims on securities and investment entities that are not subject to capital requirements similar to banks 20 50 100 100 150 150 100
              10 claims on corporates 20 50 100 100 150 150 100
              11 securitisation exposures 50 100 100 150 150 250 150
              12 investments in rated funds 20 50 100 100 150 150 n/a

              Amended by QFCRA RM/2018-1 (as from 1st May 2018).

            • BANK 4.4.8 Specialised lending

              (1) A specialised lending exposure is risk-weighted one rating less favourable than the rating that would apply, under table 4.4.7B, to the counterparty to the transaction (or to the party to whom that counterparty has the right of recourse).
              (2) Specialised lending is a lending transaction that complies with the following requirements:
              (a) the purpose of the loan is to acquire an asset;
              (b) the cash flow generated by the collateral is the loan's exclusive (or almost exclusive) source of repayment;
              (c) the loan represents a significant liability in the borrower's capital structure;
              (d) the credit risk is determined primarily by the variability of the cash flow generated by the collateral (rather than the independent capacity of a broader commercial enterprise).
              Note Specialised lending is associated with the financing of projects where the repayment depends on the performance of the underlying collateral. There are 5 sub-classes of specialised lending:
              (a) project finance — financing industrial projects based on the projected cash flows of the project;
              (b) object finance — financing physical assets based on the projected cash flows obtained primarily through the rental or lease of the assets;
              (c) commodities finance — financing the reserves, receivables or inventories of exchange-traded commodities where the exposure is paid back based on the sale of the commodity (rather than by the borrower from independent funds);
              (d) income-producing real estate finance — financing real estate that is usually rented or leased out by the debtor to generate cash flow to repay the exposure; and
              (e) high-volatility commercial real estate finance — financing commercial real estate which demonstrates a much higher volatility of loss rates compared to other forms of specialised lending.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.4.9 Risk-weights for unsecured part of claim that is past due for more than 90 days

              (1) The risk-weight for the unsecured part of a claim (other than a claim secured by an eligible residential mortgage) that is past due for more than 90 days is:
              (a) 150% if the specific provisions are less than 20% of the past due claim;
              (b) 100% if the specific provisions are 20% or more, but less than 50%, of the past due claim; or
              (c) 50% if the specific provisions are 50% or more of the past due claim.
              (2) The risk-weight for the unsecured part of a claim secured by an eligible residential mortgage that is past due for more than 90 days is:
              (a) 100% if the specific provisions are less than 20% of the past due claim; or
              (b) 50% if the specific provisions are 20% or more of the past due claim.
              (3) In this rule:

              eligible residential mortgage means a mortgage on a residential property that is, or will be:
              (a) occupied by the counterparty for residential use; or
              (b) rented out (on a non-commercial basis) for residential use.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK Division 4.4.C BANK Division 4.4.C Risk-weighted assets approach — off-balance-sheet items

            • BANK 4.4.10 Calculating total risk-weighted items

              (1) A banking business firm's total risk-weighted off-balance-sheet items is the sum of the risk-weighted amounts of its market-related and non-market-related off-balance-sheet items. An off-balance-sheet item must be converted to a credit equivalent amount before it can be risk-weighted.
              (2) The risk-weighted amount of an off-balance-sheet item is calculated as follows:
              •   first, convert the notional principal amount of the item to its on-balance-sheet equivalent (credit equivalent amount).
              Note For the conversion of market-related items — see rules 4.4.11 to 4.4.13. For the conversion of non-market-related items — see rules 4.4.15 to 4.4.17.

              •   second, multiply the resulting credit equivalent amount by the risk-weight in Division 4.4.B applicable to the claim or asset.
              (3) A banking business firm must include derivatives and all market-related off-balance-sheet items (including on-balance-sheet unrealised gains on market-related off-balance-sheet items) in calculating its risk-weighted credit exposures.
              (4) A market-related item must be valued at its current market price.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.4.11 How to convert notional amounts — market-related items

              (1) A banking business firm must calculate the credit equivalent amount of each of its market-related items. Unless the item is covered by an eligible netting agreement, the credit equivalent amount of a market-related off-balance-sheet item is the sum of the current credit exposure and the potential future credit exposure from the item.
              (2) Current credit exposure is the absolute mark-to-market value (or replacement cost) of the item.
              (3) Potential future credit exposure (also known as ‘the add-on’) is the amount calculated by multiplying the notional principal amount of the item by the relevant credit conversion factor in table 4.4.11. The notional principal amount of an item is the reference amount used to calculate payment streams between counterparties to the item.

              Table 4.4.11 Credit conversion factors for market-related off-balance-sheet items

              column 1 item column 2 description of claim or asset column 3 credit conversion factor %
              1 interest rate contracts  
                (a) residual maturity 1 year or less 0
                (b) residual maturity > 1 year to 5 years 0.5
                (c) residual maturity > 5 years 1.5
              2 foreign exchange and gold contracts  
                (a) residual maturity 1 year or less 1
                (b) residual maturity > 1 year to 5 years 5
                (c) residual maturity > 5 years 7.5
              3 equity contracts  
                (a) residual maturity 1 year or less 6
                (b) residual maturity > 1 year to 5 years 8
                (c) residual maturity > 5 years 10
              4 precious metal contracts (other than gold)  
                (a) residual maturity 1 year or less 7
                (b) residual maturity > 1 year to 5 years 7
                (c) residual maturity > 5 years 8
              5 other commodity contracts (other than precious metals)  
                (a) residual maturity 1 year or less 10
                (b) residual maturity > 1 year to 5 years 12
                (c) residual maturity > 5 years 15
              6 other market-related contracts  
                (a) residual maturity 1 year or less 10
                (b) residual maturity > 1 year to 5 years 12
                (c) residual maturity > 5 years 15
              (4) A potential future credit exposure must be based on an effective, rather than an apparent, notional principal amount. If the stated notional principal amount of an item is leveraged or enhanced by the structure of the item, the firm must use the effective notional principal amount in calculating the potential future credit exposure.
              (5) No potential future credit exposure is calculated for a single-currency floating/floating interest rate swap. The credit exposure from such an interest rate swap must be based on mark-to-market values.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.4.12 Credit conversion factors for items with terms subject to reset

              (1) For an item that is structured to settle outstanding exposures after specified payment dates on which the terms are reset (that is, the mark-to-market value of the item becomes zero on the specified dates), the period up to the next reset date must be taken to be the item’s residual maturity. For an interest rate item of that kind that is taken to have a residual maturity of more than 1 year, the credit conversion factor to be applied must not be less than 0.5% even if there are reset dates of a shorter maturity.
              (2) For an item with 2 or more exchanges of principal, the credit conversion factor must be multiplied by the number of remaining exchanges under the item.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.4.13 Credit conversion factors for single-name swaps

              (1) The credit conversion factors for a protection buyer in a single-name credit default swap or single-name total-rate-of-return swap are set out in column 3 of table 4.4.13. The credit conversion factors for a protection seller are set out in column 4 of that table.
              (2) The protection seller in a single-name credit default swap or single-name total-rate-of-return swap is subject to the add-on factor for a closed-out single-name swap only if the protection buyer becomes insolvent while the underlying asset is still solvent. The add-on must not be more than the amount of unpaid premiums.
              (3) In this rule:

              qualifying reference obligation includes obligations arising from items relating to:

              (a) securities that are rated investment grade by at least 2 ECRAs; or
              (b) securities that are unrated (or rated investment grade by only 1 ECRA), but:
              (i) are approved by the Regulatory Authority, on application by the banking business firm, to be of comparable investment quality; and
              (ii) are issued by an issuer that has its equity included in a main index used in a recognised exchange.

              Table 4.4.13 Credit conversion factors for single-name swaps

              column 1 item column 2 type of swap column 3 protection buyer % column 4 protection seller %
              1 credit default swap with qualifying reference obligation 5 5
              2 credit default swap with non-qualifying reference obligation 10 10
              3 total-rate-of-return swap with qualifying reference obligation 5 5
              4 total-rate-of-return swap with non-qualifying reference obligation 10 10

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.4.14 Policies — foreign exchange rollovers

              (1) A banking business firm must have policies for entering into and monitoring rollovers on foreign exchange transactions. The policies must restrict the firm’s capacity to enter into such rollovers, and must be approved by the Regulatory Authority.
              (2) The firm must notify the Regulatory Authority if it enters into a rollover outside the approved policy. The authority may direct how the rollover is to be treated for capital adequacy purposes.
              (3) The firm must not enter into a transaction at an off-market price, unless the transaction is a historical rate rollover on a foreign exchange transaction.
              (4) A historical rate rollover on a foreign exchange transaction may be entered into at an off-market price (instead of current market price).
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.4.15 How to convert contracted amounts — non-market-related items

              (1) A banking business firm must calculate the credit equivalent amount of each of its non-market-related items. Unless the item is a default fund guarantee in relation to clearing through a central counterparty, the credit equivalent amount of a non-market-related off-balance-sheet item is calculated by multiplying the contracted amount of the item by the relevant credit conversion factor in table 4.4.15.
              (2) If the firm arranges a repurchase or reverse repurchase or a securities lending or borrowing transaction between a customer and a third party and provides a guarantee to the customer that the third party will perform its obligations, the firm must calculate the credit risk capital requirement as if it were the principal.

              Table 4.4.15 Credit conversion factors for non-market-related off-balance-sheet items

              column 1 item column 2 kind of item column 3 credit conversion factor %
              1 direct credit substitutes 100
              2 performance-related contingencies 50
              3 trade-related contingencies 20
              4 lending of securities, or lodging securities as collateral 100
              5 assets sold with recourse 100
              6 forward asset purchases 100
              7 partly paid shares and securities 100
              8 placements of forward deposits 100
              9 note issuance and underwriting facilities 50
              10 commitments with certain drawdown 100
              11 commitments with uncertain drawdowns (for example, undrawn formal standby facilities and credit lines) with an original maturity of 1 year or less 20
              12 commitments with uncertain drawdowns with an original maturity of more than 1 year 50
              13 commitments that can be unconditionally cancelled at any time without notice (for example, undrawn overdraft and credit card facilities for which any outstanding unused balance is subject to review at least once a year) 0
              (3) For item 4 of table 4.4.15, an exposure from lending securities, or lodging securities as collateral, may be treated as a collateralised transaction.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.4.16 Credit equivalent amount of undrawn commitments

              In calculating the credit equivalent amount of a non-market-related off-balance-sheet item that is an undrawn (or partly drawn) commitment, a banking business firm must use the undrawn amount of the commitment.

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.4.17 Irrevocable commitment — off-balance-sheet facilities

              For an irrevocable commitment to provide an off-balance-sheet facility, the original maturity must be taken to be the period from the commencement of the commitment until the associated facility expires.

              Example

              An irrevocable commitment with an original maturity of 6 months with an associated facility that has a nine-month term is taken to have an original maturity of 15 months.

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK Part 4.5 BANK Part 4.5 Credit risk mitigation

          • BANK Division 4.5.A BANK Division 4.5.A General

            • BANK 4.5.1 Introduction

              A banking business firm is able to obtain capital relief by using CRM techniques. CRM techniques must be viewed as complementary to, rather than a replacement for, thorough credit risk assessment.

              Note Under rule 4.4.2, if a claim or asset to which a risk-weight must be applied is secured by eligible financial collateral or guarantee (or there is a mortgage indemnity insurance, or a credit derivative instrument or netting agreement) this Part on credit risk mitigation may be used to reduce the credit risk capital requirement of the firm.

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.2 Choice of CRM techniques

              (1) CRM techniques include:
              (a) accepting collateral, standby letters of credit and guarantees;
              (b) using credit derivatives or other derivative instruments;
              (c) using netting agreements; and
              (d) purchasing insurance.
              Note Credit risk mitigation using collateral and guarantees is usually dealt with at the time credit is granted. In contrast, credit derivatives and netting agreements are often used after the credit is granted, or used to manage the firm's overall portfolio risk.
              Guidance
              1 A banking business firm should not rely excessively on collateral or guarantees to mitigate credit risk. While collateral or guarantees may provide secondary protection to the firm if the counterparty defaults, the primary consideration for credit approval should be the counterparty's repayment ability.
              2 A banking business firm that provides mortgages at high loan-to-value ratios should consider the need for alternative forms of protection against the risks of such lending, including mortgage indemnity insurance, to protect itself against the risk of a fall in the value of the property.
              (2) In choosing a CRM technique, the firm must consider:
              (a) the firm's knowledge of, and experience in using, the technique;
              (b) the cost-effectiveness of the technique;
              (c) the type and financial strength of the counterparties or issuers;
              (d) the correlation of the technique with the underlying credits;
              (e) the availability, liquidity and realisability of the technique;
              (f) the extent to which documents in common use (for example, the ISDA Master Agreement) can be adopted; and
              (g) the degree of recognition of the technique by financial services regulators.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.3 Requirements — CRM techniques

              (1) A banking business firm’s credit risk management policy must set out the conditions under which CRM techniques may be used. The policy must enable the firm to manage CRM techniques and the risks associated with their use.
              (2) The firm must analyse the protection given by CRM techniques to ensure that any residual credit risk is identified, measured, evaluated, managed and controlled or mitigated.
              (3) If the firm accepts collateral, its policy must state the types of collateral that it will accept, and the basis and procedures for valuing collateral.
              (4) If the firm uses netting agreements, it must have a netting policy that sets out its approach. The netting policy must provide for monitoring netting agreements and must enable the firm to monitor and report netted transactions on both gross and net bases.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.4 Obtaining capital relief

              (1) To obtain capital relief, the CRM technique and every document giving effect to it must be binding on all parties and enforceable in all the relevant jurisdictions.

              Example

              When accepting eligible financial collateral, a banking business firm must ensure that any necessary legal procedures have been followed, to ensure that the collateral can be enforced.

              Note Under rule 4.2.2, a firm's credit risk management policy must establish effective credit risk administration to monitor documents, legal covenants, contractual requirements, and collateral and other CRM techniques.
              (2) A banking business firm must review the enforceability of a CRM technique that it uses. The firm must have a well-founded legal basis for any conclusion about enforceability, and must carry out further reviews to ensure that the technique remains enforceable.

              Guidance

              A banking business firm should consider whether independent legal opinion should be sought on the enforceability of documents. The documents should be ready before the firm enters into a contractual obligation or releases funds.
              (3) The effects of a CRM technique must not be double-counted. The firm is not allowed to obtain capital relief if:
              (a) the risk-weight for the claim or asset is based on an issue-specific rating; and
              (b) the ECRA that determined the rating had taken the technique into consideration in doing so.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 4.5.5 Standard haircuts to be applied

              (1) A banking business firm must use the standard haircuts (expressed in percentages) set out in this rule in any calculation relating to credit risk mitigation. The haircuts are applied after risk mitigation to calculate adjusted exposures and are intended to take into account possible future price fluctuations.
              (2) In table 4.5.5A:

              other issuers include banks, corporates, and public sector enterprises that are not treated as sovereigns.

              sovereign includes a multilateral development bank, and a non-commercial public sector enterprise, that has a zero per cent risk-weight.

              Table 4.5.5A Haircuts for debt securities

              column 1 item column 2 credit rating for debt securities column 3 residual maturity % column 4 sovereigns % column 5 other issuers %
              1 AAA to AA-/A-1 (long-term and short-term) <1 year 0.5 1
              >1 year, <5 years 2 4
              > 5 years 4 8
              2 A+ to BBB-/ A-2/A-3/P-3 (long-term and short-term) and unrated bank securities that are eligible financial collateral <1 year 1 2
              >1 year, < 5 years 3 6
              > 5 years 6 12
              3 BB+ to BB- (long-term) All 15 Not applicable
              4 securities issued by the State of Qatar or the Qatar Central Bank <1 year 1 Not applicable
              >1 year, < 5 years 3 Not applicable
              >5 years 6 Not applicable

              Note    Table 4.5.5A item 3, column 5: securities rated BB+ or below are eligible financial collateral only if issued by a sovereign or non-commercial public sector enterprise — see rule 4.5.7 (1) (c) (i).

              Table 4.5.5B Haircuts for other assets

              column 1 item column 2 description of assets column 3 haircut %
              1 main index equities (including convertible bonds) and gold 15
              2 other equities (including convertible bonds) listed on a recognised exchange 25
              3 units in listed trusts, undertakings for collective investments in transferable securities (UCITS), mutual funds and tracker funds highest haircut applicable to any security in which the entity can invest
              4 cash collateral denominated in the same currency as the collateralised exposure 0
              (3) If a CRM technique (other than a guarantee) and the exposure covered by it are denominated in different currencies (that is, there is a currency mismatch between them), the haircut that applies is:
              (a) if the mismatched currencies are both pegged to the same reference currency, or 1 of them is pegged to the other — 0; or
              (b) in any other case — 8%.
              (4) If there is a currency mismatch between a guarantee and the exposure covered by it, the amount of the exposure that is covered must be reduced using the following formula:

              Gx(1 — Hfx)

              where:
              G is the nominal amount of the guarantee.
              Hfx is the haircut appropriate for the currency mismatch between the credit protection and the underlying obligation, as follows:

              (a) if the guarantee is revalued every 10 business days — 8%;
              (b) if the guarantee is revalued at any longer interval — the factor H calculated using the formula in subrule (5); or
              (c) if the mismatched currencies are both pegged to the same reference currency, or if 1 of them is pegged to the other — 0.
              (5) If the guarantee is revalued at intervals longer than 10 business days, the 8% haircut must be scaled up using the following formula:



              where:
              H is the scaled-up haircut.
              N is the number of business days between revaluations.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK Division 4.5.B BANK Division 4.5.B Collateral

            • BANK 4.5.6 Capital relief from collateral

              (1) A banking business firm is able to obtain capital relief by accepting collateral only if the collateral is eligible financial collateral.
              (2) Collateral may be lodged by the counterparty of the firm holding a credit exposure (or by a third party on behalf of the counterparty).
              (3) The firm must enter into a written agreement with the party lodging the collateral. The agreement must establish the firm’s direct, explicit, irrevocable and unconditional recourse to the collateral.

              Guidance

              In the case of cash collateral, the recourse may be in the form of a contractual right of set-off on credit balances. A common-law right of set-off is, on its own, insufficient to satisfy this rule.
              (4) If collateral is lodged by a third party, the third party must guarantee the counterparty’s obligation to the firm and must indemnify the firm if the counterparty fails to fulfil its obligation. The firm must ensure that the guarantee does not fail for lack of consideration.
              (5) The mechanism by which collateral is lodged must allow the firm to liquidate or take possession of the collateral in a timely way. The firm must take all steps necessary to satisfy the legal requirements applicable to its interest in the collateral.

              Guidance

              1 The firm should have clear and robust procedures for the liquidation of collateral to ensure that the legal conditions for declaring default and liquidating the collateral are observed.
              2 The firm should consider whether, in the event of default, notice to the party that lodged the collateral would be needed before the firm could have recourse to it.
              (6) There must not be a significant positive correlation between the value of the collateral and the credit quality of the borrower.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.7 Eligible financial collateral

              (1) The following are eligible financial collateral if they satisfy the criteria in subrule (2):
              (a) gold bullion;
              (b) cash;

              Note For what is included in cash collateral — see rule 4.5.8.
              (c) debt securities that are assigned, by an ECRA, a rating of:
              (i) for sovereign or non-commercial public sector enterprise securities that are eligible for zero per cent risk-weight — at least BB-;
              (ii) for short-term debt securities — at least A-3/P-3; or
              (iii) for any other securities — at least BBB—;
              (d) subject to subrule (3), debt securities that have not been assigned a rating by an ECRA if:
              (i) the securities are issued by a bank (in or outside the QFC) as senior debt and are listed on a recognised exchange;
              (ii) all rated issues of the same seniority issued by the bank have a credit rating of at least BBB- (for long-term debt instruments) or A-3/P-3 (for short-term debt instruments); and
              (iii) the firm and the holder of the collateral have no information suggesting that the securities should have a rating below BBB- or A-3/P-3;
              (e) equities (including convertible bonds) that are included in a main index;
              (f) tracker funds, mutual funds and undertakings for collective investments in transferable securities (UCITS) if:
              (i) a price for the units is publicly quoted daily; and
              (ii) the funds or UCITS are limited to investing in instruments listed in this subrule;
              (g) equities (including convertible bonds) that are not included in a main index but are listed on a recognised exchange, and funds and UCITS described in paragraph (f) that include such equities.
              (2) For collateral to be eligible financial collateral, it must be lodged for at least the life of the exposure, and must be marked-to-market at least once a month. The release of collateral must be conditional on the repayment of the exposure, but collateral may be reduced in proportion to the amount of any reduction in the exposure.
              (3) Collateral in the form of securities issued by the counterparty or a person connected to the counterparty is not eligible financial collateral.
              (4) Insurance contracts, put options, and forward sales contracts or agreements are not eligible financial collateral.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 4.5.8 Forms of cash collateral

              Cash collateral, in relation to a credit exposure, means collateral in the form of:

              (a) notes and coins;
              (b) certificates of deposit, bank bills and similar instruments issued by the banking business firm holding the exposure; or
              (c) cash-funded credit-linked notes issued by a banking business firm against exposures in its banking book, if the notes satisfy the criterion for credit derivatives in rule 4.5.16(2).
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.9 Holding eligible financial collateral

              (1) Eligible financial collateral must be held by:
              (a) the banking business firm;
              (b) a branch (in or outside the QFC) of the firm;
              (c) an entity that is a member of the financial group of which the firm is a member;
              (d) an independent custodian; or
              (e) a central counterparty.
              (2) The holder of cash collateral in the form of a certificate of deposit or bank bill issued by a banking business firm must keep possession of the instrument while the collateralised exposure exists.
              (3) If the collateral is held by an independent custodian or central counterparty, the firm must take reasonable steps to ensure that the holder segregates the collateral from the holder’s own assets.
              (4) If collateral is held by a branch of a banking business firm and the branch is outside the QFC, the agreement between the firm and the party lodging the collateral must require the branch to act in accordance with the agreement.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.10 Risk-weight for cash collateral

              (1) A banking business firm may apply a zero per cent risk-weight to cash collateral if the collateral is held by the firm itself.
              (2) The firm may apply a zero per cent risk-weight to cash collateral held by another member of the financial group of which the firm is a member if the agreement between the firm and the party lodging the collateral requires the holder of the collateral to act in accordance with the agreement.
              (3) If cash collateral is held by a bank under a non-custodial arrangement, and the collateral is lodged with the firm under an agreement that establishes the firm’s irrevocable and unconditional recourse to the collateral, the exposure covered by the collateral (after any necessary haircuts for currency risk) may be assigned the risk-weight of the bank.
              (4) If cash collateral is held by an independent custodian (other than a central counterparty), the risk-weight of the holder of the collateral must be used. However, the firm may apply a zero per cent risk-weight to notes and coins held by an independent custodian.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.11 Risk-weight for claims

              (1) The secured part of a claim must be risk-weighted at whichever is the higher of 20% or the risk-weight applicable to the eligible financial collateral. However, a risk-weight lower than 20% may be applied to the secured part if rule 4.5.12 applies.

              Note Under this rule, 20% risk-weight is the minimum that can be applied to the secured part of the claim. A risk-weight of less than 20% is allowed only for some transactions — see rule 4.5.12.
              (2) The unsecured part of the claim must be weighted at the risk-weight applicable to the original counterparty.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.12 Risk-weights less than 20%

              (1) A zero per cent risk-weight may be applied to a collateralised transaction if:
              (a) there is no currency mismatch; and
              (b) any one of the following applies:
              (i) the collateral is in the form of sovereign securities that are eligible for zero per cent risk-weight;
              (ii) the collateral is in the form of cash collateral on deposit with the banking business firm; or
              (iii) if the collateral is in the form of non-commercial public sector enterprise securities:
              (A) the securities are eligible for zero per cent risk-weight; and
              (B) the market value of the collateral has been discounted by 20%.
              (2) A zero per cent risk-weight may be applied to an over the counter derivative transaction if there is no currency mismatch and the transaction is fully collateralised by cash and marked-to-market daily.
              (3) A 10% risk-weight may be applied to an over the counter derivative transaction to the extent that the transaction is collateralised by sovereign or non-commercial public sector enterprise securities that are eligible for zero per cent risk-weight.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 4.5.13 BANK 4.5.13 Valuing collateral

              Collateral accepted by a banking business firm must be valued at its net realisable value, taking into account prevailing market conditions. That value must be monitored at appropriate intervals, and the collateral must be regularly revalued.

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 4.5.13 Guidance

                1 The net realisable value of some collateral may be readily available (for example, collateral that is marked-to-market regularly). Other collateral may be more difficult to value and may require knowledge and consideration of prevailing market conditions.
                2 The method and frequency of monitoring and revaluation depend on the nature and condition of the collateral (see rule 4.5.7 (2)). For example, securities accepted as collateral are usually marked to market daily.
                Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK Division 4.5.C BANK Division 4.5.C Guarantees

            • BANK 4.5.14 Capital relief from guarantees

              (1) Capital relief is allowed from a guarantee if the guarantor is an eligible guarantor and the guarantee satisfies the criteria in subrules (2) to (4). Before accepting a guarantee, a banking business firm must consider the legal and financial ability of the guarantor to fulfil the guarantee.
              (2) A guarantee must be a direct claim on the guarantor and must clearly state the extent of the cover. A letter of comfort is not a guarantee for the purposes of this Division.
              (3) A guarantee must be irrevocable. It must not include a term or condition:
              (a) that allows the guarantor to cancel it unilaterally; or
              (b) that increases the effective cost of cover if the credit quality of the guaranteed exposure deteriorates.
              Note The irrevocability condition does not require that the guarantee and the exposure be maturity matched. However, it does require that the agreed maturity should not be reduced by the guarantor after the banking business firm accepts the guarantee.
              (4) A guarantee must be unconditional. It must not include a term or condition (outside the direct control of the firm) that allows the guarantor not to indemnify the firm in a timely way if the counterparty defaults.
              (5) If a claim on a counterparty is secured by a guarantee, the part of the claim that is covered by the guarantee may be weighted at the risk-weight applicable to the guarantor. The unsecured part of the claim must be weighted at the risk-weight applicable to the original counterparty.

              Note This rule applies to a guarantee that provides part coverage under which the firm and the guarantor share losses on a pro rata basis.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.15 Eligible guarantors

              (1) Eligible guarantor means:
              (a) the State of Qatar or any other sovereign;
              (b) an entity that is treated as a sovereign in accordance with the Basel Accords; or
              (c) a public sector enterprise or other entity that has:
              (i) a risk-weight of 20% or lower; and
              (ii) a lower risk-weight than the counterparty.
              (2) A parent entity, subsidiary or affiliate of a counterparty may be an eligible guarantor if it has a lower risk-weight than the counterparty.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK Division 4.5.D BANK Division 4.5.D Credit derivatives

            • BANK 4.5.16 Capital relief from credit derivatives

              (1) Capital relief is allowed if a banking business firm uses an eligible credit derivative. Each of the following is an eligible credit derivative if it satisfies subrule (2):
              (a) a single-name credit-default swap;
              (b) a total-rate-of-return swap for which the firm has recorded any deterioration in the value of the underlying exposure, in addition to recording the net payments received on the swap as net income;
              (c) a cash-funded credit-linked note;
              (d) a first and second-to-default credit derivative basket product.
              (2) The credit derivative must not include a term or condition that terminates the credit protection, or increases the firm's costs for the protection, if the credit quality of the underlying exposure deteriorates.
              (3) If a claim on a counterparty is protected by a credit derivative, the part of the claim that is protected may be weighted at the risk-weight applicable to the issuer of the credit derivative. The unprotected part of the claim must be weighted at the risk-weight applicable to the original counterparty.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK Division 4.5.E BANK Division 4.5.E Netting agreements

            • BANK 4.5.17 BANK 4.5.17 Capital relief from netting agreements

              (1) A banking business firm is able to obtain capital relief from a netting agreement with a counterparty only if the agreement is an eligible netting agreement.
              (2) A banking business firm that has entered into a netting agreement must consistently net all the transactions included in the agreement. The firm must not selectively pick which transactions to net.
              (3) The following kinds of transactions may be netted:
              (a) on-balance-sheet loans and deposits, but only if:
              (i) the firm is able to determine at all times the assets and liabilities that are subject to netting under the agreement; and
              (ii) the deposits satisfy the criteria for eligible financial collateral;
              (b) securities financing transactions;

              Note Securities financing transactions are not included as part of market-related transactions.
              (c) over the counter derivative transactions.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 4.5.17 Guidance

                A netting agreement may include the netting of over the counter derivative transactions:

                •   across both the banking and trading books of a banking business firm (if the netted transactions satisfy the criteria in rule 4.5.23); and
                •   across different market-related products to the extent that they are recognised as market-related transactions.
                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.18 Criteria for eligible netting agreements

              (1) To be an eligible netting agreement, a netting agreement:
              (a) must be in writing;
              (b) must create a single obligation covering all transactions and collateral included in the agreement and giving the banking business firm the following rights:
              (i) the right to terminate and close-out, in a timely way, all the transactions included in the netting agreement;
              (ii) the right to net the gains and losses on those transactions (including the value of any collateral) so that the firm either has a claim to receive, or an obligation to pay, only the net sum of the close-out values of the individual transactions;

              Note For forward contracts, swaps, options and similar derivative transactions, this right will include the positive and negative mark-to-market values of the individual transactions.
              (iii) the right to liquidate or set-off collateral if either party to the agreement fails to meet its obligations because of default, liquidation, bankruptcy or other similar circumstances;
              (c) must not be subject to a walkaway clause; and
              (d) must be supported by a written and reasoned legal opinion that complies with rules 4.5.20 to 4.5.22.
              (2) A banking business firm must not recognise a netting agreement as an eligible netting agreement if it becomes aware that a financial services regulator of the counterparty is not satisfied that the agreement is enforceable under the laws of the regulator's jurisdiction. This rule applies regardless of any legal opinion obtained by the firm.
              (3) A netting agreement is not an eligible netting agreement if there is doubt about its enforceability.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.19 Legal opinion must cover transaction

              (1) A banking business firm must ensure that a netted transaction is covered by an appropriate legal opinion.
              (2) In calculating the net sum due to or from a counterparty, the firm must exclude netted transactions for which it has not obtained a satisfactory legal opinion applicable in the relevant jurisdiction. An excluded transaction must be reported on a gross basis.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.20 Conclusion about enforceability

              (1) For rule 4.5.18 (1) (d), the legal opinion must conclude that, in the event of default, liquidation, bankruptcy or other similar circumstances of a party to the netting agreement, the banking business firm's claims and obligations are limited to the net sum calculated under the netting agreement in accordance with the applicable law.

              Guidance

              The Regulatory Authority expects the legal opinion to deal with the issue of which of the following laws applies to the netting:
              •    the law of the jurisdiction in which the counterparty is incorporated or formed (or, in the case of an individual, resides)
              •    if an overseas branch of the counterparty is involved — the law of the jurisdiction in which the branch is located
              •    the law that governs the individual transactions
              •    the law that governs any contract or agreement necessary to give effect to the netting.
              (2) In particular, the legal opinion must conclude that, in the event of insolvency or external administration of a counterparty, a liquidator or administrator of the counterparty will not be able to claim a gross amount from the banking business firm while only being liable to pay a dividend in insolvency to the firm (as separate money flows).

              Guidance

              In some countries, there are provisions for the authorities to appoint an administrator to a troubled bank. Under statutory provisions applying in those countries, the appointment of an administrator might not constitute a ground for triggering a netting agreement. Such provisions do not prevent the recognition of an affected netting agreement if the agreement can still take effect if the bank under administration does not meet its obligations as they fall due.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.21 Requirements — legal opinion

              (1) Before a banking business firm uses a legal opinion to support a netting agreement, the firm:
              (a) must ensure that the opinion is not subject to assumptions or qualifications that are unduly restrictive;
              (b) must review the assumptions about the enforceability of the agreement and must ensure that they are specific, factual and adequately explained in the opinion; and
              (c) must review and assess the assumptions, qualifications and omissions in the opinion to determine whether they give rise to any doubt about the enforceability of the agreement.
              (2) The firm must have procedures to monitor legal developments and to ensure that its netting agreements continue to be enforceable. The firm must update the legal opinions about the agreements, as necessary, to ensure that the agreements continue to be eligible.
              (3) The firm may rely on a legal opinion obtained on a group basis by another member of the financial group of which it is a member if the firm and the other member have satisfied themselves that the opinion covers a netting agreement to which the firm is a counterparty.
              (4) The firm must report a transaction on a gross basis if there is any doubt about, or any subsequent legal development affects, the enforceability of the agreement.

              Note Under rule 4.5.18 (3), a netting agreement is not an eligible netting agreement if there is doubt about its enforceability.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.22 Relying on general legal opinions

              (1) A banking business firm may rely on a general legal opinion about the enforceability of netting agreements in a particular jurisdiction if the firm is satisfied that the type of netting agreement is covered by the opinion.
              (2) The firm must satisfy itself that the netting agreement with a counterparty and the general legal opinion are applicable to each transaction and product type undertaken with the counterparty, and in all jurisdictions where those transactions are originated.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.23 Netting of positions across books

              A banking business firm may net positions across its banking and trading books only if:

              (a) the netted transactions are marked-to-market daily; and
              (b) any collateral used in the transactions satisfies the criteria for eligible financial collateral in the banking book.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.24 Monitoring and reporting of netting agreements

              (1) If directed by the Regulatory Authority, a banking business firm must demonstrate that its netting policy is consistently implemented, and that its netting agreements continue to be enforceable.
              (2) The firm must keep adequate records to support its use of netting agreements and to be able to report netted transactions on both gross and net bases.
              (3) The firm must monitor its netting agreements and must report and manage:
              (a) roll-off risks;
              (b) exposures on a net basis; and
              (c) termination risks;
              for all the transactions included in a netting agreement.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.5.25 Collateral and guarantees in netting

              (1) A banking business firm may take collateral and guarantees into account in calculating the risk-weight to be applied to the net sum under a netting agreement.
              (2) The firm may assign a risk-weight based on collateral or a guarantee only if:
              (a) the collateral or guarantee has been accepted or is otherwise subject to an enforceable agreement; and
              (b) the collateral or guarantee is available for all the individual transactions that make up the net sum of exposures calculated.
              (3) The firm must ensure that provisions for applying collateral or guarantees to netted exposures under a netting agreement comply with the requirements for eligible financial collateral and guarantees in these rules.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK Part 4.6 BANK Part 4.6 Securitisation and re-securitisation

          Amended by QFCRA RM/2017-2 (as from 1st April 2017).

          • BANK Division 4.6.A BANK Division 4.6.A General

            Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.1 Introduction

              (1) The Part sets out the framework for determining a banking business firm's minimum capital requirements to cover the firm's exposures arising from traditional and synthetic securitisations.
              (2) A firm's securitisation exposures may arise from the firm being (or acting in the capacity of) party to a securitisation.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.2 Securitisation and re-securitisation

              (1) Securitisation, in relation to a banking business firm, is the process of pooling various kinds of contractual debt or non-debt assets that generate receivables and selling their related cash flows to third party investors as securities. In a securitisation, payments to the investors depend on the performance of the underlying pool of assets, rather than on an obligation of the originator of the assets.
              (2) The underlying pool in a securitisation may include 1 or more exposures.
              (3) The securities usually take the form of bonds, notes, pass-through securities, collateralised debt obligations or even equity securities that are structured into different classes (tranches) with different payment priorities, degrees of credit risk and return characteristics.

              Note A securitisation (whether traditional or synthetic) must have at least 2 tranches (see subrules 4.6.3 (2) and (3)).
              (4) Re-securitisation is a securitisation in which at least one of the underlying assets is itself a securitisation or another re-securitisation.

              Note Exposures arising from re-tranching are not re-securitisation exposures if, after the re-tranching, the exposures act like direct tranching of a pool with no securitised assets. This means that the cash flows to and from the firm as originator could be replicated in all circumstances and conditions by an exposure to the securitisation of a pool of assets that contains no securitisation exposures.
              (5) A reference in this Part to securitisation includes re-securitisation.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.3 BANK 4.6.3 Securitisation structures

              (1) A securitisation may be a traditional securitisation or a synthetic securitisation.
              (2) In a traditional securitisation, title to the underlying assets is transferred to an SPE, and the cash flows from the underlying pool of assets are used to service at least 2 tranches. A traditional securitisation generally assumes the movement of assets off the originator's balance-sheet.
              (3) A synthetic securitisation is a securitisation with at least 2 tranches that reflect different degrees of credit risk where the credit risk of the underlying pool of exposures is transferred, in whole or in part, through the use of credit derivatives or guarantees. In a synthetic securitisation, the third party to whom the risk is transferred need not be an SPE.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.3 Guidance

                The Regulatory Authority would treat as securitisations other structures designed to finance assets that are legally transferred to a scheme by packaging them into tradeable securities secured on the assets and serviced from their related cash flows.

                Funded credit derivatives would include credit-linked notes, and unfunded credit derivatives would include credit default swaps.

                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.4 Securitisation exposures

              A securitisation exposure of a banking business firm is a risk position (whether on-balance-sheet or off-balance-sheet) held by the firm arising from a securitisation.

              Examples of sources

              •    investments in a securitisation
              •    asset-backed securities (including mortgage-backed securities)
              •    credit enhancements and liquidity facilities
              •    interest rate swaps and currency swaps
              •    credit derivatives
              •    corporate bonds, equity securities and private equity investments
              •    reserve accounts (such as cash collateral accounts) recorded as assets by a firm that is, or that acts in the capacity of, an originator.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.5 Parties to securitisation

              For purposes of calculating a banking business firm's capital requirements, the parties to a securitisation are the originator, the issuer and the investors.

              Note 1 Depending on the securitisation structure, a banking business firm may be (or act in the capacity of) originator, issuer, investor or any 1 or more of the following:

              (a) a manager of the securitisation;
              (b) a sponsor of the securitisation;
              (c) an adviser to the securitisation;
              (d) an entity to place the securities with investors;
              (e) a provider of credit enhancement;
              (f) a provider of a liquidity facility;
              (g) a servicer to carry out certain activities usually carried out by the manager of the securitisation in relation to the underlying assets.

              Note 2 A banking business firm may act as sponsor of a securitisation or similar programme involving assets of a customer. As sponsor, the firm earns fees to manage or advise on the programme, place the securities with investors, provide credit enhancement or provide a liquidity facility.

              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.6 BANK 4.6.6 Firm as originator

              A banking business firm is an originator of a securitisation if:

              (a) the firm originates, directly or indirectly, underlying assets included in the securitisation; or
              (b) the firm serves as sponsor of an asset-backed commercial paper programme (or similar programme) that acquires exposures from third parties.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.6 Guidance

                1 In relation to a programme that acquires exposures from third parties, a banking business firm would generally be considered a sponsor (and, therefore, an originator) if the firm, in fact or in substance, manages or advises the programme, places securities into the market, provides a liquidity facility or provides a credit enhancement.
                2 Acts of management would include handling related taxes, managing escrow accounts, remitting payments and obtaining insurance.
                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

          • BANK Division 4.6.B BANK Division 4.6.B Securitisation process

            Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.7 Process of securitisation

              (1) The process of a securitisation is:
              (a) first, the origination of assets or credit risk;
              (b) second, the transfer of the assets or credit risk; and
              (c) third, the issuance of securities to investors.
              (2) In a securitisation, the cash flow from the pool is used to make payments on obligations to at least 2 tranches or classes of investors (typically holders of debt securities), with each tranche or class being entitled to receive payments from the pool before or after another tranche or class of investors, so that the tranches or classes bear different levels of credit risk.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.8 Special purpose entities

              (1) A special purpose entity (or SPE) is a legal entity that is created solely for a particular financial transaction or series of transactions. The SPE must not engage in any other business.
              (2) In a securitisation, an SPE typically purchases and holds the assets for the purposes of the securitisation. The SPE's payment for the pool is typically funded by debt, including through the issue of securities by the SPE.

              Guidance

              The purpose of the SPE to facilitate the securitisation, and the extent of a banking business firm's involvement in the SPE, should be clear. The SPE's activities should be limited to those necessary to accomplish that purpose.
              (3) Most securitisations require the creation of an SPE to:
              (a) hold the assets transferred by the originator;
              (b) issue securities based on the assets; and
              (c) act as intermediary between the originator and the investors.
              Note A synthetic securitisation may or may not require an SPE (see subrule 4.6.3 (3))
              (4) An SPE may take the form of a limited partnership, limited liability company, corporation, trust or collective investment fund. An SPE may also be established under a special law that allows the creation of SPEs.

              Guidance

              By its nature, an SPE is a legal shell with only the specific assets transferred by the originator (that is, the SPE has no other property in which any other party could have an interest).
              (5) An SPE must be bankruptcy-remote from the originator. It must not be consolidated with the originator for tax, accounting or legal purposes.
              (6) Any undertaking given by a banking business firm to an SPV must be stated clearly in the transaction documents for the securitisation.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

          • BANK Division 4.6.C BANK Division 4.6.C Risk management of securitisation

            Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.9 Role of governing body — securitisation

              (1) A banking business firm's governing body must oversee the firm's securitisation exposures.
              (2) The governing body:
              (a) must understand, and set the scope and purpose of, the firm's securitisations; and
              (b) must be aware of the risks and other implications associated with securitisation.
              (3) The governing body must ensure that the firm's senior management establishes and implements securitisation policies that include:
              (a) appropriate risk management systems to identify, measure, monitor, report on and control or mitigate the risks arising from the firm's involvement in securitisation; and
              (b) how the firm monitors, and reports on, the effect of securitisation on its risk profile.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.10 Relation to internal capital adequacy assessment

              A banking business firm must be able to demonstrate to the Regulatory Authority that the firm's ICAAP captures the following specific risks relating to securitisation:

              (a) credit risk, market risk, liquidity risk and reputation risk for each securitisation exposure;
              (b) potential delinquencies and losses on the exposures;
              (c) risks arising from the provision of credit enhancements and liquidity facilities; and
              (d) risks arising from guarantees provided by monoline insurers and other third parties.

              Note The due diligence requirements in rule 4.6.18 (3) require a banking business firm to have policies:
              (a) to ensure that the economic substance of each securitisation is taken into account in managing the risks arising from the firm's involvement in securitisation;
              (b) to document its systems and controls in relation to securitisation and the risks that arise from it; and
              (c) that set out the effects of securitisation on capital.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

          • BANK Division 4.6.D BANK Division 4.6.D Operational requirements for using external ratings

            Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.11 External credit rating agencies

              (1) Depending on the securitisation structure, 1 or more ECRAs may be involved in rating the securitisation. A banking business firm must use only ECRAs that have a demonstrated expertise in assessing securitisations.

              Guidance

              Expertise might be evidenced by strong market acceptance.
              (2) For the purposes of risk-weighting, an ECRA must take into account the total amount of the firm's exposure on all payments owed to it. For example, if the firm is owed principal and interest, the ECRA's assessment must have taken into account timely repayment of both principal and interest.

              Note For the use of ECRAs in general, see rule 4.3.7 and rule 4.3.7A.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.12 BANK 4.6.12 Ratings must be publicly available

              (1) A credit rating assigned by an ECRA must be publicly available. If the rating assigned to a facility is not publicly available, the facility must be treated as unrated.

              Note For the treatment of an eligible liquidity facility whose rating is not publicly available, see rule 4.6.30.
              (2) The loss and cash flow analysis for the securitisation, and the sensitivity of the rating to changes in the assumptions on which it was made, must also be publicly available.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.12 Guidance

                Information required under this rule should be published in an accessible form for free. Information that is made available only to the parties to a securitisation is not considered publicly available.

                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.13 Ratings must be applied consistently

              (1) A credit rating assigned by an ECRA must be applied consistently across all tranches of a securitisation.
              (2) A banking business firm must not use an ECRA's credit rating for 1 or more tranches and another ECRA's rating for other tranches within the same securitisation structure (whether or not those other tranches are rated by the first ECRA).

              Note Under rule 4.3.7A:
              (a) if there are 2 different assessments by ECRAs, the higher risk-weight must be applied; and
              (b) if there are 3 or more different assessments by ECRAs, the assessments corresponding to the 2 lowest risk-weights should be referred to and the higher of those 2 risk-weights must be applied.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

          • BANK Division 4.6.E BANK Division 4.6.E Calculation of risk-weighted assets

            Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.14 Operational requirements for traditional securitisation

              A banking business firm that is an originator or sponsor of a traditional securitisation may exclude, from the calculation of its risk-weighted assets, exposures relating to the securitised assets only if:

              (a) the immediate transferee of the underlying assets is an SPE, and the holders of the legal or beneficial interests in the SPE have the right to pledge or exchange those interests without restriction;
              (b) substantially all credit risk associated with the securitised assets have been transferred;
              (c) the firm has no direct or indirect control over the securitised assets;

              Guidance about control
              1 A banking business firm would be taken to maintain effective control over transferred credit risk exposures if:
              (a) the firm is able to repurchase from the transferee the transferred exposures in order to realise their benefits; or
              (b) the firm is obligated to retain the risk of the exposures.
              2 A firm that is an originator may act as servicer of the underlying assets, and the firm's retention of servicing rights would not necessarily constitute indirect control over the assets.
              (d) the securitised assets are legally isolated from the firm (through the sale of the assets or through sub-participation) so that the assets are beyond the reach of the firm and its creditors even in case of bankruptcy or insolvency;
              (e) a qualified legal counsel (whether external or in-house) has given a written reasoned opinion that paragraph (d) is satisfied;
              (f) any clean-up call complies with rule 4.6.16;
              (g) the securities issued are not obligations of the firm, so that investors have a claim only on the securitised assets and have no claim against the firm;
              (h) the securitisation does not include any term or condition that:
              (i) requires the firm to alter the underlying exposures to improve the pool's weighted average credit quality (unless the improvement is achieved by selling exposures at market prices to parties who are neither affiliated, connected or related to the firm);

              Note Affiliate, connected and related party are defined in the glossary.
              (ii) allows increases in a retained first loss position or credit enhancement; or
              (iii) increases the yield payable to parties other than the firm (for example, payments to investors and providers of credit enhancement) in response to a deterioration in the credit quality of the underlying assets; and
              (i) the securitisation does not have:
              (i) termination provisions for specific changes in tax and regulation;
              (iii) termination options or triggers (except clean-up calls that comply with rule 4.6.16); or
              (iii) early amortisation provisions that, under rule 4.6.38, would result in the securitisation not meeting the other requirements in paragraphs (a) to (h).
              Note Under rule 4.6.20, an originator that meets the requirements set out in this rule must, however, hold regulatory capital against any exposures that it retains in relation to the securitisation (including exposures arising from the provision of credit enhancements and liquidity facilities).
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.15 Operational requirements for synthetic securitisation

              In calculating its risk-weighted assets, a banking business firm that is an originator or sponsor of a synthetic securitisation may exclude securitised exposures only if:

              (a) substantially all credit risk associated with the securitised exposures have been transferred;
              (b) the CRM technique used to obtain capital relief is eligible financial collateral, an eligible credit derivative, a guarantee or an eligible netting agreement;

              Note Eligible financial collateral pledged by an SPE in a securitisation may be recognised as a CRM technique, but an SPE of a securitisation cannot be an eligible protection provider in the securitisation (see rule 4.6.32 (2)).
              (c) the securitisation does not include any terms or conditions that limit the amount of credit risk transferred, such as clauses that:
              (i) materially limit the credit protection or credit risk transference (including clauses that provide significant materiality thresholds below which credit protection is not to be triggered even if a credit event occurs and clauses that allow termination of the protection because of deterioration in the credit quality of the underlying exposures);
              (ii) require the firm to alter the underlying exposures to improve the pool's weighted average credit quality;
              (iii) increase the firm's cost of credit protection to the firm in response to a deterioration in the credit quality of the underlying exposures;
              (iv) allow increases in a retained first loss position or credit enhancement; or
              (v) increase the yield payable to parties other than the firm (for example, payments to investors and providers of credit enhancement) in response to a deterioration in the credit quality of the underlying exposures;
              (d) a qualified legal counsel (whether external or in-house) has given a written reasoned opinion that paragraph (c) is satisfied and that the contract for the transfer of the credit risk is enforceable in all relevant jurisdictions;
              (e) any clean-up call complies with rule 4.6.16; and
              (f) if the credit risk associated with the securitised exposures is transferred to an SPE:
              (i) the securities issued by the SPE are not obligations of the firm;
              (ii) the holders of the beneficial interests in the SPE have the right to pledge or exchange those interests without restriction; and
              (iii) the firm holds no more than 20% of the aggregate original amount of all securities issued by the SPE, unless:
              (A) the holdings consist entirely of securities that are rated AAA to AA- (long term) or A-1 (short term); and
              (B) all transactions with the SPE are at arm's length and on market terms and conditions.
              Note Under rule 4.6.20, an originator or sponsor that meets the requirements set out in this rule must, however, hold regulatory capital against any exposures that it retains in relation to the securitisation (including exposures arising from the provision of credit enhancements and liquidity facilities).
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.16 BANK 4.6.16 Requirements for clean-up calls — traditional and synthetic securitisations

              (1) A clean-up call is an option that permits the securitisation exposures to be called before all of the underlying exposures or securitisation exposures have been repaid.
              (2) There is no capital requirement for a securitisation that includes a clean-up call, if:
              (a) the exercise of the clean-up call is at the discretion of the originator or sponsor;
              (b) the clean-up call is not structured:
              (i) to avoid allocating losses to credit enhancements or positions held by investors; or
              (ii) to provide credit enhancement; and
              (c) the clean-up call may only be exercised:
              (i) for a traditional securitisation — when 10% or less of the original underlying pool of assets, or securities issued, remains; or
              (ii) for a synthetic securitisation — when 10% or less of the original reference portfolio value remains.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.16 Guidance

                1 For a traditional securitisation, a clean-up call might be carried out by repurchasing the remaining securitisation exposures after the balance of the pool has, or the outstanding securities have, fallen below a specified level.
                2 For a synthetic securitisation, a clean-up call might take the form of a clause that extinguishes the credit protection.
                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.17 Clean-up calls that fail requirements — traditional and synthetic securitisations

              (1) This rule applies to a securitisation that includes a clean-up call if the clean-up call does not comply with all of the operational requirements in rule 4.6.16.
              (2) The originator or sponsor must calculate a capital requirement for the securitisation.

              Note If the clean-up call is exercised and found to serve as a credit enhancement, the exercise of the call must be considered as implicit support and treated in accordance with rule 4.6.21.
              (3) For a traditional securitisation, the underlying assets must be treated as if they were not securitised. No gain-on-sale of those assets may be recognised.
              (4) For a synthetic securitisation, a banking business firm that purchases protection must hold capital against the entire amount of the securitised exposures as if they did not benefit from any credit protection.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.18 Due diligence requirements

              (1) A banking business firm must not apply a risk-weight to a securitisation exposure using table 4.6.22, unless the firm meets the requirements set out in subrules (3) to (7) (the due diligence requirements).
              (2) If the firm fails to meet a due diligence requirement in relation to a securitisation exposure, the Regulatory Authority may direct the firm:
              (a) to apply a risk-weight of 1,250% to the exposure; or
              (b) to deduct the amount of the exposure from its regulatory capital.
              (3) The firm must have, in relation to securitisation, appropriate policies:
              (a) to ensure that the economic substance of each securitisation is taken into account in managing the risks arising from the firm's involvement in securitisation;
              (b) to document its systems and controls in relation to securitisation and the risks that arise from it; and
              (c) that set out the effects of securitisation on capital.
              (4) The firm must have, on an ongoing basis, a clear understanding of the risk characteristics of its individual securitisation exposures (whether on-balance-sheet or off-balance-sheet) and the risk characteristics of the pool underlying those exposures.
              (5) The firm must understand, at all times, the structural features that may materially affect the performance of its securitisation exposures (such as contractual waterfall and waterfall-related triggers, credit enhancements, liquidity facilities, market value triggers, and deal-specific definitions of default).
              (6) The firm must have continuous access to performance information about its underlying assets.

              Note Performance information may include exposure type, percentage of loans 30, 60 and 90 days past due, default rates, prepayment rates, loans in foreclosure, property type, occupancy, average credit score or other measures of creditworthiness, average loan-to-value ratio, and industry diversification and geographic diversification.
              (7) For re-securitisation, the firm must have not only information on the securitisation tranches (such as the issuer name and credit quality) but also the characteristics and performance of the pools underlying those tranches.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.19 Capital treatment to be based on economic substance

              (1) The capital treatment of a securitisation exposure must be determined on the basis of the economic substance, rather than the legal form, of the securitisation structure. If a banking business firm is uncertain about whether a transaction is a securitisation, the firm must consult with the Regulatory Authority.
              (2) Despite anything in these rules, the Regulatory Authority may look through the structure to the economic substance of the transaction and:
              (a) vary the capital treatment of a securitisation exposure; or
              (b) reclassify a transaction as a securitisation or not a securitisation, and impose a capital requirement or limit on the transaction.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

          • BANK Division 4.6.F BANK Division 4.6.F Capital requirements where firm is originator or sponsor

            Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.20 Retained securitisation exposures

              (1) A banking business firm that is an originator or sponsor of a securitisation might, despite having transferred the underlying assets or the credit risk to those assets, continue to be exposed (through retained securitisation exposures) in relation to the securitisation. The firm must hold regulatory capital against all of its retained securitisation exposures.
              (2) The sources of retained securitisation exposures include:
              (a) investments in the securitisation (including the investment required under subrule (3));
              (b) investments in asset-backed securities (including mortgage-backed securities);
              (c) retention of a subordinated tranche;
              (d) credit enhancements provided by the firm; and
              (e) liquidity facilities provided by the firm.
              A repurchased securitisation exposure must be treated as a retained securitisation exposure.

              Note 1 For paragraph (a), the exposure arising from investments by a banking business firm in a securitisation originated by the firm is an on-balance-sheet exposure.

              Note 2 For paragraphs (d) and (e), the exposures arising from the provision of credit enhancements and liquidity facilities by a banking business firm in relation to a securitisation originated by the firm are off-balance-sheet exposures.
              (3) A banking business firm that is an originator or sponsor of a securitisation must retain 5% of the total issuance.

              Note Under rule 3.2.29, a banking business firm must derecognise, in its calculation of CET 1, any increase in equity capital or CET 1 capital from a gain-on-sale in a securitisation transaction.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.21 Effect of giving implicit support

              A banking business firm that gives implicit support to a securitisation:

              (a) must include the underwriting exposures of the securitisation in its calculation of risk-weighted assets (as if those assets had not been securitised and had remained on its balance sheet);
              (b) must not recognise any gain-on-sale of the underlying assets; and
              (c) must disclose to investors that it has provided implicit support and the effect on regulatory capital of doing so.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.22 Treatment of on-balance-sheet retained securitisation exposures

              (1) The risk-weighted asset amount of an on-balance-sheet retained securitisation exposure is calculated by multiplying the exposure by the applicable risk-weight in table 4.6.22.

              Table 4.6.22 Risk-weights based on ECRA rating

              Note In the table, the ratings are given according to Standard & Poor's conventions. If a claim or asset is not rated by Standard & Poor's, its ratings must be mapped to the equivalent Standard & Poor's rating.

              long-term rating securitisation exposure % re-securitisation exposure %
              AAA to AA- 20 40
              A+ to A- 50 100
              BBB+ to BBB- 100 225
              BB+ to BB- 350 650
              B+ and below or unrated As directed by the Regulatory Authority, apply 1,250% risk-weight or deduct the amount of the exposure from the firm's regulatory capital (see rule 4.6.22 (2))


              short-term rating securitisation exposure % re-securitisation exposure %
              A-1 20 40
              A-2 50 100
              A-3 100 225
              Below A-3 As directed by the Regulatory Authority, apply 1,250% risk-weight or deduct the amount of the exposure from the firm's regulatory capital (see rule 4.6.22 (2))
              (2) If an exposure is to be deducted from the firm's regulatory capital, the amount of the deduction may be calculated net of any specific provision taken against the exposure.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.23 Exceptions to treatment of unrated securitisation exposures

              The rule that the treatment of unrated securitisation exposures is as directed by the Regulatory Authority (to either apply 1,250% risk-weight or deduct the amount) does not apply to:

              (a) the most senior exposure in a securitisation;
              (b) exposures:
              (i) that are in a second loss position or better in ABCP programmes; and
              (ii) that meet the requirements in rule 4.6.25; and
              (c) eligible liquidity facilities.

              Note For the treatment of the exceptions, see:
              •    rule 4.6.24 for most senior exposure
              •    rule 4.6.25 for second loss positions or better
              •    rule 4.6.30 for eligible liquidity facilities
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.24 Treatment of most senior exposure

              (1) If the most senior exposure in a securitisation is unrated and the composition of the underlying pool is known at all times, a banking business firm that holds or guarantees such an exposure may determine the risk weight by applying a "look-through" treatment. The firm need not consider any interest rate or currency swap when determining whether an exposure is the most senior in a securitisation.
              (2) In the look-through treatment, the unrated most senior position receives, subject to the Regulatory Authority's review, the average risk-weight of the underlying exposures.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.25 Treatment of second loss position in ABCP programmes

              (1) This rule applies to an unrated securitisation exposure in an ABCP programme if:
              (a) the exposure is economically in a second loss position or better and the first loss position provides significant credit protection to the second loss position;
              (b) the associated credit risk is the equivalent of investment grade or better; and
              (c) the banking business firm holding the exposure does not retain or provide the first loss position.
              (2) An unrated securitisation exposure arising from a second loss position (or better position) is subject to a risk-weight of the higher of:
              (a) 100%; and
              (b) the highest risk-weight applicable to an underlying exposure covered by the facility.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.26 Treatment of overlapping exposures

              (1) Overlapping exposures may result if a banking business firm provides 2 or more facilities (such as liquidity facilities and credit enhancements) in relation to a securitisation that can be drawn under various conditions with different triggers. In effect, the firm provides duplicate cover to the underlying exposures.
              (2) For the purposes of calculating its capital requirements, a banking business firm's exposure (exposure A) overlaps another exposure (exposure B) if in all circumstances the firm will preclude any loss to it on exposure B by fulfilling its obligations with respect to exposure A.

              Example

              If, under exposure A, a firm provides full credit support to some notes while simultaneously holding as exposure B a portion of those notes, its full credit support obligation precludes any loss from its exposure from its holding of the notes. If the firm can satisfactorily show that fulfilling its obligations with respect to exposure A will preclude a loss from its exposure B under any circumstance, there are overlapping exposures between the 2 exposures and the firm need not calculate risk-weighted assets for exposure B.
              (3) If a banking business firm has 2 or more overlapping exposures to a securitisation, the firm must, to the extent that the exposures overlap, include in its calculation of risk-weighted assets only the exposure, or portion of the exposure, producing the higher or highest risk-weighted assets amount.
              (4) If the overlapping exposures are subject to different credit conversion factors, the firm must apply the higher or highest factor to the exposures.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.27 Treatment of off-balance-sheet retained securitisation exposures

              A 100% credit conversion factor must be applied to an off-balance-sheet retained securitisation exposure unless the exposure qualifies as:

              (a) an eligible liquidity facility, or
              (b) an eligible servicer cash advance facility.

              Note 1 For risk-weighting of eligible liquidity facilities, see rules 4.6.29 and 4.6.30. For risk-weighting of eligible servicer cash advance facility, see rule 4.6.31.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.28 Liquidity facility and eligible liquidity facility

              (1) A liquidity facility, for a securitisation, is a commitment from the facility provider to provide liquid funds if:
              (a) funds are needed to meet contractual payments to investors; and
              (b) there is a delay between the date of collection of the related cash flows and the date on which the payment to the investors is due.

              Example

              Timing mismatches between cash collections from the underlying assets and the scheduled payments to the investors in certain securitisation structures may require liquidity facilities to be built into the structures.
              (2) To be an eligible liquidity facility:
              (a) the commitment to provide liquid funds must be in writing and must clearly state the circumstances under which the facility may be availed of and the limits for any drawdown;
              (b) drawdowns must be limited to the amount that is likely to be repaid fully from the liquidation of the underlying exposures and any seller-provided credit enhancements;
              (c) the facility must not cover any losses incurred in the underlying pool of exposures before a drawdown;
              (d) the facility must not be structured in such a way that drawdowns are certain;
              (e) the facility must be subject to an asset quality test that precludes it from being availed of to cover credit risk exposures that are past due for more than 90 days;
              (f) if the exposures that the facility is required to fund are ECRA-rated securities, the facility can only be used to fund securities that are rated, by an ECRA, investment grade at the time of funding;
              (g) the facility cannot be availed of after all applicable credit enhancements (whether transaction-specific or programme-wide enhancements), from which the liquidity would benefit, have been exhausted; and
              (h) the repayment of drawdowns on the facility (that is, assets acquired under a purchase agreement or loans made under a lending agreement):
              (i) must not be subordinated to any interests of any note holder in the programme (such as an ABCP programme); and
              (ii) must not be subject to deferral or waiver.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.29 Treatment of certain liquidity facilities

              (1) This rule applies in relation to a liquidity facility that is not an eligible servicer cash advance facility.
              (2) If a banking business firm that is an originator or sponsor of a securitisation also provides such a liquidity facility to the securitisation, the risk-weight of the exposure from the facility must be calculated by:
              (a) applying:
              (i) a 50% credit conversion factor (regardless of the maturity of the facility) if the facility is an eligible liquidity facility; or
              (ii) a 100% credit conversion factor if the facility is not an eligible liquidity facility; and
              (b) multiplying the resulting credit equivalent amount by the applicable risk-weight in table 4.6.22, depending on the credit rating of the firm (or by 100% if the firm is unrated).
              However, if an ECRA rating of the facility is itself used for risk-weighting the facility, a 100% credit conversion factor must be applied.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.30 Treatment of unrated eligible liquidity facility

              A banking business firm providing an eligible liquidity facility that is unrated, or that is treated as unrated, must apply to the resulting securitisation exposure the highest risk weight that would be applied to an underlying exposure covered by the facility.

              Examples when facility must be treated as unrated

              •    when the facility's rating is not publicly available (see rule 4.6.12)
              •    when the facility is provided to a particular securitisation exposure (such as a particular tranche) and the resulting mitigation is reflected in the ECRA rating of the securitisation (see rule 4.6.35 (5))
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.31 Treatment of eligible servicer cash advance facility

              (1) A servicer cash advance facility is a liquidity facility under which a servicer to a securitisation advances cash to ensure timely payment to investors.

              Note For servicer, see note 1 (g) under rule 4.6.5.
              (2) A zero percent risk-weight may be applied to an undrawn servicer cash advance facility only if the facility is an eligible servicer cash advance facility.

              Note If the servicer cash advance facility is not an eligible servicer cash advance facility, see rule 4.6.29.
              (3) To be an eligible servicer cash advance facility:
              (a) the servicer must be entitled to full reimbursement;
              (b) the servicer's right to reimbursement must be senior to other claims on cash flows from the underlying pool;
              (c) the facility is itself an eligible liquidity facility; and
              (d) the facility may be cancelled at any time, without any condition and without any need to give advance notice.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.32 Capital relief from CRM techniques obtained by firm

              (1) A banking business firm that has obtained a CRM technique (such as eligible financial collateral, an eligible credit derivative, a guarantee or an eligible netting agreement) applicable to a securitisation exposure may reduce its capital requirement for the exposure.
              (2) Collateral pledged by an SPE as part of the securitisation may be used as a CRM technique if it is eligible financial collateral. However, an SPE of a securitisation cannot be an eligible protection provider in the securitisation.

              Note For eligible financial collateral see rule 4.5.7. For eligible protection provider, see rule 4.6.35 (2).
              (3) In this rule, collateral is used to hedge the credit risk of a securitisation exposure rather than to mitigate the underlying exposures of the securitisation.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.33 Treatment of CRM techniques provided by firm

              (1) If a banking business firm provides a CRM technique to a securitisation exposure, the calculation of its risk-weighted assets for credit risk must be in accordance with Part 4.5. The firm must calculate the capital requirement as if it were an investor in the securitisation.
              (2) If a banking business firm provides a CRM technique to an unrated credit enhancement, it must treat the protection provided as if it were directly holding the unrated credit enhancement.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.34 Treatment of enhanced portions

              The capital requirement for a credit-enhanced portion of a securitisation must be calculated in accordance with the standardised approach in Part 4.3.

              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 4.6.35 Effect of CRM techniques

              (1) If a CRM technique is provided to specific underlying exposures or the entire pool of exposures by an eligible protection provider and the credit risk mitigation is reflected in the ECRA rating assigned to a securitisation exposure, the risk-weight based on that rating must be used. To avoid double-counting, no additional capital recognition is permitted.
              (2) Eligible protection provider means:
              (a) a central counterparty;
              (b) the State of Qatar or any other sovereign;
              (c) an entity that is treated as a sovereign in accordance with the Basel Accords;
              (d) a public sector enterprise or other entity that has:
              (i) a risk-weight of 20% or lower; and
              (ii) a lower risk-weight than the party to whom the protection is provided; or
              (e) a parent entity, subsidiary or affiliate of a party to whom the protection is provided that has a lower risk-weight than the party.
              (3) If the provider of the CRM technique is not an eligible protection provider, a banking business firm must treat the exposure as unrated.
              (4) A banking business firm must not use an ECRA rating if the assessment by the ECRA is based partly on unfunded support provided by the firm itself.

              Example

              If a banking business firm buys ABCP for which it provides an unfunded securitisation exposure (such as a liquidity facility or credit enhancement) to the ABCP programme and the exposure plays a role in determining the credit assessment on the ABCP, the firm must treat the ABCP as if it were unrated.
              (5) If the CRM technique is provided solely to protect a particular securitisation exposure (for example, if the technique is provided to a tranche of the securitisation) and the protection is reflected in the ECRA rating of the securitisation, a banking business firm must treat the exposure as unrated.

              Note For the treatment of an exposure arising from a liquidity facility of the kind described in rule 4.6.35 (5), see rule 4.6.30.
              (6) Subrule (5) applies to a securitisation exposure whether it is in the firm's trading book or banking book. The capital requirement for a securitisation exposure in the trading book must not be less than the amount that would be required if the exposure were in the firm's banking book.
              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

          • BANK Division 4.6.G BANK Division 4.6.G Early amortisation provisions

            Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK Subdivision 4.6.G.1 BANK Subdivision 4.6.G.1 General

              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.36 Definitions for Division 4.6.G

                In this Division:

                excess spread, in relation to a securitisation, means finance charge collections and other income received by the SPV or trust, minus certificate interest, servicing fees, charge-offs, costs and expenses. Excess spread is also known as future margin income.

                securitisation involving revolving exposures means a securitisation in which 1 or more of the underlying exposures represents, directly or indirectly, current or future draws on a revolving credit facility (such as a credit card facility, home equity line of credit or commercial line of credit).

                uncommitted credit line is a credit line that may be cancelled at any time, without any condition and without any need to give advance notice. Any other credit line is a committed credit line.

                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.37 Early amortisation provisions

                (1) An early amortisation provision in a securitisation is a mechanism that, if triggered, allows investors to be paid out before the originally stated maturity of the securities issued. An early amortisation provision may be controlled or non-controlled.

                Note Triggers include economic triggers which are events that are economic in nature by reference to the financial performance of the transferred assets.
                (2) An early amortisation provision is a controlled early amortisation provision if:
                (a) the banking business firm concerned has appropriate capital and liquidity plans to ensure that it has sufficient capital and liquidity if the provision is triggered; and
                (b) throughout the life of the securitisation (including the amortisation period) there is the same pro-rata sharing of interest, principal, expenses, losses and recoveries based on the firm's and investors' relative shares of the receivables outstanding at the beginning of each month.
                (3) An early amortisation provision that fails to meet either requirement in subrule (2) is a non-controlled early amortisation provision.
                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.38 Operational requirements for securitisations with early amortisation provisions

                (1) A securitisation involving revolving exposures that is originated or sponsored by a banking business firm is taken to fail the operational requirements set out in rule 4.6.14 (for traditional securitisations) or rule 4.6.15 (for synthetic securitisations) if the securitisation has an early amortisation provision (or a similar provision) that, if triggered, will:
                (a) subordinate the firm's senior or equal interest in the underlying revolving credit facilities to the interest of other investors;
                (b) subordinate the firm's subordinated interest to an even greater degree relative to the interests of other parties; or
                (c) increase in any other way the firm's exposure to losses associated with the underlying revolving credit facilities.
                (2) A banking business firm that is the originator or sponsor of a securitisation that does not involve revolving exposures may exclude the underlying exposures from the calculation of risk-weighted assets if:
                (a) the securitisation is a replenishment structure; and
                (b) the securitisation has an early amortisation provision that ends the ability of the firm to add new exposures.
                (3) A banking business firm that is the originator or sponsor of a securitisation involving revolving exposures may exclude the underlying exposures from the calculation of risk-weighted assets if:
                (a) the securitisation meets the operational requirements set out in rule 4.6.14 (for traditional securitisations) or rule 4.6.15 (for synthetic securitisations); and
                (b) the securitisation has an early amortisation provision of the kind described in any of the following subparagraphs:
                (i) the securitisation relates to revolving credit facilities that themselves have early amortisation features that mimic term structures (that is, where the risk on the underlying exposures does not return to the firm) and the early amortisation provision in the securitisation, if triggered, would not effectively result in subordination of the firm's interest;
                (ii) the firm securitises 1 or more revolving credit facilities and investors remain fully exposed to future drawdowns by borrowers even after an early amortisation event has occurred;
                (iii) the early amortisation provision is solely triggered by events not related to the performance of the securitised assets or of the firm (such as material changes in tax laws or regulations).
                (4) The firm must still hold regulatory capital against any securitisation exposures that it retains in relation to the securitisation.
                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.39 Capital charges for securitisation involving revolving exposures with early amortisation

                (1) A banking business firm that is an originator or sponsor of a securitisation involving revolving exposures that has an early amortisation provision must calculate an additional capital charge to cover the possibility that the firm's credit risk exposure may increase if the provision is triggered. The charge must be calculated for the total exposure related to the securitisation (that is, for both drawn and undrawn balances related to the securitised exposures).

                Note For the calculation of the capital charge if the early amortisation provision is controlled, see rule 4.6.40. For the calculation of the capital charge if the early amortisation provision is non-controlled, see rule 4.6.44.
                (2) If the underlying pool of a securitisation is made up of both revolving exposures and term exposures, the firm must apply the amortisation treatment in this Division only to the portion of the underlying pool made up of those revolving exposures.
                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK Subdivision 4.6.G.2 BANK Subdivision 4.6.G.2 Securitisation involving revolving exposures with controlled early amortisation

              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.40 Calculating capital charges — controlled early amortisation

                A banking business firm that is an originator or sponsor of a securitisation involving revolving exposures that has a controlled early amortisation provision must calculate a capital charge for the investors' interest (that is, against both drawn and undrawn balances related to the securitised exposures). The capital charge is the product of:

                (a) the investors' interest;
                (b) the appropriate credit conversion factor in accordance with table 4.6.42, depending on whether the securitised exposures are uncommitted retail credit lines or not; and
                (c) the risk weight for the kind of underlying exposures (as if those exposures had not been securitised).
                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.41 Controlled early amortisation and uncommitted retail credit lines

                (1) For uncommitted retail credit lines (such as credit card receivables) in securitisations that have controlled early amortisation provisions that can be triggered by the excess spread falling to a specified level, a banking business firm must compare the three-month average excess spread to the point at which the bank is required to trap excess spread (the excess spread trapping point) as economically required by the structure.
                (2) If a securitisation does not require the trapping of excess spread, the excess spread trapping point for the securitisation is 4.5 percentage points more than the excess spread at which early amortisation is triggered.
                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.42 Credit conversion factors

                A banking business firm that is the originator or sponsor of a securitisation must divide the securitisation's excess spread by the securitisation's excess spread trapping point to determine the appropriate segments and apply the corresponding credit conversion factor for uncommitted credit lines in accordance with table 4.6.42.

                Table 4.6.42 Credit conversion factors (CCFs) for securitisation involving revolving exposures with controlled early amortisation

                column 1 item column 2 segments column 3 CCFs for uncommitted credit lines % column 4 CCFs for committed credit lines %
                       
                  Retail credit lines    
                1 133.33% of trapping point or more 0 90
                2 < 133.33% to 100% of trapping point 1 90
                3 < 100% to 75% of trapping point 2 90
                4 < 75% to 50% of trapping point 10 90
                5 < 50% to 25% of trapping point 20 90
                6 < 25% of trapping point 40 90
                       
                7 Non-retail credit lines 90 90


                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.43 Requirement to apply higher capital charge

                (1) The capital charge to be applied under this subdivision is the higher of:
                (a) the capital requirement for retained securitisation exposures in the securitisation; and
                (b) the capital requirement that would apply if the exposures had not been securitised.
                (2) The firm must also deduct from its CET1 the amount of any gain-on-sale and credit-enhancing interest-only strips arising from the securitisation.
                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK Subdivision 4.6.G.3 BANK Subdivision 4.6.G.3 Securitisation involving revolving exposures with non-controlled early amortisation

              Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.44 Calculating capital charges — non-controlled early amortisation

                A banking business firm that is an originator or sponsor of a securitisation involving revolving exposures that has a non-controlled early amortisation provision must calculate a capital charge for the investors' interest (that is, against both drawn and undrawn balances related to the securitised exposures). The capital charge is the product of:

                (a) the investors' interest;
                (b) the appropriate credit conversion factor in accordance with table 4.6.42, depending on whether the securitised exposures are uncommitted retail credit lines or not; and
                (c) the risk weight for the kind of underlying exposures (as if those exposures had not been securitised).
                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.45 Non-controlled early amortisation and uncommitted retail credit lines

                (1) For uncommitted retail credit lines (such as credit card receivables) in securitisations that have non-controlled early amortisation provisions that can be triggered by the excess spread falling to a specified level, a banking business firm must compare the three-month average excess spread to the point at which the bank is required to trap excess spread (the excess spread trapping point) as economically required by the structure.
                (2) If a securitisation does not require the trapping of excess spread, the excess spread trapping point for the securitisation is 4.5 percentage points more than the excess spread at which early amortisation is triggered.
                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.46 Credit conversion factors

                A banking business firm that is the originator or sponsor of a securitisation must divide the securitisation's excess spread by the securitisation's excess spread trapping point to determine the appropriate segments and apply the corresponding credit conversion factor for uncommitted credit lines in accordance with table 4.6.46.

                Table 4.6.46 Credit conversion factors (CCFs) for securitisations involving revolving exposures with non-controlled early amortisation

                column 1 item column 2 segments column 3 CCFs for uncommitted credit lines % column 4 CCFs for committed credit lines %
                       
                  Retail credit lines    
                1 133.33% of trapping point or more 0 100
                2 < 133.33% to 100% of trapping point 5 100
                3 < 100% to 75% of trapping point 15 100
                4 < 75% to 50% of trapping point 50 100
                5 < 50% to 25% of trapping point 100 100
                       
                6 Non-retail credit lines 100 100


                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

              • BANK 4.6.47 Requirement to apply higher capital charge

                (1) The capital charge to be applied under this subdivision is the higher of:
                (a) the capital requirement for retained securitisation exposures in the securitisation; and
                (b) the capital requirement that would apply if the exposures had not been securitised.
                (2) The firm must also deduct from its CET1 the amount of any gain-on-sale and credit-enhancing interest-only strips arising from the securitisation.
                Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

          • BANK Division 4.6.J Treatment of STC securitisations

            Note Provisions relating to the new category of simple, transparent and comparable (STC) securitisations are being prepared. Under the Basel Committee on Banking Supervision's revised securitisation framework, the requirements for STC securitisations comes into effect on 1 January 2018.

            Inserted by QFCRA RM/2017-2 (as from 1st April 2017).

        • BANK Part 4.7 BANK Part 4.7 Provisioning

          • BANK 4.7.1 Provisioning

            Provisioning means setting aside an amount to cover expected losses on special mention credits, impaired credits and other problem assets, based on loan-loss probability. Provisioning is made before profit is earned.

            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 4.7.2 Policies — provisioning

            Depending on the nature, scale and complexity of a banking business firm’s business, and of the credit it provides, the firm’s provisioning policy must set out:

            (a) the areas of its business to which the policy applies;
            (b) whether the firm uses different approaches to those areas, and the significant differences in approach;
            (c) who is responsible for regularly monitoring its assets, to identify problem or potential problem assets, and the factors it takes into account in identifying them;
            (d) the extent to which the value of any collateral, guarantees or insurance that the firm holds affects the need for, or the level of, provisions;
            (e) the basis on which the firm makes its provisions, including the extent to which their levels are left to managerial judgement or to a committee;
            (f) the methods, debt management systems or formulae used to set the levels of provisions and the factors that must be considered in deciding whether the provisions are adequate;
            (g) the reports to enable the firm’s governing body and senior management to ensure that the firm maintains adequate provisions;
            (h) the procedures and responsibilities for arrears management and the recovery of exposures in arrears or exposures that have had provisions made against them;
            (i) the procedures for writing off and writing back provisions; and
            (j) the procedures for calculating and making provisions for contingent and other liabilities (such as contingent liabilities that have crystallised from acceptances, endorsements, guarantees, performance bonds, indemnities, irrevocable letters of credit and the confirmation of documentary credits).
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.7.3 Making provisions

            (1) A banking business firm must ensure that the firm maintains provisions that, taken together, are prudent, reasonable and adequate to absorb credit losses, given the facts and circumstances. The losses covered must include losses incurred, losses incurred but not yet reported, and losses estimated but not certain to arise, extending over the life of the individual credits that make up its credit portfolio.
            (2) The firm must also ensure that provisions and write-offs are timely and reflect realistic repayment and recovery expectations, taking into account market and macroeconomic conditions. The firm must consider all the significant factors that affect the likelihood of collecting on the transactions that make up its credit portfolio and the estimated future credit losses on those transactions.
            (3) The firm must make provisions that in total at least meet the requirements in table 4.7.3.

            Table 4.7.3 Provisioning requirements

            column 1 item column 2 category column 3 minimum provisioning requirement (% of the unsecured part of the credit)
            1 performing 0
            2 special mention 5
            3 substandard 20
            4 doubtful 50
            5 loss 100
            (4) Provisions may be general (assessed collectively against the whole of a portfolio) or specific (assessed against individual credits), or both.
            (5) The firm must take into account off-balance-sheet exposures in its categorisation of credits and in provisioning.

            Note There are 2 types of off-balance-sheet exposures: those that can be unilaterally cancelled by the firm and those that cannot. No provisioning is necessary for the former.
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 4.7.4 BANK 4.7.4 Review of levels

            The levels of provisions and write-offs must be reviewed regularly to ensure that they are consistent with identified and estimated losses.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.7.4 Guidance

              1 A review of a firm's write-offs can help identify whether the firm's provisioning policy results in over-provisioning or under-provisioning.
              2 The Regulatory Authority regularly assesses trends and concentrations in risk and risk build-up across financial entities in relation to problem assets. In making the assessment, the authority takes into account any observed concentration in the CRM techniques used by firms and the potential effect on the efficacy of those techniques in reducing loss. The authority would consider the adequacy of provisions for a firm (and the industry in general) in the light of the assessment.
              3 The Regulatory Authority might seek the opinion of external experts in assessing the adequacy of a firm's policies for grading and classifying its assets and the appropriateness and robustness of the levels of its provisions.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.7.5 No circumventing of requirements

            A banking business firm must not restructure, refinance or reclassify assets with a view to circumventing the requirements on provisioning.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.7.6 Authority can reclassify assets

            (1) The Regulatory Authority may at any time require a banking business firm to demonstrate that the firm’s classification of its assets, and its provisions, are adequate for prudential purposes.
            (2) The Regulatory Authority may require the firm to reclassify its assets or increase the levels of its provisions if the authority considers that the asset classifications are inaccurate, or the provisions are inadequate, for prudential purposes.

            Example

            If the Regulatory Authority considers that existing or anticipated deterioration in asset quality is of concern or if the provisions do not fully reflect expected losses, the authority may require the firm to adjust its classifications of individual assets, increase its levels of provisions or capital and, if necessary, impose other remedial measures.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.7.7 Information to governing body

            (1) A banking business firm’s governing body must obtain timely information on the condition of the firm’s assets, including the classification of assets, the levels of provisions and problem assets.
            (2) The information must include summary results of the latest asset review, comparative trends in the overall quality of problem assets, and measurements of existing or anticipated deterioration in asset quality and losses expected.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK Part 4.8 BANK Part 4.8 Transactions with related parties

          • BANK 4.8.1 Introduction

            (1) To guard against abuses in lending to related parties and to address conflicts of interest, this Part requires transactions with related parties to be at arm’s length and subject to appropriate supervision and limits.
            (2) Related-party transactions must be interpreted broadly. Related party transactions include on-balance-sheet and off-balance-sheet credit exposures, service contracts, asset purchases and sales, construction contracts, lease agreements, derivative transactions, borrowing and write-offs.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.8.2 Concept of related parties

            (1) The concept of parties being related to a banking business firm is used in these rules in relation to parties over which the firm exercises control or parties that exercise control over the firm. The concept is primarily used in relation to the requirement that the firm's transactions be at arm's length.
            (2) In contrast, the concept of parties being connected to one another (which is discussed with concentration risk in Chapter 5) is used in these rules to measure concentration risk and large exposures.
            (3) It is of course possible for connected counterparties to be related to the banking business firm holding the exposure concerned.

            Note For purposes of concentration risk, the firm's exposure to connected counterparties (whether related or not) is taken to be a single risk.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.8.3 BANK 4.8.3 Related parties

            Related parties, of a banking business firm, includes:

            (a) any other member of the firm’s corporate group;
            (b) any individual who is able to exercise significant influence over the firm;
            (c) any affiliate of the firm; and
            (d) any entity that the Regulatory Authority directs the firm to include.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.8.3 Guidance

              Related party is wider than a firm's corporate group in that it includes individuals. Related parties include the banking business firm's subsidiaries and major stock holders; members of its governing body; its senior management and key employees.

              Note Affiliate is defined in the glossary.

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.8.4 Role of governing body — related parties

            (1) A banking business firm’s governing body must ensure that the firm’s policies relating to related-party transactions are complied with and that any exceptions are reported to the appropriate level of the senior management, and, if necessary, to the governing body.
            (2) The governing body must also ensure that the firm’s senior management monitors transactions with related parties, takes appropriate steps to control or mitigate the risks from such transactions and writes off exposures to related parties only in accordance with the firm’s policies.
            (3) The governing body must approve transactions with related parties, and the write-off of related-party exposures, if such transactions or write-off exceeds specified amounts or otherwise poses any special risk.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.8.5 Policies — transactions with related parties

            (1) A banking business firm’s policy must establish:
            (a) effective systems to identify, monitor and report individual and total exposures to, and transactions with, related parties;
            (b) procedures to prevent a member of the governing body, a member of the firm’s senior management or any other person who stands to gain a benefit from a related-party transaction from being part of the process of granting and managing the transaction;
            (c) well-defined criteria for the write-off of exposures to related parties;
            (d) prudent and appropriate limits to prevent or address conflicts of interest; and
            (e) procedures for tracking and reporting exceptions to, and deviations from, limits or policies.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.8.6 BANK 4.8.6 Transactions must be arm's length

            A transaction with a related party must not be undertaken on terms more favourable to the party than a corresponding transaction with a non-related party.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 4.8.6 Guidance

              Favourable terms could relate to interest rate, credit assessment, tenor, fees, amortisation schedule and need for collateral. An exception for beneficial terms could be appropriate if it is part of an employee's remuneration package (for example, more favourable loan rates to employees).

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 4.8.7 Limits on lending to related parties

            A banking business firm must not enter into a transaction that would cause it to exceed the limits set out in table 4.8.7 unless it has the written approval of the Regulatory Authority to do so.

            Table 4.8.7 Limits on banking business firms' exposure to related parties

            column 1 item column 2 kind of exposure column 3 limit (% of total assets)
            1 exposures to a member of the governing body or senior management of the firm, or a person connected to either of them 0.5
            2 the total of exposures under item 1 3
            3 exposures to a significant shareholder of the firm (other than exposures to a shareholder that is a deposit-taker or an equivalent entity regulated in a way comparable to a deposit-taker in the QFC)) 2
            4 the total of exposures under item 3 5
            5 exposures to a related party or a party connected to the related party (other than exposures to a deposit-taker or an equivalent entity that is regulated in a way comparable to a deposit-taker in the QFC) 2
            6 the total of exposures under item 5 5

            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 4.8.8 Powers of Regulatory Authority

            (1) Despite anything in these rules, the Regulatory Authority may, in writing, set specific limits on a banking business firm’s exposures to a related party or to related parties in total.
            (2) The authority may direct such exposures to be deducted from regulatory capital when assessing capital adequacy or direct that such exposures be collateralised.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

      • BANK Chapter 5 BANK Chapter 5 Concentration risk and related matters

        Amended by QFCRA RM/2015-3 (as from 1st January 2016).

        • BANK Part 5.1 BANK Part 5.1 General

          • BANK 5.1.1 Introduction

            This Chapter sets out the requirements for a banking business firm's policies to identify, measure, evaluate, manage and control or mitigate concentrations of risk. This Chapter also sets limits on the firm's exposures to individual counterparties and connected counterparties.

            Note Safeguarding against risk concentrations is an essential part of a banking business firm's credit risk management policy — see rules 4.2.2 and 4.3.2.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 5.1.2 Concept of connected parties

            (1) The concept of parties being connected to one another is used in these rules in relation to counterparties or issuers with which a banking business firm has exposures. Connected counterparties are the basis for the measurement of concentration risk and large exposures.
            (2) In contrast, the concept of parties being related to the banking business firm (which is discussed with credit risk in Chapter 4) is primarily used in relation to the requirement that the firm's transactions be at arm's length.
            (3) It is of course possible for a firm's related parties to be connected counterparties (such as when the firm has exposures to them).

            Note For purposes of concentration risk, the firm's exposure to connected counterparties (whether related or not) is taken to be a single risk.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 5.1.3 Connected parties

            (1) A party is connected to another party if they are linked by:
            (a) cross guarantees;
            (b) common ownership;
            (c) common management;
            (d) one having the ability to exercise control over the other, whether direct or indirect;
            (e) financial interdependency — that is, the financial soundness of one may affect the financial soundness of the other; or
            (f) any combination of the factors mentioned in paragraphs (a) to (e).
            Guidance

            1 Parties would be connected if the same persons significantly influence the governing body of each of them.
            2 Parties would be connected if one of them has an exposure to the other that was not incurred for the clear commercial advantage of both of them and is not on arm's length terms.
            3 Parties would be connected if they are so closely linked that:
            (a) the insolvency or default of 1 is likely to be associated with the insolvency or default of the other;
            (b) it would be prudent when assessing the financial condition or creditworthiness of 1 to consider that of the other; or
            (c) there is, or is likely to be, a close relationship between their financial performance.
            4 Parties would be connected if a banking business firm has exposures to them and any loss to the firm on any of the exposures to 1 of the parties is likely to be associated with a loss to the firm with respect to at least 1 exposure to each of the others.
            (2) A counterparty may be connected to another counterparty by other linkages that, in the banking business firm's assessment, connect the counterparties as constituting a single risk. A connected party can be an individual or other entity.

            Guidance

            1 Two or more individuals or legal persons would constitute a single risk if they are so connected that, if 1 of them were to experience financial problems, the other or others would be likely to encounter repayment difficulties.
            2 Connected counterparties should be identified and the procedures to manage the combined credit risk considered. A banking business firm may need to monitor and report the gross exposure to connected counterparties against combined limits in addition to monitoring the exposure to each counterparty.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 5.1.4 Role of governing body — concentration risk

            (1) A banking business firm’s governing body must ensure that the firm’s concentration risk management policy gives a comprehensive firm-wide view of the significant sources of concentration risk (including on-balance-sheet exposures, off-balance-sheet exposures and exposures from contingent liabilities).
            (2) The governing body must also ensure that the firm’s senior management monitors the limits set in this Chapter and that those limits are not exceeded on a solo or consolidated basis.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK Part 5.2 BANK Part 5.2 Concentration risk

          • BANK 5.2.1 BANK 5.2.1 Concentration risk

            Concentration risk to a banking business firm arises if the firm is exposed to 1 counterparty, or to 2 or more counterparties that are not truly independent of each other, and the total of the exposures to the counterparty or counterparties is large enough to endanger the firm’s liquidity or solvency.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 5.2.1 Guidance

              1 Significant sources of concentration risk include:
              (a) concentration of exposures to a single counterparty or connected counterparties;
              (b) concentration of exposures to counterparties in the same industry, sector, region or country; and
              (c) concentration of exposures to counterparties whose financial performance depends on the same activity or commodity.
              2 A concentration of exposures would also arise if a firm accepts collateral or credit protection provided by a single provider.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 5.2.2 BANK 5.2.2 Policies — concentration risk sources and limits

            (1) A banking business firm’s concentration risk policy must set limits for acceptable concentrations of risk, consistent with the firm’s risk tolerance, risk profile and capital. The limits must be made known to, and must be understood by, all relevant staff.
            (2) The policy must ensure that:
            (a) the firm’s information systems identify exposures creating risk concentrations and large exposures to single counterparties or connected counterparties, aggregate those exposures and facilitate their management; and
            (b) all significant such concentrations and exposures are reviewed regularly and reported to the firm’s governing body or senior management.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 5.2.2 Guidance

              A banking business firm's policies should be flexible to help the firm to identify risk concentrations. To achieve this, the systems should be capable of analysing the firm's credit portfolio by:

              •   size of exposure
              •   exposure to connected counterparties
              •   product
              •   geography
              •   industry or sector (for example, manufacturing and industrial)
              •   account performance
              •   internal credit risk assessment
              •   funding
              •   outstandings versus commitments
              •   types and coverage of collateral.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 5.2.3 Relation to stress-testing

            When carrying out stress-testing or review of stress scenarios, a banking business firm must take into account significant risk concentrations and large exposures, and the effects of changes in market conditions and risk factors on them.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK Part 5.3 BANK Part 5.3 Management of exposures

          Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 5.3.1 Calculating exposures

            (1) Large exposure means a gross exposure to a counterparty or connected counterparties that is 10% or more of the firm's regulatory capital.

            Note Regulatory capital is defined in rule 3.2.7.
            (2) In this rule:

            gross exposure to a counterparty or connected counterparties is the total of the following exposures:
            (a) on-balance-sheet and off-balance-sheet exposures;
            (b) debt securities held by the firm;
            (c) equity exposures.
            (3) In calculating the gross exposure, include:
            (a) the outstanding balances of all loans and advances, including balances with other banks;
            (b) holdings of debt or equity securities;
            (c) unused off-balance-sheet commitments, whether revocable or irrevocable; and
            (d) the credit equivalent amounts of all market-related transactions (calculated in accordance with rule 4.4.11, or Division 4.5.E if netting applies).
            (4) However, in calculating the gross exposure, do not include:
            (a) claims, equity investments and other exposures deducted from the firm's capital;
            (b) exposures arising in the course of settlement of market-related contracts; and
            (c) exposures that have been written off.
            (5) For this Part:
            (a) a banking business firm must treat an exposure as reduced (to the extent permitted by Part 4.5) by any applicable CRM technique; and
            (b) a banking business firm that is part of a financial group may offset intragroup amounts due to other deposit takers within the group.
            Amended by QFCRA RM/2017-2 (as from 1st April 2017).

          • BANK 5.3.2 Policies — large exposures

            A banking business firm’s large exposure policy must include:

            (a) exposure limits, commensurate with the firm’s risk tolerance, risk profile and capital, for:
            (i) categories of counterparties (for example, sovereigns, other authorised firms and other financial entities, corporate and individual borrowers);
            (ii) connected counterparties;
            (iii) particular industries or sectors;
            (iv) particular countries; and
            (v) asset classes (for example, property holdings);
            (b) the circumstances in which the exposure limits may be exceeded;
            (c) the procedures for approving exceptions to, and deviations from, exposure limits or policies; and
            (d) the procedures for identifying, measuring, managing and reporting large exposures.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 5.3.3 Limits on exposures

            (1) A banking business firm must not become exposed without limit to a single counterparty. The firm must not give a general guarantee of the obligations of a counterparty.
            (2) The total of the firm's net exposures to any 1 counterparty or any 1 group of connected counterparties must not exceed 25% of the firm's regulatory capital.
            (2A) The total of all of the firm's net large exposures must not exceed 800% of that capital.

            Note Subrules (2) and (2A) do not apply to a branch. A branch is not required to hold regulatory capital — see rule 3.1.2(1).
            (3) A banking business firm may apply to the Regulatory Authority for approval for a proposed exposure in excess of the limits set out in this Chapter. An approval will be granted only in exceptional circumstances and only after the firm satisfies the authority that the proposed exposure does not expose the firm to excessive risk.
            (4) The Regulatory Authority may impose a higher capital ratio on the firm to compensate for the additional risk associated with the proposed exposure.
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 5.3.4 BANK 5.3.4 Limits on exposures — Islamic financial managers [Deleted]

            Deleted by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 5.3.4 Guidance [Deleted]

              Deleted by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 5.3.5 Obligation to measure

            (1) A banking business firm must measure, classify and make provision for each large exposure individually.
            (2) The firm must immediately notify the Regulatory Authority if the firm is concerned that risk concentrations or large exposures might significantly affect its capital adequacy. The notice must describe the firm’s proposed measures to address its concerns.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK Part 5.4 BANK Part 5.4 Powers of Regulatory Authority

          • BANK 5.4.1 Authority can create relationships

            If the Regulatory Authority considers it necessary or desirable to do so in the interest of effective supervision of a banking business firm, the authority may direct the firm to treat a party as connected to another party.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 5.4.2 Authority can set different limits and ratios

            (1) Despite anything in these rules, the Regulatory Authority may, in writing, set specific limits on a banking business firm’s exposures to particular counterparties, groups of counterparties, industries, sectors, regions, countries or asset classes on a case-by-case basis.
            (2) If a banking business firm has 1 or more large exposures (excluding exposures to sovereigns and central banks) or if, in the Regulatory Authority’s opinion, the firm is exposed to a significant level of risk concentration, the authority may impose a higher capital ratio on the firm.
            (3) In considering whether to increase the firm’s capital ratio, the Regulatory Authority will take into account:
            (a) whether the increased capital ratio would be consistent with the firm’s concentration risk and large exposure policies;
            (b) the number of exposures, and the size and nature of each; and
            (c) the nature, scale and complexity of the firm’s business and the experience of its governing body and senior management.
            (4) The Regulatory Authority may also direct the firm to take measures to reduce its level of risk concentration.

            Note Under FSR, article 16, the Regulatory Authority may modify or waive the application of a prudential requirement to an authorised firm or firms.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

      • BANK Chapter 6 BANK Chapter 6 Market risk

        • BANK Part 6.1 BANK Part 6.1 General

          • BANK Division 6.1.A BANK Division 6.1.A Governing body, trading book and policies

            Inserted by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 6.1.1 Introduction

              (1) This Chapter sets out the requirements for a banking business firm's market risk management policy to identify, measure, evaluate, manage and control or mitigate market risk. This Chapter also sets out how to calculate the firm's market risk capital requirement.
              (2) A banking business firm that operates in a market incurs risks from potential movements in market prices.
              (3) The market risk capital requirement for a banking business firm is made up of capital charges for:
              (a) foreign exchange risk in the banking book and trading book;
              (b) options risk in the banking book and trading book;
              (c) commodities risk in the banking book and trading book;
              (d) traded equity position risk; and
              (e) traded interest rate risk.
              Note The measurements of the risks mentioned in subrule (3) are set out in Part 6.2 to Part 6.6.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 6.1.2 Requirements — capital and management of market risk

              (1) A banking business firm must have capital to cover market risk from positions in its banking and trading books.
              (2) The firm must also have robust market risk measurement and risk management.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 6.1.3 Standard method to be used

              (1) Unless the Regulatory Authority has approved the use of an internal model by a banking business firm, market risk is, as a general rule, measured using the standard method. The standard method comprises a range of approaches that a firm may use to calculate capital charges from its trading activities.

              Note For approval of the use of internal models — see rule 3.1.6.
              (2) In the standard method, capital requirement is the sum of the capital charges, calculated in accordance with this Chapter, for the risks included in market risk.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 6.1.4 Need for trading book

              (1) A banking business firm's trading book consists of the positions held by the firm (whether on-balance-sheet or off-balance-sheet) that must be included in the book in accordance with these rules. Other positions held by the firm must be included in its banking book.

              Note A firm is required to have policies to distinguish consistently between trading activities and banking activities — see rule 6.1.7(3).
              (2) A banking business firm must have a trading book if:
              (a) it has positions that must be included in the trading book; and
              (b) the total value of the positions described in paragraph (a) has exceeded 5% of the total of the firm's on-balance-sheet and off-balance-sheet positions at any time in the previous 12 months.
              (3) The firm must include, in the trading book, positions and exposures of the following kinds:
              (a) a position in a financial instrument, commodity or commodity derivative;
              (b) a principal broking position in a financial instrument, commodity or commodity derivative;
              (c) a position taken to hedge an exposure in the trading book;
              (d) an exposure from a repurchase agreement, or securities or commodities lending, that is based on a position in a security or commodity included in the trading book;
              (e) an exposure from a reverse repurchase agreement, or securities and commodities borrowing, that is based on a position in a security or commodity included in the trading book;
              (f) an exposure from an unsettled transaction, a free delivery or an over the counter derivative;
              (g) an exposure in the form of a fee, commission, interest, dividend or margin on an exchange-traded derivative directly related to a position included in the trading book.
              Guidance

              Whenever a banking business firm acts as principal (even in the course of an activity normally described as 'broking' or 'customer business'), the resulting positions should be included in the trading book. This applies even if the nature of the business means that the only risks being incurred by the banking business firm are counterparty risks (that is, no market risk capital requirements apply).
              (4) The firm must also include in its trading book:
              (a) total-rate-of-return swaps (except those that have been transacted to hedge a banking book credit exposure); and
              (b) open short positions in credit derivatives.
              (5) The firm must not include in its trading book:
              (a) positions held for liquidity management; and
              (b) loans (unless they are used to hedge a position or transaction in the trading book).
              (6) The firm's positions and exposures must be valued in accordance with the relevant accounting standards.

              Note For the firm's choice and use of accounting standards — see rule 2.1.6.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 6.1.5 Role of governing body — market risk

              A banking business firm’s governing body must ensure that the firm’s market risk management policy enables the firm to obtain a comprehensive firm-wide view of its market risk and takes into account the risk of a significant deterioration in market liquidity.

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 6.1.6 BANK 6.1.6 Policies — market risk environment

              (1) A banking business firm’s market risk management policy must establish:
              (a) effective systems for the accurate and timely identification, measurement, evaluation, management and control or mitigation of market risk, and reporting to the firm’s governing body and senior management;
              (b) prudent and appropriate market risk limits that are consistent with the firm’s risk tolerance, risk profile and capital, and with the management’s ability to manage;
              (c) who is responsible for identifying, measuring and reporting market risk;
              (d) procedures for tracking and reporting exceptions to, and deviations from, limits or policies; and
              (e) procedures for including positions and exposures in the trading book.
              (2) The policy must ensure that all of the firm’s transactions are identified and recorded in a timely way and that their valuations are consistent and prudent. The firm must use reliable market data that have been verified by a function that is independent of the function that assumed or incurred the risk.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 6.1.6 Guidance

                In the absence of market prices, the firm may use industry-accepted models to value transactions.

                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 6.1.7 Policies — trading book

              (1) A banking business firm that is required to have a trading book must have clearly defined policies for keeping the book up-to-date and the positions and exposures accurate.
              (1A) In particular, the firm must have policies on:
              (a) what to include, or not to include, in the trading book;
              (b) managing and reporting trading positions;
              (c) valuing positions, including:
              (i) clearly defined responsibilities of staff involved in the valuation;
              (ii) sources of market information, and review of their reliability;
              (iii) frequency of independent valuations;
              (iv) timing of closing prices;
              (v) procedures for adjusting valuations between periods;
              (vi) ad-hoc verification procedures; and
              (vii) reporting lines for the valuation function that are independent of that function that gave rise to the position.
              (2) The policies must be approved by the firm's governing body, and the firm must be able to demonstrate compliance with them if directed by the Regulatory Authority.
              (3) The firm must also have adequate policies:
              (a) to monitor compliance with the policies and distinguish consistently between trading activities and banking activities; and
              (b) to monitor the size of its trading book.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 6.1.8 BANK 6.1.8 No switching of instruments between books

              (1) A banking business firm must not switch an instrument between its trading book and banking book, unless the Regulatory Authority has, in writing, allowed the firm to do so. The authority may approve a switch subject to 1 or more conditions.
              (2) The firm must not benefit from any lower regulatory capital requirement resulting from a switch approved by the authority.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 6.1.8 Guidance

                The authority will grant approval only in extraordinary cases. The authority will require the firm to publicly disclose the switch.

                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 6.1.9 BANK 6.1.9 Relation to stress-testing

              When carrying out stress-testing or review of stress scenarios, a banking business firm must take into account market risk exposures.

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 6.1.9 Guidance [Deleted]

                Deleted by QFCRA RM/2017-2 (as from 1st April 2017).

            • BANK 6.1.10 Capital requirement, assets and liabilities

              (1) In calculating its capital requirement, a banking business firm must take into account unexpected losses that may arise from market risk.
              (2) In determining the value of an asset or liability, the firm must also make appropriate adjustments for uncertainties arising from market risk.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK Division 6.1.B BANK Division 6.1.B Measurement of risk and valuation of positions

            Inserted by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 6.1.11 Valuing positions — mark-to-market

              (1) A banking business firm must use the mark-to-market method to value its positions and exposures if there is a market to mark the positions and exposures to. Mark-to-market means a valuation that is based on current market value.

              Guidance

              1 The Regulatory Authority would expect a banking business firm to mark-to-market listed securities since there is a market with observable and reliable prices for such securities.
              2 The firm should mark-to-market as much as possible. It should use the prudent side of bid or offer unless the firm is a significant market maker that can close at mid-market.
              3 When estimating fair value, the firm should maximise the use of relevant observable inputs and avoid the use of unobservable inputs.
              (2) A position that is marked-to-market must be revalued daily, based on independently sourced current market prices.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 6.1.12 BANK 6.1.12 Valuing positions — mark-to-model

              (1) If it is not possible to mark-to-market (for example, in the case of unlisted securities or where the market is inactive), a banking business firm may use the mark-to-model method to value its positions and exposures. Mark-to-model means a valuation that has to be benchmarked, extrapolated or otherwise calculated from a market input.
              (2) The firm must be able to demonstrate that its marking-to-model is prudent.
              Inserted by QFCRA RM/2015-3 (as from 1st January 2016).

              • BANK 6.1.12 Guidance

                A banking business firm should be extra conservative when marking-to-model. The Regulatory Authority will take into account the following in deciding if the firm's model is prudent:

                •    whether senior management is aware of the positions and exposures that are marked to model and whether it understands the uncertainty this might create in reporting the risk or performance of the business
                •    the extent to which market inputs are sourced from market prices
                •    the appropriateness of the assumptions used by the firm
                •    the availability of generally accepted valuation methods for particular products
                •    who developed the model
                •    whether the firm holds a secure copy of the model
                •    the existence of formal control procedures for changing the model
                •    how often the model is used to check valuations
                •    how aware is the firm's risk management function of the weaknesses of the model and how those weaknesses are reflected in the valuation output
                •    the results of comparisons between actual close out values and model outputs
                •    the firm's procedures for reviewing the model.
                Inserted by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 6.1.13 BANK 6.1.13 Independent price verification

              A banking business firm must independently verify market prices and model inputs, to check that those prices and inputs are accurate. The verification must be done at least once a month.

              Inserted by QFCRA RM/2015-3 (as from 1st January 2016).

              • BANK 6.1.13 Guidance

                1 Independent price verification is different from daily mark-to-market. The object of the verification is to regularly check the accuracy of market prices or model inputs and, thereby, eliminate inaccurate daily marks. The verification should be carried out by a unit independent of whoever marked the positions or exposures.
                2 The independent marking in the verification process should reveal any error or bias in pricing. It entails a higher standard of accuracy in that the market prices or model inputs are used to determine profit and loss figures, whereas daily marks are used primarily for management reporting in between reporting dates.
                Inserted by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 6.1.14 Valuation adjustments

              (1) A banking business firm must consider making adjustments for positions that cannot be prudently valued (such as those that have become concentrated, less liquid or stale). For example, valuation adjustment would be appropriate if pricing sources are more subjective (such as when there is only one available broker quote).
              (2) The firm must establish and maintain procedures for considering valuation adjustments. This rule applies whether:
              (a) the firm uses the mark-to-market or mark-to-model method; and
              (b) whether the valuation is done by the firm itself or a third party.
              (3) The firm must consider the following valuation adjustments:
              (a) unearned profit;
              (b) close-out costs;
              (c) operational risks;
              (d) early termination;
              (e) investing and funding costs;
              (f) future administrative costs;
              (g) model risk, if relevant;
              (h) any other adjustment that the firm considers appropriate.
              Inserted by QFCRA RM/2015-3 (as from 1st January 2016).

        • BANK Part 6.2 BANK Part 6.2 Foreign exchange risk

          • BANK 6.2.1 Relation to market risk

            (1) In measuring its market risk, a banking business firm must include the risk of holding or taking positions in foreign currencies and gold (foreign exchange risk). Foreign exchange risk may arise from the firm's trading in the foreign exchange market and other markets; it may also arise from non-trading activities that are denominated in a foreign currency.

            Guidance

            1 If a banking business firm is exposed to interest rate risk on positions in foreign currencies and gold, the firm must include the relevant interest rate positions in the calculation of interest rate risk — see rule 6.6.2(4).
            2 Gold is dealt with as a foreign exchange position (rather than as a commodity position) because the volatility of its prices is similar to that of a currency.
            (2) If foreign currency is to be received or delivered under a forward contract, the firm must report any interest rate exposure from the other leg of the contract in accordance with Part 6.6 (traded interest rate risk).
            (3) If gold is to be received or delivered under a forward contract, the firm must report any foreign currency or interest rate exposure from the other leg of the contract in accordance with this Part or Part 6.6, respectively.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 6.2.2 What to include in foreign exchange risk

            (1) In calculating the capital charge for foreign exchange risk, a banking business firm must include in its exposure to each foreign currency:
            (a) the net spot position (that is, assets minus liabilities denominated in the currency, including accrued interest and other accrued income and accrued expenses);
            (b) the net forward position (that is, amounts to be received minus amounts to be paid under forward foreign exchange transactions denominated in the currency);

            Examples of amounts to be received or paid
            •   payments under currency futures
            •   the principal on currency swaps not included in the spot position
            •   interest from futures, swaps and other interest rate transactions.
            (c) irrevocable guarantees (and similar instruments) that are certain to be called and likely to be irrecoverable; and
            (d) any other items representing an exposure to risk in foreign currencies (for example, a specific provision held in the currency in question where the underlying asset is held in a different currency).
            (2) The firm may also include in its currency exposure any net future income or expenses that are not yet accrued but already fully hedged. If the firm includes such income or expenses, it must do so consistently and must not select only expected future flows that reduce its position.
            (3) If the firm has deliberately taken a position to partly or totally protect itself against the adverse effect of a change in an exchange rate on its capital adequacy ratio, it may exclude the position from its currency exposure insofar as it relates to that hedge, if:
            (a) the position is of a structural and non-trading nature;
            (b) the structural position does no more than protect the firm's capital adequacy ratio;
            (c) the position cannot be traded for speculative or profit-making purposes; and
            (d) the exclusion of the position is done consistently, with the treatment of the hedge remaining the same for the life of the assets or other items.
            (4) A structural position includes:
            (a) a position arising from an instrument that satisfies the criteria for inclusion as capital under Chapter 3;
            (b) a position in relation to a net investment in a self-sustaining subsidiary, the accounting consequence of which is to reduce or eliminate what would otherwise be a movement in the foreign currency translation reserve; and
            (c) an investment in an overseas subsidiary or other entity in the same corporate group as the banking business firm that, under these rules, is deducted from the firm's capital for capital adequacy purposes.
            (5) A banking business firm must also include any currency exposures arising from equity, commodity and interest positions.
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 6.2.3 Foreign exchange risk on consolidated basis

            (1) If a banking business firm is assessing its foreign exchange risk on a consolidated basis, and the inclusion of the currency positions of a marginal operation of the firm is technically impractical, the firm may use, as a proxy for those positions, the internal limit in each currency that the firm applies to the operation. Marginal operation, in relation to a firm, is an operation that accounts for less than 5% of the firm's total currency positions.
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 6.2.4 Capital charge — foreign exchange risk

            (1) For a banking business firm that does not write options, net open position in a foreign currency is the sum of:
            (a) the firm's currency exposures under rule 6.2.2 for the currency; and
            (b) the value of the options and their associated underlying assets measured using the simplified approach in Division 6.3.B.
            (2) For a banking business firm that writes options, net open position in a foreign currency is the sum of:
            (a) the firm's currency exposures under rule 6.2.2 for the currency; and
            (b) either:
            (i) the net delta-based equivalent of the firm's total book of foreign currency options (with separately calculated capital charges for gamma risk and vega risk under Division 6.3.C); or
            (ii) the value of the options and their associated underlying assets under the delta-plus method in Division 6.3.C.
            (3) A banking business firm must calculate its overall foreign currency net open position by:
            (a) calculating the net open position in each foreign currency;
            (b) converting the nominal amount (or net present value) of each such net position into Qatari riyals at the current spot market exchange rate;
            (c) adding all short net positions and adding all long net positions calculated under paragraphs (a) and (b); and
            (d) selecting the greater of the absolute values of the 2 sums in paragraph (c).
            (4) The firm must then calculate its net position in gold by:
            (a) valuing all gold positions using the US dollar current spot price (regardless of maturity);
            (b) offsetting long and short positions; and
            (c) converting the absolute value of the resulting net position into Qatari riyals.
            (5) To convert the net position in gold into Qatari riyals, the firm must state the position (spot plus forward) in a standard unit of measurement and then convert the net position at the current spot market exchange rate.
            (6) The capital charge for foreign exchange risk of a banking business firm is the sum of:
            (a) 8% of the firm's overall foreign currency net open position in each of the foreign currencies it holds; and
            (b) 8% of its net position in gold.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 6.2.5 Forward positions

            A banking business firm must value forward currency and gold positions at the current spot market exchange rates.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 6.2.6 Treatment of paired currencies

            A banking business firm must report positions in a currency pair separately as if each were a currency on its own.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK Part 6.3 BANK Part 6.3 Options risk

          Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK Division 6.3.A BANK Division 6.3.A General

            • BANK 6.3.1 Relation to market risk

              In measuring its market risk, a banking business firm must include the risk of holding or taking positions in options contracts (options risk).

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 6.3.2 Measuring options risk

              (1) A banking business firm that does not write options must use the simplified approach.
              (2) A banking business firm that writes options must use the delta-plus method.

              Note If all the written option positions are hedged by perfectly matched long positions in exactly the same options, no capital charge for options risk is required.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK Division 6.3.B BANK Division 6.3.B Simplified approach

            • BANK 6.3.3 BANK 6.3.3 Using simplified approach

              A banking business firm that does not write options must calculate capital charges in accordance with:

              (a) rule 6.3.4 for a position that is a 'long cash and long put' or 'short cash and long call' position; or
              (b) rule 6.3.5 for a position that is a 'long put' or 'long call' position.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

              • BANK 6.3.3 Guidance

                In the simplified approach, the position in the option and the associated underlying asset (cash or forward) is not subject to the standard method. Instead, each position is carved-out and subject to a separately calculated capital charge for specific risk and general risk.

                Note As a general rule, the standard method is used to measure market risk — see rule 6.1.3.

                Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 6.3.4 Capital charges — 'long cash and long put' or 'short cash and long call'

              (1) For a position that is 'long cash and long put' or 'short cash and long call', the capital charge is calculated by multiplying the market value of the underlying security by the sum of the specific and general risk capital charges for the underlying, and then subtracting the amount by which the option is in-the-money (bounded at zero).

              Guidance

              1 In cases (such as foreign exchange transactions) where it is unclear which side is the underlying security, the underlying should be taken to be the asset that would be received if the option were exercised. In addition, the nominal value should be used for items if the market value of the underlying instrument could be zero (such as in caps, floors and swaptions).
              2 Some options have no specific risk (such as those having an interest rate, currency or commodity as the underlying security); other options on interest-rate-related instruments and options on equities and stock indices, however, would have specific risk.
              (2) In the simplified approach, the capital charge is:
              (a) 8% for options on currency; and
              (b) 15% for options on commodities.
              (3) For options with a residual maturity of less than 6 months, a banking business firm must use the forward price (instead of the spot price) if it is able to do so.
              (4) For options with a residual maturity of more than 6 months, the firm must compare the strike price with the forward price (instead of the current price). If the firm is unable to do this, it must take the in-the-money amount to be zero.
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 6.3.5 Capital charges — 'long put' or 'long call'

              (1) For a position that is 'long put' or 'long call', the capital charge is the lesser of:
              (a) the market value of the underlying security multiplied by the sum of the specific and general risk capital charges for the underlying; and
              (b) the market value of the option.
              (2) For subrule (1)(b), the book value of the option may be used instead of the market value if the position is not included in the trading book (for example, options on particular foreign exchange or commodities positions).
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK Division 6.3.C BANK Division 6.3.C Delta-plus method

            • BANK 6.3.6 Using delta-plus method

              (1) A banking business firm that writes options must calculate specific risk capital charges separately by multiplying the delta-equivalent value of each option by the risk-weight applicable under Part 6.5 (traded equity position risk) and Part 6.6 (traded interest rate risk).
              (2) In calculating general risk capital charge, the firm must enter delta-weighted positions with a debt security or interest rate as the underlying into the interest rate time bands in table 6.6.8A by using a two-legged approach. Under this approach, there is 1 entry at the time the underlying contract takes effect and a second entry at the time the underlying contract matures.
              (3) For an option with a debt security as the underlying, the firm must apply a specific risk capital charge to the delta-weighted position based on the issuer's rating and in accordance with Part 6.6.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 6.3.7 Relation to standard method

              (1) A banking business firm that writes options must include delta-weighted option positions in measuring its market risk.
              (2) The firm must report such an option as a position equal to the sum of the market values of the underlying multiplied by the sum of the absolute values of the deltas. Because delta does not cover all risks associated with option positions, the firm must calculate gamma and vega in calculating the regulatory capital charge.

              Note Gamma is the rate of change of delta with respect to a change in the price of the underlying. Vega is the sensitivity of the value of an option to a change in the volatility of the underlying.
              (3) The firm must calculate delta, gamma and vega using the pricing model used by a recognised exchange, or a proprietary options pricing model approved, in writing, by the Regulatory Authority.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 6.3.8 Capital charges — options

              (1) The capital charge for an option with equities as the underlying must be based on the delta-weighted positions included in the measurement of specific and general risks in accordance with Part 6.5 (traded equity position risk).
              (2) A banking business firm that writes options must calculate the capital charge for options on foreign exchange and gold positions in accordance with Part 6.2 (foreign exchange risk). For delta risk, the net delta-based equivalent of the foreign currency and gold options must be included in the measurement of the exposure for the respective currency (or gold) position.
              (3) The capital charge for an option on commodities must be based on the charge calculated using the simplified approach in rule 6.4.6.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 6.3.9 Gamma capital charges

              (1) A banking business firm that writes options must calculate the capital charge for gamma risk (gamma capital charge) for each option position separately.
              (2) To calculate gamma capital charge, calculate the gamma impact of each option in accordance with the following formula:

              where:

              VU is:

              (a) for an interest rate option:
              (i) if the option has a bond as the underlying — the market value of the underlying multiplied by the risk factor applicable under column 3 of table 6.6.8A; or
              (ii) if the option has an interest rate as the underlying — the market value of the underlying multiplied by the assumed changes in yield in column 4 of table 6.6.8A;
              (b) for options on equities and stock indices — the market value of the underlying multiplied by 8%;
              (c) for options on foreign exchange and gold — the market value of the underlying multiplied by 8%; or
              (d) for an option on commodities — the market value of the underlying multiplied by 15%.
              (3) In calculating the gamma impact for an option mentioned in the definition of VU, the firm must treat as the same underlying:
              (a) for interest rates — each time band in column 2 of table 6.6.8A (with each position allocated to separate maturity ladders);
              (b) for equities and stock indices — each recognised exchange;
              (c) for foreign currencies and gold — each currency pair and gold; and
              (d) for commodities — each individual commodity of a kind described in rule 6.4.2(3)(a) or (b).
              (4) Each option on the same underlying described in subrules (2) and (3) will have a gamma impact that is positive or negative. The firm must add the individual gamma impacts, resulting in a net gamma impact for each underlying that is either positive or negative.
              (5) To calculate the firm's total gamma capital charge, exclude gamma impacts that are positive. The total gamma capital charge is the sum of the absolute values of the net negative gamma impacts.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 6.3.10 Vega capital charges

              (1) A banking business firm that writes options must calculate the capital charge for vega risk (vega capital charge) for each option position separately.
              (2) To calculate vega capital charge, the firm must multiply the vega for each option mentioned in the definition of VU in rule 6.3.9(2) by a 25% proportional shift in the option's current volatility. The results must then be summed across each underlying.
              (3) The total vega capital charge is the sum of the absolute values of the vega capital charges across each underlying.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK Part 6.4 BANK Part 6.4 Commodities risk

          • BANK 6.4.1 Relation to market risk

            (1) In measuring its market risk, a banking business firm must include the risk of holding or taking positions in commodities and commodities options (commodities risk).
            (2) Commodities means physical or energy products that may be traded. Commodities include precious metals (other than gold), base metals, agricultural products, minerals, oil, gas and electricity.

            Guidance

            1 If a banking business firm is exposed to foreign exchange or interest rate risk from funding commodities positions, the firm must include the relevant positions in the measurement of interest rate or foreign exchange risk — see rules 6.2.2(5) and 6.6.2(4), respectively.
            2 Gold is dealt with as a foreign exchange position (rather than as a commodity position) because the volatility of its prices is similar to that of a currency.
            (3) If a commodity is to be received or delivered under a forward contract, the firm must report any foreign currency, equity or interest rate exposure from the other leg of the contract in accordance with Part 6.2, Part 6.5 or Part 6.6, respectively.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 6.4.2 Measuring commodities risk

            (1) A banking business firm must use the simplified approach to measure commodities risk.
            (2) To calculate open positions using this approach, the firm may report short and long positions in each commodity on a net basis. Positions are reported on a net basis by offsetting them against each other in accordance with subrule (3).
            (3) Positions in the same commodity may be offset. Positions in different commodities must not be offset unless:
            (a) the commodities are deliverable against each other; or
            (b) the commodities are close substitutes for each other and a minimum correlation between price movements of 0.9 can be clearly established over at least the preceding year.
            A banking business firm must not use the correlation-based offsetting mentioned in paragraph (b) unless the Regulatory Authority has, in writing, allowed the firm to use it.
            Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK 6.4.3 Measuring net positions

            A banking business firm must first state each commodity position (spot plus forward) in terms of the standard unit of measurement for the commodity (such as barrels, kilos or grams). The firm must then convert the net position in each commodity into Qatari riyals at the current spot market exchange rates.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 6.4.4 What to include in commodities risk

            (1) In calculating the capital charge for commodities risk, a banking business firm must include commodity derivatives and off-balance-sheet positions that are affected by changes in commodity prices (such as commodity futures and commodity swaps).
            (2) Options on commodities for which the options risk is measured using the delta-plus method must also be included (with their underlying assets). Options for which the options risk is measured using the simplified approach must be excluded.
            (3) The firm must convert commodity derivatives into notional commodities positions and assign them to maturities under rule 6.4.5.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 6.4.5 Assigning notional positions to maturities

            Futures and forward contracts relating to a particular commodity must be included in the measurement of commodities risk as notional amounts in terms of the standard unit of measurement multiplied by the spot price of the commodity.

            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 6.4.6 Capital charges — simplified approach

            (1) The capital charge for commodities risk of a banking business firm is the sum of:
            (a) 15% of the firm’s overall net position, long or short, in each commodity; and
            (b) 3% of the firm’s gross position in each commodity.
            (2) Gross position, of a firm in a commodity, is the sum of the absolute values of all short positions and all long positions of the firm, regardless of maturity.
            (3) The firm must use the current spot price to calculate its gross position in commodity derivatives.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK Part 6.5 BANK Part 6.5 Traded equity position risk

          • BANK 6.5.1 BANK 6.5.1 Relation to market risk

            (1) In measuring its market risk, a banking business firm must include the risk of holding or taking positions in equities (equity position risk).

            Note For the treatment of options with equities as the underlying — see rule 6.3.8(1). Under that rule, this Part on traded equity position risk applies to the option, but the capital charge must be based on the delta-weighted positions included in the measurement of specific and general risks.
            (2) If equities are to be received or delivered under a forward contract, the firm must report any foreign currency or interest rate exposure from the other leg of the contract in accordance with Part 6.2 or Part 6.6, respectively.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 6.5.1 Guidance

              If a banking business firm is exposed to interest rate risk on equity positions, the firm must include the relevant interest rate positions in the calculation of interest rate risk — see rule 6.6.2(4).

              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 6.5.2 Measuring equity position risk

            (1) The measurement of equity position risk in the trading book applies to short and long positions in all instruments that exhibit market behaviour similar to equities.

            Examples of instruments with equity-like behaviour

            •   common shares (whether voting or non-voting)
            •   convertible securities and commitments to buy or sell equity securities
            •   convertible bonds that trade like equities.
            (2) A banking business firm may report short and long positions in instruments relating to the same issuer on a net basis.
            (3) The firm must calculate the long or short position in the equity market on a market-by-market basis. That is, the firm must make a separate capital calculation for each exchange in which it holds equities (whether or not a recognised exchange).
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 6.5.3 What to include in equity position risk

            (1) In calculating the capital charge for equity position risk, a banking business firm must include equity derivatives and off-balance-sheet positions that are affected by changes in equity prices (such as futures and swaps on individual equities and stock indices).
            (2) To calculate the charges for equity position risk for equity derivatives and other off-balance-sheet positions, the firm must convert positions into notional equity positions, such that:
            (a) equity derivatives and off-balance-sheet positions relating to individual equities are reported at current market prices;
            (b) equity derivatives and off-balance-sheet positions relating to stock indices are reported as the mark-to-market value of the notional underlying equity portfolio; and
            (c) equity swaps are treated as 2 notional positions.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 6.5.4 Charges for specific and general risks

            (1) The capital charge for equity position risk consists of 2 separately calculated charges:
            (a) a charge for the specific risk of holding a long or short position in an individual equity; and
            (b) a charge for the general risk of holding a long or short position in the market as a whole.
            (2) The capital charge for specific risk is 8% of the gross position of a banking business firm in equities listed on a recognised exchange and 12% of the gross position of the firm in other equities. Gross position, of a firm in an equity market, is the sum of the absolute values of all short equity positions and all long equity positions of the firm.
            (3) The capital charge for general risk is 8% of the net position of a banking business firm. Net position, of a firm in an equity market, is the difference between long equity positions and short equity positions of the firm.
            (4) Equity position is the net of short and long exposures to an individual company. It is measured on the gross position across the company (rather than individual transactions).
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 6.5.5 Offsetting positions

            (1) If a banking business firm takes a position in depository receipts against an opposite position in the underlying equity (whether or not listed in the same country where the receipts were issued), it may offset the positions only if any costs on conversion are taken into account in full.
            (2) The firm may offset matched positions in an identical equity or stock index in each market, resulting in a single net long or short position to which the specific and general risk capital charges are to be applied. For this purpose, a future in an equity may be offset against an opposite physical position in the same equity.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 6.5.6 BANK 6.5.6 Charges for index contracts

            (1) For an index contract on an index that a banking business firm considers diversified, the firm must apply a general risk capital charge of 8%, and a specific risk capital charge of 2%, to the net long or short position in the contract.
            (2) For any other index contract, the firm must apply a general risk capital charge of 8%, and a specific risk capital charge of 4%, to the net long or short position in the contract.
            (3) If required to do so by the Regulatory Authority, the firm must demonstrate why the firm considers an index a diversified index.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 6.5.6 Guidance

              A banking business firm should test diversification against the following criteria used by the European Banking Authority:

              •   The index must have a minimum number of equities. There must be an absolute threshold below which the index cannot be considered sufficiently diversified to ignore the specific risk completely.
              •   None of the equities must significantly influence the volatility of the index. Equities must not represent more than a certain percentage of the total index value.
              •   The index must have equities diversified from a geographical perspective.
              •   The index must represent equities that are diversified from an economic perspective. Different ¡¥industries' must be represented in the index.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 6.5.7 Using arbitrage

            (1) If a banking business firm uses a futures-related arbitrage strategy under which the firm takes an opposite position in exactly the same index at different dates or in different markets, the firm:
            (a) may apply the 2% specific risk capital charge in rule 6.5.6(1) to only 1 position; and
            (b) may exempt the opposite position from any capital charge for specific and general risks.
            (2) The firm may also apply the 2% specific risk capital charge if:
            (a) the firm has opposite positions in contracts at the same date in 2 similar indices; and
            (b) the Regulatory Authority has notified the firm in writing that the 2 indices have sufficient common components to allow offsetting.
            (3) If the firm engages in an arbitrage strategy under which a futures contract on a broadly-based index matches a basket of shares, the firm:
            (a) may decompose the index position into notional positions in each of the constituent stocks; and
            (b) may include the notional positions and the disaggregated physical basket in the country portfolio, netting the physical positions against the index equivalent positions in each stock.
            (4) The firm may apply the 4% capital charge in subrule (5) to a position that is part of the arbitrage strategy only if:
            (a) a minimum correlation of 0.9 between the basket of shares and the index can be clearly established over at least the preceding year, and the firm has satisfied the Regulatory Authority that the method the firm has chosen is accurate; or
            (b) the composition of the basket of shares represents at least 90% of the index.

            Note To determine whether a basket of shares represents at least 90% of the index — see rule 6.5.8.
            (5) If the values of the physical and futures positions are matched, the capital charge is 4% (that is, 2% of the gross value of the positions on each side).
            (6) The firm must treat any excess value of the shares comprising the basket over the value of the futures contract, or excess value of the futures contract over the value of the basket, as an open long or short position, and must use the approach for index contracts in rule 6.5.6(1) or (2), as appropriate.
            (7) If an arbitrage does not satisfy the conditions in subrule (4), the firm must treat the index position using the approach for index contracts in rule 6.5.6(1) or (2), as appropriate.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK 6.5.8 When basket of shares is 90% of index

            (1) To determine whether a basket of shares represents at least 90% of an index, the relative weight of each stock in the basket must be compared to the weight of that stock in the index to calculate a percentage slippage from its weight in the index.
            (2) Stocks that are included in the index but are not held in the basket have a slippage equal to their percentage weight in the index.
            (3) The sum of the slippages across all stocks in the index represents the total slippage from the index. The absolute values of the percentage slippages must be summed.
            (4) Deducting the total slippage from 100 gives the percentage coverage of the index to be compared to the required minimum of 90%.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).

        • BANK Part 6.6 BANK Part 6.6 Traded interest rate risk

          • Division 6.6.A Division 6.6.A General

            • BANK 6.6.1 Relation to market risk

              In measuring its market risk, a banking business firm must include the risk of holding or taking positions in debt securities and other interest-rate-related instruments that are held in the trading book (interest rate risk).

              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

            • BANK 6.6.2 What to include in interest rate risk

              (1) The measurement of interest rate risk in the trading book applies to all fixed-rate and floating-rate debt securities and other interest-rate-related instruments that exhibit market behaviour similar to debt securities.

              Examples

              •   non-convertible preference shares
              •   convertible bonds that trade like debt securities.
              (2) A debt security that is the subject of a repurchase or securities lending agreement is taken to be owned by the lender of the security.
              (3) In calculating the capital charge for interest rate risk, a banking business firm must include interest rate exposures arising from forward foreign exchange transactions and forward sales and purchases of commodities and equities.

              Note For forward contracts, see:

              •   rule 6.2.1(2) (foreign currencies)
              •   rule 6.4.1(3) ( commodities)
              •   rule 6.5.1(2) (equities).
              (4) The firm must also include any interest rate exposures arising from foreign exchange, equity and commodity positions.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK 6.6.3 Capital charge — interest rate risk

              The capital charge for interest rate risk consists of 2 separately calculated charges:

              (a) a charge for the specific risk of holding a long or short position in an individual instrument; and
              (b) a charge for the general risk of holding a long or short position in the market as a whole.

              Note 1 The capital charge for general risk is for the risk of loss arising from changes in market interest rates.

              Note 2 To determine the capital charge for derivatives — see rule 6.6.12.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

          • BANK Division 6.6.B BANK Division 6.6.B Specific risk

            • BANK 6.6.4 Calculating specific risk capital charge

              (1) The capital charge for specific risk arising from an on-balance-sheet or off-balance-sheet interest-rate position held in a banking business firm's trading book is calculated by multiplying the market value of the debt security by the applicable charge set out in column 5 of table 6.6.4 for the category and residual maturity of the instrument.
              (2) The firm may offset matched long and short positions (including positions in derivatives) in identical instruments with exactly the same issuer, coupon, currency and maturity.

              Table 6.6.4 Specific risk capital charges

              column 1 item column 2 category column 3 external credit rating column 4 residual maturity column 5 specific risk capital charge %
              1 government AAA to AA-   0.00
              A+ to BBB- 6 months or less

              more than 6 months and up to and including 24 months

              more than 24 months
              0.25

              1.00

              1.60
              BB+ to B- or unrated
              8.00
              Below B-
              12.00
              2 qualifying   6 months or less

              more than 6 months and up to and including 24 months

              more than 24 months
              0.25

              1.00

              1.60
              3 other BB+ to BB- or unrated

              Below BB-
                8.00

              12.00
              (3) In column 2 of table 6.6.4:

              government, as a category, includes all forms of government paper such as bonds, treasury bills and other short-term instruments.

              Note Financial instruments issued by the State of Qatar (whether denominated in Qatari riyals or not), or by other member states of the GCC, are risk-weighted at zero per cent.

              qualifying, as a category, includes:
              (a) securities issued by public sector enterprises and multilateral development banks;

              Note For a list of multilateral development banks that qualify for 0% risk weight, and examples of other multilateral development banks that do not, see the note following table 4.4.7A.
              (b) instruments rated investment grade by at least 2 ECRAs;
              (c) instruments rated investment grade by 1 ECRA and 1 other credit rating agency that is not an ECRA; and
              (d) unrated instruments, but only if:
              (i) the banking business firm has no reason to suspect that the particular instrument would have a rating less than investment grade if it were rated; and
              (ii) the issuer of the instrument is rated investment grade and is regulated in its home jurisdiction in a way comparable to deposit-takers in the QFC.
              Guidance

              In deciding whether an issuer is regulated in a comparable way, the firm must look, in particular, at the home jurisdiction's risk-based capital requirements and consolidated supervision.

              other, as a category, includes:

              (a) instruments issued or fully guaranteed by the central government or central bank of a state that is a member of the OECD;
              (b) instruments fully collateralised by instruments described in paragraph (a); and
              (c) instruments issued or fully guaranteed by the central government or central bank of a state that is not a member of the OECD, but only if:
              (i) the instruments have a residual maturity of 1 year or less;
              (ii) the instruments are denominated in the local currency of the issuer; and
              (iii) the banking business firm's holdings in such instruments are funded by liabilities in the same currency.
              (4) In column 3 of table 6.6.4, external credit rating means a long-term rating issued by an ECRA for the purpose of risk-weighting claims on rated counterparties and exposures.
              Amended by QFCRA RM/2018-1 (as from 1st May 2018).

            • BANK 6.6.5 Instruments that have no specific risk capital charge

              (1) Interest rate swaps, cross-currency swaps, forward rate agreements, forward foreign exchange transactions, interest rate futures and futures on an interest rate index are exempt from charges for specific risk. However, a specific risk capital charge must be calculated if the underlying is a debt security or an index representing a basket of debt securities.
              (2) Futures and forward contracts (other than those mentioned in subrule (1)) are exempt from specific risk capital charge if:
              (a) the banking business firm has a right to substitute cash settlement for physical delivery under the contract; and
              (b) the price on settlement is calculated with reference to a general market price indicator.
              (3) A contract that is exempt under subrule (2) must not be offset against specific securities (including those securities that make up the market index).
              Amended by QFCRA RM/2015-3 (as from 1st January 2016).

          • BANK Division 6.6.C BANK Division 6.6.C General risk

            • BANK Part 6.6.6 Measuring general risk

              (1) General risk is measured using the maturity method. In that method, positions are allocated to a maturity ladder before the capital charge is calculated.
              (2) The firm must add the absolute values of the individual net positions within each time band, whether long or short. The sum of the absolute values is the firm’s gross position.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK Part 6.6.7 Maturity method

              (1) In the maturity method, long or short positions in debt securities (and in other sources of interest rate exposures such as derivative instruments) are allocated to the time bands in table 6.6.8A (and then to the zones in table 6.6.8B) based on the residual maturity of the instrument and the interest rate of coupon payments.
              (2) A banking business firm must allocate:
              (a) positions in fixed-rate instruments according to their residual term to maturity; and
              (b) positions in floating-rate instruments according to the residual term to the next re-pricing date.
              (3) The firm may offset:
              (a) long and short positions (whether actual or notional) in identical instruments with exactly the same issuer, coupon, currency and maturity; and
              (b) matched swaps, forward contracts, futures and forward rate agreements that satisfy the criteria in rule 6.6.13.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK Part 6.6.8 Steps in calculating general risk capital charge

              The steps to calculate the general risk capital charge are:

              Step 1

              Weight the positions in each time band by the risk factor corresponding to those positions in table 6.6.8A.

              Table 6.6.8A Time Bands and risk factors

              column 1 item column 2 time band column 3 risk factor % column 4 assumed changes in yield %
              1 1 month or less 0.00 1.00
              2 more than 1 and up to 3 months 0.20 1.00
              3 more than 3 and up to 6 months 0.40 1.00
              4 more than 6 and up to 12 months 0.70 1.00
              5 more than 1 and up to 2 years 1.25 0.90
              6 more than 2 and up to 3 years 1.75 0.80
              7 more than 3 and up to 4 years 2.25 0.75
              8 more than 4 and up to 5 years 2.75 0.75
              9 more than 5 and up to 7 years 3.25 0.70
              10 more than 7 and up to 10 years 3.75 0.65
              11 more than 10 and up to 15 years 4.50 0.60
              12 more than 15 years and up to 20 years 5.25 0.60
              13 more than 20 years 6.00 0.60

              Step 2

              Offset the weighted long and short positions within each time band.

              Example

              If the sum of the weighted long positions in a time band is QR100 million and the sum of the weighted short positions in the band is QR90 million, you offset the positions to come up with a matched position of QR90 million and unmatched position of QR10 million.

              Step 3

              For each time band, apply a 10% capital charge (vertical disallowance) on the matched position calculated in step 2.

              Example

              Continuing on from the example in step 2, apply the 10% on the QR90 million matched position to come up with a QR9 million vertical disallowance for the time band.

              Step 4

              For the unmatched positions calculated in step 2, carry out 2 further rounds of offsetting using the zones (made up of time bands) in table 6.6.8B and apply the appropriate capital charge, as follows:

              (a) first between the remaining unmatched positions within each of 3 zones and subject to a charge (expressed as a percentage) as follows:
              (i) matched weighted positions within zone 1 x 40%;
              (ii) matched weighted positions within zone 2 x 30%;
              (iii) matched weighted positions within zone 3 x 30%;
              (b) subsequently between the remaining unmatched positions across the three different zones (in the order set out below) and subject to a capital charge as follows:
              (i) matched weighted positions between zones 1 and 2 x 40%;
              (ii) matched weighted positions between zones 2 and 3 x 40%;
              (iii) matched weighted positions between zones 1 and 3 x 100%.

              The absolute value of the net amount remaining is the net position.

              Table 6.6.8B Zones for coupons

              column 1 item column 2 zone column 3 time bands
              1 zone 1 0 – 1 month

              1 – 3 months

              3 – 6 months

              6 – 12 months
              2 zone 2 1 – 2 years

              2 – 3 years

              3 – 4 years
              3 zone 3 4 – 5 years

              5 – 7 years

              7 – 10 years

              10 – 15 years

              15 – 20 years

              more than 20 years

              Step 5

              Calculate the horizontal allowance by adding the charges from paragraphs (a) and (b) of step 4.

              Step 6

              Calculate the general risk capital charge as the sum of:

              (a) the net position calculated from steps 1 to 4;
              (b) the vertical disallowance from step 3;
              (c) the horizontal disallowance from steps 4 and 5; and
              (d) the net charge for positions in options, where appropriate, calculated in accordance with Part 6.3.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK Part 6.6.9 Positions in currencies

              (1) A banking business firm must use separate maturity ladders for positions in each currency, with capital charges calculated separately for each currency and then summed. Positions in different currencies are not to be offset.
              (2) If the firm’s position in a currency is less than 5% of the value of the firm’s banking book assets, that currency is taken to be a residual currency and the firm may use a single maturity ladder for all residual currencies (instead of having to use separate maturity ladders for each currency). The firm must enter, into each appropriate time band, the net long or short position for residual currencies.
              (3) The firm must apply, with no further offsets, the risk factor in column 3 of table 6.6.8A to the position in each time band for residual currencies.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK Part 6.6.10 Futures and forward contracts

              (1) A banking business firm must treat futures and forward contracts on bank or corporate debt (including forward rate agreements) as a combination of a long and a short position in the underlying debt security. Futures and forward contracts not on bank or corporate debt must be treated as a combination of a long and a short position in a notional government security.
              (2) The maturity of a futures contract or a forward rate agreement is the period until delivery or exercise of the contract, plus the life of the underlying (or notional underlying) instrument. The firm must report the long and short positions at the market value of the underlying (or notional underlying) security or portfolio of securities.
              (3) If a range of instruments may be delivered to fulfil a contract, the firm may choose the deliverable security to be allocated to the maturity ladder. The firm must, however, take account of any conversion factor specified by the exchange where the instrument must be delivered.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK Part 6.6.11 Swaps

              (1) A banking business firm must treat a swap as 2 notional positions in government securities with maturities. Both legs of the swap must be reported at their market values.
              (2) For swaps that pay or receive a fixed or floating interest rate against some other reference price (for example, a stock index), the firm must:
              (a) enter the interest rate component into the appropriate maturity category; and
              (b) include any equity component in the measurement of equity risk.
              (3) Each leg of a cross-currency swap must be reported in the maturity ladder for the currency concerned. The capital charge for any foreign exchange risk arising from the swaps must be calculated in accordance with rules 6.2.2 to 6.2.6.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK Part 6.6.12 Derivatives

              (1) In the measurement of interest rate risk, a banking business firm must include interest rate derivatives and off-balance-sheet instruments in the trading book if those instruments react to changes in interest rates.
              (2) The firm must convert derivatives into positions in the relevant underlying to enable the firm to calculate specific and general risk capital charges. To determine the capital charges, the value of the positions must be the market value of the underlying or notional underlying.
              (3) Positions in derivatives are subject to charges for general risk in the same way as cash positions. However, matched positions are exempt from the charges if the positions satisfy the criteria in rule 6.6.13 or 6.6.14.
              (4) Positions in derivatives must be allocated to a maturity ladder and treated in accordance with this rule and the maturity method.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK Part 6.6.13 Criteria for matching derivative positions

              (1) A banking business firm may offset a matched position in derivatives if the positions relate to the same underlying instruments, have the same nominal value and are denominated in the same currency.
              (2) For futures, the positions in the underlying (or notional underlying) instruments must be for identical products and must mature within 7 days of each other.
              (3) For swaps, forward rate agreements and forward contracts:
              (a) the reference rate (for floating-rate positions) must be identical and the coupons must differ by no more than 15 basis points; and
              (b) the next interest-fixing date (or, for fixed-coupon positions or forward contracts, the residual maturity) must comply with the following requirements:
              (i) if either instrument has an interest-fixing date or residual maturity up to and including 1 month in the future, the dates or residual maturities must be the same for both instruments;
              (ii) if either instrument has an interest-fixing date or residual maturity more than 1 month, but no more than 1 year, in the future, the dates or residual maturities must be within 7 days of each other;
              (iii) if either instrument has an interest-fixing date or residual maturity more than 1 year in the future, the dates or residual maturities must be within 30 days of each other.
              Note 1 For paragraph (a), the separate legs of different swaps may be 'matched' subject to these same conditions.
              Note 2 For paragraph (b), spot or cash positions in the same currency may be offset subject to these same conditions.
              (4) A banking business firm that writes options may offset the delta-equivalent values of options (including the delta-equivalent value of legs arising out of the treatment of caps and floors in accordance with rule 6.3.6).
              (5) However, for offsetting between a matched position in a futures or forward contract and its underlying, rule 6.6.14 applies.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

            • BANK Part 6.6.14 Criteria for offsetting derivative positions

              (1) A banking business firm may offset long and short positions (whether actual or notional) in identical instruments with exactly the same issuer, coupon, currency and maturity; and
              (2) A banking business firm may offset a matched position in a futures or forward contract and its corresponding underlying. The net position must be reported.
              (3) The firm may offset positions in a futures or forward contract with a range of deliverable instruments and the corresponding underlying only if:
              (a) there is a readily identifiable underlying security; and
              (b) the price of that security and the price of the futures or forward contract move in close alignment.
              (4) The firm must treat each leg of a cross-currency swap or forward foreign exchange transaction as a notional position in the relevant instrument, and must include the position in the calculation for each currency.
              Derived from QFCRA RM/2014-2 (as from 1st January 2015).

      • BANK Chapter 7 BANK Chapter 7 Operational risk

        • Part 7.1 BANK Part 7.1 Introductory

          • BANK 7.1.1 Introduction

            (1) This Chapter sets out:
            (a) the requirements for a banking business firm to have a specific policy to identify, measure, evaluate, manage and control or mitigate operational risk;
            (b) the requirements for the firm to collect data on losses caused by operational risk events; and
            (c) how to calculate the firm’s operational risk capital requirement.
            Note The firm’s operational risk capital requirement is part of its risk-based capital requirement—see rule 3.2.5.
            (2) Operational risk is the risk resulting from inadequate or failed internal processes, people and systems, or from external events. Operational risk includes legal risk but does not include strategic risk or reputational risk.
            Derived from QFCRA RM/2014-2 (as from 1st January 2015).
            Amended by QFCRA RM/2020-2 (as from 1st January 2021).

        • Part 7.2 BANK Part 7.2 Operational risk management

          Notes for Part 7.2

          1 This Part sets out the requirement for banking business firms in relation to the management of operational risk. There are general requirements relating to risk management (including the management of operational risk) in CTRL, which apply to banking business firms in common with all other authorised firms.
          2 This Part gives effect, for banking business firms in the QFC, to the document Sound Practices for the Management and Supervision of Operational Risk, issued by the Basel Committee on Banking Supervision in June 2011.

          • BANK 7.2.1 Principle 1: risk management culture

            The general obligations of a banking business firm’s governing body and senior management under CTRL in relation to the firm’s risk management culture include an obligation to establish a strong operational risk management culture. A general reference in CTRL to risk management includes the management of operational risk specifically.

            Derived from QFCRA RM/2020-2 (as from 1st January 2021)

          • BANK 7.2.2 Principle 2: operational risk management framework

            (1) A banking business firm must develop, implement and maintain a framework for the management of operational risk that:
            (a) is fully integrated into the firm’s overall risk management processes; and
            (b) is appropriate for the firm, taking into account the firm’s nature, size, complexity and risk profile.
            Guidance
            The fundamental premise of sound risk management is that the authorised firm’s governing body and management understand the nature and complexity of the risks inherent in the firm’s products, services and activities. This is particularly important for operational risk, given that operational risk is inherent in all business products, activities, processes and systems.
            (2) The framework must be appropriately integrated into the firm’s risk management processes across all levels of the firm, including those at the group and business line levels, and into new business initiatives’ products, activities, processes and systems. In addition, the results of the firm’s operational risk assessment must be incorporated into the firm’s overall business strategy development processes.
            Guidance
            The framework is a vital means of understanding the nature and complexity of operational risk.
            (3) The framework must be comprehensively and appropriately documented in policies approved by the firm’s governing body, and must include definitions of operational risk and operational loss.
            Guidance
            A banking business firm that does not adequately describe and classify operational risk and loss exposure may significantly reduce the effectiveness of its framework.
            (4) The firm’s framework documentation:
            (a) must clearly identify the governance structures used to manage operational risk, including reporting lines and accountabilities;
            (b) must clearly describe the risk assessment tools and how they are used;
            (c) must clearly describe the firm’s accepted operational risk appetite and tolerance, its thresholds or limits for inherent and residual risk, and its approved risk mitigation strategies and instruments;
            (d) must clearly describe the firm’s approach to establishing and monitoring thresholds or limits for inherent and residual risk exposure;
            (e) must establish reporting and management information systems in relation to operational risk;
            (f) must provide a set of operational risk terms to ensure that risk identification, exposure rating and risk management objectives are consistent throughout the firm;
            (g) must provide for appropriate independent review and assessment of operational risk; and
            (h) must require the policies to be reviewed, and revised as appropriate, whenever a significant change occurs in the firm’s operational risk profile.
            Derived from QFCRA RM/2020-2 (as from 1st January 2021)

          • BANK 7.2.3 Principle 3: governing body to approve framework

            (1) The governing body of a banking business firm must establish, approve and periodically review the firm’s operational risk management framework. The governing body must oversee the firm’s senior management to ensure that the policies, processes and systems are implemented effectively at all decision levels.
            (2) The governing body:
            (a) must establish a management culture, and supporting processes, to understand the nature and scope of the operational risk inherent in the firm’s strategies and activities;
            (b) must develop comprehensive, dynamic oversight and control environments that are fully integrated into or coordinated with the overall framework for managing all risks across the firm;
            (c) must provide senior management with clear guidance and direction regarding the principles underlying the framework and must approve the corresponding policies developed by senior management;
            (d) must regularly review the framework to ensure that the firm has identified, and is managing, the operational risk arising from external market changes and other environmental factors, and the operational risks associated with new products, activities, processes or systems, including changes in risk profiles and priorities (for example changing business volumes);
            (e) must ensure that the framework is subject to effective independent review by audit or other appropriately trained persons; and
            (f) must ensure that, as best practice evolves, the firm’s senior management avails themselves of those advances.
            Guidance
            Strong internal controls are a critical aspect of the management of operational risk, and the governing body should establish clear lines of management responsibility and accountability for implementing a strong control environment. The control environment should provide appropriate independence and separation of duties between operational risk management functions, business lines and support functions.
            Derived from QFCRA RM/2020-2 (as from 1st January 2021).

          • BANK 7.2.4 Principle 4: risk appetite and tolerance

            (1) A banking business firm must approve and review its risk appetite and tolerance for operational risk.
            (2) The firm must consider:
            (a) all relevant risks;
            (b) the firm’s level of risk aversion;
            (c) its current financial condition; and
            (d) its strategic direction.
            (3) The firm must set out the various operational risk appetites within the firm and must ensure that they are consistent. The firm must approve appropriate thresholds or limits for specific operational risks, and an overall operational risk appetite and tolerance.
            (4) The firm must regularly review the appropriateness of limits and the overall operational risk appetite and tolerance. Such a review must consider changes in the external environment, significant increases in business or activity volumes, the quality of the control environment, the effectiveness of risk management or mitigation strategies, loss experience, and the frequency, volume and nature of breaches of limits.
            (5) The firm must monitor management’s adherence to the statement and must provide for timely detection and remediation of breaches.
            Derived from QFCRA RM/2020-2 (as from 1st January 2021)

          • BANK 7.2.5 Principle 5: role of senior management

            (1) The senior management of a banking business firm must develop, for approval by the firm’s governing body, a clear, effective and robust governance structure for managing operational risk, with well defined, transparent and consistent lines of responsibility. The firm’s senior management is responsible for consistently implementing and maintaining, throughout the firm, policies, processes and systems for managing operational risk in all of the firm’s products, activities, processes and systems consistently with the firm’s risk appetite and tolerance.
            (2) The firm’s senior management is responsible for establishing and maintaining robust challenge mechanisms and effective issue-resolution processes. The mechanisms should include systems to report, track and, when necessary, escalate issues to ensure that they are resolved.
            (3) The firm’s senior management must translate the operational risk management framework established by the governing body into specific policies and procedures that can be implemented and verified within the firm’s business units. Senior management must clearly assign authority, responsibility and reporting relationships to encourage and maintain accountability, and to ensure that the necessary resources are available to manage operational risk in line within the firm’s risk appetite and tolerance.
            (4) The firm’s senior management must ensure that the management oversight process is appropriate for the risks inherent in each business unit’s activity.
            (5) The firm’s senior management must ensure that the staff who are responsible for managing operational risk coordinate and communicate effectively with the staff who are responsible for:
            (a) managing other risks (such as credit risk and market risk); and
            (b) procuring external services (such as insurance risk transfer) and for making outsourcing arrangements.
            Guidance
            Failure to do so could result in significant gaps or overlaps in the firm’s overall risk management program.
            (6) The managers of the firm’s corporate operational risk function must be of sufficient stature within the firm to perform their duties effectively.
            Guidance
            The standing within the firm of the managers of operational risk would ideally be evidenced by their titles being similar to those of the managers of other risk management functions such as the management of credit, market and liquidity risk.
            (7) The senior management must ensure that the firm’s activities are conducted by staff with the necessary experience, technical capabilities and access to resources. Staff responsible for monitoring and enforcing compliance with the firm’s risk policy must have authority independent from the units they oversee.
            Derived from QFCRA RM/2020-2 (as from 1st January 2021)

          • BANK 7.2.6 Principle 6: risk identification and assessment

            (1) The senior management of a banking business firm must ensure that the operational risk inherent in all of the firm’s products, activities, processes and systems is identified and assessed to make sure that the inherent risks and incentives are well understood.
            Guidance
            Risk identification and assessment are fundamental characteristics of an effective operational risk management system. Effective identification of risk considers both internal factors and external factors. Sound risk assessment allows the firm to better understand its risk profile and allocate risk management resources and strategies most effectively. Tools that can be used for identifying and assessing operational risk include:
            audit findings—although audit findings primarily focus on control weaknesses and vulnerabilities, they can also give insight into inherent risk that is due to internal or external factors
            internal loss data collection and analysis—internal operational loss data provides meaningful information for assessing the firm’s exposure to operational risk and the effectiveness of internal controls
            external data collection and analysis—external data elements consist of gross operational loss amounts, dates, recoveries, and information about the causes of operational loss events at other organisations; external loss data can be compared with internal loss data, or used to explore possible weaknesses in the control environment or consider previously unidentified risk exposures
            risk assessments—in a risk assessment, often referred to as a risk self-assessment, the firm assesses the processes underlying its operations against a library of potential threats and vulnerabilities and considers their potential impact; a similar approach, a risk control self-assessment (RCSA), typically evaluates inherent risk (the risk before controls are considered), the effectiveness of the control environment, and residual risk (the risk exposure after controls are considered); scorecards build on RCSAs by weighting residual risks to provide a means of translating RCSA output into metrics that give a relative ranking of the control environment
            business process mapping—business process mappings identify the key steps in business processes, activities and organisational functions, and identify the key risk points in the overall business process; process maps can reveal individual risks, risk interdependencies, and areas of control or risk management weakness, and can help to prioritise management actions
            risk and performance indicators—risk and performance indicators are risk metrics and statistics that provide insight into a firm’s risk exposure; risk indicators, often called key risk indicators, are used to monitor the main drivers of exposure associated with key risks; performance indicators, often called key performance indicators, provide insight into the status of operational processes, which may in turn provide insight into operational weaknesses, failures, and potential loss; risk and performance indicators are often paired with escalation triggers to warn when risk levels approach or exceed thresholds or limits and prompt the putting into operation of mitigation plans
            scenario analysis—scenario analysis is a process of obtaining expert opinion from business line and risk managers to identify potential operational risk events and assess their potential outcomes; scenario analysis is an effective tool to consider potential sources of significant operational risk and the need for additional risk management controls or mitigation solutions; however, given that the scenario process is subjective, a robust governance framework is essential to ensure the integrity and consistency of the process
            measurement—larger firms may find it useful to quantify their exposure to operational risk by using the output of the risk assessment tools as inputs into a model that estimates operational risk exposure; the results can be used in an economic capital process and can be allocated to business lines to link risk and return
            comparative analysis—that is, comparing the results of the various assessment tools to provide a more comprehensive view of the firm’s operational risk profile; for example, comparison of the frequency and severity of internal data with RCSAs can help the firm to determine whether self-assessment processes are functioning effectively; scenario data can be compared to internal and external data to gain a better understanding of the severity of the firm’s exposure to potential risk events.
            (2) The firm must ensure that its internal pricing and performance measurement mechanisms appropriately take operational risk into account.
            Guidance
            If operational risk is not considered, risk-taking incentives might not be appropriately aligned with the firm’s risk appetite and tolerance.
            Derived from QFCRA RM/2020-2 (as from 1st January 2021)

          • BANK 7.2.7 Principle 7: approval process for new products etc

            (1) The senior management of a banking business firm must ensure that there is an approval process that fully assesses operational risk for all new products, activities, processes and systems.
            Guidance
            In general, a banking business firm’s operational risk exposure is increased when the firm engages in a new activity, develops a new product, enters an unfamiliar market, implements a new business process or technology system or engages in a business distant from its head office. Moreover, the level of risk may increase when a new product, activity, process, or system transitions from an introductory level to a level that represents a significant source of revenue or a business-critical operation.
            (2) A banking business firm must ensure that its risk management control infrastructure is appropriate at inception and that it keeps pace with the rate of growth of, or changes to, products, activities, processes and systems.
            (3) A banking business firm must have policies and procedures that address the process for review and approval of new products, activities, processes and systems. The review and approval process must consider:
            (a) the risks inherent in the new product, activity, process or system;
            (b) changes to the firm’s operational risk profile and appetite and tolerance, including the risk of existing products or activities;
            (c) the necessary controls, risk management processes and risk mitigation strategies;
            (d) the residual risk;
            (e) changes to relevant risk thresholds or limits; and
            (f) the procedures and metrics to measure, monitor, and manage the risk of the new product, activity, process or system.
            (4) The approval process must also include ensuring that appropriate investment has been made in human resources and technology infrastructure before a new product, activity, process or system is introduced.
            (5) The implementation of a new product, activity, process or system must be monitored to identify any significant differences to the expected operational risk profile, and to manage any unexpected risks.
            Derived from QFCRA RM/2020-2 (as from 1st January 2021)

          • BANK 7.2.8 Principle 8: monitoring and reporting

            (1) The senior management of a banking business firm must implement a process to regularly monitor operational risk profiles and material exposures to losses. There must be appropriate reporting mechanisms at the board, senior management, and business line levels that support proactive management of operational risk.
            (2) A banking business firm must ensure that its reports are comprehensive, accurate, consistent and actionable across business lines and products.
            Guidance
            Reports should be manageable in scope and volume; too much or too little data impedes effective decision-making. A banking business firm should endeavour to continuously improve its operational risk reporting.
            (3) Reporting must be timely and the firm must be able to produce reports in both normal and stressed market conditions. The frequency of reporting must reflect the risks involved and the pace and nature of changes in the operating environment.
            (4) The results of monitoring activities, and assessments of the framework by the firm’s internal audit or risk management functions, must be included in regular management and board reports. Reports generated for the Regulatory Authority must also be reported internally to senior management and the board, where appropriate.
            (5) Operational risk reports must include:
            (a) breaches of the firm’s risk appetite and tolerance, and breaches of thresholds or limits;
            (b) details of recent significant internal operational risk events and losses; and
            (c) relevant external events and any possible effect on the firm and its operational risk capital calculation.
            Guidance
            Operational risk reports may contain internal financial, operational, and compliance indicators, as well as external market or environmental information about events and conditions that are relevant to decision making.
            (6) The firm must analyse its data capture and risk reporting processes periodically with a view to continuously improving the firm’s risk management performance and advancing its risk management policies, procedures and practices.
            Derived from QFCRA RM/2020-2 (as from 1st January 2021)

          • BANK 7.2.9 Principle 9: control and mitigation—additional requirements

            (1) The requirements of this rule are in addition to those set out in CTRL.
            (2) In addition to separation of duties and dual control, a banking business firm must ensure that it has other traditional internal controls as appropriate to address operational risk.
            Examples of controls
            • clearly established authorities and processes for approval
            • close monitoring of adherence to assigned risk thresholds or limits
            • safeguards for access to, and use of, bank assets and records
            • appropriate staffing level and training to maintain expertise
            • ongoing processes to identify business lines or products where returns appear to be out of line with reasonable expectations
            • regular verification and reconciliation of transactions and accounts.
            (3) A banking business firm must ensure that it has appropriate controls to manage technology risk.
            Guidance
            1 Effective use and sound implementation of technology can contribute to the control environment. For example, automated processes are less prone to error than manual processes. However, automated processes introduce risks that must be addressed through sound technology governance and infrastructure risk management programs.
            2 The use of technology-related products, activities, processes and delivery channels exposes a banking business firm to strategic, operational, and reputational risks and the possibility of significant financial loss.
            3 Sound technology risk management uses the same precepts as operational risk management and includes:
            • governance and oversight controls that ensure that technology, including outsourcing arrangements, is aligned with, and supportive of, the firm’s business objectives
            • policies and procedures that facilitate the identification and assessment of risk
            • establishment of a risk appetite and tolerance and performance expectations to assist in controlling and managing risk
            • implementation of an effective control environment and the use of risk transfer strategies that mitigate risk
            • monitoring processes that test for compliance with policy thresholds or limits.
            4 Mergers and acquisitions that result in fragmented and disconnected infrastructure, cost-cutting measures or inadequate investment can undermine the firm’s ability to:
            • aggregate and analyse information across risk dimensions or the consolidated enterprise
            • manage and report risk on a business line or legal entity basis
            • oversee and manage risk in periods of high growth.
            5 The firm’s management should make appropriate capital investment or otherwise provide for a robust infrastructure at all times, particularly before mergers are consummated, high growth strategies are initiated, or new products are introduced.
            (4) The firm’s governing body must decide the maximum loss exposure that the firm is willing, and has the financial capacity, to assume, and must perform an annual review of the firm’s risk and insurance management programme.
            Guidance
            If internal controls do not adequately address risk and exiting the risk is not a reasonable option, the firm can complement the controls by seeking to transfer the risk to another party such as through insurance. Risk transfer is an imperfect substitute for sound controls and risk management programs. Therefore, the firm should view risk transfer as complementary to, rather than a replacement for, thorough internal operational risk control. Having mechanisms to quickly identify, recognise and rectify distinct operational risk errors can greatly reduce exposures. Careful consideration also needs to be given to the extent to which risk mitigation tools such as insurance truly reduce risk, transfer the risk to another business sector or area, or create a new risk (for example counterparty risk).
            Derived from QFCRA RM/2020-2 (as from 1st January 2021)

          • BANK 7.2.10 Principle 10: business resiliency and continuity

            (1) A banking business firm must have business resiliency and continuity plans to ensure that the firm can continue to operate, and can limit its losses, in the event of severe business disruption.
            Guidance
            A banking business firm is exposed to disruptive events, some of which may be severe and result in an inability to fulfil some or all of the firm’s business obligations. Incidents that damage or render inaccessible the firm’s facilities, telecommunication or information technology infrastructures, or a pandemic event that affects human resources, can result in significant financial losses to the firm, and broader disruptions to the financial system.
            (2) A banking business firm must establish business continuity plans commensurate with the nature, size and complexity of the firm’s operations. The plans must take into account different likely or plausible scenarios to which the firm may be vulnerable.
            (3) Continuity management must incorporate business impact analysis, recovery strategies, testing, training and awareness programs, and communication and crisis management programs. The firm must identify critical business operations, key internal and external dependencies, and appropriate resilience levels.
            (4) Plausible disruptive scenarios must be assessed for their financial, operational and reputational impact, and the resulting risk assessment must be the foundation for recovery priorities and objectives. Continuity plans should establish contingency strategies, recovery and resumption procedures, and plans for informing management, employees, the Regulatory Authority, customers, suppliers and, if appropriate, the civil authorities.
            (5) The firm must periodically review its continuity plans to ensure that contingency strategies remain consistent with the firm’s current operations, risks and threats, resiliency requirements, and recovery priorities. Training and awareness programmes must be implemented to ensure that the firm’s staff can effectively carry out the plans.
            (6) The firm must test each plan periodically to ensure that its recovery and resumption objectives and timeframes can be met. If possible, the firm must participate in disaster recovery and business continuity testing with key service providers.
            (7) The results of testing must be reported to the firm’s management and governing body.
            Derived from QFCRA RM/2020-2 (as from 1st January 2021)

          • BANK 7.2.11 Principle 11: disclosure

            Note These rules do not yet have provisions on disclosure. Those provisions are to be inserted in the next phase of the development of these rules.
            Derived from QFCRA RM/2020-2 (as from 1st January 2021)

        • Part 7.3 BANK Part 7.3 Collection and reporting of operational loss data

          • BANK 7.3.1 Basic requirement — operational loss dataset

            (1) A banking business firm must have documented procedures and processes to identify, collect and treat internal loss data for operational risk events. However, the firm need not collect data on any operational risk event for which the gross amount of loss is less than QR 40,000.
            (2) In this Chapter, the set of data resulting from that collection is called the firm’s operational loss dataset.
            (3) The procedures and processes:
            (a) must be subject to validation before the dataset is used to calculate the firm’s operational risk capital requirement; and
            (b) must be regularly independently reviewed by the firm’s internal or external audit functions.
            (4) The procedures and processes must provide for the collection of at least the following information for an operational risk event:
            (a) the gross amount of the resulting loss (the gross loss);
            (b) if available, the date when the event happened or began (date of occurrence);
            (c) the date when the firm became aware of the event (date of discovery);
            (d) the date (or dates) when the event resulted in a loss, reserve or provision against a loss being recognised in the firm’s profit and loss accounts (date of accounting);
            (e) any recovery of the gross loss;
            (f) descriptive information about the drivers or causes of the event.
            (5) The level of detail of the information the firm collects about an event must be proportionate to the gross loss amount resulting from the event.
            (6) When building the dataset, the firm must use the date of accounting as the date of a loss (except that, in the case of a legal loss event (that is, a legal event that results in a loss), the bank must use a date no later than the date of accounting).
            (7) If 2 or more losses:
            (a) had the same operational risk event in common as a cause; or
            (b) were caused by related operational risk events over time, but were posted to the accounts over several years;
            the losses must be allocated to the corresponding years of the loss database, in line with their accounting treatment.
            (8) Data on losses that result from mergers or acquisitions must be included in the dataset.
            (9) The following are not to be included in the dataset:
            (a) costs of general maintenance on property, plant or equipment;
            (b) internal or external expenditure to enhance the firm’s business after operational risk losses (such as upgrades, improvements, risk assessment initiatives and enhancements);
            (c) insurance premiums.
            Derived from QFCRA RM/2020-2 (as from 1st January 2021)

          • BANK 7.3.2 Meaning of gross loss, recovery and net loss for operational risk events

            (1) The gross loss for an operational risk event is the loss resulting from the event before any kind of recovery. Gross loss from such an event includes:
            (a) any direct charge (including any impairment or settlement) to the relevant firm’s profit and loss accounts;
            (b) costs incurred as a result of the event, including expenses directly linked to the event (such as legal expenses and fees paid to advisors or suppliers) and costs of repairs or replacements;
            (c) provisions or reserves accounted for in the profit and loss accounts against the loss;
            (d) losses temporarily booked in transitory or suspense accounts and not yet reflected in the profit and loss accounts;
            (e) negative economic effects, booked in an accounting period, resulting from operational risk events affecting cash flows or financial statements in previous accounting periods.
            (2) A recovery for an operational risk event is an independent occurrence, related to the event, but separate in time, in which funds, or inflows of economic benefits, are received from a third party.
            Examples
            payments received from insurers
            repayments received from perpetrators of fraud
            recoveries of misdirected transfers
            (3) The net loss for an operational risk event is the loss resulting from the event after any recovery.
            Derived from QFCRA RM/2020-2 (as from 1st January 2021)

          • BANK 7.3.3 Reporting to Regulatory Authority

            The Regulatory Authority may, by notice given to a banking business firm, require the firm to report internal loss data in the level 1 categories set out in Annex 9, Detailed loss event classification, to International Convergence of Capital Measurement and Capital Standards: A Revised Framework Comprehensive Version, published by the Basel Committee on Banking Supervision in June 2006.

            Derived from QFCRA RM/2020-2 (as from 1st January 2021)

        • Part 7.4 BANK Part 7.4 Operational risk capital requirement

          • BANK Division 7.4.A BANK Division 7.4.A Basic indicator approach

            • BANK 7.4.2 Basic indicator approach — calculation

              (1) A banking business firm must use the basic indicator approach to operational risk. Operational risk capital requirement is the amount of capital that the firm must have to cover its operational risk.
              (2) The firm’s operational risk capital requirement is calculated in accordance with the following formula:

              where:
              GI is the firm’s average annual gross income (as defined in subrule (3) or (4)) for those years (out of the previous 3 years) for which the firm’s annual gross income is more than zero.
              α is 15% or a higher percentage set by the Regulatory Authority.
              n is the number of years out of the previous 3 years for which the firm’s gross income is more than zero.
              Guidance
              Because of the definitions of GI and n, figures for any year in which the annual gross income of a firm is negative or zero must be excluded from both the numerator and denominator when calculating the average.
              (3) For a deposit-taker or investment dealer, gross income, for a year, means net interest income plus net non-interest income for the year. It must be gross of:
              (a) any provisions (including provisions for unpaid interest);
              (b) operating expenses; and
              (c) losses from the sale of securities in the ‘Held to Maturity’ and ‘Available for Sale’ categories in the banking book.
              (4) For a deposit-taker or investment dealer, gross income excludes:
              (a) realised profits from the sale of securities in the banking book;
              (b) realised profits from securities in the ‘Held to Maturity’ category in the banking book;
              (c) extraordinary or irregular items of income;
              (d) income derived from insurance;
              (e) any collection from previously written-off loans; and
              (f) income obtained from the disposal of real estate and other assets during the year.
              Derived from QFCRA RM/2020-2 (as from 1st January 2021)

          • BANK Division 7.4.B BANK Division 7.4.B Standardised approach

            • BANK 7.4.3 Commencement — Division 7.4.B

              This Division commences on 1 January 2023.

              Derived from QFCRA RM/2020-2 (as from 1st January 2021)

            • BANK 7.4.4 Standardised approach — calculation

              (1) A banking business firm must use the standardised approach to operational risk. Operational risk capital requirement is the amount of capital that the firm must have to cover its operational risk.
              (2) The standardised approach is based on the following factors:
              (a) the business indicator (BI), which is a financial-statement-based proxy for operational risk;
              (b) the business indicator component (BIC), which is calculated by multiplying the BI by a set of marginal coefficients;
              (c) the internal loss multiplier (ILM), which is a scaling factor that is based on a firm’s average historical losses and the BIC.
              (3) The business indicator is the sum of:
              (a) the interest, leases and dividend component (ILDC);
              (b) the services component (SC): and
              (c) the financial component (FC);
              where ILDC, SC and FC are calculated as set out in rule 7.4.2.
              Derived from QFCRA RM/2020-2 (as from 1st January 2021)

            • BANK 7.4.5 Calculation of ILDC, SC and FC

              (1) In a formula in this rule, a bar above a term means that the term is to be calculated as the average of the relevant quantity over the current accounting year and the 2 previous accounting years of the firm concerned.
              (2) The factors ILDC, SC and FC are calculated in accordance with the following formulas:

              Guidance — meaning of business indicator terms
              P&L or balance-sheet items Description Typical sub-items
              Interest, lease and dividend component
              Interest income Interest income from all financial assets and other interest income (include