• CTRL Chapter 3 CTRL Chapter 3 Governing bodies

    Note for Chapter 3

    The Parts of this Chapter apply to authorised firms as follows:

    Part 3.1 applies to all authorised firms
    Part 3.2 applies only to authorised firms that are branches
    Part 3.3 applies only to authorised firms that are incorporated in the QFC
    Part 3.4 applies to all authorised firms, except for rule 3.4.1 (4)) which applies only to firms that are incorporated in the QFC.

     

    Amended by QFCRA RM/2014-6 (as from 1st January 2015)
    Amended by QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL Part 3.1 CTRL Part 3.1 Governing bodies — all authorised firms

      • CTRL Division 3.1.A CTRL Division 3.1.A Application of Part 3.1

        • CTRL 3.1.1 Application of Part 3.1

          This Part applies to all authorised firms.

           

          Amended by QFCRA RM/2014-6 (as from 1st January 2015)
          Amended by QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL Division 3.1.B CTRL Division 3.1.B Governing bodies — membership

        • CTRL 3.1.2 Members of governing body to be approved individuals

          A member of an authorised firm’s governing body must be an individual who is approved to exercise the appropriate controlled function, as follows:

          (a) for an executive member — the executive governance function;
          (b) for a non-executive member — the non-executive governance function.

           

          Derived from QFCRA RM/2012-4 (as from 1st July 2013)
          Amended by QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.3 What individuals are eligible as independent non-executive member?

          (1) An individual is eligible to be an independent non-executive member of the governing body of an authorised firm unless:
          (a) he or she is, or has been during the last 3 years:
          (i) an employee of the firm; or
          (ii) an employee, board member, owner, partner or controller of a consultant to the firm (including the firm’s external auditor);
          (b) he or she is a relative of a member of the firm’s senior management;
          (c) within the last 3 years, he or she or any of his or her relatives has had, directly or indirectly, 1 or more substantial commercial or financial transactions with the firm;
          (d) he or she is receiving, or has received during the last 3 years, remuneration from the firm (other than as a member of its governing body);
          (e) he or she:
          (i) owns 1% or more of the shares of the firm; or
          (ii) is a representative of a legal person that owns 5% or more of the shares of the firm or another company in its corporate group;
          (f) he or she has been a member of the firm’s governing body for longer than 9 consecutive years; or
          (g) he or she might reasonably be taken to have a conflict of interest because of a personal or business relationship with:
          (i) a member of the firm’s governing body, the individual who exercises the senior executive function for the firm, or a member of the firm’s senior management; or
          (ii) a major shareholder of the firm.

           

          Derived from QFCRA RM/2012-4 (as from 1st July 2013)
          Amended by QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL Division 3.1.C CTRL Division 3.1.C Governing bodies — role and obligations

        • CTRL 3.1.4 Governing body’s general role

          An authorised firm’s governing body has overall responsibility for the firm. That responsibility includes approving and overseeing the implementation of the firm’s strategic objectives, corporate governance framework and corporate culture.

           

          Derived from QFCRA RM/2012-4 (as from 1st July 2013)
          Amended by QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.5 Governing body’s obligations not to be repudiated

          A governing body cannot relieve itself of an obligation under this Division by repudiating the obligation or allocating it to another person or body.

           

          Derived from QFCRA RM/2012-4 (as from 1st July 2013)
          Amended by QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.6 Allocation of responsibilities

          (1) The governing body of an authorised firm retains primary responsibility for all of the firm’s operations at all times. The firm’s senior management is responsible for effectively implementing the governing body’s business strategy consistently with the governing body’s policies and risk appetite and under the governing body’s supervision.
          (2) The governing body must give the individual who exercises the senior executive function for the firm a written document that sets out his or her responsibilities. The individual must acknowledge, in writing, having received that document, and must confirm in the acknowledgement that he or she understands, and undertakes to carry out, those responsibilities.
          (3) Unless the governing body specifically allocates a responsibility, it retains it.
          (4) The individual who exercises the firm’s senior executive function must give each individual who exercises a controlled function for the firm a written document that sets out that individual’s responsibilities.
          (5) The individual who exercises the firm’s senior executive function must obtain the governing body’s approval (or the approval of the body’s audit committee, if any) of the content of the document given to the individual who exercises the internal audit function.
          (6) The individual who exercises the firm’s senior executive function must consult with the governing body (or the body’s risk committee, if any) in relation to the content of the document given to the individual who exercises the risk management function.
          (7) The individual who exercises the firm’s senior executive function must not attempt, in a document referred to in subrule (4), to restrict, limit or compromise any right, duty, responsibility or authority conferred by these rules or any other Rules on an individual who exercises any other controlled function.
          (8) Each such individual must acknowledge, in writing, having received that document, and must confirm in the acknowledgement that he or she understands, and undertakes to carry out, those responsibilities.
          (9) Unless the individual who exercises the senior executive function specifically allocates a responsibility, he or she retains it.
          (10) The allocation of a responsibility by the governing body does not remove or reduce the body’s duty to oversee the individual who exercises the firm’s senior executive function and the firm’s senior management. Also, the allocation of a responsibility by the individual who exercises the senior executive function does not remove or reduce the individual’s duty to exercise oversight in relation to the other controlled functions.
          (11) The scope of the responsibilities allocated to an individual who exercises a controlled function for the firm must not be less than the scope of the controlled function as set out in these rules and INDI.
          (12) The allocation of responsibilities referred to in this rule is separate from operational authorities and limits exercised by the individual who exercises the firm’s senior executive function and the firm’s senior management (such as limits on loan approvals, underwriting, claims handling, investments, or signing cheques).
          (13) The governing body:
          (a) must ensure that the firm’s business can be adequately managed by the body, the individual who exercises the firm’s senior executive function and the firm’s senior management; and
          (b) must consider whether the firm’s senior management (other than the individual who exercises the senior executive function, and the individual who exercises the risk management function for a QFC insurer) ought to be ordinarily resident in Qatar to exercise their functions properly.
          Note The individual who exercises the senior executive function for an authorised firm, and the individual who exercises the risk management function for a QFC insurer, are al required by these rules to be ordinarily resident in Qatar — see respectively rules 4.1.4 (2) and 6.2.3 (4) (b).

           

          Amended by QFCRA RM/2014-6 (as from 1st January 2015)
          Amended by QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.7 General obligations — decision-making

          An authorised firm’s governing body:

          (a) must ensure that it has access to sufficient information and independent advice about the firm’s affairs to make informed decisions and discharge its responsibilities effectively; and
          (b) must be mindful of the legitimate interests of shareholders, customers and other stakeholders when making decisions.

           

          Derived from QFCRA RM/2012-4 (as from 1st July 2013)
          Amended by QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.8 General obligations — engagement

          An authorised firm’s governing body:

          (a) must keep up with material changes in the firm’s business and external environment; and
          (b) must act in a timely manner to protect the firm’s long-term interests.

           

          Derived from QFCRA RM/2012-4 (as from 1st July 2013)
          Amended by QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.9 General obligations — accountability

          An authorised firm’s governing body is accountable for:

          (a) the development and oversight of the firm’s business strategy and objectives;
          (b) the firm’s risk management framework;
          (c) the firm’s internal controls and assurance framework; and
          (d) the firm’s financial soundness.

           

          Derived from QFCRA RM/2012-4 (as from 1st July 2013)
          Amended by QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.10 CTRL 3.1.10 General obligations — culture and values

          An authorised firm’s governing body must play the leading role in establishing the firm’s corporate culture and values.

           

          Derived from QFCRA RM/2012-4 (as from 1st July 2013)
          Amended by QFCRA RM/2020-4 (as from 1st July 2021)

          • CTRL 3.1.10 Guidance

            To comply with this obligation, the governing body may need to develop and oversee a code of conduct or code of ethics for all employees that defines acceptable and unacceptable behaviour, and reminds them not to engage in illegal activity.

             

            Derived from QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.11 General obligations — own structure

          An authorised firm’s governing body:

          (a) must have a well-designed governance structure;
          Guidance
          The governing body should maintain and periodically update rules, by-laws or other similar documents setting out its organisation, rights, responsibilities and key activities.
          (b) must allocate sufficient time and attention for its members to perform their duties effectively; and
          (c) must consider how it can best perform its role, and in particular whether to create 1 or more committees to make recommendations to the body on matters about which the body must make decisions.

           

          Derived from QFCRA RM/2012-4 (as from 1st July 2013)
          Amended by QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.12 General obligations — oversight

          An authorised firm’s governing body:

          (a) must provide effective oversight of the individual who exercises the firm’s senior executive function and the firm’s senior management;
          (b) must hold the individual who exercises the senior executive function and the firm’s senior management accountable for their actions;
          (c) must set out the possible consequences (including dismissal) if those actions are not aligned with the body’s performance expectations;
          (d) must deal prudently with any conflicts of interest that may arise by ensuring that no individual or group of individuals unduly influences the body’s decision-making;
          (e) must approve the organisational structure and corporate governance framework through which the firm is managed and controlled;
          (f) must ensure that the firm has succession plans for its key functions;
          (g) must establish direct and independent contact with the firm’s audit and risk functions (if any);
          (h) must ensure that the firm has effective policies, procedures and controls to deter, prevent, detect, report and remedy fraud, and must ensure that appropriate resources are allocated for that purpose; and
          (i) must maintain transparency and disclosure.

           

          Deleted by QFCRA RM/2014-6 (as from 1st January 2015)
          Amended by QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.13 General obligations — subsidiaries

          If an authorised firm that is incorporated in the QFC has 1 or more subsidiaries, wherever incorporated, the firm’s governing body must ensure that the firm seeks to promote good governance in those subsidiaries.

          Note For detailed obligations in relation to subsidiaries, see rule 3.3.18.

           

          Derived from QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.14 Specific obligations — approving and updating plans

          (1) An authorised firm’s governing body:
          (a) must approve strategic and business plans appropriate to the nature, scale and complexity of the firm’s business; and
          (b) must update the plans regularly to take account of changes in the business environment.
          (2) The strategic and business plans may be combined in 1 document.

           

          Derived from QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.15 Specific obligations — appointment etc of individuals for certain functions

          (1) A decision about the appointment, remuneration, disciplining or dismissal, or the assessment of the performance, of either of the following individuals:
          (a) an individual who is approved to exercise the senior executive function for an authorised firm;
          (b) an authorised firm’s internal auditor;
          may be made only by:
          (c) the firm’s governing body;
          (d) any relevant committee of the governing body; or
          (e) the chair of the governing body, after consulting the governing body.
          (2) A decision about the appointment, remuneration, disciplining or dismissal, or the assessment of the performance, of any of the following individuals:
          (a) an individual who is approved to exercise the risk management function for an authorised firm;
          (b) an individual who is approved to exercise the compliance oversight function for an authorised firm;
          (c) an authorised firm’s approved actuary;
          may be made only by:
          (d) the firm’s governing body or any relevant committee of the governing body; or
          (e) the firm’s senior management, after consulting the governing body or the relevant committee of the governing body.

           

          Derived from QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.16 CTRL 3.1.16 Specific obligations — remuneration policy

          (1) An authorised firm’s governing body must establish and maintain, for itself and the whole firm, a remuneration policy appropriate to the nature, scale and complexity of the firm’s business.
          Note Appropriate records must be kept of the firm’s remuneration policies and procedures — see GENE, rule 6.1.1.
          (2) The policy must set out the firm’s remuneration arrangements, including:
          (a) the objectives and structure of any performance-based component;
          (b) performance measures that are in line with the firm’s risk management strategy;
          (c) the forms and mix of remuneration; and
          Examples
          1 fixed and variable components
          2 cash and equity-related benefits
          3 termination payments.
          (d) eligibility for, and the timing of, payments.
          (3) The policy:
          (a) must be aligned to the firm’s culture, its risk appetite statement, its long-term strategic direction and viability, financial goals and overall safety and soundness; and
          Note For the requirement for a risk appetite statement, see rule 7.1.2 (5) (a).
          (b) must appropriately balance risk and reward.
          (4) The forms and mix of remuneration (in particular, performance-based remuneration) must be consistent with sound risk management.
          (5) The timing of payments must take into account the timeframes within which risks associated with individuals’ performance are likely to materialise.
          (6) The policy:
          (a) must permit any performance-based component of an individual’s remuneration (or such a component of the remuneration of a class of individuals) to be deferred or reduced (including reduced to zero) if necessary:
          (i) to protect the firm’s financial soundness; or
          (ii) to respond to significant unexpected or unintended consequences of the firm’s activities; and
          (b) if the policy provides for part of an individual’s remuneration to be based on performance, must provide for that part to be repayable to the firm by an individual who received it if the firm is later satisfied that:
          (i) the individual failed to meet the relevant performance measures; or
          (ii) by excessive risk-taking, he or she contributed significantly to a negative financial performance by the firm.
          (7) The policy must prohibit an individual who has received deferred remuneration in the form of equity, or in any other form that is linked to the firm’s equity, from hedging his or her economic exposures to the resultant equity price risk before the equity or other remuneration is fully vested.
          (8) A remuneration package offered by the firm (including any performance-based component):
          (a) must encourage behaviour that supports the firm’s long-term financial soundness and risk management strategy;
          (b) must align remuneration with prudent risk-taking; and
          (c) must incorporate adjustments to reflect:
          (i) the outcomes of the firm’s activities;
          (ii) the risks related to those activities, taking account of the cost of the associated capital; and
          (iii) the time necessary for the outcomes of those activities to be reliably measured.
          (9) The governing body must periodically review the remuneration policy.

           

          Derived from QFCRA RM/2020-4 (as from 1st July 2021)

          • CTRL 3.1.16 Guidance

            1 Guaranteed bonuses should generally not be offered because such bonuses are not consistent with sound risk management and performance-based rewards.
            2 Remuneration payments should be linked to performance over time and should be designed in a way that does not reward failure.
            3 Any deferral of payment to an individual must take into account the risks associated with his or her performance that may materialise during the period of deferment (for example, the risk of an increase in the cost of capital required to support the risks that he or she took; uncertainties in the timing and likelihood of future revenues and expenses).
            4 The application of any deferral of payment may vary depending on:
            • the level of seniority or responsibility of the individual to whom the payment is due
            • the nature of risks to which the firm is exposed
            • any other relevant matters.
            5 Nothing in rule 3.1.16 prevents a firm from adopting the remuneration policy of a member of the firm’s corporate group, provided that:
            • the policy is approved by the firm’s governing body
            • the policy complies with rule 3.1.16.

             

            Derived from QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.17 Specific obligations — business resilience and continuity plan

          (1) An authorised firm’s governing body must establish a business resilience and continuity plan to ensure, so far as practicable, that the firm can continue to fulfil its obligations under the law applicable in the QFC in the event of an interruption.
          (2) The body must keep the plan under review and must ensure that it is tested at intervals determined by the body.
          (3) The interval between tests must be appropriate to the nature, scale and complexity of the firm’s business but must not be longer than 18 months.
          (4) The Regulatory Authority may direct the firm to test the plan at any time in a way that the Authority considers appropriate.

           

          Derived from QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.18 CTRL 3.1.18 Specific obligations — avoiding or mitigating conflicts of interest

          (1) An authorised firm’s governing body must ensure that each part of the firm’s corporate governance framework, and of its risk management framework, is designed:
          (a) to avoid conflicts of interest (or to mitigate such conflicts if it is not possible to avoid them); and
          (b) to deal effectively with any conflict of interest that arises.
          (2) The frameworks must require that:
          (a) any conflict of interest that arises must be reported:
          (i) to the firm’s senior management, or, if the firm is a branch, to the body that is responsible for the branch; and
          (ii) if it is not addressed within a reasonable time by the senior management, to the firm’s governing body; and
          (b) every 6 months, the firm’s senior management must give the governing body a written summary of all conflicts of interest addressed by the senior management during the period.
          (3) In this rule and rule 3.1.19, a reference to a firm’s governing body is a reference to the board, membership, committee or body (whatever it is called) that is responsible for the firm’s corporate governance framework and risk management framework in relation to conflicts of interest and periodic review.

           

          Derived from QFCRA RM/2020-4 (as from 1st July 2021)

          • CTRL 3.1.18 Guidance

            A conflict of interest involving a member of the firm’s governing body is to be dealt with under the governing body’s own conflicts policy, governance manual or terms of reference.

             

            Derived from QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.19 Specific obligations — periodic review

          (1) An authorised firm’s governing body must ensure that the firm’s corporate governance framework and risk management framework are reviewed at least once every 3 years by:
          (a) the firm’s internal auditor; or
          (b) an independent and objective external reviewer.
          Note For the meaning of governing body in this rule, see rule 3.1.18 (3).
          (2) The person who carries out the review must report in writing to the body within 30 days after the review is completed.
          (3) The firm must give a copy of the report to the Regulatory Authority within 30 days after the firm’s governing body receives the report.
          (4) The Authority may direct an authorised firm to carry out more frequent reviews than are required by subrule (1).

           

          Derived from QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.20 Specific obligations — keeping minutes

          (1) The governing body of an authorised firm that is incorporated as a company in the QFC, and each committee of such a body, must maintain appropriate records of its deliberations and decisions, sufficient to show that the body or committee is effective and has carried out its responsibilities.
          (2) The governing body of a branch must maintain appropriate records of its deliberations and decisions, sufficient to show that the governing body is effective and has carried out its responsibilities.

           

          Derived from QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.1.21 Specific obligations — independence of certain employees

          (1) An authorised firm’s governing body must ensure that each employee to whom a responsibility is allocated within the firm’s internal controls framework is sufficiently free from influence for the framework to be effective in achieving its purposes.
          (2) The requirement in subrule (1) is satisfied if reasonable measures have been taken to ensure that:
          (a) no such employee is remunerated in a way that would tend to undermine his or her independence and objectivity in performing his or her duties;
          Note For the requirements relating to a firm’s remuneration policy, see rule 3.1.16.
          (b) no such employee is involved in performing a function that generates, or is intended to generate, revenue for the firm;
          (c) no such employee is limited or restricted as to the matters that he or she can investigate or report on in the exercise of his or her function;
          (d) the reports and conclusions of such an employee can be honest and candid, without fear of reprisal; and
          (e) pressure or influence is not applied to such an employee to modify his or her reports or conclusions.

           

          Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL Division 3.1.D CTRL Division 3.1.D Governing bodies — individual members’ obligations

        • CTRL 3.1.22 Obligations of individual members of governing body

          A member of the governing body of an authorised firm:

          (a) must act in good faith, honestly and reasonably;
          (b) must exercise due care and diligence;
          (c) must act in the best interests of the firm and its customers, putting those interests ahead of his or her own interests;
          (d) must exercise independent judgment and objectivity in decision-making, taking due account of the interests of the firm and its customers; and
          (e) must not use his or her position to gain undue personal advantage or cause detriment to the firm.

           

          Derived from QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL Part 3.2 CTRL Part 3.2 Governing bodies — branches

      • CTRL 3.2.1 Governing body composition and operations

        (1) The governing body of an authorised firm that is a branch must have at least 3 members.
        (2) The governing body must have a mix of relevant competencies, and as a whole must have the necessary skills to oversee the firm effectively.
        Guidance
        Relevant competencies include financial markets, financial analysis, financial stability issues, financial reporting, information technology, strategic planning, risk management, compensation, regulation, corporate governance and management skills.
        (3) The governing body of an authorised firm that is a branch must meet at least every 3 months and at least 4 times in a year.

         

        Derived from QFCRA RM/2012-4 (as from 1st July 2013)
        Amended by QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL Part 3.3 CTRL Part 3.3 Governing bodies — firms incorporated in QFC

      • CTRL 3.3.1 Application of Part 3.3

        This Part applies to an authorised firm that is incorporated in the QFC.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.2 Meaning of category A firm and category B firm

        In these rules:

        category A firm means an authorised firm that is incorporated under the Companies Regulations and is:

        (a) a banking business firm (within the meaning given by BANK, rule 1.3.1);
        (b) an Islamic banking business firm (within the meaning given by IBANK, rule 1.1.9);
        (c) a QFC insurer (other than a QFC captive insurer); or
        (d) a takaful entity (within the meaning given by PINS, rule 1.2.7).

        category B firm means an authorised firm that is incorporated in the QFC but is not a category A firm.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.3 References in Part 3.3 to board of directors etc

        (1) In these rules, the members of the governing body of an authorised firm, and the governing body itself, are generally referred to as such. In this Part, the governing body of an authorised firm is referred to as its board of directors or just board and the members of the board are referred to as directors.
        (2) In these rules, a reference to a director of an authorised firm includes any person in accordance with whose instructions the firm customarily acts.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.4 Meaning of non-executive director and Independent non-executive director

        In these rules:

        independent non-executive director of an authorised firm means a non-executive director who is eligible, under rule 3.1.3, as an independent non-executive member of the firm’s board.

        non-executive director of an authorised firm means a director who has no responsibility for implementing the decisions or the policies of the firm’s board.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.5 Firms listed on Qatar Exchange

        An authorised firm that is listed on the Qatar Exchange must comply with both this Part and the governance rules of that Exchange. In any case in which this Part and those rules impose different obligations, the firm must comply with whichever obligation is the more onerous.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.6 Number of directors

        (1) An authorised firm must ensure that its board of directors is of sufficient size and expertise to adequately oversee the operation of the firm.
        (2) The board of a category A firm must be made up of:
        (a) at least 5 directors; or
        (b) a greater number directed by the Regulatory Authority.
        (3) The board of a category B firm must be made up of:
        (a) at least 3 directors; or
        (b) a greater number directed by the Authority.
        (4) In a direction under paragraph (2) (b) or (3) (b), the Authority may specify how many executive directors or independent non-executive directors (or both) that the relevant firm’s board must have.
        (5) A majority of the members of the board of a category A firm must be non-executive directors, and a majority of the non-executive directors must be independent non-executive directors.
        (6) A majority of the members of the board of a category B firm must be non-executive members, and at least 1 of the non-executive members must be an independent non-executive member.
        (7) In the case of a category A firm that is a subsidiary, the majority of its board’s members may be directors or senior executives of the parent firm or another member of the corporate group. However, the authorised firm must still have at least 2 independent non-executive directors.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.7 CTRL 3.3.7 Board competencies

        The directors of an authorised firm must have a mix of relevant competencies, and as a whole must have the necessary skills to oversee the firm effectively.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

        • CTRL 3.3.7 Guidance

          Relevant competencies include financial markets, financial analysis, financial stability issues, financial reporting, information technology, strategic planning, risk management, compensation, regulation, corporate governance and management skills.

           

          Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.8 Category A firms—board committees to be established

        (1) The board of directors of a category A firm must establish the following committees:
        (a) nominations committee;
        (b) remuneration committee;
        (c) audit committee;
        (d) risk committee.
        (2) The chair of each committee must be an independent non-executive director.
        (3) With the written consent of the Regulatory Authority, a category A firm:
        (a) may combine the nomination committee and the remuneration committee; and
        (b) may combine the audit committee and the risk committee.
        (4) Each committee must have clear terms of reference setting out its role and objectives and the authority delegated to it by the board.
        (5) Each committee:
        (a) must report regularly to the board; and
        (b) must circulate its minutes to all of the members of the board.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.9 Category B firms—board committees

        (1) The board of a category B firm may establish some, or all, or none of the committees mentioned in rule 3.3.8 (1).
        (2) If the board of a category B firm does not establish any 1 or more of those committees, the full board must discharge the responsibilities of any committee that is not established.
        Note Those responsibilities are described in rules 3.3.10, 3.3.11 (1), 3.3.12 (1) and 3.3.13 (1).

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.10 Nominations committee

        The nominations committee is responsible for making recommendations to the board for the appointment of new board members, individuals to be appointed to exercise the senior executive function, and senior management.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.11 Remuneration committee

        (1) The remuneration committee is responsible for developing, adopting and overseeing a written remuneration policy for the firm, and in particular for the remuneration of the board and senior management.
        Note For the requirements about the remuneration policy, see rule 3.1.16.
        (2) All of the members of the remuneration committee must be non-executive directors.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.12 Audit committee

        (1) The audit committee is responsible for:
        (a) adopting and overseeing a written policy on internal audit and financial reporting;
        (b) reviewing the results of the audit process with management and external auditors;
        (c) overseeing the firm’s internal auditors and interacting with the external auditors;
        (d) making decisions (or recommendations to the board or shareholders) about the appointment, remuneration and dismissal of external auditors;
        (e) reviewing and approving the scope and frequency of audit;
        (f) receiving significant audit reports and ensuring that senior management promptly takes any corrective action that is necessary to address control weaknesses, non-compliance with policies, laws and regulations, and other problems;
        (g) overseeing the establishment of accounting policies and practices;
        (h) reviewing third-party opinions on the design and effectiveness of the overall internal controls and assurance framework; and
        (i) if the firm is an Islamic financial institution:
        (i) reviewing the effectiveness of its systems and controls for monitoring compliance with Shari’a (including reviewing the reports of internal Shari’a reviews and the Shari’a supervisory board to ensure that appropriate action has been taken); and
        (ii) ensuring that the firm’s reporting of financial information complies with internationally recognised accounting standards that comply with Shari’a.
        (2) A majority of the members of the audit committee must be non-executive directors.
        (3) The chair of the board must not be a member of the audit committee.
        (4) The audit committee must meet at least 4 times a year.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.13 Risk committee

        (1) The risk committee is responsible for:
        (a) advising the board on the firm’s overall risk appetite, overseeing senior management’s implementation of the firm’s risk management strategy, reporting on the firm’s risk culture, and interacting with and overseeing the firm’s risk management function;
        Note For the requirements relating to the risk management strategy, see rule 7.1.4.
        (b) overseeing the firm’s strategies for:
        (i) the management of the firm’s capital and liquidity; and
        (ii) dealing with all the relevant risks;
        to ensure that the strategies are consistent with the firm’s risk appetite; and
        (c) receiving regular reports about:
        (i) the firm’s risk profile;
        (ii) measurement against the approved risk appetite and risk limits; and
        (iii) any limit breaches and actions taken as a result of such breaches.
        (2) A majority of the members of the risk committee must be non-executive directors.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.14 Frequency of board meetings

        (1) The board of directors of a category A or category B firm must meet:
        (a) at least every 3 months and at least 4 times in a year; or
        (b) more frequently, if the Regulatory Authority so directs.
        (2) In a direction under paragraph (1) (b), the Authority may specify how often the board must meet, or how long may pass between meetings, or both, taking into account the nature, scale and complexity of the firm’s operations.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.15 Chair of the board

        (1) The chair of the board of a category A or category B firm must be a non-executive director.
        Guidance
        The Regulatory Authority expects that the chair of a category A firm that is not a subsidiary will be an independent non-executive director.
        (2) If the chair of a category A firm that is not a subsidiary is not an independent non-executive director, the firm must be able to demonstrate how its governance arrangements will satisfy the need for independent oversight of the firm’s senior management.
        Guidance
        The independent oversight referred to in subrule (2) could be provided by, for example, nominating a senior independent non-executive director with explicit responsibilities in this regard.
        (3) The chair of the board of a category A or category B firm must not have been an employee of the firm during the previous 5 years.
        (4) The chair is responsible for the following:
        (a) setting the board’s agenda and ensuring that every agenda item (particularly any item dealing with strategic and risk issues) receives sufficient attention;
        (b) ensuring that every board member receives thorough, relevant and accurate background information in time for each meeting;
        (c) encouraging transparent and candid debate by promoting contributions by all the members, particularly the non-executive directors and independent non-executive directors.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.16 Training and competency of board members

        (1) A member of the board of a category A or category B firm must regularly update and refresh his or her skills and knowledge.
        (2) The board of a category A or category B firm must ensure that:
        (a) a suitable induction program is offered to a newly-appointed board member to help him or her to understand the duties and role of a member; and
        (b) regular updates and training are offered to each board member to maintain the member’s competency for that role.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.17 Periodic assessments of performance

        (1) The board of a category A or category B firm must regularly assess (with the assistance of external experts, if necessary) the performance of the board as a whole, of its committees and of each board member. The assessments:
        (a) must review the board’s structure, size and composition and the structures and coordination of the committees;
        (b) must consider:
        (i) rotating the members and chairs of committees periodically; and
        (ii) limits to tenure on the board or on a committee;
        (c) must assess each committee’s performance against its terms of reference; and
        (d) must assess each board member’s suitability, taking into account the member’s performance on the board.
        (2) A category A firm must carry out the assessments required by subrule (1) annually. A category B firm must carry out those assessments at least once every 3 years.
        (3) The board must review the effectiveness of its own governance practices and procedures, must determine where improvements may be needed, and must make any necessary changes. The board may do so either separately or as part of an assessment required by subrule (1).
        (4) The board must use the results of the assessments required by subrules (1) to (3) as part of its efforts toward continuing to improve the board.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

      • CTRL 3.3.18 What if authorised firm is parent company of corporate group?

        (1) If a category A or category B firm is the parent company of a corporate group, the firm’s board must ensure that it is aware of the material risks and issues that affect both the firm and its subsidiaries. The board must exercise adequate oversight over the subsidiaries while respecting the subsidiaries’ legal and governance responsibilities.
        (2) In particular, the board must ensure that it understands the purpose, structure, governance and unique risks of the firm’s subsidiaries.
        (3) The board:
        (a) must establish a group structure (including the legal entity and business structure) and a corporate governance framework with clearly defined roles and responsibilities, at the parent company level and at the subsidiary level, as appropriate, based on the complexity and significance of each subsidiary;
        (b) must define an appropriate subsidiary board and management structure that takes into account the material risks to which the group, its businesses and its subsidiaries are exposed;
        (c) must assess whether the group’s corporate governance framework:
        (i) includes adequate policies, processes and controls; and
        (ii) addresses risk management across the businesses and legal entity structures;
        (d) must ensure that the group’s corporate governance framework includes appropriate processes and controls to identify and address potential intragroup conflicts of interest (such as those arising from intragroup transactions);
        (e) must approve policies and clear strategies for establishing new structures and legal entities, and must ensure that the policies and strategies are consistent with the policies and interests of the group;
        (f) must assess whether there are effective systems to exchange information among the various entities, to manage the risks of the subsidiaries and of the group as a whole, and to ensure that the group is effectively supervised;
        (g) must allocate sufficient resources to monitor the compliance of the subsidiaries with all applicable legal, regulatory and governance requirements;
        (h) must maintain an effective relationship with the Regulatory Authority and, through the subsidiaries’ boards or direct contact, with the regulators of all the subsidiaries; and
        (i) must establish an effective internal audit function that ensures that audits are performed within or for all the subsidiaries and parts of the group and the group as a whole.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL Part 3.4 CTRL Part 3.4 Statements of compliance with Chapter 3

      • CTRL 3.4.1 Annual compliance statement

        (1) An authorised firm must give a written statement to the Regulatory Authority every year as to the extent to which it has complied with the applicable requirements of this Chapter during the previous year.
        (2) If the firm has not fully complied with an applicable requirement of this Chapter, the statement must set out:
        (a) the requirement with which the firm has not complied;
        (b) the reasons for the non-compliance; and
        (c) a statement of what the firm is doing or intends to do to bring itself into compliance with the requirement.
        (3) The statement must be signed by:
        (a) either:
        (i) if the firm is incorporated in the QFC — the chair of the firm’s board of directors; or
        (ii) for any other authorised firm — the chair of the firm’s governing body; and
        (b) the individual who is approved to exercise the senior executive function for the firm.
        (4) If the firm is incorporated in the QFC, the firm:
        (a) must provide the statement to its shareholders no later than the date on which it must provide them with its annual report; and
        (b) must make the statement available on its website.

         

        Derived from QFCRA RM/2020-4 (as from 1st July 2021)