Article 3: Institutional Oversight
3.1 Institutional Oversight and Governance
3.1.1 Monitoring by Central Bank
General
- 3.1.1.1Regulatory oversight of Licensed Financial Institutions by the Central Bank is an essential pillar of strengthening Consumer confidence and trust in the financial services. The Central Bank expects Licensed Financial Institutions to be effectively managed by establishing appropriate organizational oversight and structure, a supportive and constructive corporate culture, engaging well-qualified Staff, defining clear policies and procedures and creating proper monitoring and control frameworks supported by proper overall governance oversight.
3.1.2 General Provisions
Effective Institutional Oversight
- 3.1.2.1Effective Oversight includes requiring Licensed Financial Institutions to:
- a.Integrate into the management of the Licensed Financial Institution, the general principles which the Consumer Protection Regulation and the accompanying Standards are based upon;
- b.Maintain effective Board governance and oversight of the management of conduct and compliance risks. With respect to the term Board and any assigned roles or responsibilities required by these Standards, these shall, for the purpose of licensed foreign bank branches, be the same requirements of the foreign bank branch representative or committee that have been designated by Licensed Financial Institution in accordance with the Central Bank Regulation on Corporate Governance;
- c.Establish a governance structure that provides assurance and evidence that there is effective oversight of conduct risks. The governance structure must cover the breadth of the Licensed Financial Institution’s financial products, services and related Retail Operations including the use of Third Parties;
- d.Develop and implement an effective control framework to manage conduct risks and ensure compliance with the Consumer Protection Regulation and the accompanying Standards. The control framework must be approved by the Board of the Licensed Financial Institution; e. Develop, document and integrate conduct risk tolerance into the Licensed Financial Institution’s decision-making process and overall strategy;
- f.Ensure the Licensed Financial Institution’s key control and assurance functions, Compliance, Risk and Audit, are each mandated appropriately for the identification, prevention, monitoring, detection, verification and mitigation/resolution of conduct and related risks;
- g.Ensure all appropriate Staff are qualified at all times to perform their responsibilities and are competent in their understanding and application of the Consumer Protection Regulation and the accompanying Standards;
- h.Establish management and Staff remuneration structures that promote responsible business and Market Conduct with the aim of preventing mis-selling practices, unreasonable risk taking, or other irresponsible actions and or behaviors;
- i.Apply strict product and/or service approval processes that must be carried out before a new or updated Financial Product and/or Service is released to the Market;
- j.Establish effective and efficient Complaint management processes and systems to ensure resolution, analysis and reporting of Complaints;
- k.Implement appropriate control framework, security and monitoring measures to protect Consumers’ Data and information against misuse, unauthorized access and undue processing and analysis;
- l.Establish a comprehensive Data collection process for Consumer Complaints and inquiries to enable effective trend analysis and the identification of issues regarding Financial Products and/or Services, non-compliance matters, Staff misconduct and the fair treatment of Consumers. The Central Bank may prescribe templates to Licensed Financial Institutions to standardize Data collection, classification and reporting;
- m.Instill a culture in the Licensed Financial Institution that promotes fair dealing, transparency and behavior that protects the interests of Consumers first;
- n.Ensure the Licensed Financial Institution’s governance framework encompassing the above components is commensurate with the size, complexity and risk profile of the Licensed Financial Institution; and
- o.Ensure that Islamic Financial Institutions comply with Islamic Shari’ah.
- 3.1.2.2Licensed Financial Institutions must apply the principles and the requirements of the Consumer Protection Regulation and accompanying Standards to any new product or service, activity, action, change, event or any other situations.
- 3.1.2.3Licensed Financial Institutions must file by January 31st each year an annual letter of attestation confirming compliance with Article 98 of the Decretal Law and specifically addressing matters related to Chapter 6 of the Decretal Law and the supporting Regulation and Standards. The letter must be filed by the Licensed Financial Institution’s most senior compliance officer and approved by the Board. The Central Bank may prescribe the form and details as to the content of the letter.
- 3.1.2.1Effective Oversight includes requiring Licensed Financial Institutions to:
3.2 Governance of Retail Operations
3.2.1 Governance Framework - Roles and Responsibilities
The Board and Senior Management
- 3.2.1.1Licensed Financial Institutions must have a Board approved governance framework in place that provides the Board with assurance and evidence that they have effective oversight and control frameworks over Retail Operations. The governance framework must detail the roles and responsibilities for all business, control and assurance functions as well as for the senior management.
- 3.2.1.2The Board and Senior Management are responsible for overseeing conduct of the Licensed Financial Institution within the financial marketplace in which it operates. The Board must approve the Market Conduct compliance policy that states how the Licensed Financial Institution will comply with the regulatory principles. An annual report on Consumer Protection & Conduct Risk Management must be submitted to the Board or a Committee of the Board of the Licensed Financial Institution and the Board’s response must be documented.
- 3.2.1.3The governance framework must specifically establish and maintain oversight over the design, production, Advertising, marketing, distribution and sales of Financial Products and/or Services with the objectives:
- a.To minimize potential harm to Consumers;
- b.Avoid potential Conflicts of Interest with Consumers; and
- c.Ensure that the best interests and well-being of the Consumers are appropriately addressed.
- 3.2.1.4The Board and Senior Management must adopt and promote a culture that will protect the interests of their Consumers by promoting principles of Consumer service, fairness, transparency and disclosure.
- 3.2.1.5The Board and Senior Management are accountable for setting the culture and direction of the Licensed Financial Institution to align business practices with the consumer protection regulatory requirements. This requires concerted and wide-ranging measures, in particular:
- a.Ensuring legal and regulatory requirements are being complied with;
- b.Establishing complete and up-to-date control frameworks;
- c.Executing effective monitoring, analysis and regular management reporting;
- d.Ensuring competent frontline Staff, independent control and assurance functions and annually evaluating their effectiveness;
- e.Establishing a Staff performance evaluation and remuneration system to promote and incentivize treating Consumers fairly;
- f.Ensuring that Staff have the required qualifications and training to perform their responsibilities in a fully competent manner;
- g.Establishing effective Complaint management, resolution, analysis and reporting;
- h.Implementing comprehensive Financial Products and/or Services approval processes;
- i.Ensuring accessibility to branches and ATMs by People of Determination;
- j.Carrying out effective Consumer education and awareness programs; and
- k.Addressing issues related to Conflicts of Interest.
- 3.2.1.6As part of the Consumer Protection & Conduct Risk Management annual report required by Clause 3.2.1.2 the Senior Management must assess and report therein of their activities to support positive conduct and risk culture with evidence of support of the Consumer Protection Regulatory Principles. The review should also assess how Board and corporate messages about conduct and risk are permeated within the organization.
- 3.2.1.7The Board and Senior Management must ensure independent control and assurance functions of Risk, Compliance and Audit are appropriately resourced to effectively execute at all times the Central Bank’s consumer protection regulatory framework and its supervisory requirements.
Control and Assurance Functions (Risk, Compliance and Audit)
- 3.2.1.8Licensed Financial Institutions must have robust and effective controls to prevent inappropriate conduct and risks towards Consumers.
- 3.2.1.9The Licensed Financial Institution’s control functions are required to be competent in the interpretation and application of the Consumer Protection Regulation and the accompanying Standards. The Board must clearly define the role and responsibilities of the control functions. They must jointly:
- a.Be held accountable for supporting the Retail Operations by providing active oversight and challenge, not just performing an advisory role;
- b.Be held accountable for their carrying out their assigned roles in the identification, prevention, monitoring, detection, robust controls and resolution of risks that Retail Operations create; and
- c.Promote a corporate culture of protecting the best interests of Consumers first.
- 3.2.1.10Licensed Financial Institutions must monitor compliance with the Consumer Protection Regulation and the accompanying Standards. The Licensed Financial Institution’s Compliance function must:
- a.Inform and educate operational units of their responsibilities under the Consumer Protection Regulation and the accompanying Standards;
- b.Ensure the Licensed Financial Institution’s code of conduct is complied with within the organization;
- c.Conduct regular monitoring including mystery shopping, thematic reviews and Complaint Data analysis to monitor adherence to the Consumer Protection Regulation, the accompanying Standards and the Licensed Financial Institution’s code of conduct;
- d.Ensure that individual Staff performance includes measurements of non-financial (qualitative) parameters that promote ethical conduct of Staff during their interactions with Consumers;
- e.As a part of the Consumer Protection & Conduct Risk Management annual report required by Clause 3.2.1.2, evaluate and report on the state of the organization’s compliance culture and provide recommendations for improvements.; and
- f.Escalate material non-compliance matters with the code of conduct and the Consumer Protection Regulation and the accompanying Standards to Senior Management and the Board, together with rectification plans. Such matters must also be reported to the Central Bank in accordance with Article (98), Clause 1.b in Decretal Federal Law No. (14) of 2018, Regarding the Central Bank & Organization of Financial Institutions and Activities.
- 3.2.1.11Licensed Financial Institutions must conduct regular conduct audits of this area. The Internal Audit function must:
- a.Independently assess the effectiveness and efficiency of the Licensed Financial Institution’s codes of conduct, the Consumer protection governance, systems, procedures and policies;
- b.Independently assess the effectiveness of Retail Business line functions, Control functions and Senior Management in fulfilling their responsibility to effectively monitor and oversee conduct and regulatory requirements; and
- c.Identify weaknesses in the effective implementation of control framework and regulatory requirements.
Risk Mitigation
- 3.2.1.12Licensed Financial Institutions must:
- a.Establish an approved conduct risk framework which enables them to identify, assess, monitor, mitigate and control conduct risk;
- b.Define and document the risk appetite and risk limits that articulate the level and types of conduct risk the Licensed Financial Institution is willing to assume;
- c.Develop mitigation strategies for the conduct risks that are identified; and
- d.As part of the Consumer Protection & Conduct Risk Management annual report required by Clause 3.2.1.2, review and report on the type and level of conduct risks to the Board to ensure they are aligned with the Licensed Financial Institution’s risk tolerance and regulatory requirements.
Oversight of Financial Products and/or Services
- 3.2.1.13Licensed Financial Institutions must have a comprehensive and effective product approval framework documented in policies and procedures that are approved by the Board of Directors.
- 3.2.1.14The product approval framework must cover all new Financial Products and/or Services as well as subsequent amendments to existing products and/or services.
- 3.2.1.15Policies must ensure inherent risks are properly assessed.
- 3.2.1.16Policies must define all the pertinent procedures with checks and balances that must be complied with before a Licensed Financial Institution launches a Financial Product and/or Service into the financial marketplace. This includes defining the roles and responsibilities of each function involved in the creation, updating and launching a Financial Product and/or Service including the Control functions, the Retail Management, Legal services, marketing, Sales, Information – Technology services, etc.
- 3.2.1.17The product approval process must include a documented sign-off by all relevant authorized Staff, Senior Management and Control functions.
3.3 Regulatory Reporting
3.3.1 Fees
- 3.3.1.1Licensed Financial Institutions must submit their up to date schedule of fees and amounts annually to the Central Bank by January 31 of each year in a manner as may be prescribed by the Central Bank from time-to-time.
3.3.2 Financial Products and/or Services
- 3.3.2.1Licensed Financial Institutions must report to the Central Bank annually by January 31st with the list of Financial Products and/or Services offered to Consumers in the UAE in a manner as may be prescribed by the Central Bank.
- 3.3.2.2The Central Bank may require detailed information and Data on all Financial Products and/or Services offered by Licensed Financial Institutions. All Licensed Financial Institutions are required to comply with such requests within the stipulated timeframe.
- 3.3.2.3Licensed Financial Institutions must submit an application to request a “No Objection Letter” from the Central Bank for any new or revised Financial Product and/or Service that the Central Bank may prescribe as requiring an application for a “No Objection Letter”. Where there is a requirement for a “No Objection Letter”, the CBUAE will establish appropriate turnaround times / response times.
- 3.3.2.4The Central Bank will publish periodically its procedural time frames for the matters required to be submitted and considered by the Central Bank.
- 3.3.2.5The application for a “No Objection Letter” by the Licensed Financial Institution must include information as may be prescribed by the Central Bank.
- 3.3.2.6The Central Bank or The Higher Shari’ah Authority may issue additional guidance or standards for certain types of Financial Products and/or Services offered by Islamic Financial Institutions.
3.3.3 Undue Delays in Filing
- 3.3.3.1Where Licensed Financial Institutions do not comply with the service standards established by the Consumer Protection Regulation and the accompanying Standards, or with any other time requirements for filing or reporting set by the Central Bank, Licensed Financial Institutions may be subject to enforcement measures.