The Board and Senior Management

1. 3.2.1.1Licensed Financial Institutions must have a Board approved governance framework in place that provides the Board with assurance and evidence that they have effective oversight and control frameworks over Retail Operations. The governance framework must detail the roles and responsibilities for all business, control and assurance functions as well as for the senior management.
2. 3.2.1.2The Board and Senior Management are responsible for overseeing conduct of the Licensed Financial Institution within the financial marketplace in which it operates. The Board must approve the Market Conduct compliance policy that states how the Licensed Financial Institution will comply with the regulatory principles. An annual report on Consumer Protection & Conduct Risk Management must be submitted to the Board or a Committee of the Board of the Licensed Financial Institution and the Board’s response must be documented.
3. 3.2.1.3The governance framework must specifically establish and maintain oversight over the design, production, Advertising, marketing, distribution and sales of Financial Products and/or Services with the objectives:
   1. a.To minimize potential harm to Consumers;
   2. b.Avoid potential Conflicts of Interest with Consumers; and
   3. c.Ensure that the best interests and well-being of the Consumers are appropriately addressed.
4. 3.2.1.4The Board and Senior Management must adopt and promote a culture that will protect the interests of their Consumers by promoting principles of Consumer service, fairness, transparency and disclosure.
5. 3.2.1.5The Board and Senior Management are accountable for setting the culture and direction of the Licensed Financial Institution to align business practices with the consumer protection regulatory requirements. This requires concerted and wide-ranging measures, in particular:
   1. a.Ensuring legal and regulatory requirements are being complied with;
   2. b.Establishing complete and up-to-date control frameworks;
   3. c.Executing effective monitoring, analysis and regular management reporting;
   4. d.Ensuring competent frontline Staff, independent control and assurance functions and annually evaluating their effectiveness;
   5. e.Establishing a Staff performance evaluation and remuneration system to promote and incentivize treating Consumers fairly;
   6. f.Ensuring that Staff have the required qualifications and training to perform their responsibilities in a fully competent manner;
   7. g.Establishing effective Complaint management, resolution, analysis and reporting;
   8. h.Implementing comprehensive Financial Products and/or Services approval processes;
   9. i.Ensuring accessibility to branches and ATMs by People of Determination;
   10. j.Carrying out effective Consumer education and awareness programs; and
   11. k.Addressing issues related to Conflicts of Interest.

1. 3.2.1.6As part of the Consumer Protection & Conduct Risk Management annual report required by Clause 3.2.1.2 the Senior Management must assess and report therein of their activities to support positive conduct and risk culture with evidence of support of the Consumer Protection Regulatory Principles. The review should also assess how Board and corporate messages about conduct and risk are permeated within the organization.
2. 3.2.1.7The Board and Senior Management must ensure independent control and assurance functions of Risk, Compliance and Audit are appropriately resourced to effectively execute at all times the Central Bank’s consumer protection regulatory framework and its supervisory requirements.

Control and Assurance Functions (Risk, Compliance and Audit)

1. 3.2.1.8Licensed Financial Institutions must have robust and effective controls to prevent inappropriate conduct and risks towards Consumers.
2. 3.2.1.9The Licensed Financial Institution’s control functions are required to be competent in the interpretation and application of the Consumer Protection Regulation and the accompanying Standards. The Board must clearly define the role and responsibilities of the control functions. They must jointly:
   1. a.Be held accountable for supporting the Retail Operations by providing active oversight and challenge, not just performing an advisory role;
   2. b.Be held accountable for their carrying out their assigned roles in the identification, prevention, monitoring, detection, robust controls and resolution of risks that Retail Operations create; and
   3. c.Promote a corporate culture of protecting the best interests of Consumers first.
3. 3.2.1.10Licensed Financial Institutions must monitor compliance with the Consumer Protection Regulation and the accompanying Standards. The Licensed Financial Institution’s Compliance function must:
   1. a.Inform and educate operational units of their responsibilities under the Consumer Protection Regulation and the accompanying Standards;
   2. b.Ensure the Licensed Financial Institution’s code of conduct is complied with within the organization;
   3. c.Conduct regular monitoring including mystery shopping, thematic reviews and Complaint Data analysis to monitor adherence to the Consumer Protection Regulation, the accompanying Standards and the Licensed Financial Institution’s code of conduct;
   4. d.Ensure that individual Staff performance includes measurements of non-financial (qualitative) parameters that promote ethical conduct of Staff during their interactions with Consumers;
   5. e.As a part of the Consumer Protection & Conduct Risk Management annual report required by Clause 3.2.1.2, evaluate and report on the state of the organization’s compliance culture and provide recommendations for improvements.; and
   6. f.Escalate material non-compliance matters with the code of conduct and the Consumer Protection Regulation and the accompanying Standards to Senior Management and the Board, together with rectification plans. Such matters must also be reported to the Central Bank in accordance with Article (98), Clause 1.b in Decretal Federal Law No. (14) of 2018, Regarding the Central Bank & Organization of Financial Institutions and Activities.
4. 3.2.1.11Licensed Financial Institutions must conduct regular conduct audits of this area. The Internal Audit function must:
   1. a.Independently assess the effectiveness and efficiency of the Licensed Financial Institution’s codes of conduct, the Consumer protection governance, systems, procedures and policies;
   2. b.Independently assess the effectiveness of Retail Business line functions, Control functions and Senior Management in fulfilling their responsibility to effectively monitor and oversee conduct and regulatory requirements; and
   3. c.Identify weaknesses in the effective implementation of control framework and regulatory requirements.

Risk Mitigation

1. 3.2.1.12Licensed Financial Institutions must:
   1. a.Establish an approved conduct risk framework which enables them to identify, assess, monitor, mitigate and control conduct risk;
   2. b.Define and document the risk appetite and risk limits that articulate the level and types of conduct risk the Licensed Financial Institution is willing to assume;
   3. c.Develop mitigation strategies for the conduct risks that are identified; and
   4. d.As part of the Consumer Protection & Conduct Risk Management annual report required by Clause 3.2.1.2, review and report on the type and level of conduct risks to the Board to ensure they are aligned with the Licensed Financial Institution’s risk tolerance and regulatory requirements.

Oversight of Financial Products and/or Services

1. 3.2.1.13Licensed Financial Institutions must have a comprehensive and effective product approval framework documented in policies and procedures that are approved by the Board of Directors.
2. 3.2.1.14The product approval framework must cover all new Financial Products and/or Services as well as subsequent amendments to existing products and/or services.
3. 3.2.1.15Policies must ensure inherent risks are properly assessed.
4. 3.2.1.16Policies must define all the pertinent procedures with checks and balances that must be complied with before a Licensed Financial Institution launches a Financial Product and/or Service into the financial marketplace. This includes defining the roles and responsibilities of each function involved in the creation, updating and launching a Financial Product and/or Service including the Control functions, the Retail Management, Legal services, marketing, Sales, Information – Technology services, etc.
5. 3.2.1.17The product approval process must include a documented sign-off by all relevant authorized Staff, Senior Management and Control functions.