Home   Browse contents   View updates   Search  
     Quick search
Go
   

Dubai Financial Services Authority (DFSA): Contents

Dubai Financial Services Authority (DFSA)
Laws
Rulebook Modules
Prudential — Investment, Insurance Intermediation and Banking Module (PIB) [VER33/02-19]
Sourcebook Modules
Consultation Papers
Policy Statements
DFSA Codes of Practice
Amendments to Legislation
Media Releases
Notices
Financial Markets Tribunal
Archive

BackText onlyPrint

You need the Flash plugin.

Download Macromedia Flash Player



  • PIB 6 Operational Risk

    • Introduction

      • PIB 6 Guidance

        1. This chapter includes the detailed RulesG and associated guidance in respect of a firm's obligation to manage effectively its exposures to Operational RiskG . Operational RiskG refers to the risk of incurring losses due to the failure of systems, processes, and personnel to perform expected tasks. Operational RiskG losses also include losses arising out of legal risk. This chapter aims to ensure that an Authorised FirmG has a robust Operational RiskG management framework commensurate with the nature, scale and complexity of its operations and that it holds sufficient regulatory capital against Operational RiskG exposures.
        2. This chapter requires an Authorised FirmG to:
        a. design and implement an effective Operational RiskG management system complete with appropriate systems and controls;
        b. calculate the Operational RiskG Capital RequirementG and hold the same; and
        c. hold adequate professional indemnity insurance cover.
        3. This chapter includes, among others, specific Operational RiskG management requirements relating to IT systems, information security, outsourcing, business continuity and disaster recovery and the management of Operational RisksG in trading rooms.
        4. PIB Appendix 6 provides the detailed requirements, parameters, calculation methodologies and formulae for calculating the Operational RiskG Capital RequirementG specified in PIB chapter 6.
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB 6.1 Application

      • PIB 6.1.1

        This chapter applies to an Authorised FirmG as follows:

        (a) Sections PIB 6.1 to PIB 6.9 apply to an Authorised FirmG in any CategoryG ;
        (b) Sections PIB 6.10 and PIB 6.11 apply only to an Authorised FirmG in CategoryG 1, 2, 3A or 5;
        (c) PIB section 6.12 applies only to an Authorised FirmG in CategoryG 3B, 3C or 4 which undertakes one or more of the following Financial ServicesG :
        (i) Arranging Deals in InvestmentsG ;
        (ii) Managing AssetsG ;
        (iii) Advising on Financial ProductsG ;
        (iv) Managing a Collective Investment FundG ;
        (v) Providing CustodyG ;
        (vi) Insurance IntermediationG ;
        (vii) Insurance ManagementG ;
        (viii) Managing a Profit Sharing Investment AccountG (unrestricted);
        (ix) Providing Trust ServicesG ;
        (x) Providing Fund AdministrationG ;
        (xi) Acting as the Trustee of a FundG ;
        (xii) Arranging Credit and Advising on CreditG ; or
        (xiii) Operating a Crowdfunding PlatformG
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]
        [Amended] DFSA RM188/2016 (Made 7th December 2016). [VER26/02-17]
        [Amended] DSFA RM203/2017 (Made 14th June 2017). [VER28/08-17]

        • PIB 6.1.1 Guidance

          GEN section 5.3 of the GENG Module contains RulesG and Guidance in relation to Systems and Controls, some of which may relate to the management of Operational RiskG . The Corporate GovernanceG rules in the GENG module set out overarching requirements in relation to BoardG responsibilities, including risk management. The RulesG and GuidanceG in this section seek to complement the aforementioned requirements, while providing for a framework to address matters which directly relate to Operational RiskG management.

          Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB 6.2 Risk Management Framework and Governance

      • PIB 6.2.1

        (1) An Authorised FirmG must implement and maintain an Operational RiskG policy which enables it to identify, assess, control and monitor Operational RiskG .
        (2) The policy must be documented and provide for a sound and well-defined risk management framework to address the Authorised Firm'sG Operational RiskG .
        (3) An Authorised FirmG must:
        (a) ensure that its risk management systems enable it to implement the Operational RiskG policy;
        (b) identify, assess, mitigate, control and monitor the risk; and
        (c) review and update the policy at intervals that are appropriate to the nature, scale and complexity of its activities.
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

      • PIB 6.2.2

        An Authorised FirmG must ensure that its Governing BodyG approves the Operational RiskG policy in PIB Rule 6.2.1.

        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

        • PIB 6.2.2 Guidance

          1. Some of the key aspects that an Authorised FirmG should consider in its Operational RiskG policy include:
          a. the governance structures used to manage Operational RiskG , including reporting lines and accountabilities;
          b. risk assessment tools and how they are used;
          c. the Authorised Firm'sG accepted Operational RiskG appetite, permissible thresholds or tolerances for inherent and residual risk, and approved risk mitigation strategies and instruments;
          d. the Authorised Firm'sG approach to establishing and monitoring thresholds or tolerances for inherent and residual risk ExposureG ;
          e. risk reporting and MIS; and
          f. appropriate independent review and assessment of the Authorised Firm'sG Operational RiskG framework.
          2. An Authorised Firm'sG Operational RiskG policy should, amongst other things, include consideration of PrinciplesG for the Sound Management of Operational RiskG , issued by the Basel Committee on BankingG Supervision (BCBS) and the Guidelines on the management of Operational RiskG in market-related activities issued by the European BankingG Authority which are useful in relation to activities other than banking.

          Governing BodyG Responsibilities

          1. The GENG Module contains RulesG and GuidanceG regarding corporate governance requirements for Authorised FirmsG , including the responsibilities of an Authorised FirmG regarding risk management.
          2. In developing, implementing and maintaining an effective Operational RiskG framework, an Authorised Firm'sG Governing BodyG should:
          a. approve and review a risk appetite and tolerance for Operational RiskG that articulates the nature, types and levels of Operational RiskG that the Authorised FirmG is willing to assume;
          b. consider all relevant risks, the Authorised Firm'sG level of risk appetite, its current financial condition and its strategic direction. The Governing BodyG should monitor management adherence to the risk appetite and tolerance and provide for timely detection and remediation of breaches;
          c. encourage a management culture, and develop supporting processes, which help to engender within the Authorised FirmG an understanding by relevant EmployeesG of the nature and scope of the Operational RiskG inherent in the Authorised Firm'sG strategies and activities;
          d. provide senior management with clear guidance and direction regarding the principles underlying the Authorised Firm'sG Operational RiskG management framework and approve the corresponding policies developed by senior management;
          e. regularly review the Authorised Firm'sG Operational RiskG policy to ensure that the Authorised FirmG has identified and is managing the Operational RiskG arising from external market changes and other environmental factors, as well as those Operational RisksG associated with new strategies, products, activities, or systems, including changes in risk profiles and priorities (e.g. changing business volumes). Such review should also take into account the Operational RiskG loss experience, the frequency, volume or nature of limit breaches, the quality of the control environment and the effectiveness of risk management or mitigation strategies;
          f. ensure that the Authorised Firm'sG Operational RiskG policy and framework is subject to effective independent review by audit or other appropriately-trained PersonsG ;
          g. ensure that management is incorporating industry best practice in managing Operational RiskG ; and
          h. establish clear lines of management responsibility and accountability for implementing a strong control environment. The control environment should provide appropriate independence/separation of duties between Operational RiskG control functions, business lines and support functions.

          Senior Management Responsibilities

          1. GEN 5.2 contains RulesG and GuidanceG regarding senior management arrangements for Authorised FirmsG .
          2. In relation to establishing and maintaining a robust Operational RiskG framework, an Authorised Firm'sG senior management should:
          a. translate the Operational RiskG management framework established by the Governing BodyG into specific policies and procedures that can be implemented and verified within the different business units;
          b. clearly assign authority, responsibility and reporting relationships to encourage and maintain accountability, and to ensure that the necessary resources are available to manage Operational RiskG in line within the Authorised Firm'sG risk appetite and tolerance; and
          c. ensure that the management oversight process is appropriate for the risks inherent in a business unit's activity.
          Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB 6.3 Risk Identification and Assessment

      • PIB 6.3.1

        An Authorised FirmG must:

        (a) ensure that it identifies and assesses the Operational RisksG inherent in all the Authorised Firm'sG products, activities, processes and systems;
        (b) ensure the inherent risks in (a) are understood by relevant EmployeesG of the Authorised FirmG ;
        (c) systematically track Operational RiskG events and any financial impact associated with such events; and
        (d) ensure that the tracking in (c) is consistent with the Operational RiskG event types described in the Basel III framework.
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

        • PIB 6.3.1 Guidance

          1. An Authorised FirmG should record all Operational RiskG events, including near misses and events which result in a positive financial outcome.
          2. These Rules complement related RulesG in GEN section 5.3 relating to risk management systems and controls. For example, GEN Rule 5.3.6 requires an Authorised FirmG to appoint an individual to advise its Governing BodyG and senior management as to risks.
          Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

      • PIB 6.3.2

        An Authorised FirmG must ensure that its Operational RiskG policy in PIB Rule 6.2.1:

        (a) includes an approval process for all new products, activities, processes and systems; and
        (b) incorporates the requirement in PIB Rule 6.3.1(a).
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

        • PIB 6.3.2 Guidance

          1. An Authorised FirmG should have policies and procedures that address the process for review and approval of new products, activities, processes and systems. The review and approval process should include consideration of:
          a. inherent risks in any new product, service, or activity;
          b. resulting changes to the Authorised Firm'sG Operational RiskG profile, appetite and tolerance, including changes to the risk of existing products or activities;
          c. necessary controls, risk management processes, and risk mitigation strategies;
          d. residual risk;
          e. changes to relevant risk limits;
          f. procedures and metrics to measure, monitor, and manage the risk of the new product or activity; and
          g. appropriate investment in human resources and technology infrastructure.
          2. Tools that an Authorised FirmG may employ for identifying and assessing Operational RiskG include:
          a. internal loss data collection and analysis;
          b. external data collection and analysis;
          c. risk assessments;
          d. business process mapping;
          e. risk and performance indicators; and
          f. scenario analysis.
          Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB 6.4 Risk Monitoring and Reporting

      • PIB 6.4.1

        An Authorised FirmG must:

        (a) regularly monitor material ExposuresG to Operational RiskG losses;
        (b) ensure that appropriate reporting mechanisms are in place at its Governing BodyG , senior management, and business line levels to support effective management of the Authorised Firm'sG Operational RiskG ; and
        (c) immediately notify the DFSAG of any material Operational RiskG event including notification of any resulting financial impact, positive or negative, associated with such event.
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

        • PIB 6.4.1 Guidance

          1. GEN Rule 5.3.17 requires an Authorised PersonG to establish and maintain arrangements to provide its Governing BodyG and senior management with the information necessary to organise and control its activities, to comply with legislation applicable in the DIFCG and to manage risks.
          2. PIB Rule 6.4.1 is intended to complement GEN Rule 5.3.17 and requires Authorised FirmsG to establish and maintain reporting mechanisms specifically addressing the Operational RiskG matters.
          3. The frequency of internal reporting of Operational RisksG required by PIB Rule 6.4.1(b) should reflect the risks involved and the pace and nature of changes in the Authorised Firm'sG operating environment.
          4. The following lists some of the items that an Authorised FirmG should consider including in its internal reporting of Operational RisksG :
          a. the results of monitoring activities;
          b. assessments of the Operational RiskG framework performed by control functions such as internal audit, compliance, risk management and/or external audit;
          c. reports generated by (and/or for) supervisory authorities;
          d. material breaches of the Authorised Firm'sG risk appetite and tolerance with respect to Operational RiskG ;
          e. details of recent significant internal Operational RiskG events and losses, including near misses or events that resulted in a positive return; and
          f. relevant external events and any potential impact on the Authorised FirmG and its Operational RiskG framework, including Operational RiskG capital.
          Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB 6.5 Control and Mitigation

      • PIB 6.5 Guidance

        1. GEN Rule 5.3.1 requires an Authorised PersonG to establish and maintain systems and controls, including but not limited to financial and risk systems and controls that ensure that its affairs are managed effectively and responsibly by its senior management.
        2. In complying with GEN Rule 5.3.1, an Authorised FirmG should establish and maintain a strong control environment that uses policies, processes and systems, appropriate internal controls and appropriate risk mitigation and/or transfer strategies.
        3. In establishing systems and controls to address Operational RiskG an Authorised FirmG should consider the following:
        a. clear segregation of duties and dual control;
        b. clearly established authorities and/or processes for approval;
        c. close monitoring of adherence to assigned risk limits or thresholds;
        d. safeguards for access to, and use of, the Authorised Firm'sG assets and records;
        e. appropriate staffing level and training to maintain expertise;
        f. ongoing processes to identify business lines or products where returns appear to be out of line with reasonable expectations; and
        g. regular verification and reconciliation of transactions and accounts.
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB 6.6 Information Technology (IT) Systems

      • PIB 6.6.1

        An Authorised FirmG must establish and maintain:

        (a) appropriate information technology policies and processes to identify, assess, monitor and manage technology risks; and
        (b) appropriate and sound information technology infrastructure to meet its current and projected business requirements, under normal circumstances and in periods of stress, which ensures data and system integrity, security and availability and supports integrated and comprehensive risk management.
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

        • PIB 6.6.1 Guidance

          1. IT systems include the computer systems and information technology infrastructure required for the automation of processes and systems, such as application software, operating system software, network infrastructure, and desktop, server and mainframe hardware.
          2. An Authorised FirmG should consider the following in establishing its systems and controls for the management of IT system risks:
          a. governance and oversight controls that ensure technology, including outsourcing arrangements, is aligned with and supportive of the Authorised Firm'sG business objectives;
          b. an Authorised Firm'sG organisation and reporting structure for technology operations, including adequacy of senior management oversight; and
          c. the appropriateness of the systems acquisition, development and maintenance activities, including the allocation of responsibilities between IT development and operational areas.
          Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB 6.7 Information Security

      • PIB 6.7.1

        An Authorised FirmG must establish and maintain appropriate systems and controls to manage its information security risk.

        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

        • PIB 6.7.1 Guidance

          In establishing its systems and controls to address information security risks, an Authorised FirmG should have regard to:

          a. confidentiality: information should be accessible only to persons or systems with appropriate authority, which may require firewalls within a system, as well as entry restrictions;
          b. the risk of loss or theft of customer data;
          c. integrity: safeguarding the accuracy and completeness of information and its processing;
          d. non-repudiation and accountability: ensuring that the person or system that processed the information cannot deny their actions; and
          e. internal security: including premises security, staff vetting; access rights and portable media, staff internet and email access, encryption, safe disposal of customer data, and training and awareness.
          Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB 6.8 Outsourcing

      • PIB 6.8.1

        An Authorised FirmG must establish and maintain appropriate systems and controls to manage its outsourcing risk.

        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

        • PIB 6.8.1 Guidance

          1. GENG RulesG GEN 5.3.21 and GEN 5.3.22 set out the DFSAG requirements on outsourcing by Authorised FirmsG . This section complements the requirements in the GENG module and contains guidance on managing the Operational RiskG associated with outsourcing arrangements.
          2. The assessment of outsourcing risk at an Authorised FirmG may depend on several factors, including the scope and materiality of the outsourced activity, how well the Authorised FirmG manages, monitors and controls outsourcing risk (including its general management of Operational RiskG ), and how well the service provider manages and controls the potential risks of the operation.
          3. Factors that an Authorised FirmG should consider in establishing outsourcing arrangements include the following:
          a. the financial, reputational and operational impact on the Authorised FirmG of the failure of a service provider to perform adequately the activity;
          b. potential losses to an Authorised Firm'sG customers and counterparts in the event of a service provider failure;
          c. the consequences of outsourcing the activity on the ability and capacity of the Authorised FirmG to conform with regulatory requirements and changes in such requirements;
          d. the interrelationship of the outsourced activity with other activities within the Authorised FirmG ;
          e. the cost associated with the outsourcing;
          f. any affiliation or other relationship between the Authorised FirmG and the service provider;
          g. the regulatory status of the service provider;
          h. the degree of difficulty and time required to select an alternative service provider or to bring the business activity in-house, if necessary;
          i. the complexity of the outsourcing arrangement. For example, the ability to control the risks where more than one service provider collaborates to deliver an end-to-end outsourcing solution; and
          j. any data protection, security and other risks which may be adversely affected by the geographical location of an outsourcing service provider. To this end, Specific RiskG management expertise in assessing country risk related, for example, to political or legal conditions, could be required when entering into and managing outsourcing arrangements that are taken outside of the home country.
          Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB 6.9 Business Continuity and Disaster Recovery

      • PIB 6.9 Guidance

        See GEN chapter 5 regarding requirements relating to an Authorised Firm'sG business continuity and disaster recovery arrangements.

        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB 6.10 Management of Operational Risks in Trading Activities

      • PIB 6.10 Guidance

        This section complements the RulesG and GuidanceG set out in other sections of this chapter with more specific guidance for the identification, assessment, control and monitoring of Operational RisksG in trading activities. In this GuidanceG , reference to "trading activities" should be construed in its natural sense in the context of Financial ServicesG and should include an Authorised Firm'sG activities in Dealing in Investments as PrincipalG and Dealing in Investments as AgentG . In addressing the Operational RisksG arising from trading activities, an Authorised FirmG should consider the following:

        a. staff members in support and control functions, comprising functions such as operations, settlement, finance, risk management, legal, compliance, internal and external audit, should have adequate representation and authority within the Authorised Firm'sG overall governance framework so as to be able to effectively challenge the activities undertaken by the front office;
        b. Operational RiskG management systems should set criteria, indicators and thresholds enabling the identification of material incidents detected by internal control procedures. This should include tracking of Operational RiskG losses in trading activities and analysis of those losses for possible interconnections (i.e. losses based on one event or root cause);
        c. high professional standards and a sound risk culture should be promoted within the Authorised FirmG , particularly in the front office, in a way that supports professional and responsible behaviour. This should include, but is not limited to, developing and implementing appropriate policies and procedures, setting standards (often in the form of a "code of conduct") for relations between traders and their counterparts, and training procedures;
        d. there should be adequate segregation of duties between front office and the support and controls functions in charge of supporting, verifying and monitoring trade transactions;
        e. appropriate policies and procedures relating to leave requirements and staff movements should be developed, implemented and regularly monitored; in particular:
        i. procedures establishing a minimum absence requirement of at least two consecutive weeks' leave for traders (via a vacation, "desk holiday" or other absence from the office or trading) so that traders are physically unable to mark or value their own books, this responsibility being carried out by a different person during those periods; and
        ii. employees changing job positions between front, middle and back offices or IT should be properly tracked.
        f. terms of reference describing the activity of each trader or group of traders should be established. Adherence to these terms should be subject to monitoring by support and control functions;
        g. documentation requirements for trading activities should be properly defined so as to minimise legal uncertainties in enforceability of contracts with clients and CounterpartiesG . This should include consideration of using contracts that are standardised as far as possible, particularly in OTC transactions;
        h. all trading positions, profits and losses, cash flows and calculations associated with a transaction should be clearly recorded in the Authorised Firm'sG management information systems with a documented audit trail. The audit trail should allow for the tracing of cash flows at a sufficiently granular level (e.g. traders, books, products and portfolios);
        i. appropriate procedures for confirmation of the terms and conditions of transactions with external CounterpartiesG /clients should be established;
        j. appropriate processes and procedures should be implemented for the settlement of transactions. This should include consideration of the following elements.
        i. the authorisation of inputs by the back office;
        ii. payment/settlements carried out against independent documents;
        iii. reconciliation between front office and back office systems; and
        iv. reconciliation procedures independent of the processing functions.
        k. controls should include daily reconciliation of positions and cash flows across various internal systems and external parties. The reconciliations should include all events attached to the transactions including amendments, cancellation, exercises, resets and expiries;
        l. procedures and processes should be established to ensure accurate and timely monitoring and follow up of margin or CollateralG calls;
        m. profit attribution is a key control for understanding the risk in a trading operation and therefore the control and support functions should have a good understanding of the various aspects that lead to P&L generation, particularly in relation to more complex products. Major implausiblities discovered within the P&L in the context of the trading mandate and market developments should be further analysed to see if they are caused by Operational RiskG events; and
        n. control procedures should be established to monitor and escalate unusual transactions, anomalies in confirmation and reconciliation processes, errors in recording, processing and settling transactions, along with cancellations, amendments, late trades and off-market rates.
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB 6.11 Operational Risk Capital Requirement

      • PIB 6.11.1

        This section applies to an Authorised FirmG in CategoryG 1, 2, 3A or 5.

        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

      • PIB 6.11.2

        (1) An Authorised FirmG must, subject to (2), use the Basic Indicator ApproachG as prescribed in PIB App6 to calculate its Operational RiskG Capital RequirementG .
        (2) An Authorised FirmG may, with the written approval of the DFSAG , use the Standardised ApproachG or the Alternative Standardised ApproachG , both as prescribed in PIB App6, to calculate its Operational RiskG Capital RequirementG if the DFSAG is satisfied that:
        (a) its Governing BodyG and senior management, as appropriate, are actively involved in the oversight of its Operational RiskG framework;
        (b) it has, in accordance with the requirements set out in this chapter, implemented and maintains an Operational RiskG policy which provides for a sound and well-defined risk management framework to address the Authorised Firm'sG Operational RiskG ; and
        (c) it has dedicated sufficient resources in the use of the relevant approach in its major business lines and its control and audit functions.
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

      • PIB 6.11.3

        An Authorised FirmG seeking to apply the Standardised ApproachG or the Alternative Standardised ApproachG must develop specific policies and have documented criteria for mapping gross income for current business lines and activities into the Standardised ApproachG or the Alternative Standardised ApproachG , as prescribed in PIB App6. The criteria must be reviewed and adjusted for new or changing business activities as appropriate.

        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

      • PIB 6.11.4

        Once an Authorised FirmG has written approval to apply the Standardised ApproachG or Alternative Standardised ApproachG , it must not revert to the Basic Indicator ApproachG without DFSAG approval.

        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

      • PIB 6.11.5

        (1) The DFSAG may at any time by written notice require an Authorised FirmG to adopt a specified approach to calculating its Operational RiskG Capital RequirementG where the DFSAG considers that this is:
        (a) appropriate given the nature, size, complexity and risk profile of the Authorised Firm'sG business; or
        (b) necessary in the prevailing economic circumstances and it is in the interests of the DIFCG .
        (2) An Authorised FirmG must comply with a requirement made under (1).
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB 6.12 Professional Indemnity Insurance

      • PIB 6.12.1

        This section applies to an Authorised FirmG in CategoryG 3B, 3C or 4 which undertake one or more of the Financial ServicesG prescribed in PIB Rule 6.1.1(c).

        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

      • PIB 6.12.2

        An Authorised FirmG must:

        (a) take out and maintain professional indemnity insurance cover appropriate to the nature, size, complexity and risk profile of the Authorised Firm'sG business;
        (b) at least annually, provide the DFSAG with a copy of the professional indemnity insurance cover in (a) covering the following twelve month period; and
        (c) notify the DFSAG of any material changes to the cover in (a), including the level of cover, its renewal or termination.
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

        • PIB 6.12.2 Guidance

          1. In complying with PIB Rule 6.12.2, an Authorised FirmG should take out and maintain a contract for professional indemnity insurance (PII) from a reputable and well-capitalised insurer and such contract should include cover in respect of claims for which the Authorised FirmG may be liable as a result of the conduct of itself and its EmployeesG and appropriate cover in respect of legal costs arising from a claim.
          2. Pursuant to PIB Rule 6.4.1(c), an Authorised FirmG should notify the DFSAG of any significant PII claim made. What amounts to a significant claim will depend on the nature size and complexity of the Authorised FirmG and the DFSAG would expect the Authorised FirmG to treat a series of small single claims which are significant in aggregate as significant for the purposes of PIB Rule 6.4.1(c).
          3. An Authorised FirmG can fulfil the requirements under this section by ensuring coverage of its activities under a group-wide PII policy, provided that policy covers the Authorised FirmG and its activities and that policy meets the conditions specified in this section. Where the Authorised Firm'sG group PII cover does not meet the requirements specified under this section, the Authorised FirmG will be required to obtain PII cover that meets those requirements.
          Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]