Securities Exchanges and Depository Centers Regulations

KINGDOM OF SAUDI ARABIA Capital Market Authority Securities Exchanges and Depository Centers Regulations English Translation of the Official Arabic Text Issued by the Board of Capital Market Authority Pursuant to its Resolution Number 4-77-2022 Dated 23/11/1443 H. Corresponding to 22/6/2022 G. Based on the Capital Market Law Issued by Royal Decree No. M/30 dated 2/6/1424 H. Arabic is the official language of the Capital Market Authority Important Notice: The current version of these Regulations, as may be amended, can be found at the Authority website: www.cma.org.sa

2 Table of Contents PART 1: GENERAL PROVISIONS Article 1: Preliminary Article 2: Definitions Article 3: Compliance with Regulations and Rules Article 4: Waivers PART 2: PRINCIPLES APPLICABLE TO EXCHANGES AND DEPOSITORY CENTERS Article 5: General Principles PART 3: AUTHORISATION Article 6: Requirements for Authorisation Article 7: Additional Requirements for Authorisation of Exchanges or Depository Centers Established out of The Kingdom Article 8: Procedures and Powers of the Authority in Relation to an Application for Authorisation Article 9: Variation or Amendment to Authorisation Article 10: Withdrawal from Business and Cancellation of Authorisation Article 11: Right of Appeal Article 12: Fees Article 13: Maintenance of Authorisation Article 14: Ownership Structure and Close Links Article 15: Notification Requirements and Powers of Authority PART 4: GOVERNANCE Article 16: General Provisions Article 17: Distribution of Responsibilities Article 18: Committees of the Board Article 19: Surveillance of Trading Article 20: Systems and Controls Article 21: Compliance Function Article 22: Risks Management Function Article 23: Link with an Exchange, Depository Center or CCP Article 24: Outsourcing Article 25: Audit PART 5: RULES AND PROCEDURES Article 26: Rules and Procedures Article 27: Membership Requirements Article 28: Training Article 29: Listing and Trading of Securities Conditions Article 30: Dispute Settlement Rules Article 31: Default Rules and Procedures Article 32: Direct Access to Exchange Systems

3 Article 33: Market Making Article 34: The Rules of the Depository Center Article 35: Membership Suspension and Revocation Article 36: Disclosure of Rules, Procedures and Fees Article 37: Trading Disruption PART 6: OPERATIONS OF THE EXCHANGE Article 38: Security Offering and Listing of Holding Company Article 39: Issuer’s Continuous Obligations Article 40: Pricing and Disclosure Article 41: Timestamp Article 42: Price Change Units Article 43: Algorithmic Trading Article 44: Market Surveillance Article 45: Trading Suspension PART 7: OPERATIONS OF THE DEPOSITORY CENTER Article 46: Securities Accounts Article 47: Asset of the Depository Center Article 48: Records of the Depository Center PART 8: RISKS Article 49: Risk Management Article 50: Identifying and Managing Operational Risks Article 51: Business Continuity Plan Article 52: General Business Risk Management Arrangements Article 53: General Business Risk Management PART 9: OTHER EXCHANGE AND DEPOSITORY CENTER OBLIGATIONS Article 54: Confidentiality of Information Article 55: Record-Keeping Article 56: Products Article 57: Communication Procedures and Standards Article 58: Auditor’s Report Article 59: Annual Report PART 10: PUBLICATION AND ENTRY INTO FORCE Article 60: Publication and Entry into Force Annex (1): Information and Documents Required for Authorisation and Commencement of Business Annex (2): Notification Requirements Annex (3): Requirements for Preparation of Rules and Procedures

4 PART 1 INTRODUCTORY PROVISIONS Article 1: Preliminary The purpose of these Regulations is to regulate the Exchanges and the Depository Centers business, and to specify the procedures and conditions for obtaining an authorisation and its maintenance. Article 2: Definitions a) Any reference to the “Law” in these Regulations shall mean the Capital Market Law issued by the Royal Decree No. M/30 dated 2/6/1424 H. b) Expressions and terms in these Regulations have the meaning, which they bear in the Law and the Glossary of Defined Terms Used in the Regulations and Rules of the Capital Market Authority, unless the context indicates otherwise. Article 3: Compliance with Regulations and Rules a) The Exchange and Depository Center must comply with the Law, these regulations and the other relevant regulations and rules. The Exchange and Depository Center must provide to the Authority, without delay, with any information, records or documents that the Authority may require for the purpose of implementing the Law and its implementing regulations. b) The Governing Body and employees of the Exchange and the Depository Center must comply with any request issued by the Authority to appear to explain any matter or to assist in any enquiry relating to implementing the Law and its implementing regulations. Article 4: Waivers a) The Authority may waive a provision of these Regulations in whole or in part as it applies to an applicant, an Exchange or a Depository Center either on an application from them or on its own initiative. b) The Authority will make an announcement of the waiver of any provision where it believes that:

1. The waiver of the provisions may be of application to more than one Exchange or Depository Center; and
2. The publication of the waiver will not materially prejudice the Exchanges or Depository Centers.

5 PART 2 PRINCIPLES APPLICABLE TO EXCHANGES AND DEPOSITORY CENTERS Article 5: General Principles The Exchanges and Depository Centers must comply with the following principles:

1. Conduct their business with integrity;
2. Conduct their business with due skill, care and diligence;
3. Protect investors and maintain their confidence by means of fairness, efficiency and transparency in everything related to its affairs;
4. Efficiency of management and control, by taking reasonable care to organise their affairs responsibly; and
5. Consider the interests of the participants, including, without limitation, their members, clients, and securities issuers.

6 PART 3 AUTHORISATION Article 6: Requirements for Authorisation a) For the purpose of this Article, an applicant for authorisation means the person that is applying for authorisation to conduct the business of Exchange or Depositary Center in the Kingdom. The applicant is subject to these Regulations from the date of submission of its application. b) An applicant must demonstrate to the Authority the following:

1. It has objectives that prioritize the integrity and efficiency of its business and support market safety and investors protection;
2. It is fit and proper and has adequate expertise and resources to conduct the business for which it seeks authorisation;
3. It is suitable with the capital market structure, and would not entail negative impacts on the investors’ confidence or on the stability of the authorised Exchanges, Depository Centers or CCPs;
4. It has human resources, managerial expertise, financial systems, risk management policies and systems, technological resources, and operational policies, procedures and systems that are sufficient to fulfil its business and regulatory obligations;
5. The identities of the shareholders that have direct or indirect holdings of (5%) or more of the capital and the amounts of those holdings, whether they are natural or legal persons; c) The paid-up capital of the applicant must not be less than the following:
6. The Primary Exchanges and Depositary Centers: SR 50 million.
7. Alternative Trading Systems: Paid-up capital commensurate with the nature and scale of its business at the discretion of the Authority. d) An application for authorisation shall be accompanied by the information and documents required in the first item of Annex (1) of these Regulations. e) As a condition for authorisation to conduct the Exchange or Depositary Center business in the Kingdom, the applicant must be a joint-stock company. f) An applicant to conduct the business of an Alternative Trading System in the Kingdom must submit a list of the types of securities proposed to carry out trading in them and the categories of investors proposed to enable them to trade. The Authority may, upon approval of the application, impose any conditions or restrictions as it deems appropriate to achieve market safety and investors protection. g) If the applicant has close links with another natural or legal person, the Authority must be satisfied with the integrity, regulatory status, business record and financial soundness of any such natural or legal person, and that such close links do not impair the effective supervision of the applicant or its operations and compliance with these Regulations.

7 h) In addition to the authorisation requirements set out above, the Authority may specify additional requirements for authorisation to be met by, or specific conditions or limitations to be applied to either all applicants for authorisation, or particular applicants or categories of applicants, as it considers appropriate. i) An application for authorisation may be submitted by the founders or controlling shareholders of an applicant if the applicant is not yet established. The founders or controlling shareholders become subject to the provisions that apply to an applicant from the date of submission of the application. j) An applicant for authorisation must notify the Authority immediately of any material changes to the information provided to the Authority for the purpose of the application for authorisation. Article 7: Additional Requirements for Authorisation of Exchanges or Depository Centers Established out of the Kingdom a) For the purpose of this Article, an applicant for authorisation means a legal person incorporated as a joint-stock company out of the Kingdom that is applying for authorisation to conduct the Exchange or Depository Center business in the Kingdom. An applicant for authorisation becomes subject to these Regulations from the date of submission of its application. b) An applicant for authorisation as an Exchange or a Depository Center established out of the Kingdom shall demonstrate to the Authority the following:

1. It is authorised or otherwise subject to regulatory oversight by a regulatory authority and incorporated in a jurisdiction that applies regulatory and monitoring standards equivalent to those of the Authority or acceptable to it. For the purposes of this paragraph, the Authority may, at its absolute discretion, determine whether the regulatory and monitoring standards are equivalent to those of the Authority or acceptable to it;
2. It has given notice to its foreign regulator of its intention to provide services of Exchange or Depository Center in the Kingdom;
3. For the Depository Center, it complies with the Principles for Financial Market Infrastructures on an ongoing basis, including any related supplemental guidance issued from time to time by the Committee on Payments and Market Infrastructures and the International Organization of Securities Commissions;
4. For the Exchange, it complies with the principles issued from the International Organization of Securities Commissions on an ongoing basis, including any related supplemental guidance issued from time to time;
5. By providing Exchange and Depository Center activities in the Kingdom it will not violate any laws or regulations to which it is subject or any relevant requirements imposed by its foreign regulator;
6. It provides protection against systemic risks, and fair and effective services in accordance with applicable laws in the Kingdom;

8 7) It complies with the principles of market safety and investors protection; and 8) Its foreign regulator is either willing, or has already, put in place cooperation arrangements which provide for the exchange of information between the foreign regulator and the Authority regarding the applicant. c) Based on the application submitted in accordance with this Article and any additional documents required by the Authority, the Authority shall have the discretion whether to approve the application. The Authority may stipulate additional authorisation requirements to be met by, or specific conditions or limitations to be applied to all applicants for authorisation as an Exchange or Depositary Center established out of the Kingdom or particular applicants or categories of applicants, as it considers appropriate. Article 8: Procedures and Powers of the Authority in relation to Application for Authorisation a) In considering an application, the Authority may:

1. Carry out any enquiries that it considers appropriate;
2. Require the applicant, or its representative, to attend before the Authority to answer questions and explain any matter the Authority considers relevant to the application;
3. Require the applicant to provide such additional information as the Authority considers appropriate within (30) days as of the request; or
4. Verify any information furnished by the applicant. b) The Authority may refuse to consider an application for authorisation where an applicant has failed to provide information requested from it or has failed to provide it within the time requested, or if the Authority considers that the business subject to authorisation does not contribute to the capital market development. c) The Authority shall, upon receipt of all information and documents required, notify the applicant in writing of the same, and shall take any of the following decisions within a maximum period of (30) days of the date of notice:
5. Approve the application in a whole or part;
6. Approve the application subject to such conditions and limitations as it considers appropriate; or
7. Refuse the application, giving reasons. d) The Authority may extend the period of assessment of an application for authorisation referred to in paragraph (c) of this Article if the applicant for authorisation intends to outsource any of its functions in accordance with Article (24) of these Regulations. e) If the Authority resolves to authorise the applicant, it will notify the applicant of this in writing and of any conditions and limitations that the Authority may consider appropriate. The Exchange and Depository Center must satisfy the requirements for commencement of business stipulated in the second item of Annex (1) of these Regulations before commencing its business. f) If the Authority resolves to refuse the application, it will notify the applicant in writing.

9 g) An applicant must not carry out, or hold itself out as carrying out, business for which it seeks authorisation in the Kingdom prior to receiving the Authority decision referred to in paragraph (e) of this Article. Article 9: Variation or Amendment to Authorisation a) The Exchange or Depository Center must apply to the Authority for approval of any proposed variation or amendment to its authorisation. b) The Authority has all the powers set out in this Part to consider a proposed variation or amendment, and may also require some or all of the information or documents referred in this Part to be updated. c) The Authority will aim to process an application to vary or amend an authorisation within (30) days from receiving all information that it considers necessary. d) After considering an application to vary or amend an authorisation, the Authority may:

1. Approve the application for variation or amendment in a whole or part;
2. Approve the application subject to such conditions and limitations as it considers appropriate;
3. Defer making a decision for such period as it may consider necessary to carry out further study or examination or to allow for the provision of additional information; or
4. Refuse the application, giving reasons. e) If the Authority resolves to approve an application for an amendment in authorisation, it will inform the applicant in writing and provide it with the new authorisation, including any conditions and limitations that the Authority may consider appropriate. f) The Exchange or Depository Center must not carry out, or hold itself out as carrying out, the amended services of Exchange or Depository Center before receiving the Authority’s notification under paragraph (e) of this Article. g) If the Authority resolves to refuse the application for variation or amendment, it will notify the applicant in writing. Article 10: Withdrawal from Business and Cancellation of Authorisation a) The Exchange or Depository Center that proposes temporarily cease to carry out its business in the Kingdom shall notify the Authority, in writing and in advance, of the date on which it intends to cease and the reasons for the decision:
5. At least (45) days in advance of that date; or
6. If such advanced notice is not possible because the cessation of business is caused by an external event of which was not aware, immediately on making a decision to cease. b) If the Exchange or Depository Center decides to cease providing certain business, it must ensure that any such business that is outstanding is properly completed or is transferred to

10 another appropriate service provider after obtaining the Authority’s approval and must notify its members and participants of the cessation of business within a reasonable time. c) The Exchange or Depository Center may request the cancellation of its authorisation, and must in this case submit a written request to the Authority not less than (3) months prior to the proposed date of the cancellation. d) A request to cancel an authorisation must include sufficient information concerning the circumstances of the cancellation to enable the Authority to determine whether to accept the cancellation, to postpone the date of the cancellation, or to require other measures that it considers necessary for the protection of the members of the Exchange or Depository Center. e) The Authority may refuse a request to cancel an authorisation if it considers that the maintenance of the authorisation is necessary to investigate any matter affecting the Exchange or Depository Center, to protect the interest of its members, or to impose a prohibition or requirements on such Exchange or Depository Center under the Law or its implementing regulations. f) The Authority may suspend the authorisation of the Exchange or Depository Center on its own initiative if the Exchange or the Depository Center does not carry out any of its business in the Kingdom for the period of (12) months, or (6) months following the date on which the Exchange or the Depository Center has ceased to carry out business after notification to the Authority in accordance with paragraph (a) of this Article. g) The Exchange and Depository Center continue to be subject to the jurisdiction of the Authority in respect of any act or omission that occurred before the cancellation of its authorisation and for (2) years thereafter. If at any time during this period the Authority commences any enforcement investigation or proceedings, the Exchange and Depository Center shall continue to be subject to the jurisdiction of the Authority until the end of the enforcement investigation or proceedings. Article 11: Right of Appeal An applicant for authorisation, Exchange or Depository Center may appeal to the Committee in respect of any decision or action that the Authority takes under these Regulations. Article 12: fees a) The applicant for authorisation must pay such fees as may be prescribed by the Authority. b) The Exchange and Depository Center must pay all such fees as the Authority may prescribe for the maintenance of the authorisation. c) The Exchange and Depository Center must obtain prior approval from the Authority for all fees for services provided by the Exchange and Depository Center.

11 Article 13: Maintenance of Authorisation a) As a condition for the maintenance of authorisation, the Exchange and Depository Center Shall comply with authorisation and commencement of business requirements, and continue to be fit to and proper to carry out business for which it authorised in the Kingdom. b) The skills, experiences, competence and integrity of the Exchange’s, Depository Center’s or applicant’s board members, employees and officers are important factors for assessing if the Exchange, Depository Center or the applicant are capable and suitable. When assessing the skills, competence and integrity of officers and employees, the following criteria shall be taken into account:

1. They must possess adequate qualifications and experiences to carry out their responsibilities, including the appropriate technical knowledge and skills.
2. They shall be honest, probity and soundness of judgement commensurate with their positions, including actions taken by them for resolving conflict of interests.
3. They shall fulfil their responsibilities with diligence and protect the interests of investors in accordance with the Law and the implementing regulations.
4. Whether they have committed an offence involving fraud or dishonesty.
5. Whether they have violate or breach any laws or regulations governing securities business or aimed at protecting investors.
6. Whether a board member or senior executive has been insolvent. c) The Exchange and Depository Center shall obtain the Authority approval before alternation of their capital. d) The Exchange and Depository Center shall develop a code of conduct. e) The Depository Center must comply with the Principles for Financial Market Infrastructures on an ongoing basis, including any related supplemental guidance issued from time to time by the Committee on Payments and Market Infrastructures and the International Organization of Securities Commissions. Article 14: Ownership Structure and Close Links a) The Authority may refuse an application where it is not satisfied as to the suitability of the substantial shareholders of the applicant. b) The Exchange and Depository Center, established in the Kingdom, shall obtain prior approval from the Authority for any change that exceeds (5%) in its ownership structure. c) The Exchange and Depository Center, established in the Kingdom, must notify the Authority, in such form as the Authority may prescribe, that a person is intending to establish close links with any of them at least (30) days in advance of the proposed effective date, or if such advance notice is not possible, immediately on becoming aware of any

12 changes in close links. The notice must include such information as the Authority requires to satisfy itself of the identity of the person purposes to establish close links with, its integrity, regulatory status, business records, and financial soundness. d) The Exchange and Depository Center, established in the Kingdom, may not establish close links with another person unless the Authority has approved such close links in writing. e) Before approving any close links with the Exchange or Depository Center, established in the Kingdom, the Authority must be satisfied that such links will not impair the effective oversight of such Exchange or Depository Center or its operations and compliance with the Law and its implementing regulations. f) If the person intends to have close links with the Exchange or Depository Center, established in the Kingdom, by owning more than half of the capital of either of them or controlling the formation of the board of either of them, The Authority, when it decides to approve in accordance with Paragraph (d) of this Article, may impose such conditions and restrictions as it considers appropriate, including:

1. Submitting the names of the persons nominated for membership in that person’s board to the Authority for approval on their nomination prior to their election by the shareholders’ general assembly.
2. Obtaining the Authority approval before appointing an executive manager for that person.
3. Obtaining the Authority’s prior approval for any change that exceeds (10%) in the ownership structure of that person.
4. Obtaining the Authority's prior approval for any change in that person’s ownership in the Exchange and Depository Center.
5. Notify the Authority in writing immediately on the occurrence of any of the following: a. Removing or submitting the resignation of the executive manager of that person. b. Dismissal or submitting the resignation of a governing body member of that person. c. A verdict issued against that person or an affiliate Exchange or Depository Center for any offence under legislation relating to financial services, companies, insolvency, or for any offence involving fraud or any act involving a lack of integrity or dishonesty, or the imposition of any penalties for deliberate zakat or tax evasion. d. Any matter which would be material to the Authority's oversight of the Exchange and Depository Center.

13 g) The person referred to in paragraph (f) of this Article must undertake to ensure that no actions are taken that may affect the market safety and investors protection or managing business and operational risks of the Exchange and Depository Center. Article 15: Notification Requirements and Powers of Authority a) The Exchange and Depository Center must comply with the notification requirements set out in Annex (2). b) On receiving a notice under paragraph (a) of this Article, the Authority may:

1. Require to provide any additional information that it considers necessary to properly assess the matter; and
2. Impose any conditions, restrictions or additional requirements on the Exchange or Depository Center, including limitations on its permitted business profile that it reasonably considers necessary to address any event raised by any matter that it is notified of under this Article.

14 PART 4 GOVERNANCE Article 16: General Provisions a) The Exchange and Depository Center must have documented governance arrangements which clearly and directly define the structure of their board, its tasks, distribution of responsibilities and reporting lines. The Authority will consider such governance arrangements as part of the authorisation process. In addition, The Exchange and Depository Center must disclose such arrangements to its Members and the public. b) The documented governance arrangements for the Exchange and Depository Center must include the arrangements required to achieve its corporate governance objectives, develop its own governance policies and procedures for overseeing those policies and systems, monitor their implementation and their effectiveness and amend them when needed. c) The policies and procedures for the boards of the Exchange and Depository Center must include procedures to identify, resolve, and manage potential conflicts of interest for the board members of the Exchange and Depository Center. d) The number of Independent Members in the boards of the Exchange and Depository Center must not be less than two members or one-third of the board members, whichever is greater. e) The boards of the Exchange and Depository Center members must have a clear understanding of their roles in corporate governance, be able to devote sufficient time to their roles, ensure to continuously develop their skills, and have appropriate incentives to fulfil their roles. f) The Exchange and Depository Center, each within its own purview, must submit the names of the persons nominated for membership in their boards to the Authority for approval on their nomination prior to their election by the shareholders’ general assembly. g) The Exchange and Depository Center, each within its own purview, must obtain the Authority’s approval before appointing an executive manager for either of them. h) The Authority may delegate one representative (or more) as an observer to attend the board meeting of the Exchange or Depository Center to ensure implementation of the provisions of the Law.

15 Article 17: Distribution of Responsibilities a) Governance arrangements must ensure the sufficient independence for key functions, such as risk management and internal audit. b) The Exchange and Depository Center must take appropriate measures to maintain a clear and appropriate division of the principal responsibilities among its governing body and senior executives so that:

1. It is clear who is responsible for each function.
2. The business and affairs are adequately monitored and overseen by the governing body and senior executives.
3. Avoid illegal or unauthorised dealings and restrict an employee from performing a particular transaction entirely on his own.
4. Periodic Review of responsibilities and tasks to reduce the potential conflicts of interest. c) The boards of the Exchange and Depository Center shall be responsible for arranging the distribution of responsibilities, under paragraph (b) of this Article, and overseeing the establishment and implementation of its systems and controls. Article 18: Committees of the Board a) The Exchange and Depository Center must establish an audit committee in accordance with the Law and the Companies Law and the implementing regulations. In addition, the board of the Primary Exchange and the Depository Center must establish the committees referred to in paragraph (b) of this Article, at the minimum, and any other committees as determined by the Authority, which shall be composed of suitable members that have the appropriate skills, experience, and knowledge of its activities and business. Such committees may include its board members where needed. b) The Primary Exchange and Depository Center shall establish, as a minimum, the following committees:
5. A nomination and remuneration committee; and
6. A risk committee. All such committees, and any other committees the board considers appropriate, must have clearly assigned responsibilities and procedures and must document all decisions reached and any supporting rationale for such decisions. c) The Authority may impose any conditions or restrictions on the membership of the committees emanating from the boards of the Exchange and Depository Center, including requiring the Authority’s prior approval for the composition of its members.

16 Article 19: Surveillance of Trading a) The Exchange, upon receiving a request from the Authority, shall establish an independent trading surveillance function with defined responsibilities and powers, adequate resources, and access to the trading systems for maintaining the safety and competence of the market and investors protection. b) The Authority has the power to access the trading systems and surveil the trading, for implementing the Law and its implementing regulations. Article 20: Systems and Controls a) The Exchange and Depository Center must establish and maintain systems and controls that are appropriate to its business, and shall be sufficient to enable them to comply with the Law and its implementing regulations. b) The boards of the Exchange and Depository Center shall be primarily responsible for compliance with the Law and its implementing regulations, and all the other legal requirements. c) The systems and controls, referred to in paragraph (a), must include the following:

1. Policies and systems to resolve the conflicts of interest, including effectively identifying potential conflicts of interest and resolving them.
2. Comprehensive Policies and systems for information and physical security that address potential vulnerabilities and threats. Article 21: Compliance Function The compliance function of the Exchange and Depository Center must have defined responsibilities and powers, adequate resources, competent staff and independence of the senior management and the other departments. Article 22: Risks Management Function The risks management function of the Exchange and Depository Center must have defined responsibilities and powers, adequate resources, competent staff, independence and direct access to the board. Article 23: Link with the Exchange, Depository Center or CCP a) The Exchange or Depository Center may link to an Exchange, a Depository Center, a CCP or any other entity inside or outside the Kingdom, provided that preventive arrangements shall be made, including the clear documentation of the linkage scope and limits, along with identifying and managing the risks that may be posed from such linkage. In addition, such arrangements shall be on a clear legal basis that supports linkage and provides protection to all relevant Exchanges, Depository Centers, and CCPs. b) On linking with another Depository Center or settlement system, the Depository Center shall measure, monitor and manage liquidity and credit risks for both parties. Furthermore, the Depository Center shall ensure that any credit extension between the parties is covered with low-market-and-credit-risk guarantees based on an internal assessment substantively

17 conducted by the Depository Center. Also, such guarantees shall be transferrable without any regulatory or legal restrictions or claims by third parties that may impact liquidating them. In addition, the guarantees shall have reliable pricing data published on a periodic basis. Article 24: Outsourcing a) The Exchange and Depository Center may delegate specific functions to an external party, and when each of them when delegating material functions to an external party, commit to the following:

1. Set appropriate safeguards arrangements, including: a. The roles and responsibilities of the boards’ members and senior executives of the Exchange and Depository Center; b. An assessment of whether the delegate is suitable to carry out the delegated function or task, taking into account the degree of responsibility involved; c. Clear documentation of the extent and limits of any delegation, the parties’ obligations and responsibilities, and the information confidentiality standards; d. Suitable arrangements to supervise the delegation and to monitor the discharge of the delegate’s functions or tasks and ensure its continuity. Furthermore, such delegate shall fulfil business continuity requirements similar to the requirements imposed on the Exchange and the Depository Center; e. Criteria to be established for assessing the risks from an outsource and measures for reducing such risks ensuring that the third outsource shall not preclude the Authority from the effective oversee on the Exchange and the Depository Center, or Exchange's and the Depository Center's business, transactions or compliance to the Law and its implementing regulations; and f. Appropriate remedial action if any concern arises about the performance of the delegate’s functions or tasks.
2. The boards of the Exchange or Depository Center shall ensure that outsourced functions meet the same requirements they would need to meet if they were provided internally by the Exchange or Depository Center. The Exchange or the Depository Center shall have robust arrangements for the selection, close monitoring of the performance and substitution of such external parties and shall provide all information necessary to enable the Authority to assess the compliance of the performance of any outsourced functions with these Regulations. b) The outsourcing of any function by the Exchange or Depository Center will not derogate from their regulatory obligations. Article 25: Audit The Authority may direct the Exchange or Depository Center to appoint a third party to conduct an audit.

18 PART 5 RULES AND PROCEDURES Article 26: Rules and procedures a) The Exchange or Depository Center, each within its own purview, before commencing its business must have rules, procedures and contracts that are clear, understandable, and consistent with the provisions of the Law and its implementing regulations. b) When preparing a proposal for draft rules or procedures or amendments thereof, The Exchange or Depository Center, each within its own purview, must comply with the Annex (3) of these Regulations. c) The Exchange and Depository Center shall have the power to set the technical procedures required for implementing the provisions of the rules referred to in paragraph (a) of this Article, in accordance with the provisions of this Law and its implementing regulations. The Exchange and the Depository Center shall notify the Authority of the procedures to be established or amended at least (30) calendar days prior to the date on which it is intended to be published. d) The Exchange and Depository Center must ensure the application of the rules and procedures - referred to in this Article- is satisfied on an ongoing basis, including monitoring their members' compliance with those rules and procedures. Article 27: Membership Requirements The Exchange and Depository Center, each within its own purview, must specify the conditions and requirements for the membership in each of them, considering the following:

1. Maintain the integrity and efficiency of their business in proportion to the risks associated with them.
2. Fair and easy access to the services provided by each of them, taking into account risks considerations.
3. Ensuring that the members have the legal, financial and operational requirements for fulfilling their obligations towards each of them and other members. Such requirements shall include the following: a. The member obtaining authorisation required for conducting its business. b. If a member is incorporated outside the Kingdom, the laws or regulations applicable to such member shall not impede his compliance with the membership requirements. c. The ability and readiness of the member to use the relevant systems and services, including the technical abilities.
4. The effect of accepting a member on the integrity and efficiency of Exchange’s or the Depository Center’s business.
5. Ensuring member compliance with membership requirements on an ongoing basis.

19 Article 28: Training The Exchange and Depository Center shall provide the training required to facilitate for the members’ understanding of their rules, procedures, and risks associated with membership. Article 29: Listing and Trading of Securities Conditions a) The Exchange must have rules regarding conditions for listing and trading of Securities; the immediate and regular publication of the information related to executed transactions of the Securities traded on the Exchange; the obligations of issuers, shareholders and members to disclose to the Exchange the information that the Exchange believes to be necessary, and the appropriate controls and procedures that allow capital market institutions, other than the members of the Exchange, to execute their transactions on the Exchange. b) The Exchange must ensure fairness, efficiency and transparency of the listing requirements, the trading rules and its technical methods, and the information of the Securities listed on the Exchange. In addition to maintaining the safety of the Exchange and the protection of investors. Article 30: Dispute Settlement Rules The Exchange and the Depository Center, each within its own purview, must have rules for settling disputes among members of the Exchange and Depository Center, and disputes between those members and their clients. Article 31: Default Rules and Procedures a) The Primary Exchange and Depository Center must have rules and procedures for default, which ensure the continuity in fluffing their obligations and enhancing their resources in case of one of their members’ default and disclose the key aspects of it, at a minimum, to the public. b) The Primary Exchange and the Depository Center must be sufficiently prepared for implementing the default rules and procedures, referred to in paragraph (a) of this Article, including the discretionary procedures stipulated in such rules and procedures. c) The Depository Center's default rules and procedures must ensure the containing of losses and reducing liquidity risks. In addition, such rules and procedures shall include a mechanism for periodic tests with the concerned parties for ensuring the effectiveness of such procedures. Article 32: Direct Access to Exchange Systems a) The Exchange may give direct access to Exchange systems after obtaining the Authority’s approval. b) If the Exchange plans to allow direct access to the Exchange systems, it must have the effective arrangements for the direct access to the Exchange’s systems and the management of the risks arising from such access for maintaining fair trading and orderly technical mechanisms.

20 Article 33: Market Making a) The Exchange may allow market making, and the Primary Exchange must obtain the Authority’s approval before allowing such activity. b) If the Exchange plans to allow market making, it must have the effective rules, procedures and systems required for the Market making activity and the management of the risks arising from it, and ensure that the market maker fulfils, on an ongoing basis, the systems, procedures and rules for market making. Article 34: The Rules of the Depository Center a) The Depository Center must have sound and effective rules and procedures that ensure the efficiency of the processes of registration of Securities traded on the Exchange, and they are settled in accordance with related regulatory procedures. b) The Depository Center’s rules and procedures must include, at the minimum, the following:

1. Appropriate rules and procedures for protecting securities deposited with the Depository Center to safeguard the rights of securities issuers and holders, including robust accounting practices that ensure the protection of securities issuers and holders from any errors in the registration process.
2. Conducting at least daily reconciliation of securities issues it maintains.
3. Procedures to manage the default of its members and disclose it, to ensure the Depositary Center can contain losses and reduce liquidity risks and continue to meet its obligations.
4. Procedures of securities registration and pledges or other claims related to them, along with opening Depository Center accounts, depositing securities in such accounts, and settling the transactions in such securities. Article 35: Membership Suspension and Revocation a) The Exchange and the Depository Center, each within its own purview, must have procedures for cancellation or suspension of membership. b) Prior to revocation or suspension of membership, as per paragraph (a) of this Article, the Exchange and Depository Center, each within its own purview, must notify the concerned member and give it the opportunity for the reply and documenting that in writing. c) The decision on revocation or suspension membership, as per paragraph (a) of this Article, must give clear reasons for such decision. d) The Exchange and the Depository Center must notify the Authority once membership is suspended or cancelled. e) The Authority may instruct the Exchange or Depository Center to suspend or revoke the membership of a member thereof.

21 Article 36: Disclosure of Rules, Procedures and Fees The Exchange and the Depository Center, each within its own purview, must disclose in Arabic and English to the public on their website, or any other means as the Authority specifies, free of charge, the following information:

1. The rules of the Exchange and the Depository Center, each within its own purview; and
2. Its fees at the level of individual services it offers, provided that it includes a brief description of every service, as well as its policies on any available discounts. Article 37: Trading Disruption The Exchange must establish controls for mitigating the risks of executing orders at abnormal prices or within a wide price range, and a mechanism for identifying, addressing and cancelling such orders.

22 PART 6 OPERATIONS OF THE EXCHANGE Article 38: Security Offering and Listing of Holding Company The Primary Exchange may not list securities issued by itself, its holding company or subsidiary, unless the Exchange place arrangements to:

1. Fairly resolve conflicts of interests arising from such listing; and
2. Ensuring the integrity of trading such securities and the derivatives based on such securities. Article 39: Issuer’s Continuous Obligations a) The Primary Exchange must set appropriate systems and arrangements to enable the issuers of securities traded on the exchange from fulfilling their ongoing disclosure obligations. b) The Primary Exchange must monitor the issuers, of securities traded on the Exchange, fulfilment of their continuing obligations in accordance with Exchange Rules and procedures, and as may be determined by the Authority. Article 40: Pricing and Disclosure a) The Exchange shall ensure that securities prices reflect the actual market situation based on procedures and instructions prescribed by and under the Exchange’s supervision. In addition, the Exchange shall disclose such prices as per the standards determined by the Exchange, including price fluctuations. b) The Primary Exchange must ensure that the formation of securities prices is based on demand and supply. In addition, the Primary Exchange shall show the participants the consequences of the trading orders, including the price and volume of the order, and whether such order may be executed in the Exchange, along with all the information affecting the price. c) The Exchange shall provide Information on completed transactions on an equitable basis to all members. d) The Exchange shall provide the public with the basic trading data, including transaction volumes and values, free of charge within (15) minutes at the maximum from the time of trading, to ensure market transparency for non-subscribers in exchange data services. e) The Exchange must standardize the data forms, used for securities, and the reference data. f) The Exchange must provide the public access to the following:
3. Order book details; and
4. The Historic trade data, which shall at least include the securities trading data.

23 Article 41: Timestamp a) The Exchange must ensure to synchronize the time and date in all its systems with each other, including stamping the transaction receipt, creation and transmission of data items and for audit trails. b) The Exchange must timestamp all entered, modified and canceled orders once receiving the information from the related systems. c) The Exchange must timestamp all executed transactions at the point of matching in the related systems. d) The Exchange must provide its members with information of the entered, modified and canceled orders and the executed transactions immediately to enable the members to implement appropriate monitoring and risk management controls. Article 42: Price Change Units The Primary Exchange must determine tick sizes of securities. Article 43: Algorithmic Trading The Primary Exchange that enables algorithmic trading must have the arrangements to mitigate its risks to Exchange safety. Article 44: Market Surveillance The Exchange must comply with the following:

1. Set mechanisms for observing the market, including trading disruption conditions and contravening conducts.
2. Provide the Authority with the market observing mechanisms, referred to in paragraph (1) of this Article, including trading suspension in accordance with the law and its implementing regulations and the Exchange Rules, price fluctuation mechanism, and the procedures followed in case of potential trading disruption on the market. Article 45: Trading Suspension The Authority, in accordance with the Law, may instruct the Exchange to suspend, reduce, extend or alter the time of a trading session and suspend trading in one or more individual securities.

24 PART 7 OPERATIONS OF THE DEPOSITORY CENTER Article 46: Securities Accounts The Depository Center must ensure the efficiency of the processes for the registration and settlement of Securities, including the following:

1. Take appropriate reconciliation measures to verify transactions and ensure a risk assessment framework is in place to protect assets against custody risk;
2. Ensure the depository and settlement systems it operates offer adequate protection to members, including defining time stamps;
3. Develop systems and keep records and accounts that shall enable it, at any time and without delay, to segregate the accounts of each of its members in the Depository Center, and between them and accounts belonging to the Depository Center;
4. Keep records and accounts that enable the member of Depository Center to distinguish between its securities and its clients’ securities;
5. Prohibit overdrafts and debit balances in securities accounts;
6. Enable an investor to access and obtain statements of his Depository Center account and securities owned by him in accordance with the rules of the Depository Center; and
7. Enable an issuer to receive copies of the ownership record of the securities issued thereby. Article 47: Asset of the Depository Center a) The Depository Center must establish rules and procedures to ensure that assets are held with authorised, supervised and regulated legal persons, that have robust accounting practices, safekeeping procedures, and internal controls that fully protect these assets. b) The Depository Center must hold those assets in a manner that assures prompt access to such assets. c) The Depository Center must evaluate exposures to banks who preserve the cash assets, taking into account the full scope of its relationships with each. d) The Depository Center may only hold assets with any of the following:
8. Depository Center for assets held in the Kingdom, and central securities depositories and securities settlement systems for assets held out of the Kingdom that the Depository Center considers offering equivalent protections and safeguards as the Depositories Centers in the Kingdom.
9. Central banks, and banks where such assets are cash, either in the Kingdom and subject to SAMA’s supervision or out of the Kingdom and the Depository Center considers the provided protections and safeguards are equivalent to those provided by local banks subject to SAMA’s supervision. e) The Depository Center must develop an investment strategy if such assets are intended to be invested, provided that:
10. It shall be consistent with its risk management policy; and

25 2) Invest only in cash or highly liquid financial instruments with the minimal market and credit risk. Those investments shall be capable of being liquidated rapidly with the minimal adverse price effect. Article 48: Records of the Depository Center The Depository Center must submit a report on pledges and other claims in its records related to deposited Securities to the Authority and the relevant market within the (21) days following the end of the quarter of the Depository Center’s financial year, such report shall include the following:

1. Any deficiency in the records of Depository Center; and
2. Any error aware of in the information entered into records of Depository Center.

26 PART 8 RISKS Article 49: Risk Management a) The Exchange and Depository Center must establish policies, systems and procedures to identify and mitigate risks; this shall be reviewed on an ongoing basis. The Exchange and the Depository Center must identify the risks arising from the links to third parties and develop suitable tools for mitigating such risks. b) The Exchange and Depository Center, which conducts business outside the Kingdom, must identify and mitigate potential risks in case of any conflict between the Laws applicable thereto. Article 50: Identifying and Managing Operational Risks The Exchange and the Depository Center shall identify, monitor and manage the various sources of operational risks, and establish clear policies and procedures to address them. As a part of this process, it should:

1. Identify all potential single points of failure in its operations, which shall include internal processes (including, without limitation, deficiencies in its information systems, inadequate screening of its personnel and inadequate control of systems and processes) and external events (including, without limitation, the failure of critical service providers and the occurrence of natural disasters);
2. Assess the evolving nature of the operational risks it faces on an ongoing basis; and
3. Analyse its potential vulnerabilities and implement appropriate defense mechanisms. Article 51: Business Continuity Plan a) The business continuity plan is a key component of the Exchange and Depository Center’s risk management framework. All aspects of the business continuity plan must be clearly and fully documented. b) The business continuity plan of the Exchange must include the following:
4. Identify and address events that pose a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption;
5. Include clearly stated objectives, which deal with both measures that prevent disruptions of critical operations and policies and procedures to mitigate the effect of such disruption events by allowing for the rapid recovery and timely resumption of the operations of the Exchange following a disruption. In this regard, the Exchange must be able to resume operations following disruption events without delay; and
6. Back up business and compliance critical data that flows through their electronic trading systems. c) The business continuity plan of The Primary Exchanges and Depositary Centers- referred to in paragraph (a) above - must include the setting up a secondary off-site, with sufficient resources, capabilities, and functionalities and appropriate staffing arrangements that would not be affected by a wide-scale disruption and must allow the secondary off-site to

27 take over operations if required. The secondary off-site should provide the level of critical services necessary to perform the functions consistent with the recovery time objective identified by the Exchange or Depository Center, which at a minimum shall require that the information technology systems can resume operations within two hours following disruptive basis, and complete the settlement operations -even in the extreme cases- before the end of business interruption day. In addition, the Exchange and Depository Center shall test such procedures on a periodic basis. Article 52: General Business Risk Management arrangements a) The Exchange and the Depository Center shall must arrangements to manage and monitor general business risk. such arrangements shall include the following:

1. Identifying the sources of the general business risk and their potential impact on their operations and services, taking into account previous losses and the financial projections, where possible; and
2. Considering a combination of tools, such as risk management and internal control assessments, scenario analysis, and sensitivity analysis to manage general business risk. b) The Exchange and the Depository Center must notify the Authority immediately of any material changes to their general business risk. Article 53: General Business Risks Management a) As a part of their general business risks management, the Exchange and Depository Center must hold Liquid Net Assets so that enable it to continue operations as a going concern if it incurs general business losses. b) When determining the amount of Liquid Net Assets to be held by the Exchange and Depository Center, they must consider the time span required to achieve a recovery of their critical operations and services. c) If at any time the amount of Liquid Net Assets held is lower than the amount required pursuant to paragraph (b) of this Article, the boards of the Exchange and Depository Center must establish a plan to increase the amount of Liquid Net Assets held by them to the required amount and update that plan regularly. d) The assets maintained by the Exchange and Depository Center to cover the general business risks shall be high quality and sufficient liquidity.

28 PART 9 OTHER EXCHANGE AND THE DEPOSITORY CENTER OBLIGATIONS Article 54: Confidentiality of Information The Exchange and Depository Center must maintain the confidentiality of the information they obtain when carrying out their business, and may not disclose such information except where:

1. Its disclosure is based on the Authority’s or the Committees for Resolution of Securities Disputes’ request under the Law, its Implementing Regulations or the related laws, or based on the General Administration of Financial Investigations’ request in accordance with the provisions of Anti-Money Laundering Law and Combating-Terrorism Crimes and its Financing Law and their Implementing Regulations;
2. When the disclosure is based on SAMA’s request in relation to members of the Depository Center who are banks and subject to SAMA’ supervision in accordance with the relevant laws.
3. The investor has explicitly consented to its disclosure.
4. Its disclosure is reasonably necessary to perform a particular service for the client.
5. The information is no longer confidential.
6. Any other cases determined by the rules of the Exchange and Depository Center. Article 55: Record-keeping a) The Exchange and Depository Center, each within its own purview, must retain all the records related to the business, the services and the activities provided thereby. b) The Exchange must record and maintain the information of entered, modified and canceled order, and the information related to executed transactions. c) The Depository Center must maintain the information of securities after the cancellation of their deposition. d) The Depository Center must record and maintain the information of deposited Securities for the period of their depository, otherwise the Exchange and Depository Center must keep the records referred to in this Article for (10) years unless otherwise determined by the Authority. e) Without prejudice to paragraph (d) of this article, if records are relevant to a dispute with a client or a regulatory enquiry, the record must be retained until the dispute is fully resolved or the enquiry completed. f) The Exchange’s and the Depository Center’s records may be retained in any form, but must be capable of reproduction in hard printed form. g) All records or information required to be kept by the Exchange and Depository Center under these Regulations must be provided to the Authority upon its request. The Authority may inspect the records directly or through a person it appoints for that purpose.

29 h) When a member of the Exchange or Depository Center requests any records kept during the regulatory record-keeping period, the Exchange and Depository Center must make available, within a reasonable period, any of the following:

1. any written material or records which relate to that Member; and
2. Copies of any correspondence received from or sent to that Member relating to Exchange or the Depository Center services. i) The Authority may instruct the Exchange and Depository Center to hand over the records to a third party in case of cancelling or suspending the authorisation. Article 56: Products a) The Exchange shall obtain the Authority’s approval prior to launching new products in the market or modifying any of them. b) The Exchange must obtain the Authority’s prior approval for the markets it establishes or operates. Article 57: Communication Procedures and Standards a) The Exchange and Depository Center must use internationally accepted communication procedures to facilitate effective communication between its information systems, and those of its Members, their Clients, and others that connect to it such as service providers. b) The Exchange and Depository Center must use internationally accepted communication standards, such as standardised messaging formats and reference data standards. Article 58: Auditor’s Report a) The Exchange and Depository Center, each within its own purview, must send to the Authority its quarterly interim financial statements within a period not exceeding (30) days after the end of the financial period included in such financial statements, and the audited annual financial statements within (3) months as of the end of the annual financial period included in such financial statements. b) The Exchange and Depository Center, each within its own purview, when appointing its auditor must ensure that the auditor is registered with the Authority in accordance with the Rules for Registering Auditors of Entities Subject to the Authority's Supervision. c) The Depository Center must send an audited report reviewed by an external auditor, on the accounts of the securities deposited therein, to the Authority within (3) months as of the end of Depository Center’s financial year. Article 59: Annual Report The Exchange and the Depository Center must submit an annual report to the Authority within (3) months as of the end of their financial year, for ensuring their compliance with all the provisions of the Law and its implementing regulations.

30 Part 10 PUBLICATION AND ENTRY INTO FORCE Article 60: Publication and Entry into Force These Regulations shall become effective as per its approval resolution.

31 ANNEX (1) INFORMATION AND DOCUMENTS REQUIRED FOR AUTHORISATION AND COMMENCEMENT OF BUSINESS First: Information and Documents Required for Authorisation: a) Business Plan – An applicant must submit a business plan, setting out a detailed description of the purposes and objectives of obtaining the authorisation, it shall be specific, measurable and achievable. b) Governance Arrangements - An applicant must submit a governance arrangement, which includes the organizational chart. c) Main Services Delivery Policies and Procedures - An applicant must submit policies and procedures to ensure the effective delivery of main services, including its planning, construction, operation, monitoring and maintenance. d) Risk Reduction Plan - The applicant must submit a clear, documented risk￾management framework that includes risk-tolerance policy, assigns responsibilities and accountability for risk related decisions, and addresses decision-making mechanism in crises and emergencies. e) Governing Body Resolution – An applicant must submit a copy of the resolution of its governing body in the form prescribed by the Authority approving the application and its contents, and certifying the accuracy and completeness of the accompanying information and documents. f) Incorporation Documents – An applicant must submit a copy of its articles of association. Second: Information and Documents Required for the Commencement of Business a) Business Continuity - The Exchange and Depository Center must submit a business continuity plan, setting out the following:

1. Identify and address events that pose a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption;
2. Appropriate plans for operations recovery or orderly wind-down based on the results of that assessment;
3. Clearly stated objectives, which deal with both measures that prevent disruptions of critical operations and policies and procedures to mitigate the effect of such disruption events by allowing for the rapid recovery and timely resumption of the operations following a disruption. b) Information Technology Governance Arrangements. c) Senior Executives Succession Plan. d) Disciplinary Proceedings - The Exchange and Depository Center must submit disciplinary proceedings for the violation of a member of the Exchange or Depository Center of the regulations and rules regulating its business.

32 e) Compliance Plan - The Exchange and Depository Center must submit a compliance plan, including inspection and audit procedures on its members to ensure their compliance with the rules and regulations pertaining to it. f) Operational Systems - The Exchange and Depository Center must submit a detailed description of its operations, including the following:

1. The means of access to the electronic system and its supporting system.
2. Proposed fees.
3. Hours of operation of the system, and the date on which applicant intends to commence operation of the System.
4. The users’ manual.
5. For the Exchange, procedures governing entry and display of quotations and orders in the system and procedures governing the execution of transactions.
6. For the Depository Center, procedures governing the settlement of transactions in connection with the system. g) Drafts of its regulations, rules and instructions necessary for its operations. h) Contracts – The Exchange and the Depository Center must submit the agreements, arrangements and understandings with third parties to provide any material services or operations. i) Final Incorporation Documents – The Exchange and the Depository must submit copies of the final incorporation documents, including its articles of association and by-laws, the commercial registry, and the authorisation issued by the Ministry of Investment (where applicable). j) Website – The Exchange and the Depository must provide the data of the website through which it discloses any information determined by the Authority.

33 ANNEX (2) NOTIFICATION REQUIREMENTS a) The Exchange and the Depositary Center must notify the Authority in writing immediately on the occurrence of any of the following:

1. Any operational accident caused by operational risks.
2. Any failure or delay in any of their procedures, including those resulting from a system malfunction.
3. Any material changes to the information provided by either of them to the Authority for the purposes of the authorisation application.
4. To carry out any business other than those for which they are authorised.
5. The formation, acquisition, disposal or dissolution of a subsidiary specifying the subsidiary’s name and its principal business.
6. Any event that leads to a material change in the soundness of its financial position, including any assets pledged, or a lawsuit to which either of them is a party, or any punishment, penalty, precautionary procedure or preventive measure imposed on either of them by the Authority or any other supervisory, regulatory or judiciary authority.
7. Any event that may affect the timely fulfilment by a member, of either of them, its financial obligations.
8. Dismissal of a member of the administrative body of either of them, or submit his resignation.
9. Removing the executive manager of either of them, or submitting his resignation.
10. Any violation committed by an employee, of either of them, against the laws, implementing regulations, or its Bylaws.
11. The outsourcing of any material function. b) The Depository Center must notify the Authority in writing within (21) days from the date of discovering any error in the information entered in the records of the Depository Center, stating the reasons for this. c) The Exchange and the Depository Center must notify the Authority annually in writing of any change or update in the succession plan of senior executives of any of them. d) The Exchange and the Depository Center must notify the Authority in writing at least (30) days prior to the date of providing any new services or modifying any of them.

34 ANNEX (3) REQUIREMENTS FOR PREPARATION OF RULES AND PROCEDURES a) Submit a comprehensive study of the proposal to the Authority after approval by the board of the Exchange or Depository Center, provided that it includes an explanation of the proposal’s objectives, the reasons for its preparation, the need for it, and its expected impact, considering the technical and legal aspects. b) Provide an explanatory memorandum on the proposal to the Authority after submitting the study -referred to in paragraph (a) above- that includes a statement of the legal basis for the proposal, its main elements, and the draft project with a clear explanation of its articles, and the implications of its application, in addition to the following:

1. International legislation and experiences that benefited from when preparing it and the main legal provisions contained in those legislations.
2. A table that includes a statement of the statutory provisions contained in the Implementing Regulations, Exchange Rules, Depository Center Rules, and CCP Rules that require to be repealed or amended, and the corresponding proposed provisions, as well as the rationale behind them. c) Publishing the draft project for public consultation after obtaining the Authority's no￾objection letter. d) Submit the proposal to the Authority, after public consultation, to request the board approval, which shall include the public's feedback received as well as the actions taken regarding them, in addition to the requirements stipulated in paragraph (b) above. e) Publishing a summary of the public feedback and the actions taken regarding them, after the board approval of the project and the publication of it.