Recovery Planning Regulation

CBUAE Classification: Public Recovery Planning Regulation

CONTENTS Page Subject Introduction 3 Scope of Application 3 Article (1) Definitions 4 Article (2) Requirement for a Recovery Plan 8 Article (3) Scope of Recovery Plan and Proportionality 9 Article (4) Group Recovery Plans 10 Article (5) Governance 12 Article (6) Recovery Plan Indicators 14 Article (7) Recovery Options 16 Article (8) Scenario Testing 21 Article (9) Recovery Capacity 22 Article (10) Central Bank Liquidity Facilities 24 Article (11) Business Continuity Arrangements 25 Article (12) Communication Plan 25 Article (13) Annex to the Recovery Plan 26 Article (14) Update and Submission Frequency 26 Article (15) Sanctions & Enforcement 27 Article (16) Interpretation of Regulation 28 Article (17) Publication & Effective Date 28

Circular No.: 2023/4 Date: 30/10/2023 To: All Banks and Insurance Companies, and designated Licensed Financial Institutions Subject: Recovery Planning Regulation

Introduction The purpose of the recovery plan is to prepare a Financial Institution to be more resilient to periods of severe financial stress and guide it to stabilize itself and restore its financial position and overall viability. The recovery plan is an important crisis preparedness and management resource. It must be designed with a view to its implementation in distressed situations and must not be treated as a compliance exercise.

This Regulation is issued pursuant to the powers vested in the Central Bank under the provisions of the Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organisation of Financial Institutions and Activities, as amended and Federal Law No. (6) of 2007 Concerning Organizing of Insurance Operations, as amended.

Scope of Application This regulation applies to Financial Institutions, which includes the following for the purpose of this regulation:

1. Banks.
2. Insurance Companies.
3. Branches of foreign Banks and branches of foreign Insurance Companies.
4. Any other Licensed Financial Institution designated by the Central Bank, at its discretion, as being required to implement recovery planning.

Article (1): Definitions 1.1 Bank: Any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other licensed financial activities, as defined in the Central Bank Law. 1.2 Central Bank: The Central Bank of the United Arab Emirates. 1.3 Central Bank Law: Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organisation of Financial Institutions and Activities, as amended. 1.4 Control Function: Function (whether in the form of a person, unit or department) that has a responsibility in a Financial Institution to provide objective assessment, reporting and/or assurance; this includes the risk management, compliance, internal audit and, where applicable, actuarial, Shari’ah control and Shari’ah audit functions. 1.5 Core Business Lines: Business lines and associated services that represent material sources of revenue, profit or franchise value for a Financial Institution. 1.6 Critical Functions: Activities, services or operations the discontinuance of which is likely to lead to the disruption of financial stability, or of services that are essential to the economy due to the size, market share, external and internal interconnectedness, complexity, cross-border activities of a Financial Institution, with particular regard to the substitutability of those activities, services, or operations. 1.7 Enterprise Risk Management (ERM): The strategies, policies and processes of identifying, assessing, measuring, monitoring, controlling, reporting and mitigating risks in respect of an Insurance Company’s enterprise as a whole. 1.8 Financial Institution: a Bank or Insurance Company, or branch in the UAE of a foreign bank or insurance company, or any other Licensed Financial Institution designated by the Central Bank. 1.9 Financial Market Infrastructure: multilateral system among participating institutions, including the operator of the system, used for the purposes of clearing, settling, or recording payments, securities, derivatives, or other financial transactions. 1.10 Idiosyncratic Stress Scenario: a stress scenario that affects only the Financial Institution’s group or part of that group, but not the broader market or sector; as opposed to a System-Wide Stress Scenario. 1.11 Insurance Company: The insurance company incorporated in the State, or a foreign branch of an insurance company, that is licensed to underwrite primary insurance and reinsurance, including Takaful Insurance Companies. 1.12 Insurance Law: The Federal Law No. 6 of 2007 Concerning the Organization of Insurance Operations, as amended. 1.13 Internal Shari’ah Supervisory Committee: A body appointed by an Islamic Financial Institution (“IFI”) or a Takaful Insurance Company, comprised of scholars specialized in Islamic financial transactions, which independently supervises transactions, activities, and products of the IFI or the Takaful Insurance Company to ensure compliance with Islamic Shari’ah in all its objectives, activities, operations, and code of conduct. 1.14 Islamic Financial Institutions: The Central Bank licensed Financial Institutions that conduct all or part of their activities and businesses in accordance with Islamic Shari’ah Provisions. 1.15 Islamic Shari’ah Provisions: a. The resolutions, Fatwas, regulations and standards issued by the Higher Shari’ah Authority in relation to activities and businesses of the IFIs and the Takaful Insurance Companies ("HSA’s Resolutions"). b. The resolutions and Fatwas issued by the Internal Shari’ah Supervision Committee of the respective IFIs and the Takaful Insurance Companies, in relation to their activities and businesses ("ISSC’s Resolutions"), provided that they do not contradict the HSA’s Resolutions. 1.16 Own Risk and Solvency Assessment (ORSA): an internal process undertaken by an Insurance Company/ Group to assess the adequacy of its Risk Management and current and prospective solvency positions under normal and severe stress scenarios. It requires an Insurance Company to analyze all reasonably foreseeable and relevant material risks. It covers current and future risks and requires company-specific judgment about risk management and the adequacy of their capital position that could have an impact on its ability to meet both its business objectives as well as its policyholder obligations. This encourages management to anticipate potential business challenges, capital needs and to take proactive steps to reduce risks. The ORSA is not a one-off exercise; it is a continuously evolving process and must be a component of an Insurance Company’s Enterprise Risk Management (ERM) framework. Whilst there is not one specific way of conducting an ORSA, the output is expected to be a set of documents that demonstrate the results of management's proactive approach to its own self-assessment. 1.17 Senior Management: The individuals or body responsible for managing the Financial Institution on a day-to-day basis in accordance with strategies, policies and procedures set out by the board, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions. 1.18 Staff: All the persons working for a Financial Institution including the members of Senior Management, except for the members of its Board. 1.19 Standing Facilities: Monetary Policy tools made available to Licensed Financial Institutions, to enable management of their liquidity in accordance with the controls and instructions issued by the Central Bank, in accordance with the provisions of the Central Bank Law. 1.20 System-Wide Stress Scenario: a stress scenario that affects not only the Financial Institution’s group or part of that group, but also the broader market or sector in which it operates; as opposed to an Idiosyncratic Stress Scenario. 1.21 Takaful Insurance: A collective contractual arrangement aiming at achieving mutuality and cooperation among a group of participants against certain risks, whereby each participant pays certain contribution to form an account called the participants’ account. This account is used for paying the entitled compensations and/or benefits when risk is realized, in accordance with the terms and conditions. The Takaful Insurance Company manages this account and invests its funds. All transactions of the Takaful Insurance Company should be in accordance with the Islamic Shari’ah Provisions.

Article (2): Requirement for a Recovery Plan Financial Institutions must have in place a recovery plan in line with the requirements stated in this Regulation, which must include, at a minimum, the following: 2.1 An executive summary setting out the key elements of the plan and a summary assessment of the overall recovery capacity; 2.2 A summary of the material changes to the Financial Institution and to the recovery plan since the most recent recovery plan; 2.3 Description of the Financial Institution that outlines its legal structure, Core Business Lines, main risks, business model, Critical Functions, and key financial operations and characteristics; 2.4 The governance aspects of the Recovery Plan and how it is integrated into the broader corporate governance, policies and processes of the Financial Institution; 2.5 A framework of recovery indicators, trigger thresholds, and the associated governance and escalation procedures; 2.6 A range of recovery options that can be implemented to restore the viability of the Financial Institution; 2.7 A range of stress scenarios, stressing the Financial Institution in various manners, and setting out the management actions to restore its viability, in particular by implementing recovery options; 2.8 The recovery capacity of the Financial Institution in general and applied to various scenarios; 2.9 The central bank liquidity facilities that the Bank may have access to and the process to obtain access, including the collateral available for this purpose; 2.10 An overview of the preparatory arrangements the Financial Institution has taken or intends to take to improve their access to recovery options; 2.11 Business continuity arrangements; 2.12 A communication plan catered to all relevant stakeholders, internal and external, to deploy when implementing recovery options; and 2.13 The Annex as set out in Article 13 below.

Article (3): Scope of Recovery Plan and Proportionality 3.1 The recovery plan must be commensurate with the Financial Institution’s complexity, size, group and organizational structure, risk profile and interconnectedness. 3.2 Financial Institutions must assess whether they provide Critical Functions to the financial systems in which they operate and take this into account for all aspects of their recovery plan, including, in particular, the definition of stress scenarios, the calibration of recovery thresholds and the impact recovery options may have on the provision of these Critical Functions. Examples of Critical Functions include payments, custody, certain lending and deposit-taking activities in the commercial or retail sector, clearing and settling, limited segments of wholesale markets, market making in certain securities and highly concentrated specialist lending sectors.

Article (4): Group Recovery Plans 4.1 Groups must draw up recovery plans that cover all of the Financial Institutions within the group, and must consider in their plan the scenarios, recovery options, indicators and thresholds relevant for each Financial Institution in the group. 4.2 The aim of the group recovery plan is to achieve the recovery of the group as a whole, or of one or more Financial Institutions within that group while considering the impact on the group as a whole. 4.3 Group recovery plans must include an overview of the arrangements in place to enable intra-group financial support, where applicable. 4.4 The group recovery plan should provide an overview of any material links between group entities, including for example back-to-back transactions and guarantees. 4.5 Group recovery plans must...