Our Staff is not (completely) aware of these new rules, and what they mean for their daily work.

Our staff is fully aware of the new rules and we have started to adapt and document our brokering processes accordingly.

We have fully adapted and documented our brokering processes according to the new Business Conduct practices. These processes are periodically audited.

Our specialized brokerage systems and procedures have been fully adapted to the new Business Conduct practices. We continuously monitor the execution of these procedures.

We are not (completely) aware of which Personal Data of our clients we collect, how and where it is stored, how we protect it, and what we need to do in case of a cybersecurity breach.

We know the Data Privacy & Cybersecurity requirements from the regulation, and we have started to document relevant policies regarding the Personal Data we store and how we protect it.

We have a full set of Data Privacy & Cybersecurity policies aligned with the new Brokers' regulations. We periodically audit the execution of these policies.

We have a full set of Data Privacy & Cybersecurity policies and these have been implemented across our full technology stack. Through continuous monitoring and risk management we ensure maximum reliability.

Our approach to risk is mainly ad-hoc, with limited documentation and policies around risk management and no separate Risk & Compliance function.

A basic Risk Management Framework exists, but it is inconsistent and not fully embedded in daily working practices.

We have a structured, consistent and documented Risk Management Framework that is fully integrated in decision making and management of the company. Risk Management is an integral part of our business processes.

Risk Management is fully integrated into our corporate strategy and decision making, and is supported by advanced tooling and analytics. Our culture and working practice support Risk Management as a value driver rather than a complance obligation.

We are not (completely) aware of the financial ratios that need to be monitored and reported in order to comply with the new CBUAE Brokers' Regulation.

We are aware of the financial ratios that are required to comply with the new CBUAE Brokers' Regulation. Our Finance department will report these ratios to the Central Bank when required.

The new regulated financial ratios are an integral part of the periodic Management Report, and are monitored and managed by the Board of Directors on a regular basis.

Regulated financial ratios are an integral part of the company's management reporting in both actuals and financial budgetting, embedded in our reporting systems and pro-actively managed by the Board of Directors.

For (some of) the designated positions in our organization (e.g. CEO, Control Functions, Specialized Employees) we do not have a full and documented insight in how their professional qualifications comply with the new Brokers' Regulation.

We have started the review of our personnel's qualifications and how these comply with the new Brokers' Regulation. We may have (some) gaps in the documentation of their qualifications.

We have done a full review of designated positions qualifications and have full documentation of compliance with the new Brokers' Regulation. HR policies for new hires and training & development procedures have been adjusted accordingly.

Personnel qualifications are fully compliant with new regulations. Also the ongoing training requirements are planned and tracked in specialized systems for effective management and efficient reporting to the CB.

We have not (yet) reviewed whether our Brokerage Agreements with insurance companies are compliant with the new Brokers' Regulation.

We are aware of the requirements from the new Brokers' Regulation regarding our Brokerage Agreements with insurance companies, and we have started to review and adjust contracts where required to become compliant.

All our Brokerage Agreements have been reviewed and are compliant with the new regulations. Besides that, we periodically audit that our brokerage activities are executed in line with the regulations.

All Brokerage Agreements are managed and executed through integrated systems, proactively adjusted with the latest regulations and monitored on a continuous basis.

We are not (completely) aware of the changes that have been introduced regarding Premium payment and Claim settlement in the new Brokers' regulation.

We are aware of the new rules regarding Premium payment and Claim settlement, and we have started to review and adjust our arrangements with clients and insurance companies where required to become compliant.

All our processes and client communications have been adjusted according to the new Regulation, and all financial flows between insurance companies, clients and us as broker are fully compliant. Compliance is monitored periodically.

New compliant procedures have been implemented within our specialized Brokerage Systems which are fully compliant with the new regulations. Compliance is monitored continuously.

We have not clearly allocated the responsibilities for Audit, Risk & Compliance in our organization.

We combine Audit, Risk & Compliance in one function.

We have separated Audit, Risk & Compliance functions that are independent from the business. These roles report into Senior Management.

We have separated Audit, Risk & Compliance functions that are independent from the business. The Audit department reports into the Board which oversees Senior Management.

We have outsourced activities without or with limited assessment of the new regulations. We have limited visibility on how outsourced activities are executed and lack oversight from internal Compliance & Risk specialists.

We outsource activities, however whilst auditing outsourced parties is contractally agreed, auditing occurs irregularly or informally.

We have well-documented Materiality Assessments for outsourced activities and confirmation of No Objection from the CBUAE is received where required. Our Audit & Compliance functions execute periodic audits on the outsourced activities.

Internal audits and risk management of outsourced activities form an integral part of the companies governance and risk management practices, documented in fit-for purpose systems and pro-actively managed.