In a possible sign of things to come, the Central Bank of Bahrain has proposed changes to Volume 4 of its Rulebook (investment firms), revising the authorisation module, drafting a new module on digital financial advice and adding a chapter on cyber security risk measures, as well as adding to Volume 4’s glossary. The new cyber security chapter is a complete rewrite of the existing regulation and goes into detail on areas including accountability and responsibility, roles and responsibilities, and policies and procedures. Licensees providing internet services are required to test their systems twice a year – and to report the findings to the CBB within two months. These tests must be conducted by external, independent security professionals, such as ethical hackers. The proposed rules – which currently apply only to investment firms – are available on the CBB website in the ‘open consultations’ section.