Skip to main content

The framework

BlackCores RM10 Standards

Ten defined criteria covering governance, documentation and responsible-market conduct for institution-facing firms across the FX/CFD ecosystem.

How to read each standard

Every standard sets out six things: what it means, why it matters, who it applies to, evidence examples, what may be recorded, and what it does not prove. Select a standard to expand the full detail.

RM1

Regulatory Perimeter & Licence Identity

Make the firm's regulatory perimeter, licence identity and permitted activities clearly documented and internally consistent.

What it means

Make the firm's regulatory perimeter, licence identity and permitted activities clearly documented and internally consistent.

Why it matters

Institution-facing counterparties and partners need a coherent, self-consistent picture of where a firm operates, under which entities, and within what permitted activities before they engage. Ambiguity here is a common source of mis-set expectations.

Who it applies to

All firms operating in or adjacent to the FX/CFD ecosystem.

Evidence examples

  • Licence and registration references where applicable
  • Entity structure and permitted-activity mapping
  • Public disclosure consistency review

What may be recorded

  • That perimeter and licence-identity documentation was submitted within a defined scope
  • The documentary status assigned for this criterion
Documentary Status: Defined Scope

What this does not prove

It does not confirm that a firm is licensed, authorised or approved by any regulator, and it is not a substitute for verifying a firm's status with the relevant authority.

RM2

Client Classification & Distribution Boundaries

Evidence how client categories, eligibility and distribution boundaries are defined and enforced.

What it means

Evidence how client categories, eligibility and distribution boundaries are defined and enforced.

Why it matters

How a firm classifies clients and bounds its distribution determines who it serves and how. Documented boundaries help institution-facing audiences understand the firm's intended market and the controls around it.

Who it applies to

Firms that onboard, classify or distribute to clients or partners.

Evidence examples

  • Client classification policy
  • Distribution and territory boundary controls
  • Appropriateness and eligibility records

What may be recorded

  • That classification and distribution-boundary documentation was reviewed within scope
  • The criteria-coverage status assigned
Criteria Coverage: Documented

What this does not prove

It does not confirm the outcome of any individual onboarding decision, nor that every client was correctly classified in practice.

RM3

Responsible Marketing, Affiliate & IB Controls

Demonstrate controls over marketing, affiliate and introducing-broker activity and the records that support them.

What it means

Demonstrate controls over marketing, affiliate and introducing-broker activity and the records that support them.

Why it matters

Marketing and third-party promotion are where conduct risk is most visible to the public. Documented approval and monitoring controls show how a firm governs the messages and partners that act in its name.

Who it applies to

Firms using marketing, affiliates, IBs or third-party promotion.

Evidence examples

  • Marketing approval and review process
  • Affiliate / IB onboarding and monitoring records
  • Promotional content control samples

What may be recorded

  • That marketing and affiliate/IB control documentation was submitted
  • The evidence-submission status for this criterion
Evidence Submitted

What this does not prove

It does not certify any individual campaign, advertisement or affiliate, and it does not guarantee that all promotional activity complies with applicable rules.

RM4

AML/CFT, Sanctions, KYB & Financial Crime Controls

Evidence financial-crime control frameworks across AML/CFT, sanctions screening and know-your-business.

What it means

Evidence financial-crime control frameworks across AML/CFT, sanctions screening and know-your-business.

Why it matters

Financial-crime controls are a baseline expectation for any firm handling funds or counterparties. Documented frameworks let institution-facing audiences see that the firm has defined policies, screening and beneficial-ownership procedures.

Who it applies to

Firms with onboarding, funds-handling or counterparty exposure.

Evidence examples

  • AML/CFT policy and risk assessment
  • Sanctions and PEP screening approach
  • KYB and beneficial-ownership procedures

What may be recorded

  • That financial-crime control documentation was reviewed within scope
  • The criteria-coverage status assigned
Criteria Coverage: Documented

What this does not prove

It does not test live transactions, confirm that no financial crime has occurred, or replace a firm's own regulatory obligations and supervisory examinations.

RM5

Counterparty, Supplier & Outsourcing Governance

Demonstrate governance over counterparties, suppliers and outsourced functions.

What it means

Demonstrate governance over counterparties, suppliers and outsourced functions.

Why it matters

Modern firms depend on a web of counterparties and outsourced services. Documented governance shows how a firm selects, oversees and manages dependency on the third parties embedded in its operations.

Who it applies to

Firms relying on counterparties, vendors or outsourced operations.

Evidence examples

  • Counterparty due-diligence framework
  • Outsourcing and supplier register
  • Service and dependency oversight records

What may be recorded

  • That counterparty and outsourcing governance documentation was submitted within scope
  • The documentary status assigned
Documentary Status: Defined Scope

What this does not prove

It does not assess the financial soundness or conduct of any individual counterparty or supplier, nor guarantee uninterrupted service.

RM6

Responsible Product, Service & Programme Design

Evidence responsible design of products, services and programmes, including target-market logic.

What it means

Evidence responsible design of products, services and programmes, including target-market logic.

Why it matters

How products and programmes are designed shapes the outcomes they create. Documented design governance and target-market logic show that a firm considers suitability and responsibility at the point of design, not only at sale.

Who it applies to

Firms designing products, services, education or programmes.

Evidence examples

  • Product governance and design records
  • Target-market and suitability logic
  • Review and approval trail

What may be recorded

  • That product and programme design documentation was reviewed within scope
  • The criteria-coverage status assigned
Criteria Coverage: Documented

What this does not prove

It does not evaluate commercial performance, investment returns or the suitability of any product for a particular person.

RM7

Complaints, Fair Handling & Remediation Records

Demonstrate complaints handling, fair-treatment practices and remediation record-keeping.

What it means

Demonstrate complaints handling, fair-treatment practices and remediation record-keeping.

Why it matters

How a firm responds when things go wrong is a strong signal of its conduct culture. Documented complaints, fair-handling and remediation processes show a structured approach to resolution and root-cause learning.

Who it applies to

Firms handling clients, partners or end-user complaints.

Evidence examples

  • Complaints policy and workflow
  • Remediation and root-cause records
  • Fair-handling governance reporting

What may be recorded

  • That complaints and remediation documentation was submitted within scope
  • The evidence-submission status for this criterion
Evidence Submitted

What this does not prove

It does not confirm the outcome of any individual complaint or that every complaint was resolved to a complainant's satisfaction.

RM8

Technology, Data, Cyber & Operational Resilience

Evidence technology governance, data protection, cyber controls and operational resilience.

What it means

Evidence technology governance, data protection, cyber controls and operational resilience.

Why it matters

Technology and data sit at the core of institution-facing operations. Documented security, resilience and continuity governance show how a firm protects systems and data and prepares for disruption.

Who it applies to

Firms operating platforms, data systems or critical technology.

Evidence examples

  • Information-security and data-protection policies
  • Resilience, continuity and incident records
  • Cyber control and testing summaries

What may be recorded

  • That technology, data and resilience documentation was reviewed within scope
  • The criteria-coverage status assigned
Criteria Coverage: Documented

What this does not prove

It is not a penetration test, security certification or guarantee against breaches, outages or data loss.

RM9

Money, Payment, Safeguarding & Settlement Boundaries

Demonstrate boundaries and controls around money handling, payments, safeguarding and settlement.

What it means

Demonstrate boundaries and controls around money handling, payments, safeguarding and settlement.

Why it matters

Where client money and settlement are involved, clear boundaries matter most. Documented safeguarding, segregation and reconciliation controls show how a firm structures and oversees the movement of funds.

Who it applies to

Firms handling, routing or safeguarding money or settlement flows.

Evidence examples

  • Safeguarding and segregation approach
  • Payment and settlement control records
  • Reconciliation and oversight documentation

What may be recorded

  • That money-handling and safeguarding documentation was submitted within scope
  • The documentary status assigned
Documentary Status: Defined Scope

What this does not prove

It does not audit financial soundness, confirm solvency, or guarantee that client funds are protected in all circumstances.

RM10

Governance, Anti-Corruption & Annual Improvement

Evidence governance maturity, anti-corruption controls and a documented annual improvement cycle.

What it means

Evidence governance maturity, anti-corruption controls and a documented annual improvement cycle.

Why it matters

Responsible conduct is sustained by governance and a habit of improvement. Documented oversight, anti-corruption controls and an annual update cycle show that a firm treats responsibility as an ongoing programme, not a one-off exercise.

Who it applies to

All participating firms across the ecosystem.

Evidence examples

  • Governance and board oversight records
  • Anti-corruption and ethics policies
  • Annual improvement and update filing

What may be recorded

  • That governance and anti-corruption documentation was submitted
  • Whether an annual update has been filed for the current cycle
Annual Update Filed

What this does not prove

It does not certify the integrity of any individual or guarantee that misconduct cannot occur within the firm.

See how RM10 maps to your firm type.

The FX/CFD framework sets out applicability across eighteen stakeholder categories.

View the FX/CFD framework

Scope Notes

Markers in the text above resolve to the full boundary wording below. These notes define what this page records — and what it does not claim.

  1. 7.

    RM10 Standards: BlackCores RM10 Standards are BlackCores-owned standards for documentary mapping and responsible-market conduct presentation. They are not regulatory rules, official regulator standards, UN standards, or a substitute for professional advice.

  2. 8.

    General information: Website content is provided for general business and institutional information only. It should not be relied on as legal, financial, tax, investment, insurance, regulatory or trading advice. Users should obtain independent professional advice where appropriate.