Sample Sharī‘ah Governance Manual¹²

TABLE OF CONTENTS

1. 1.0 Sharī‘ah Governance
2. 2.0 Sharī‘ah Supervisory Board
3. 3.0 SSB Composition and Appointment
4. 4.7 Independence and Objectivity of the SSB
5. 5.0 “Fit and Proper” Criteria for SSB Members
6. 6.0 Key Duties of the SSB
7. 7.0 SSB Meetings
8. 8.0 Sharī‘ah References
9. 9.0 Grounds for Disqualifying SSB Members
10. 10.0 Management’s Responsibilities toward the SSB
11. 11.0 Internal Sharī‘ah Control System
12. 12.0 Internal Sharī‘ah Audit Function
13. 13.0 Management’s Responsibilities towards Internal Sharī‘ah Audit
14. 14.0 Internal Sharī‘ah Audit Personnel
15. 15.0 External Sharī‘ah Audit

1.0 Sharī‘ah Governance

1. 1.1 Through key sharī‘ah governance arrangements, the bank will monitor and ensure sharī‘ah compliance of activities at all the times and levels. The Board of Directors (BOD) is ultimately responsible for overseeing the establishment of efficient and effective organizational arrangements for sharī‘ah governance that adequately assess and manage the bank’s exposure to sharī‘ah risk and minimize its impact. Such arrangements include the Sharī‘ah Supervisory Board (SSB), internal sharī‘ah control system, sharī‘ah risk management processes, and sharī‘ah governance policies and measures that are commensurate with the needs of the bank and in line with laws, regulations, and best practices.
2. 1.2 Senior management is responsible for ensuring that arrangements instituted by the BOD are implemented through efficient and effective processes and systems, proper delegation of responsibilities to qualified individuals, sufficient allocation of financial and human resources to sharī‘ah compliance, and the establishment of lines of authority and accountability. They are also responsible for cultivating a sharī‘ah-compliant culture within the organization, setting such compliance as an overarching requisite for all policies, procedures, and activities, ensuring that employees are familiar with sharī‘ah requirements, and providing key stakeholders with ongoing sharī‘ah risk training.

2.0 Sharī‘ah Supervisory Board

1. 2.1 The SSB is a board that is comprised mainly of Islamic jurists who are well-versed in Islamic transactional jurisprudence (fiqh al-mu‘āmalāt), as well as other relevant Islamic banking and finance disciplines. The members are appointed by shareholders of the Islamic financial institution (IFI) at its inception, and are responsible for providing sharī‘ah guidance to the institution, its management and board of directors throughout the lifespan of the organization. In doing so, the SSB issues binding resolutions, which assist the organization in discerning appropriate Islamic rulings on matters, and enables it to maintain sharī‘ah compliance with respect to its products, documentation, operations, and other activities.
2. 2.2 The SSB may include experts in diverse fields relating to Islamic banking with knowledge of fiqh al-mu‘āmalāt, so long as the majority of members are qualified fiqh al-mu‘āmalāt jurists. Given that the former are not specialists in Islamic jurisprudence, they will be non-voting members on matters relating to the issuance of Islamic rulings.
3. 2.3 The BOD is in charge of approving the SSB charter and code of ethics.
4. 2.4 The SSB shall consist of three members but may be increased, depending on need, so long as the number of members remains an odd number.
5. 2.5 All SSB members must be licensed to practice by regulatory authorities, should the latter be involved in providing such permission.
6. 2.6 The SSB will stay abreast of any changes in requirements stipulated by regulatory authorities for SSB membership and verify that they comply with them. They will also comply with the SSB charter and the bank’s policies and procedures, in addition to being committed to teachings of the sharī‘ah, guidance issued by the SSB at the regulatory level (if any), and best practices of their profession.
7. 2.7 The SSB and the bank will agree on the terms of engagement. Both parties will be required to discharge their responsibilities in line with the terms and conditions of such an agreement.
8. 2.8 The fatawa of the SSB will be binding on the bank and its personnel.

3.0 SSB Composition and Appointment

1. 3.1 The BOD’s audit and governance committee shall nominate prospective SSB members and verify that they meet “fit and proper” criteria prior to recommending their names and remuneration to shareholders.
2. 3.2 If members of the general assembly agree to the nominees with a majority vote (51%), then the BOD will forward their details to the regulatory authority to obtain its written approval.
3. 3.3 The appointment letter will detail the duties, rights, and responsibilities of SSB members and other important aspects of their relationship with the bank, such as lines of reporting and remuneration.
4. 3.4 Remuneration figures for each SSB member will be disclosed in the bank’s annual report.
5. 3.5 SSB members shall report to shareholders (general assembly), but maintain continuous contact with the BOD and management.
6. 3.6 The BOD’s audit and governance committee shall administer SSB-related matters including appointment, resignation, dismissal, re-appointment, performance evaluation, and compensation, and make recommendations in light of findings to the BOD.
7. 3.7 SSB members’ contracts will be for a three-year term.
8. 3.8 Based on the audit and governance committee’s recommendation, shareholders may consent to renewing an SSB member’s appointment for a maximum of two additional and consecutive terms. Should shareholders endorse such an action then a request will be submitted to regulatory authorities to obtain their approval.
9. 3.9 The SSB may seek the advice of consultants in business, economics, law, accounting and/or other fields to reach a clear understanding of issues deliberated. The costs of such services will be borne by the bank.
10. 3.10 An SSB member who decides to step down from their position during his/her current term has to provide the SSB chairman with a minimum of a month’s notice. The member will disclose to the chairman of the bank and regulatory-level SSB, the BOD, and regulatory authorities reasoning for his/her decision to step down. The Nomination Committee will be tasked with finding a replacement and will submit the names of nominees to shareholders in order to seek his/her consent prior to requesting the approval of regulatory authorities.
11. 3.11 SSB trainees shall be permitted to sit in on meetings but will have non-voting status.

4.7 Independence and Objectivity of the SSB

1. 4.1 SSB members are required to exercise independent and objective judgment free from undue influence or pressure, especially from the bank’s management and the BOD.
2. 4.2 The bank or any of its related companies will not employ SSB members during the current, previous, or upcoming financial year.
3. 4.3 SSB members will not serve on the BOD of the bank or any of its related companies while in service.
4. 4.4 SSB members shall not have a relationship that could interfere or be reasonably perceived to interfere with the exercise of independent professional judgment. Such relationships include, but are not limited to: (a) an immediate family member (of first degree blood relationship) who is a substantial shareholder of or a partner in (with a stake of 10% or more), or (b) an executive officer of, or a director of any for-profit business organization to which the bank or any of its subsidiaries made or received significant payments in the current or immediate past financial year.
5. 4.5 SSB members are permitted to deposit/invest with the bank in line with the above restrictions. SSB members should seek personal financing facilities from other banks before requesting the same from the bank being supervised. All such relationships and figures are to be disclosed in the bank’s annual report.
6. 4.6 Dismissal of an SSB member requires the recommendation of the BOD after consultation with the chairman of the SSB who in turn consults with the regulatory-level SSB chairman (if any). Such dismissal is subject to the approval of shareholders and regulatory authorities.
7. 4.7 The SSB has the authority to investigate the transactions of any individual, including BOD members.
8. 4.8 Differences in opinion between the BOD and the SSB will be resolved through an appropriate and transparent process. Should there be complications then the regulatory authority will be informed and involved in resolving issues.
9. 4.9 A team comprised of three BOD members will conduct an annual check on SSB members’ independence and verify that they do not have conflicts of interest. They will also carry out an objective and transparent annual performance assessment of SSB members and submit results to the BOD, the chairman of the regulatory-level SSB, and supervisory authorities.

5.0 “Fit and Proper” Criteria for SSB Members

1. 5.1 A member of the SSB shall be a Muslim with respectable character and of good conduct, particularly in terms of patience, discipline, honesty, integrity, and fairness.
2. 5.2 Members shall also be known for their discernment, confidentiality, objectivity, cautiousness, and knowledge of the traditions of people as well as different forms of human misbehavior and artifices pertaining to financial transactions.
3. 5.3 SSB members shall not have been:
   1. 5.3.1 Convicted of a criminal offence, particularly an offence relating to dishonesty, fraud, or financial crime;
   2. 5.3.2 Subject of any adverse findings or any settlement in civil proceedings, particularly in connection with banking or other financial business, misconduct, or fraud;
   3. 5.3.3 Investigated and disciplined or suspended individually or through their business by a regulatory or professional body, a court, or tribunal, whether publicly or privately;
   4. 5.3.4 Refused registration, authorization, membership, or a license to conduct trade, business or profession, or have had the registration, authorization, membership or license revoked, withdrawn, or terminated;
   5. 5.3.5 A director, partner, or individual otherwise involved in the management of a business that has gone into receivership, insolvency, or compulsory liquidation while the person was connected with that organization or within a reasonably short period (e.g. one year) after the person’s departure from the institution;
   6. 5.3.6 Dismissed, asked to resign, or having resigned from employment or from a position of trust, fiduciary appointment, or similar position because of questions about honesty and integrity;
   7. 5.3.7 Disqualified from acting as a director or serving in a managerial capacity because of wrongdoing;
   8. 5.3.8 Unfair, untruthful, and unforthcoming in dealings with customers, superiors, auditors, or regulatory authorities in the past, or the subject of any justified complaint relating to regulated activities.
4. 5.4 An SSB member shall hold a doctorate in Islamic transactional jurisprudence from a recognized university or a master’s in another relevant field such as accounting, law, finance, etc. in addition to adequate understanding of Islamic transactional jurisprudence. Sharī‘ah jurists shall have knowledge of:
   1. 5.4.1 Qur’ān, especially verses relating to rulings and transactions, the reasoning behind their revelation, and their interpretation.
   2. 5.4.2 Sunnah (prophetic tradition) especially in relation to transactions.
   3. 5.4.3 Ijma’ (consensus) of scholars on transactional matters and their differences.
   4. 5.4.4 Usūl al-fiqh and methods for deriving Islamic rulings.
   5. 5.4.5 Maqāsid (objectives) of sharī‘ah.
5. 5.5 SSB members shall be fluent in Arabic and its meanings such as amm (general) and khass (particular), mutlaq (unconditional) and muqayyid (conditional), haqiqi (literal) and the majazi (metaphorical), etc. Basic English proficiency shall also be required.
6. 5.6 SSB members shall be tolerant of different juristic schools and opinions and shall not dominate discussions or decisions.
7. 5.7 SSB members shall demonstrate adequate knowledge and understanding of finance and banking in general and Islamic finance and banking in particular. Proof of such shall be required.
8. 5.8 SSB members shall demonstrate a readiness and willingness to comply with the requirements and standards of the regulatory system and other legal, regulatory, or professional requirements and standards.
9. 5.9 SSB members shall have good time management, planning, communication, and conflict resolution skills. Additionally, they will have sufficient knowledge of how to operate modern technology, which is needed for performing duties.
10. 5.10 SSB members shall have a minimum of seven years of experience in the field.
11. 5.11 SSB members will elect a chairman from amongst themselves who shall serve for a three-year term that may be renewed once. The chairman will oversee SSB operations and must have the skills required for assuming a leadership role.
12. 5.12 SSB members shall also elect an executive member to run day-to-day operations.
13. 5.13 The BOD shall ensure that SSB members fulfill the above requirements in addition to any other criteria set by regulatory authorities.

6.0 Key Duties of the SSB

1. 6.1 Supervising the sharī‘ah dimension of bank activities and issuing guidance.
2. 6.2 Advising the BOD, management, and other related parties on sharī‘ah-related matters.
3. 6.3 Providing an opinion on internal sharī‘ah governance arrangements, the sharī‘ah audit plan, and overall sharī‘ah compliance.
4. 6.4 Approving the articles and memorandum of association.
5. 6.5 Approving products, financing structures, services, policies, procedures, process flows, advertisements, etc.
6. 6.6 Approving the tariff of charges.
7. 6.7 Approving IT system parameters.
8. 6.8 Approving contracts and other legal documentation.
9. 6.9 Overseeing the computation and distribution of late payment charges and zakat (if applicable).
10. 6.10 Reviewing financial statements and overseeing income calculation and profit distribution to equity holders and investment account holders.
11. 6.11 Overseeing the exclusion and distribution of revenue resulting from sharī‘ah non-compliant transactions to charitable organizations.
12. 6.12 Researching issues and questions concerning sharī‘ah matters and clarifying the Islamic legal position.
13. 6.13 Participating in sharī‘ah training sessions focused on the bank’s products and services and disseminating relevant knowledge to the general public.

7.0 SSB Meetings

1. 7.1 The chairman of the SSB shall call a minimum of four meetings per annum (one every quarter) to monitor sharī‘ah compliance of the bank’s operations. Additional meetings may be called as and when necessary.
2. 7.2 The SSB shall meet on a periodic basis with the BOD of the bank or its chairman to address critical sharī‘ah compliance matters and discuss future plans.
3. 7.3 The quorum for an SSB meeting shall be two Islamic transactional jurists and the head of the internal sharī‘ah audit function.
4. 7.4 The head of the internal sharī‘ah audit function may invite representatives from concerned departments to SSB meetings in order to clarify points of ambiguity.
5. 7.5 The chairman of the SSB may invite an independent third party or specialist whose expertise is essential for decision-making to attend SSB meetings.
6. 7.6 The SSB shall make its decisions based on the majority of votes of voting SSB members. In case of a tie in votes, then the chairman of the SSB shall have the final say.
7. 7.7 In the event that the SSB chairman is unable to attend a meeting, then they will appoint one of the other SSB members to preside over the meeting. The individual will have the authority of the chairman for the meeting.

8.0 Sharī‘ah References

1. 8.1 The SSB will adhere to AAOIFI’s sharī‘ah standards in the course of its work, in addition to regulatory sharī‘ah guidelines and other key references.
2. 8.2 When issuing pronouncements, the SSB will comply with the methodology outlined in AAOIFI’s sharī‘ah standard #29.

9.0 Grounds for Disqualifying SSB Members

1. 9.1 An SSB member may be disqualified from their position for:
   1. 9.1.1 Failing to meet the “fit and proper” criteria
   2. 9.1.2 Failing to attend more than 25% of SSB meetings during the year without a valid excuse.
   3. 9.1.3 Using confidential and privileged bank or client information for personal interests.

10.0 Management’s Responsibilities toward the SSB

1. 10.1 Commit to conducting bank activities in accordance with sharī‘ah. This is also the responsibility of the BOD. Thus, all necessary measures such as establishing controls, procedures, an internal sharī‘ah audit function, training employees, etc. must be undertaken.
2. 10.2 Allocate adequate resources (people, systems, processes, budget, etc.) to sharī‘ah governance.
3. 10.3 Provide complete disclosure and unhindered access to bank employees, legal documents, reports (including those issued by internal and external audit as well as central bank) and any other relevant sources of information that shall assist the SSB in discharging its duties. If the SSB finds that it has not been provided unhindered access to information, then it shall raise the issue with the BOD for the latter to take action. Should this not bring about the desired results, then it shall report the matter to supervisory authorities as well as the regulatory-level SSB.
4. 10.4 Seek guidance, in the event of non-existence of a past pronouncement that serves as a precedent, on issues that arise and new developments, such as changes in a product.
5. 10.5 Inform the SSB about future transactions that the bank plans to enter into and obtain approval on the structure of the transaction, its legal documentation, etc.
6. 10.6 Comply with the fatawa and decisions of the SSB irrespective of whether they meet the satisfaction of management and not resort to other parties for sharī‘ah guidance without SSB consent.
7. 10.7 Honor the independence of SSB members and not interfere with their decisions. Management is entitled, however, to obtain clarification on such and their rationale.
8. 10.8 Abstain from conducting sharī‘ah non-compliant activities and disclose the details of any such activities in addition to excluding profits generated from them.
9. 10.9 Rectify sharī‘ah non-compliance by executing agreed-upon corrective actions that prevent the recurrence of mistakes in a timely fashion.
10. 10.10 Provide administrative SSB support for meetings, trainings, etc. and archive sharī‘ah pronouncements to facilitate future reference to them.

11.0 Internal Sharī‘ah Control System

1. 11.1 The internal sharī‘ah control system of the bank is a critical system that will operate at all times and levels within the bank to promote prudent sharī‘ah-compliant operations in accordance with laws, regulations, policies, guidelines, and best practices.
2. 11.2 The audit and governance committee of the BOD shall understand sharī‘ah risks that the bank is currently or may be exposed to and the short- and long-term implications of these risks. Such an understanding is crucial for ensuring that the internal sharī‘ah control system established is commensurate with the level of sharī‘ah risk that the bank faces. The audit and governance committee shall, therefore, oversee the development of the internal sharī‘ah control system, challenge management on proposed policies, procedures and controls, and have ongoing discussions with management regarding the system.
3. 11.3 The system, which is affected by the BOD, SSB, senior management, and personnel, shall play an integral part in:
   1. 11.3.1 Maintaining sharī‘ah compliance;
   2. 11.3.2 Preventing financial losses that could result from sharī‘ah non-compliant activity;
   3. 11.3.3 Preserving the institution’s reputation;
   4. 11.3.4 Helping the institution reach its goals while maintaining its integrity and values.
4. 11.4 The system’s main objectives shall be to:
   1. 11.4.1 Provide reasonable assurance that the activities of the institution are in compliance with sharī‘ah precepts;
   2. 11.4.2 Examine the efficiency and effectiveness of sharī‘ah audit structures and processes;
   3. 11.4.3 Assess the accuracy, timeliness, credibility, and completeness of sharī‘ah reports.
5. 11.5 These above objectives will help the bank:
   1. 11.5.1 Correct sharī‘ah mistakes;
   2. 11.5.2 Live up to its sharī‘ah obligation;
   3. 11.5.3 Protect its image;
   4. 11.5.4 Streamline the system;
   5. 11.5.5 Reduce costs;
   6. 11.5.6 Provide assurance of employee dedication to goals;
   7. 11.5.7 Furnish stakeholders with reliable reports and disclosures needed for decision-making purposes.
6. 11.6 The system shall be dynamic thereby adapting to changes that occur in the institution’s internal and external environment.
7. 11.7 The BOD shall follow up through its audit and governance committee with senior management to ensure that appropriate arrangements have been implemented for identifying, measuring, evaluating, monitoring, mitigating, and reporting sharī‘ah risk. Besides being efficient and effective, these mechanisms shall be characterized with independence and objectivity.
8. 11.8 The system shall contain the following six components:

Sharī‘ah Control Culture

1. 11.8.1 The BOD shall pay careful attention to attracting competent senior employees who will maintain an appropriate level of competency within the different levels of the institution.
2. 11.8.2 Sharī‘ah considerations are integral to the design of policies and procedures of different business support functions, and they shall be incorporated into the process of drafting policies and procedures.
3. 11.8.3 Annual employee appraisals shall be designed to evaluate, among other aspects, whether employees have complied successfully with outlined sharī‘ah guidelines in their duties.
4. 11.8.4 Management shall ensure that the annual training plan of employees not only includes technical training, but also sharī‘ah training on relevant dimensions that pertain to the employee’s role.

Sharī‘ah Risk Identification and Assessment

1. 11.8.5 The bank shall identify sharī‘ah risk causes and events, the likelihood of their occurrence, their potential impact on the bank, and the bank’s level of preparedness to mitigate this risk. Assessments will be revisited on an ongoing basis.
2. 11.8.6 Multiple investigative approaches, such as interviews, self-administered checklists, etc. shall be employed to identify and prioritize these risks, with results used for designing and implementing appropriate controls.

Sharī‘ah Control Activities

1. 11.8.7 Sharī‘ah control activities shall assist the internal sharī‘ah control system in addressing sharī‘ah risk and achieving its objectives. Sample controls shall include:
   1. 11.8.7.1 Issuing policies and procedures that outline the methodology for submitting a sharī‘ah inquiry to the SSB;
   2. 11.8.7.2 Issuing a fatwa;
   3. 11.8.7.3 Converting a fatwa into a practical process;
   4. 11.8.7.4 Procuring SSB approval on a product, service, or activity;
   5. 11.8.7.5 Excluding sharī‘ah non-compliant funds from the bank’s income and dispersing these funds;
   6. 11.8.7.6 Clarifying the sharī‘ah rules that ought to be observed when distributing profits or losses to customers;
   7. 11.8.7.7 Identifying sharī‘ah terms and conditions for contracts and transactions;
   8. 11.8.7.8 Conducting periodic reviews by the BOD and senior management of sharī‘ah reports and securing necessary clarifications through questioning;
   9. 11.8.7.9 Verifying goods delivered against those purchased and invoiced;
   10. 11.8.7.10 Limiting access to sharī‘ah-related data and information to authorized individuals;
   11. 11.8.7.11 Incorporating the SSB-approved procedures for executing transactions and their corresponding accounting entries into the bank’s accounting and information systems;
   12. 11.8.7.12 Segregating the powers for authorizing, executing, recording, and auditing.

Sharī‘ah Associated Information and Communication

1. 11.8.8 The bank shall establish appropriate channels of communication for high-grade sharī‘ah information that include all departments of the bank, in addition to the BOD or its audit and governance committee, the SSB, and regulatory authorities.
2. 11.8.9 The channels shall equip personnel with complete, reliable, unbiased, constructive, and timely information needed to enable them to observe their sharī‘ah duties and take prompt action.
3. 11.8.10 A hotline or similar arrangement that allows for confidential reporting of sharī‘ah concerns or violations to the audit and governance committee and the SSB shall be established.
4. 11.8.11 The BOD’s audit and governance committee shall assess the adequacy of internal channels for (a) reporting sharī‘ah concerns and violations, and (b) responding to customers’ sharī‘ah inquiries and complaints.
5. 11.8.12 The BOD’s audit and governance committee shall oversee the development of sharī‘ah-compliant accounting policies and practices by management in line with laws, regulations, and best practices, and ensure that they receive appropriate deliberation from a sharī‘ah perspective.
6. 11.8.13 The bank shall publish the qualifications of SSB members, their fatawa, evidences, and conditions for their applicability.
7. 11.8.14 The bank shall disclose to the general public its sharī‘ah governance arrangements, in addition to other qualitative and quantitative sharī‘ah governance disclosures identified by the IFSB.

Sharī‘ah Monitoring of Activities

1. 11.8.15 Monitoring is a means of evaluating the system’s functioning and appropriateness in light of organizational, regulatory, and other developments. Appropriate monitoring will be administered to protect the Islamic bank against losses that could result from uncontrolled sharī‘ah risk.
2. 11.8.16 Management shall be aware of the sharī‘ah guidelines relevant to their department’s activities, and will ensure that the bank is equipped with the necessary requirements (human, technological, etc.) for affecting monitoring.
3. 11.8.17 The bank shall have a reliable information system commensurate with its needs that will flag sharī‘ah violations that occur over the course of performing activities.
4. 11.8.18 Management’s monitoring activities and corrective actions shall be adequately documented and communicated.
5. 11.8.19 A periodic appraisal of the system and a comprehensive examination of its controls shall be performed by the internal sharī‘ah audit function. Findings and recommendations shall be reported to management. The latter will examine the results of evaluations, draft a plan of corrective actions to be taken, and get approval to proceed with it. Complete results will be reported to the BOD or its audit and governance committee, SSB, senior management, and other assurance functions.
6. 11.8.20 Management shall be required to guarantee execution of the agreed-upon corrective action plan, and the internal sharī‘ah audit function will periodically follow up on progress.

Evaluation of Internal Sharī‘ah Control System by Banking Supervisors

1. 11.8.21 Management shall fully cooperate with the banking supervisor on any assessments that it conducts of the system. This entails permitting supervisors to scrutinize the methodology used by internal sharī‘ah audit, inspect the function’s reports and audit working papers, converse with its staff, review sharī‘ah dimensions of policies and procedures, test sharī‘ah controls, etc.
2. 11.8.22 Results of the supervisory evaluation will be reported to the BOD which will be required to develop a remedial plan to address weaknesses and concerns within a reasonable time frame. The BOD will request senior management to investigate concerns and propose remedial measures.
3. 11.8.23 This supervisory assessment shall not be mistaken to be a substitute for the BOD’s own evaluation of the internal sharī‘ah audit function that will be conducted through the audit and governance committee or an external auditor.

12.0 Internal Sharī‘ah Audit Function

1. 12.1 Internal sharī‘ah audit shall be the cornerstone of the internal sharī‘ah control system. It shall assess sharī‘ah audit activities of the bank and contribute to improving sharī‘ah compliance.
2. 12.2 The function shall conduct independent and objective assessments and present recommendations regarding the effectiveness and efficiency of the internal sharī‘ah control and risk management systems, compliance of activities with SSB fatawa, AAOIFI sharī‘ah standards, and other relevant guidance, consistency of sharī‘ah governance policies and measures with legal and regulatory requirements and industry guidance, and sharī‘ah compliance of the bank’s information system.
3. 12.3 Healthy lines of communication shall exist between the function and senior management, the SSB, external sharī‘ah auditors, banking supervisors, and the BOD, and assessment results will be reported to these parties.
4. 12.4 The function shall provide support services. These include:
   1. 12.4.1 Coordinating SSB activities;
   2. 12.4.2 Assisting the SSB in researching juristic rulings;
   3. 12.4.3 Coordinating with the external sharī‘ah audit firm and banking supervisors;
   4. 12.4.4 Monitoring the implementation of recommendations and action plans.
5. 12.5 The function shall provide advisory services to management, without assuming management responsibility, including:
   1. 12.5.1 Offering input on the preparation of new services and products, their legal documents, processes, and sharī‘ah controls;
   2. 12.5.2 Participating in management committees;
   3. 12.5.3 Assisting in sharī‘ah risk identification and monitoring (in coordination with the risk department).
6. 12.6 Internal sharī‘ah audit duties shall, thus, include:
   1. 12.6.1 Planning and executing sharī‘ah audits, examining system adequacy, and evaluating effectiveness of internal sharī‘ah controls;
   2. 12.6.2 Reporting results to concerned parties and following up on corrective measures;
   3. 12.6.3 Conveying and archiving SSB decisions;
   4. 12.6.4 Preparing and updating the sharī‘ah governance manual, yearly audit plan, audit checklists, sharī‘ah training resources, and other materials;
   5. 12.6.5 Corresponding with departments and branches of the bank to understand their concerns and queries and coordinate the issuance of SSB pronouncements;
   6. 12.6.6 Arranging and attending SSB meetings (executive and full-board);
   7. 12.6.7 Reviewing legal documents, existing and new products, policies and procedures, etc. for detailed analysis prior to obtaining SSB approval;
   8. 12.6.8 Assisting the human resources department in employee training on sharī‘ah dimensions of products and services;
   9. 12.6.9 Cooperating with product development, policy and procedure, and other personnel to clarify sharī‘ah guidelines and pronouncements.
7. 12.7 The head of internal sharī‘ah audit shall consult with key stakeholders prior to preparing the function’s charter. Senior management’s endorsement shall be acquired before it is sent to the SSB for opinion and the BOD for approval and issuance.
8. 12.8 The charter shall include the function’s purpose, responsibility, and authority. It shall permit the function unrestricted access to documents, personnel, etc. relevant to its tasks. It will clearly outline the function’s line of reporting, set its scope of activities, and highlight the standards that it will conform with. The charter shall be reviewed annually, updated as necessary, and made accessible to staff on the bank’s internal website.
9. 12.9 The BOD shall also approve the function’s code of ethics, which at a minimum should include sharī‘ah foundations, principles (faith-driven conduct, professional competence and diligence, trustworthiness, religious legitimacy, objectivity, and professional conduct and technical standards) and rules outlined in AAOIFI’s code of ethics for accountants and auditors of Islamic financial institutions.
10. 12.10 The audit and governance committee shall suggest to the BOD the qualifications of the head and staff of the internal sharī‘ah audit function as well as the remuneration scheme. It shall also nominate a head for the function.
11. 12.11 The head of internal sharī‘ah audit shall report to the BOD’s audit and governance committee, which shall ensure that the individual’s line of reporting is not weakened and that any conflicts of interest are resolved. The committee shall appraise the individual’s performance on a yearly basis and recommend re-appointment or replacement.
12. 12.12 The head of the internal sharī‘ah audit function shall work with department heads and other stakeholders to draft the strategic sharī‘ah audit plan that will bridge the internal sharī‘ah audit charter to the annual sharī‘ah audit plan.
13. 12.13 Senior management shall endorse the strategic sharī’ah audit plan or any changes to it. The SSB will be asked to provide an opinion on it before it is sent to the BOD’s audit and governance committee for approval and issuance.
14. 12.14 The strategic sharī‘ah audit plan shall be updated every three years.
15. 12.15 The head of the function shall prepare an annual sharī‘ah audit plan after identifying the sharī‘ah audit universe and taking into account the results of a sharī‘ah risk assessment exercise in addition to budget and other constraints. The plan shall be re-evaluated during the year as needed and any required changes shall be approved following the procedure mentioned earlier.
16. 12.16 Sharī‘ah audit information collected shall be sufficient (factual, adequate, and assuring), reliable (the best that could be attained using the most suitable techniques), relevant (substantiate findings and recommendations), and useful (helps the bank meet its goals).
17. 12.17 Observations shall document the root causes of issues and provide suitable analysis and evaluation. Findings shall be value adding, accurate, objective, clear, concise, constructive, and timely.
18. 12.18 A draft report shall be shared with the manager of the audited activity and an exit interview conducted before the issuance of the final draft.
19. 12.19 Sharī‘ah auditors shall recommend possible courses of action for management to consider for resolving the issues mentioned in the sharī‘ah audit reports.
20. 12.20 A final draft of the report shall be sent to the manager of the audited activity who shall agree or disagree to the findings and recommendations. The manager shall outline a detailed action plan that shall include the time frame for implementing remedial actions, and specify the individuals responsible for carrying out these actions.
21. 12.21 The internal sharī‘ah audit function head shall review management’s response and meet with the SSB or at minimum the executive member of the SSB to resolve any issues pertaining to the interpretation of sharī‘ah rules.
22. 12.22 The function head shall issue, sign, and send the final audit report to the chairman and members of the audit and governance committee, while copying the manager of the audited activity, his supervisor, the CEO, other assurance functions, and the SSB.
23. 12.23 The report shall include the purpose and scope of the engagement, observations, recommendations, action plans, and conclusions.
24. 12.24 The BOD’s audit and governance committee shall review reports submitted by the internal sharī‘ah audit function as well as those furnished by banking supervisors, verify the objectivity and integrity of these reports, and discuss findings and management’s responses with relevant parties. It shall also examine the remedial plan proposed by management to address internal sharī‘ah audit findings and approve or recommend them to the BOD.
25. 12.25 The BOD’s audit and governance committee shall follow up to verify that actions set out in the remedial plan are implemented within the scheduled time frame.
26. 12.26 The head of the function shall design a sharī‘ah audit quality assurance program that will integrate sharī‘ah quality assurance into the entire activities of the function. The program, which shall be reviewed annually, shall examine the appropriateness of the internal sharī‘ah audit charter and risks facing the function, and the adequacy of the sharī‘ah audit universe. It shall also assess the extent to which the function adds value by improving the internal sharī‘ah control and risk management systems, governance measures, and sharī‘ah compliance of the management information system and the bank.
27. 12.27 The function may claim that its activities comply with the code of ethics, AAOIFI’s internal sharī‘ah review standard (GSIFI No. 3), and other protocols only if it can demonstrate that results from the sharī‘ah quality assurance program corroborate such a claim.

13.0 Management’s Responsibilities towards Internal Sharī‘ah Audit

1. 13.1 Provide complete disclosure and unhindered access to personnel, transactions, IT systems, legal documents, policies and procedures, reports, and any other relevant sources of information.
2. 13.2 Allocate adequate resources to the function for it to prudently perform its duties.
3. 13.3 Comply with procedures outlined for dealing with the function, such as those pertaining to raising queries, etc.
4. 13.4 Submit inquiries as well as product structures, policies and procedures, legal documents, etc. for examination. Internal sharī‘ah audit shall forward the same to the SSB for consideration, should no precedent exist.
   1. 13.4.1 Questioners shall submit:
      1. Inquiry sheet;
      2. Credit application (if applicable);
      3. Legal documents (past or proposed);
      4. Additional related documents;
   2. 13.4.2 Responses shall be documented in SSB meeting minutes.
5. 13.5 Respond to audit observations on a timely basis and implement recommendations.
6. 13.6 Enhance the competence level of employees via training workshops and the like.
7. 13.7 Raise disputes on matters relating to sharī‘ah interpretation to the SSB for the latter to resolve.

14.0 Internal Sharī‘ah Audit Personnel

1. 14.1 Employees of the function shall comply with the bank’s policies and procedures, the code of conduct and ethics, AAOIFI’s internal sharī‘ah review standard (GSIFI No. 3), and professional standards.
2. 14.2 Employees shall demonstrate due professional care in performing their duties and shall employ professional skepticism in their work by critically questioning those involved and objectively evaluating evidence to arrive at professional judgments.
3. 14.3 Employees shall discharge their responsibilities with integrity and good faith in line with the performance expectations of any other reasonably skilled and prudent sharī‘ah auditor faced with a similar circumstance.
4. 14.4 The head of the function in cooperation with the human resources department shall ensure that any person appointed to the department has appropriate credentials and experience.
5. 14.5 Employees shall be fluent in English in addition to the language of the jurisdiction where the bank operates.
6. 14.6 Employees shall have good communication, organizational, and managerial skills to liaise with other employees and departments, execute and delegate tasks, and meet deadlines.
7. 14.7 The BOD’s audit and governance committee shall ensure that staff advance their sharī‘ah and technical expertise via training programs, etc.

15.0 External Sharī‘ah Audit

1. 15.1 The bank shall appoint a licensed independent third party with sufficient expertise and resources to conduct a yearly sharī‘ah audit of its activities and form an opinion on the extent of its sharī‘ah compliance.
2. 15.2 This external sharī‘ah audit activity shall not evaluate the sharī‘ah legitimacy of SSB decisions, rather it will assess the extent of implementation of these decisions and fatawa by management and the strength of the internal sharī‘ah control system.
3. 15.3 The audit and governance committee of the BOD shall be responsible for:
   1. 15.3.1 Endorsing criteria for the appointment of an external sharī‘ah audit firm;
   2. 15.3.2 Recommending to the BOD the appointment of an external sharī‘ah audit firm, as well as costs involved;
   3. 15.3.3 Approving the external sharī‘ah audit firm’s engagement letter, scope of work, and fees involved;
   4. 15.3.4 Ensuring that a direct channel of communication exists between the firm and the BOD;
   5. 15.3.5 Ensuring that the external sharī‘ah audit firm’s independence is not in any way compromised and that appropriate measures are in place to protect it;
   6. 15.3.6 Evaluating the performance of the external sharī‘ah audit firm and recommending to the BOD re-appointment or removal in light of findings;
   7. 15.3.7 Establishing a policy for engaging the external sharī‘ah audit firm in non-audit responsibilities and ensuring that it is observed;
   8. 15.3.8 Considering written representations required by the external sharī‘ah audit firm from management indicating that the latter fulfilled their responsibilities in ensuring sharī‘ah compliance, put in place necessary sharī‘ah controls, complied with supervisory sharī‘ah guidelines, AAOIFI sharī‘ah standards, sharī‘ah supervisory board fatawa, and any other guidelines, disclosed to auditors deficiencies in the internal sharī‘ah control system and all sharī‘ah non-compliance instances, and provided relevant and complete sharī‘ah information and unrestricted access to personnel for obtaining audit evidence;
   9. 15.3.9 Reviewing and discussing with relevant parties weaknesses and concerns arising from findings of the external sharī‘ah audit firm and the SSB;
   10. 15.3.10 Evaluating management’s responses to address external sharī‘ah audit findings and examining, discussing, and approving or recommending to the BOD remedial plans proposed;
   11. 15.3.11 Establishing that actions set out in the remedial plan are implemented within the scheduled time frame and periodically reporting progress to supervisory authorities.
4. 15.4 The firm’s report shall be presented to shareholders at the annual general meeting and included in the bank’s annual report.
5. 15.5 The term of appointment of the firm shall be in compliance with regulatory guidelines.