Book traversal links for Guidance Note Re Shari’Ah Compliance Function At Islamic Financial Institutions
Guidance Note Re Shari’Ah Compliance Function At Islamic Financial Institutions
Effective from 3/4/2025Article (1) Introduction
This Guidance Note Re Shari’ah Compliance Function at Islamic Financial Institutions (“Guidance Note” or “Note”) complements the Standard Re Shari’ah Compliance Function at Islamic Financial Institutions (“the Standard”) with the aim to promote the development of the banking system and to ensure its effectiveness and efficiency.
Article (2) Objective
The Guidance Note contains guidance aimed at facilitating implementation of the requirements related to Shari’ah Compliance at licensed financial institutions that conduct all or part of their activities and businesses in accordance with the provisions of Islamic Shari’ah (“Islamic Financial Institutions” or “IFIs”).
Article (3) Scope of Application
3.1 The Guidance Note applies to all IFIs. IFIs may comply with the guidance stated in this Guidance Note or apply equivalent criteria in order to comply with the requirements stated in the Standard. 3.2 The Guidance Note should be read in conjunction with the Standard and the standards and resolutions issued by Higher Shari’ah Authority (“HSA”) and notified to IFIs. Article (4) Development of Annual Plan
4.1 The Board and the senior management approve the Annual Plan that relate to Shari’ah Compliance Function (“SCF”) review exercises and ascertain smooth realization and implementation of the approved Annual Plan, including but not limited to, full cooperation and support from the relevant department heads at the IFI. 4.2 The IFI should prioritize what needs to be included in the Annual Plan, and develop a prioritization matrix that takes into account the relevant parameters, including: a. frequency of reviews, b. historical incidents, and c. size and complexity of products. Appendix (A) contains generic guidance on developing the prioritization matrix that aims to assist IFIs in identifying segments of operations and activities that should undergo review in a financial year. Article (5) Planning and Scoping of the Review
In the planning stage, the SCF should understand the regulatory requirements, the resolutions of Internal Shari’ah Supervision Committee(“ISSC Resolutions”) that relates to SCF, Shari’ah Non-Compliance (“SNC”) risks, compliance obligations, processes, policies and procedures, and related internal controls, including identifying and documenting known and self-identified issues. Subsequently, the SCF should send a memo outlining the reason for the review, scope, planned timeline and other terms of the scheduled review exercise to the relevant parties, including those departments or sections directly impacted by the review, prior to the commencement of the field review.
Article (6) Field Review
6.1 The Field Review May Include The Following
a. Opening Meeting, b. Sampling Methodology, c. Development of Internal Checklists, d. Walkthrough, e. Internal Controls Assessment, and f. Staff Awareness. 6.2 Opening Meeting
The SCF should start the field review with an opening meeting that involves representatives from the relevant departments and sections.
6.3 Sampling Methodology
a. The SCF should develop a sampling methodology that will be followed during the review exercise. The sample size and the sampling procedure should be objective and robust to ascertain with a high level of confidence that the selected sample fairly represents transactions executed during the period that is covered by the review exercise. b. The SCF should determine the sampling methodology which provides clarity related to the minimum quantity of samples that may be reviewed (such as 10% sample size) of the total number of transactions subject to the review exercise. Appendix (B) contains generic guidance for developing the sampling methodology. c. The SCF may need to select a larger or additional sample size than what was initially planned if the circumstances arise, such as in cases where there is reasonable uncertainty on whether an identified SNC incident/s is a random or systemic failure of the IFI to comply with the regulatory requirements and ISSC Resolutions. These instances should be specified in the IFI’s sampling methodology. 6.4 Development of Internal Checklists
a. SCF should develop checklists needed to undertake an adequate and effective review of the subject that is being reviewed. b. In developing checklists, the SCF should ascertain that it has mapped all requirements and expectations of the regulatory requirements and the ISSC’s Resolutions applicable to the subject planned to be reviewed, and that all relevant requirements are adequately transferred into the checklists. Appendix (C) outlines generic guidance for developing the respective checklists. 6.5 Walkthrough
a. SCF should conduct a walkthrough test of real-life deals to gauge the reliability of internal procedures, manuals and policies in relation to day-to-day activities of the IFI. b. The walkthrough should be accompanied by an assessment of the controls, their adequacy and effectiveness in real-life deals. Preparation for the walkthrough should include interviewing the relevant staff regarding the applicable processes and procedures, and questions or queries that would need to be asked during the walkthrough. The questions should cover exceptional and unusual situations that occur in day-to-day work. 6.6 Internal Controls Assessment
The SCF should assess internal controls related to SNC risk to ascertain their design and operational effectiveness. The assessment should, among others, cover the following aspects:
a. scope and adequacy of the control design in relation to addressing the SNC risk, b. operational reliability of the control and its effectiveness in identifying exceptions across all possible scenarios that could arise, c. probability of avoiding or circumventing the control, and d. comprehensiveness of the existing controls to address all relevant SNC risk. 6.7 Staff Awareness
a. The SCF should assess the staff awareness in relation to knowledge and skills that they need to possess to adequately fulfil their job duties, as per the responsibilities specified in the employee’s job description, without violating the provisions of Islamic Shari’ah. b. Determination of the type of knowledge and skills each employee needs to possess should depend on the nature of the employee’s responsibilities. For example, personnel with responsibility to execute the exchange of currency should be equipped with knowledge and skills specifically related to: 1. execution of all necessary steps or processes in currency exchange, which the employee is responsible for executing in line with parameters of Islamic Shari’ah. 2. reasonable understanding of SNC risks that may arise from this type of transaction, their potential consequences and steps or actions required to adequately manage the risks in order to prevent potential incidents from occurring. c. The IFI should develop proper training and staff awareness programme. Article (7) Issues and Actions
Article (9) of the Standard emphasizes that each identified finding/incident is included in the report. The SCF should analyze and identify the root cause and assess the following:
a. existence of reliable and efficient controls that should have prevented the identified incident from occurring, b. comprehensiveness and clarity of the internal policy’s requirement in relation to the incident, c. Whether the relevant employees are notified of, and have access to, the relevant internal policy, d. adequacy of staff awareness and the existing training programmes in relation to the identified finding, and e. staff conduct and adherence to the established policies, and potential conflict of interest. Article (8) Reports
8.1 Preliminary Issues Report
The SCF should send a report of preliminary issues (“Preliminary Issues Report”) to the relevant parties at least five (5) working days before the closing meeting.
8.2 Response from Respective Parties
After receiving the report, the respective parties should respond on the Preliminary Issues Report within a specific number of days. All responses should undergo an assessment by the SCF in light of the existing evidence related to the issue raised.
8.3 Closing Meeting
The SCF should conduct a closing meeting after completing the assessment of the responses. The relevant parties should be made aware of all the findings and supporting evidence. The meeting should be documented in the form of minutes of the meeting for audit purposes.
8.4 Final Report
a. The SCF when preparing the final review report (“Final Report”) should consider that the report is to assist the IFI in establishing effective and adequate procedures at the institutional level, making corrections and improvements where needed, and rectifying and closing identified gaps, if any. The Final Report should include: - adequacy of control status and adequacy of management action, - an executive summary that will briefly explain the scope and methodology used in preparing the report (such as specifying the total number of customers or transactions, sample size, list of issues and their risk grading, etc.), and - details of issues and actions as per the Standard and the Note. b. The Final Report may include a statement of the level of cooperation and support extended by the relevant departments to the SCF during the review exercise. 8.5 Final Report Approval
The SCF presents the Final Report, upon its completion, to the ISSC for assessment and approval. The ISSC should conduct a comprehensive assessment of the report regarding its compliance with the Standard, including but not limited to, assessment of the following aspects:
- validity of the identified issues, - accuracy of root cause/s of the issues and suitability of action plan, - adequacy and effectiveness of the controls, and - clarity of the report. The ISSC should maintain records of the same for audit purposes.
8.6 Final Report Dissemination
The SCF should conduct the following procedures regarding the Final Report Dissemination:
a. Circulating the final report to the relevant parties within five (5) working days after being approved by the ISSC. b. All findings of the report should be incorporated in the tracker for progress status monitoring (“Status Tracker”). c. Each party responsible for an action plan may confirm to SCF within the agreed timeline, or periodically if needed, that all the actions specified in the Final Report have been addressed, and substantiate such confirmation with adequate evidence for each finding. d. If any action from the Final Report is not closed/addressed within the timeline, the party responsible for the action plan should provide reasoning and evidences for not closing/addressing the issue, and its target completion date. e. The progress update on addressing the findings and implementing recommendations should be monitored. Article (9) Progress Status Monitoring
The SCF may consider the following procedures in the progress status monitoring, including but not limited to:
a. Monitoring progress updates provided by the relevant parties regarding how the findings are addressed and whether the action plan has been implemented. b. All responses should be supported with adequate evidence. The evidence should be kept for audit purposes. c. All responses received from the respective parties should be read in the context of existing evidence related to the highlighted issue. d. The Status Tracker should be updated based on the results of the monitoring. e. An update on the outstanding issues to be provided to the ISSC and risk management committee (or equivalent committee) in each meeting, and if needed, to the CEO of the IFI on a monthly basis for onward escalation in the relevant meetings. The update should be provided in a suitable format such as a dashboard that includes timeline analysis and is suitable for, and understandable by, each respective committee. f. Each party responsible for an action plan should seek approval from the ISSC, via SCF, for any extension to close the outstanding issue. Appendix (A): An Example in Prioritization Parameters for Selection of Subjects in the Annual Plan
1 Frequency of Reviews a. All products should be reviewed by the SCF at least once every three (3) years. b. All branches or distribution channels should be reviewed by the SC at least once every two (2) years. c. All new products should be reviewed within the first 3 months from the date when the product was launched. d. Products that have not been reviewed in the past are prioritized over those that have been reviewed. 2 Historical Incidents a. Products based on underlying contracts or concepts similar to those in which systemic or major incidents were identified in the past are prioritized over those in which no such incidents were identified. b. Distribution channels in which systemic or major incidents were identified in the past are prioritized over those in which no such incidents were identified. 3 Level of Complexity of the Products Products with higher level of complexity that negatively impact SNC risk are given priority over other products. Appendix (B): Generic Guidance for Developing Sampling Methodology
The selection methodology of the sample size should cover, among others, the following aspects: a. transactions of different sizes such as, small, medium and large transactions, b. transactions executed via different distribution channels and in different geographical areas, c. transactions executed with different customers, d. transactions executed in different currencies (if applicable), The selected transactions should be distributed throughout the period covered by the review exercise in accordance with the adopted methodology, such as equal distribution of samples across the period covered by the review exercise, or uneven distribution whereby transactions executed in certain periods may be deemed more vulnerable to the SNC risk and for that reason larger sample will be collected to ensure fair representation of the executed transactions in it during the time covered by the review. Appendix(C):Generic Guidance for Developing Product CheckList
Scope
Checklist for product review should cover all the relevant areas of a product that should be checked and their compliance with Islamic Shari’ah ascertained, including assessment of the following items: a. underlying structure of the product, b. templates of agreements, contracts, documentations, terms and conditions, (“Documentation Templates”) c. product related operational manuals, workflows, policies, guidelines, etc., (“Product Manuals”), d. relevant aspects of accounting entries/treatment, e. fees and charges, (if applicable), and f. compatibility of the IT system with Islamic Shari’ah in relation to operationalization of the product. The products should be reviewed by the SCF in accordance with a standard that considers the risks associated with the products. The SCF should review each product at least once every five (5) years. Aspects
Items specified in the Scope should be assessed from the below listed aspects (as applicable): a. Existence of well-maintained and complete record of all relevant and adequate ISSC’s approvals (and where applicable no objection letters from HSA or Central Bank) regarding Shari’ah compliance of the product prior to its launch, including approval of any amendments to the products before they are offered to the customers. b. Consistency of ISSC’s Resolutions with the regulatory requirements, which requires mapping details of the ISSC’s Resolutions regarding the product and their comparison with the regulatory requirements. c. Compliance of all items specified in the Scope with the regulatory requirements and ISSC’s Resolutions. This would include an assessment of the product details against the regulatory requirements and the ISSC’s Resolutions. d. Compliance of executed transactions with the regulatory requirements and the ISSC’s Resolutions.