Skip to main content
  • Financial Reporting and External Audit

    • Financial Reporting & External Audit Regulation

      C 162/2018 Effective from 29/8/2018
      • Introduction

        The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, Banks must maintain appropriate records, prepare financial statements in accordance with the International Financial Reporting Standards (IFRS) and the instructions of the Central Bank, and publish annual financial statements bearing the opinion of an External Auditor approved by the Central Bank.

        In introducing this Regulation and the accompanying Standards, the Central Bank intends to ensure that Banks’ approaches to financial reporting and external audit are in line with leading international practices.

        This Regulation and the accompanying Standards must be read in conjunction with the Central Bank Regulation and Standards on Corporate Governance in Banks, which establish the overarching prudential framework.

        This Regulation and the accompanying Standards are issued pursuant to the powers vested in the Central Bank under the Central Bank Law.

        Where this Regulation, or its accompanying Standards, include a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements that are additional to the listing provided in the relevant Article.

      • Objective

        The objective of this Regulation is to establish the minimum acceptable standards for Banks’ approach to financial reporting and external audit, with a view to:

        1. Ensuring the soundness of Banks; and
           
        2. Contributing to financial stability.

        The accompanying Standards supplement the Regulation to elaborate on the supervisory expectations of the Central Bank with respect to financial reporting and external audit.

      • Scope of Application

        This Regulation and the accompanying Standards apply to all Banks. Banks established in the UAE with significant Group relationships, including Subsidiaries, Affiliates, or international branches, must ensure that the Regulation and Standards are adhered to on a solo and Group-wide basis.

      • Article (1): Definitions

        1. Affiliate: An entity owned by another entity by more than 25% and less than 50% of its capital.
           
        2. Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a bank.
           
        3. Board: The Bank’s board of directors
           
        4. Central Bank: The Central Bank of the United Arab Emirates.
           
        5. Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.
           
        6. Controlling Shareholder: A shareholder who has the ability to directly or indirectly influence or control the appointment of the majority of the board of directors, or the decisions made by the board or by the general assembly of the entity, through the ownership of a percentage of the shares or stocks or under an agreement or other arrangement providing for such influence.
           
        7. External Auditor: The audit firm and the individual audit engagement team members conducting the audit. Where relevant, specific references are made to the audit firm only in certain paragraphs.
           
        8. Group: A group of entities which includes an entity (the 'first entity') and:
           
          1. a) any Controlling Shareholder of the first entity;
             
          2. b) any Subsidiary of the first entity or of any Controlling Shareholder of the first entity; and
             
          3. c) any Affiliate.
             
        9. Islamic Financial Services: Shari’a compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).
           
        10. Matter of Significance: A matter, or group of matters, that would have a significant impact on the activities or financial position of the Bank. Examples include failure to comply with the licensing criteria or breaches of banking or other laws, significant deficiencies and control weaknesses in the Bank’s operations or financial reporting process or other matters that are likely to be of significance to the function of the Central Bank as regulator.
           
        11. Pillar 3: Pillar 3 disclosure requirements - consolidated and enhanced framework issued by the Basel Committee on Banking Supervision in March 2017 and any subsequent revisions.
           
        12. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions.
           
        13. Subsidiary: An entity, owned by another entity by more than 50% of its capital, or is under full control of that entity regarding the appointment of the board of directors.
           
      • Article (2): Financial Reporting

        1. The Board and Senior Management are responsible for ensuring that financial statements are:
           
          1. prepared in accordance with accounting policies and practices that are widely accepted internationally;
             
          2. supported by record keeping systems; and
             
          3. issued annually to the public together with an independent External Auditor’s opinion.
             
        2. The Board audit committee must oversee the financial reporting process and the establishment or amendment of significant accounting policies and practices.
           
        3. Banks must prepare their financial statements in accordance with the IFRS and the instructions of the Central Bank.
           
        4. Banks must use valuation practices consistent with IFRS and subject the fair value estimation framework, structure and processes to independent verification and validation.
           
        5. The Board must ensure adequate governance structures and control processes for all financial instruments that are measured at fair value for risk management and financial reporting purposes.
           
        6. Banks must avoid taking any action in whatever form, which may disclose or reveal their intentions regarding distribution or repatriation of profits, retained earnings, reserves, or other component of regulatory capital, unless they have obtained the prior written no-objection from the Central Bank.
           
        7. Banks must submit their audited financial statements together with the independent External Auditor’s opinion to the Central Bank no less than three weeks prior to the meeting of the general assembly and no more than three months after the financial year-end.
           
        8. Banks must not make any distribution or repatriation of profits, retained earnings, reserves, or other component of regulatory capital, unless they have obtained the prior written no-objection from the Central Bank.
           
        9. Banks must not present their audited financial statements at the meeting of the general assembly, or otherwise make public such statements, unless they have obtained the prior written no-objection from the Central Bank.
           
        10. Banks must publish on their website their audited financial statements together with the independent External Auditor’s opinion no more than four months after the financial year-end. They must also be published in the Banks’ annual report.
           
        11. Banks must make available upon request a printed or electronic copy of their most recent published audited financial statements together with the independent External Auditor’s opinion to any shareholder or customer of the Bank.
           
      • Article (3): External Audit

        1. Banks must, every year, appoint an External Auditor or more, approved by the Central Bank, for auditing their accounts.
           
        2. The Board audit committee must recommend the appointment, reappointment, dismissal and compensation of the External Auditor.
           
        3. Banks must rotate their external audit firm at least every 6 years, subject to the conduct of a procurement procedure. In addition, Banks must rotate their external audit firm’s partner in charge of the audit every 3 years.
           
        4. The Board audit committee must oversee the External Auditor’s effectiveness and independence.
           
        5. The external audit firm engaged by the Bank, including its Affiliates or Subsidiaries, must not provide any non-audit services to the Bank during the financial years of its external audit mandate, which could impair its objectivity and independence.
           
        6. The External Auditor must conduct audits in accordance with the International Standards on Auditing (ISA) that require the use of a risk and materiality based approach in planning and performing the audit.
           
        7. The scope of the external audits must include areas such as the loan portfolio and loss provisions, non-performing assets, asset valuations, trading and other securities activities, derivatives, asset securitizations, consolidation of and other involvement with off-balance sheet vehicles, the Pillar 3 reporting and the adequacy of internal controls over financial reporting.
           
        8. The External Auditor must comply with the independence provisions laid down in the Central Bank Law, this Regulation and the accompanying Standards. In case of violation of these provisions or failure in the performance of duties, the Central Bank may take any measures against the violating or negligent External Auditor, including rejection by the Central Bank to carry out audits in Banks.
           
        9. The Central Bank may require a Bank to rescind the appointment of an External Auditor it determines has not adhered to established professional standards or has inadequate expertise or independence.
           
        10. The External Auditor must meet with the Central Bank as deemed necessary for supervisory purposes. The Central Bank will access the External Auditor’s working papers, when necessary.
           
        11. The Central Bank may require a Bank to appoint an auditor at the Bank’s expense, who may be the existing External Auditor or another auditor specified by the Central Bank, to provide a report on a particular aspect of the Bank’s business operations, prudential requirements, risk governance framework or such other matters as the Central Bank may specify.
           
      • Article (4): Duty to Report to the Central Bank

        1. External Auditors must promptly report to the Central Bank violations of the Central Bank Law, regulations, instructions and any Matters of Significance arising from their audit of the Bank. External Auditors making such reports in good faith shall not be considered to have breached any of their obligations.
           
        2. Banks must promptly notify the Central Bank in case of resignation of their External Auditor and the reasons thereof, as well as obtain the no-objection from the Central Bank in case of their dismissal or change. Divergence of opinions between the Bank and its External Auditor cannot be ground for dismissal.
           
      • Article (5): Islamic Banking

        1. Banks offering Islamic Financial Services must prepare their financial statements in accordance with the IFRS and the instructions of the Central Bank.
      • Article (6): Enforcement and Sanctions

        1. Violation of any provision of this Regulation and the accompanying Standards may be subject to regulatory action and sanctions as deemed appropriate by the Central Bank. These may include withdrawing, replacing or restricting the powers of Senior Management or members of the Board, providing for the interim management of the Bank, or barring individuals from the UAE banking sector.
           
      • Article (7): Interpretation of Regulation

        1. The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.
      • Article (8): Cancellation of Previous Notices

        1. This Regulation and Standards replace all Articles of the following previous Central Bank Circulars and Notices with respect to financial reporting and external audit:
           
          1. Circular No 74 dated November 17 1981, External Auditors of Banks;
          2. Circular No 321 dated 24 January 1985, Name of the External Auditor to be provided to Central Bank before holding of AGM by the Local Banks;
          3. Circular No 348 dated 14 August 1985, Cooperation between the Bank's External Auditors and Central Bank;
          4. Circular Letter No BSD/908/85 dated 29 October 1985, External Auditors of Banks - Further clarifications to Circular No. 321 of 24/01/1985 and Circular No. 74 of 17/11/1981;
          5. Circular No 375 dated 13 February 1986, To provide the names of at least three Audit firms;
          6. Circular No 445 dated 15 June 1987, Annual accounts - Approval for Publication, Profit distribution/repatriation - No national Banks to distribute profits and No Foreign Banks to repatriate their profits without prior approval of the Central Bank;
          7. Circular No 466 dated 29 October 1987, External Auditors Report;
          8. Circular No 20/99 dated 25 January 1999, Adoption of International Accounting Standards (IAS);
          9. Notice No 1312/2008 dated 10 March 2008, Islamic Products/Investments - Accounting Treatment; and
          10. Notice No 9278/2011 dated 22 December 2011, Provisioning and Preparation of Annual Accounts.
      • Article (9): Publication and Application

        1. This Regulation and the accompanying Standards shall be published in the Official Gazette in both Arabic and English, and shall come into effect one month from the date of publication.
           
        2. Banks that will have the same external audit firm engaged cumulatively for 6 years or more as at the end of 2018 must rotate the external audit firm subject to the timely conduct of a procurement procedure.
    • Financial Reporting and External Audit Standards

      C 162/2018 STA
      • Introduction

        1. These Standards form part of the Financial Reporting and External Audit Regulation. All Banks must comply with these Standards, which expand on the Regulation. These Standards are mandatory and enforceable in the same manner as the Regulation.

        2. The Board is in the ultimate control of the Bank and accordingly ultimately responsible for the Bank’s approach to financial reporting and external audit. There is no one-size-fits-all or single best solution. Accordingly, each Bank could meet the minimum requirements of the Regulation and Standards in a different way and thus may adopt an organizational framework appropriate to the risk profile, nature, size and complexity of its business and structure. The onus is on the Board to demonstrate that it has implemented a comprehensive approach to financial reporting and external audit. Banks are encouraged to adopt leading practices that exceed the minimum requirements of the Regulation and Standards.1

        3. The Standards follow the structure of the Regulation, with each article corresponding to the specific article in the Regulation.


        1 The Central Bank will apply the principle of proportionality in the enforcement of the Regulation and Standards, whereby smaller Banks may demonstrate to the Central Bank that the objectives are met without necessarily addressing all of the specifics cited in the Standards.

      • Article (1): Definitions

        1. Affiliate: An entity owned by another entity by more than 25% and less than 50% of its capital.

        2. Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a bank.

        3. Board: The Bank’s board of directors.

        4. Central Bank: The Central Bank of the United Arab Emirates.

        5. Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the Monetary System and Organization of Banking as amended or replaced from time to time.

        6. Controlling Shareholder: A shareholder who has the ability to directly or indirectly influence or control the appointment of the majority of the board of directors, or the decisions made by the board or by the general assembly of the entity, through the ownership of a percentage of the shares or stocks or under an agreement or other arrangement providing for such influence.

        7. External Auditor: The audit firm and the individual audit engagement team members conducting the audit. Where relevant, specific references are made to the audit firm only in certain paragraphs.

        8. Group: A group of entities which includes an entity (the ‘first entity’) and:

        1. a.any Controlling Shareholder of the first entity;
        2. b.any Subsidiary of the first entity or of any Controlling Shareholder of the first entity; and
        3. c.any Affiliate.

        9. Internal Control: Consists of five interrelated elements, whose effective functioning is essential to achieving a Bank’s performance, information, and compliance objectives:

        1. a.management oversight and the control culture;
        2. b.risk recognition and assessment;
        3. c.control activities and segregation of duties;
        4. d.information and communication; and
        5. e.monitoring activities and correcting deficiencies.

        10. Islamic Financial Services: Shari’a compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products (Islamic Windows).

        11. Pillar 3: Pillar 3 disclosure requirements – consolidated and enhanced framework issued by the Basel Committee on Banking Supervision in March 2017 and any subsequent revisions.

        12. Risk governance framework: As part of the overall approach to corporate governance, the framework through which the Board and management establish and make decisions about the Bank’s strategy and risk approach; articulate and monitor adherence to the risk appetite and risk limits relative to the Bank’s strategy; and identify, measure, manage and control risks.

        13. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions.

        14. Subsidiary: An entity, owned by another entity by more than 50% of its capital, or is under full control of that entity regarding the appointment of the board of directors.

        • Article (2): Financial Reporting

          1. The Board is responsible for ensuring that the risk governance framework of the Bank, and if applicable, Group, provides for appropriate oversight of financial reporting and external audit. The framework must, at a minimum, provide for:

          1. a.Documentation in an appropriate mandate or terms of reference of the role and responsibility of the Board audit committee, including with respect to financial reporting; and
          2. b.Board-approved policies, procedures, systems, internal controls and independent assurance by the internal and/or external audit functions of the Bank on the preparation of financial statements and prudential reporting to the Central Bank.

          2. Banks must prepare their financial statements in accordance with the International Financial Reporting Standards (IFRS) and the instructions of the Central Bank. Such instructions may include, but are not limited to, the submission and publication of financial statements, classification and provisioning of financial items or guidance on the application of specific IFRS in the UAE banking sector.

          3. The Board’s responsibilities for governance structures applicable to all financial instruments measured at fair value must include:

          1. a.Reviewing and approving written policies related to fair valuations;
          2. b.Ongoing review of significant valuation model performance for issues escalated for resolution and all significant changes to valuation policies;
          3. c.Ensuring adequate resources are devoted to the valuation process;
          4. d.Articulating the Bank’s tolerance for exposures subject to valuation uncertainty and monitoring compliance with the Board’s overall policy settings at an aggregate Bank-wide level;
          5. e.Ensuring independence in the valuation process between risk taking and control units;
          6. f.Ensuring the appropriate internal and external audit coverage of fair valuations and related processes and controls;
          7. g.Ensuring the consistent application of accounting and disclosures; and
          8. h.Ensuring the identification of significant differences, if any, between accounting and risk management measurements, and that these are well documented and monitored.
        • Article (3): External Audit

          1. The external audit in Banks must be fully compliant with the provisions laid down in the Central Bank Law. Where more than one External Auditor is appointed, the External Auditors must distribute duties amongst themselves and issue a common external audit opinion.

          2. The Board audit committee must approve a policy for the tendering of the audit engagement. This must include requirements for knowledge and competence, objectivity, independence, professional skepticism and quality control. The Board audit committee must review and agree to the terms of the engagement prior to the signing of the written contract. Where relevant, the Board audit committee must ensure that the work plan of the engagement has been updated to reflect changes in the size, business mix or complexity of the Bank or in the instructions of the Central Bank.

          3. The Bank must carry out a procurement procedure to select the external audit firm at least once every 6 years, which coincides with the period of the rotation of the firm. Following rotation, a cooling off period of 3 years must be observed before the same firm may be re-selected. In addition, the Bank must rotate the external audit partner in charge of the audit every 3 years.

          4. The Board audit committee must assess the overall quality of the External Auditor at least annually. The External Auditor must provide the Board audit committee on an annual basis with a report on the audit firm’s internal quality control procedures, including the audit firm’s engagement quality control process, and any significant matters of concern arising from these procedures.

          5. In monitoring and assessing the work of the External Auditor, the Board audit committee must obtain an understanding of the auditor’s view on any significant matters arising during the audit, including both those subsequently resolved and those that remain outstanding. The Board audit committee must review with the External Auditor the statements provided by the Board and Senior Management in the representation letter to the External Auditor, considering whether, based on the knowledge of the members of the Board audit committee, the information provided for each item is complete and appropriate.

          6. Following completion of the fieldwork for the audit, and prior to issuance of the audit opinion, the Board audit committee must consider whether the External Auditor followed the audit plan and understand any reasons for changes in the plan. The Board audit committee must obtain feedback from Senior Management on the conduct of the audit. The Board audit committee’s assessment of the effectiveness of the external audit process must be reported to the Board for discussion of findings and any recommendations.

          7. The Board audit committee must have the right and authority to meet regularly – in the absence of Senior Management – with the External Auditor to understand and discuss all issues that may have arisen between the External Auditor and Senior Management in the course of the external audit and how these issues have been resolved. These meetings must also address any other matters that the External Auditor believes the Board audit committee should be aware of in order to exercise its responsibilities.

          8. The Board audit committee must discuss with the External Auditor any matters arising from the audit that may have an impact on regulatory capital or regulatory disclosures. This may include, but is not limited to, the discussion of accounting impairment charges versus regulatory expected losses and the consistency of the Bank’s prudential information, including the Pillar 3 reporting, with its annual report.

          9. The External Auditor must provide the Board audit committee with timely observations arising from the audit that are relevant to the committee’s oversight responsibility for the financial reporting process. These include, but not limited to:

          1. a.Significant difficulties encountered during the audit;
          2. b.Key areas of significant risk of material misstatement in the financial statements, in particular areas of estimates or measurement uncertainty such as loan loss provisioning and consequential effects on earnings, capital and other regulatory ratios;
          3. c.Areas of significant management judgement;
          4. d.The extent of requests made by the Group auditor to another audit firm or member firms with respect to performance of a Group audit;
          5. e.The use of external experts to assist with the audit;
          6. f.The External Auditor’s approach to internal control and significant internal control deficiencies noted;
          7. g.The extent to which the External Auditor has used the work of the internal audit function;
          8. h.Matters relating to accountability, including significant decisions or actions by Senior Management that lack appropriate authorization;
          9. i.Significant qualitative aspects of financial statement disclosures; and
          10. j.Feedback on the External Auditor’s relationship with Senior Management.

          10. The Board audit committee must approve a policy governing the provision of non-audit services by the External Auditor. This policy must specify the types of non-audit services the External Auditor may provide, or is prohibited from providing, and establish a requirement for approval of any such arrangement by the Board audit committee or by an appropriate level of Senior Management in accordance with authority delegated by the Board audit committee.

          11. The prohibited non-audit services are listed below; they must include further any prohibited services under Article (20) of Federal Law no. 12 of 2014 concerning Auditing Profession as well as under the Code of Ethics for Professional Accountants issued by the International Ethics Standards Board for Accountants, which are not specifically listed below:

          1. a.Bookkeeping and preparing accounting records and financial statements;
          2. b.Designing and implementing internal control or risk management procedures related to the preparation and/or control of financial information or designing and implementing financial information technology systems;
          3. c.services related to the Bank’s internal audit function;
          4. d.valuation services, including valuations performed in connection with actuarial services or litigation support services;
          5. e.human resources services, with respect to:
            1. i.management in a position to exert significant influence over the preparation of the accounting records or financial statements which are the subject of the external audit, where such services involve searching for or seeking out candidates for such position or undertaking reference checks of candidates for such positions;
            2. ii.structuring the organisation design; and
            3. iii.cost control;
          6. f.brokerage services in securities services or works;
          7. g.services linked to the financing, capital structure and allocation, and investment strategy of the Bank, except providing assurance services in relation to the financial statements, such as the issuing of comfort letters in connection with prospectuses issued by the Bank;
          8. h.promoting, dealing in, or underwriting shares in the Bank;
          9. i.legal services, with respect to:
            1. i.the provision of general counsel;
            2. ii.negotiating on behalf of the Bank; and
            3. iii.acting in an advocacy role in the resolution of litigation;
          10. j.services that involve playing any part in the management or decision-making of the Bank; and
          11. k.tax services and provision of tax advice.

          12. Where non-audit services are provided by the External Auditor, the Board audit committee must monitor the provision of such services to ensure that their performance does not impair the External Auditor’s objectivity and independence. This must take into consideration various factors including the skills and experience of the External Auditor, safeguards in place to mitigate any threat to objectivity and independence, and the nature of and arrangements for non-audit fees. The Bank’s annual report must explain to shareholders the nature of and the fee arrangements for the non-audit services received, and how the External Auditor’s independence is safeguarded.

          13. The External Auditor must meet the following expectations:

          1. a.have banking industry knowledge and competence sufficient to respond appropriately to the risks of material misstatement in the Bank’s financial statements and to properly meet any additional regulatory requirements that may be part of the external audit;
          2. b.be objective and independent in both fact and appearance with respect to the Bank;
          3. c.exercise professional skepticism when planning and performing the audit of Banks, having due regard to the specific challenges in auditing a Bank;
          4. d.comply with the applicable standards on quality control;
          5. e.identify and assess the risks of material misstatement in the Bank’s financial statements, taking into consideration the complexities of the Bank’s activities and the effectiveness of its internal control environment; and
          6. f.have professional indemnity insurance in the UAE.

          14. The External Auditor must furnish the Board audit committee at least annually with information about the firm’s policies and processes for maintaining independence and monitoring compliance with independence requirements. This includes, but is not limited to, assurance that the audit engagement team members have no personal, family, business, financial or other relationships with the Bank which could adversely affect the External Auditor’s actual or perceived independence and objectivity.

          15. The External Auditor may not purchase the securities of the Bank whose accounts are audited by them or sell such securities directly or indirectly or provide any consultancies to any person in connection with such securities during the blackout period.

          16. The External Auditor may not serve on the Board or hold a position in Senior Management before two years have lapsed from the time of involvement in the Bank’s audit.

          17. The External Auditor’s terms of engagement must be established in a written contract which, at a minimum, provides that:

          1. a.The External Auditor must meet with the Central Bank as deemed necessary for supervisory purposes. The Central Bank will determine whether the Bank will participate in such meetings;
          2. b.The External Auditor bears no duty of confidentiality to the Bank with respect to any notification to or meeting with the Central Bank required by this Regulation, or the provision of any document or information required to be submitted to, or requested by, the Central Bank for supervisory purposes; and
          3. c.The External Auditor must provide, upon request by the Central Bank, access to working papers and other documents that support conclusions made in the audit opinion.
        • Article (4): Duty to Report to the Central Bank

          1. The contract between the Bank and its External Auditor must specifically include all the requirements of Article 4 of the Regulation with regard to its duty to report to the Central Bank.

        • Article (5): Islamic Banking

          1. The terms of the engagement of the External Auditor of Banks offering Islamic Financial Services must ensure adequate coverage of the financing portfolio, financing loss provisions, non-performing assets, asset valuations, trading and other securities transactions, Shari’a-compliant hedging instruments, asset securitizations, consolidation of and other involvement with off-balance sheet vehicles and the adequacy of internal controls over financial reporting.