Article (6) Field Review
6.1 The Field Review May Include The Following
a. Opening Meeting, b. Sampling Methodology, c. Development of Internal Checklists, d. Walkthrough, e. Internal Controls Assessment, and f. Staff Awareness. 6.2 Opening Meeting
The SCF should start the field review with an opening meeting that involves representatives from the relevant departments and sections.
6.3 Sampling Methodology
a. The SCF should develop a sampling methodology that will be followed during the review exercise. The sample size and the sampling procedure should be objective and robust to ascertain with a high level of confidence that the selected sample fairly represents transactions executed during the period that is covered by the review exercise. b. The SCF should determine the sampling methodology which provides clarity related to the minimum quantity of samples that may be reviewed (such as 10% sample size) of the total number of transactions subject to the review exercise. Appendix (B) contains generic guidance for developing the sampling methodology. c. The SCF may need to select a larger or additional sample size than what was initially planned if the circumstances arise, such as in cases where there is reasonable uncertainty on whether an identified SNC incident/s is a random or systemic failure of the IFI to comply with the regulatory requirements and ISSC Resolutions. These instances should be specified in the IFI’s sampling methodology. 6.4 Development of Internal Checklists
a. SCF should develop checklists needed to undertake an adequate and effective review of the subject that is being reviewed. b. In developing checklists, the SCF should ascertain that it has mapped all requirements and expectations of the regulatory requirements and the ISSC’s Resolutions applicable to the subject planned to be reviewed, and that all relevant requirements are adequately transferred into the checklists. Appendix (C) outlines generic guidance for developing the respective checklists. 6.5 Walkthrough
a. SCF should conduct a walkthrough test of real-life deals to gauge the reliability of internal procedures, manuals and policies in relation to day-to-day activities of the IFI. b. The walkthrough should be accompanied by an assessment of the controls, their adequacy and effectiveness in real-life deals. Preparation for the walkthrough should include interviewing the relevant staff regarding the applicable processes and procedures, and questions or queries that would need to be asked during the walkthrough. The questions should cover exceptional and unusual situations that occur in day-to-day work. 6.6 Internal Controls Assessment
The SCF should assess internal controls related to SNC risk to ascertain their design and operational effectiveness. The assessment should, among others, cover the following aspects:
a. scope and adequacy of the control design in relation to addressing the SNC risk, b. operational reliability of the control and its effectiveness in identifying exceptions across all possible scenarios that could arise, c. probability of avoiding or circumventing the control, and d. comprehensiveness of the existing controls to address all relevant SNC risk. 6.7 Staff Awareness
a. The SCF should assess the staff awareness in relation to knowledge and skills that they need to possess to adequately fulfil their job duties, as per the responsibilities specified in the employee’s job description, without violating the provisions of Islamic Shari’ah. b. Determination of the type of knowledge and skills each employee needs to possess should depend on the nature of the employee’s responsibilities. For example, personnel with responsibility to execute the exchange of currency should be equipped with knowledge and skills specifically related to: 1. execution of all necessary steps or processes in currency exchange, which the employee is responsible for executing in line with parameters of Islamic Shari’ah. 2. reasonable understanding of SNC risks that may arise from this type of transaction, their potential consequences and steps or actions required to adequately manage the risks in order to prevent potential incidents from occurring. c. The IFI should develop proper training and staff awareness programme.