| 1. | A Company’s organisational structure must be transparent and support the strategic objectives and operations of the Company. The Board and Senior Management must understand the structure and the risks associated with it.
|
| 2. | The Board must act in the best interests of its various stakeholders while meeting regulatory expectations. Treating customers fairly and policyholder protection must be an integral part of a Company’s governance and corporate culture.
|
| 3. | Branches of foreign Companies must establish local governance structures, such as a Senior Management committee or equivalent, that fulfill the responsibilities of a Board required by these Standards. Branches must ensure their Control Functions are operating effectively. Branches must establish Control Functions that are robust, report to the local management structures and are accountable to the Group’s heads of Control Functions. The local management structure of the branch must take steps, as necessary, to help the branch meet its own Corporate Governance responsibilities in line with the Regulation and Standards. It is the responsibility of the local governance structures to ensure that local legal and regulatory requirements are implemented and, where appropriate, make adjustments where the Group structures conflicts with a provision of these Standards.
|
| 4. | Group Structure:
| a. | In order to fulfil its responsibilities, the Board must ensure that:| 1. | There is a Corporate Governance framework at the Group level, with clearly defined roles and responsibilities, taking into account the complexity and significance of the individual entities;
| | 2. | There is an appropriate Group management structure and internal control framework which takes into account the material risks to which the Group and its individual entities are exposed;
| | 3. | The Group’s Corporate Governance framework includes adequate policies, processes and controls, and addresses risk management across the entities;
| | 4. | The Group’s Corporate Governance framework includes appropriate processes and controls to identify and address potential intragroup Conflicts of Interest, such as those arising from intragroup transactions;
| | 5. | There are Board-approved policies and clear strategies for establishing new structures and legal entities, which ensure that they are consistent with the policies and interests of the Group;
| | 6. | There are effective systems in place to facilitate the exchange of information and coordination among the various entities, to manage the risks of the individual entities as well as of the Group as a whole, and to ensure effective control of the Group;
| | 7. | There are sufficient resources to monitor the compliance of all entities with all applicable legal, regulatory and governance requirements; and
| | 8. | There is an effective internal audit function, and in the case of a Company offering Islamic financial services, an effective internal Shari`ah audit function, which ensures audits are being performed on all Group entities and the Group itself.
|
| | b. | While the Board of the Company must conduct strategic, Group-wide risk management and prescribe corporate risk profiles, the Company’s management and Affiliate boards must have appropriate input into their local or regional application and the assessment of local risks. It is the responsibility of the Companies’ boards, or equivalent in the case of foreign branches, to assess the compatibility of the Group policies with local legal and regulatory requirements.
| | c. | The Board and Senior Management must take into account the financial, legal, reputational and other risks to the Company from operating through complex or non-transparent structures. Measures to avoid or mitigate these risks include, but are not limited to:
| 1. | Avoiding setting up complex structures that lack economic substance or business purposes;
| | 2. | Continually maintaining and reviewing appropriate policies, procedures and processes governing the approval and maintenance of those structures or activities, including fully vetting the purpose, the associated risks and the Company’s ability to manage those risks prior to setting up new structures and initiating associated activities;
| | 3. | Having a centralised process for approving the creation of new legal entities and dissolution of dormant entities based on established criteria, including the ability to monitor and fulfil each entity’s regulatory, tax, financial reporting, governance and other requirements;
| | 4. | Establishing adequate procedures and processes to identify and manage all material risks arising from these structures, including lack of management transparency, operational risks introduced by interconnected and complex funding structures, intragroup exposures, trapped collateral and counterparty risk, ensuring that structures are only approved if the material risks can be properly identified, assessed and managed; and
| | 5. | Ensuring that activities and structures are subject to regular internal and external audit reviews and Shari`ah audit reviews in case of providing Takaful Insurance products.
|
|
|
| 5. | The Board must have a formal written Conflict of Interest policy for its members. The policy must include the following, at a minimum,:
| | | a. | Duties of the members of the Board to avoid, to the extent possible, activities that could create Conflicts of Interests or the appearance of Conflicts of Interests;
| | b. | Examples of how Conflicts of Interest can arise when serving as a member of the Board;
| | c. | A process for management of Conflicts of Interests by the Board or an ethics committee, where one exists;
| | d. | A Board review and approval process applicable to members of the Board before they engage in specific activities, such as serving on another Board, to ensure that such activities will not create a Conflict of Interest;
| | e. | A process to prevent members from holding directorships in other Companies;
| | f. | A member of the Board’s duty to promptly disclose any matter that may result, or has already resulted, in a Conflict of Interest;
| | g. | A member of the Board’s duty to abstain from voting on any matter where the member of the Board may have a Conflict of Interest (existing or potential) or where the member of the Board’s objectivity or ability to properly fulfil duties to the Company may be otherwise compromised;
| | h. | Procedures to ensure that transactions with Related Parties must be undertaken on an arm’s length basis; and
| | i. | The way the Board will deal with non-compliance with the Conflict of Interest policy.
|
|
|
| 6. | Transactions with Related Parties must not be undertaken on more favourable terms than corresponding transactions with non-related counterparties.
|
| 7. | Companies must have policies and processes in place to identify individual exposures to and transactions with Related Parties, as well as the total amount of such exposures; and monitor and report on them through an independent credit review or audit process. Exceptions to policies, processes and limits must be reported to the appropriate level of the Company’s Senior Management and, if necessary, to the Board for timely action, based on the stipulations of the policy. Senior Management must monitor Related Party Transactions on an ongoing basis, and the Board must also provide oversight of these transactions.
|
| 8. | The Board must ensure that transactions with Related Parties (including intragroup transactions) are reviewed to assess risk and are subject to appropriate restrictions (e.g. by requiring that such transactions be conducted on arm’s length terms) and that corporate or business resources of the Company are not misappropriated or misapplied.
|
| 9. | Transactions with Related Parties and the write-off of related-party exposures are subject to prior approval by the Company’s Board. Members of the Board with Conflicts of Interest must be excluded from the approval process for granting and managing Related Party Transactions. Companies must report any breaches promptly to the Central Bank. The Central Bank may impose additional capital and/or provisioning requirements to cover any such breaches.
|
| 10. | Companies must have policies and procedures in place to prevent persons benefiting from a transaction that has an existing or potential Conflict of Interest and/or persons related to such a person, from being part of the process of granting and managing the transaction.
|
| 11. | Companies must maintain a register of Related Parties and details of every Related Party Transaction.
|