1. A Bank offering Islamic financial services must undertake a Shari’a compliance review at least annually, performed either by a separate internal Shari’a control department or as part of the existing internal and external audit functions, by persons having the required knowledge and expertise. The objective must be to ensure that the nature of the Bank’s financing and equity investment and its operations are executed in adherence to the applicable Shari’a provisions as per the fatwa, policies and procedures approved by the Bank’s Shari’a control committee.

2. Tasks of the compliance function requiring specific expertise with respect to Islamic financial services may be outsourced, but they must remain subject to appropriate oversight by the head of compliance.

3. The Bank’s internal Shari’a control committee is responsible for ensuring that the internal audit function provides independent assurance with respect to specific types of risk applicable to Islamic financial services.

4. The staff within the internal audit function must be competent and collectively have the relevant experience and sufficient authority within the Bank to assess whether Shari’a compliance processes are effective and appropriate, taking into account the business of the Bank, and to determine if the relevant policies and procedures are complied with.