The Central Bank seeks to promote the effective and efficient development and functioning of the banking system. To this end, Banks are required to have a comprehensive approach to corporate governance to ensure their resiliency and enhance overall financial stability. In particular, Banks and Groups must have robust corporate governance policies and processes covering strategy, organizational structure, control environment, risk management responsibilities and compensation of Boards and Staff.

In introducing this Regulation and the accompanying Standards, the Central Bank intends to ensure that Banks’ approaches to corporate governance are in line with leading international practices.

This Regulation and the accompanying Standards establish the overarching prudential framework for corporate governance. Regulatory requirements for selected governance areas such as risk management, internal controls, compliance, internal audit, financial reporting, external audit and outsourcing are established in separate Central Bank Regulations and Standards.

This Regulation and the accompanying Standards are issued pursuant to the powers vested in the Central Bank under the Central Bank Law.

Where this Regulation, or its accompanying Standards, include a requirement to provide information or to take certain measures, or to address certain items listed at a minimum, the Central Bank may impose requirements that are additional to the listing provided in the relevant Article.

The objective of this Regulation is to establish the minimum acceptable standards for Banks’ approach to corporate governance, with a view to:

1. Ensuring the soundness of Banks; and
2. Contributing to financial stability and consumer protection.

The accompanying Standards supplement the Regulation to elaborate on the supervisory expectations of the Central Bank with respect to corporate governance for Banks.

The Bank's Board is in ultimate control of the Bank and accordingly ultimately responsible for the Bank’s corporate governance. There is no one-size-fits-all or single best solution. Accordingly, each Bank could meet some elements of the minimum requirements of the Regulation and Standards in a different way; the onus is on the Board to demonstrate to the Central Bank that it has implemented a comprehensive approach to corporate governance.¹ Banks are encouraged to adopt leading practices that exceed the minimum requirements of the Regulation and Standards.
 

¹The Central Bank will apply the principle of proportionality in the enforcement of the Regulation and Standards, whereby smaller Banks may demonstrate to the Central Bank that the objectives are met without necessarily addressing all of the specifics cited therein.

This Regulation and the accompanying Standards apply to all Banks. Banks established in the UAE with Group relationships, including Subsidiaries, Affiliates, or international branches, must ensure that the Regulation and the Standards are adhered to on a solo and Group-wide basis.

Branches of foreign Banks licensed to operate in the UAE must adhere to this Regulation and Standards or establish equivalent arrangements so as to ensure regulatory comparability and consistency, with the exception of Article (3) of this Regulation. Branches of foreign Banks must establish local governance structures that meet the objectives of Articles (2) and (4) of this Regulation.

This Regulation and the accompanying Standards are in addition to the provisions relating to public joint stock companies in the Federal Law No. 2 of 2015 on Commercial Companies (the “Commercial Companies Law”), and the Chairman of Authority's Board of Directors' Resolution No. (7 R.M) of 2016 Concerning the Standards of Institutional Discipline and Governance of Public Shareholding Companies (“SCA Regulation”). In the event of contradiction with any provisions of the SCA Regulation, the requirements of the Central Bank’s Regulation and Standards shall prevail.

1. Affiliate: An entity owned by another entity by more than 25% and less than 50% of its capital.
    
2. Bank: Any juridical person licensed in accordance with the provisions of the Central Bank Law, to primarily carry on the activity of taking deposits, and any other Licensed Financial Activities.
    
3. Board: The Bank’s board of directors.
    
4. Central Bank: The Central Bank of the United Arab Emirates.
    
5. Central Bank Law: Decretal Federal Law No. (14) of 2018 Regarding the Central Bank & Organization of Financial Institutions and Activities.
    
6. Chief Executive Officer: The most senior executive appointed by the Board.
    
7. Conflict of Interest: A situation of actual or perceived conflict between the duty and private interests of a person, which could improperly influence the performance of his/her duties and responsibilities.
    
8. Control Functions: The Bank’s functions that have a responsibility independent from management to provide objective assessment, reporting and/or assurance; this includes the risk management function, the compliance function and the internal audit function.
    
9. Controlling Shareholder: A shareholder who has the ability to directly or indirectly influence or control the appointment of the majority of the Board of directors, or the decisions made by the Board or by the general assembly of the entity, through the ownership of a percentage of the shares or stocks or under an agreement or other arrangement providing for such influence.
    
10. Corporate Governance: The set of relationships between the Bank’s management, Board, shareholders and other stakeholders which provides the structure through which the objectives of the Bank are set, and the means of attaining those objectives and monitoring performance. It helps define the way authority and responsibility are allocated and how corporate decisions are made.
     
11. Duty of Care: The duty to decide and act on an informed and prudent basis with respect to the Bank. Often interpreted as requiring Members of the Board to approach the affairs of the Bank the same way that a “prudent person” would approach his/her own affairs.
     
12. Duty of Confidentiality: The duty to observe confidentiality applies to all information of a confidential nature with which a Member of the Board is entrusted by the Bank or which is brought to his or her attention during or at any time after the carrying out of his/her assignment
     
13. Duty of Loyalty: The duty to act in the good faith in the interest of the Bank. The duty of loyalty should prevent individual Members of the Board from acting in their own interest, or the interest of another individual or group, at the expense of the Bank and shareholders.
     
14. First-Degree Relatives: The individual’s parents, siblings and children.
     
15. Fit and Proper Process: The evaluation of a Bank’s proposed members of the Board and Senior Management as to expertise and integrity. The specific fit and proper criteria are listed in article 2.13 of the Standards.
     
16. Government:The UAE Federal Government or one of the governments of the member Emirates of the Union.
     
17. Group: A group of entities which includes an entity (the ‘first entity’) and:
     
    1. any Controlling Shareholder of the first entity;
        
    2. any Subsidiary of the first entity or of any Controlling Shareholder of the first entity; and
        
    3. any Affiliate, joint venture, sister company and other member of the Group.
    
     
18. Higher Shari`ah Authority: The Higher Shari`ah Authority that was established at the Central Bank by the Cabinet Resolution no. (102/ 1/ و5) 2016.
     
19. Independent Member of the Board: A Member of the Board who has no relationship with the Bank or Group that could lead to benefit which may affect his/her decisions. He/she must not be under any other undue influence, internal or external, ownership or control, which would impede the Member’s exercise of objective judgment. The Independent Member of the Board forfeits his/her independence in the cases specified in Article 3.4 of the Standards.
     
20. Islamic Financial Services: Shari`ah compliant financial services offered by Islamic Banks and Conventional Banks offering Islamic banking products.
     
21. Material Risk Takers: Staff whose work is deemed to have a significant impact on the overall risk profile of the Bank or the Group.
     
22. Non-Executive Member of the Board: A Member of the Board who does not have any management responsibilities within the Bank, and may or may not qualify as an Independent Member of the Board.
     
23. Pillar 3: Pillar 3 disclosure requirements – consolidated and enhanced framework issued by the Basel Committee on Banking Supervision in March 2017 and any subsequent revisions.
     
24. Public Joint Stock Company: A Public Joint Stock Company is a company whose capital is divided into equal and negotiable shares. The founders shall subscribe to part of such shares while the other shares are to be offered to the public under a public subscription. A shareholder shall be liable only to the extent of his share in the capital of the company, as per the Federal Law No. (2) of 2015 on Commercial Companies.
     
25. Regulations: Any resolution, regulation, circular, rule, standard or notice issued by the Central Bank.
     
26. Related Parties: The Group and its Controlling Shareholder’s Members of the Board and Senior Management (and their First-Degree Relatives) and persons with control, joint control or significant influence over the Bank (and their First-Degree Relatives).
     
27. Related Party Transactions: Include on-balance sheet and off-balance sheet credit exposures and claims as well as dealings such as service contracts, asset purchases and sales, construction contracts, lease agreements, derivative transactions, borrowings, and write-offs. The term transaction incorporates not only transactions that are entered into with related parties but also situations in which an unrelated party (with whom a Bank has an existing exposure) subsequently becomes a related party; disclosures must reflect all related party events and transactions for the financial period.
     
28. Risk Appetite: The aggregate level and types of risk a Bank is willing to assume, decided in advance and within its risk capacity, to achieve its strategic objectives and business plan.
     
29. Risk Governance Framework: As part of the overall approach to corporate governance, the framework through which the Board and Senior Management establish and make decisions about the Bank’s strategy and risk approach; articulate and monitor adherence to the risk appetite and risks limits relative to the Bank’s strategy; and identify, measure, manage and control risks.
     
30. Senior Management: The executive management of the Bank responsible and accountable to the Board for the sound and prudent day-to-day management of the Bank, generally including, but not limited to, the Chief Executive Officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions.
     
31. Subsidiary: An entity, owned by another entity by more than 50% of its capital, or under full control of that entity regarding the appointment of the Board of directors.
     
32. Staff: All the persons working for a Bank including the members of Senior Management, except for the Members of its Board.
     

1. Members of the Board must act with integrity, exercising their Duty of Care, Duty of Confidentiality and Duty of Loyalty. They are responsible for ensuring effective control over the Bank’s entire business.
    
2. Members of the Board must ensure that a Bank and, if applicable, Group has robust corporate governance policies and processes commensurate with its risk profile and systemic importance. In the case of offering Islamic financial services, a Bank must fully comply with Shari`ah rules and establish a sound and effective Shari`ah governance framework with the key mechanisms and functionalities to ensure effective and independent Shari`ah oversight, as per the requirements set out by the Central Bank and the Higher Shari`ah Authority.
    
3. Members of the Board are responsible for approving and overseeing implementation of the Bank’s Risk Governance Framework and the alignment of its strategic objectives with its Risk Appetite.
    
4. Members of the Board are responsible for establishing and communicating corporate culture and values through measures including, but not limited to, a written code of conduct, a conflict of interest policy, a whistleblowing policy mechanism, an insider trading policy and a strong internal control environment.
    
5. Members of the Board are responsible for the organizational structure of the Bank and the Group, if applicable, including executing the key responsibilities of the Board and specifying the key responsibilities and authorities of its committees and Senior Management.
    
6. Members of the Board are responsible for overseeing Senior Management, ensuring that the Bank’s activities are carried out in a manner consistent with the business strategy, Risk Governance Framework, compensation and other policies approved by the Board.
    
7. Members of the Board are responsible for establishing a Fit and Proper Process for the selection of Senior Management, including the heads of the risk management, compliance and internal audit functions, and the maintenance of succession plans for Senior Management.
    

1. A Bank’s Board must be sufficiently diverse in its composition. Collectively, the Board must have knowledge of all significant businesses of the Bank, and if applicable, Group. The Board must have an appropriate balance of skills, diversity and expertise commensurate with the size, complexity and risk profile of the Bank, and if applicable, Group.
    
2. A Bank’s Board must be comprised of at least seven (7) members and a maximum of eleven (11) members, each with a maximum three (3) year renewable term of membership. All Members of the Board must be Non-Executive, of which at least one third (1/3) must be Independent members. The chair may be a Non-Executive Member of the Board or an Independent Member of the Board. The Board should not contain any executive members with management responsibilities in the Bank.
    
3. The chair and the majority of the Members of the Board must be UAE nationals.
    
4. The Board may not delegate to the chair all the powers of the Board in an absolute manner.
    
5. The maximum tenure as an Independent Member of the Board in the same Bank is twelve (12) consecutive years from the date of his/her appointment. At the expiration of the tenure, the Member is no longer regarded as Independent.
    
6. A Member of the Board may hold memberships in the boards of up to five (5) Public Joint Stock Companies (PJSCs) in the UAE. This is also applicable to PJSCs inside the banking Group. The Member of the Board may hold memberships in the Board of only one (1) Bank in the UAE and up to four (4) Banks outside the UAE. The Member of the Board must obtain permission from the Bank’s Board before accepting nomination to serve on another Board and no conflict of interest must be present. The provisions of this article shall apply equally to persons appointed by a Government shareholder.
    
7. If the Government owns 5% or more of the Bank’s capital, it may appoint persons to represent it on the Board with the same proportion to the number of Members of the Board with minimum one (1) person. A Government-owned Bank’s Board composition must allow the exercise of objective and independent judgment.
    
8. A Board must have a clear and rigorous process for identifying and selecting all the candidates for the Board of the Bank, and if applicable, Group. This must include a Fit and Proper Process. At least twenty per cent (20%) of candidates for consideration for the Board’s membership must be female.
    
9. The no-objection of the Central Bank must be obtained prior to the appointment, nomination or renewal of any person for membership of the Board. In all cases, a Bank must immediately notify the Central Bank if it becomes aware of any material information that may negatively affect the fitness and probity of a Member of the Board. The no-objection of the Central Bank must be obtained prior to the removal of a Member of the Board during his/her term of membership.
    

1. The chair of the Board is responsible for the overall effective functioning of the Board and its committees.
    
2. The Board must meet at least six (6) times a year. The Bank must appoint a secretary to the Board of Directors who is not a Member of the Board. The Board and its committees must maintain appropriate minutes, which reflect details of issues discussed, recommendations made, decisions taken and dissenting opinions.
    
3. The Board and its committees may invite members of the Bank’s Staff and external experts to attend meetings as deemed appropriate. Staff of the Central Bank may attend meetings of the Board and/or its committees and have access to their minutes.
    
4. The Board may delegate specific authority, but not its responsibilities, to specialized Board committees. Each committee created by the Board must have a charter or other instrument that sets out its membership, mandate, scope, working procedures and means of accountability to the Board. The committees must have access to external expert advice where needed to ensure a collective balance of skills and expert knowledge commensurate with the complexity of the Bank and the duties to be performed.
    
5. The Board structure must include committees with responsibilities for audit, risk, nomination and compensation. The Board may also establish other specialized committees (e.g. ethics, assets and liabilities, etc).
    
6. The audit and risk committees must not be merged with any other Board committees. Both committees’ chairs must be must be Independent Members of the Board, who are distinct from the chair of the Board and the chairs of other committees. The audit committee must be made up of Independent or Non-Executive Members of the Board and include Members who collectively have experience in audit practices, financial reporting and accounting. The risk committee must be made up of a majority of Independent Members of the Board and include Members who collectively have experience in risk management issues and practices.
    
7. Banks may merge the nomination and compensation committees. Their chairs and members may be Non-Executive or Independent Members of the Board.
    
8. The Board must carry out annual assessments, alone or with the assistance of external experts, of the Board as a whole, its committees, and individual members.
    
9. The Board must establish and periodically update its by-laws, procedural rules or other similar documents setting out its organization, responsibilities and key activities.
    

1. A Bank must have a clearly defined organization structure and decision-making process with authorities delegated by the Board to Senior Management.
    
2. Under the direction and oversight of the Board, Senior Management must carry out and manage the Bank’s activities in a manner consistent with the business strategy, risk appetite, compensation and other policies approved by the Board.
    
3. Senior Management must provide the Board with the information it requires to carry out its responsibilities, including the supervision and assessment of the performance of Senior Management.
    
4. A Board must have a clear and rigorous process for identifying and selecting candidates for the Senior Management of the Bank, and if applicable, Group. This must include a Fit and Proper Process.
    
5. A member of Senior Management may not hold a Staff position in any other entity, neither inside nor outside the banking Group. A member of Senior Management may hold memberships in the boards of up to two (2) non-Bank entities outside the banking Group. In addition, the member of Senior Management, with the exception of Chief Risk Officers and Heads of the compliance and internal audit functions, may hold memberships in the boards of entities inside the banking Group. The member of Senior Management must obtain permission from the Board before accepting nomination to serve on a board in any other entity and no conflict of interest must be present.
    
6. The no-objection of the Central Bank must be obtained prior to the appointment or renewal of employment contract of any member of Senior Management. In all cases, a Bank must immediately notify the Central Bank if it becomes aware of any material information that may negatively affect the fitness and probity of a member of Senior Management.
    

1. A Bank must enter into any transactions with Related Parties on an arm’s length basis, monitor these transactions, and take appropriate steps to control or mitigate the risks and write off exposures to Related Parties in accordance with standard policies and processes.
    
2. The Central Bank may set, on a general or case-by-case basis, limits for exposures to Related Parties, deduct such exposures from capital when assessing capital adequacy, or require collateralization of such exposures.
    
3. A Bank may extend credit facilities to members of the Board, Staff, and relatives of such persons as determined by the Central Bank in its Regulations as amended from time to time. Credit facilities extended to Staff and their Relatives must be approved by the Board or one of its committees. Credit facilities extended to a Member of their Board must be approved by the whole Board. In all cases, a Member of the Board must abstain from voting on the approval of the credit facilities where he/she may have a related conflict of interest.
    

1. The members of the Board, for which the Central Bank is the primary regulator, having Group relationships including subsidiaries, affiliates, or international branches, are responsible for the Group. This includes the establishment and operation of a clear governance framework appropriate to the structure, business and risks of the parent Bank and all its related entities.
    
2. The Board must exercise adequate oversight over the Group while respecting the independent legal and governance responsibilities that might apply to the individual entities. The Board and Senior Management must understand the Group organizational structures, both at the legal entity and business line, and the risks posed.
    

A Bank must have an appropriate Risk Governance Framework that provides a Bank-wide, and if applicable, Group-wide view of all material risks. This includes policies, processes, procedures, systems and controls to identify, measure, evaluate, monitor, report, and control or mitigate material sources of risk on a timely basis. The Bank’s risk management function must be independent of the management and decision-making of the Bank’s risk-taking functions and have a direct reporting line to the Board or the Board risk committee. Governance requirements for Risk Management are contained in separate Regulations and Standards issued by the Central Bank.

A Bank must have strong internal control frameworks and establish permanent, independent and effective compliance and internal audit functions. The Bank’s compliance function must have primary reporting obligations to the Chief Executive Officer and a right of direct access to the Board or the Board audit committee and/or Board risk committee. The Bank’s internal audit function must report to the Board or the Board audit committee. Governance requirements for internal control, compliance and internal audit are contained in a separate Regulation and Standards issued by the Central Bank.

A Bank must maintain appropriate records, prepare financial statements in accordance with the International Financial Reporting Standards (IFRS) and the instructions of the Central Bank, and publish annual financial statements bearing the opinion of an external auditor approved by the Central Bank. Governance requirements for financial reporting and external audit are contained in a separate Regulation and Standards issued by the Central Bank.

A Bank must establish appropriate policies and processes to assess, manage and monitor outsourced activities. Any outsourcing arrangements entered into by a Bank must be subject to appropriate due diligence, approval and ongoing monitoring in order to identify and mitigate risks inherent to outsourcing. Governance requirements for outsourcing are contained in a separate Regulation and Standards issued by the Central Bank.

1. A Bank must have a Board-approved compensation system that supports sound corporate governance and risk management, including appropriate incentives aligned with prudent risk-taking. Performance standards must be consistent with the long-term sustainability and financial soundness of the Bank.
    
2. The Board together with its compensation committee must approve the compensation of Senior Management and oversee the development and operation of compensation policies, systems and related control processes.
    
3. Compensation outcomes must be symmetric with risk outcomes. Compensation payout schedules must be sensitive to the time horizon of risks through arrangements that defer a sufficiently large portion of the compensation until risk outcomes become better known. The compensation framework must provide for mechanisms to adjust variable compensation, including through inyear adjustment, and malus or clawback arrangements, which can reduce variable compensation after it is awarded or paid.
    
4. Members of the Board must be compensated only with fixed compensation comprising the payment of an annual fixed amount and the reimbursement of directly related costs to the discharge of their responsibilities. Bonus or any incentive-based mechanisms based on the performance of the Bank must be excluded.
    
5. The compensation of Staff in the control functions of risk management, compliance and internal audit must be predominantly fixed to reflect the nature of their responsibilities and determined independently of the performance of the Bank. The variable compensation must be based on performance targets related to their functions and independent of the lines of business they monitor and control.
    
6. For Senior Management and Material Risk Takers, a proportion of the total compensation must be performance-based. Provisions must be included so that compensation can be reduced or reversed based on realized risks and violations of laws, Regulations, codes of conduct or other policies, before compensation vests.
    
7. The annual individual bonus for Senior Management and Material Risk Takers must not exceed 100% of the fixed proportion of his/her total compensation. A higher bonus of up to 150% would require approval by the Board. A bonus up to 200% would require approval by the General Assembly of the Bank.
    
8. The annual total bonus for all Staff must not exceed 5% of the Bank’s net profit. A higher bonus would require approval by the General Assembly of the Bank before disbursement, along with an attestation signed by all Members of the Board that the Bank is in compliance with all the Regulations issued by the Central Bank.
    

1. The Bank’s corporate governance policies and processes must ensure that timely and accurate disclosure is made on all material matters regarding the Bank, including the financial situation, performance, ownership, and governance of the Bank.
    
2. A Bank must publish an annual corporate governance-specific and comprehensive statement in a clearly identifiable section of its annual report. More frequent disclosure of corporate governance matters is encouraged.
    
3. A Bank must include in their corporate governance statement clear, comprehensive and timely information about their compensation practices to facilitate constructive engagement by all stakeholders. In particular, Banks must comply with the relating Pillar 3 disclosure requirements.
    
4. A Bank must include in their corporate governance statement details of transactions with related parties during the reporting period and the aggregate amount of all related party exposures at the end of the reporting period.
    
5. A Bank must include in their corporate governance statement an attestation signed by the chair of the Board (or in the case of a branch of a foreign Bank the Senior Management committee or equivalent), confirming that all internal policies required to ensure compliance with the Central Bank’s Regulations and Standards on corporate governance, risk management, internal controls, compliance, internal audit, financial reporting, external audit and outsourcing have been implemented and reviewed for adequacy by the Board within the last year. Otherwise, the attestation must specify those requirements not met and the date by which the Bank intends to comply fully.
    

1. A Bank offering Islamic financial services must ensure that its corporate governance framework adequately provides for:
    
   1. Internal Shari`ah review and Shari`ah governance reporting to ensure compliance with Shari`ah rules;
       
   2. The role of the internal Shari`ah control committee in the governance of the Bank;
       
   3. The rights of investment account holders and the processes and controls for protecting their rights in line with the general terms and conditions for accounts and Islamic financial services; and
       
   4. Transparency of financial reporting in respect of investment accounts.
       
2. A Bank offering Islamic financial services must ensure compliance with any direction or guidance issued by the Higher Shari`ah Authority with respect to its Shari`ah governance framework.
    
3. A Bank offering Islamic financial services must immediately notify the Central Bank if it becomes aware of any material information that may negatively affect the fitness and probity or independence of an internal Shari`ah control committee member.
    

1. Violation of any provision of this Regulation and the accompanying Standards may be subject to supervisory action and sanctions as deemed appropriate by the Central Bank.
    
2. Without prejudice to the provisions of the Central Bank Law, supervisory action and sanctions by the Central Bank may include withdrawing, replacing or restricting the powers of Senior Management or Members of the Board, providing for the interim management of the Bank, or barring individuals from the UAE banking sector.
    

1. The Regulatory Development Division of the Central Bank shall be the reference for interpretation of the provisions of this Regulation.
    

1. This Regulation and the accompanying Standards repeal and replace the following previous Central Bank Circulars and Notices:
    
   1. Notice No 2203/2011 dated 5 April 2011, Membership of Board of Directors of Banks;
       
   2. Circular No 23/00 dated 22 July 2000, Required Administrative Structure in Banks; and
       
   3. Circular No 10/92 dated 24 November 1992, Senior Management Positions.
       
   
    

1. This Regulation and the accompanying Standards shall be published in the Official Gazette in both Arabic and English and shall come into effect one month from the date of publication.
    
2. A Bank must comply fully with the provisions of this Regulation and the accompanying Standards within 3 years from the date of its coming into effect.