Article (7): Duties Related to Risk Management and Internal Controls
C 24/2022 Effective from 29/9/2022
1.
A Company must have an appropriate Risk Governance Framework that provides a Company-wide and, if applicable, Group-wide view of all material risks pursuant to the Financial Regulation and Takaful Regulation, as the case may be. This includes policies, processes, procedures, systems and controls to identify, measure, evaluate, monitor, report, and control or mitigate material sources of risk, on a timely basis. The Company's risk management function must be independent of the management and decision-making of the Company's risk-taking functions and have a direct reporting line to the Board and/or the Board risk committee.
2.
The Board is responsible for the design and implementation of effective risk management systems and internal controls, approving and overseeing implementation of the Company's Risk Governance Framework and the alignment of its strategic objectives with its Risk Appetite.
3.
a.
A Company must have strong internal control frameworks pursuant to the Financial Regulations and Takaful Regulation, as the case may be, and establish permanent, independent and effective compliance and internal audit functions, and where applicable Compliance with Islamic Sharia'ah and internal Shari'ah audit. The Company's compliance function must have primary reporting obligations to the Chief Executive Officer and a right of direct access to the Board, the Board audit committee and Board risk committee. The Company's internal audit function must report directly to the Board or the Board audit committee.
b.
The Company's actuarial function must have primary reporting obligations to the Chief Executive Officer and a right of direct access to the Board or the Board audit committee and/or Board risk committee. Further governance requirements for internal control and internal audit are contained in the accompanying Standards.