Chapter 6

Lines of Defences for Sharī`ah Non-Compliance Risk Management

6.0. INTRODUCTION

To prevent a Sharī`ah non-compliance risk event, there are some measurements and processes that have been carefully implemented in the IFI as part of risk management for non-Sharī`ah compliance risk.

These represent the lines of defence that are shown in Figure 6.1.

FIGURE 6.1 The Lines of Defence in Islamic Financial Institutions

6.1. THE FIRST LINE OF DEFENCE: PRODUCT OWNER

The product owner represents the first line of defence in Sharī`ah non-compliance. The team that develops the product, instrument, or the facility is the first line that screens the product and ensure it compliance to the Sharī`ah rules and principles. In structuring the product, the team in collaboration with the Sharī`ah management should employ its best effort to make sure that the product structure is designed in such a way that it complies with the Sharī`ah requirements and avoids any term or condition that may expose the product to Sharī`ah non-compliance.

6.1.1. Guidelines on Sharī`ah Compliance Product Development

Structuring the products in Islamic finance should be guided by some guidelines. The development of the products should be governed by the following parameters in order to ensure Sharī`ah compliance status:1

• Selection of niche product and niche market: The development process in product compliance starts by selecting an appropriate product for a niche market. The process of selection and design is easier for the Islamic banks that are subsidiary of conventional bank, whereby the Islamic bank will leverage on the mother bank for designing and developing products. In some cases, the product development department in the bank will share the new product developed in order to produce a conventional version and Islamic version at the same time. In some cases, other financial institutions approach the Islamic bank to design a product for some particular needs such as product investment link for Takaful operator or structure product for some investment bank. This represents the first step toward introducing a Sharī`ah compliance product.
• Understanding the product in its conventional framework: The starting point and initial stage in the product development in Sharī`ah compliance product starts from understanding the product in its conventional framework. The understanding of the product includes the concept of the product, feature, function, applications, the parties involved, the mechanism of generating the profit, type of risk that exist in the product, and so on. This approach is applicable in case that the product is imported from the conventional finance.
• Analysis and examination of the product: The understanding of the product in its conventional environment will be respectively followed by a process of analysis by dismantling the product to its basic components. The process of examination is a very important stage in product development; the examination will include the following:
  • Identify the process flow of the product.
  • Identify the parties involved in the transactions.
  • Understand how the profit is generated and calculated.
  • Identify if there is loan transaction in the product.
  • Trace the flow of fund in lending and borrowing.
  • Identify the nature of the transaction and the norm of the deal whether it is investment, financing, deposit.
  • Identify the purpose of the product and its objective, which will help to select the potential Islamic contract to serve the same purpose.
  • Listing the prohibited elements that may exist in the product.
• Elimination of prohibition elements in Sharī`ah: In building a new product, it is a primary requirement to eliminate the prohibited elements that have been identified in the product in order to ensure its Sharī`ah compliance. The prohibited elements are but are not limited to riba, maisir, gharar, ghubn, deception, inequality, and duress.
• Identifying the Islamic commercial contract: Before making any development on the product, it is important to identify the underlying contract that governs that product. The reason behind this step is to understand the norm of the product in the first place and what type of rules and conditions should be observed in the development of the product.
• Understanding the rules governing the contract: The identification of the nature of the contract will enable the Sharī`ah advisor to have a proper understanding of the product and will help to design a proper structure to develop the product. It should be understood that each contract has principles, rules, conditions, that must be preserved and protected from any potential violation during the development of the product.
• Maintaining the existing Islamic rules of the underlying contract when applying the contract in new applications: The contract that governs the application must maintain its rules, conditions, and nature. Even the application has changes from its origin form and takes different shape and serves different purposes and applications. For example, the development of leasing contract from its typical format to the financial leasing ending with the transfer of the ownership of the asset, which is used by the Islamic financial institutions in car financing and home financing, will not allow the financial leasing to depart from the basic rules and conditions of leasing contract. This parameter should be applied in all types of contracts that have developed from its typical format to new applications depending on the need of the market. For example, salam has been developed from typical salam contract to parallel salam; istisna` has been developed from typical istisna` contract to parallel istisna`, and so on. However, sometimes the contract is subject to some enhancement to suit and fit the banking environment because it is a highly regulated market. This enhancement does not compromise of any Sharī`ah rules or features of the contract, such as the enhancement of murabahah to murabahah to the purchase orderer, or enhancement of ijarah to ijarah muntahiah bittamlik (leasing ending with ownership), and so on.
• Maintaining the underlying contract and upgrading the application by designing a new feature according to the market demand: The development of the product is driven by the market demand to fulfill the need of the marketplace, that is, the customer in the retail market, and the corporation as well. Sometimes, some institutions request the bank to customize a particular product to suit their need such as Takaful operator in a product link investment. Hence, the contract maintains its basic rules with some development in its features to suit particular need.
• Reassemble the product based on underlying contract in Sharī`ah: The process of reassembling the product again takes place upon completion of the analysis and elimination of the prohibited elements, whereby the product is assumed to be free from potential Sharī`ah non-compliance risk. This particular stage is a process of switching the product from its original format, which is based on an interest loan, to a new format by structuring it on the suitable Islamic commercial contract. The product may have flow of transactions involving few parties; the proper design of the flow in this stage will ensure Sharī`ah compliance of the product. A careful procedure should be observed here especially when selecting the suitable contract.
• Careful observation in using contract combination: As it is known, most of the facilities consist of a series of transactions that means a series of contracts. This is a very crucial stage in product structuring and development. There is no issue of having a master document that governs the entire facility process including the different transactions and the contract pertaining to the product. However, in the implementation and the execution of the product, the separation of the contract and the sequence is very important to ensure Sharī`ah compliance. Each contract should stand by its own and has its obligations, conditions, and rules; the combination of the contract in product development without careful consideration of the conditions of the contract will lead to Sharī`ah non-compliance risk.
• Consideration of the terms and conditions of the contract: The terms and conditions of the contract are rules governing the contract. The parties must always respect these terms and conditions and no party is allowed from Sharī`ah perspective to violate any clause without prior consent of the counterparties. Product development should be distinguished by two types of conditions. First, there are conditions that have been imposed by Sharī`ah that must be implemented, whereby the contracting parties have no choice but to adhere to them. On the other hand, Sharī`ah allows contracting parties to stipulate additional conditions whereby they have the freedom to include any condition that serves their interest, with the condition that the stipulated conditions in the contract agreement do not contradict the norm and nature of the contract and do not violate the Sharī`ah rules and principles.
• Consideration of the risk exposure in the product: Consideration of the risk exposure is an important part in product development. There is no valid reason to spend a financial engineering effort on product that has a high risk and does not attract investors. In addition to that, it is prohibited to expose the capital to high risk that may damage the asset and lead to some financial crisis as an implication and result of that product. Allah says: “Spend your wealth for the cause of Allah, and be not cast by your own hands to ruin; and do good. Lo! Allah loveth the beneficent” (Al Baqara: 195).

• Consideration of the commercial value of the product in the market and its profitability and contribution to the economy and finance (public interest of the ummah): Sharī`ah gives equal consideration concerning the product development. The first concern is the Sharī`ah aspect whereby the product should be free from all the prohibited elements. This aspect represents the interest of the religion. The second aspect is the commercial value of the product in the form of its profitability, its benefit, and (manfa) the economic growth and prosperity to the ummah. The check and balance is an element integrated in the process of Sharī`ah approval.
• Ensuring that the final product developed is in line with Sharī`ah rules and principles: The flexibility of Sharī`ah in product development and innovation cannot be extended to overrule Sharī`ah principles. The freedom of innovation is accommodated and encouraged within the norm of Sharī`ah and its rules in business and finance. The developed product must be designed by taking into account the Sharī`ah rules of the contract; at the end of the development process, the product should be in accordance with Sharī`ah rules and principles. The violation of Sharī`ah rules and principles will trigger Sharī`ah non-compliance risk.

6.1.2. Product Development Process Based on Sharī`ah Governance Framework (SGF)2

Sharī`ah governance framework of Malaysia mentioned the product-development process as follows:

Pre-product approval

Post-product approval

6.2. THE SECOND LINE OF DEFENCE: MANAGEMENT OF THE IFI

Management is the second line of defence because management is responsible for delegating specific tasks to the appropriate staff members based on knowledge, experience, and competency to ensure the effectiveness of the tasks performed by the different units and divisions of the bank. Management is also responsible for providing the necessary measurement, platform, and environment to ensure Sharī`ah compliance.

According to Sharī`ah framework of Bank Negara Malaysia, management is responsible for observing and implementing Sharī`ah decisions and rulings made by the Bank Negara Malaysia Sharī`ah Advisory Council and Sharī`ah committee, respectively. Management is also responsible for identifying and referring any Sharī`ah issues to the Sharī`ah committee for decisions, views, and opinions.

It is the responsibility of management to allocate adequate resources and manpower to support the Sharī`ah governance that should be commensurate with the size, complexity, and nature of the IFI’s business. The infrastructure and resources provided shall include, among others budget allocation, reference and research materials, training and development, and so on.

Given that the accountability on Sharī`ah decisions rests with the Sharī`ah committee, management shall provide the necessary information and disclosures to Sharī`ah committee in a true and fair manner and shall be transparent on any areas that need clarification by the Sharī`ah committee to enable the Sharī`ah committee to discharge its duties effectively.

Management is responsible for providing continuous learning and training programs for the key internal stakeholders including the board, the Sharī`ah committee, Sharī`ah officers and relevant staff in Sharī`ah and finance matters. This is to ensure that every function in the Sharī`ah governance structure is sufficiently exposed to the latest development on Sharī`ah related matters.

It is the responsibility of management to inculcate Sharī`ah compliance culture within the organization. Sharī`ah compliance culture refers to the compliance of the IFI to Sharī`ah principles in its overall business operations. For example, the management should consistently remind the frontline staff of the importance of Sharī`ah and its impact to the IFI if Sharī`ah principles and practices are not observed, and to always place Sharī`ah as the overarching requirement in the formulation of any procedures and activities. In addition, each staff member is expected to be conversant on the IFI’s Islamic products, the underlying Sharī`ah concepts, and the similarities and differences with conventional concepts.

Management must ensure that Sharī`ah policies and procedures are accessible to those involved in the implementation of Sharī`ah governance at all times. The Sharī`ah policies and procedures shall clarify matters related to the end-to-end process of Sharī`ah governance in the IFI. The management shall also be responsible for ensuring that the operations are executed according to the policies and procedures and to constantly review and update the policies and procedures to reflect the current market practices and development.

In the event that management becomes aware that certain operations are found to be carrying business that is not in compliance with Sharī`ah, or against the advice of its Sharī`ah committee or the rulings of the Sharī`ah Advisory Council, management shall:

• Immediately notify the board and Sharī`ah committee as well as the bank of the fact.
• Immediately cease to take on any new businesses related to the Sharī`ah non-compliance business.
• Within 30 days of becoming aware of such non-compliance or such further period as may be permitted by the bank, furnish a plan to rectify the non-compliance with Sharī`ah to be duly approved by the board and endorsed by the Sharī`ah committee.

For cases in which the bank has reason to believe that an IFI is carrying on operations that is not in compliance with Sharī`ah, it may direct and require remedial measures to be instituted by the IFI.

Management is responsible for establishing a Sharī`ah risk management control function as part of the IFI integrated risk management framework. Sharī`ah risk management control function refers to the identification, assessment, monitoring, and controlling of Sharī`ah risks through a systematic approach to mitigate any possible non-compliance events. Due to the technicality and complexity in identifying, measuring, controlling, and monitoring the risk of non-compliance with Sharī`ah, the function shall be performed by risk officers who have suitable qualification or experience in the subject matter.

Apart from institutionalising a robust Sharī`ah compliance function, management is also required to establish an internal unit consisting of qualified Sharī`ah officers to conduct pre-product approval process, research, vetting of issues for submission, and undertake administrative and secretarial matters relating to the Sharī`ah committee.

In the absence of an internationally accepted code of conduct, the management shall develop a code of conduct for the Sharī`ah committee to be duly approved by the board. The code of conduct may be developed in consultation with the Sharī`ah committee and shall be reviewed from time to time.

6.3. THE THIRD LINE OF DEFENCE: SHARĪ`AH RISK MANAGEMENT

According to Sharī`ah governance framework of Bank Negara Malaysia, Sharī`ah risk management is a function to systematically identify, measure, monitor, and control Sharī`ah non-compliance risks to mitigate any possiblity of non-compliance events. The systematic approach of managing Sharī`ah non-compliance risks will enable the IFI to continue its operations and activities effectively without exposing the IFI to unacceptable levels of risk.4 Hence, the Sharī`ah will be integrated in the structure of the risk management. However, will the Sharī`ah risk management be running in parallel with the normal risk management as an independent body or will it be part of the whole risk management system in the Islamic financial institution? From the IFSB classification mentioned in the early chapters, Sharī`ah non-compliance risk is part of the different risk management that the IFI is facing. SGF said, “The Sharī`ah risk management control function shall form a part of the IFI’s integrated risk management framework.”5 However, due to the technicality and complexity in managing the risk of non-compliance to the Sharī`ah, the function shall be performed by risk officers that have suitable qualifications and/or experience in the subject matter.6 The skills and qualification required are most dominant by Sharī`ah knowledge as the main issue address in this type of risk is Sharī`ah non-compliance risk.

According to SGF Sharī`ah risk management function involves:

• Facilitating the process of identifying, measuring, monitoring, and controlling Sharī`ah non-compliance risks inherent in the IFI’s operations and activities:
  • Identifying and understanding the inherent Sharī`ah non-compliance risks in the IFI, taking into account existing controls that have been put in place and their effectiveness in mitigating such risks.
  • Measuring the potential impact of such risks to the IFI, based on the historical and actual de-recognition of income derived from Sharī`ah non-compliant activities.
  • Monitoring of Sharī`ah non-compliance risks to facilitate efficient and effective management of such risks. A report on the Sharī`ah non-compliance risks indicators shall be escalated to the board, the Sharī`ah committee, and management periodically.
  • Control to avoid recurrences. This involves keeping track of income not recognised arising from Sharī`ah non-compliance activities and assessing the probability of similar cases arising in the future. Based on historical reviews and potential areas of Sharī`ah non-compliance, the IFI may assess potential profits that cannot be recognised as eligible.
• Formulating and recommending appropriate Sharī`ah non-compliance risk management policies and guidelines.
• Developing and implementing processes for Sharī`ah non-compliance risk awareness in the IFI.7

The Sharī`ah risk management function is a pre-process function in the Sharī`ah compliance procedure, where management is responsible for putting into place the necessary measurement, steps, and processes to mitigate all types of Sharī`ah non-compliance risk. The Sharī`ah risk management represents the process of preventing the non-compliance from happening, not rectifying what has happened. However, such management benefits from the lesson of the incident to put further recommendation and processes from occurring in the future.

The IFI shall establish the best practice of risk management and reporting process to avoid value destruction and reduce threats to value creation, to improve chances of meeting the IFI’s objectives and to maximize value creation opportunities. The risk management activities include business continuity management, capital management, and stress-testing activities, and they are governed by the risk management framework and regulatory requirement governing the IFI business and Sharī`ah compliant investment activities.

The risk management framework shall define the following:

• The governance structure of the risk management practice including the appropriate board, and senior management oversight.
• The overview of the risk management approach including to identify, measure, monitor, report, and control the relevant categories of risk.
• The general risk affecting the business and the potential threat to the company.
• Adequate risk reporting to the relevant committee and supervisory authority.

The company shall have in place adequate system and controls including Sharī`ah committee/advisor to ensure the IFI business and Sharī`ah compliant investment activities are in accordance to Sharī`ah rules and principles. The company shall have in place the business continuity management framework to facilitate the company business continuity plan. The company business continuity framework serves as a guiding principle to enable the company to respond effectively to the business disruptions and to minimise impact to the company in the event of disaster.

The company shall establish the capital management framework to ensure the appropriate capital management is in place and consistent with the fiduciary duties of the Takaful operators toward its Takaful customers and in accordance to the objective of Sharī`ah. The company shall design and develop the stress-testing guidelines to identify potential threats due to exceptional but adverse plausible events to the organization’s financial condition. The stress-test guidelines shall commensurate with the nature, complexity, and sophistication of the business activities of the company.

Risk management process shall undertake appropriate steps to comply with Sharī`ah rules and principles. This is to ensure adequacy of relevant risk reporting to management and Sharī`ah committee, where applicable. Risk management shall monitor and report any potential risk to the company through a robust risk reporting to the risk management committee, Sharī`ah committee, and the respective board. Risk management shall facilitate the integration of risk awareness culture into business process with the aim to inculcate the risk awareness and risk ownership to company.

The company shall review the risk management approach and practices from time to time to adopt the best market practice in accordance to the ever-changing market climate and potential threat to the company. Other conditions related to Sharī`ah risk management shall be referred to the risk management framework.

6.4. THE FOURTH LINE OF DEFENCE: SHARĪ`AH MANAGEMENT

Sharī`ah management is the in house Sharī`ah advisory. They play a significant role to ensure Sharī`ah compliance status in the Islamic financial institution. The role can further be extended as follows:

• Sharī`ah division plays an imperative role in the company to ensure that all business activities and services offered by the company comply with Sharī`ah rules and principles at all times. Besides, Sharī`ah division is responsible for ensuring that company adheres to the regulatory requirements governing the Sharī`ah-compliant investment and fund management activities.
• The roles of Sharī`ah division among others include conducting Sharī`ah review, carrying out in-depth research concerning Islamic finance, and providing required support and assistance to internal audit who will conduct Sharī`ah audit. Furthermore, liaising with risk management on any potential risk related to Sharī`ah issues for escalation to Sharī`ah committee is also its duty.
• In addition, Sharī`ah division is responsible for assisting the Sharī`ah committee/Sharī`ah advisor to execute their roles efficiently and effectively.

6.5. THE FIFTH LINE OF DEFENCE: SHARĪ`AH COMMITTEE/BOARD

Sharī`ah board is one of the most important corporate governance bodies in the structure of corporate governance in Islamic finance. They have the responsibility of the Sharī`ah compliance status in the Islamic financial institution, where they advise, monitor, and decide on the different Sharī`ah matters related to Islamic finance practices of the IFI.

6.5.1. Definition of Sharī`ah Board

According to the Accounting and Auditing Organization for Islamic Financial Institutions (AAOIFI), Sharī`ah board is defined as follows:

A Sharī`ah Supervisory Board is an independent body of specialised jurists in fiqh almua’malat (Islamic commercial jurisprudence). However, the Sharī`ah Supervisory Board may include a member other than those specialised in fiqh almua’malat, but who should be experts in the field of Islamic financial institutions and with knowledge of fiqh almua’malat. The Sharī`ah Supervisory Board is entrusted with the duty of directing, reviewing and supervising the activities of the Islamic financial institution in order to ensure that they are in compliance with Islamic Sharī`ah rules and principles. The fatwas and rulings of the Sharī`ah Supervisory Board shall be binding on the Islamic financial institution.8

From this definition, a few important points can be summarized as follows:

• Sharī`ah Supervisory Board is an independent body, where the members are not regular/permanent staff of the IFI.
• The members of the Sharī`ah board are major in fiqh almua’malat (Islamic commercial jurisprudence). This means that the members are expert in Sharī`ah.
• The Sharī`ah board is not restricted to the Sharī`ah expert only but open to other members other than those specialised in fiqh almua’malat, but who should be expert in the field of Islamic financial institutions and with knowledge of fiqh almua’malat.
• The Sharī`ah board is entrusted with the following functions:
  • Directing the Islamic financial institution in matters related to Sharī`ah.
  • Reviewing the Islamic finance business activities.
  • Supervising the business activities of the Islamic financial institution in order to ensure that they are in compliance with Islamic Sharī`ah rules and principles.
• The resolution of the Sharī`ah board is binding on the IFI.

The Sharī`ah board function is within the collective ijtihad and not within the individual ijtihad. Sharī`ah board has a great involvement in Islamic banking activities because it is considered to be part of its banking structure and one of the important corporate governance organs in the Islamic financial institution. Within the context of fatwa, Sharī`ah board is acting as a mufti whereas the Islamic bank is acting as mustafti.

6.5.2. Other Names of Sharī`ah Board

This corporate governance organ uses the following names interchangeably.

• Sharī`ah Advisory Board
• Sharī`ah Supervisory Board
• Sharī`ah Advisory Council
• Sharī`ah advisory committee
• Sharī`ah committee
• Sharī`ah board

There is no issue to name and describe the above council with any term as long it serve the purpose and distinguish it from other corporate governance organs in the Islamic financial institution; normally each jurisdiction has its own terminology.

6.5.3. Resolution Issued by a Sharī`ah Board

Normally each country has a different Sharī`ah governance framework and different legal requirements that govern Sharī`ah board. The Sharī`ah board is a legitimate control and regulatory body consisting of selected members of jurists chosen on the basis of their background in Islamic jurisprudence, Islamic law, and Islamic finance. The principle duty of the Sharī`ah board is to ensure that the current financial operations of the bank and its business transactions conform to Sharī`ah rules, principles, and regulations. The outcome of deliberations of the Sharī`ah board in their regular meeting is deemed to be a resolution. Hence, the resolution can be defined in a similar way to fatwa. It is a result of process of collective ijtihad among expert jurists in the area of Islamic finance to issue a ruling pertaining to Sharī`ah matters that need clarification. From AAOIFI perspective, there is no difference between fatwa and resolution and both are regarded as synonyms.

6.5.4. Function of Sharī`ah Board and Scope of Its Duties

The Sharī`ah advisory exercises ijtihad to issue resolutions in the area of Islamic finance based on the specific inquiries of their Islamic financial institutions. Its main task is to issue Sharī`ah ruling and advise their Islamic financing institutions when needed. Besides this task, it is involved in some other technical assignments and other tasks, such as:

In AAOIFI Sharī`ah pronouncement of 2008 clause six (6), there is recommendation to further foster the responsibility and the accountability of the Sharī`ah board. Clause six (6) emphasized on the obligations and the functions of SSB in order to ensure the Sharī`ah compliance in all stages. According to AAOIFI announcement, the obligations and functions should be as follows:

• SSB should not limit their role to the issuance of fatwa on the permissibility of the structure of sukuk only.
• The careful review of all relevant contracts and documents related to the actual transaction.
• Oversee the actual means of implementation in the IFI by taking into account all the parties involved in structuring sukuk.
• Ensure that the operation complies, at every stage, with Sharī`ah guidelines and requirements as specified in the Sharī`ah standards.9

The recommendation of AAOIFI makes the duties and responsibilities of the SSB more involved in the whole process of sukuk, which include the following:

• Issuing fatwa of the permissibility of sukuk.
• Structuring the sukuk products.
• Checking the contracts agreement.
• Checking all the relevant documentation.
• Profit and loss distribution.
• Oversee the means of implementation.
• Oversee the various stages of the process.
• Ensure the enforcement of Sharī`ah rules and regulations in the process.

The main duties and responsibilities of the Sharī`ah board can be briefly summarized as follows:

The Sharī`ah board/committee should explain the Sharī`ah issues, when recommendations or decision have been made. The decision should be supported by relevant Sharī`ah evidences.

6.5.5. Sharī`ah Governance Framework and Criteria in Malaysia (Bank Negara)

The central bank of Malaysia has come out with the Sharī`ah governance framework (SGF) that regulates the Sharī`ah advisory in Islamic finance industry. Following are some aspects as mentioned by SGF.

Sharī`ah Committee

According to SGF, the Sharī`ah committee shall be responsible and accountable for all its decisions, views, and opinions related to Sharī`ah matters. Although the board bears the ultimate responsibility and accountability on the overall governance of the IFI, the board relies on the Sharī`ah committee on all Sharī`ah decisions, views, and opinions relating to the business of the IFI. As the Sharī`ah decisions, views, and opinions bind the operations of the IFI, the Sharī`ah committee shall ensure decisions are made after undergoing rigorous and robust research and deliberation exercise.

The Sharī`ah committee shall perform an oversight role on Sharī`ah matters related to the institution’s business operations and activities. This can be achieved through the Sharī`ah review process and the Sharī`ah audit functions. Regular Sharī`ah review reports and the Sharī`ah audit observations should enable the Sharī`ah committee to identify issues that require its attention and, where appropriate, to propose remedial measures.

In discharging its duties, there shall be sufficient disclosure by the Sharī`ah committee in the annual financial report on the state of compliance of the IFIs, as per requirements under the Guidelines on Financial Reporting for Licensed Islamic Banks (GP8-i).10

Appointment of the Sharī`ah Committee

Resignation and Dismissal of the Sharī`ah Committee

Qualifications

There are different Sharī`ah qualifications required for the Sharī`ah board members based on different jurisdictions. The Sharī`ah advisory is appointed to this position by an authorized committee that carefully selects them according to some criteria to ensure better performance by this committee.

According to SGF requirements:

• A member of a Sharī`ah committee shall be a Muslim individual. A company, institution, or body shall not constitute a Sharī`ah committee for the purpose of this framework.
• The proposed member of the Sharī`ah committee shall at least hold a bachelor’s degree from a recognized university in Sharī`ah, which includes study in Usul Fiqh (the origin of Islamic law) and Fiqh Muamalat (Islamic transaction/commercial law) and preferably specialising in both areas.
• It is reasonable to expect a member of the Sharī`ah committee to have good knowledge of written Arabic, and it is highly recommended that the member of the Sharī`ah committee be able to converse in Bahasa Malaysia, English, and Arabic.
• The Sharī`ah committee may have experts in relevant background such as finance and law. However, these members must not form the majority of the Sharī`ah committee.11

Composition

To ensure proper deliberation and effective function of Sharī`ah committee on any Sharī`ah related matters, Sharī`ah committee shall comprise of members of mixed background in terms of qualification, experience and knowledge. Members of the Sharī`ah committee shall be trained in Sharī`ah and shall possess some exposure in the areas of commerce or finance, for example, in retail banking, Takaful operations, or capital market products.

Experience

The Sharī`ah committee members should preferably have either some experience in making Sharī`ah pronouncements/decisions, teaching, research in Islamic finance or involvement in the operations of Islamic finance.

Disqualifications

6.5.6. Sharī`ah Governance Framework and Criteria According to the AAOIFI

There are some rules that have been stipulated by AAOIFI regarding the Sharī`ah Supervisory Board, the rules, and standards, as follows:

6.5.6.1. Appointment of

Sharī`ah Supervisory Board and Fixing of Its Remuneration The Sharī`ah Supersory Board is appointed by the shareholder of the IFI. AAOIFI mentions in governance standards 1 that:

Therefore, the letter of engagement constitutes the agreed terms and conditions that must be observed by both parties.

6.5.6.2. Composition, Selection, and Dismissal of the Sharī`ah Supervisory Board

According to AAOIFI, the composition and dismissal of the Sharī`ah board should be according the following:

6.5.6.3. Report of the Sharī`ah Supervisory Board as Suggested by AAOIFI

According to AAOIFI, there are basic elements of the Sharī`ah Supervisory Board’s report to be observed:

The Sharī`ah Supervisory Board’s report should contain the following basic elements:

A measure of uniformity in the form and content of the Sharī`ah Supervisory Board’s report is desirable because it helps to promote the reader’s understanding to identify unusual circumstances when they occur.

A: Title

The Sharī`ah Supervisory Board’s report should have an appropriate title.

B: The Addressee of the Sharī`ah Supervisory Board’s Report

The Sharī`ah Supervisory Board’s report should appropriately address, as required by the circumstances, the engagement and local laws and regulations.

C: Opening or Introductory Paragraph

The Sharī`ah Supervisory Board’s report should identify the purpose of the engagement. Illustrative wording for an opening (introductory) paragraph is shown: “In compliance with the letter of appointment, we are required to submit the following report:”

A scope paragraph should describe the nature of the work performed.

Illustrative wording for a scope paragraph is shown:

We have reviewed the principles and the contracts relating to the transactions and applications introduced by the Example Islamic Financial Institution during the period ended. We have also conducted our review to form an opinion about whether the Example Islamic Financial Institution has complied with Sharī`ah rules and principles and also with the specific fatwas, rulings and guidelines issued by us.

D: Management’s Responsibility

There should be a clear statement that the management of the IFI is responsible for properly complying with Islamic Sharī`ah rules and principles. Illustrative wording for Sharī`ah statement is shown next:

The Example Islamic Financial Institution’s management is responsible for ensuring that the financial institution conducts its business in accordance with Islamic Sharī`ah rules and principles. It is our responsibility to form an independent opinion, based on our review of the operations of the Example Islamic Financial Institution, and to report to you.

E: Scope Paragraph

Confirmation that the Sharī`ah Supervisory Board has performed tests, procedures, and review work as appropriate.

Where appropriate, examining, on a test basis of each type of transaction, evidence to support that the transaction and dealings entered into by the respective IFI are in compliance with the Islamic Sharī`ah rules and principles.

An illustrative wording to explain the review process is shown:

We conducted our review, which included examining, on a test basis of each type of transaction, the relevant documentation and procedures adopted by the example IFI.

We planned and performed our review so as to obtain all the information and explanations that we considered necessary in order to provide us with sufficient evidence to give reasonable assurance that the example IFI has not violated Islamic Sharī`ah rules and principles.

Where appropriate, the report of the Sharī`ah Supervisory Board should include a clear statement that the financial statements have been examined for the appropriateness of the Sharī`ah basis of allocation of profit between the equity holders and the investment account holders.

Where appropriate, the report of the Sharī`ah Supervisory Board should include a clear statement that all earnings that have been realized from sources or by means prohibited by Islamic Sharī`ah rules and principles have been disposed of to charitable causes.

Where an Islamic financial institution prepares a statement of sources and uses of Zakah and charity funds, the Sharī`ah Supervisory Board’s report should state whether the calculation of the Zakah is in compliance with Islamic Sharī`ah rules and principles.

F: Opinion Paragraph

The Sharī`ah Supervisory Board’s report should state whether the example IFI’s contracts and related documentation are in compliance with the Islamic Sharī`ah rules and principles.

An illustration of these matters in the opinion paragraph is shown:

In our opinion:

If the Shari’ah Supervisory Board has ascertained that the management of the Islamic financial institution has violated Islamic Sharī`ah rules and principles or the fatwas, ruling and guidelines issued by its Shari’ah Supervisory Board, then the Sharī`ah Supervisory Board has to report the violations in the opinion paragraph of its report.

G: Date of Report

The Sharī`ah Supervisory Board should state the period covered by its report and date the report as of the completion date of the review. The Sharī`ah Supervisory Board should not date the report earlier than the date on which the financial statements are signed or approved by management.

Sharī`ah Supervisory Board’s Signature

The Sharī`ah Supervisory Board’s report should be signed by all members of the board.14

6.6. THE SIXTH LINE OF DEFENCE: BOARD OF DIRECTORS

6.6.1. Definition and Selection of Members

A company’s or an organization’s board of directors is a group of individuals that are elected to serve as representatives of the shareholders. They provide the organization with direction and advice, and in doing so, ensure the fulfillment of the organization’s mission statement and set the overall policy objectives. Other names for the board of directors may include board of managers, board of governors, or board of trustees. It should be noted that every public company must have a board of directors, and this board acts as a top-level advisor of the organization; therefore, it is fiscally responsible for the performance of the organization.

The board members are elected according to different criteria and by different authorities depending on the type of the organization. Firstly, if the members of the organization are voting members, as is the case in a professional society, the organization’s full assembly elects the members, and the board acts on behalf of that full assembly. Secondly, in a non-stock organization, such as a university, the board acts as the highest authority in the organization and is sometimes elected by the members of the same board. Lastly, when the organization is stock based, the members of the board are selected by the stockholders and are also the highest and supreme authority of that organization.

6.6.2. Structure of the Board of Directors

The board of directors consists of men and women who are selected, or, more precisely, elected, by the shareholders of the organization. These men and women, known as “directors” are elected on a multiyear term basis that varies from one company to the other. The number of directors on the board also varies greatly between different organizations, depending on the size and the responsibilities assigned to them. There are three types of directors, depending on their role in the company:

The numbers and percentages of each type of those directors in a board depends on various factors, such as the type of the organization and the laws and regulations of the country in which the organization is operating in. Typically, one member of the board is assigned the responsibility of tracking and managing the day-to-day activities of the organization and serves as the communication medium between the board and the management of the corporation. This member is the chief executive officer (CEO) and is the highest-ranking manager in the company. Whether the CEO is also the chairman of the board depends on the laws and regulations of the country in which the organization is operating.

6.6.3. Duties and Responsibilities of the Board of Directors

The powers of the board of directors determine the activities and duties assigned to it. These powers and activities are usually conferred by an authority outside the body of the board in something called the “organization’s bylaws.” It is clear that the main goal of the board of directors is to act on the best interest of all the shareholders, including the employees of the organization.

Typically duties of the board include many activities, such as:

• Establishing mission, vision, and values: The board is expected to set the pace for the current and future operation of the company, to determine and promote the values of the company, and to establish the company’s policies.
• Setting strategy and structure: The board has an ongoing process of always monitoring and evaluating the current and future risks facing the organization and assessing the weaknesses and strengths of the company. It also determines the strategic options and the business strategies to pursue them and to ensure that the company’s organizational structure and capabilities are appropriate for implementing the chosen strategies.
• Managing the organization’s financial issues: This broad task includes several activities, such as: ensuring the availability of adequate financial resources, approving the annual budget reports of the company, and setting the salaries of the company management.
• Acting as a medium of communication: The most important role of the board is to be the medium of communication between the stockholders (or the owners and investors) and the management of the organization. This task works in two directions. On the one hand, it works to delegate authority to management and monitor the implementation of policies, strategies, and business plans. On the other hand, it accounts to the stakeholders for the organization’s performance and communicates the needs of the employees and the company, in general, if needed.

6.6.4. Case of Malaysia

In order to improve the monitoring function of corporate governance mechanisms in Malaysia, the Code of Corporate Governance was drafted in 1999 and subsequently approved in 2000 by the Ministry of Finance. The Code outlines some necessary conditions for the structure and functioning process of the board of directors, audit committee, and external auditors in safeguarding the interest of shareholders.

The Finance Committee Report on Corporate Governance issued on March 25, 1999, sets out the Malaysian Code on Corporate Governance. The Code of Corporate Governance was gradually enforced on the listed firms by Bursa Malaysia in 2001 (Kuala Lumpur Stock Exchange changed its name to Bursa Malaysia in 2004).

The major component of the principles and best practices of good governance includes some benchmarks of board of directors’ characteristics. The five main characteristics of board of directors refer to board composition, board size, directors’ ownership, number of directorships, and duality status of the chairman and CEOs.

According to Malaysian Code on Corporate Governance 2012, there are eight principles and their corresponding 26 recommendations. The principles and recommendations focus on, amongst others, laying a strong foundation for the board and its committees to carry out their roles effectively, promote timely and balanced disclosure, safeguard the integrity of financial reporting, emphasise the importance of risk management and internal controls, and encourage shareholder participation in general meetings.

6.6.5. Principles and Recommendations in the Malaysian Code on Corporate Governance 201215

Recommendations:

Recommendations:

Recommendations:

Recommendations:

Recommendations:

Recommendations:

Recommendations:

Recommendations:

Board of Directors’ Responsibility and Accountability Based on SGF

Sharī`ah governance framework of BNM has specifically highlighted the mandate of the board of directors of the Islamic financial institutions as follows:

6.7. THE SEVENTH LINE OF DEFENCE: SHARĪ`AH ADVISORY COUNCIL (SAC), BANK NEGARA MALAYSIA (BNM)/AUTHORITIES

6.7.1. Sharī`ah Advisory Council (SAC) of BNM

The Sharī`ah Advisory Council (SAC) of Bank Negara Malaysia (BNM) is a council at the national level to look at the Sharī`ah matters in Islamic finance particularly on Takaful and banking matters.

The Sharī`ah Advisory Council of Bank Negara Malaysia was established in May 1997 as the highest Sharī`ah authority in Islamic finance in Malaysia. The SAC has been given the authority for the ascertainment of Islamic law for the purposes of Islamic banking business, Takaful business, Islamic financial business, Islamic financial-development business, or any other business, which is based on Sharī`ah principles and is supervised and regulated by Bank Negara Malaysia. As the reference body and advisor to Bank Negara Malaysia on Sharī`ah matters, the SAC is also responsible for validating all Islamic banking and Takaful products to ensure their compatibility with the Sharī`ah principles. In addition, it advises Bank Negara Malaysia on any Sharī`ah issue relating to Islamic financial business or transactions of Bank Negara Malaysia as well as other related entities.

In the recent Central Bank of Malaysia Act 2009, the role and functions of the SAC was further reinforced whereby the SAC was accorded the status of the sole authoritative body on Sharī`ah matters pertaining to Islamic banking, Takaful and Islamic finance. Although the rulings of the SAC shall prevail over any contradictory ruling given by a Sharī`ah body or committee constituted in Malaysia, the court and arbitrator are also required to refer to the rulings of the SAC for any proceedings relating to Islamic financial business, and such rulings shall be binding.

Consisting of prominent Sharī`ah scholars, jurists, and market practitioners, members of the SAC are qualified individuals and have vast experience in banking, finance, economics, law, and application of Sharī`ah, particularly in the areas of Islamic economics and finance.17

6.7.2. Sharī`ah Advisory Council (SAC) of Securities Commission (SC)

The SAC of the SC is a committee established by the SC in 1996 under section 18 of the Securities Commission Act 1993 (SCA). The SAC was given the mandate to ensure that the running of the Islamic capital market (ICM) complies with Sharī`ah principles. Its scope of jurisdiction is to advise the SC on all matters related to the comprehensive development of the ICM, and functions as a reference centre for ICM-related issues. The members of the SAC consist of Islamic scholars/jurists and Islamic finance experts.18

6.8. THE EIGHTHLINE OF DEFENCE: SHARĪ`AH REVIEW

6.8.1. Introduction

Sharī`ah review is a post-Sharī`ah compliance process focusing on identification of discrepancies and non-Sharī`ah compliance cases and events in the products and services offered by the IFI in order to be addressed and rectified.

6.8.2. Overview

Sharī`ah Governance Framework (SGF) for IFIs issued by Bank Negara Malaysia (BNM) has been enforced since January 1, 2011. The SGF puts a significant emphasis, amongst others, for the IFIs to undertake a Sharī`ah review function. The Sharī`ah review function refers to regular assessment on Sharī`ah compliance in the activities and operations of the IFIs by qualified Sharī`ah officer(s), with the objective of ensuring that the activities and operations carried out by the IFI do not violate Sharī`ah.

Accordingly, the requirements of SGF have been incorporated into IFI Sharī`ah Compliance Framework. Embracing the spirit of the SGF, the Sharī`ah Division of IFI, via its Sharī`ah review, is given the task of executing the Sharī`ah review function from time to time.

To empower the execution of the Sharī`ah review function (including to access records, personnel, and physical properties relevant to the Sharī`ah review), the Sharī`ah review charter identifies and outlines the purpose, authority, independence, responsibility, and ethical standards of Sharī`ah reviewing conducting the same.

6.8.3. Sharī`ah Review and Sharī`ah Audit

As defined by the Sharī`ah governance framework, Sharī`ah review refers to “regular assessment on Sharī`ah compliance in the activities and operations of the IFI by qualified Sharī`ah officers, with the objective of ensuring that the activities and operations carried out by the IFI do not contravene with the Sharī`ah.” Sharī`ah review as required by these shall be performed by the designated internal Sharī`ah review personnel, as appointed and assigned to the Sharī`ah management of the IFI. Therefore, Sharī`ah review is a process that involves obtaining and evaluating sufficient and reliable evidence to establish whether the IFI activities and operations are in accordance with established Sharī`ah rules and principles.

On the other hand, the Sharī`ah governance framework defines a Sharī`ah audit as “the periodical assessment conducted from time to time, to provide an independent assessment and objective assurance designed to add value and improve the degree of compliance in relation to the IFI’s business operations, with the main objective of ensuring a sound and effective internal control system for Sharī`ah compliance.”

Hence the differences between Sharī`ah review and Sharī`ah audit may be categorised as shown in Table 6.1.

TABLE 6.1 Sharī`ah Review and Sharī`ah Audit

Although the scope of Sharī`ah review and Sharī`ah audit may overlap, Sharī`ah review compliments Sharī`ah audit in a way that the continuous and regular nature of Sharī`ah review fills in the gap period during which audit is not performed. Sharī`ah review provides a timely evidence and assistance for the Sharī`ah committee to form its opinion about the Sharī`ah compliance level of the IFI in a financial year for the purpose of issuance of annual financial statement.

6.8.4. Sharī`ah Review Objectives

Sharī`ah review function shall provide an independent examination, evaluation and objective remedial rectification measures of the Sharī`ah compliance of IFI activities and operations, including the internal control mechanism for Sharī`ah compliance. The primary objective of Sharī`ah review is to provide an independent examination, evaluation, and objective remedial rectification measures that IFI complies with the Sharī`ah requirements in activities and operations including the internal control mechanism for Sharī`ah compliance.

The Sharī`ah review objectives in relation to Sharī`ah compliance requirements shall include:

• To add value and improve IFI’s operations by providing regular and continuous assessment on IFI overall business operations and activities which are designed to examine and evaluate IFI’s level of Sharī`ah compliance.
• To provide remedial rectification measures, together with the necessary control mechanism thereof, thus enhancing the risk management control and governance processes.
• To assist Sharī`ah committee to form judgment on the Sharī`ah compliance level at IFI, by providing the Sharī`ah committee with the relevant information and explanation based on the finding of the Sharī`ah review.
• Ultimately, to ensure IFI’s operations and activities are in compliance with established Sharī`ah criteria and principles.

The established Sharī`ah criteria shall include:

• The Sharī`ah resolutions and decisions of the Sharī`ah SAC of BNM.
• The Sharī`ah resolutions and decisions of the Sharī`ah SAC of the Securities Commission.
• The resolutions and decisions of the Sharī`ah committee.
• The resolutions and the decisions of the Accounting and Auditing Organisation for Islamic Financial Institutions (AAOIFI).
• The resolutions and the decisions of the al-Majma`al-Fiqhi al-Islami.
• The approved product manuals and the SOPs of IFI.
• Any other reputable and qualified bodies as acknowledged by the Sharī`ah Committee from time to time.

In the event(s) of conflict among or between any of the above criteria, the matters shall be referred to the Sharī`ah Committee for their deliberation and resolution.

6.8.5. The Scope of Work of Sharī`ah Review

The scope of work of the Sharī`ah review function is to determine whether IFI’s operations, activities, and governance as designed and represented by the management, are adequate and functioning in the manner required by Sharī`ah. These would include, but are not limited to:

• Adding value by providing regular assessment on the Sharī`ah risk management, internal control, and corporate governance processes relating to the conduct of the business in a planned, orderly, prudent, and cost-effective manner in adherence to sound established principles;
• Evaluating the adequacy of the Sharī`ah risk management processes by reviewing the key objectives of those processes.
• Examining and evaluating the adequacy, effectiveness, and efficiency of financial and operating controls in relation to any Sharī`ah risk identified and ensure that internal controls are recommended and implemented, including for the proper treatment of income and prevention of mixture of between Sharī`ah-compliant and non-Sharī`ah-compliant income.
• Determining that assets and resources are economically, effectively, and efficiently utilised in accordance with Sharī`ah principles.
• Ascertaining that strategic, financial, operational, and management information related to Sharī`ah matters is accurate, reliable, timely, and cost effective.
• Checking the implementation and compliance to regulatory requirements and IFI’s policies, standards, procedures, and applicable laws and regulations pertaining to Sharī`ah risks and issues.
• Reviewing existing and new Takaful products, covering end-to-end product-development processes, which start from product structuring to product offering.
• Determining that programmes, plans, and operations are consistent with established Sharī`ah principles and are carried out as planned.

Opportunities for improving management control, profitability, and IFI’s image and reputation may be identified during Sharī`ah review and will be communicated to the appropriate level of management.

Sharī`ah review shall cover IFI’s overall operations and activities, product-development processes, and a review of adequacy of the Sharī`ah governance process of IFI with reference to the established Sharī`ah criteria.

The scope of the Sharī`ah review shall cover review on IFI’s overall business operations and activities and provide any rectification measures together with the control mechanism to avoid recurrences of Sharī`ah non-compliance events. As required by the SGF, Sharī`ah review requirements shall consist of all aspects of IFI’s operations and activities, including but not limited to review on:

• Business operations
• Sharī`ah risk management and internal control processes
• Transactions and finances
• IFI products and services
• Trainings, marketing, and sales
• Branches, agent, and business/support units
• Entertainment and other related activities

In the case of Sharī`ah review on Sharī`ah risk management and internal control processes, the scope of such review shall include legal, compliance, risk management as well as the review on the implementation of previous resolutions of the Sharī`ah committee. In view of the technicality and complexity of risk management process, Sharī`ah division will work hand in hand with the risk-management division to develop, identify, and control Sharī`ah the risk-management programme.

In the case of Sharī`ah review on transactions and finances, Sharī`ah review personnel shall review and ensure that IFI transaction and finance matters are in compliance with Sharī`ah requirements. These may include those related to contracts, agreements, deposits, investments, investment accounts, financings, accounting, recognition of income and expenses, income/profit distributions, purification of income, and zakat computation as per the decisions made by the established Sharī`ah criteria.

In the case of Sharī`ah review on Takaful products, it shall include the review of existing and new Takaful products, covering end-to-end the product-development process. This is to ensure the fulfillment of the contract requirements and conditions of the contracts according to Sharī`ah and the proper application of fiqh muamalat principles.

In the case of Sharī`ah review on training, marketing, and sales, the review shall cover the review on training materials, product brochures, and marketing materials. This is to ascertain that strategic, financial, operational, and management information related to Sharī`ah matters is accurate, reliable, and timely. Sharī`ah review of IFI branches, agents, and business/support units is to ensure that their respective activities and operations are Sharī`ah compliant.

The following are the possible Sharī`ah review scope related to branch review:

• Ensure that all products offered are those approved by the Sharī`ah committee.
• Assess for adequate numbers of qualified people to deal with the activities and operations.
• Assure proper activities and operations of IFI products.
• Assess employees’ understanding of Islamic financial products.

In relation to Sharī`ah review on entertainment and other related activities, this may cover the review on events and programmes organised by IFI. This is to ensure that such events are in compliance not only with ethical standards but also Sharī`ah principles and that they do not contain any excessive level of entertainment. The Sharī`ah review shall assess and reasonably assure that the formal reporting channel on Sharī`ah matters is carried out effectively and in a timely manner. Sharī`ah review shall be performed on a regular and continuous basis. However, Sharī`ah review may be performed on an ad-hoc basis upon the request of the Sharī`ah committee, the management, the regulators, and/or where any circumstances require.

6.8.6. Empowerment and Responsibility of Sharī`ah Review

6.8.6.1. Accountability

Sharī`ah review is set up by the Sharī`ah risk management to be staffed with adequate and qualified Sharī`ah review personnel to perform the Sharī`ah review function. The head of Sharī`ah risk management shall head the Sharī`ah review function, assisted by the designated Sharī`ah review personnel (collectively “Sharī`ah review members”). The Sharī`ah review members shall, on a continuous basis, conduct the Sharī`ah review, which is a review of processes and deliverables as well as determine that such processes and outcomes satisfy the needs of the Sharī`ah. The Sharī`ah review members, in discharging their duties, shall, in-line with the “solid arrow” and “dotted arrow” reporting lines as depicted in the SGF, be accountable to the Sharī`ah committee and the senior management committee (SMC), respectively, to:

6.8.6.2. Authority

The Sharī`ah review members are authorised to carry out comprehensive programme of Sharī`ah review within IFI and initiate reviews, examinations, and inspections at such time as they may determine and without advance notice, with respect to any of IFI’s activities as deemed necessary.

The Sharī`ah review members are authorised to:

The head of the Sharī`ah division may be required to participate as a member of selected committee in IFI as determined by SMC, but not withstanding such selection, the participations as a member of these committees should not in any way affect the objectivity and independence of the Sharī`ah review function.

6.8.6.3. Independence

To provide for the independence of the Sharī`ah review function, Sharī`ah review personnel are placed under the direct authority and supervision of the head of the Sharī`ah management. The head of the Sharī`ah management in performing the Sharī`ah review function reports directly to the Sharī`ah committee.

6.8.6.4. Responsibility

The head of the Sharī`ah management, assisted by the members of the Sharī`ah review, has the responsibility to:

• Develop the Sharī`ah review based on significant Sharī`ah non-compliance risk and exposure, and submit the plan to the Sharī`ah committee for review and approval.
• Implement the Sharī`ah review as approved, including any ad hoc assignments, special tasks or projects assigned by the Sharī`ah committee.
• Maintain a group of qualified Sharī`ah review personnel with adequate knowledge, skills, and experience to conduct the Sharī`ah review function.
• Evaluate and assess significant Sharī`ah non-compliance risks and exposure to present and future processes, operations, and controls.
• Issue Sharī`ah review report to Sharī`ah committee and management committee summarizing the results of Sharī`ah review exercise.
• Perform investigations on suspected Sharī`ah non-compliant activities within IFI and report to Sharī`ah committee and MC the results of such investigations.

6.8.7. Sharī`ah Review and Governance

IFI ensures an effective structure and function of Sharī`ah review and ensures that governance processes are in place. For effective implementation of Sharī`ah review, IFI is required to establish Sharī`ah review function as part of the Sharī`ah division. The Sharī`ah division ensures that it has adequate, qualified, and competent officers, and adequate funds to ensure the effective performance of Sharī`ah review function. Sharī`ah review members must be in consultation with and accountable to the Sharī`ah committee in planning, examining, and reporting of Sharī`ah review. Such consultation may be made on an “as needed” basis and where circumstance requires so. The reporting structure of the Sharī`ah review management unit is as illustrated in the appendix.

The Sharī`ah committee determines the deliverables of the Sharī`ah review and is expected to review and endorse the SRAP. The Sharī`ah review findings are submitted for consideration and deliberation of the Sharī`ah committee. The SMC acknowledges the finding and conclusion of the deliberation made by the Sharī`ah committee. The Sharī`ah review is guided by the Sharī`ah resolutions and decisions of the Sharī`ah committee to effectively execute their review function. The Sharī`ah review activity must be free from interference in determining the scope of reviewing, performing work, accessing evidence, and communicating results. Sharī`ah review personnel must have an impartial, unbiased attitude and avoid conflict of interest.

Sharī`ah review personnel maintain a high level of independence to provide the Sharī`ah review with an independent and objective assurance about the IFI level of Sharī`ah compliance. Although Sharī`ah review is responsible for assisting the Sharī`ah committee to form an opinion on the extent of IFI level of Sharī`ah compliance, the responsibility for compliance therewith lies with the respective business owner and the management. The Sharī`ah review process does not relieve other business owners and the management of their responsibility assigned to them to perform their functions in accordance with Sharī`ah.

6.8.8. Sharī`ah Review Charter

IFI establishes a Sharī`ah review charter that incorporates Sharī`ah review function, which includes planning, implementation, and reporting of the Sharī`ah review exercise. IFI must have a Sharī`ah review charter, which is a mandated document for the proper execution of the Sharī`ah review function.

The Sharī`ah review charter specifies the Sharī`ah review, which addresses the following aspects:

• The nature of Sharī`ah reviewing.
• The Sharī`ah review objectives.
• The scope of Sharī`ah review work.
• The responsibilities of Sharī`ah review personnel.
• The authority of Sharī`ah review personnel.
• The independence of Sharī`ah review personnel.

The Sharī`ah review charter should clearly specify the planning, examination, and reporting of the Sharī`ah review. The Sharī`ah review personnel should have direct access to the Sharī`ah committee and the SMC. There must not be any limitation of scope or restriction placed on the Sharī`ah review personnel. This is to ensure efficiency and effectiveness of the Sharī`ah review function.

6.8.9. Competency of Sharī`ah Review Personnel

Sharī`ah review personnel should be competent in reviewing knowledge and skills as well as Sharī`ah knowledge relevant to the Sharī`ah review function. The Sharī`ah review personnel must possess adequate reviewing knowledge, skills, and competencies on the following:

• Adequate knowledge of the essentials of the Sharī`ah.
• Proficiencies in conducting review.
• Understanding of management principles.
• Appreciation of accounting, economics, commercial law, taxation, and finance.
• Skills in dealing with people and communicating.
• Skills in oral and written communications.

The Sharī`ah review personnel should have the ability to construct relevant and appropriate review methodology in line with the review objectives of any particular area of the review. This is to correctly verify evidence for different reviewable areas to ensure Sharī`ah compliance.

The basic qualifications of the Sharī`ah review personnel are as follows:

• Have a relevant degree or professional qualification.
• Have adequate knowledge of Sharī`ah.
• Have adequate knowledge and understanding of the functions of IFI and Islamic products and services.

The candidates who do not possess a bachelor degree qualification should have relevant working experience in reviewing or in IFIs for a minimum of two years, provided, however, that such person should not work independently in a Sharī`ah review team without involvement of at least one member who has a Sharī`ah degree. Adequate knowledge in Sharī`ah means that the candidates have successfully undergone sufficient education and training in fiqh muamalat.

The knowledge of Sharī`ah required of the Sharī`ah review personnel should cover the following areas:

• Usul fiqh
• Fiqh muamalat
• Principles of Islamic financial contracts
• Prohibited elements in Islamic financial contracts
• Islamic financial contracts

Adequate knowledge and understanding on the functions of IFI, and the Islamic products and services means that the Sharī`ah review personnel should be well versed in the Islamic principles underlying the Islamic financial contracts and basic activities and operations of the IFI (in this particular case, Takaful products and services offered by the Takaful operator (TO). The TO vis-à-vis the Sharī`ah division creates positions for qualified Sharī`ah officers that function within the Sharī`ah review. The Sharī`ah review personnel maintains their technical competence through continuous education. This can be achieved either through training, seminar, or muzakarah, in order to maintain their proficiency and keep them informed about improvements and current developments of Takaful business and operations.

The Sharī`ah review personnel exercises professional due care in performing the Sharī`ah review activity. Professional care should be appropriate to the complexities of the Sharī`ah review being performed. In exercising due professional care, they personnel should be alert to the possibility of intentional wrongdoing, errors and omissions, inefficiency, waste, ineffectiveness, and conflicts of interest. They must also be alert to those conditions and activities where Sharī`ah non-compliance is most likely to occur. Due professional care also denotes reasonable care and competence, not infallibility or extraordinary performance. Due care requires the Sharī`ah review personnel to conduct assessments, examinations, and verifications to a reasonable extent, but does not require detailed inspections of all transactions. Accordingly, the Sharī`ah review personnel cannot give absolute assurance that Sharī`ah non-compliance does not exist. Nevertheless, the possibility of material Sharī`ah non-compliance should be considered whenever the Sharī`ah review personnel undertake a Sharī`ah review.

6.8.10. Sharī`ah Review Process

Sharī`ah review process consists of a comprehensive review process that includes planning, examination, and reporting by obtaining reliable and relevant evidence for Sharī`ah assurance purposes.

The following are essential matters of the Sharī`ah review process:

• Formulation of SRAP to include reviewable area on Sharī`ah compliance requirements.
• Assessment of the adequacy of Sharī`ah compliance review.
• Establishment and implementation of risk-based review process and procedures that evaluate the level of Sharī`ah compliance.
• Formulation of review opinion on the effectiveness of the internal Sharī`ah control system and production of a proper Sharī`ah review report.
• Continuous assessment on the adequacy and completeness of Sharī`ah compliance review practice.

Sharī`ah review planning is adequately developed to include a complete understanding about IFI operations in terms of products, size of operation, location, branches, subsidiaries, and divisions. The planning includes obtaining rulings made by the Sharī`ah committee and other established Sharī`ah criteria. Sharī`ah review develops an SRAP. SRAP refers to a manual-based document that specifies the review control objectives and step-by-step procedures to execute a review for any concerned year. SRAP can be designed and developed based on products and services, operations, processes, policies, and branches as well as other areas that Sharī`ah review (upon consultation with the Sharī`ah committee) deemed necessary.

Sharī`ah review personnel examine the following reviewable areas which normally include:

• Understanding the management awareness, commitment, and compliance-control procedures for adherence to the Sharī`ah.
• Risk assessment of the Sharī`ah non-compliance risks to assess the risk profile of IFI’s activities and operations in order to prioritise the reviewable areas.
• Assessment of the adequacy of the internal control system for Sharī`ah compliance.
• Review of contracts and agreements.
• Review of product manuals and SOPs.
• Review of information and reports such as circulars, minutes of meeting, operating and financial reports, policies, and reports.
• Relevant personnel.
• Activities and operations.
• Review of profit computation and distribution, zakat computation, penalty computation and manner of distribution thereof.

The Sharī`ah review activity assists IFI in maintaining effective controls by evaluating the effectiveness and efficiency of Sharī`ah compliance control, and by promoting continuous improvement. The Sharī`ah review activity evaluates the adequacy and effectiveness of controls encompassing IFI’s governance, operations, as well as marketing and information systems. These include:

• Reliability and integrity of financial and operational information.
• Effectiveness and efficiency of activities and operations.
• Safeguarding of assets.
• Compliance with laws, regulations, and contracts.

Together with risk management division, Sharī`ah review assesses the adequacy of the Sharī`ah risk management processes, which includes the assurance of:

• Sharī`ah non-compliance risk arising from activities and operations identified and prioritised.
• The level of Sharī`ah non-compliance risks have been adequately determined by the management committee and Sharī`ah committee.
• Risk mitigation activities are designed and implemented to reduce, or otherwise manage, risk at levels that were determined to be acceptable to the board and the management.
• On-going monitoring activities are conducted to periodically assess Sharī`ah non-compliance risk and the effectiveness of controls to manage the risk.

Together with the risk management division, Sharī`ah review personnel plays a role in assisting with the initial establishment of Sharī`ah risk management and internal control for Sharī`ah compliance. However, Sharī`ah review personnel do not “own” or are responsible for the management of risks and internal control.

The Sharī`ah review process involves the followings:

• Planning phase
• Reviewing phase
• Reporting phase
• Post-reporting phase (following up)

The details of the Sharī`ah review process implementation is documented in an SOP, which lists the fundamental principles, policies, and procedures in relation to the implementation of Sharī`ah review process. Annually, the head of risk management/Sharī`ah management submits to the Sharī`ah committee a written SRAP report on the Sharī`ah review activity during the preceding financial year. IFI may appoint or employ an external party to conduct a Sharī`ah review on the activities and operations of IFI, if IFI considers it is desirable or in the interest of IFI to do so.

6.8.11. Reporting Requirements for Sharī`ah Review

Sharī`ah review provides a Sharī`ah review report that includes recommended rectifications to effectively communicate the findings of the Sharī`ah review to the Sharī`ah committee and the management committee, reporting the communications of the findings of the Sharī`ah review conducted, which include recommended rectifications to improve Sharī`ah assurance. The SGF requires that the Sharī`ah review function communicate results of any assessment or findings arising from the Sharī`ah review to the Sharī`ah committee.

The objectives of the Sharī`ah review report are:

• Report the findings of Sharī`ah non-compliance (if any).
• Assess the degree of recurring of non-compliance and its systematic effect on IFI as a whole.
• Recommend corrective actions, improvements, and rectifications necessary by identified persons charged with such rectifications, corrections, and improvements.
• Suggest timelines for such rectifications to be completed.
• Track and monitor the progress of rectifications from past recommendations of previous Sharī`ah review report.

Sharī`ah review report is undertaken and the report can also be made at regular intervals or on an ad-hoc basis. The report is approved by the Sharī`ah committee and a copy of the report shall be made available to the management committee. Sharī`ah review opinion is expressed in the report on whether IFI’s business operations and activities so reviewed are in line with Sharī`ah requirements. The report of Sharī`ah review contains the observations and the assessment of Sharī`ah non-compliance risks and controls. The Sharī`ah review report provides recommendations for potential improvements and corrective actions where relevant, together with suggestions for control mechanism to avoid recurrences. The report should be objective, clear, constructive, and timely.

6.9. THE NINTH LINE OF DEFENCE: SHARĪ`AH AUDIT

6.9.1. Definition of Sharī`ah Audit

The BNM SGF defines the Sharī`ah audit function as follows: “Sharī`ah audit refers to the periodical assessment conducted from time to time, to provide an independent assessment and objective assurance designed to add value and improve the degree of compliance in relation to the Islamic financial institution’s (IFI) business operations, with the main objective of ensuring a sound and effective internal control system for Sharī`ah compliance.”

6.9.2. Audit Objective and Criteria of Sharī`ah Audit

It is important to note that unlike Sharī`ah reviews by the Sharī`ah board, which focus on Sharī`ah compliance, auditors focus onthe true and fair view of the financial statements in accordance with the Sharī`ah principles and requirements. In other words, financial audit is performed with consideration that financial activities and financial reporting of such activities comply with Sharī`ah requirements and principles.

Para 2 of Auditing Standard for Islamic Financial Institutions (ASIFI) No. 1 states the objective as follows:

The objective of an audit of financial statements is to enable the auditor to express an opinion as to whether the financial statements are prepared, in all material respects, in accordance with Sharī`ah rules and principles, the accounting standards of the Accounting and Auditing Organization of Islamic Financial Institutions and relevant national accounting standards and practices in the country in which the financial institution operates.

The Sharī`ah rules and principles are established by the SSB or other bodies as specified or indicated by the financial authorities. Accounting and reporting standards promulgated by AAOIFI are the international standards that address specific reporting requirements for IFIs. Finally, the national accounting standards and practices may differ between countries and could be harmonised by international reporting standards issued by AAOIFI and IASB.

6.9.3. Essential Principles Governing the Auditor

In order to attain the audit objective, the auditor is expected to comply with the “Code of Ethics for Professional Accountants” issued by both AAOIFI and IFAC, which does not contravene Sharī`ah rules and principles. This is to ensure that the accountants conduct themselves in a manner that is approved by Sharī`ah. The auditor should also conduct the audit in accordance to ASIFI, which consists of basic principles and essential procedures together with related guidance in the form of explanatory and other material.

Having taken the aforementioned principles into consideration, the auditor should plan and perform the audit with professional competence and due care, recognising the circumstances that may exist that cause the financial statements to be materially misstated.

The professional knowledge, skills, and attitude of competence, due care, and diligence are expected of the auditor who conducts the audit for IFIs. Furthermore, the auditor is also expected to understand pertinent Sharī`ah rules and principles that impact the professional knowledge, skills, and attitude. In terms of the audit plan and budget, proper training as well as recruitment of audit staff capable of the undertaking the audit assignment and fulfilling the Sharī`ah requirements need to be addressed.

6.9.4. Scope of Audit

Another element that influences the annual audit budget is the scope of audit of Islamic financial institutions.

Para 7 of ASIFI No.1 is stated as follows:

The “scope of audit” refers to audit procedures deemed necessary to achieve the audit objective. “The procedures required to conduct an audit having regard to the requirements of appropriate Islamic rules and principles, ASIFIs, relevant professional bodies, legislation, regulations which do not contravene Islamic rules and principles, and where appropriate, the terms of audit engagement and reporting requirements. International Standards of Auditing (ISA) shall apply in respect of matters not covered in detail by ASIFI provided that these do not contravene with Islamic principles.”

In formulating the audit procedures to accomplish specific audit objectives, the auditors need to define the scope of audit, taking into account various aspects such as the types of Islamic financial activities of IFIs and the relevant regulations and requirements on such activities. In addition, the scope of audit is governed by specific regulations, provisions, and guidelines that define the audit and the client relationship as specified in the terms of engagement. In return, the scope of the audit would then influence the annual audit budget. In most instances, with the establishment of need for new information relevant audit procedures to capture such information are designed. Thus, both the permanent and periodic audit working papers would increase, thus, increasing the setting-up cost for the audit. However, with the learning-curve effect, it is anticipated that average cost shall decline for subsequent periods.

The functions of the auditor that relate to the scope of the audit and that are mentioned in the letter of engagement include:

• Conducting the audit in accordance with the standards and requirements as specified by the scope of audit.
• Understanding and assessing the adequacy of the accounting system as a basis of preparations of financial statements for IFIs.
• Obtaining relevant and reliable evidence to enable the auditors to draw reasonable conclusions therefrom.
• Determining the nature and extent of audit procedures to be adopted in lieu of the assessment of the internal control system.
• Planning an audit that allows reasonable expectation of detecting material misstatements or errors in the financial statements or accounting records resulting from fraud, for instance, non-compliance to Sharī`ah rules and principles.
• Providing for sampling error and level of confidence in testing the sampled information when conducting the audit.

6.9.5. Sharī`ah Audit Structure (Standard 1000—Purpose, Authority, and Responsibility)

In order to further enhance the internal audit department structure to perform the Sharī`ah audit function and serve the financial entities in the group, a separate unit, namely Sharī`ah, Retail and Sharī`ah, Audit (previously was named Star Bank, Regional Operations) was created in February 2010 and included in the group internal audit organisation chart. The unit is given the task of performing Sharī`ah-related audits on the operations of Star Bank Islamic Star Bank’s network of Islamic branches and other business units and subsidiaries where Sharī`ah products are offered and managed.

The Sharī`ah audit forms part of the regular internal audit function. Hence, the Sharī`ah audit leverages the internal audit’s strategy and structure, including the audit committee of the board, audit charter, code of ethics; it also continues to leverage the audit’s mission and objectives where it does not contravene any of the BNM SGF’s policy and requirements.

The Sharī`ah audit process also adopts the internal audit standard risk-based audit processes, which include audit planning, sampling, examination, reporting, and monitoring.

The Sharī`ah audit is required to develop a Sharī`ah audit program to execute an audit. The coverage and scope of audit work must include examining, evaluating, and reporting the compliance with the Sharī`ah rules and principles as determined by BNM SAC and Star Bank Shariah committee in all aspects of the Islamic products, operations, and activities. For selected assignments, the Sharī`ah work will be performed or jointly performed by auditors from the other audit departments. The arrangement will be determined and documented in the annual audit plan.

6.9.6. Reporting Structure of Sharī`ah Audit (Standard 1100—Independence and Objectivity)

Based on the BNM SGF, the Sharī`ah audit function, in addition to the direct reporting line of the audit committee of the board, is also expected to have a dotted line to the Sharī`ah committee. To operationalise this, the Sharī`ah audit’s annual audit plan and Sharī`ah audit’s reports shall also be submitted to the Sharī`ah committee members to communicate coverage of the audit and results of any assessment or findings arising from the Sharī`ah audit. This is to allow the members to assess the work carried out by Sharī`ah audit in order to ensure compliance with Sharī`ah matters, which forms part of their duties in providing their assessment of Sharī`ah compliance and assurance information in the annual report. By being part of the internal audit set-up, the Sharī`ah audit maintains its independence from the management and Sharī`ah department function.

Note: Figure 6.2 illustrates a model structure of roles, functions, and reporting relationships of key organs, including Sharī`ah audit, in the IFI’s Sharī`ah governance framework based on the BNM SGF.

FIGURE 6.2 The Structure of Sharī`ah Governance in Islamic Banking

6.9.7. Roles and Responsibilities of Sharī`ah Auditor (Standard 1000—Purpose, Authority, and Responsibility)

The core function of the Sharī`ah audit is to provide an independent assessment and reasonable/objective assurance designed to add value and improve the degree of compliance with Sharī`ah principles in relation to the IFI’s business operations with the main objective of ensuring a sound and effective internal control system for Sharī`ah compliance. The primary objective is to ensure that the management of the bank discharges its responsibilities in relation to the implementation of the Sharī`ah rules and principles as determined by the BNM SAC or Star Bank SC.

This requirement is specifically outlined in the Bank Negara Malaysia’s SGF, which was issued in October 2010 and took effect on January 1, 2011. IFI was given six months from the effective date to comply with all the requirements.

The SGF expectation, at the minimum, consists of a regular Sharī`ah audit, as part of Bank Negara’s thematic audit, at least on an annual basis, verifying that the IFI’s key functions and business operations comply with Sharī`ah.

The Sharī`ah audit scope was also included in the Bank Negara Malaysia’s Guidelines on Internal Audit Function of Licensed Institutions or previously known as GP10, which took effect July 1, 2010. The guideline requires the scope of audit work to include every activity and subsidiary that includes the evaluation of the compliance with Sharī`ah rules and principles as determined by the Sharī`ah committee of the licensed institution or other relevant bodies (for Islamic operations).

6.9.8. Sharī`ah Audit Methodology and Framework

The Sharī`ah audit methodology and framework is primarily guided by the SGF and Guidelines on Internal Audit Function of Licensed Institutions issued by Bank Negara Malaysia. In addition, the audit also adopts the Group audit’s (Star Bank Risk-Based Audit) methodology.

The methodology shall include, amongst others:

• Understanding the business and scope of the Sharī`ah audit universe.
• Identifying Sharī`ah risk events that are inherent in the business.
• Developing the Sharī`ah audit planning procedure.
• Establishing the audit sampling and testing policies.
• Reporting and rating methodology.

6.9.9. Types of Sharī`ah Audit

The different types of Sharī`ah audit conducted may include one or a combination of the following:

6.9.10. Sharī`ah Audit Process

The audit coverage of Sharī`ah/Islamic Banking operations (similarly to the normal audit) can be determined using the following steps:

6.9.10.1. Audit Engagement Planning (Standard 2200—Engagement Planning)

The planning stage is to identify significant areas and to design the audit work.

A. Determine the scope of responsibility of the activity or unit over the Islamic Banking’s business operation. This is to design the audit work to meet the objective of ensuring that specific operations of the unit are directly related to their objective of complying with Sharī`ah requirements. Perform a Sharī`ah risk profiling of the unit to be audited. The information required may be obtained from the manuals and policies governing its operations.

The letter of engagement (EL) is a formal contract that the auditor is engaged by IFIs according to specific and mutually agreed terms. AISIF No. 3 provides specific guidelines on the terms of audit engagement.

The basic contents EL specifies the following:

• The auditor’s acceptance of appointment.
• The objectives and scope of audit.
• Extent of auditor’s responsibilities to the client.
• Forms of report to be provided by the auditor.

Any variation in the terms of appointment as specified in the contents will influence the annual budget fees.

For example:

• Delivery channels—for example, branches, business centers, trade finance centers—are involved in the marketing and selling of Islamic Banking products and may be responsible for the execution of the Sharī`ah contracts (aqad), for example, aqad for ASB-i.
• Support centers—for example, credit administration centers—are involved in the disbursement and may be responsible for the execution of the Sharī`ah contracts (aqad), for example, aqad for STRC-i.
• Corporate banking and business centers are involved in processing and approval of corporate customers’ Islamic financing—for example, eligibility of corporate customer for Islamic facility.
• Star Bank Islamic, the Islamic Banking subsidiary, is involved in product design and development process and business operations and support functions of the Islamic Banking sector. Star Bank may be responsible for the execution of the Sharī`ah contracts (aqad), for example, aqad for commodity murabahah.
• Sun Takaful, the Islamic insurance subsidiary, is involved in product design and development process and business operations and support functions of the Takaful sector. The IFI may be responsible for the re-Takaful, investment portfolio, and so forth.
• Investment banking, the investment arm of the group, is involved in Islamic stockbroking and Islamic debt market operations. Investment banking may be responsible for the product development of stockbroking, sukuk, and other services.

B. Determine the extent of Sharī`ah audit activities related to the activity or unit, that is, in terms of product, size of operations, locations, by preparing the following:

• Listing of Islamic banking’s products or services and the Islamic contracts used, for example: deposits, wadiah; financing, murabahah; investment, mudharabah; treasury, murabahah.
• Listing of Islamic banking related operations/processes, for example, marketing and selling of products, execution of aqad, profit calculation.

C. Determine the Sharī`ah principles that are applicable for the product and processes identified earlier. Prepare the listing of the established Sharī`ah principles/criteria by making reference to relevant sources, including Sharī`ah rulings published by BNM SAC, relevant pronouncement on Sharī`ah matters by BNM, resolutions and decisions issued by Star Bank Sharī`ah committees, approved product manuals and guidelines, the Sharī`ah audit results, and the internal Sharī`ah audit checklist. Note: In the event of conflict between the different sources, the matter shall be escalated to the SAC of BNM.

D. Determine if there were any Sharī`ah review works performed on the area. If there were any, leverage the work performed by the Sharī`ah review to determine the level of compliance and internal control.

E. Upon completion of the the preceding steps, the auditor shall prepare the audit plan and determine the scope of audit based on the risk-base approach. The type of audit will be based on the results from the operational audit, product development or product execution, or a combination of the three types.

The individual audit plan is to be signed by the preparer (team leader), reviewer (project supervisor/head of section), and approver (head of department) before the commencement of the audit fieldwork.

6.9.10.2. Audit Execution/Fieldwork (Standard 2300—Performing the Engagement)

F. Prepare the audit program, which includes audit procedures and extent of testing, to be used to audit the key audit activities as approved in the audit plan. The audit work should be similar to the normal audit:

• Interview staff and other relevant counterparties, if necessary, to obtain feedback and to confirm the activity processes and risks involved.
• Determine from the documentation or interview the extent of controls implemented to mitigate the risks faced. There should be clearly specified internal controls in relation to Sharī`ah compliance requirements. Raise findings and suggest corrective actions.
• Examine the relevant documentations and procedures to provide evidence that the control is operating effectively. Perform sampling of products development to ensure compliance during the designing of the contracts and documents. Perform sampling of completed transactions to ensure that these transactions conform to Sharī`ah rules and guidelines as endorsed by the SC. The internal control system must be effective in relation to Sharī`ah compliance requirement. Raise findings and suggest corrective actions.
• Ascertain the extent of Sharī`ah compliance of its operations, product, and transactions based on the applicable standards and resolutions.

6.9.10.3. Report Audit Results (Standard 2400—Communicating Results)

G. Communicate the results of the findings and other observations arising from the Sharī`ah audit to the auditee, internal audit committee (IAC), audit committee of the board (ACB), and Sharī`ah committee (SC).

6.9.10.4. Audit Monitoring/Follow-up (Standard 2500—Monitoring Progress)

H. The Sharī`ah audit shall work together with audit operations and quality department on the follow-up to ascertain that appropriate action is taken on the implementation of recommendation in relation to the audit report findings and any other resolutions made by the IAC, ACB, and/or SC. The management is responsible for rectification of noncompliance, prevention of recurrence of non-compliance, and ensuring that the agreed upon actions were carried out including their timing (deadline) and extent of follow-up.

I. In the event a conflict of opinion between senior management and audit on any audit issues is not resolved, the matter shall be escalated to the ACB for resolution.

J. On a quarterly basis, a “Status of Rectification of Audit Findings” report shall be submitted to the IAC, ACB, and SC.

6.9.11. Audit Report Rating

For specific Sharī`ah compliance audit reports, the audit ratings are assigned based on the following:

For the other audit reports, internal audit has adopted the following four categories of rating for audit report:

6.9.12. Qualified Audit Opinion

The magnitude of audit findings in terms of ability to provide reasonable assurance that the financial statements are true and fair in accordance with Sharī`ah rules and principles, AAOIFI accounting, and reporting standards, as well as national and relevant international reporting standards, are categorised according to opinions expressed by the auditor.

Audit opinions expressed as “the financial statements as a whole are free from material misstatements based on accumulated audit evidence” refers to the whole audit process and comply with Islamic Sharī`ah rules and principles. Four types of opinion are expressed in Table 6.2 (AAOIFI ASIFI No. 2).

TABLE 6.2 Types of Audit Opinion for Sharī`ah Audit Process

Generally, management representation and the degree of reliance that auditors place on such representation will significantly influence the type of opinion expressed. If audit rating is weak, this is an indicator that the severity of audit findings can lead to a qualified disclaimer or adverse opinion.

6.10. THE TENTH LINE OF DEFENCE: PUBLIC

The public or the Muslim public and society is the last line of defence to ensure Sharī`ah compliance. A society that feels confident in the Islamic banking activities and accepts its products and services is indication of the Sharī`ah compliance status. However, by public acceptance, we mean the consensus of the majority of society; hence, the view of a group of people who do not have a major representation in the society does not represent a sound line of defence, but a view that can be heard. The condition of the total agreement of the society based on their consensus is that the Muslims are protected to agree on a mistake as mentioned by the Prophet (s.a.w). “My community (Umati) shall never agree upon error.”

NOTES

1. M. Kabir Hassan and Michael Mahlknecht, Islamic Capital Markets (Chichester: John Wiley & Sons, 2011), 41.

2. Sharī`ah Advisory Council of Bank Negara Malaysia, Sharī`ah Resolutions in Islamic Finance, 2nd ed. (Kuala Lumpur, Malaysia: Bank Negara Malaysia, 2010), 39.

3. Ibid., 40.

4. Ibid., 27.

5. Ibid.

6. Ibid.

7. Ibid., 28.

8. AAOIFI, Governance, Standard No. 1, English ed. (Bahrain: Accounting and Auditing Organization for Islamic Financial Institutions, 2004), 4.

9. See: AAOIFI pronouncement, February 13 and 14, 2008.

10. Sharī`ah Advisory Council of Bank Negara Malaysia, Sharī`ah Resolutions, 12.

11. Ibid., 30.

12. Ibid., 31.

13. AAOIFI, Governance, Standard No. 1, 4.

14. Ibid., 7.

15. Securities Commission Malaysia, Malaysia Code on corporate governance, 2012.

16. Sharī`ah Advisory Council of Bank Negara Malaysia, Sharī`ah Resolutions, 10.

17. Bank Negara Malaysia, “Learn about the Bank.” Retrieved June 18, 2013, from www.bnm.gov.my/index.php?ch=7&pg=715&ac=802.

18. Islamic Capital Market, “Frequently Asked Questions.” Retrieved June 18, 2013, from www.sc.com.my/main.asp?pageid=256&menuid=285&newsid=&linkid=&type=.