executive summary -...
TRANSCRIPT
El Dars, 1
Auditing an Islamic Multinational Bank
By: Wafaa El Dars, CAMS-Audit
El Dars, 2
Executive Summary
The challenges that a compliance auditor meets are many and for professional
compliance auditors some of those are almost unknown. However, as the compliance
auditor of a multinational bank faces different challenges, the auditor of a multinational
Islamic bank faces even more challenges. This paper will not discuss the risks of a
conventional bank nor the challenges the auditor meets while auditing compliance of a
conventional bank; those have almost all been exhausted. What will be discussed here
are the extra risks of a multinational bank and those of an Islamic bank. We will
discuss and assess the risks of a multinational bank and those of an Islamic bank
and how to help mitigate those risks. Understanding the business and structure of a
multinational Islamic bank is essential. Once the business is understood, the risks can be
assessed and accordingly, the mitigation of the risk could be worked on. The expectations
of the regulators in a multinational Bank that offers Islamic products are also different from
a compliance point of view. In addition to the normal controls that all banks have, a
multinational bank that offers its services in different jurisdictions and also offers Islamic
products is expected to have extra risks that have to be mitigated and controlled.
Regulators will want to see how those risks are handled/mitigated. In this paper, to help
better understand the business, we will discuss the main differences between Islamic
banking and conventional banking, present an overview of some Islamic products and
relate those products to their equivalent/likes in conventional banking. This paper will also
discuss the risks of multinational banks that run business in several jurisdictions,
centralization and/or decentralization and the risks encountered accordingly.
Understanding the Business
To be able to assess the risks of the institution, we first have to understand the business
that is to be audited. Islamic banking has been growing rapidly during the last 30 years.
It is based on Sharia (i.e., Islamic law, which is derived from the Qur’an). An Islamic bank
has to comply with Sharia principles in all its transactions, products and investment
approach. Mainly, its transactions cannot be interest or usury based (Ribah or Riba). They
cannot result in oppression (zulm); there is risk sharing and profit and loss sharing. It
prohibits products with excessive uncertainty like speculation activities (gharar). Finance
is assets based. Also, Islamic banks could not be involved in any activity that is haram
(forbidden by Islamic laws [e.g., gambling or selling or manufacturing alcoholics]). These
are the main differences between Islamic banking and conventional banking. Accordingly,
the challenge for Islamic banks is to offer their clients a variety of products to meet their
needs, whether for financing or investment, that are within Sharia laws.
Below is a comparison between Islamic and conventional banking to better understand
the differences between the two.
El Dars, 3
Table 1: Conventional vs. Islamic Banks
Conventional banks
1. Its functions and operating principles and modes are manmade principles.
Islamic banks
1. Islamic banking is based on the principles of Islamic Sharia and on the Qur’an.
2. The investor/customer is promised an Interest payment (Riba) at a predetermined or fixed rate, but no equity participation to share the risk and reward.
2. Sharing of risk and reward between investor and entrepreneur (provider of capital and the user of same). The idea of profit, loss, and risk sharing, on both the liability and asset side. There is a
strong element of equity participation in Islamic banking.
3. Lending contract stipulates the terms of dealing between the lender and the borrower whatever the results are.
3. Cannot result in oppression.
4. Offering loan for a fixed interest. Contract structure of finance is a loan, an interest based lending agreement (cost and profit are not declared to client).
4. Purchase and resale of goods and services and the provision of (financial) services for a fee. Contract structure of finance is a sale contract, with cost plus a profit on investment, not interest on a loan, and both are disclosed to the client.
5. Could deal with kinds of activities and industries like gambling casinos, pork or alcoholic industries.
5. Forbidden to deal in haram activities and industries like gambling, those related to pork products, pornography, or alcoholic beverages) as opposed to halal, or permissible activities.
6. Could deal in derivatives, speculation and the like risky products with uncertainty.
6. Prohibited from trading in financial risk products, or contractual uncertainty,
El Dars, 4
speculation (gharar), such as derivative products.
7. Funds are mingled together, whether used for haram activities or involving interest or otherwise.
7. The funds intended for Shariah-compatible investments should not be mixed with those of non-Islamic investments, to ensure that Islamic funds do not become mixed with other funds that may be involved with riba, gharar, or haram activities.
8. More transparency in the financing mechanism.
8. The developing of accounting solutions for new Islamic products, designed to be similar to those of conventional banks led to complex products giving the impression of lack of transparency and adequate disclosure of the financing mechanism related to the complex structure of some of the products.
9. Has nothing to do with Zakat (Islamic tax).
9. Some Islamic banks collect and pay Zakat on behalf of their clients.
10. “It can charge additional money (penalty and compounded interest) in case of defaulters.”1
10. “The Islamic banks have no provision to charge any extra money from the defaulters.”2
11. “The status of a conventional bank, in relation to its clients, is that of creditor and debtors.”3
11. “The status of [a] Islamic bank in relation to its clients is that of partners, investors and trader[s], buyer[s] and seller[s].”4
12. “A conventional bank has to guarantee all its deposits.”5
12. “Islamic banks can only guarantee deposits for deposit account, which is based on the principle of al-wadiah; thus, the depositors are guaranteed repayment of their funds, however, if the
1 Hussein A. Hassan Al-Tamimi, Adel Shehadah Lafi and Md Hamid Uddin, “Bank image in the UAE: Comparing Islamic and
conventional banks,” December 2009, http://www.palgrave-journals.com/fsm/journal/v14/n3/fig_tab/fsm200917t10.html
2 Ibid. 3 Ibid. 4 Ibid. 5 Ibid.
El Dars, 5
account is based on the mudarabah concept, clients have to share in a loss position.”6
6 Ibid.
El Dars, 6
The most popularly used products in Islamic banking are:
Forms of Islamic deposits:
Mudarabah:
It is a contract whereby profit is shared between the provider of capital and the bank for
its management/labor. There is unrestricted Mudarabah, where the bank does not have
to go back to the capital provider for consultation until the completion of the Mudarabah
contract, while there is restricted Mudarabah where the capital provider puts some terms
to secure his capital.
Wakala:
It is a contract to invest deposits. Here the client authorizes the bank to invest his capital
in Islamic activities against a percentage from the capital to be deducted from the profit.
Forms of Islamic Finance:
Murabaha:
It is a contract for the sale of a commodity for a price equal to its cost/price plus a profit/
mark up. Accordingly, the bank buys a commodity with the specifications requested by
the client and sells it to the client adding a profit to its price, where the price has to be
disclosed to the client. Accordingly, “Murabaha is not an interest-bearing loan
(conventional loan or in Arabic qardh ribawi), but rather it is a sale of a commodity for a
price equal to its original cost plus a given” profit.7 The client pays back in agreed upon
installments.
Musharaka:
According to the Institute of Islamic Banking and Insurance, “[i]t is an agreement under
which the Islamic bank provides funds, which are mingled with the funds of the business
enterprise and others. All providers of capital are entitled to participate in the
management but not necessarily required to do so. The profit is distributed among the
partners in predetermined ratios, while the loss is borne by each partner in proportion to
his contribution.”8
Musharaka could either be “constant” where the share of the partners in the capital remain
the same all through the period of the contract, or “diminishing” where the bank transfers
7 “What is the difference between Murabaha and interest-bearing loan?,” Investment and Finance, March 13, 2014,
http://investment-and-finance.net/islamic-finance/questions/what-is-the-difference-between-murabaha-and-interest-
bearing-loan.html 8 “Musharakah on shari’ah ruling,” Institute of Islamic Banking and Insurance, http://www.islamic-
banking.com/Musharakah_sruling.aspx
El Dars, 7
its share gradually to the client, the partner, and its share keeps decreasing or diminishing
until the client becomes the sole owner.
El Dars, 8
Ijara:
Ijara is used when the client cannot afford to buy the asset. Accordingly, he leases the
asset from the bank, uses it for a certain period at a rental fee and then the asset could
either go back to the bank or be owned by the client according to the contract (lease with
a promise of ownership).
Istisna:
Istisna is a contract between the client and the bank for manufacturing or construction to
be delivered at a later date with specifications set by the client at an agreed upon price to
be paid in installments. The bank has to manufacture a specific thing that is not available
at the time of the contract using material available to it, according to the specifications set
by the client.
Similarities and Differences
To have a better understanding of the differences between Islamic and conventional products, below is a comparison between one of the most popular products, Murabaha, and conventional loans in light of the differences between Islamic and conventional banks laid out in Table 1.
According to Investment and Finance, the financial encyclopedia:
“Murabaha is one of the most popular financing modes used by Islamic banks and financial institutions. It is a type of sale (ba’i) in which the seller reveals to the buyer the cost of the underlying commodity and amount of profit in the form of a mark-up. In this sense, Murabaha is not an interest-bearing loan (conventional loan or in Arabic qardh ribawi), but rather it is a sale of a commodity for a price equal to its original cost plus a given mark-up, ensuring fair deal to the client. A Murabaha transaction is usually executed by the bank purchasing the commodity desired by the client and selling it to him on a cost-plus-profit basis. Therefore, the bank, rather than lending money to a borrower, purchases the commodity from a third party and sells it to the customer for a higher price. The key difference lies in the contract structure. Murabaha is a sale contract, while the conventional loan is an interest based lending agreement.” 9
Table 2: Comparing Conventional Loans to Murabaha
Features Conventional loan Murabaha
Finance Money to purchase goods or services
Goods
9 “What is the difference between Murabaha and Qardh Ribawi?,” Investment and Finance, March 13, 2014,
http://investment-and-finance.net/islamic-finance/questions/what-is-the-difference-between-murabaha-and-qardh-
ribawi.html
El Dars, 9
Parties involved
Lender and borrower Financer and finance/expertise seeker
Rollover of finance
Doable Not permitted
Collateral Could be a condition, but posted before loan is disbursed
May be posted but after the commodity is purchased
Cost transparency
Not necessary Stipulated/a condition
Reward Interest Profit
Ownership
The lender remains the owner of funds, while the borrower becomes liable for the amount of loan in addition to interest (repayment plus interest)
The purchaser becomes the owner of the commodity/asset, and at the same time becomes liable for its full price (cost plus profit)
Despite these differences, there are similarities between conventional and Islamic
banking.
Islamic Bbnks and conventional banks operate in the same market in almost all countries and offer the same services expected from a financial institution. They both help the economy of the country and offer the services required from a financial institution (e.g., they receive and invest savings and offer finance, offer international trades services, safe keeping, fund transfers, checks collection, consultancy, all for a certain fee). The only restriction is that an Islamic bank could not offer a service that is against Sharia law. However, their mechanism and operations are different, as discussed above.
Assessing the Risk:
Multinational:
- Legislation, regulatory, silos, centralized, controlled, over controlled
Overlooking compliance in several subsidiaries in different jurisdictions with their different regulations and regulators in addition to those of the Head Office/ the parent bank remains a challenge. This is also even more challenging when there is a conflict between the offshore subsidiaries regulations and those of the parent country. On another note, in many cases the board of the parent/head office is not conversant with the regulations of the subsidiaries in other jurisdictions, nor are the auditors.
Inadequate engagement of the board regarding the AML program in subsidiaries could lead to gaps in AML program and ultimately to breaches, penalties and reputation issues particularly when each entity is functioning locally without the intervention of head office (under controlled).
El Dars, 10
Head office view of the smaller subsidiaries, that they could be lacking a sound compliance program, leads to imposing more regulations, in addition to the already prevailing local regulations of the subsidiaries resulting in being over regulated, putting a load and pressure on the offshore (over controlled).
Imposing regulations in addition to the already existing local ones creates a pressure on the offshore subsidiaries to keep up with the regulations and also creates a financial burden due to its small size.
On the other hand, in some institutions, the head office and its subsidiaries work in silos, each running its operations within the regulations of their jurisdiction, without the direct supervision of the head office resulting in the possibility of being under-regulated or even the possibility of subsidiaries breaching some of the laws and regulations set by the head office.
An independent anti-money laundering/counter-terrorist financing (AML/CTF) and/or an independent AML/CTF audit is sometimes limited especially in small size subsidiaries and some regulators even allow dual responsibilities (e.g., allowing joining the Internal Control Unit (ICU) and compliance function) and sometimes the requirement of an independent AML/CTF audit function is not called for by the regulators.
Where there is a Sharia board locally and another one in the head office to overlook
the global group, sometimes a product is reviewed and approved by a local Sharia
board, yet when reviewed by the global Sharia board it is not approved after it had
been already approved and acted upon locally by the branch.
- Secrecy law/act and process of reporting suspicious activities
Secrecy laws in some countries do not allow the exchange of data/information
about a client even if it were with the head office. Accordingly, the exchange of
client data to cross sell between subsidiaries and the head office is not doable. On
the other hand, exchanging details of reporting suspicious activities/cases would be
a breach in regulations.
- Geographic and cross border
Different sanctions imposed in the head office versus its subsidiaries, or vice versa, due to different jurisdictions and requirements, can lead to conflicts and sometimes noncompliance—whether from the point of view of the head office or its subsidiaries.
Some subsidiaries could be located in countries that are or that have become high-risk countries because said counties do not apply sanctions and embargoes, or are identified as noncooperative by the Financial Action Task Force (FATF), or are identified as providing funding or support for terrorist activities, or are identified as corrupt from reliable sources. This results in embargoes imposed on said countries and it subsequently hinders the business.
- Independence/ conflict of interest / reporting locally or to head office?
El Dars, 11
Very often, compliance, especially in small businesses, is a dual responsibility and
is added to the function of the ICU or the audit, and is sometimes not given enough
allocated time or priority. On the other hand, the reporting of the compliance officer
is to the business, creating a clear conflict of interest.
In multinational banks, the compliance officer often reports locally to the business,
creating a conflict of interest, versus reporting to the head office where
independence is achieved, yet administratively not practical.
Islamic:
- Sharia Compliance
The unique contractual feature of Islamic banking and their general legal
environment increases the operational risk and makes it more complicated than
conventional banking and accordingly makes it more difficult to comply.
Usually bank staff is not conversant with the Sharia principles and requirements, while Sharia advisors are not conversant with banking finance/operations.
Lack of knowledge of compliance, senior management and board of Islamic
products could sometimes lead to not recognizing suspicious activities/money
laundering.
The topic of Sharia governance in Islamic financial institutions has not been thoroughly explored and in particular the selection and training of Sharia advisors remains largely ignored.10
Centralization versus decentralization of Sharia supervision: There is a lack of a Uniform Sharia Authority and accordingly each financial institution has to have its own Sharia board or committee, which sometimes leads to different Sharia interpretations and errors. Also, in multinational Islamic banks there is sometimes a local Sharia committee and another committee in the head office overlooking Sharia compliance for the whole bank, which sometimes creates controversies and conflicts in opinions of local versus head office boards.
- Complexity of products
The unique contractual feature of Islamic banking and their general legal
environment increases the operational risk and makes it more complicated than
conventional banking and accordingly makes it more difficult to comply.
To provide different services/products that are similar to conventional products, there is sometimes a tendency to mimic conventional products resulting in the creation of a complex product with multiple parties and transactions to make them Sharia compliant and ultimately a risk at the different execution stages.
10 Rammal, H. “Audit and Governance in Islamic Banks: Selection and training of Shari’ah advisors.” International
Graduate School of Business, University of Australia.
El Dars, 12
There is a need to better develop transparency and adequate disclosure of the financing mechanism related to the complex structure of some of the products.
Mitigating the Risk:
Multinational:
- Legislation, regulatory, silos, centralized, controlled, over controlled
Knowing the business and the auditees is essential to help enable a sound risk
assessment.
The nature and products of the offshore subsidiaries and their prevailing laws and
whether any of them has a gap or conflict with the laws and regulations of the head
office should be well known to the compliance staff and AML auditors.
The board should be conversant with the nature of the offshore business, and their
regulations and should be engaged to help ensure a sound compliance program
is implemented locally and offshore and that there are no gaps between the head
office requirements and regulations and those of the subsidiaries and to ensure
there are no potential breaches.
AML and compliance staff should be at the desired level of experience to be able
to assess the risks and set controls. Senior management, the board, AML/CFT
staff and audit should also be conversant with the Islamic products.
In a centralized business, the auditor should not only audit the parent bank but
also audit the subsidiaries offshore to ensure the AML program is effective and
that the board is playing the required role of supervising the offshore subsidiaries
for an effective compliance program.
According to Kem Warner,11 crimes due to globalization made the FATF design
its recommendations to face these crimes so that financial, non-financial
institutions and governments can adopt them. One of the critical ones is to have
an AML/CTF program and an important element in it is an independent AML/CTF
audit to be conducted on financial institutions.
These requirements are of the most important factors in most of the offshore
jurisdictions legislations. If not, the country would be considered as a non-
cooperative country and would have to change or amend its legislations
accordingly (e.g., though Egypt was incriminating illegal gains, it still had to issue
a law that incriminates money laundering, amongst other effort in combating
money laundering, to be removed from the FATF list of non-cooperative countries).
11 Warner, K. “The Challenges in Conducting an AML/CFT Audit in Offshore Jurisdictions”
El Dars, 13
FATF recommendations set four basic elements for an effective AML program,
strong policies and procedures, the appointment of a compliance officer who
should be independent, (in some cases, especially small businesses, there is a
dual responsibility for the compliance officer due to cost burden), ongoing training,
independent audit function to test the system/program.
Yet, according to Kem Warner such auditing should be risk based depending on
the different jurisdiction laws, products, size and type of institution so that they
avoid over or under regulations, as using the same yardstick is not the best
approach, especially for small businesses.12
In many of the large institutions there is a local compliance function overlooking the application of the local laws and regulations and abidance by same, while there is a corporate compliance function overlooking the compliance to laws and regulations all through the different jurisdictions the institution is operating in. Some of the areas/policies could be unified despite the different jurisdictions and may apply to all, such as AML, privacy, related transactions, conflict of interest and code of conduct. All this should be part of the compliance program where risk should be assessed and controlled.
- How to comply with secrecy and yet keep head office in the loop
Head office is still to be kept in the loop by advising them of the reported
suspicious cases after masking them to avoid secrecy breaching.
In case of exchange of data, bank can get client consent to exchange his details with the head office for a better flow of business.
- Geographic and cross border
Staff and compliance should be aware of the sanctions of their country and also of
the head office and usually take the more conservative approach. When in fear of
breach of local regulations, the head office has to be consulted immediately to
access the risk and a decision is to be taken as to which approach to take.
- Independence/conflict of interest/reporting locally or to the head office
Compliance has to be independent from the business to ensure that there is no
conflict of interest, and that the compliance officer is working freely with no fear.
In small businesses there is often a dual responsibility yet the compliance officer’s
independence from the business lines for which he/she has a compliance
responsibility is a must. (In Egypt in non-bank financial institutions, regulated by
12 Warner, K. “The Challenges in Conducting an AML/CFT Audit in Offshore Jurisdictions”
El Dars, 14
the Egyptian Financial Institutions Authority (EFSA), it is allowed to have audit and
compliance as a dual responsibility, and it does not cause a conflict of interest.)
With a corporate compliance function at the head office, compliance can report
administratively to the business, yet the technical reporting will have to be to the
corporate compliance to observe independence, and his/her performance
appraisal should be done by the corporate compliance to avoid any conflict of
interest.
Another solution is to have the compliance officer report to the board audit
committee, to whom he/she addresses all compliance concerns in each board
committee meeting and discusses corrective action and accordingly will be
appraising by his/her performance. The day-to-day administrative issues can be to
the business, since he/she reports to the board committee and accordingly there
is no fear related to his independence or conflict of interest.
Islamic
Sharia Compliance
- A religious control body, a Sharia supervisory board or Sharia committee, with
Sharia advisors is a must, to ensure that the financial institution is Sharia
compliant and to provide consultancy and advice for any Sharia issue including
reviewing all the products introduced.
- In addition to the internal Sharia control body, there should also be an
independent periodical audit/review of Sharia compliance to ensure transactions
have actually been processed in accordance with the Sharia requirements and
the contracts covering the deals.
- There should be minimum criteria/qualifications for the choice of the Sharia
advisors (e.g., years of experience, track record, reputation and integrity).
- Standardization is necessary to ensure that all Islamic financial institution
matters are dealt with, within a framework, which is acceptable for all Muslims.13
- According to the IMF Working Paper, there are now several efforts to
standardize Islamic banking such as i) the Accounting and Auditing
Organization for Islamic Financial Institutions (AAOIFI), which issues
internationally recognized Sharia standards on accounting, auditing and
governance issues; and ii) the Islamic Financial Services Board (IFSB), which
13 Ansari, O. “Audit issue of Islamic Banking.”
El Dars, 15
issues standards for the effective supervision and regulation of Islamic financial
institutions.14
Know the business and the auditees and compare it to conventional to have
a better understanding of the product
- More transparency is required to disclose the financing mechanism of
complex/structured products to enable better understanding of the product and
better judgment of its Sharia compliance and to also monitor transactions
ensuring AML oversight.
- A strong AML/CTF program is required and to be run by experienced staff to
oversee the complex transactions.
- When testing for Sharia compliance, there should be enough evidence to give
the auditor assurance that the Islamic financial institution has complied with
Islamic Sharia rules and principles (the Fatwas, Rulings and Guidance issued
by Sharia Supervisory Board [SSB)] constitutes Islamic Sharia Rules and
Principles). 5
- Introduce/promote governance principles in in Islamic banking.
Training is essential in fulfilling all above
- Train bank employees at all levels on Sharia requirements and Sharia products
in addition to normal banking requirements, AML/CTF and governance. - Train Sharia advisors on the banking finance/operations to make them aware of
how the Sharia principles are applied in processing the product and the financial structure steps.
- Training is also essential in the fight against money laundering and terrorist financing and it is now called for by the regulators (e.g., In Egypt, the Egyptian Money Laundering Combating Unit (EMLCU), the entity overlooking money laundering combating in financial institutions, calls for professional training and follows up on it on a quarterly basis).
- AML/CTF staff and AML/CTF auditors have to be well trained, qualified and preferably certified (e.g., CAMS or CAMS-Audit).
What the Regulators Expect to See/Should Find in a
Multinational Islamic Bank
14 Sole, J. “Introducing Islamic Banks into Conventional Banking Systems.” IMF Working Paper. Monetary and
Capital Markets Department
El Dars, 16
Following are some examples of what the regulators stipulate and accordingly
what they expect to see:
Regulators where Islamic banking operates will want to see a Sharia board, Sharia committee or a Sharia compliance body that overlooks Sharia compliance and an audit function to ensure the sound implementation of the compliance program, including Sharia compliance.
According to the IMF staff discussion note, Islamic finance,15 there are two models of supervision of Islamic banks in jurisdictions where Islamic banks and conventional banks are operating, a single supervisory authority overlooking all the operation (e.g., Ethiopia, Kazakhstan, Kenya, Kuwait, Qatar, Saudi Arabia, Tunisia, Turkey, the United Arab Emirates and the U.K.) or the supervision of Islamic and conventional banks is separated and lies with separate supervisory units within a single supervisory authority (e.g., Bahrain, Indonesia, Jordan, Lebanon, Pakistan and Syria). Separate supervisory frameworks may be applied to Islamic banks by the separate supervisory units, though there is typically substantial information sharing between the different supervisory frameworks.
Malaysia regulators call for a Sharia board.
According to John B. Taylor,16 there are international efforts to design a regulatory framework for Islamic finance where regulators need to factor in the differences in these products and have minimal standards to measure compliance and assess the risk, and maintain a level of consistency in regulatory treatment across the board, subject to the particular country’s legal and regulatory regime.
According to the Fed Supervisory and Regulation letter SR 08-08 on compliance
risk management and oversight in large institutions, for large multinational
organizations, the Federal Reserve, requires a firm wide compliance risk control, a
sound compliance program that identifies the risk, assesses it and controls and
monitors it within the different business lines, legal entities and jurisdictions and a
corporate compliance to oversee and support the implementation of the program.
As for less complex organizations, they do not need to have a comprehensive firm
wide approach and could manage the compliance risk effectively without it.
The Central Bank of Egypt’s (CBE) law 88 for the year 2003 and its corporate
governance regulations stipulate that each bank should have its independent
compliance officer.
The Egyptian Money Laundering Combating Unit (EMLCU), the entity regulating
money laundering and terrorist financing stipulate that all financial institutions
should have an independent compliance officer and should be given the means and
15 Alfred Krammer et al. “IMF Staff Discussion Note: Islamic Finance: Opportunities, Challenges, and Policy
Options.”
16 Taylor, J. “Fed Supervisory & Regulation letter SR 08-08 on Compliance Risk management and Oversight in Large
Institutions.”
El Dars, 17
resources to act in independence and have access to data and information to allow
him/her to perform his/her function.
Egyptian Financial Services Authority’s (EFSA) governance regulations also call for
an independent compliance and governance officer in the financial institutions that
it governs (non-bank financial institutions).
CBE law 88 for the year 2003 stipulates that banks should have a board audit
committee, and that the compliance head and audit head should be invited to attend
to report all issues to the board and decide on corrective action accordingly
(confirming/emphasizing the independence of the compliance officer).
EFSA in its governance regulations calls for a board audit committee as well.
CBE has issued regulations related to internal controls including an audit function
to ensure the abidance of the institution with the regulations.
The board, senior management and corporate compliance are responsible to
oversee and support establishing and implementing a robust compliance risk
management program amongst the different subsidiaries and jurisdictions.
Among what the Dubai Financial Services Authority (DFSA) focuses on is corporate governance, board effectiveness, the performance of control functions, risk identification, assessment and management. This includes regulatory risk, governance and board effectiveness and AML risk.
Among what Qatar Financial Center Regulatory Authority calls for is a risk-based approach for AML/ CTF, ongoing training, assigning an MLRO and his deputy at all times.
How to Mitigate the Above-Mentioned Risks, What the AML Auditor Expects to find in a Multinational Bank and Even More in a Multinational Islamic bank and What He/She Should Verify Table 3: What the Auditor should ensure is being done in a Multinational bank
and what to verify
What the auditor expects to find
1. Risk of breaching regulations due to gaps/conflicts between the home office and its subsidiaries’ regulations, or lack of knowledge of the board or senior management is mitigated.
What to verify to ensure same is done
1. How far the board and senior management is involved and whether they are conversant with their subsidiary regulations. Experience level, knowing the business, and whether or not products were approved by the board. Review minutes of board
El Dars, 18
meetings to check the level of involvement and approvals of products.
-Board ensures that there are adequate policies and procedures where regulations are inbuilt to ensure no breaches/covering said risk
-AML auditor reviews the home office and its subsidiary products and regulations to ensure no conflicts in regulatory requirements and if there is, how it was handled so that breaches and penalties are voided.
-Review should be risk based depending on the size of the offshore entity as not one size fits all.
2.Adequate involvement of the home office in the application of a sound compliance program (i.e., neither working in silos and causing week control/under controlled nor imposing more regulations/over controlling with extra cost and complexity).
2. Review local regulations and ensure that they are part of the procedures of the subsidiaries and the home office. Board and senior management are ensuring that the policies and procedures are reflecting the same and that they are being followed.
-In case of conflicts between the regulations of the home office and its subsidiaries, ensure that the home office and the board have assessed the risk and taken a decision as to how to handle the situation.
3. Independence of compliance/AML/CTF
3. Ensure there is a
responsible/conversant compliance
officer assigned.
-Committee and ensure that the
compliance officer attends the
meetings and presents compliance
issues to the Board.
El Dars, 19
-Review performance appraisal and
ensure that there is no conflict of
interest and that the corporate
compliance or the audit committee is
appraising the compliance head.
4. Secrecy laws/act abided by 4. Review the home office secrecy law and local secrecy law and ensure no disclosure of information is done and that whatever information is disclosed is within what the law allows.
-In case of reporting to the home office, data is masked to protect data privacy.
5. No sanctions breaching/penalties
5. Review local sanctions versus the home office sanctions to ensure there is no conflict. -If the sanctions requirements are different/conflicting then ensure that the risk has been assessed as to which to follow and that approvals have been obtained accordingly.
6. Training
6. Check training records to ensure that staff are trained on Sharia products and AML and that Sharia advisors are trained on banking transactions.
Table 4: What the auditor should ensure is being done in a multinational Islamic
bank and what to verify
What the auditor expects to find
1. Products and business are Sharia compliant
What to verify to ensure same is done
1. Review products and transactions, see if they have been reviewed and approved by the Sharia board/ committee.
El Dars, 20
2. No conflicts of interpretation between the local Sharia board and the head office Sharia board/ committee.
2. In case the Sharia board is not centralized, review that products have been approved by both the head office and the local sharia boards and that there is no conflict in Sharia interpretation.
3. Adequate level of expertise and
knowledge of Sharia advisors of
banking financials/operations.
3. Ensure that there is a minimum level/
criteria set for the choice of Sharia
advisors and review training records to
ensure that there is adequate training
given.
-Perform spot checks on operation
transactions to ensure that they are
processed within regulations and are
Sharia compliant.
4. Adequate level of expertise and knowledge of the board and senior staff of Islamic products to be able to detect suspicious activities in them.
4. Ensure criteria set for choice of the board members and senior management including a well-balanced diversity in their experience is followed.
-Check training records for Sharia training.
-Perform spot checks on Shari compliance to processed transactions.
5. Transparency versus complex products while still complying to Sharia.
5. Review accounting entries to ensure
that the different complex steps to
mimic conventional products are still
Sharia compliant (e.g., accounting
entry of the purchase of the asset
owned by the bank should be before
the date of the contract with the client
showing selling him the same).
-Review contracts to ensure that they are stated in a simple manner with the
El Dars, 21
required transparency to disclose the financial mechanism of the product.
6. Are processed transactions Sharia compliant (i.e., no Zulm, Haram services or goods, oppression, gharar, usury, Riba).
6. Review processed transactions to ensure there is no “haram” product or service processed.
-Review contracts to ensure that there is a sale and purchase of goods and that there is no interest involved but a profit resulting from the sale, not Ribah causing usury. Contract shows the cost of the product and the profit added to it and both are declared to the client on the contract.
-Review contracts and transactions to ensure there is profit and loss sharing in investments/partnership/investor and trader relationship and that there is no oppression/Zulm.
-Review market practice versus profit spread to ensure that the client is not overcharged/oppressed and that there is fair deal towards the client. Accordingly, the average spread in both conventional and Islamic banks could be checked to ensure that the bank is not charging a higher spread than the market practice and accordingly oppressing or using the client.
-Review processed transactions and
products to ensure there is no gharar
(i.e., trading in risk and accordingly
transactions which have uncertainty
like speculation are forbidden/haram).
7. Are Islamic investments independent from the rest of the investments/funds in case of an Islamic
7. Review the investment of funds, where and how they are invested and ensure that the Islamic funds are segregated from the rest of the funds
El Dars, 22
window where the bank deals in both Islamic and conventional products?
and invested in Islamic/sharia compliant investments.
El Dars, 23
Conclusion In the paper, we have gone through the risks that are related specifically to Islamic
banking and to multinational banks with subsidiaries offshore, with different regulations,
legislations and sanctions. We have made a comparison between Islamic banking and
conventional banking to help us access the risk through knowing our business and
evaluating the risks. We have also gone through some thoughts/suggestions to help
mitigate said risks that have been highlighted, specifically related to Islamic banking and
to multinational banks. We have seen that training is an essential factor for staff on Islamic
banking, for Sharia advisors on banking operations and for all staff on how to combat
money laundering and terrorism financing. We have also gone through some of what the
regulators need to see related to the above. The requirement of having an internal or
external AML/CTF auditor who is to review the compliance program and how effective it
is, is very clear and is called for by different regulators. The auditor will check that all the
above requirements have been worked on and control measures as sighted above are
being put in action and are effective. The auditor will also ensure that what the regulators
expect to see are being looked after, as those are requirements he/she will expect to see
as well. It goes without saying that the auditor will review the effectiveness of the
compliance program as a whole, will access all the risks and how they are
controlled/mitigated, not only the ones related to an Islamic or multinational bank.
El Dars, 24
REFERENCES
Abd Rahman, Ust. “Differences between Islamic Banks & Conventional.” Accessible through www.Zaharuddin. Net
Alfred Krammer et al. “IMF Staff Discussion Note: Islamic Finance: Opportunities, Challenges, and Policy Options.”
Ansari, Omar. “Audit issue of Islamic Banking.” Ford Rhods Sidat Hyder & Co. Member
of Ernst & Young Global Limited.
Bowyer, Lisa. August 2013. “Evaluating and Balancing Country Risk and Regulatory Risk.” CAMS.
Central Bank of Egypt Law 88 for the year 2003 and its amendments and Executive
Regulations.
Darnow, Tamara. “Defining and Auditing AML Board Oversight for Subsidiary Entities.”
Egyptian Financial Services Authority (EFSA) Corporate Governance regulations for
2004 &2007.
Egyptian Money Laundering and Terrorism Combating law 80 for the year 2002 and its
amendments and executive regulations and Id Verification regulations.
Hanif, Muhammad. February 2011. “Differences and Similarities in Islamic and Conventional Banking. International Journal of Business and Social Science. 2 (2), 166.
Investment & Finance, The Financial Encyclopedia: Everything about finance.
Marliana Abdullah, Shahida Shahimi and Abdul Ghafar Ismail. 2011. “Operational risk in Islamic Banks: examination of issues.” Qualitative Research in Financial Markets. 3 (2) pp.131 – 151.
Rammal, Hussain. “Audit and Governance in Islamic Banks: Selection and training of Shari’ah advisors.” International School of Business, University of South Australia.
Sam Hakim and Manochehr Rashidian. “How costly is investors’ compliance with
Sharia?” Sole, Juan. “Introducing Islamic Banks into Conventional Banking Systems.” IMF Working
Paper. Monetary and Capital Markets Department.
Taylor, John. May, 2004. “Understanding and Supporting Islamic Finance: Product differentiation and international standards.” Keynote address at the Forum on
El Dars, 25
Islamic Finance under Secretary of the Treasury for International Affairs. Harvard University.
Taylor, John. “Fed Supervisory & Regulation letter SR 08-08 on Compliance Risk
management and Oversight in Large Institutions.”
Warner, Kem. “The Challenges in Conducting an AML/CFT Audit in Offshore Jurisdictions.”