Shariah Review Function

Introduction

Shariah review refers to a function that conducts regular assessment on the compliance of the operations, business, affairs and activities of the IFI with Shariah requirements.

Monitoring and testing function - Identification, assessment and monitoring of Shariah compliance risk

The Shariah review function is responsible for identifying, assessing, and monitoring the compliance of the Islamic financial institution's (IFI) business operations and activities with Shariah requirements.

The Shariah review function must also identify and assess the Shariah compliance risk associated with the IFI's activities. This requires having adequate knowledge and exposure to key business processes of the IFI and staying updated on any material changes in its business operations.

To effectively assess and systematically monitor the level of Shariah compliance risk, the Shariah review function must utilize a range of indicators. These indicators can be qualitative or quantitative and may include factors such as the volume of Islamic product transactions, past incidents of Shariah non-compliance, issues raised by other control functions like Shariah risk management or Shariah audit, and assessments by regulatory authorities.

In essence, the Shariah review function must conduct a Shariah compliance risk assessment to determine the level of risk faced by the IFI. The manner in which the function carries out its responsibilities should align with its assessment of the level and impact of Shariah compliance risk. Therefore, the Shariah review function should prioritize areas where Shariah compliance risk is deemed high while ensuring appropriate coverage of all identified Shariah compliance risks.

The Shariah review function must perform suitable tests to evaluate the adequacy of internal controls implemented to manage Shariah compliance risk. Any identified deficiencies must be promptly addressed, and plans should be developed to rectify them.

When conducting sampling-based testing of internal controls, the Shariah review function should ensure that the testing is proportionate to the level of Shariah compliance risk identified in the respective business processes. Additionally, the sample selected should be representative of the various types of internal controls implemented at different stages of the IFI's business processes.

Reporting function – Reporting of Shariah non-compliance issues and findings

The Shariah review function is responsible for regularly reporting to the board, Shariah committee, and senior management on Shariah non-compliance issues and findings.

The Shariah review function must provide regular reports to the board, Shariah committee, and senior management, which should include, at a minimum:

(a) Results of the Shariah compliance risk assessment conducted during the reporting period, highlighting significant changes in the IFI's Shariah compliance risk profile and areas requiring increased attention from senior management.

(b) A summary of incidents of Shariah non-compliance and deficiencies in Shariah compliance risk management across different parts of the IFI.

(c) An assessment of the financial and non-financial impact of such incidents on the IFI, including any fines, administrative actions, or disciplinary measures imposed by regulatory authorities against IFI officers.

(d) Recommendations for corrective measures to address incidents of Shariah non-compliance and deficiencies in Shariah compliance risk management, including disciplinary actions if necessary.

(e) Documentation of corrective measures already implemented and an evaluation of their adequacy and effectiveness.

(f) Insights and observations regarding the Shariah compliance culture within the organization or specific areas that may give rise to compliance concerns.

The Shariah review function must ensure that these reports are readily available to the internal audit function of the IFI, BNM and other regulatory authorities upon request.

Advisory function

The Shariah review function is responsible for regularly informing and updating the board, Shariah committee, and senior management on the latest developments in legal and regulatory requirements within the field of Islamic finance, especially regarding the issuance of SAC rulings. This includes providing timely information on any changes that may impact legal and regulatory requirements and conducting an assessment of their implications on the IFI's Shariah compliance risk profile and its ability to effectively manage Shariah compliance risk in the future.

For example, if regulatory requirements are issued by BNM, such as Guidelines on Product Transparency and Disclosures or new SAC rulings, the Shariah review function must promptly inform the board, Shariah committee, and senior management about the assessment of these developments and their implications on the IFI's Shariah compliance risk profile and its capacity to manage Shariah compliance risk going forward.

Guidance and training function

The Shariah review function plays a crucial role in ensuring that officers of an Islamic financial institution (IFI) receive sufficient training and guidance on the relevant Shariah requirements that govern the institution's operations, business, affairs, and activities. It is the responsibility of the Shariah review function to ensure that officers of the IFI are adequately trained on the Shariah requirements that apply to the institution's activities. This training should be provided in a timely manner and should clearly explain how these requirements are applicable to the specific context of the IFI's operations. Additionally, the Shariah review function should be capable of offering guidance to the officers of the IFI regarding the implementation of internal controls to effectively manage the risk of non-compliance with Shariah principles.

Senior officer responsible for Shariah review function and competency requirement

The chief compliance officer, who is the senior officer primarily accountable and responsible for compliance, shall also assume the responsibility of conducting the Shariah review as part of the overall compliance duties within an Islamic financial institution (IFI).

It is crucial for the IFI to ensure that the officers performing the Shariah review function are qualified to undertake compliance responsibilities and possess a strong understanding of the relevant Shariah requirements that apply to Islamic financial business. Essentially, the Shariah review function is carried out by compliance officers who possess the necessary expertise to fulfill compliance duties. Officers who are qualified to assume compliance responsibilities may include individuals with a Shariah qualification, such as a bachelor's degree in Shariah.

Shariah review reporting to board audit committee

The SG policy does not explicitly state which board the Shariah review reports to. It mentions the board, which is commonly understood to refer to the full board. However, from a corporate governance policy, it is a requirement that the Shariah review function reports to the board's audit committee. According to item 7(b) of the CG policy, the audit committee is responsible for ensuring that senior management addresses control weaknesses, non-compliance with laws, regulatory requirements, policies, and other identified problems identified by the internal audit and other control functions. One of these control functions includes the Shariah review. Therefore, it is a requirement for the Shariah review function to report to the board's audit committee, which in turn reports to the full board.