ISLAMIC FINANCE REVIEW | WWW.ISFIRE.NET
TALKING POINTS
Islamic financial institutions’ (IFIs) core attributes are not limited to merely ensuring that actions of the management are kept in line with the interests of shareholders and other stakeholders, but also to fulfil religious values and Shari’a requirements based on the Quran and sunna. Shari’a Supervisory Boards (SSBs) play critical role to ensure that all business activities are in line with the Shari’a principles. This is in addition to the shareholders who play their statutory role as active participants in the process of decision-making and control. The other stakeholders including the community should also take part in providing feedback to protect business and social interests and to stimulate social wellbeing. All of these processes are integral parts of evolving Islamic corporate governance regime that aims at harmonising private and social goals of business organisations while upholding the principle of distributive justice (Choudury and Hoque, 2004). This article explains the relevance of Three Lines of Defence approach in the context of IFIs. Looking at the broader perspective and objective of corporate governance in IFIs, the conventional governance standards can therefore be paired with Shari’a requirements to create a suitable corporate governance structure. Shari’a compliance assurance adds another dimension to corporate governance in IFIs. Therefore, to add Shari’a compliance assurance as an essential requirement of corporate governance in IFIs, the role and function of SSB must be assigned adequate importance. THREE LINES OF DEFENCE IN ISLAMIC FINANCIAL INSTITUTIONS In January 2013, the Institute of Internal Auditor (IIA) proposed a position paper on the Three Lines of Defence model, which provides a simple and effective way to help organizations delegate and coordinate essential control system, risk management, and independent assurance duties with a systematic approach. This will enhance communications on risk management, control, and audit as an independent assurance process by clarifying essential roles and duties. It provides a comprehensive consideration at operations, helping to assure the on-going success of control and risk management initiatives supported by audit function, which is appropriate for any organization regardless of size or complexity. Even in organizations where a formal risk management framework or system does not exist, the Three Lines of Defence model can enhance clarity regarding risks and controls and help improve the effectiveness of risk management systems (IIA, 2013). Committee of Sponsoring Organisations
(COSO) has developed a model of internal control. It emphasises on the need for good corporate governance in organisations, and recommends that effective control systems should contain the elements of control environment, which includes the company’s strategy for dealing with risk, culture, code of conduct, human resource policies and performance reward systems. This should eventually support the business objectives. It also needs to perform an assessment of risk and provide control to achieve company’s objectives. The control activities should reflect the practice of segregation of duties, authorisation, and reconciliations. Moreover, communication and information are deemed important to ensure that all levels of management in the organisation are aware of any progress against objectives in a timely manner, in the form of relevant and reliable reports. After all, monitoring and corrective action processes should be embedded in the organisational systems to ensure effective application of policies and other control mechanisms (Norton & Hughes, 2009). Based on the IIA paper on the Three Lines of Defence, and COSO framework of internal control, it is obvious that
control, risk management assessment and monitoring are now seen as fundamental to an effective control system. The integrated three important aspects will increase the effectiveness of achieving objectives by ensuring that the significant risks are addressed, costs are reduced by ensuring that necessary control is in place, and continually monitored through audit as an independent assurance function. In the case of IFIs, the Three Lines of Defence would be much more complex than in any other organization. Islamic principles or Shari’a and ethical culture attached to the concept of Islamic banking and finance provide an underlying principle to shape the system of defence of IFIs. It also needs to be integrated to their operational and control system in order to achieve the business, ethical, and social objectives, which govern their operations. Therefore, ideally corporate governance in IFIs, in general, and in Islamic banks, in particular, has a unique internalized stakeholders’ value combined with Shari’a compliance principles (Grais and Pellegrini, 2006). It should provide participation for all stakeholders, including investment account holders (IAHs), with a strong fiduciary duty to other stakeholders and SSB, to achieve
35