Governance Charter Rules and Best Practices

Charter of Corporate Governance

Palestine Islamic Bank is committed to the regulations and rules of governance in force in Palestine. Many codes of governance have been approved, including the Code of Corporate Governance in Palestine issued by the National Governance Committee in 2009.The Bank is also committed to the handbook for bank governance in Palestine issued by the Palestine Monetary Authority, the latest of which was issued at the end of 2017. With the aim of strengthening the governance system, the Bank has prepared a charter of corporate governance in line with the guidance from the Palestine Monetary Authority. Among the most important principles mentioned in the charter, are the principles related to the tasks of the Board of Directors, the composition and qualifications of board members, practices of the Board, conflicts of interests, and committees of the Board with regard to the following:

• The Board performs all tasks assigned to it, covering all fields and takes into account the interests of the relevant stakeholders.
• The Board of Directors of the Palestine Islamic Bank is composed of eleven members, including three independent members and one member representing the small shareholders. The Board's composition meets the requirements related to the composition and qualifications of the Board as mentioned in the governance regulations issued by the Palestine Monetary Authority.
• Most members of the Board have the necessary experience and knowledge to manage the Bank. Most members hold higher degrees in economics, accounting and banking sciences, in addition to other certificates that enrich the work of the Board of Directors.
• A number of specialized committees emerge from the Board of Directors, such as the Review and Audit Committee, the Risk Management Committee, the Governance Committee, the Nomination and Rewards Committee, the Investment Committee, the Financing Committee and the Social Responsibility Committee.
• Each committee has a working charter that specifies the composition of the committee and the conditions of membership, meetings, tasks and responsibilities.
• The Board shall hold at least six meetings a year and the chairman of the Board of Directors or the Secretary, in coordination with the executive management, shall propose the topics covered in the agenda of each meeting.
• Members of the Board of Directors are provided with adequate information no less than four days before the meetings of the Board of Directors to enable them to study and collect information on the agenda so they can take appropriate decisions.
• The responsibilities of the members of the Board of Directors are specific, clear, and reasonable within the relevant legislation. Each member of the Board is provided with a letter explaining his rights, responsibilities and duties, upon his election.
• All banking operations that require Board approval are identified.
• Board members should keep abreast of developments within the Bank and the domestic and international banking sectors.
• The members of the Board of Directors have the right to have direct contact with the general manger. The Board committees also have the right to directly communicate with the department manager whose work is relevant to the area of responsibility of the Committee.

Board Committees

The Bank’s Board of Directors has several specialized committees with the aim of enhancing its supervisory effectiveness over the Bank’s activities and overseeing its work. The Board has formed several committees in compliance with governance rules, namely: the Risk Management Committee, the Review and Audit Committee, the Nomination and Rewards committee, the Governance Committee, the Finance Committee, the Investment Committee, and the Social Responsibility Committee. These committees are formed from the members of the Board of Directors.

Internal Control & Oversight Board

The internal control and supervising system is based on:

Creating a professional environment that:

• Establishes rules of integrity and ethical values committed to by the Bank’s employees.
• Provides specialized professional competencies and supplies trained cadres to complete the Bank's work.
• Ensures the effectiveness of the role of the Board supervising committees and their affiliated departments.
• Directs the executive management to follow the methods compatible with the policies of the Board of Directors.
• Adopts an organizational and administrative structure that reflects the scale of operations and tasks of the executive management.
• Sets functional and automated tasks to delegate and separate powers.
• Lays the foundations for recruitment, evaluation and guidance of employees with high credibility and transparency.

 Risk assessment

The Bank depends on the role played by the risk management department in assisting the Board of Directors, executive management, and the various departments and branches of the Bank in identifying and assessing the risks faced by Bank and preparing plans and procedures in order to reduce and mitigate the impact of these risks to the acceptable minimum.

 Internal control procedures

The approved work procedures include carrying out tasks in a way that provides effective and efficient control, so that proper segregation of duties and authorities exists between employees and departments, multi-party controls are implemented and conducting reviews and settlements to avoid errors or to correct them in a timely manner.

Communication and information

Business procedures provide all concerned parties within the Bank with the information necessary to complete their tasks through the institutional communication channels in a timely manner.

 Monitoring and follow-up

The business procedures and the internal control and oversight system include approved mechanisms for reviewing procedures and decisions through administrative reports and independent checks by the Bank's supervisory departments.

Internal Audit

The Institute of Internal Auditors defines internal audit as “an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.”

Message by the Internal Audit Department

The internal audit assists the Board of Directors in performing its duties and responsibilities effectively. It provides reasonable and independent assurance to the Board represented by the Audit Committee that the policies, procedures, corporate governance and business risks are subject to appropriate controls. It submits reports that include the required information and relevant analyzes and recommendations.

The Internal Audit Department seeks to achieve its mission by focusing audit efforts on the risks faced by PIB and providing timely management information on the efficiency and effectiveness of the bank's internal control system and the quality of operational and financial performance.

Independence and objectivity of the internal audit

PIB’s Internal Audit Department technically reports to the Audit Committee established by the Board of Directors. This helps in maintaining independence and objectivity and avoiding any inappropriate interference with the work of the internal auditor which would affect their ability to carry out their responsibilities, including determining the scope and audit procedures and the content of audit reports. The audit should not be subjected to any conditions or circumstances which could threaten the ability of the Internal Audit Department to carry out its responsibilities without bias.

Objectives of the Internal Audit Department

• Evaluate the efficiency and effectiveness of internal control and regulation systems in PIB’s various departments, branches and divisions.
• Assess the efficiency of risk management procedures.
• Contribute to the protection of the bank's assets.
• Evaluate policies and procedures related to fraud prevention and detection.
• Determine the extent of reliance on accounting systems and financial reports, including information systems and electronic banking services.
• Review all approved systems to ensure their compliance with regulatory requirements and work ethics.
• Assist the directors of various departments, branches and units and the executive management in carrying out their internal control responsibilities.
• Verify compliance with PIB’s policies and procedures, PMA instructions, and the applicable laws and regulations.
• Cooperate and coordinate with the external auditor and PMA inspectors.
• Review proposed systems, processes or contracts, and make recommendations thereon before their implementation and signature.

Obligations and mandate of the Internal Audit Department

• Preparing and implementing the annual risk-based audit plan following its approval by the Audit and Review Committee.
• Developing annual internal audit plans based on the outcomes of the risk assessment, supervising their implementation, submitting supervisory reports to the Audit and Review Committee, and following up on the recommendations contained therein.
• Evaluating the adequacy of the work systems, methods and procedures approved and their suitability and consistency with the objectives and nature of the bank's activity and its internal organization and proposing the necessary amendments.
• Evaluating the effectiveness and efficiency of the internal supervision systems and controls, including the IT systems security controls.
• Ensuring that the operations performed are consistent with the instructions and procedures regulating the bank’s activities, and that the employees comply with the policies, procedures, and instructions.
• Auditing the financial position and final accounts of the bank, and verifying their validity and compliance with regulations, laws, and instructions.
• Checking that the inventory in branches, the administration and other offices is accurate.
• Coordinating with the external auditor when carrying out their duties and following up on the implementation of their recommendations.
• Evaluating the overall performance of the bank and its branches and the implementation of the plans and programs approved by the bank, assessing their effectiveness and efficiency, and submitting the proposals and recommendations necessary to improve performance.
• Having unconditional, unlimited, direct and rapid access to all the bank's records and documents, communication with officials or employees, and unrestricted movement in all departments, sections and branches.
• Submitting a detailed report and summary of the results of all audit visits, investigations, recommendations and follow-up procedures to the Audit and Review Committee established by the Board of Directors.
• Taking measures to ensure the implementation of all the obligations of the Internal Audit Department in line with international internal auditing standards, best practices, regulatory requirements, and work policies and procedures; and improving the efficiency and effectiveness of internal audits.
• Developing the skills of the Internal Audit Department staff by enrolling them in local or external training courses.
• Providing advice and guidance to the executive management on any gaps or weaknesses in the internal control systems and the risks that the bank faces in its various activities.
• Reviewing the minutes of the Board of Directors' meetings, verifying that decisions and instructions are taken by the executive management, and submitting relevant reports to the Audit Committee.

Risk Management Policy

The Board of Directors is committed to providing risk management governance, reviewing the general levels of risk acceptance and diversification and providing the necessary mitigations against them. This is in addition to ensuring that senior management maintains a sophisticated and effective internal risk management and control system.

The main features of the risk management policy are as follow:

• The Bank's approved strategy reflects the commitment of the Board of Directors to reduce risks by directing the executive management to integrate the principles of risk management into the operations carried out by the Bank.
• The Board and the Risk Management Committee adopt policies, regulations and comprehensive and effective action programs and procedures to manage risks and provide guidance and insights for managing risks faced by the Bank.
• The Board and the Risk Management Committee continuously review and approve the scenarios that are used in risk analysis and review the assumptions and measurement mechanisms.
• The Board makes sure that the culture of identifying risk is strengthened within the Bank and that all Bank cadres at the executive and control levels participate in identifying, measuring, collecting and managing risks in a systematic, organized and transparent manner. It also ensures that risk management requirements are an essential part of the operations and procedures carried out by Bank, while providing services and products and signing agreements.
• In order to achieve integration between the operating supervisory bodies, the Bank adopts the risk-based auditing methodology within the framework of implementing the Bank's risk management.
• For the purposes of analyzing, measuring, controlling and managing risks, the Bank applies the decisions of the Basel Committee and any subsequent amendments, as well as applying the instructions of the Palestine Monetary Authority, issued in particular for Islamic banks, including:

1. Commitment to apply the regulatory authorities' instructions related to the capital adequacy standard within the framework of (Basel II and Basel III) and any subsequent amendments thereto and maintain a sufficiently adequate capital adequacy ratio to cover credit, market and operational risks, and other risks related to the Bank’s business environment within the second pillar of the Basel recommendations.
2. Implementing financial stress tests using the scenarios specified in the instructions of the Palestine Monetary Authority and any of the Bank's scenarios to determine the impact of these scenarios on the capital adequacy ratio and develop and follow up on the implementation of recommendations based on the results.
3. Implementing the internal capital adequacy assessment process and ensuring that the Bank maintains sufficient capital to face other risks inherent in the banking business.

• Based on the instructions of governance and regulatory authorities and the best practices in this field, and out of awareness of the great importance of the nature of the tasks and responsibilities relating to risk management, the Bank’s Board of Directors, through its risk committee, oversees the accomplishments and objectives of the Risk Management Department, and gives it the necessary attention and support to succeed in implementing its tasks according to its vision for this area.
• In order to enhance its presence and role in all the services and operational processes provided by the Bank, the Board of Directors is committed to the independence of the Risk Management Department from other business units by linking it directly to the Risk Committee of the Board of Directors and ensuring this is reflected in the organizational structure of the Bank.
• Taking into account the nature of the banking sector in Palestine, the Palestine Islamic Bank adheres to the principles and policies adopted globally in relation to risk management. It continuously strives to maintain a strong risk management environment with the aim of achieving a balance between the risks it incurs and the return it seeks to achieve at the portfolio level as a whole and in its operations and business units.
• The Bank's risk management procedures cover all activities and operations to ensure the availability of adequate controls to reduce risks inherent in the banking business to a minimum and to within the proportions and limitations set by the Board of Directors. The department, continuously and through constant communication with departments, works to maintain, update, and adjust the risk matrix in a way that enhances control procedures and reflects regulatory needs and developments, and any related new instructions or standards.
• The general framework of risk management processes includes a comprehensive set of quantitative and qualitative measurement tools based on best practices and internationally approved measurement methodologies in line with the recommendations issued by the relevant global bodies. It also covers a wide range of fields and activities with the aim of preparing accurate calculations of the risks that fall within the first pillar of the recommendations of the Basel Committee, including an internal capital adequacy assessment process and financial stress tests, as well as other risks that affect the working environment set out in the second pillar of the same recommendations, and in accordance with the requirements of the regulatory authorities.
• The risk management processes are subject to continuous development and increased efficiency in order to support and manage the Bank’s operations. The tasks and responsibilities of the Risk Management Department include identifying, analyzing, measuring and controlling risks which fall within the following classifications:

1. Credit risk
2. Market risk
3. Operating risks
4. Liquidity risk
5. Business Continuity Risks
6. Information Security risks
7. Any other risks which affect the Bank's reputation and assets

• due to the Coronavirus pandemic and the resulting effects on all economic sectors, the Bank was able to execute a number of procedures which aimed foremost to maintain sufficient liquidity ratios for its operational processes, support its clients and assist them in overcoming the hardships that resulted due to the pandemic, support other economic sectors, and develop its procedures for dealing with the requirements of this phase, especially those concerning the lives of its employees and clients.

In general, PIB’s management continuously seeks to improve quantitative and qualitative indicators and increase the bank’s financial strength and liquidity ratios, in order to grow and expand, while preserving its reputation and gains in terms of market share, increasing the confidence of its customers, protecting its assets, and preserving the rights of depositors within acceptable levels of risk.

The bank continues to increase its market share in most areas, including in credit, while at the same time it managed to significantly increase its capital adequacy ratio. According to financial data, PIB maintained a low default rate within the target set out in its annual budget despite the prevailing conditions. This practically reflects the bank’s success in supporting its customers, the quality of its credit portfolio, and the efficiency of its risk management processes and credit decision-making methods.

Compliance Policy

The Compliance Department is known to be an independent department responsible for identifying, assessing, providing advice and guidance, monitoring and reporting on the risks of non-compliance in the Bank. This includes risks arising from non-compliance with laws, regulations and instructions, the resulting financial losses or reputation risks that the Bank may suffer as a result of its failure to comply with laws, regulations, codes of conduct, and standards of good practice, including the following:

• Laws and legislations that govern and regulate the banking sector in Palestine.
• Instructions, decisions and notes issued by the Palestine Monetary Authority.
• Good banking practices in accordance with the requirements of "know your customer"
• Good business rules, good governance and banking ethics.

To achieve this in a professional environment, the Compliance Department was established by the Bank’s Board of Directors, to implement its responsibilities by reviewing documents, files and records, in order to perform its functions in a neutral manner and provide advice and guidance to all the Bank’s departments to enhance the culture of compliance in the Bank as a whole. The Compliance Department is responsible for receiving and following up on customer complaints and coordinating with all parties to find solutions.

Compliance with FATCA requirements

The Palestine Islamic Bank seeks to comply with the requirements of relevant local and international laws, including the FATCA law. The Bank is a financial institution involved in the application of the law, and the Compliance Department implements the requirements of tax cooperation laws, including the Foreign Account Tax Compliance Act. The Bank started to implement the law gradually as per the timeline required by the US Treasury. The law aims primarily to prevent tax evasion by taxpayers in the United States, whether individuals or companies, through the use of their accounts with foreign financial institutions or foreign investments. The Bank was listed with the American Tax Authority in 2014 as a participating financial institution. To achieve this, an approved policy and work procedures were prepared to comply with the application of the law by updating customer data and amending the accounts opening forms. The Bank purchased electronic systems to help implement the requirements of the law.

Anti-Money Laundering/Combating the Financing of Terrorism

There has been an increase in the challenges arising from regional and international ML/TF risks, to which the bank may be exposed. This may lead to sanctions or fines and damage the bank's reputation. To preserve the interests of shareholders, customers and stakeholders, and in compliance with local and international legal requirements, PIB has taken all the necessary procedures and measures to address or mitigate such risks.

PIB has updated its ML/TF self risk assessment through a comprehensive process that is in line with the generally recognized standards, namely: customers, services and products, geographical area, and delivery channels, while taking into consideration the updates on the National ML/TF Risk Assessment.

In this context, PIB is committed to adopting a policy and procedures that control inherent risks in each of the four categories. These procedures include the necessary requirements to enhance the Know Your Customer (KYC) base, the politically exposed persons (PEPs) policy, the policy for onboarding customers, and the policy for dealing with and identifying correspondent banks.

PIB also adheres to the standards and recommendations of the International Financial Action Task Force (FATF) and the AML/CFT Law in force in Palestine. It classifies customers according to the risk they represent. Moreover, the approval of senior management is mandatory to deal with high risks customers whose accounts are subject to continuous monitoring and whose data is continuously updated.

Customer due diligence

Many risks emanate from the lack of clear standards and measures to verify the identity of customers. This may cause significant material and non-material losses to the bank, including reputational, legal, and operational risks.

Accordingly, the AML/CFT policy includes important provisions to identify and verify customers. It is compatible with the FATF recommendations and the applicable relevant local laws and instructions. This matter was given special importance because it can help in deciding whether to end or continue a business relationship with a client who may expose the Bank to risks because of exploiting its services for ML/TF purposes.

PIB has also adopted a procedural manual for identifying and verifying customers. It aims, at a minimum, to achieve the following:

1. Reaffirming adherence to local AML/CFT laws, instructions, and international standards and recommendations.
2. Emphasizing the importance of knowing the customer before and after they establish a relationship with the bank, so that all information and documents are obtained to identify them, the nature of their activity, the source and size of their income, and any other information that improves the information available at the bank about them.
3. Refraining from dealing with unknown persons or persons with fictitious or fake names, including shell banks, and identifying customers (natural or legal persons) and the beneficial owner.
4. Refraining from dealing with and/or ending all business with any customer who refuses to provide the bank with the required data and information.
5. Stressing the importance of continuously updating the bank's customer data.
6. Implementing procedures for identifying politically exposed persons (PEPs) and correspondent banks.

Privacy Policy

The noble Sharia is an approach followed by the Bank in all its dealings, in line with Islamic religious values which stipulate the importance of maintaining privacy, trust and seeking standards and tools that guarantee protection and privacy for clients of the Bank, whether they are individuals or bodies. Allah the Almighty says: “Surely, we offered the trust to the heavens and the earth and the mountains, but they refused to be unfaithful to it and feared from it, and man has turned unfaithful to it; surely he is unjust, ignorant," Surah Al-Ahzab: Verse 72

Maintaining customer privacy and protecting their personal information is a top priority for the Bank and one of its pillars. The Bank puts a special focus on client privacy and considers all information received by its employees and that which results from dealing with customers, private and confidential. Allah the Almighty says: "O you who believe! Do not be dishonest to Allah and His Messenger, nor betray your trusts knowingly." Surah Al-Anfal: Verse 27. In line with this, Bank employees work hard to protect the privacy of customers and provide them with the highest standards of protection for their personal information, supported by the Code of Professional Conduct of the Board of Directors and all employees.

The Palestine Islamic Bank applies a strict policy and follows strict procedures to keep customer information private and confidential. It ensures the confidentiality of personal information obtained through the dealings of customers and clients with the Bank, keeps such information in a safe and secure way and guarantees its protection from loss and unauthorized access, misuse by any person, amendment of personal information, or disclosure thereof to a third party in a way not permitted by law in line with Article (32) of Banking Law No. (9) Of 2010.

Procedures followed by the Palestine Islamic Bank to maintain the confidentiality of customers’ personal information include:

• Modern and advanced electronic and technological protection systems that are used to prevent electronic piracy preventing access to those who are not authorized to use the systems of the Bank.
• Regular developing and updating of financial and administrative control systems and protection controls which adhere to international banking standards.
• The employees of the Palestine Islamic Bank are qualified, trained and committed to Islamic banking and are governed by the principles of noble Islamic Sharia regarding trust. It was narrated that the Messenger, may God bless him and grant him peace, said: “Verily, friends are holders of the Exalted God's trusts and thus, they are not allowed to reveal each other's secrets."
• It is not permissible to disclose information provided by customers or collected from them to any agency, organization or external party before obtaining the customer's prior written consent or as the law or decision issued by a Palestinian court requires.
• Only authorized employees who have powers are permitted to access the customer's personal information, and strict administrative and legal disciplinary procedures shall apply to any employee who violates the Bank's privacy policy.

Quality Policy

Through its quality policy, PIB is committed to achieving excellence in providing banking services and products, contributing to development, serving the community, adhering to the principles and values of Islamic Shari’a, respecting the laws and instructions of the Palestinian Monetary Authority, and implementing international standards of quality. To achieve this, the Bank undertakes the following:

• Making customer satisfaction an objective and the main focus of its strategic plan.
• The bank's leadership is committed to meeting all the requirements of the quality management system, in line with international standards requirements, and is continuously working on improving it.
• Working with a clear vision and professionalism to ensure transparency and honesty.
• Committing to professionalism and high quality through training, developing and promoting the efficiency of staff and improving the work environment
• Planning and providing services and products through a clear and defined methodology for administrative processes and activities.
• Planning, reviewing and continuously improving administrative operations and work procedures through a clear methodology.
• Development, excellence and continuous improvement in all operations, to meet and exceed the expectations of customers and relevant parties.
• Continuous development of the technologies used, to ensure the quality and security of information and business continuity.
• Adopting digital transformation strategies to provide high-quality and secure digital services to customers.
• Issuing all institutional decisions based on a sufficient amount of documented information and accumulated experience.
• Building strategic partnerships to improve the quality of services and achieve sustainable development.
• Contribute to sustainable development through basic administrative operations, mainly by financing operations and financial inclusion.