UAE: Central Bank Corporate Governance Regulations

29 January, 2020

In brief

New Corporate Governance Regulations for Banks

The Central Bank of the UAE (“CBUAE”) has released Corporate Governance Regulations together with the Corporate Governance standards (the “CB Regulations”), which were published in the official gazette on 15 August 2019 and came into effect one month afterwards on 15 September 2019 (the “Effective Date”). The CB Regulations outline mandatory requirements and guidance applicable to all CBUAE licensed banks in respect of their corporate governance framework and practices. 

Who does it apply to

All CBUAE licensed banks must ensure they comply with the CB Regulations, to include:

  • subsidiaries;
  • affiliates (an entity owned by another entity by more than 25% but less than 50% of its capital); and
  • international branches.

It is important to highlight that the CB Regulations will be applied on a solo and group wide basis. The size of the group and its framework is taken into account by the CBUAE when assessing compliance with the CB Regulations. 

In relation to banks which provide islamic financial services, there are specific requirements which must be met from a shari’ah law perspective.


The Board will ultimately be responsible for ensuring that comprehensive corporate governance policies and procedures are put in place. In respect to branches, it is not specified in the CB Regulations as to who is ultimately responsible. Although, it would be prudent to assume that senior management of the branch operations in the UAE and the board of the parent company are ultimately responsible.

What is expected of CBUAE licensed banks

Robust corporate governance policies and processes will need to be implemented on a mandatory basis. These cover areas such as strategy, organisational structure, internal controls, risk management, board and committee management and compensation.

All CBUAE licensed banks must be fully compliant within three (3) years from the Effective Date

In detail

Previous Guidance 

Previously, UAE banks would have complied with several important CBUAE notices and circulars which mainly dealt with the appointment of board members and senior management. The CBUAE have repealed the previous circulars and the CB Regulations replace these.

The CBUAE had published draft guidelines for CBUAE licensed banks to follow for best practice guidance, although there was no formal mandatory requirement to implement the guidance. Furthermore, CBUAE licensed banks which are joint-stock companies are subject to Corporate Governance Regulations issued by the Securities and Commodities Authority (“SCA Regulations”), these are  also a reference of best practice guidance for non-listed companies.

Content and Key Highlights of the CB Regulations 

The CB Regulations covers the following areas:

  1. Responsibilities of the Board
  2. Board Composition & Qualifications
  3. Board Structure and Committees
  4. Senior Management
  5. Transaction with Related Parties
  6. Group Structure
  7. Risk Management
  8. Internal Control, Compliance & Internal Audit
  9. Financial Reporting & External Audit
  10. Outsourcing
  11. Compensation
  12. Disclosure & Transparency 

A number of the key highlights of the corporate governance requirements set out in the CB Regulations are outlined below:

  • The board are ultimately responsible for ensuring effective control over the bank’s business and they must exercise a duty of care, confidentiality and loyalty.
  • The board must have the appropriate balance of skills, diversity and expertise. At least 20% of the candidates should be female.
  • Board members must all be non-executive with a third (⅓) being independent. 
  • The board must be comprised of at least seven (7) members and a maximum of eleven (11) members.
  • The board must not delegate all the powers of the board to the chairperson.
  • The board must meet at least 6 times a year.
  • A secretary must be appointed to record the minutes of both board and committee meetings.
  • Annual board evaluations must be undertaken, with an external evaluation undertaken by a third party at least every five (5) years.
  • The board structure must include committees with responsibilities for audit, risk, nomination and compensation. The audit and risk committee should not be merged with any other board committees.
  • The Chairperson of the audit and risk committees must be independent members of the board, distinct from the chair of the board and the chair of other committees
  • There is a strong focus on having a vigorous internal controls framework and ensuring that any issues are being flagged to the board, including monitoring of outsourced activities.
  • Compensation must be symmetric with risk outcomes and the compensation framework must provide for mechanisms to adjust variable compensation.
  • An assessment of compensation should be undertaken by an external third party at least every five (5) years. 
  • The board must have a robust delegation of authority which clearly defines decision making between the board and senior management.

Comparison with the SCA Regulations 

It is important to note that it is mandatory for all CBUAE licensed banks to comply with the CB Regulations, unlike the SCA Regulations which are enforceable on a ‘comply or explain’ basis for those entities it is applicable to (joint-stock companies in the UAE). Furthermore, it should be noted that should there be a conflict between what it is stated in the SCA Regulations with the CB Regulations, the CB Regulations shall take precedence. 

We have outlined below a few of the key differences between the SCA Regulations with the CB Regulations. 

  1. Board Gender Diversity - The CB Regulations mandate that as part of the nomination process to appoint a new board member, a policy must be put in place setting out that at least 20% of the candidates considered must be female. In comparison, the SCA Regulations do not mention the requirement of a policy. 
  2. Board Inductions - The CB Regulations mandate that all new board members receive an appropriate induction. The SCA Regulations set out that one of the duties of the board is to ensure that newly appointed members have the correct understanding of the company's activities, works and responsibilities.
  3. Board Composition - The CB Regulations mandate that all members of the board must be non-executive, the board should not comprise any executive members with management responsibilities. In comparison, the SCA Regulations only require at least a majority of the board to be non-executive. 
  4. Board Independence - The CB Regulations set out that the maximum tenure as an independent member of the board in the same bank is twelve (12) consecutive years. The SCA Regulations are silent on the maximum tenure to maintain independence.
  5. Board Meetings - A minimum number of six (6) board meetings a year is now mandated by the CB Regulations. Four (4) board meetings is the requirement in the SCA Regulations. 
  6. Board Effectiveness Reviews - The CB Regulations mandate that a review by an external third party should be undertaken at least once every five (5) years. The SCA Regulations note that it is the duty of the Nomination Committee to review the skills required for the board on annual basis and also to review the board structure when required, there is no set requirement for an external review.
  7. Compensation - The CB Regulations mandate certain caps on bonuses for senior management and staff, and that a review by an external third party is to be undertaken at least every five (5) years. The SCA Regulations set out the cap for board members, but does not refer to senior management / staff bonuses or an external review.

Impact and Sanctions for Non-Compliance

Whilst it is expected that a number of CBUAE licensed banks that are joint-stock companies (subject to the SCA Regulations) will have already implemented a number of the requirements in the CB Regulations, action will need to be undertaken to comply with the additional mandatory requirements (set out above). In addition, those requirements that were not previously complied with under the SCA Regulations (and non-compliance was only explained), which are now mandatory under the CB Regulations, will also need to be addressed. 

All other CBUAE licensed banks may be significantly impacted, depending on how far they previously implemented best practice corporate governance guidelines that were not previously mandatory to them.  

Branches are exempt from part of the CB Regulations, although the exemptions are limited (they are exempt from article 3 of the CB Regulations which sets out board composition and qualifications, but they must still establish local governance structures that meet the requirements of Article 2 - Responsibilities of the Board and Article 4 - Board Structure & Committees). Therefore, branches will also need to assess and identify how to implement the new mandatory requirements, in order to ensure compliance. Therefore, the CB Regulations may be particularly onerous for foreign branches with small operations in the UAE. 

The board of directors (in the case of a branch, senior management / parent company board) is ultimately responsible for ensuring that there is sufficient corporate governance within the bank and compliance with the CB Regulations. However, there are certain mandatory appointments and delegations of authority that will provide an appropriate structure to support the board (e.g. the mandatory appointment of a Chief Risk Officer and establishment of committees).

Failure to comply with the CB Regulations will subject banks to supervisory action and sanctions as may be deemed appropriate by the CBUAE. This may include withdrawing, replacing or restricting the powers of senior management or members of the board, providing for the interim management of the bank, or barring individuals from the UAE banking sector.  

Actions to be taken

All CBUAE licensed banks must ensure that all the necessary policies and processes are put in place to comply with the CB Regulations. 

An annual corporate governance report must be published within the annual report, however, more frequent disclosures are encouraged. The report must include information about compensation and make the necessary disclosures set out in the CB Regulations. It should also include details of related party transactions and a statement signed by the chairperson of the board confirming that the necessary internal policies are in place and that all have been reviewed by the board within the last year.

All CBUAE licensed banks must be compliant within three (3) years from the Effective Date.

How can PwC help you?

PwC has a dedicated team that can help you with the following: 

  • Review your current governance framework and identify gaps to ensure compliance with the CB Regulations.
  • Advise on the actions required and assist with the implementation.
  • Review and assess board compositions and current nomination processes.
  • Undertake board effectiveness reviews. 
  • Draft documentation supporting the corporate governance framework.
  • Provide board member training and an effective induction programme. 
  • Undertake an assessment of compensation. 
  • Assist with drafting the required corporate governance report to be included within the annual report.
  • Provide company secretarial services.

The takeaway

All CBUAE licensed banks should assess and review their corporate governance framework and practices, including internal controls and policies, in order to ensure they are in line with the CB Regulations. The CB Regulations focus on the mechanisms and controls required for best corporate governance by highlighting key aspects which all banks in the UAE must adhere to. Whilst there are some similarities between CB Regulations and the SCA Regulations, there are new requirements which have been introduced, therefore having an impact on CBUAE licensed banks that are joint-stock companies. In relation to private banks and branches, the CB Regulations may impose significant changes, as previously there was only a draft guidance on corporate governance released by CBUAE. The CBUAE will be monitoring whether banks are compliant as an annual corporate governance report must now be published within the annual report. All CBUAE licensed banks must be compliant within three (3) years of the Effective Date. Failure to comply with the CB Regulations may lead to sanctions / penalties being imposed on the respective bank.

Follow us