Introduction:

Governance is one of the most important systems for managing companies as it establishes principles of sound management, defines tasks and responsibilities for the board of directors, senior executive management, and employees of the bank, ensures fairness and equality among stakeholders, productive oversight and risk management, transparency and disclosure, organizes stakeholder rights, and promotes community development and advancement; all of which lead to improving the overall performance of the bank.

Therefore, institutional governance is a system through which the board of directors directs the bank and monitors its activities. Practicing good governance is important in creating and maintaining shareholder value and ensuring that organizational behavior is ethical, legal, and transparent.

The Commercial Islamic Bank Governance Guide was established based on the following:

1.  Institutional governance standards for best international practices set by bodies such as the Basel Committee on Banking Supervision.
2. Governance principles outlined in the institutional governance guide for banks issued by the Central Bank of Iraq on 7/11/2017 and amended in 2018.
3. Applicable regulations, instructions, laws, and controls.
4. Accounting and Auditing Organization for Islamic Financial Institutions (AAOIFI).

Article (1): Statement of Institutional Governance

The board of directors of the Commercial Islamic Bank is committed to implementing best practices of institutional governance standards in managing its affairs and the bank, in accordance with the provisions and principles of Islamic Sharia and in compliance with all legal and regulatory instructions issued by the Central Bank of Iraq.
The bank strives to manage its business according to appropriate governance principles that provide a foundation for high-quality, strong, and sound financial performance as well as sustainable growth.
The Commercial Islamic Bank ensures the implementation of comprehensive practices and procedures for information disclosure and the ability of all shareholders to equally access disclosed information immediately. To achieve this, the Commercial Islamic Bank adopts a special policy for information disclosure and transparency that reflects all disclosure requirements (financial, non-financial, and regulatory disclosures).

Article (2): Adoption and Periodic Review of the Guide

Based on Article (2) of the institutional governance guide issued by the Central Bank of Iraq and amended in 2018, this guide was prepared by the Institutional Governance Committee and adopted by the board of directors to comply with the minimum requirements of the Central Bank of Iraq. The Governance Committee supervises the annual review of the guide and immediate review upon the issuance of any new regulatory instructions that require updates.

This guide will be published on the official website of the bank.

Article (3): Organizational Structure

The organizational structure of the bank must be formed according to institutional governance requirements by establishing committees derived from the board of directors (Institutional Governance Committee, Audit Committee, Risk Management Committee, IT Governance Committee) and executive management committees of the bank (Investment Committee, Credit Committee, IT and Communications Steering Committee) linked to the authorized manager of the bank and the Sharia Supervisory Board.

Article (4): Board of Directors

The board of directors is one of the main pillars in the decision-making process within the Commercial Islamic Bank institution, responsible for overseeing the bank and ensuring the implementation and success of its strategy to provide consistent and continuous returns to its shareholders, employees, and the community as a whole.

Article (5): Board Composition

The bank's board of directors consists of nine original members and nine reserve members, as stipulated in the bank's founding contract. The board has the right to periodically review the size of the board and determine the necessary number of members, provided that it does not conflict with company law and institutional governance instructions, ensuring that the number of members at any time does not fall below seven original members and seven reserve members with qualifications, university degrees, and banking experience. They are elected in the general assembly meeting according to the cumulative voting mechanism.

Board members are appointed for a term not exceeding four years after obtaining approval from the Central Bank of Iraq. Members may be re-elected for a second term at most, and the board elects a chairman and vice-chairman from among its members.

Independent members in the board of directors of the Commercial Islamic Bank constitute more than one-third of the board composition, in compliance with the requirements for board committees and institutional governance.

Article (6): Suitability of Board Members

In compliance with the legal requirements stipulated in the Banking Law No. (94) of 2004 and the Companies Law No. (21) of 1997 and its amendments, the board has considered the necessary conditions according to laws and governance requirements as follows:

1. Members of the board of directors of the Commercial Islamic Bank possess qualifications, university degrees, and banking experience.
2. All board members of the bank are committed to not holding memberships in other boards of directors of similar institutions.

Article (7): Conditions for Board Member Independence

1. Not to be a partner or employee of the bank's external auditor during the three years preceding the date of his election as a board member, and not to have a kinship relationship with the partner responsible for the audit process.
2. Not to be a lawyer or legal advisor to the bank or an auditor of the bank's accounts.
3. Not to have obtained, or any company he is a member of its board, or owns, or is a major shareholder in, credit from the bank exceeding (5%) of the bank's capital, and not to be a guarantor for credit from the bank exceeding the same percentage.
4. Not to be a member of more than five public or private companies' boards of directors, either personally in some and as a representative of a legal entity in others.
5. Not to be an administrator or employee of another bank or an authorized manager of another bank.
6. Not to be an employee of the bank or any related parties during the previous three years.
7. Not to have any kinship relationship with any of the board members or senior management or any related parties up to the fourth degree.
8. Not to be a major shareholder in the bank or represent him.
9. Not to own directly or indirectly (including family members who are shareholders or related parties) more than (5%) of the shares of any company of any kind.

Article (8): Duties and Responsibilities of the Board of Directors

1. Adopting the bank's plans, including vision, mission, goals, strategic objectives, and core values in light of the general assembly's directions, then directing senior executive management to implement the plans while monitoring, evaluating, and adjusting them if necessary to ensure their execution.
2. Supervising senior executive management, monitoring its performance, ensuring the bank's financial health and suitability, and adopting appropriate policies and procedures for periodic supervision and monitoring of the bank's performance.
3. Adopting a policy to monitor and review the performance of senior executive management by setting key performance indicators (KPI) and key performance results (KPR) to define, measure, and track performance and progress towards achieving the bank's institutional goals.
4. Ensuring the bank has policies, plans, and procedures covering all its activities and aligning with relevant legislation, that they are disseminated at all administrative levels, and regularly reviewed.
5. Defining the bank's "core values," establishing clear lines of responsibility and accountability for all bank activities, and fostering a high culture of ethical standards, integrity, and professional conduct among bank administrators.
6. Taking responsibility for the safety of all bank operations, including its financial conditions, compliance with central bank requirements, regulatory or ownership requirements, and other relevant regulations, considering stakeholders, managing the bank within the framework of legislation and internal policies, and ensuring effective continuous oversight of bank activities.
7. Following up on the implementation of general assembly decisions.
8. Presenting the final accounts and financial statements of the bank and a comprehensive report on the annual plan's execution to the general assembly for discussion and approval.
9. Ensuring compliance with international standards in all bank activities and operations.
10. Discussing and approving annual plans and budgets related to bank activities and monitoring their implementation.
11. Forming board committees and selecting their members from among the board or others.
12. Approving the selection of candidates for executive management positions, evaluating and monitoring their performance periodically, supervising them, holding them accountable, and obtaining clear explanations from them on accountability matters.
13. Appointing and terminating the internal auditor, determining their fees and compensation, and evaluating their performance.
14. Adopting internal control and oversight systems for the bank, reviewing them annually, ensuring the internal auditor coordinates with the external auditor (accounting supervisor) to review these systems at least once annually, and including confirmation of the adequacy of these systems in the bank's annual report.
15. Ensuring the independence of the external auditor (accounting supervisor) from the beginning and continuously.
16. Adopting a risk management strategy, monitoring its implementation, including acceptable risk levels, ensuring the bank is not exposed to high risks, being familiar with the bank's operational environment and associated risks, ensuring the necessary and sufficient tools and infrastructure for risk management are available, and capable of identifying, measuring, controlling, and monitoring all types of risks the bank faces.
17. Ensuring the bank applies the basic principles of "sound management," as stated in the "Rules of Sound Management and Internal Control System" in Chapter 24 of Instructions No. (4) of 2010.
18. Ensuring the presence of adequate and reliable "Management Information Systems (MIS)" covering all bank activities.
19. Promoting a culture of governance within the bank, encouraging all employees and executive management to apply its practices, attend training courses on it, and work to encourage the bank's clients to apply governance rules in their institutions, ensuring the bank's credit policy includes the application of institutional governance for its clients, especially companies, evaluating risks based on their governance practices.
20. Ensuring the bank aligns with sustainability principles.
21. Taking measures to establish a clear separation between the powers of shareholders with "qualified holdings" and "senior executive management" to enhance sound institutional governance, and establishing appropriate mechanisms to limit the influence of shareholders with "qualified holdings."
22. Adopting an organizational structure that defines clear administrative hierarchy.
23. Defining executive powers for bank operations (whether the authorized manager or executive management, whether for banking operations, granting credit, signing transfers, checks, guarantees, financing, mortgages, and letters of guarantee).
24. Adopting a succession plan for executive management in the bank and reviewing it annually.
25. Ensuring executive management checks the official website of the Anti-Money Laundering Office daily regarding the lists of frozen terrorist funds and promptly informs the Anti-Money Laundering Office and the Banking Supervision Department at the Central Bank in case a person is listed in the frozen terrorist funds list.
26. Evaluating the performance of the board as a whole at least once annually and presenting the evaluation results to the general assembly based on a system for evaluating the board's work.
27. Providing the Central Bank with information related to the members of boards or management bodies and executive management of its subsidiaries inside and outside Iraq semi-annually and upon any changes.
28. Supervising the quality of disclosure, transparency, and information about the bank.
29. Reviewing the board's work regulations annually and proposing any amendments if any.

Article (9): Appointment and Selection of the Authorized Manager

1. The bank's board of directors appoints one of its members as the authorized manager of the bank.
2. The appointed authorized manager must meet the following minimum requirements:
   2.1) All stipulated conditions must fulfill the legal requirements stated in Banking Law No. (94) of 2004 and Companies Law.
   Full-time dedication to managing daily banking operations.
   2.2) Must hold at least a bachelor's degree in financial and banking sciences, business administration, accounting, economics, law, or related banking fields.
   2.3) Must possess integrity and a good reputation.
   2.4) Must have actual work experience in executive management in banks according to the regulations and instructions issued by this bank.
3. The authorized manager is responsible for implementing the board's decisions within the powers granted to him.
4. The positions of board chairman and authorized manager or general manager cannot be combined.

Article (10): Board Meetings

1. The board of directors of the Commercial Islamic Bank meets six times during the fiscal year and whenever necessary at the bank's headquarters.
2. All board members must attend the meeting, and if a member cannot attend in person, they may attend via video or phone with the chairman's approval, without the right to vote or sign the meeting minutes.
3. Board decisions are issued by a majority vote of the attendees, and in case of a tie, the final decision is made by the chairman.

Article (11): Role of the Chairman

1. Establishing a constructive relationship between the board, senior executive management of the bank, and between the bank, shareholders, and other stakeholders.
2. Encouraging the expression of opinions on issues being discussed, especially those with differing viewpoints among members, and promoting discussion and voting on these issues.
3. Ensuring members sign the meeting minutes.
4. Identifying and meeting the needs of board members regarding the development of their expertise and continuous learning, and providing new members with an "Orientation Program" to familiarize them with the bank's activities.
5. Inviting the central bank to attend general assembly meetings at least fifteen (15) days in advance to designate a representative.
6. Ensuring the central bank is informed of any material information.

Article (12): Board Secretary

The board appoints a secretary immediately upon its formation, who attends all board meetings, records all deliberations, proposals, objections, and reservations, mentioning the topics discussed, decisions reached, names of attending members, votes cast by each member, and preserves and documents the board meeting records and minutes after they are signed by the board members.

Article (13): Board Committees

A- Overview of Committees:

The bank's board of directors has formed four committees under institutional governance. These committees meet periodically, with the number of meetings determined by the nature of each committee's work, and report directly to the board of directors.

The committees play an important role in supporting the board during the decision-making process. Specific responsibilities have been delegated to each committee, each with its own specializations. These committees do not oversee the daily work of executive management and do not have executive powers. The committees are:

B- Details of the Committees Derived from the Board of Directors:

1- Institutional Governance Committee:

This is an independent committee derived from the bank's board of directors, consisting of three independent and non-executive members. The task of this committee is to officially represent communication between the board of directors and the bank's management on governance issues and matters. The committee supervises and follows up on the implementation of the governance guide in all the bank's activities and operations, including reviewing the general governance framework, ensuring the bank's regulatory compliance with its principles, and including a report in the bank's annual report.

Committee Tasks:

• Establishing a governance framework and guide, monitoring its implementation, and modifying it when necessary.
• Supervising and preparing the governance report and including it in the bank's annual report.
• Ensuring the bank's application of institutional governance principles and sound practices.

2- Audit Committee:

The committee must consist of at least three members who are independent members of the board of directors, consultants, or experts in the financial or auditing field with the central bank's approval. The committee chairman must be an independent member of the board of directors and cannot be a member of another committee derived from the board.

* Committee Meetings:

The committee holds at least four meetings during the year, with the schedule determined by the nature of the work.

* Committee Tasks and Powers:

1. Discussing the scope, results, and adequacy of internal auditing, following up with the external auditor, and discussing their reports.
2. Reviewing accounting issues affecting financial statements and the effectiveness of internal control and oversight systems. Also, ensuring compliance with international standards and anti-money laundering in all bank activities and operations.
3. Reviewing the bank's organizational structure, creating or canceling organizational formations, merging them, defining their tasks and specializations, and then recommending their adoption to the board of directors.
4. Reviewing the annual plan for training and developing bank employees, monitoring its implementation, reviewing executive management reports on the status of human resources, and reviewing policies and instructions related to hiring, promotion, resignation, and termination for all bank employees, including executive management, in accordance with applicable laws.
5. Reviewing and approving the annual audit plan, accounting controls, and procedures.
6. Preparing a quarterly report on the committee's work after each quarter and presenting it to the board of directors.
7. Ensuring the bank's compliance with disclosures specified by international financial reporting standards, central bank instructions, and other relevant legislation and instructions.
8. Reviewing the bank's annual report and ensuring the adequacy of internal control and oversight systems regarding financial reporting, including at least the following items:
   • Preparing a section explaining the internal auditor's responsibility, in collaboration with executive management, for establishing and maintaining internal control and oversight systems for financial reporting in the bank.
   • Preparing a section on the framework used by the internal auditor and their evaluation to determine the effectiveness of internal control and oversight systems.
   • Ensuring compliance with international standards in all bank activities and operations.
   • Ensuring the presence of an anti-money laundering and terrorism financing department, responsible for implementing policies, tasks, and duties related to these activities, including preparing periodic reports on its activities and monitoring compliance with US tax regulations.
   • Disclosing weaknesses in internal control and oversight systems that could lead to the inability to prevent or detect a materially incorrect statement.
   • A report from the external auditor expressing their opinion on the effectiveness of internal control and oversight systems.
9. Proposing qualified individuals to work as external auditors or recommending their dismissal, providing direct communication channels with them, agreeing on the audit scope with the external auditor, receiving audit reports, and ensuring the bank's management takes timely corrective actions on issues identified by the external auditor.
10. Appointing the internal auditor or recommending their dismissal, promotion, or transfer after obtaining central bank approval, requesting reports from the internal audit manager, ensuring sufficient financial resources and a sufficient number of qualified human resources for the internal audit department, training them, and ensuring they are not assigned any executive tasks to guarantee their independence.
11. Monitoring compliance with laws, regulations, and controls applicable to the bank, anti-money laundering, and terrorism financing activities, and reporting to the board.
12. Reviewing reports submitted by the bank to the central bank and reviewing anti-money laundering and terrorism financing reports.
13. Submitting the annual report to the board of directors to disclose the bank's activities and operations.
14. Having the authority to obtain any information from executive management and summon any manager to attend its meetings without them being a committee member.
15. Meeting with the external auditor, internal auditor, compliance officer, and anti-money laundering reporting officer at least four times a year without the presence of any executive management members.
16. Reviewing and monitoring procedures that allow employees to confidentially report any errors in financial reports or other matters, ensuring arrangements for independent investigation and employee protection, and ensuring the objective handling of investigation results.
17. Following up on the implementation of business continuity and disaster recovery programs in coordination with the IT and Communications Committee.

3- Risk Management Committee:

The Risk Management Committee must consist of three non-executive members, chaired by an independent board member. All committee members must have experience in risk management and related practices and issues. The Risk Management Committee plays an important role in supporting the board through the decision-making process. Committee meetings:

1. The committee must meet at least four times a year.
2. Any member of the executive management may be invited to attend committee meetings to clarify certain issues and topics that need explanation.

*  Committee Responsibilities:

1. Reviewing the bank's risk management strategy before it is approved by the board.
2. Ensuring appropriate oversight by the board on the integration of the bank's organizational structures in risk management according to their tasks, and ensuring the bank manages its various banking risks according to the approved risk strategy.
3. Identifying, measuring, monitoring, and controlling risk categories, comparing them to acceptable risk exposure levels, and reviewing reports issued by the risk management department.
4. Ensuring an internal capital adequacy assessment process to maintain the necessary and sufficient capital to guard against these risks, achieving acceptable returns for shareholders without compromising the bank's financial strength.
5. Ensuring the bank's compliance with systems, policies, and instructions for the appropriate level of each risk the bank faces.
6. Determining the level of liquidity risk the bank can bear and its ability to avoid those risks according to Basel III requirements.
7. Evaluating the performance of the investment portfolio in terms of return and risk concerning the bank's internal and external investments and their impact on local and international capital market movements.
8. Evaluating the quality of the credit portfolio and assets by reviewing general rules in managing concentrations and variables that directly affect the possibility of customer default and the periodic evaluation of the quality of collateral provided to mitigate credit risks.
9. Establishing a framework for IT and communications risk management concepts, clarifying roles and responsibilities, identifying and assessing potential threats and risks, current and emerging vulnerabilities, implementing effective practices to mitigate those risks, and prioritizing information system assets and the application of international standards (COBIT, IT GXM, etc.).

4- Nomination and Remuneration Committee:

The committee must consist of at least three members who are independent or non-executive members, with the chairman being an independent member. The committee determines the number of its meetings based on the nature of its work and commits to submitting periodic reports and an annual report on its work results to the board of directors.

* Tasks and Responsibilities:

- Identifying qualified individuals to join the board of directors or senior management of the bank, except for identifying qualified individuals to work as the internal audit manager, which is the responsibility of the Audit Committee, and identifying qualified individuals to work as the internal Sharia audit manager, which is the responsibility of the Sharia Supervisory Board and after the approval of the Central Bank of Iraq.

- Preparing the remuneration policy and submitting it to the board of directors for approval and overseeing its implementation, taking into account the following points:

1. Aligning with sound governance principles and practices.
2. Achieving the bank's long-term goals according to its strategic plans.
3. Ensuring the remuneration policy considers all types of risks the bank faces, balancing achieved profits with the risk levels involved in banking activities.
4. Including all levels and categories of bank employees in the remuneration and salary policy, conducting periodic reviews and evaluations of the adequacy and effectiveness of the remuneration, salary, and incentive policy to ensure achieving its stated goals.
5. Establishing a succession policy to secure executive management positions in the bank, reviewing it annually to ensure the bank is ready to handle any changes in executive management positions without affecting the bank's performance and continuity of operations.
6. Ensuring the preparation of plans and provision of programs for continuous training of board members to keep up with significant developments in banking and financial services.
7. Overseeing the evaluation of human resources performance in the bank, especially executive management, reviewing related reports, and submitting recommendations to the board of directors.

5- IT Governance Committee:

Based on the governance and institutional management controls for IT and communications in the banking sector according to the Central Bank of Iraq's letter No. 14/611 dated 25/04/2019, this committee must consist of at least three members, including individuals with strategic expertise and knowledge in IT and communications. The committee may seek external experts at the institution's expense, in coordination with the chairman, to compensate for any deficiencies in this field and to enhance objective opinions. The committee may invite any of the institution's administrators to attend its meetings, including those involved in internal auditing and senior executive management (such as the IT and communications manager) or those involved in external auditing. The board sets its objectives and delegates powers to it according to a charter that clarifies this, and the committee submits periodic reports to the board. The committee meets every three months and keeps documented meeting minutes.

* Tasks and Responsibilities:

1. Adopting strategic plans for IT and communications and appropriate organizational structures, including steering committees at the senior executive management level, particularly the IT and Communications Steering Committee, ensuring the achievement of the institution's strategic objectives and their fulfillment, achieving the best added value from IT and communications projects and investments, and using the necessary tools and standards to monitor and ensure their realization, such as using IT Balanced Scorecards and calculating the Return on Investment (ROI), and measuring the impact on increasing financial and operational efficiency.
2. Adopting the general framework for managing, controlling, and monitoring IT and communications resources and projects, simulating the best internationally accepted practices in this regard, specifically COBIT (Control Objectives for Information and Related Technology) in all its versions, to achieve the objectives and requirements of these controls through achieving the institutional objectives outlined in Annex No. (1) sustainably, achieving the matrix of information and technology objectives associated with it, outlined in Annex No. (2), and covering IT and communications governance processes outlined in Annex No. (3) (as detailed in the IT and Communications Governance and Institutional Management Controls).
3. Adopting the matrix of institutional objectives outlined in Annex No. (1) and the related information and technology objectives outlined in Annex No. (2), considering their data as a minimum, and describing the necessary sub-objectives to achieve them.
4. Adopting a RACI Chart for the main IT and communications governance processes in Annex No. (3) and the sub-processes derived from them, specifying the entity, entities, person, or parties primarily responsible (Responsible), those ultimately accountable (Accountable), consulting parties (Consultant), and those informed about each process (Informed) as outlined in the mentioned annex.
5. Ensuring the presence of a general framework for IT and communications risk management that aligns with and integrates into the overall risk management framework of the institution, according to international standards such as ISO 31000 and ISO 73, considering all IT and communications governance processes outlined in Annex No. (3) and meeting them.
6. Adopting the budget for IT and communications resources and projects in alignment with the institution's strategic objectives.
7. General supervision and monitoring of IT and communications operations, resources, and projects to ensure their adequacy and effective contribution to meeting the institution's requirements and operations.
8. Reviewing IT and communications audit reports, taking necessary actions to address deviations, and recommending corrective actions.
9. Submitting periodic reports to the board.
10. Developing a specific guide for IT and related information governance and management, which may be part of the institutional governance guide, considering these controls as a minimum, aligning with its needs and policies, and having the guide approved by the board and submitted to the Central Bank of Iraq within six months from the date of these controls. This guide should reflect the institution's perspective on IT and related information governance and management in terms of its concept, importance, and basic principles, considering legislation and best international practices in this regard. The institution, through the IT and Communications Governance Committee derived from the board, should review and update this guide as needed.

Article (14): Executive Management

A- Overview of Executive Management:

The management of the Commercial Islamic Bank of Iraq is responsible for implementing appropriate procedures and operations to ensure compliance with policies, laws, regulations, and other guidelines issued by the board of directors and adopted to ensure appropriate corporate governance standards in the bank. Members of the executive management of the Commercial Islamic Bank of Iraq possess the necessary credibility, integrity, and banking competence.
The executive management is appointed according to specific conditions and an employment contract, and the Nomination and Remuneration Committee is responsible for hiring the executive management in the bank. The board of directors and the Nomination Committee are responsible for ensuring the suitability of executive management members for banking operations.
The bank's executive management continuously monitors the bank's performance, ensures compliance with international standards in all bank activities and operations, and advises the board by submitting periodic reports to the board of directors on the bank's operations and monitoring the financial position and profitability.

B- Executive Management Committees:

According to institutional governance principles, the executive management committees have been formed as follows:

1- Credit Review Committee:

This committee consists of at least three members, and board members may attend as observers to assist them. The committee sends its meeting schedules to the board of directors before convening so that any board member can attend as an observer if desired.
Once a month and whenever necessary.
The committee secretary is responsible for recording the committee's meeting minutes, accurately and completely documenting its recommendations, and noting any reservations raised by any member. The bank retains all these minutes appropriately.

* Tasks and Responsibilities:

1. Supervising and following up on the implementation of instructions issued by the Central Bank of Iraq regarding the principles of evaluating customers' creditworthiness, forming provisions, and monitoring credit exposures.
2. Monitoring loan repayment movements.
3. Collaborating with the legal department in following up on the collection of non-performing loans.
4. Working to recover loans and written-off amounts as much as possible.
5. Simplifying loan granting procedures.
6. The committee chairman presents its meeting minutes and recommendations to the Risk Management Committee.
7. The committee commits to submitting periodic reports and an annual report on its work results to the Risk Management Committee.

2- Investment Committee:

This committee must consist of at least three members with expertise, and a board member attends as an observer to assist the committee. The committee meets once a month and whenever necessary. The committee has a secretary who records the committee's meeting minutes and accurately and completely documents its recommendations and any reservations raised by any committee member.

* Tasks and Responsibilities:

1. Segmenting the investment portfolio into "equity instruments" and "debt instruments," including treasury transfers, government bonds, and foreign instruments in the portfolio.
2. Proposing the sale, purchase, and retention of investment portfolio components and monitoring their implementation upon board approval.
3. Reviewing periodic indicators used by the investment department or investment units and providing necessary proposals regarding them.
4. The committee chairman presents its meeting minutes and recommendations to the Risk Management Committee.
5. The committee commits to submitting periodic reports and an annual report on its work results to the Risk Management Committee.

3- IT and Communications Steering Committee:

The IT and Communications Steering Committee must consist of members from executive management, consultants, and specialists. The board elects one of its members to be an observer in this committee, along with the internal audit manager, whose role is to be an observer, not a member, attending only when presenting or discussing their report to ensure independence and objectivity. The committee aims to achieve the institution's strategic objectives sustainably.
The steering committee meets periodically (at least once quarterly), and the committee secretary records the committee's meeting minutes and accurately and completely documents its recommendations.

* Tasks and Responsibilities:

1. Reviewing and developing the use of IT and communications and ensuring information and communications security.
2. Ensuring the adequacy of the infrastructure, information and communications systems, electronic networks, and software used in the bank.
3. Ensuring the adequacy of procedures taken to maintain updated backup copies of information to address potential disasters and data loss.
4. Monitoring electronic customer service technologies.
5. Supervising and ensuring the quality and suitability of the bank's internal network management and its website on the internet.
6. Following up on the implementation of business continuity and disaster recovery programs.
7. Ensuring the preparation of IT and communications policies and procedures manual, working on updating it, and providing necessary proposals to develop the manual according to work requirements.
8. Ensuring the separation of duties between the IT and communications department and other departments in the bank.
9. Preparing strategic and operational plans for risk management to achieve the strategic objectives set by the board, supervising their implementation to ensure their achievement, and continuously monitoring internal and external factors affecting them.
10. Linking the matrix of institutional objectives with the matrix of related information and technology objectives, as outlined in Annex No. (2) of the IT and Communications Governance and Institutional Management Controls, adopting and continuously reviewing them to ensure achieving the institution's strategic objectives and control objectives, defining a set of measurement standards, reviewing them, and assigning relevant executive management to continuously monitor them and inform the committee.
11. Recommending the allocation of necessary financial and non-financial resources to achieve the objectives and IT and communications governance processes outlined in Annexes (2) and (3) of the IT and Communications Governance and Institutional Management Controls, at a minimum, and utilizing competent and suitable human resources in the right place through organizational structures that include all necessary processes to support the objectives, ensuring the separation of tasks, avoiding conflicts of interest, and adapting the technical infrastructure and related services to serve the objectives, and supervising the implementation of IT and communications governance projects and processes.
    1. Prioritizing IT and communications projects and programs.
    2. Monitoring the level of technical and technological services and continuously improving and enhancing their efficiency.
    3. Submitting necessary recommendations to the IT and Communications Governance Committee regarding the following:
       • Allocating necessary resources and mechanisms to achieve the tasks of the IT and Communications Governance Committee.
       • Any deviations that may negatively affect achieving strategic objectives.
       • Any unacceptable risks related to IT security and protection.
       • Performance and compliance reports with the general framework for managing, controlling, and monitoring IT and communications resources and projects.
12. Providing the IT and Communications Governance Committee with its meeting minutes promptly and obtaining acknowledgment of their review.

Article (15): Sharia Supervisory Board of the Bank:

Members of the Sharia Supervisory Board are appointed by the bank's general assembly based on the board's recommendation and the approval of the Central Bank of Iraq for a renewable term of three years. The Sharia Supervisory Board is an independent entity consisting of specialists in Islamic jurisprudence and Islamic finance, with expertise in banking, financial, and legal matters in general.

First: Three (3) Sharia supervisory bodies are formed within the bank's structure, which are:

1. Sharia Supervisory Board.
2. Sharia Coordination and Compliance Department.
3. Internal Sharia Audit Department.

• The Sharia Supervisory Board ("the Board") is an independent body of scholars specializing in Islamic jurisprudence, financial transactions, and Islamic finance, guiding, monitoring, and supervising the bank's activities to ensure the bank's management complies with Islamic Sharia principles in its transactions.
• The Board's decisions and fatwas are binding on the bank's management.
• The responsibility for executing the bank's activities according to Islamic Sharia principles lies with the bank's management. The Board and its Sharia bodies supervise the bank's operations and activities, monitoring transactions to ensure full compliance with Islamic Sharia principles and the Board's fatwas and decisions within an independent and objective authority.
• The bank is responsible for ensuring the adequacy of the organizational structure of the Sharia bodies and granting them all appropriate powers and authorities to perform their duties and responsibilities effectively.
• The Board refers to Sharia principles and rulings for its decisions and judgments according to the applicable Sharia standards issued by AAOIFI.
• The Sharia Supervisory Board complies with the decisions issued by the Central Bank of Iraq.
• The Board adheres to the principles and policies of governance and the decisions and instructions issued by the Central Bank of Iraq.
• Formation and Appointment of the Board:

Formation, appointment, and dismissal of the Board members and its executive committee:

• According to the Islamic Banking Law No. (43) of 2015, Article (7) First, the Sharia Supervisory Board consists of five (5) members, with a maximum of five, including three (3) members with expertise in Islamic jurisprudence and its principles, and at least two (2) members with expertise and specialization in banking, legal, and financial matters. They are appointed by the shareholders at the annual general assembly meeting based on a recommendation from the board of directors, and they are re-nominated and elected by the shareholders at the general assembly meeting according to the period specified in the appointment decision, considering the instructions and decisions issued by the Central Bank of Iraq.
• A Board member is appointed through an agreement or appointment contract with the bank, signed officially after being selected by the general assembly. The appointment period is not less than three years, and the agreement specifies the privileges and rewards of the Board member after approval by the general assembly or authorization from the general assembly to the board of directors to determine their fees and rewards.
• The appointed Board member must meet the following conditions:

1. Must be a Muslim.
2. Must hold a university degree in Islamic Sharia or Islamic economics or its equivalent.
3. Must have a certified degree in Islamic commercial jurisprudence (Islamic commercial jurisprudence) with a strong understanding of jurisprudence principles and Islamic Sharia rules.
4. Must have sufficient experience in Islamic studies, Islamic economics, Islamic financial transactions, or scientific research for at least seven years.
5. Must have appropriate knowledge of banking transactions, Islamic finance, and accounting.
6. Must not be part of the bank's executive or administrative team or a member of the bank's board of directors or an official.
7. Must not be a shareholder in the bank.
8. Must have good conduct, appropriate personality, clean record, known for integrity and good reputation.
9. Must not have any previous conviction for any behavior or crime contrary to morals or ethics, committed an offense related to betrayal or fraud, financial crime, received a criminal penalty, or was suspended by a regulatory, professional, or judicial body, was not the owner or manager of a company whose registration, authorization, membership, or license to practice any work or profession was rejected, or was a partner in managing a business activity that was placed under guardianship or faced insolvency or forced liquidation while being associated with that entity, or was dismissed or asked to resign from a position involving trust, or had their eligibility to work as a manager or in an administrative capacity canceled due to a mistake they made, or was not fair, responsive, or honest in any dealings with entities.
10. Must be willing to comply with the requirements and standards of the regulatory system, legal and regulatory standards, and other professional standards.
11. Must have appropriate mental and physical fitness.
12. Must have the ability to allocate sufficient time and attention to the bank.
13. Considering the instructions and decisions issued by the Central Bank of Iraq.

• The Board elects a chairman (the chairman must have at least a master's degree from a recognized university in Sharia sciences, including financial transactions jurisprudence, and at least three (3) years of experience in issuing fatwas and Sharia rulings or four (4) years after graduation in teaching or scientific research in Islamic finance) and a vice-chairman from among its members, and informs the bank's management accordingly.
• A new member can be appointed to the Board with the approval of the board of directors and the general assembly. The elected person becomes an official member after the general assembly of shareholders issues a decision to appoint them.
• When reviewing the qualifications and suitability of Board members or selecting new members, the board of directors or the bank's executive management must verify the members' qualifications according to the appointment conditions mentioned in clause 2/1/4 above.
• A Board member's services can be terminated only by the general assembly and with the approval of the Central Bank of Iraq, in the following cases:
  1. A recommendation from the board of directors to terminate the member, approved by the shareholders at the general assembly meeting.
  2. The Board member submits a request to the chairman of the board to be relieved of their duties, and the member must submit the request at least three (3) months in advance if they complete the three-member requirement to allow the bank to appoint a replacement member in a timely manner, and within one (1) month in normal circumstances.
  3. Inability to attend meetings for any reason.
  4. Failure to attend four (4) consecutive Board meetings without an acceptable excuse.
  5. Expiration of the membership term without renewal by the general assembly.
• At least two members of the Board must have expertise in banking, financial, and legal matters and be familiar with the Sharia requirements for Islamic banking.
• All Board members must be independent and capable of issuing independent judgments without influence or coercion.
• The Board or any of its members has the right to attend the bank's governance committee to provide advice and guidance on Sharia-related matters and to coordinate complementary roles and tasks of the committee when a Sharia-related issue is presented.
• The bank must disclose the following matters related to the Board in the annual report:
• Board members who have immediate family members in the executive management (Approved Person) with a detailed list provided by the bank's management.
• Annual Board rewards.
• The Board has the authority to appoint or seek assistance from experts and specialists to help perform its tasks or for advisory purposes and determine their fees in coordination with the bank's management.

Second: Tasks and Responsibilities of the Board:

The Board's work includes the following:

1. Approving the Sharia aspects of the founding contract, articles of association, regulations, forms, policies, and procedures followed in the bank's operations.
2. Approving standard and non-standard agreements and contracts, forms, documents, terms and conditions, declarations, and commitments related to financial transactions conducted by the bank with shareholders, investors, customers, employees, and others for financing, investment, marketing, and other purposes, participating in modifying and developing the mentioned forms when necessary, and preparing contracts that the bank intends to enter into that do not have pre-established forms to ensure the contracts and agreements are free from Sharia prohibitions.
3. Providing Sharia opinions on products the bank intends to offer and issuing fatwas on transactions conducted by the bank.
4. Monitoring the bank's operations and reviewing its activities from a Sharia perspective at intervals determined in coordination between the Board, the Sharia Coordination and Compliance Department, the Internal Sharia Audit Department, and the bank's management, ensuring that the transactions conducted were for products and contracts approved by the Board through regular review of practical steps and auditing documents from a Sharia perspective to ensure no violations of the principle, contract, or its Sharia conditions and requirements, including correction and modification to restore the transaction or settle obligations and rights according to Sharia rules.
5. Approving annual internal Sharia audit plans and methodologies and supervising their implementation.
6. Providing and proposing possible Sharia solutions for financial transaction problems that do not comply with Islamic Sharia principles and contributing to finding alternatives for products that violate Sharia rules in cooperation with the bank's management.
7. Providing guidance, advice, and training to employees involved in applying Islamic financial transactions to help them achieve compliance with Islamic Sharia principles.
8. Providing Sharia opinions on the bank's financial statements at intervals determined in coordination between the Board and the management.
9. Reviewing reports or observations from the Sharia Coordination and Compliance Department and the Internal Sharia Audit Department and providing advice on them and ways to address the observations.
10. Ensuring that profits earned from sources or methods that conflict with Islamic Sharia principles are set aside and spent on public welfare directly or through charitable institutions as approved by the Board, ensuring that these charitable institutions have a good reputation and are not directly or indirectly related to persons licensed by the bank or the Board, and spending these funds within 12 months unless the Board approves an extension not exceeding 24 months. The Board, the Sharia Coordination and Compliance Department, the Internal Sharia Audit Department, and the independent external Sharia auditor must review the nature of charitable transactions and the reasons for non-compliance with Sharia and establish procedures to ensure such cases do not recur.
11. Ensuring the distribution of profits and the allocation of losses according to Sharia rules and approving them.
12. Ensuring the calculation of zakat according to Islamic Sharia principles on behalf of the shareholders, informing them of their zakat obligations, and ensuring the distribution of the zakat fund's assets to their Sharia-approved purposes as approved by the Board.
13. Submitting an annual report addressed to the shareholders, with a copy to the board of directors, presented at the general assembly meeting, in which the Board expresses its opinion on the transactions conducted by the bank and the extent of the management's compliance with the fatwas, decisions, and guidance issued by the Board, by assigning one of its members to attend the meeting to read the report and answer any inquiries from shareholders or the public. The Board's annual report is included in the bank's annual report.
14. The report must include a statement of Sharia violations that have affected the application of Sharia rules during the fiscal year, with a description of the actions taken by the Board. The report must include at least the following:
    1. Title.
    2. Recipient of the report.
    3. Opening or introductory paragraph.
    4. Paragraph explaining the nature of the work done.
    5. Opinion paragraph with the following details:
       a) Statement on the bank's compliance with Islamic Sharia principles in the contracts and transactions conducted.
       b) Basis for calculating profits and losses on investment accounts.
       c) Statement on whether any prohibited revenues or means were found, specifying the entities to which they were allocated.
       d) Statement on the basis of the zakat process and its compliance with Islamic Sharia principles.
       e) Statement on aspects where the bank did not comply with the Board's decisions and fatwas, if any.
       f) Statement on the bank's compliance with Sharia principles, applicable Sharia standards issued by AAOIFI, and instructions and directives issued by the Central Bank of Bahrain.
    6. Report date.
    7. Signatures of the Board members.
15. Meeting with the bank's board of directors quarterly to discuss important issues with a specific agenda determined in coordination between the Board and the board of directors. The Board also submits administrative reports to the bank's board of directors as needed, reflecting its independence.
16. Answering customer inquiries and clarifications regarding the Sharia compliance of certain procedures or transactions in coordination with the Sharia Coordination and Compliance Department.
17. The Board may authorize or assign the Sharia Coordination and Compliance Department to perform some periodic tasks within its scope of responsibilities (defining the scope of responsibility) mentioned above, with a decision issued by the Board.

Third: Secretariat of the Sharia Supervisory Board:

1. Arranging for regular and emergency meetings of the Board or its executive committee.
2. Preparing agendas for the Board and executive committee meetings in light of issues and topics presented by the bank's management or Board members, preparing working papers and memoranda related to agenda topics, and sending them to Board members manually or electronically well in advance of the meeting.
3. Preparing and documenting meeting minutes, including decisions issued by the Board or its executive committee, presenting them to members for signature and approval, and providing them upon request by the internal Sharia auditor, internal regulatory bodies, and inspectors of the Central Bank of Iraq.
4. Notifying relevant departments and sections of all fatwas, decisions, and instructions issued by the Board according to the Board meeting minutes, and monitoring these departments' implementation of the decisions through an appropriate mechanism that includes previous and subsequent aspects to ensure Sharia compliance.
5. Evaluating the bank's compliance with the Board's fatwas and decisions and adherence to Islamic Sharia principles by preparing the required plans and strategies for prior examination and preparing necessary reports in this regard.
6. Retaining reports from the Internal Sharia Audit Department and providing comprehensive annual reports on the Board's work and achievements.
7. Monitoring the disbursement of allocations and financial rewards for Board members.

Internal Sharia Supervision:

The bank forms two internal Sharia supervisory departments: the Sharia Coordination and Compliance Department and the Internal Sharia Audit Department.

First: Sharia Coordination and Compliance Department:

1. The bank establishes an independent Sharia Coordination and Compliance Department, including the head of the department ("Sharia Supervisor") and a sufficient number of employees.
2. The Sharia Coordination and Compliance Department follows the Board technically and is directly supervised by the Board, while administratively reporting to the CEO.
3. The Sharia Coordination and Compliance Department must have a sufficient number of competent employees with appropriate qualifications and experience.
4. The Sharia Supervisor serves as the secretary of the Board, overseeing the Sharia Coordination and Compliance Department and its employees, working full-time at the bank, and appointed by the bank's management with the Board's approval.
5. The Sharia Coordination and Compliance Department's activities are objective and independent, with direct contact with all administrative levels without restrictions hindering its supervisory work.
6. The Sharia Coordination and Compliance Department adheres to the Board's work regulations and the policies and procedures manual prepared for the Sharia Coordination and Compliance Department.
7. The Sharia Coordination and Compliance Department's policies manual is approved by the Board and the bank's board of directors, subject to periodic review and continuous development. Anything not mentioned in this regard is subject to the governance manual issued by the Central Bank of Iraq.
8. The Sharia Coordination and Compliance Department adheres to the Code of Ethics for Accountants and External Auditors of Islamic Financial Institutions issued by AAOIFI and the Code of Ethics for Employees of Islamic Financial Institutions.
9. The Board may request the appointment of additional employees or consultants to assist in performing its tasks as needed according to the bank's regulations.
10. The administrative affiliation of the Sharia Coordination and Compliance Department is to the bank's management, while technically reporting to the Board. The bank's regulations on salary determination and promotions apply to it, and the Board evaluates the Sharia Supervisor's work annually in consultation with the CEO according to the bank's approved evaluation standards.
11. The bank's management cannot dismiss, suspend, or terminate the Sharia Supervisor without the Board's approval, with notification to the Central Bank of Iraq, stating the reasons, justifications, and procedures followed.
12. If the Sharia Supervisor wishes to resign or retire, it must be done through a written letter addressed to the Board and the bank's management.

Second: Internal Sharia Audit Department:

1. The bank establishes an independent Internal Sharia Audit Department, including the head of the department and a sufficient number of employees.
2. The Internal Sharia Audit Department must have a sufficient number of competent employees with appropriate qualifications and experience.
3. Reports issued by the Internal Sharia Audit Department are submitted to the Board, a copy to the Audit Committee of the bank's board of directors, and a copy to the bank's CEO to ensure Sharia compliance evaluation in the bank and adherence to Sharia rules and standards. The Internal Sharia Audit Department follows the Board technically and is directly supervised by the Board, while administratively reporting to the CEO.
4. The head of the Internal Sharia Audit Department supervises the department and its employees, works full-time at the bank, and is appointed by the bank's management with the Board's approval in consultation with the Audit Committee of the bank's board of directors and approved by the Central Bank of Iraq.
5. The Internal Sharia Audit Department's activities are objective and independent, with direct contact with all administrative levels without restrictions hindering its supervisory work.
6. The Internal Sharia Audit Department adheres to the Board's work regulations and the policies and procedures manual prepared for the Internal Sharia Audit Department.
7. The Internal Sharia Audit Department's policies manual is approved by the Board and the bank's board of directors, subject to periodic review and continuous development. Anything not mentioned in this regard is subject to the governance manual issued by the Central Bank of Iraq.
8. The Internal Sharia Audit Department adheres to the Code of Ethics for Accountants and External Auditors of Islamic Financial Institutions issued by AAOIFI and the Code of Ethics for Employees of Islamic Financial Institutions.
9. The administrative affiliation of the Internal Sharia Audit Department is to the bank's management, while technically reporting to the Board. The bank's regulations on salary determination and promotions apply to it, and the Board evaluates the head of the Internal Sharia Audit Department's work annually in consultation with the CEO according to the bank's approved evaluation standards.
10. The bank must immediately notify the Central Bank of Iraq in case of the resignation, retirement, or cessation of the head of the Internal Sharia Audit Department.
11. The bank's management cannot dismiss, suspend, or terminate the head of the Internal Sharia Audit Department without the Board's approval, with notification to the Central Bank of Iraq, stating the reasons, justifications, and procedures followed.
12. If the head of the Internal Sharia Audit Department wishes to resign or retire, it must be done through a written letter addressed to the Board and the bank's management.

Article (16): Relationship between the Board and Risk Management

1. Ensuring that the Risk Management Department monitors the bank's executive departments at the specified acceptable risk levels.
2. The board must verify the handling of deviations from acceptable risk levels, including holding the relevant executive management accountable for these deviations.
3. The board must ensure that the Risk Management Department conducts "stress tests" periodically to measure the bank's ability to withstand shocks and face high risks, with the board playing a key role in approving the assumptions and scenarios used, discussing test results, and approving actions to be taken based on these results.
4. The board must approve the internal capital adequacy assessment methodology for the bank, in line with Basel III and Basel II requirements and any other international standards, ensuring the methodology is comprehensive, effective, capable of identifying all risks the bank may face, considering the bank's strategic plan and capital plan, reviewing the methodology periodically, verifying its application, and ensuring the bank maintains sufficient capital to face all potential risks.
5. Before approving any expansion of the bank's activities, the board must consider the associated risks and the capabilities and qualifications of the Risk Management Department's employees.
6. The board must ensure the independence of the Risk Management Department in the bank by submitting its reports to the Risk Management Committee and granting the department the necessary powers to obtain information from other bank departments and collaborate with other committees to perform its tasks.
7. The policies approved by the board must include acceptable risk limits the bank may face, ensuring these limits are consistent with the bank's risk tolerance and appropriate for its capital size.
8. Measuring the continued suitability of work steps for measuring, monitoring, and controlling risks and making any necessary adjustments according to market developments and the environment in which the bank operates.
9. Using appropriate and effective information and communication systems, especially for risk monitoring and control, ensuring the efficiency of the information management system to provide senior management, the Risk Committee, and the board with periodic reports (at least monthly) reflecting the bank's compliance with specified risk limits, explaining deviations from these limits, their causes, and the necessary corrective plan.

The minimum tasks of the Risk Management Department include:

• Studying and analyzing all types of risks faced by the bank.
• Preparing the "Risk Management Framework" in the bank and presenting it to the board.
• Implementing the risk management strategy and developing work policies and procedures to manage all types of risks.
• Developing methodologies for identifying, measuring, monitoring, and controlling each type of risk.
• Submitting reports to the board through the Risk Management Committee, with a copy to the executive management, including information on the actual "Risk Profile" of all bank activities, compared to the "Risk Appetite" document, and monitoring the handling of negative deviations.
• Verifying the integration of risk measurement mechanisms with the "Management Information System (MIS)" used.

used.

• Providing recommendations to the Risk Management Committee on the bank's "Exposures" to risks and recording exceptions to the risk management policy.
• Providing necessary information about the bank's risks for disclosure purposes.

Article (17): Relationship between the Board and the Compliance Department

1. The board must adopt a clear policy to ensure the bank's compliance with all relevant legislation and instructions, review this policy periodically, and verify its implementation.
2. The board must approve the tasks and responsibilities of the Compliance Department.
3. The Compliance Department submits its reports to the Audit Committee, with a copy sent to the general manager or the authorized manager.
4. The bank must establish an independent Compliance Department, reinforced with adequately trained and sufficiently compensated human resources, in line with the instructions issued by the Central Bank in this regard.
5. The Compliance Department prepares effective policies and procedures to ensure the bank's compliance with all applicable legislation, instructions, and related guidelines and manuals. The bank must document the tasks, powers, and responsibilities of the Compliance Department and disseminate them within the bank.

Article (18): Relationship between the Board and the Anti-Money Laundering and Counter-Terrorism Financing Department

1. Through the Audit Committee and regulatory departments or sections in the bank, the board must ensure that the bank takes due diligence measures towards customers in accordance with the Anti-Money Laundering and Counter-Terrorism Financing Law No. (39) of 2015 and the instructions issued under it.
2. The board must ensure that the bank retains the following records, documents, and files for five (5) years from the date of the end of the relationship with the customer, the date of account closure, or the execution of a transaction for a casual customer, whichever is longer, and ensure their availability to the relevant authorities as quickly as possible, including at a minimum:
   • Copies of all records obtained through the due diligence process in verifying transactions, including documents indicating the identities of customers, actual beneficiaries, accounting files, and business correspondence.
   • All records of local and international transactions, whether executed or attempted, detailed enough to allow the reconstruction of each transaction step by step.
   • Records related to risk assessment or any information resulting from its conduct or update.

Adopting programs to prevent money laundering and terrorism financing, including:

• Conducting an assessment of the money laundering and terrorism financing risks to which the bank is exposed.
• Adopting internal policies, procedures, and controls appropriate for implementing obligations in the field of anti-money laundering and counter-terrorism financing.
• Independent auditing to test the effectiveness of policies and procedures and their implementation.

Article (19): Relationship between the Board of Directors and Stakeholders

1. The board must provide a specific mechanism to ensure communication with "stakeholders" through effective disclosure and providing meaningful information about the bank's activities to "stakeholders" through the following:
   • General assembly meetings.
   • Annual report and governance report.
   • Quarterly reports containing financial information, along with the board's report on the bank's share trading and financial position during the year.
   • The bank's website.
   • Report from the shareholder relations department.
2. It is necessary to vote separately on each issue raised at the annual general assembly meeting.
3. After the annual general assembly meeting, reports are prepared to inform shareholders about the observations made during the meeting, the results and decisions, including voting results and questions raised by shareholders, and the executive management's responses to them.
4. The board must ensure effective dialogue with shareholders by providing the following factors at a minimum:
   • Ensuring board members are aware of shareholders' views, especially regarding the bank's strategies and governance systems.
   • Holding regular meetings with major shareholders and non-executive and independent members to understand their opinions and views on the bank's strategies.
   • Disclosing in the annual report the steps taken by its members, specifically non-executive members, to reach a mutual understanding of major shareholders' views on the bank's performance.
5. The chairpersons of the "Audit" and "Nomination and Remuneration" committees, and any other committees derived from the board, must attend the annual general assembly meetings.
6. The external auditor or their representative must attend the annual general assembly meeting, present the report, and answer inquiries.

Article (20): Code of Conduct

The board of directors of the Commercial Islamic Bank of Iraq aims to ensure that all directors and employees act with the highest levels of integrity and objectivity and strive at all times to enhance the bank's reputation and performance.

The code of conduct is linked to the bank's objectives, responsibilities, and commitment towards customers, shareholders, employees, and the community.

The code of conduct and work ethics charter has been circulated to all bank departments to inform and ensure all employees adhere to it, signing the prepared form for this purpose after reviewing all the provisions in the charter, which are summarized as follows:

Article (23): Relationship with Shareholders

1. Ensuring shareholders receive all relevant information that enables them to fully exercise their rights periodically and without delay.
2. Participating and voting in general assembly meetings, considering topics shareholders wish to raise in such meetings.
3. Discussing topics listed on the general assembly agenda and directing inquiries to board members.
4. Electing members of the bank's board of directors.
5. Providing shareholders with information about the location and date of the general assembly meeting and its agenda at least thirty (30) days before the meeting date.
6. Nominating, electing, and terminating board members, inquiring about their qualifications, experience, and ability to perform their duties, discussing the size of rewards and financial incentives received by board members and senior executive officers, and having the right to submit any inquiries to the board regarding any unprofessional practices.
7. Minority shareholders have the right to elect one or more members to represent them on the board of directors based on the cumulative voting mechanism.

Article (24): Conflict of Interest

1. The bank's board of directors ensures due diligence in arranging matters related to the bank's operations and personal affairs in a way that avoids conflicts of interest between personal interests and the bank's interests. The board adopts policies and procedures to address conflicts of interest that may arise when the bank is part of a banking group and discloses in writing any conflicts of interest that may arise from the bank's association with companies within the group.
2. The board must adopt policies and procedures for dealing with related parties, including defining these parties, considering legislation, policies, procedures, and monitoring mechanisms to ensure they are not exceeded.
3. The bank's regulatory departments must ensure that related party transactions are conducted in accordance with approved policies and procedures. The Audit Committee reviews all related party transactions, monitors them, and informs the board of these transactions.
4. The board must adopt policies and a code of professional conduct and disseminate them to all employees, including at a minimum:
   • Prohibiting employees from using internal bank information for personal gain.
   • Rules and procedures for dealing with related parties.
   • Addressing situations that may give rise to conflicts of interest.
5. The board must ensure that the executive management operates with high integrity, implements approved policies and procedures, and avoids conflicts of interest.
6. Board members must receive important information in a timely, clear, and accurate manner to fulfill their duties and perform their tasks effectively.
7. The bank must provide the Central Bank with the number of shares pledged by the bank's shareholders who own (1%) or more of the bank's capital and the entity to which these shares are pledged.

Article (25): Disclosure and Transparency

1. The board ensures the publication of financial and non-financial information relevant to stakeholders.
2. The bank's annual report includes a statement that the board is responsible for the accuracy and adequacy of the bank's financial data and the information contained in the report, and for the adequacy of internal control and oversight systems.
3. The board ensures the bank's compliance with the disclosures specified by international financial reporting standards (IFRS), international accounting standards, Central Bank instructions, and other relevant legislation, and ensures that the executive management is aware of changes to international financial reporting standards.
4. The board ensures that the bank's annual report and quarterly reports include disclosures that allow current or potential shareholders to understand the bank's operational results and financial position, with disclosures in both Arabic and English.
5. The board ensures that the annual report includes at least the following:
   • Summary of the bank's organizational structure, including the committees derived from the board of directors.
   • Summary of the tasks and responsibilities of the board's committees.
   • Information relevant to stakeholders as outlined in the bank's institutional governance guide and the extent of its compliance with the guide.
   • Ensuring the preparation of the bank's governance report and including it in the annual report.
   • Information about each board member, including their qualifications, experience, contribution to the bank's capital, whether they are independent or not, their membership in board committees, their appointment date, any memberships they hold in other company boards, all forms of rewards received from the bank for the past year, loans granted to them by the bank, and any other transactions between the bank and the member or related parties.
6. Information about the Risk Management Department, including its structure, nature of operations, and developments.
7. Number of board and committee meetings and the attendance of each member at these meetings.
8. Code of conduct for work management and names of board members and senior executive management who resigned during the year.
9. Summary of the bank's reward policy, disclosing all forms of rewards for each board member individually, and all forms of rewards granted to senior executive management individually for the previous year.
10. Names of shareholders owning (1% or more) and related groups owning (5% or more) of the bank's capital, identifying the actual beneficiary of these shares or any part of them, and clarifying whether any of these shares are pledged wholly or partially.
11. Publishing a report on institutional governance practices.
12. The bank's sustainability policy and actions taken regarding it.