articles Ratings /ratings/en/research/articles/210524-external-auditing-of-sharia-compliance-will-likely-strengthen-governance-in-islamic-finance-11965286 content esgSubNav
In This List

External Auditing Of Sharia Compliance Will Likely Strengthen Governance In Islamic Finance


Government Support And Improving Economic Sentiment Help Mitigate Sector Vulnerabilities For GCC Banks


Credit FAQ: Evergrande Default Contagion Risk--Ripple Or Wave?


SF Credit Brief: U.S. Structured Finance Issuance Totaled $57B In August, Rising 65% Year Over Year To $467B


Credit FAQ: Social RMBS: Is The Pursuit Of Housing Equality A Risky Business?

External Auditing Of Sharia Compliance Will Likely Strengthen Governance In Islamic Finance

In early May 2021, the Accounting and Auditing Organization for Islamic Financial Institutions (AAOIFI) published its auditing standard No. 6, which specifies its criteria for external audit of Sharia compliance at Islamic financial institutions (IFIs). In S&P Global Ratings' view, this is a step forward for the industry and will reinforce governance and enhance market discipline. In this context, key aspects of market discipline include greater consistency in adhering to Sharia principles and a culture of rapid remedial action by noncompliant institutions, in response to wider market and investor demands.

Given the lack of standardization that the Islamic finance industry has been facing, the first problem AAOIFI faced was, which standards should an audit exercise be performed against? In its No. 6 standard, AAOIFI addresses this by creating a hierarchy of the existing standards and regulations.

If opinions from these sources are ambiguous, the standard prioritizes the approvals and clarifications of the entity's specific Sharia board. This is the obvious choice, given that these approvals and clarifications underpin an IFI management team's decisions and the institution's functioning.

Internal Sharia audits are already performed on some IFIs, such as Islamic banks and takaful companies, but the findings are not published. Although they give stakeholders some assurance that they are compliant, they present an inherent conflict of interest. In our view, internal auditing has not meaningfully supported enhanced transparency. Enforcing external, independent audits, however, could change the game, especially if the detailed results were published, or at least shared with the IFI's key stakeholders. These would include holders of unrestricted investment accounts (URIAs).

AAOIFI does not specify if the standard will apply to market instruments issued by entities that are not subject to internal Sharia audit (for example, corporate or sovereign sukuk issuers). In our view, extending the practice of external audits to these instruments could also help strengthen their credibility.

Creating An External Audit Rulebook

AAOIFI's aim, in publishing its auditing standard No. 6, was to preserve the stability of Islamic finance markets and provide some guidance on how to perform an external audit of an IFI's Sharia compliance.

The new standard creates a hierarchy of the regulations, standards, and rulings against which the auditing exercise is to be performed. In order, these are:

  • The Sharia standards issued by the AAOIFI.
  • The regulations issued by the institution's regulator if these include Sharia requirements.
  • The rulings of the central Sharia board of the specific jurisdiction in which the institution is based.
  • The requirements of the accounting standards of the AAOIFI, if these include Sharia requirements.
  • The approvals and rulings of the Sharia board of the institution.

Moreover, the AAOIFI explains that if there is any ambiguity in interpreting the first four of these directions, the institution's Sharia board's clarification will prevail. In our view, this will make it easier to adopt standard No. 6. AAOIFI's standards have not been widely adopted, and only few core Islamic finance countries use the AAOIFI Sharia standards in full as part of their local regulation. In addition, not all Islamic finance core markets even have centralized Sharia boards.

Markets Will Welcome Greater Transparency

In our view, external sharia audits could strengthen market discipline, especially if detailed audit reports are published or at least communicated to the IFI's key stakeholders, including the URIA holders. Stakeholders would prize access to more information related to Sharia compliance and the industry would benefit from greater consistency in adhering to Sharia principles. We also anticipate a stronger culture of rapid remedial action, where audits uncover noncompliance.

At present, some IFIs are subject to internal Sharia audit, but the results are typically not published. In addition, as the exercise remains internal, there is an inherent conflict of interest. Some entities may be given the opportunity to implement corrective measures, should the internal auditor discover that they were not compliant.

By contrast, with external audits, the auditors are likely to be independent from the institution. AAOIFI recommends that professional accounting and auditing firms perform the audit. In our view, publication of the audit report could strengthen market discipline and increase transparency. Stakeholders would have access to relevant information related to the Sharia compliance of their institution and could take remedial actions, if necessary.

The No. 6 standard doesn't specify whether it applies to individual transactions--for example, sukuk sponsored by entities that are not themselves subject to external Sharia audit. Internal Sharia boards typically perform Sharia validations before sponsoring transactions. However, we think an external Sharia audit could strengthen the industry's credibility and avoid situations where issuers question the compliance of instruments after transactions have closed.

Sharia Compliance Indirectly Affects Our Ratings

S&P Global Ratings neither structures transactions, nor does it opine on Sharia compliance. That said, noncompliance could have significant reputational and financial effects for IFIs and, ultimately, could affect their creditworthiness.

Some issuers and debtors have also used Sharia compliance to try to avoid honoring their financial obligations, although their argument has generally been dismissed during the resulting legal proceedings. In some instances, payments were delayed, resulting in the default of the entity. Since then, we have started to see clauses in issuance legal documents that prevent issuers from questioning the Sharia compliance of their instruments after closing.

In our view, external Sharia audits could strengthen the corporate governance of eligible institutions. If management teams know to expect such audits, they will see little benefit in adopting practices that might be perceived as not being Sharia-compliant. In turn, this could enhance stakeholders' confidence in IFIs. By publishing external audits of its Sharia compliance, an IFI could also minimize the risk of being perceived as either noncompliant or nontransparent.

Related Research

This report does not constitute a rating action.

Primary Credit Analyst:Mohamed Damak, Dubai + 97143727153;
Secondary Contacts:Dhruv Roy, Dubai + 971(0)56 413 3480;
Sapna Jagtiani, Dubai + 97143727122;
Emir Mujkic, Dubai + (971)43727179;

No content (including ratings, credit-related analyses and data, valuations, model, software or other application or output therefrom) or any part thereof (Content) may be modified, reverse engineered, reproduced or distributed in any form by any means, or stored in a database or retrieval system, without the prior written permission of Standard & Poor’s Financial Services LLC or its affiliates (collectively, S&P). The Content shall not be used for any unlawful or unauthorized purposes. S&P and any third-party providers, as well as their directors, officers, shareholders, employees or agents (collectively S&P Parties) do not guarantee the accuracy, completeness, timeliness or availability of the Content. S&P Parties are not responsible for any errors or omissions (negligent or otherwise), regardless of the cause, for the results obtained from the use of the Content, or for the security or maintenance of any data input by the user. The Content is provided on an “as is” basis. S&P PARTIES DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE, FREEDOM FROM BUGS, SOFTWARE ERRORS OR DEFECTS, THAT THE CONTENT’S FUNCTIONING WILL BE UNINTERRUPTED OR THAT THE CONTENT WILL OPERATE WITH ANY SOFTWARE OR HARDWARE CONFIGURATION. In no event shall S&P Parties be liable to any party for any direct, indirect, incidental, exemplary, compensatory, punitive, special or consequential damages, costs, expenses, legal fees, or losses (including, without limitation, lost income or lost profits and opportunity costs or losses caused by negligence) in connection with any use of the Content even if advised of the possibility of such damages.

Credit-related and other analyses, including ratings, and statements in the Content are statements of opinion as of the date they are expressed and not statements of fact. S&P’s opinions, analyses and rating acknowledgment decisions (described below) are not recommendations to purchase, hold, or sell any securities or to make any investment decisions, and do not address the suitability of any security. S&P assumes no obligation to update the Content following publication in any form or format. The Content should not be relied on and is not a substitute for the skill, judgment and experience of the user, its management, employees, advisors and/or clients when making investment and other business decisions. S&P does not act as a fiduciary or an investment advisor except where registered as such. While S&P has obtained information from sources it believes to be reliable, S&P does not perform an audit and undertakes no duty of due diligence or independent verification of any information it receives. Rating-related publications may be published for a variety of reasons that are not necessarily dependent on action by rating committees, including, but not limited to, the publication of a periodic update on a credit rating and related analyses.

To the extent that regulatory authorities allow a rating agency to acknowledge in one jurisdiction a rating issued in another jurisdiction for certain regulatory purposes, S&P reserves the right to assign, withdraw or suspend such acknowledgment at any time and in its sole discretion. S&P Parties disclaim any duty whatsoever arising out of the assignment, withdrawal or suspension of an acknowledgment as well as any liability for any damage alleged to have been suffered on account thereof.

S&P keeps certain activities of its business units separate from each other in order to preserve the independence and objectivity of their respective activities. As a result, certain business units of S&P may have information that is not available to other S&P business units. S&P has established policies and procedures to maintain the confidentiality of certain non-public information received in connection with each analytical process.

S&P may receive compensation for its ratings and certain analyses, normally from issuers or underwriters of securities or from obligors. S&P reserves the right to disseminate its opinions and analyses. S&P's public ratings and analyses are made available on its Web sites, (free of charge), and and (subscription), and may be distributed through other means, including via S&P publications and third-party redistributors. Additional information about our ratings fees is available at

Any Passwords/user IDs issued by S&P to users are single user-dedicated and may ONLY be used by the individual to whom they have been assigned. No sharing of passwords/user IDs and no simultaneous access via the same password/user ID is permitted. To reprint, translate, or use the data or information other than as provided herein, contact S&P Global Ratings, Client Services, 55 Water Street, New York, NY 10041; (1) 212-438-7280 or by e-mail to: