Central Bank of the UAE Financial Reporting and External Audit Standards 162/2018

CENTRAL BANK OF THE U.A.E. 
FINANCIAL REPORTING AND EXTERNAL AUDIT 
STANDARDS 

FINANCIAL REPORTING AND EXTERNAL AUDIT STANDARDS 162/2018 
Table of Contents 
INTRODUCTION .................................................................................................................. 2 
ARTICLE (1): DEFINITIONS .............................................................................................. 2 
ARTICLE (2): FINANCIAL REPORTING ................................................................... ..... 3 
ARTICLE (3): EXTERNAL AUDIT .................................................................................... 4 
ARTICLE (4): DUTY TO REPORT TO THE CENTRAL BANK .. ... .............................. 8 
ARTICLE (5): ISLAMIC BANKING ............................................................... ................ .. .. 8 
y 

FINANCIAL REPORTING AND EXTERNAL AUDIT STANDARDS 162/2018 
INTRODUCTION 
1. These Standards form part of the Financial Reporting and External Audit Regulation. All 
Banks must comply with these Standards, which expand on the Regulation. These Standards 
are mandatory and enforceable in the same manner as the Regulation. 
2. The Board is in the ultimate control of the Bank and accordingly ultimately responsible for 
the Bank's approach to financial reporting and external audit. There is no one-size-fits-all or 
single best solution. Accordingly, each Bank could meet the minimum requirements of the 
Regulation and Standards in a different way and thus may adopt an organizational framework 
appropriate to the risk profile, nature, size and complexity of its business and structure. The 
onus is on the Board to demonstrate that it has implemented a comprehensive approach to 
financial reporting and external audit. Banks are encouraged to adopt leading practices that 
exceed the minimum requirements of the Regulation and Standards. 1 
3. The Standards follow the structure of the Regulation, with each article corresponding to the 
specific article in the Regulation. 
ARTICLE (1): DEFINITIONS 
1. Affiliate: An entity owned by another entity by more than 25% and less than 50% of its 
capital. 
2. Bank: A financial entity, which is authorized by the Central Bank to accept deposits as a 
bank. 
3. Board: The Bank's board of directors. 
4. Central Bank: The Central Bank of the United Arab Emirates. 
5. Central Bank Law: Union Law No (10) of 1980 concerning the Central Bank, the 
Monetary System and Organization of Banking as amended or replaced from time to time. 
6. Controlling Shareholder: A shareholder who has the ability to directly or indirectly 
influence or control the appointment of the majority of the board of directors, or the decisions 
made by the board or by the general assembly of the entity, through the ownership of a 
percentage of the shares or stocks or under an agreement or other arrangement providing for 
such influence. 
7. External Auditor: The audit firm and the individual audit engagement team members 
conducting the audit. Where relevant, specific references are made to the audit firm only in 
certain paragraphs. 
1 The Central Bank will apply the principle of proportionality in the enforcement of the Regulation and Standards, 
whereby smaller Banks may demonstrate to the Central Bank that the objectives are met without necessarily 
addressing all of the specifics cited in the Standards. 

FINANCIAL REPORTING AND EXTERNAL AUDIT STANDARDS 162/2018 
8. Group: A group of entities which includes an entity (the 'first entity') and: 
a. any Controlling Shareholder of the first entity; 
b. any Subsidiary of the first entity or of any Controlling Shareholder of the first 
entity; and 
c. any Affiliate. 
9. Internal Control: Consists of five interrelated elements, whose effective functioning is 
essential to achieving a Bank's performance, information, and compliance objectives: 
a. management oversight and the control culture; 
b. risk recognition and assessment; 
c. control activities and segregation of duties; 
d. information and communication; and 
e. monitoring activities and correcting deficiencies. 
10. Islamic Financial Services: Shari' a compliant financial services offered by Islamic Banks 
and Conventional Banks offering Islamic banking products (Islamic Windows). 
11. Pillar 3: Pillar 3 disclosure requirements - consolidated and enhanced framework issued 
by the Basel Committee on Banking Supervision in March 2017 and any subsequent revisions. 
12. Risk governance framework: As part of the overall approach to corporate governance, 
the framework through which the Board and management establish and make decisions about 
the Bank's strategy and risk approach; articulate and monitor adherence to the risk appetite 
and risk limits relative to the Bank's strategy; and identify, measure, manage and control risks. 
13. Senior Management: The executive management of the Bank responsible and 
accountable to the Board for the sound and prudent day-to-day management of the Bank, 
generally including, but not limited to, the chief executive officer, chief financial officer, chief 
risk officer, and heads of the compliance and internal audit functions. 
14. Subsidiary: An entity, owned by another entity by more than 50% of its capital, or is under 
full control of that entity regarding the appointment of the board of directors. 
ARTICLE (2): FINANCIAL REPORTING 
1. The Board is responsible for ensuring that the risk governance framework of the Bank, and 
if applicable, Group, provides for appropriate oversight of financial reporting and external 
audit. The framework must, at a minimum, provide for: 
a. Documentation in an appropriate mandate or terms of reference of the role and 
responsibility of the Board audit committee, including with respect to financial 
reporting; and 
V 

FINANCIAL REPORTING AND EXTERNAL AUDIT STANDARDS 162/2018 
b. Board-approved policies, procedures, systems, internal controls and 
independent assurance by the internal and/or external audit functions of the 
Bank on the preparation of financial statements and prudential reporting to the 
Central Bank. 
2. Banks must prepare their financial statements in accordance with the International Financial 
Reporting Standards (IFRS) and the instructions of the Central Bank. Such instructions may 
include, but are not limited to, the submission and publication of financial statements, 
classification and provisioning of financial items or guidance on the application of specific 
IFRS in the U AE banking sector. 
3. The Board's responsibilities for governance structures applicable to all financial instruments 
measured at fair value must include: 
a. Reviewing and approving written policies related to fair valuations; 
b. Ongoing review of significant valuation model performance for issues 
escalated for resolution and all significant changes to valuation policies; 
c. Ensuring adequate resources are devoted to the valuation process; 
d. Articulating the Bank's tolerance for exposures subject to valuation uncertainty 
and monitoring compliance with the Board's overall policy settings at an 
aggregate Bank-wide level; 
e. Ensuring independence in the valuation process between risk taking and control 
units; 
f. Ensuring the appropriate internal and external audit coverage of fair valuations 
and related processes and controls; 
g. Ensuring the consistent application of accounting and disclosures; and 
h. Ensuring the identification of significant differences, if any, between 
accounting and risk management measurements, and that these are well 
documented and monitored. 
ARTICLE (3): EXTERNAL AUDIT 
1. The external audit in Banks must be fully compliant with the provisions laid down in the 
Central Bank Law. Where more than one External Auditor is appointed, the External Auditors 
must distribute duties amongst themselves and issue a common external audit opinion. 
2. The Board audit committee must approve a policy for the tendering of the audit engagement. 
This must include requirements for knowledge and competence, objectivity, independence, 
professional skepticism and quality control. The Board audit committee must review and agree 
to the terms of the engagement prior to the signing of the written contract. Where relevant, the 
Board audit committee must ensure that the work plan of the engagement has been updated to 
reflect changes in the size, business mix or complexity of the Bank or in the instructions of the 
Central Bank. 
V 

FINANCIAL REPORTING AND EXTERNAL AUDIT STANDARDS 162/2018 
3. The Bank must carry out a procurement procedure to select the external audit firm at least 
once every 6 years, which coincides with the period of the rotation of the firm. Following 
rotation, a cooling off period of 3 years must be observed before the same firm may be re￾selected. In addition, the Bank must rotate the external audit partner in charge of the audit 
every 3 years. 
4. The Board audit committee must assess the overall quality of the External Auditor at least 
annually. The External Auditor must provide the Board audit committee on an annual basis 
with a report on the audit firm's internal quality control procedures, including the audit firm's 
engagement quality control process, and any significant matters of concern arising from these 
procedures. 
5. In monitoring and assessing the work of the External Auditor, the Board audit committee 
must obtain an understanding of the auditor's view on any significant matters arising during 
the audit, including both those subsequently resolved and those that remain outstanding. The 
Board audit committee must review with the External Auditor the statements provided by the 
Board and Senior Management in the representation letter to the External Auditor, considering 
whether, based on the knowledge of the members of the Board audit committee, the 
information provided for each item is complete and appropriate. 
6. Following completion of the fieldwork for the audit, and prior to issuance of the audit 
opinion, the Board audit committee must consider whether the External Auditor followed the 
audit plan and understand any reasons for changes in the plan. The Board audit committee 
must obtain feedback from Senior Management on the conduct of the audit. The Board audit 
committee's assessment of the effectiveness of the external audit process must be reported to 
the Board for discussion of findings and any recommendations. 
7. The Board audit committee must have the right and authority to meet regularly - in the 
absence of Senior Management-with the External Auditor to understand and discuss all issues 
that may have arisen between the External Auditor and Senior Management in the course of 
the external audit and how these issues have been resolved. These meetings must also address 
any other matters that the External Auditor believes the Board audit committee should be 
aware of in order to exercise its responsibilities. 
8. The Board audit committee must discuss with the External Auditor any matters arising from 
the audit that may have an impact on regulatory capital or regulatory disclosures. This may 
include, but is not limited to, the discussion of accounting impairment charges versus 
regulatory expected losses and the consistency of the Bank's prudential information, including 
the Pillar 3 reporting, with its annual report. 
9. The External Auditor must provide the Board audit committee with timely observations 
arising from the audit that are relevant to the committee's oversight responsibility for the 
financial reporting process. These include, but not limited to: 
a. Significant difficulties encountered during the audit; 
b. Key areas of significant risk of material misstatement in the financial 
statements, in particular areas of estimates or measurement uncertainty such as 
loan loss provisioning and consequential effects on earnings, capital and other 
regulatory ratios; 
V 

FINANCIAL REPORTING AND EXTERNAL AUDIT STANDARDS 162/2018 
c. Areas of significant management judgement; 
d. The extent of requests made by the Group auditor to another audit firm or 
member firms with respect to performance of a Group audit; 
e. The use of external experts to assist with the audit; 
f. The External Auditor's approach to internal control and significant internal 
control deficiencies noted; 
g. The extent to which the External Auditor has used the work of the internal audit 
function; 
h. Matters relating to accountability, including significant decisions or actions by 
Senior Management that lack appropriate authorization; 
1. Significant qualitative aspects of financial statement disclosures; and 
J. Feedback on the External Auditor's relationship with Senior Management. 
10. The Board audit committee must approve a policy governing the provision of non-audit 
services by the External Auditor. This policy must specify the types of non-audit services the 
External Auditor may provide, or is prohibited from providing, and establish a requirement 
for approval of any such arrangement by the Board audit committee or by an appropriate level 
of Senior Management in accordance with authority delegated by the Board audit committee. 
11. The prohibited non-audit services are listed below; they must include further any 
prohibited services under Article (20) of Federal Law no. 12 of 2014 concerning Auditing 
Profession as well as under the Code of Ethics for Professional Accountants issued by the 
International Ethics Standards Board for Accountants, which are not specifically listed below: 
a. Bookkeeping and preparing accounting records and financial statements; 
b. Designing and implementing internal control or risk management procedures 
related to the preparation and/or control of financial information or designing 
and implementing financial information technology systems; 
c. services related to the Bank's internal audit function; 
d. valuation services, including valuations performed in connection with actuarial 
services or litigation support services; 
e. human resources services, with respect to: 
1. management in a position to exert significant influence over the 
preparation of the accounting records or financial statements which are 
the subject of the external audit, where such services involve searching 
for or seeking out candidates for such position or undertaking reference 
checks of candidates for such positions; 
11. structuring the organisation design; and 
V 

FINANCIAL REPORTING AND EXTERNAL AUDIT STANDARDS 162/2018 
m. cost control; 
f. brokerage services in securities services or works; 
g. services linked to the financing, capital structure and allocation, and investment 
strategy of the Bank, except providing assurance services in relation to the 
financial statements, such as the issuing of comfort letters in connection with 
prospectuses issued by the Bank; 
h. promoting, dealing in, or underwriting shares in the Bank; 
1. legal services, with respect to: 
1. the provision of general counsel; 
11. negotiating on behalf of the Bank; and 
m. acting in an advocacy role in the resolution of litigation; 
J. services that involve playing any part in the management or decision-making 
of the Bank; and 
k. tax services and provision of tax advice. 
12. Where non-audit services are provided by the External Auditor, the Board audit committee 
must monitor the provision of such services to ensure that their performance does not impair 
the External Auditor's objectivity and independence. This must take into consideration various 
factors including the skills and experience of the External Auditor, safeguards in place to 
mitigate any threat to objectivity and independence, and the nature of and arrangements for 
non-audit fees. The Bank's annual report must explain to shareholders the nature of and the 
fee arrangements for the non-audit services received, and how the External Auditor's 
independence is safeguarded. 
13. The External Auditor must meet the following expectations: 
a. have banking industry knowledge and competence sufficient to respond 
appropriately to the risks of material misstatement in the Bank's financial 
statements and to properly meet any additional regulatory requirements that 
may be part of the external audit; 
b. be objective and independent in both fact and appearance with respect to the 
Bank; 
c. exercise professional skepticism when planning and performing the audit of 
Banks, having due regard to the specific challenges in auditing a Bank; 
d. comply with the applicable standards on quality control; 
e. identify and assess the risks of material misstatement in the Bank's financial 
statements, taking into consideration the complexities of the Bank's activities 
and the effectiveness of its internal control environment; and 
{/ 

FINANCIAL REPORTING AND EXTERNAL AUDIT STANDARDS 162/2018 
f. have professional indemnity insurance in the UAE. 
14. The External Auditor must furnish the Board audit committee at least annually with 
information about the firm's policies and processes for maintaining independence and 
monitoring compliance with independence requirements. This includes, but is not limited to, 
assurance that the audit engagement team members have no personal, family, business, 
financial or other relationships with the Bank which could adversely affect the External 
Auditor's actual or perceived independence and objectivity. 
15. The External Auditor may not purchase the securities of the Bank whose accounts are 
audited by them or sell such securities directly or indirectly or provide any consultancies to 
any person in connection with such securities during the blackout period. 
16. The External Auditor may not serve on the Board or hold a position in Senior Management 
before two years have lapsed from the time of involvement in the Bank's audit. 
17. The External Auditor's terms of engagement must be established in a written contract 
which, at a minimum, provides that: 
a. The External Auditor must meet with the Central Bank as deemed necessary 
for supervisory purposes. The Central Bank will determine whether the Bank 
will participate in such meetings; 
b. The External Auditor bears no duty of confidentiality to the Bank with respect 
to any notification to or meeting with the Central Bank required by this 
Regulation, or the provision of any document or information required to be 
submitted to, or requested by, the Central Bank for supervisory purposes; and 
c. The External Auditor must provide, upon request by the Central Bank, access 
to working papers and other documents that support conclusions made in the 
audit opinion. 
ARTICLE (4): DUTY TO REPORT TO THE CENTRAL BANK 
1. The contract between the Bank and its External Auditor must specifically include all the 
requirements of Article 4 of the Regulation with regard to its duty to report to the Central 
Bank. 
ARTICLE (5): ISLAMIC BANKING 
1. The terms of the engagement of the External Auditor of Banks offering Islamic Financial 
Services must ensure adequate coverage of the financing portfolio, financing loss provisions, 
non-performing assets, asset valuations, trading and other securities transactions, Shari'a￾compliant hedging instruments, asset securitizations, consolidation of and other involvement 
with off-balance sheet vehicles and the adequacy of internal controls over financial reporting. 
//