Etihad Law

Facebook X-twitter Linkedin Instagram Icon-mail

Digital Bank – Governance & Board Obligations

Digital Bank - Governance & Board Obligations

Overview

Governance is one of the most legally demanding areas of the digital bank licensing framework. The requirements go significantly beyond what is prescribed by general Iraqi banking legislation, imposing specific rules on board composition, director independence, the qualifications required for technical roles, the structure and functioning of board committees, the conduct of board meetings, and the personal liability of directors and senior management for the bank’s compliance failures.

This article examines these governance obligations in legal terms, with particular focus on the elements that are most significant for founders, investors, and their advisers, the board composition requirements, the fit and proper assessment process, the committee structure, and the consequences of governance failures.

 

1. Board Composition: The Legal Requirements

The board of directors of a digital bank in Iraq must satisfy the following composition requirements:

  • The board must consist of exactly nine members
  • All board members must be non-executive directors meaning they must not hold any full-time or part-time employment with the bank with the sole exception of the CEO (Managing Director)
  • At least six of the nine board members must be independent directors
  • Of the six independent directors, at least three must be nominated by the Qualified Institutional Investor(s) in the ownership structure
  • Where there is more than one QII in the ownership structure, the board must include at least one representative of each QII
  • At least three board members must have sufficient technical expertise in the field of digital banking
  • If the chairman of the board is not an independent director, the chairman may not hold membership of any board committee

1.1 Independence Requirement

An independent director is one who has no current or recent affiliation, financial relationship, or material connection with the bank or its subsidiaries, other than affiliations or connections expressly permitted by the CBI. The independence criteria are defined in detail in the CBI’s ESG and institutional governance guidelines for banks. Legal advisers preparing governance documentation should ensure that the independence analysis is conducted on a substantive basis, not merely a formal one.

1.2 Technical Expertise in Digital Banking

The requirement for at least three board members with technical expertise in digital banking is defined in detail in the assessment guidelines. To satisfy this requirement, a board member must have a demonstrable practical or academic background in one or more of the following areas:

  • Banking information technology systems
  • Digital payment systems
  • Banking cybersecurity
  • Development and operation of platforms and applications related to digital banking
  • Management and operation of electronic banking services

This expertise must be evidenced by a minimum of seven years of relevant experience, during which the individual held a senior leadership or supervisory position (such as department head, unit chief, or equivalent) at a licensed financial institution or licensed fintech company.

 

2. Board Tenure and Term Limits

Board members are appointed by the bank’s general assembly for a term not exceeding four years. Board members may be reappointed for one additional term of equal duration, meaning the maximum total tenure of a board member is eight years (two four-year terms). Reappointment for a third or subsequent term is not permitted.

The board must hold a minimum of six meetings per calendar year. A meeting counts toward the minimum only if two conditions are satisfied: the legally required quorum is present (at minimum 50% of members, including at least three independent directors), and an audio-visual recording of the meeting is provided to the CBI by the board secretary, together with copies of the meeting minutes and an invitation to the CBI’s designated observer to attend.

 

3. Fit and Proper Requirements

All board members are subject to a fit and proper assessment. This assessment must be conducted by an independent, CBI-approved firm. The assessment covers:

  • Criminal record and history of disciplinary proceedings
  • Character, integrity, and professional conduct including personal and professional behaviour, reputation, and transparency in previous appointments
  • Confirmation that the board member is at least 30 years of age
  • Confirmation that the board member has not previously been convicted of a criminal offence or an offence involving dishonesty or breach of trust, and is not subject to local or international sanctions
  • Absence of conflicts of interest that could compromise the integrity of management or create risks to the separation of shareholder and management functions
  • Academic qualifications, all board members must hold at minimum a university degree (bachelor’s level) consistent with the standards prescribed by the CBI
  • Professional experience, board members must have at least 10 years of leadership or management experience in relevant fields (finance, law, accounting, technology), preferably at institutions of comparable size and complexity
  • Financial soundness, including personal financial position, history of insolvency or bankruptcy, and compliance with tax and debt obligations
  • Regulatory and legal compliance history

Future board members must obtain approval through the fit and proper assessment before they are formally appointed. Board members must also undergo the fit and proper assessment upon re-election at the end of each term.

 

4. Board Committee Requirements

In addition to the audit committee mandated by Iraqi banking legislation, digital banks must establish the following board-level committees:

Committee

Legal Basis / Purpose

Audit Committee

Required by Iraqi banking legislation; oversees financial reporting integrity, compliance with applicable laws, and the internal audit function

Risk Management Committee

Responsible for identifying, assessing, and mitigating risks across the institution; oversees risk management policies and the maintenance of financial stability

ICT Governance Committee

Oversees the bank’s technology direction; ensures effective use of technology with appropriate risk management and regulatory compliance

ESG & Sustainability Committee

Oversees the bank’s compliance with sustainable practices, environmental and social regulatory requirements, and integration of sustainability into strategic decision-making

Nominations & Remuneration Committee

Responsible for nominating and approving new members of the management team (excluding internal and Sharia auditors); reviewing all board candidates; overseeing new independent directors and the approval process

 

All committees must be constituted and organized in accordance with the CBI’s ESG and institutional governance guidelines. The chair of each committee must be an independent member of the board of directors.

 

5. Senior Management: Legal Requirements and Fit and Proper Obligations

The following positions constitute the senior management of a digital bank for the purposes of the framework, and all are subject to mandatory fit and proper assessment:

  • Chief Executive Officer (CEO) / Managing Director
  • Chief Technology Officer (CTO)
  • Chief Information Security Officer (CISO)
  • Chief Financial Officer (CFO)
  • Chief Risk Officer (CRO)
  • Head of Internal Audit
  • Compliance Officer
  • Money Laundering Reporting Officer (MLRO)
  • Any person reporting directly to the CEO or to the board of directors
  • Any person exercising significant influence over the management of the bank while employed by or acting as an officer of the bank’s parent company or subsidiaries

Each of these roles has specific minimum qualification requirements prescribed by the framework covering academic credentials, years of experience, professional certifications, and where applicable, language proficiency requirements. Legal advisers should review the specific requirements for each role when advising on management appointments.

5.1 Specific Requirement: MLRO Must Be Iraqi

One specific nationality requirement applies within the senior management framework: the Money Laundering Reporting Officer (MLRO) must be an Iraqi national. This is an express requirement of the framework and cannot be satisfied by a non-Iraqi national regardless of their qualifications or experience.

5.2 Leadership Role Vacancies

The framework allows a gap in a leadership role of no more than twelve weeks in cases of sudden resignation, dismissal, or vacancy. This twelve-week period does not apply to the CEO position, the board must immediately appoint an interim CEO pending the appointment of a permanent replacement within the twelve-week period.

 

6. Personal Liability of Directors and Senior Management

The framework imposes explicit personal liability on board members and senior management for losses and damages suffered by the bank as a result of their deliberate actions or negligence. Specifically, directors and executives are personally liable where they:

  • Cause harm to the bank’s operations or expose the bank to loss through their actions or omissions
  • Allow risks to develop and fail to address them, or fail to mitigate them
  • Conceal information related to the bank’s activities
  • Provide misleading information or make misleading representations that are prejudicial to shareholders or to the bank itself

This personal liability extends jointly to the bank for losses and damages caused by such conduct. The bank and the responsible individuals are jointly and severally liable for such losses.

6.1 Mandatory Reporting Obligations

Board members, senior management, external auditors, and heads of supervisory departments within the bank are legally required to notify the CBI immediately upon becoming aware of any event that threatens or may threaten the bank’s reputation or financial position, or upon discovery of any violation of applicable law or CBI instructions.

 

7. Restrictions on Board Membership

A person may not serve as a board member of a digital bank in any of the following circumstances:

  • If they are currently a board member of any other financial institution whose license has been revoked or cancelled by the CBI
  • If they have been convicted of a criminal offence or an offence involving dishonesty or breach of trust in any jurisdiction, or are subject to local or international sanctions
  • If they have declared personal insolvency or have defaulted on debts owed to any financial institution
  • If they are currently a board member of a financial institution in which they have a substantially similar or conflicting role, or are employed by any related institution, or have any other relationship that creates a conflict of interest
  • If they are under the age of 30
  • If their appointment has not received prior CBI approval following the general assembly meeting at which they are elected