Overview

Two of the most consequential governance obligations imposed on digital banks in Iraq and among the least understood by founding groups are the related party transaction regime and the supermajority board approval requirement. These obligations are grounded in Iraqi banking legislation, reinforced by the CBI’s digital bank regulatory framework, and designed to prevent a class of institutional failure that is well documented internationally: the subordination of a bank’s interests to those of its controlling shareholders.

This article examines both obligations in precise legal terms, sets out the CBI’s specific requirements as issued in its regulatory instruments, and explains how these requirements interact with international standards for related party governance in supervised financial institutions.

1. Legal Basis

The digital bank framework expressly grounds its related party and governance requirements in Iraqi banking legislation. Standard D1 of the CBI’s Standards Booklet which governs related parties and conflicts of interest applies to all digital banks and must be in full compliance from Assessment Cycle 1. This standard operates in addition to, not instead of, the requirements under Articles 22 and 17 of Iraqi banking legislation, which set out foundational rules on bank ownership and board conduct.

The framework’s instruction is explicit: its requirements supplement existing Iraqi law and do not displace it. A digital bank must therefore comply with both layers, the baseline requirements of Iraqi banking legislation and the additional, more demanding requirements of the CBI’s digital bank framework.

2. Definition of Related Party: CBI’s Comprehensive Scope

The CBI has adopted a deliberately broad definition of related party, one that goes beyond conventional legal ownership concepts. Under the framework, a related party includes any individual or legal entity connected through family, business, or political relationships defined as follows:

• Family relationships: individuals connected by blood, marriage, or kinship to the fourth degree. The framework enumerates all four degrees explicitly: first degree (parents, children), second degree (siblings, grandparents, grandchildren), third degree (aunts, uncles), and fourth degree (first cousins). This means that shareholding and board membership analysis must extend across the full family network of each founder, director, and senior executive.
• Business relationships: individuals or entities currently in a commercial partnership, holding shares in the same institution, serving together on the same board, or where one party works for a company owned or controlled by the other party. Business connections are assessed on a substantive basis, formal corporate separation does not sever a related party relationship where common control or shared economic interest exists.
• Political relationships: individuals or entities connected by family or business ties to any person carrying political risk, or subject to the influence or control of any party exercising power or influence. This category is particularly significant given the specific political risk considerations applicable in Iraq.

The legal consequence of this definition is material: all shareholding limits, board independence requirements, and transaction approval thresholds must be assessed on a consolidated basis that aggregates the holdings and positions of all related parties, not merely those of the individual or entity acting alone.

3. Related Party Transaction Obligations

The framework requires that all digital banks maintain comprehensive internal policies governing transactions with related parties. These policies must address conflict of interest controls, market abuse and inside information procedures, professional conduct standards, and arrangements for approving and notifying transactions involving the personal accounts of directors and senior management.

3.1 Credit Facilities to Related Parties

Credit extended to related parties is subject to the limits established under Iraqi banking legislation and the CBI’s regulatory framework. The key legal requirements are:

• All credit facilities to related parties must be approved by a supermajority of the board defined as approval by a proportion of votes equal to or exceeding two-thirds of board members.
• Credit extended to related parties must be reported to the CBI on a quarterly basis. The report must include a full list of all related party exposures, the terms of each facility, and the basis on which the board approved the transaction.
• Related party credit must be extended on market terms, no preferential pricing, security, or covenant arrangements are permitted. Any deviation from arm’s length terms requires enhanced board scrutiny and specific CBI notification.
• The aggregate exposure to all related parties must be maintained within the limits established by Iraqi banking legislation and any supplementary instructions issued by the CBI. Digital banks must monitor these limits continuously and have board-approved procedures for managing proximity to and breaches of such limits.

4. Supermajority Board Approval Requirement

The CBI’s framework introduces a supermajority board approval requirement for a defined category of significant decisions. This requirement means that certain decisions cannot be taken by a simple majority of the board, they require the approval of at least two-thirds of all board members.

The CBI defines supermajority approval as a proportion of votes equal to or exceeding two-thirds. The decisions that require supermajority board approval are:

• Removal of a board member
• Appointment or removal of the CEO, CTO, CFO, Chief Risk Officer, Compliance Officer, MLRO, or Head of Internal Audit subject to CBI approval for all relevant appointments
• Approval of mergers, acquisitions, or significant asset sales exceeding a threshold set by the CBI
• Changes to the bank’s internal regulations or articles of association, and the issuance of new shares
• Capital restructuring, or any action that would dilute existing shareholders
• Approval of any transaction with a related party, in accordance with Standard D1 of the framework

4.1 International Standard Background

The supermajority requirement reflects a well-established international governance principle. The Basel Committee on Banking Supervision’s guidance on corporate governance for banks, and the Financial Stability Board’s principles on risk governance, both emphasize the importance of board-level controls that cannot be circumvented by a controlling shareholder acting through a simple majority of appointed directors. By requiring supermajority approval for related party transactions and key personnel decisions, the CBI has implemented a structural protection aligned with these international standards.

For founders and investors, the practical implication is clear: no single bloc of directors including those nominated by the largest shareholder or the QII can unilaterally drive through decisions in these categories. This protection benefits minority shareholders and depositors alike.

5. Conflict of Interest Policies: CBI’s Minimum Requirements

Every digital bank must maintain board-approved policies specifically addressing conflicts of interest. These must include at minimum:

• Market abuse and inside information controls: the bank must maintain information barriers between its lending, investment, and advisory functions where these create potential for the misuse of material non-public information. These controls must be documented, tested, and subject to independent audit.
• Professional conduct rules: standards governing the personal conduct of board members and senior management in relation to the bank’s business, including rules on outside directorships, personal investments in counterparties, and the disclosure of potential conflicts before board deliberations.
• Personal account dealing arrangements: a regime for approving and notifying personal transactions in financial instruments by directors and key personnel, consistent with the insider dealing prohibitions under Iraqi banking legislation and applicable securities regulations.
• Disclosure and recusal procedures: formal procedures requiring any director or executive with a personal interest in a proposed transaction to disclose that interest and recuse themselves from the relevant board or management deliberation.