Internal Control Systems (IC):
The integrity and reliability of the internal control systems are achieved through policies and procedures, process automation, careful selection of employees, bringing awareness to the staff, and an organizational structure that segregates responsibilities.
Control procedures have been established to safeguard its assets and to ensure that decisions, actions, and transitions are properly authorized, and financially recorded. Risk Control Self Assessments (RCSA), compliance testing and reviews are conducted periodically by the Risk Management Department and Compliance Department respectively.
1- Internal Audit (IA)
The internal audit function has been outsourced and the function is overseen by the registered Internal Audit Officer within AAQ. The Internal Audit function independently reports to the Board Audit Committee “AC”. The audits are performed by the outsourced internal auditors according to the internal audit plan approved by the AC and comprehensive reports are submitted by the internal auditors directly to the AC. Necessary corrective policies and measures are adopted, wherever required. The Internal Audit plan is implemented through evaluating controls over significant risks and the effectiveness of risk management, control and governance processes.
2- Risk Management (RM)
AAQ has a comprehensive risk management and control framework in place to ensure that the Company and its related entities are appropriately governed. The Board directs the policy and process framework and is responsible for risk management and for all risk control systems that are implemented in AAQ, as well as related entities.
AAQ`s Board ensures that risk management is embedded into the Company’s culture, policies and processes. Officers at the Risk Management Department assume significant extent of power, in order to perform their roles without being granted financial powers and authorities.
The Risk Management Department identifies, measures, evaluates and reports on all critical risks to which AAQ is exposed, through defined key risk indicators under relevant risk buckets. It carries out periodic risk control and monitoring activities and prepares and implements new policies for review and control. The department also follows up and documents governance activities in the Company including the Board’s Steering Committee, which reviews and approves investment performance and investment decisions; and the Board Audit Committee which checks the effectiveness of internal controls. The department aims towards enhancing its risk monitoring abilities through appropriate automation.
The Risk Department submits periodic reports to the Board Risk Management Committee.
3- Compliance & AML:
The Company has a Compliance department that reports to the CEO. The Compliance department ensures that the Company is committed to the laws and regulatory requirements and to follow up on the Company’s disclosure to regulatory authorities.
As part of its mandate, the Compliance Department coordinates with regulatory auditors, internal auditors, and rating agencies. The department also responsible for AML and overseeing the Complaints Unit which are independent unit reports directly to CEO and established as per the directives of the CMA and CBK. The Compliance Department is responsible for ensuring AML related compliance, in line with regulations of AML Law, CMA and CBK instructions. The Compliance Department establishes AML related controls for the Company and ensures its compliance therewith. The Complaints Unit is responsible for receiving and resolving all complaints received from clients.
Code of Conduct
“AAQ Code of Conduct” set the key principles underlying business ethics. These principles are in line with industry best practice standards and emphasize professionalism in the asset management. These include specific rules against insider trading and our commitment to preserving the integrity of the capital markets, our fiduciary duties to our clients and confidentiality requirements among others. The “AAQ Code of Conduct” are disseminated widely and shared with relevant stakeholders and apply to all employees, Board members, subsidiaries, managed funds and applicable stakeholder.
Whistleblower Protection
The Board has established a “Whistle-blower policy” that allows a stakeholder to report concerns of malpractices, unlawful conduct/misconduct, financial mismanagement, accounting irregularities, illegal acts/violation of legal or regulatory provisions etc. In good faith. Adequate mechanisms are implemented to allow conducting a fair and independent investigation concerning such issues, along with ensuring confidentiality for the reporting person to ensure protecting such person against any negative effect that may result due to reporting.