The Board shall ensure an independent and adequate internal control system in the Bank and review its effectiveness. The Board shall establish, communicate and enforce the Bank’s direction through adoption of written policies and procedures that cover every aspect of operations and management.
These policies and procedures shall represent the guidelines within which the management operates, and the methodology in which the business and affairs of the Bank are governed by the Board and the Executive Management
The Bank's annual report shall include report on the internal control systems showing the responsibility of the Executive Management regarding the same, and the framework used to assess the efficiency of internal control systems, along with the Executive Management's assessment of how effective these systems are as shown in the date of the financial statements in the Bank's annual report. There shall also be disclosure regarding any critical weak points in internal controls.
 
Internal Audit
The Bank shall establish an independent department for Internal Audit, with a sufficient number of qualified personnel and ensure that they are suitably trained and rewarded.
 
External Audit
The Board shall appoint an independent external auditor, based on the recommendations provided by the BAC with regards to selection, termination, rotation, remuneration for the external auditor, and any other contractual terms related to it, in addition to evaluating the objectivity of the external auditor. The Bank shall have a Board approved policy and procedure for engagement of the External Auditor.
 
Compliance
The Board, through its Board Corporate Governance Committee (BCGC), shall ensure adherence to the Compliance Policy of the Bank as approved by the Board. The Board shall assess the extent to which the Bank is managing its compliance risk effectively, at least once a year.
The Bank’s Management shall establish an independent compliance department within the Bank as part of the Bank’s Compliance Policy and ensure that compliance officials are not placed in a position where there is a possible conflict of interest to their compliance responsibilities.
The Bank shall comply with applicable laws and regulations in all jurisdictions in which the Bank conducts business, and the organization and structure of the compliance department and its responsibilities shall be consistent with local and international legal and regulatory requirements.
 
Risk Management
The Board shall ensure that the Bank adopts an effective risk management framework
The Board shall ensure independence of the Risk Management Department and shall appoint a Chief Risk Officer (CRO) with suitable qualifications and experiences required for this position and its tasks.
The CRO shall report to the Chairman of the Board and the Chairman of the Board Risk Committee (BRC) and presents the report to them.
The CRO shall be independent and not given any financial or business targets.
The CRO shall not be terminated or dismissed from his position without approval from the Board and discussion with the Central Bank of Kuwait.