Conflict Disclosure Policy & Practices
This criterion evaluates the comprehensiveness and effectiveness of an organization's conflict of interest (COI) management system. It assesses whether the organization has a clearly defined policy, procedures, and practices for identifying, disclosing, and managing potential, actual, or perceived conflicts of interest across all levels (Board, management, employees, volunteers, contractors). The system must define a clear governance RACI (Board owns policy; Audit/Ethics Committee decides high-risk conflicts; Compliance administers; Line Management implements mitigations). The policy shall address specific categories including: related-party transactions (RPTs); gifts, hospitality, and inducements; outside business interests (OBI); personal account dealing (PAD); procurement; referral fees; research independence; and remuneration-linked conflicts. It must align with Shariah principles, specifically prohibiting activities where conflicts cannot be effectively mitigated to prevent injustice (Zulm) or betrayal of trust (Amanah). The framework must integrate with HR lifecycles (joiners/movers/leavers), procurement cycles, and data protection (GDPR) standards. For charities, it must explicitly align with Charity Commission guidance (CC29) and trustee duties.
- Does the organization have a defined governance RACI for COI, specifying who owns the policy and who makes decisions on high-risk conflicts?
- Is there a centralized, digital COI register that tracks the full lifecycle of a conflict (disclosure -> decision -> mitigation -> closure)?
- How does the organization ensure COI compliance during HR events (joining, moving roles, leaving)?
- What are the specific controls for Gifts & Hospitality, and is there an absolute prohibition for public officials and during tender periods?
- Describe the procedure for Related-Party Transactions (RPTs). Does it require independent valuation and committee recusal?
- How are COI declarations embedded into the procurement cycle (tender design, evaluation, award)?
- Does the organization comply with GDPR regarding the sensitive data held in the COI register?
- For charities, is the process aligned with CC29 (trustee declaration, withdrawal, minuting)?
- Is there a Shariah decision matrix that mandates declining conflicts where mitigations cannot prevent injustice or prohibited acts?
- COI Policy with Governance RACI and Shariah decision matrix.
- Extract from Digital COI Register (redacted).
- RPT Procedure and samples of independent valuations/quotes.
- Procurement files showing signed COI declarations by evaluators.
- Minutes of Audit/Ethics Committee showing recusal and decision rationale.
- HR records showing Joiner/Leaver COI attestations.
- Gifts & Hospitality Register showing declined items.
- Privacy Notice covering COI data processing.
- Training completion logs and assessment results.
| Level | Rating | Description |
|---|---|---|
| 5 | 5/5 | Exemplary: Predictive analytics used, full external transparency (public reporting), culture of safe disclosure, zero tolerance for unmitigated risks, and full compliance with advanced controls (GDPR, CC29, RPT valuation). |
| 4 | 4/5 | Managed: Robust system with digital registers, role-based training, and active Committee oversight. Metrics (timeliness, coverage) are consistently tracked and met. |
| 3 | 3/5 | Defined: Policy and basic register in place. Governance roles defined. Annual disclosures occur. Meets minimum regulatory/Shariah standards but lacks advanced automation or analytics. |
| 2 | 2/5 | Developing: Policy exists but is generic. Register is incomplete or rarely updated. No formal training or audit. Reliance on trust rather than controls. |
| 1 | 1/5 | Initial: No formal COI policy or register. Conflicts addressed only reactively. High risk of ethical/Shariah breaches. |
Related Criteria
Discussion (1)
📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json
Sign in to post a comment.