Conflict Disclosure Policy & Practices
This criterion evaluates the comprehensiveness and effectiveness of an organization's conflict of interest (COI) management system. It assesses whether the organization has a clearly defined policy, procedures, and practices for identifying, disclosing, and managing potential, actual, or perceived conflicts of interest across all levels (Board, management, employees, volunteers, contractors). The system must define a clear governance RACI (Board owns policy; Audit/Ethics Committee decides high-risk conflicts; Compliance administers; Line Management implements mitigations). The policy shall address specific categories including: related-party transactions (RPTs); gifts, hospitality, and inducements; outside business interests (OBI); personal account dealing (PAD); procurement; referral fees; research independence; and remuneration-linked conflicts. It must align with Shariah principles, specifically prohibiting activities where conflicts cannot be effectively mitigated to prevent injustice (Zulm) or betrayal of trust (Amanah). The framework must integrate with HR lifecycles (joiners/movers/leavers), procurement cycles, and data protection (GDPR) standards. For charities, it must explicitly align with Charity Commission guidance (CC29) and trustee duties.
| Metric | Ethical COI Management Index |
|---|---|
| Target | >95% |
| Frequency | Quarterly |
| Method | Composite score of: Disclosure Coverage % + Timeliness Compliance % + Training Completion % + (100 - Breach Rate %) |
| Unit | Index Score |
Level 1: Initial/Ad-hoc
Initial: No formal COI policy or register. Conflicts addressed only reactively. High risk of ethical/Shariah breaches.
Level 2: Developing
Developing: Policy exists but is generic. Register is incomplete or rarely updated. No formal training or audit. Reliance on trust rather than controls.
Level 3: Established
Defined: Policy and basic register in place. Governance roles defined. Annual disclosures occur. Meets minimum regulatory/Shariah standards but lacks advanced automation or analytics.
Level 4: Advanced
Managed: Robust system with digital registers, role-based training, and active Committee oversight. Metrics (timeliness, coverage) are consistently tracked and met.
Level 5: Optimizing
Exemplary: Predictive analytics used, full external transparency (public reporting), culture of safe disclosure, zero tolerance for unmitigated risks, and full compliance with advanced controls (GDPR, CC29, RPT valuation).
Organisation Types
By Organisation Size
| Size | Applicability | Notes |
|---|---|---|
| Micro | exempt | Complex RACI, digital registers, and Audit/Ethics committees are highly disproportionate; basic minuted declarations suffice. |
| Small | partial | Requires basic COI policy and minuted recusals, but dedicated committees and digital registers are disproportionate. |
| Medium | partial | Requires formal COI policy, taxonomy, and register, but a separate Audit/Ethics Committee may not yet be established. |
| Large | full | |
| Major | full |
Applicable When
- The organization provides fiduciary or professional services.
- The organization manages public/donor funds or client assets.
- Decision-makers hold positions that could influence procurement, recruitment, or strategy for personal gain.
Not Applicable When
- Scalable for micro-entities: Simple register and minute-keeping of recusals suffice.
Related Criteria
Discussion (1)
📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json
Sign in to post a comment.