The principles of Islamic finance

Islamic finance operates in accordance with the principles of Islamic law (or Shariah). The basic principle of Islamic finance is underlined by the prohibition of investment in interest-based ventures and businesses that provide goods and services considered contrary to its principles like tobacco, alcohol, gambling, vulgar entertainment and conventional finance.

Another fundamental principle of Islamic finance is highlighted in the sharing of profit and loss between parties in a business transaction. Common terms used in Islamic finance include profit sharing (Mudharabah), joint venture (Musharakah), leasing (Ijarah), safekeeping (Wadiah) and cost plus (Murabahah). Currently estimated to be worth around US$1 trillion globally with 300-plus Shariah compliant financial institutions operating in more than 75 countries today; this industry is growing at a remarkable pace of approximately 15%-20% on a yearly basis, thus representing a vast practice which has developed its presence on a global scale. Despite a widespread misconception, Islamic finance does not require specific laws and is not limited to the Muslim community. Except for several predictable prohibitions mentioned earlier, Islamic finance solutions are applicable everywhere and by anyone.

It is of standard practice that Islamic banks and banking institutions that offer Islamic banking products and services are required to establish a Shariah Supervisory Board to advise them and to ensure that the operations and activities of the bank comply with Shariah principles. An essential ingredient is a regulatory framework that can accommodate Islamic finance principles and a regulator that is prepared to work with Islamic institutions to overcome technical hurdles. There must also be a tax regime that enables Islamic financing structures and products to be treated in an equivalent manner to their conventional counterparts. 

The appeal for Islamic finance has become infectious to an extent where the largest Muslim populations in the world, most notably India has developed a profound interest for Shariah compliant products to cater for its community and business sector. In view of capitalizing on the opportunities that Islamic finance has to offer, the Indian government and corporates have taken the initiative to closely examine which Shariah compliant companies and sectors are able to further contribute to the development of Shariah market capitalization in India. This is solely due to the fact that India believes that by complying with the economic laws of Shariah, she can become an attractive destination for Islamic investments. The Islamic finance sector in the United Kingdom has also seen enormous growth both domestically and internationally. London is one of the top five financial centres in the world for Islamic finance.

Islamic finance has always been known and seen as a form of socially responsible investing whereby Shariah law requires that investments made have to be based on tangible assets and that lenders and borrowers in a business transaction share profits and losses. It is unfortunate however, that the rapid growth of Islamic finance has converted itself as a breeding ground for socially irresponsible investors who are ignorant about the social impact of investment. It is not unusual to come across conventional profit-driven investments these days that are dressed up to look like Islamic finance. The presence of Shariah-dress investments only serves as an invitation to unethical profit chasers who seek to threaten the health and reputation of the Islamic financial market. As such, it is vested within the powers of national financial watchdogs to ensure that Shariah-dressed investments are not part of an Islamic financial market that only decreases its immunity to the global financial crisis.

The issuance of sukuks, which conform to Islam’s prohibition of receiving or paying interest, has come under intense scrutiny in recent times over fears of a debt default in Dubai. Commonly referred to as Islamic bonds, companies that issue sukuks make payments to investors using profits from the underlying business instead of paying interest. The Dubai crisis has sparked speculation that Islamic finance is no different from conventional finance that led to the financial turmoil a couple of years ago.

However, many fail to understand that the main cause of the Dubai crisis is purely one of a credit issue where Dubai World and its subsidiary Nakheel have over borrowed and over expanded within the real estate and tourism sectors to an extent where near-term repayment obligations cannot be met. In short, the Dubai crisis demonstrates the fragility of the financial and economic system in Dubai, which is one based on excessive borrowing to finance excessively luxurious projects without giving much consideration to the economic feasibility of such projects. Notwithstanding, the assistance by Abu Dhabi in the form of USD10 billion has allayed all the fears.

Despite reservations held by several parties that Islamic finance is just as susceptible to the global economic turmoil, many still maintain that there is vast potential and opportunities for financial institutions to tap in the field of Islamic banking and finance. With the adoption of stringent Shariah principles, Islamic finance offers a huge alternative economic opportunity to the conventional methods that investors have become accustomed to. Many countries globally from Europe, Middle East, Asia, Australia and even the United States have realized the importance of Islamic finance. Malaysia, being one of the pioneers of Islamic finance and location of the highest number of sukuks issued globally remains at the forefront which provides guidance to others in terms of regulatory and legal aspects.

LAWorld News

Data protection in Denmark and the EU – where are we?

After four years "in the making", the new General Data Protection Regulation (the "Regulation") is expected to be formally adopted very soon. The wording of the Regulation has been publicly known since 15 December 2015.  It is currently being considered through normal legislative procedure by the European Parliament, Council of the European Union and the European Commission.  Once approved, the Regulation will enter into force in all EU member states in the beginning of 2018

The Regulation will in our opinion lead to a significant improvement – and administrative relief – for Danish companies if they have activities throughout the EU. Companies will no longer have to deal with – or seek advice on – personal data rules in the different EU countries.  Similarly, the Regulation proposes to establish a one-stop-shop mechanism, where companies only get assigned to one supervisory authority, although there are exceptions for employment data and national security, which still might be subject to local law.

Under the Regulation, the generally high level of protection regarding personal data as we know today will be maintained. The Regulation will thus to a large extent continue the rules that apply in Denmark already pursuant to the Danish Data Protection Act. However, there are a number of changes - the most significant highlighted here: 

• It is no longer only the data controllers – the companies "owning" data – that are bound by the rules, but also the data processors – the companies handling data. This means, for example, that it is no longer just an  employer company that is responsible for compliance, but also potential subcontractors, such as a payroll agency, to which the employer company has outsourced its processing or storage of personal information. 

• Companies established outside the EU are covered by the Regulation if they offer products/services within the EU. For internet-based businesses it will mainly be a matter of whether the individual company promotes itself towards the European market.  Key factors in the analysis will include whether  the promotion is done in European languages and if prices are specified in European currencies.

• Companies will to a higher degree be required to document an adequate level of data security.  This includes an obligation to implement appropriate technical and organizational measures designed to ensure the protection of personal data (data protection by design).  Furthermore, these measures must also include a high data protection level by default. 

• Some companies will be required to prepare a PIA (Privacy Impact Assessment), which is  an assessment of the risks that arise out of the processing of personal data through their IT-system. 

• If the processing is carried out by a public authority or by companies having processing of sensitive personal data as a core activity, it is a requirement to appoint a DPO (Data Protection Officer).  It is now clear that private companies who are only processing personal data as a subordinate service/activity will not be required to appoint a DPO.  In our opinion, most payroll agencies will be required to have a DPO, whereas more traditional companies, which only handle personal data regarding its own employees, will not be required to have that obligation. 

• The data subjects are entitled to have more access to information about the processing of their personal data, and the information has to be made available in a clear and understandable manner. The current proposal states that a request for access must be answered within four weeks. In addition thereto, the rules on "the right to be forgotten" have been clarified. 

• It will become easier for individuals to have their personal data transferred between service providers. 

• The current requirement to report and notify the supervisory authority about processing of personal data will be removed. The Regulation encourages preparation of an industry-specific "code of conduct"(which may be approved by the supervisory authorities) and certification schemes. This provides a real opportunity to be a leader in the making of specific regulations for your industry and meaningful participation should be considered.

• It will be possible for each member state to fix stricter national requirements regarding specific topics, e.g. on the handling of employee data. It is expected that Denmark will retain the requirement to report processing of employee personal data in the employment context. 

• If serious breaches occur, then the data controller or data processor will be under a legal obligation to notify the supervisory authority within 72 hours. 

• Finally, the level of fines in case of violations has already created an increased focus on the processing of personal data. Violations of the Regulation may thus lead to fines of up to 10-20 mill Euros or up to 2-4 per cent of the company’s total worldwide turnover (whichever is higher) depending on which provisions are violated. For public authorities the level of fines is up to between 10-20 mill Euros. 

Although the new Regulation will not enter into force before the beginning of 2018, it is our recommendation that companies put data protection compliance on the agenda – if this has not already happened.  By implementing a number of specific initiatives companies will not only ensure compliance with the current rules in the Danish Data Protection Act but they will also be well prepared in time for the implementation of the Regulation. 

Concrete initiatives that we recommend companies to implement: 

• Companies are advised to clarify and review their current procedures and policies regarding personal data processing. It is advisable to commence this analysis as soon as possible as it may prove to be quite extensive.

• Companies must ensure that as few employees as possible have access to personal data. Each employee should only have access to the personal data that is necessary for solving the tasks lying with the specific position. Procedures and security measures should be established to ensure this. 

• All employees who handle personal data must have written instruction and training on how to handle personal data and how the personal data should be protected. This instruction/training must be targeted each employee. Thus, for example, the instruction to the HR manager will be different than the instruction to the IT manager, because the latter will only have access to the data in order to solve technical problems. 

• Companies must ensure that access to the IT-system that handles personal data is protected by password and firewall. Furthermore, all access to sensitive personal data should be logged. After a number of unsuccessful attempts (e.g. 3) to gain access to such sensitive personal information, the IT-system should automatically block for further attempts. It should also be possible to delete information in order to meet the "right to be forgotten" demands of the Regulation. 

• Companies (data controllers) should review their contracts with external data processors and make sure that they meet the requirements for good practice regarding data processing, that they have an appropriate level of security and that they will inform the companies in case of security breaches. If no data processing agreements have been made with suppliers, we strongly recommend having them made. 

• Companies should get an approval for the personnel administration at the Danish Data Protection Agency and notify the Agency in case of transfer of data outside the EEA.

Industries should begin formulating codes of conduct now, with input from counsel.  There is no need to wait until the Regulation is effective. 

• Finally, it is important to remember that the Regulation introduces a requirement for "accountability", which means that companies must be able to document that they meet the requirements of the Regulation. Therefore, it is not enough only to meet the requirements of the Regulation - it must also be documented. 

The Regulation is destined to be adopted and represents years of work by knowledgeable authorities.  Prepare for its implementation and your legal risks will be greatly diminished.  Data protection is, and will remain, one of the most important tasks for your company.

For legal assistance or further discussion, please contact the authors:

Tommy Angermair at

Maria Helbo Holck at

Kirk Larsen & Ascanius


H. C. Andersens Boulevard 45

DK 1553  København V

Phone: +45 70 22 66 60

Fax: +45 75 45 46 36

Business News

Halliburton and Baker Hughes scrap $28 billion merger
Sun, 01 May 2016 23:11:59 -0400
(Reuters) - Oilfield services provider Halliburton Co and smaller rival Baker Hughes Inc announced...
Asian shares slip, Nikkei skids on yen strength
Sun, 01 May 2016 20:45:34 -0400
TOKYO (Reuters) - Asian shares fell in early trading on Monday, with Japan's Nikkei plunging after t...
Fed may need more powers to support securities firms during crises: Dudley
Sun, 01 May 2016 20:12:29 -0400
AMELIA ISLAND, Fla (Reuters) - The U.S. Federal Reserve may need more powers to provide emergency fu...
U.S. threatens to block easing of EU car exports in TTIP talks, media report
Sun, 01 May 2016 18:41:17 -0400
BERLIN (Reuters) - The United States is threatening to prevent the easing of export controls on Euro...

Upcoming Events

Europe/Middle East Regional Meeting and Lawyers Next Generation (Budapest) from 5pm on Friday the 16th of September, 2016 to 5pm on Saturday the 17th of September, 2016

See All Events