Shariah Risk Management

SHARIAH Risk Management

&
Mitigation

Dr. Abdullah Mohd Ayedh

(abdullah.mohammed@usim.edu.my)
 Lesson Outcome

Identify and explain three lines of defense approach in risk

management

Discuss the risk management processes in IFIs

Explain the types of risks related to the management of IFIs

Identify the risk management techniques applicable to each

types of risk
 Background

What are Risks?

Risks are uncertain future events which could influence the
achievement of the organizations objectives, including strategic,
operational, financial and compliance objectives.

Uncertain future events for financial institutions could be:

Failure of a borrower to repay a financing
Fluctuation of foreign exchange rates
Fraud, incomplete security documentations, etc
Non-compliance with Shariah law and principles
Other events that may result in a loss to the Bank
 Background
Risk management is very important function especially in IFIs.

In IFIs there is another unique type of risk, which is termed as

Shariah non-compliant risk.

It is defined as the risk that arises from the banks failure to

comply with the Shariah rules and principles determined by the
relevant Shariah regulatory councils. (IFSB)

To meet high expectation of the key stakeholders of the IFI in

relation to Shariah compliance process.
 Risk Management
Risk management is the process by which
various risk exposures are:
1. Identified,
2. Measured/assessed,
3. Mitigated and controlled,
4. Reported and monitored.
 IFIs Shariah Governance Structure

Shariah
BOARD RISK
BOARD OF
MANAGEMENT
COMMITTEE DIRECTORS

MANAGEMENT

Shariah Risk
Management Control
Function
 Generic Risks for Banks
Credit risk: The potential that a counterparty fails to meet its
obligations in accordance with agreed terms and conditions of
credit-related contract

Market risk: The potential impact of adverse price movements

such as benchmark rates, foreign exchange rates, equity prices on
the economic value of an asset

Liquidity risk: The potential loss arising from the Banks inability
either to meet its obligations or to fund increases in assets as
they fall due without incurring unacceptable costs or losses

Operational risk: The potential loss resulting from inadequate or

failed internal processes, people and system or external events
 Unique Risks for Islamic Banks
Rate of return risk:
The potential impact on the returns caused by unexpected change in
the rate of returns
Displaced Commercial risk:
The risk that the bank may meet commercial pressure to pay returns
that exceed the rate that has been earned on its assets financed by
investment account holders. The bank sacrifices part or its entire
share of profit in order to retain its fund providers and deterd them
from withdrawing their funds.
Equity Investment risk:
The risk arising from entering into a partnership for the purpose of
undertaking or participating in a particular financing or general
business activity as described in the contract, and in which the
provider of finance shares in the business risk. This risk is relevant
under Mudharabah and Musharakah contracts in Islamic banks.
 Shariah Non-Compliance Risks
Shariah non-compliance risk:
Risk arises from the failure to comply with the Shariah rules and
principles
Examples of Shariah Non-Compliance Risks:

1. Wadiah:
Disclosure of the hibah on the rate board, website etc.
Gift to depositors
Shariah non-compliance fund

2. Mudharabah (deposit)
Guarantee on the capital and return
Maintenance cost on the Mudharabah deposit account
Shariah non-compliance fund
 Shariah Non-Compliance Risks
Examples of Shariah Non-Compliance Risks:

3. Remittance
Shariah non-compliance fund

4. Bai Inah & BBA

No legal ownership of the asset prior to sale aqad
Financing of non-Shariah compliant asset
Financing of asset intended for non-Shariah compliant activities

5. AITAB
Appointment of customer as the Banks purchasing agent prior to Ijarah
contract
Maintenance costs during Ijarah tenure to include all foreseeable costs
Insurance not using Takaful
 Industry averages

3.1

2.9

2.8

2.7

2.6

2.5
credit risk market risk liquidity risk operational risk
 Credit risk

3.7

3.5
Credit risk 3.3
average in the
industry: 2.7 3.1

2.9

2.7

2.5

m
h
ah

ah

na
ra

h
ka

ka
la
ija
ah

ab

tis

sa
ra

ra
ar
ab

is
ha

ha
ud
ur

us

us
m

m
D
 Market risk

3.7
3.5
Average market 3.3
risk in the
industry: 3.05 3.1
2.9
2.7
2.5

h
m
h
ah

ah

na
h

ka
ka

ra

la
ah

ab

tis
ija

a
sa
ra

ar
ar
ab

is
ha

h
ud
ur

us

us
m

m
m

D.
 Liquidity risk

3.4
3.2
3
Average
liquidity risk in 2.8
the industry: 2.6
2.8
2.4
2.2
2
ah ah ah r a na a m ah
a h
ra
b
ra
k ija ti s
s al r a k
a b a a is a
ur ud u sh
us
h
m m m .m
D
 Operational risk

3.4
3.3
3.2
Average 3.1
operational risk 3
average in the 2.9
industry: 2.9 2.8
2.7
2.6
2.5

h
m
h
ah

ah

na
h

ka
ka

ra

la
ah

ab

tis
ija

a
sa
ra

ar
ar
ab

is
ha

h
ud
ur

us

us
m

m
m

D.
 Severity of risks
3.9
3.7
3.5
3.3
3.1
2.9
2.7
2.5
ah

h
m
ah
ah

ra

'
na

ka
la
ija
ab
ah

tis

a
sa
ra

ar
r
ab

is
ha
ha

h
ur

us
ud

us
m

m
m
m

D.
credit risk market risk liquidity risk operational risk
 Implications of Shariah Non-
Compliance Risks
Affects the integrity in the eyes of shareholders and
stakeholders i.e. customers, depositors etc.

Against the commands of Allah and could be impediment from

Allahs blessing

Invalidation of contract (aqad)

Non-halal income

Contravention of the provision of Islamic Banking Act 1983

 Islamic Financial Services Board (IFSB)

2005 Guiding Principles of Risk Management

2005 Capital Adequacy Standard

2006 Corporate Governance

2007 Supervisory Review Process

2007 Transparency and Market Discipline

 Islamic Financial Services Board (IFSB)
Risk Principle Guidelines
General IIFS shall have in place a comprehensive risk management
Principle 1.0 and reporting process.
requirement
IIFS shall have in place a strategy for financing, recognizing the
Principle 2.1 potential credit exposures at various stages of the agreement.

Principle 2.2 IIFS shall carry out due diligence review.

Credit risk IIFS shall have in place an appropriate methodology for
Principle 2.3 measuring and reporting the credit risk exposures.
IIFS shall have in place Shariah-compliant credit risk
Principle 2.4 mitigating techniques.
IIFS shall have in place appropriate strategies, risk
Principle 3.1 management, and reporting processes in respect to the risk
characteristics of equity instruments.
Equity
investment IIFS shall ensure that their valuation methodologies are
Principle 3.2 appropriate and consistent.
risk
IIFS shall define and establish the exit strategies in respect of
Principle 3.3 their equity investment activities.
 Islamic Financial Services Board (IFSB)
Risk Principle Guidelines
IIFS shall have in place appropriate framework for market risk
Market risk Principle 4.1
management.
Principle 5.1 IIFS shall have in place a liquidity management framework.
Liquidity
risk IIFS shall assume liquidity risk commensurate with their ability
Principle 5.2
to have sufficient recourse to Shariah-compliant funds.

IIFS shall establish a comprehensive risk management and

Principle 6.1 reporting process to assess the potential impact of market
Rate of factors affecting rate of return on assets.
return risk
IIFS shall have in place an appropriate framework for
Principle 6.2
managing displaced commercial risk.
Principle 7.1 IIFS shall have in place adequate systems and controls.
Operational
risk IIFS shall have in place appropriate mechanisms to safeguard
Principle 7.2
the interests of all fund providers.
 IFSB Guiding Principles on Risk
Management
Principle 7.1 IIFS shall have in place adequate systems and
controls, including Shariah Board/Advisor, to ensure compliance
with Shariah rules and principles

Requirements:
IIFS shall ensure that they comply at all times with the Shariah
rules and principles
IIFS shall ensure that their contract documentation complies with
Shariah rules and principles
IIFS shall undertake a Shariah compliance review at least annually
IIFS shall keep track of income not recognized arising out of
Shariah non-compliance and assess the probability of similar
cases arising in the future.
Risk Management Issues in Islamic Banks

Innovative & Complex expose

Shariah-compliant
UNIQUE RISKS
Products

if not understood &

Hence, effective risk management not well-managed
requires internal Shariah review and
audit to ensure IFIs manage and
mitigate Shariah non-compliance risks Islamic Banks
SUSTAINABILITY?
 Internal Control
Internal control is a process designed to provide
reasonable assurance of achieving the following:
Generating reliable financial accounting information
Safeguarding assets
Complying with applicable laws and regulations
Operating efficiently and effectively
Ensure shariah compliance in its products, operations,
documentations, reporting etc.
 The components of an internal control system

An internal control system consists of five components

1. Control environment: overall attitude, awareness, and actions of significant internal groups to
maintain a well-controlled organization (tone at the top). Shariah understanding and awareness are
critical in Islamic financial institutions.

2. Risk assessment: process designed to identify and manage risks that may affect its ability to achieve
its objectives. Understanding shariah non-compliance risks is a requirement.

3. Control activities: policies and procedures established by management to help ensure that internal
control objectives are achieved and risks mitigated. Shariah policies to be devised by Shariah
Board members and refine by internal auditors.

4. Information and communication: process of identifying, capturing, and exchanging information in a

timely fashion to enable the organization to achieve its objectives. Proper reporting procedures in
the case of Shariah non-compliance of the policies and activities.

5. Monitoring: process that assesses the quality of internal controls over time
Internal Control Components

MONITORING

Information &
Communication

CONTROL
ACTIVITIES

RISK ASSESSMENT

CONTROL ENVIRONMENT
 Understanding & Assessing the Control
Environment
There are a number of factors an auditor should look at when
evaluating an organization's control environment:
Management's philosophy and operating style
Organizational structure, including assignment of authority & responsibility
Board of directors and audit committee
Human resource policies and practices
Integrity and ethical values
Commitment to competence
Compensation and evaluation programs
Effectiveness of the internal audit function
Shariah compliance procedures
 Control Activities

Frequent performance reviews

Information processing
Proper authorization
Forms and documents in orderly manner and with proper system
Physical controls
Periodic reconciliations by third party (esp. internal auditors and external
auditors)
Segregation of duties
 Monitoring

Ongoing monitoring activities

Continuous monitoring of customer complaints
Reviewing the reasonableness of management reports
Supervision of the Shariah Supervisory Board

Separate evaluations
The internal audit function
Shariah audit functions
 Limitations of Internal Control

Errors may arise from misunderstandings of instructions,

mistakes of judgment, fatigue, etc.

Controls that depend on the segregation of duties may

be circumvented by conspiracy

Management may override the structure

Compliance may decline over time

 Conclusion
1. Awareness & Identification
Conduct Shariah awareness program to all staff
Incorporate Shariah requirement in all operational manuals
2. Assessment & Measurement
Develop shariah compliance internal control system by
internal audit division
Effective shariah assessment on new products, initiatives,
manuals by Shariah Supervisory Board
3. Mitigation & Control
Issue policy & guidelines on Shariah compliance for all
products & services
Shariah Compliance & Risk Working Group
Shariah representative in all committees
Internal or/and External Shariah auditing
4. Monitoring & Reporting
Internal or/and External Shariah auditing
Key Risk Indicators & Monthly reporting