2. Risk Management Process In Islamic Banks
Content
Evolution Of Risk Management
Risk Management Framework
Risk Appetite
Risk Identification Process In Islamic Banking
Risk Measurement
Risk Matrix
Inherent Risk
Risk Mitigation Process
Risk Review Process
Infrastructure And Facilities
Learning Outcome
• To understand the development of risk
management
• To learn about the risk management
process in Islamic banks
• To know the infrastructure and
facilities which support risk
management
2
3. Introduction
Risk management: A process with a number of interrelated
phases that complete and match each other.
The risk management process is a vital part of the Islamic
banking process.
It must be included into each and every business activity
undertaken by the Islamic bank
3
4. Evolution Of Risk Management
RISK
MANAGEMENT
BUSINESS RISK
MANAGEMENT
ENTERPRISE RISK
MANAGEMENT
FOCUS Financial and
hazard and
internal
controls.
Business risks,
internal control,
taking risk by risk
approach.
Business risk,
internal control,
taking an entity
level portfolio
view of risk.
OBJECTIVE Protect
enterprise value
Protect enterprise
value
Protect and
enhance
enterprise value
SCOPE Treasury,
insurance and
operation
Business
managers
accountable
Across the
enterprises, at
every level and
unit.
4
5. RISK MANAGEMENT BUSINESS RISK
MANAGEMENT
ENTERPRISE RISK
MANAGEMENT
EMPHASIS Financial and
operations
Management Strategy setting
APPLICATION Selected risk areas,
unit and processes
Selected risks
areas, units and
processes
Enterprises-wide
to all sources of
value
5
6. Risk Management Framework
Among of the suitable established risk management
concepts for Islamic banks is the ISO 31000:2009 issued by
International Organization for Standardization.
This risk management framework is based on the plan-do-
check-act (PDCA) principle .
The Islamic bank also must appoint a unit in its operational
structure as the bearer of a mandate to ensure the proper
implementation of risk management within the bank.
The mandate and commitment should be clearly stated in
the risk management charter (RMC).
6
7. Risk Management Framework
This framework contains a risk management procedure in an
Islamic bank which begins with context determination
consisting of seven measures:
The identification of risks within the domain of interest
The planning of further risk management processes
The mapping of social scope and the identity and goals of every
stakeholder in the risk management process
The criteria and basic assumptions for risk evaluation
The redefinition of the framework for various activities and identified
agenda
The development of analysis criteria for the risks involved
the mitigation or resolution of risks with available technology,
personnel and resources.
7
8. Risk Appetite
Risk appetite is the bank management’s tolerance for risk
in the effort to create value for stakeholders.
It defined as the amount and type of risk that an
organisation is willing to take in order to meet their
strategic objectives.
Organisations will have different risk appetites depending
on their sector, culture and subjective.
The risk appetite is subjected to periodic review and
approval by board of directors due to the continually
changing situation in and around the corporation.
8
9. Functions Of Risk Appetite
Serving as a connecting thread between the enterprise’s
strategic policy
Performance management, risk management and capital
structure
Providing guidance to the Islamic bank’s business units
The 3 main components of risk appetite are:
risk tolerance
risk targets
risk limits.
9
10. Risk Identification Process in Islamic Banking
The risk identification process consists of five stages.
Compilation of a comprehensive catalogue of risks (the
potential risks are listed in the order of impacts to every activity
element and the factors that may affect these risks are recorded
in detail).
Analysis of the risks related to the Islamic bank’s products and
business activities.
Description of the risk progression sequence through the
analysis of the probable factors and the probability value of
each individual risk.
List creation of potential sources for every risk class.
Determination of the accurate approach or instrument for the
risk identification (experience, records of past risks, etc).
10
11. Risk Profile of Islamic Bank
Islamic
Banks
Sharia non
Compliance
Risk
Displaced
Commercial
Risk
Equity Investment
Risk
Rate of
Return Risk
Credit Risk Market Risk Liquidity RiskOperational Risk
Legal Fiduciary ReputationStrategic Transparency Regulatory compliance
Generic
Unique
11
12. Generic Risk of Islamic Banks
Even generic risks are not straight forward.
For financing that involves financing assets
e.g. Murabaha, Salam, Istisna and Ijarah.
The risks of financing may transform from credit to market and
vice versa at different stages of the contract.
Hence capital requirement needs to take into account both
the credit and market risk.
12
13. Unique Risks for Islamic Banks
Shariah Non-Compliance Risk
Risk arises from the failure to comply with the Shariah rules and
principles.
Displaced Commercial Risk
The risk that the bank may confront commercial pressure to pay returns
that exceed the rate that has been earned on its assets financed by
investment account holders.
The bank foregoes part or its entire share of profit in order to retain its
fund providers and dissuade them from withdrawing their funds.
Equity Investment Risk
The risk arising from entering into a partnership for the purpose of
undertaking or participating in a particular financing or general
business activity as described in the contract, and in which the provider
of finance shares in the business risk.
The risk is relevant under Mudarabaha and Musharakah contracts.
13
14. Rate of Return Risk
The potential impact on the returns caused by unexpected
change in the rate of returns.
Associated with the management of assets & liabilities.
Fixed rate long term assets funded by variable rate short term
liabilities.
Movement in benchmark rates may result in fund providers
having expectations of a higher rate of return.
If Islamic bank does not yield to market pressure, they may lose
their fund providers which could consequently lead to liquidity
risk.
14
15. Risk Measurement
The identified risk must be measured to discover the
potential losses and the chances of losses
Based on the most common method known as Composite
Risk Index (CRI)
Formula of “CRI = potential impact of risks x probability of
occurrence”.
The potential impact and probability value are graded on a
scale from 1 to 5 while the total of CRI values is ranged
from 1 to 25
15
16. Risk Matrix
Risk matrix is a tool to plot risks
according to the degree of
severity, frequency and impact.
The risk matrix can be defined as
a graphic with two or more
dimensions that represent the
risks in a bank’s products,
products lines or departments.
It also prepares a way to
estimate the possibilities of
success for the bank’s activities
and to identify activities that
require stricter control than any
other.
Developing the risk matrix
1. List all the risk categories correlated
with the bank’s activities together
with the various activities restricted
under each risk category.
2. Determine the severity and frequency
of each event.
3. Both parameters are graded on a
scale of 1-5 and multiplied together
resulting to an index number
between 1 and 25.
16
17. Inherent Risk
Definition: the quantifiable risks that do not immediately be
seen after the bank has predicted the characteristics, complexity
and volume of risk-causing activities.
In estimating these inherent risks, the bank must take into
account the adequacy and capability of existing risk
management measures.
The bank should also add information on the risks impact to
the bank resources (high, moderate, low).
High inherent risk > Bank’s activity has a high implication and
influence to its resources.
Low inherent risk > A level of risk that can easily be absorbed
by the bank.
17
18. Risk Mitigation Process
Four possible actions that could be
taken to manage risk materialization:
Avoid risk
Share risk
Execute risk mitigation
Ignore risk
In Islamic banks, the risk mitigation
process is a bit complicated.
The bank must scrutinize the
characteristics of every risk it would
like to mitigate including their causes,
mechanisms and impacts
Example:
Cause: Bank disburses loans to credit
customers
Impact: Credit risks (repayment
defaults)
Mechanism:
The bank put aside a certain amount
of resources
Ask the debtor to provide collateral
18
19. Risk Review Process
The results of risk analysis are taken and changed into
policy recommendations for the treatment and
prioritization of risks
The actual risk levels in an Islamic bank are monitored and
compared to the prior risk management standards.
Revisions and adjustments would be made to the present
risk management policies (if any)
19
20. Infrastructure And Facilities
Documentation
Risk management policy document should
cover:
Scope, aims and goals of risk management
The company management’s philosophy
towards risk management
Risk identification procedures
Organizational structure and governance
Risk management framework
Organizational structure
The Islamic bank’s risk management organs
is usually consist of a risk management
committee, a risk management task force
and a risk monitoring committee.
Characteristics:
Risk management committee: a membership
that can be fluid or fixed depending on the
bank needs, the appointment of a
compliance director or a risk management
director, etc.
Risk management task force: organizational
structure tailored to the company’s size and
complexity, the leading task force officer
responsible to a specially appointed member
of the board directors, etc.
Risk monitoring committee: chaired by an
independent commissioner, membership
consists of board of commissioners members
and independent external experts in risk
management.
20
21. Infrastructure And Facilities
Information Technology
Systems
Allows perfect information
transmission between the Islamic
bank and its stakeholders whether
internal (business units, officers) or
external (customers, debtors,
market).
i.e. Under musharakah contract,
able to find out the financial
performance of the customer’s
business from the periodic
financial reports provided by the
customer, through an established
sound and well-integrated IT
system.
Database Systems
Evaluation of some particular
types of risk requires certain form
of data that are very hard to
collect automatically
i.e. Calculation of operational risks
requires data on system errors,
human errors, fraud, etc.
21
22. Risk Measurement Models
Before the 1970s, the most common risk measurement
methods were credit scoring methods like the Altman Z-
Score and the logit method.
Transformations happened due to increment of complexity
of banking activities and development of information
technology
Islamic bank must first understand the various risk
measurement methods in existence before choosing the
best one
22
23. Conclusion
The Islamic bank will eventually face various risks, financial
and non-financial as the other banks causing risk
management process to become fundamental.
Risk management process consists of risk identification,
risk measurement, risk mitigation, risk monitoring and
review plus important elements like risk appetite, risk
matrix, and inherent risk.
All in all, all of this can only be ensured if the Islamic bank
properly applies the principles of Islamic Syariah in
designing its financial products and services as well as in its
operations.
23