Upload
roberta-dawson
View
217
Download
1
Embed Size (px)
Citation preview
© 2014 HUMAYON DAR; A seminar delivered at Qatar Faculty of Islamic Studies on May 13, 2014
HUMAYON DAR
CHAIRMAN, PRESIDENT & CEO
EDBIZ CORPORATION
Risk MANAGEMENT
in Islamic Banking and Finance Shari’a, Legal and Operational Risks
INTRODUCTION
• Risk Management in Islamic Banking and Finance• Operational risk is more complex and difficult to quantify• Quantification methods are imperfect and still evolving• Islamic Financial Services Board (IFSB)• Focus on Operational Risk Management in Islamic Finance
FOCUS ON OPERATIONAL OPERATIONAL RISK IN ISLAMIC FINANCE
RWCR =K
A + B – C
IFSB Standard Formula
where
RWCR = Risk-weighted Capital Requirement
A = Total Risk-weighted Assets [Credit + Market Risks]
B = Operational Risks
C = Risk-weighted Assets Funded by Profit Sharing Investment Accounts
≥ 8%
FOCUS ON OPERATIONAL OPERATIONAL RISK IN ISLAMIC FINANCE
RWCR =K
A + B – C – (1-α)D – α.E
Regulatory Discretion Formula
where
RWCR = Risk-weighted Capital Requirement
A = Total Risk-weighted Assets [Credit + Market Risks]
B = Operational Risks
C = Risk-weighted Assets Funded by Profit Sharing Investment Accounts
0 ≤ α ≤ 1
D = Risk-weighted Assets Funded by Unrestricted Profit Sharing Investment Accounts
E = Risk-weighted Assets Funded by Restricted Profit Sharing Investment Accounts
≥ 8%
FOCUS ON OPERATIONAL OPERATIONAL RISK IN ISLAMIC FINANCE
RWCR =Eligible Capital
TRWA [Credit + Market Risks] + Operational Risks – RWA Funded by PSIAs [Credit + Market Risks]
IFSB Standard Formula
Supervisory Discretion Formula
RWCR =Eligible Capital
TRWA [Credit + Market Risks] + Operational Risks – RWA Funded by PSIAs [Credit + Market Risks] –
(1- a)RWA Funded by UPSIAs[Credit + Market Risks] – (a)RWA Funded by RPSIAs [Credit + Market Risks
≥ 8%
≥ 8%
OPERATIONAL RISK DEFINED
OPERATIONAL RISK is defined as the risk of loss resulting from the inadequacy or failure of internal processes, as related to people and systems, or from external risks [Van Greuning and Iqbal (2008), p. 174]
ISLAMIC FINANCIAL SERVICES BOARD [IFSB] includes Shari’a risk under the definition of operational risk
[Guiding Principles of Risk Management for Institutions (other than Insurance Institutions) Offering Only Islamic Finance Services 2005, No. 7]
SHARI’A [NON-COMPLIANCE] RISK is the risk that arises from an IFI’s failure to comply with the Shari’a rules and principles determined by its Shari’a Board or the relevant body in the jurisdiction in which the IFI operates
[IFSB, ibid, 7.2 (121)]
OPERATIONAL RISK: CAUSE EVENT AND EFFECT
CAUSE EVENT EFFECT
Internal processesPeopleSystems
Internal processes[No clear policy on the LC*]
Internal fraudExternal riskDamage to physical assets
External risk (Piracy)
Write-downLegal liabilityLoss of recourse
Write-down
Management
Measurement
*Whether to be on the FOB shipping port or destination basis
OPERATIONAL RISK: CAUSE EVENT AND EFFECT
CAUSE EVENT EFFECT
Internal processesPeopleSystems
People
Internal fraudExternal riskDamage to physical assets
Internal fraud (Misinforming the client*)
Write-downLegal liabilityLoss of recourse
Legal liability
Management
Measurement
*Misinforming the client that it was a regulatory requirement to convert foreign remittances into local currency
OPERATIONAL RISK: GENERAL CONSIDERATIONS
OPERATIONAL RISK covers any risk that may arise from general and specific operations of an organisation, and in the present context, banks in general and Islamic banks and financial institutions in particular.
As it is general in nature, hence it is difficult to quantify it precisely. This is why it has not been of a major focus prior to an emphasis on it by Basle Committee on Banking Supervision [BSBC].
In a well-run bank (or financial institution), its incidence is expected to be less. Hence, a starting point to quantify it must have something to do with the management function.
Management consists of the interlocking functions of creating corporate policy and organizing, planning, controlling, and directing an organization's resources in order to achieve the objectives of that policy.
GENERAL OPERATIONAL RISKS
1. Failure to open branch(es) in time [part of people risk]
2. Misinformation to customers
3. Theft (stationery, equipment etc.) and misuse
4. Technology breakdown
5. Electricity shutdwon
6. Bad weather
7. Accidents
8. Acts of terrorism
9. An adverse Shari’a opinion about a product
10.Withdrawal of funds
11.A senior (Muslim) member of the executive management team of an Islamic bank is seen drinking alcohol on QR302 flight and someone has uploaded a video on YouTube with a caption: “Is it Islamic? Islamic Banks’ Non-Islamic Bankers”
GENERAL OPERATIONAL RISKS
12.Somehow, your online banking system has a loophole and some online search engines have started picking up “cache” pages of some of the customers who view their accounts using a particular internet browser
OPERATIONAL RISKS IN ISLAMIC FINANCIAL INSTITUTIONS
• Possible loss arising from Shari’a non-compliance of Islamic financial institutions and failure of acting in accordance with the fiduciary responsibilities of management of such institutions
• If an IFI / Islamic bank does not comply with Shari’a rules and principles, its transactions must be cancelled and income generated from them shall be considered as illegitimate
• Recent example:– Bank Negara Malaysia issued new guidelines on Bai’ ‘Ina in 2012, which
came after the Shari’a guidelines for Islamic banks and Takaful companies, making it clear that any non-compliance with Shari’a will not only be considered as illegal but the bank will also have to claw back income from the non-compliant transactions
OPERATIONAL RISKS IN ISLAMIC FINANCIAL INSTITUTIONS
• FIDUCIARY RISK is thus also part of the IFSB’s definition of operational risk
• IFSB’s PRINCIPLE 7.2IFI / Islamic bank must have in place appropriate mechanisms to safeguard
the interests of all fund providers. Where Investment Account Holders [IAH] funds are commingled with IFI’s own funds, IFI must ensure that the bases for asset, revenue, expense and profit allocations are established, applied and reported in a manner consistent with IFI’s fiduciary responsibilities.
[Guiding Principles of Risk Management for Institutions (other than Insurance Institutions) Offering Only Islamic Finance Services 2005, No. 7.2]
OPERATIONAL RISKS IN ISLAMIC FINANCIAL INSTITUTIONS
WHY IS SHARI’A RISK DEEMED AS PART OF THE OPERATIONAL RISK?
• For example, if in an Bai’ ‘Ina transaction, an evidence was found that the bank staff actually made the two transactions (first sale to the customer and the second purchase from the customer) inter-linked, even verbally or through an action, the transaction will be deemed Shari’a con-compliant and the bank will be asked to claw back all the accrued income from the transaction and donate it to charity (and possibly face some penalty from the regulator).
• This is certainly a failure in the Shari’a process on part of the personnel, and hence should be considered as an operational risk.
OPERATIONAL RISKS IN ISLAMIC FINANCIAL INSTITUTIONS
• In summary, operational risk in IFIs also include:
– Legal risk– Shari’a risk– Fiduciary risk
• Reputational risk arising from Shari’a non-compliance and failure to act in accordance with the fiduciary duties of Islamic banks’ management is also critical
SHARI’A, LEGAL AND OPERATIONAL RISKS: SOME EXAMPLES (1)
• A UAE-based Islamic bank sold a used car to a customer on Murabaha basis• A few months into the contract, the customer met an accident while driving
the purchased car• While dealing with the case, the police found out that the car was reported
missing a few months back• [The bank actually happened to have bought a “stolen” car before selling it to
the customer]• The customer disputed with the bank and asked for full refund of the money
he had already paid• On the other hand, the bank wanted to accelerate the payments and asked the
customer to pay the amount in full
SHARI’A, LEGAL AND OPERATIONAL RISKS: SOME EXAMPLES (2)
• A Saudi bank provided seed capital for an Islamic equity fund• The bank was informed that the fund would follow AAOIFI Shari’a
screening methodology• The internal communication between the bank management and its Shari’a
Advisory Committee was in Arabic• After the fund was launched by the fund manager, the Shari’a Advisory
Committee objected to the the impermissible income ratio used by the fund• The fund used [IMPERMISSIBLE INCOME/TOTAL INCOME < 5] while
the Shari’a Advisory Committee proposed [IMPERMISSIBLE INCOME /PERMISSIBLE INCOME < 5]
• LESSIONS ???
SHARI’A, LEGAL AND OPERATIONAL RISKS: SOME EXAMPLES (3)
• In 1998, an official of a UAE Islamic bank did not conform to the bank’s internal credit term
• It cost the bank US$50 million• This resulted in a one-day run on the bank’s deposits to the tune of US$138
million, representing 7 percent of the bank’s total deposits
[Van Greuning and Iqbal (2008), p. 175]
SHARI’A, LEGAL AND OPERATIONAL RISKS: SOME EXAMPLES (4)
• An Islamic bank had to incur losses on an international trade finance transaction when a ship carrying the goods it had financed was captured by pirates
• The bank had made the payment on the basis of FOB Shipping Point• The transaction got delayed by three months• The bank incurred a loss of 3-month credit income
OPERATIONAL RISKS SUMMARISED
Reputational Risk
Shari’a Risk
Fiduciary Risk
People Risk
Technology Risk
Displaced Commercial Risk
Withdrawal Risk
There is certainly an overlapping of these risks and it is important to take into account double counting when calculating operational risk capital charge
OPERATIONAL RISK AND ISLAMIC FINANCIAL CONTRACTS
Musharaka
Murabaha
Ijara
Istisna’
Salam
Mudaraba
Operational Risk
OPERATIONAL RISK MANAGEMENT
•The Operational Risk Management framework should include:
– Identification –Measurement–Monitoring– Reporting– Control and –Mitigation
OPERATIONAL RISK MANAGEMENT: IDENTIFICATION
•Technology
– How many servers are hosting the data and IT systems? – Is there a back-up server?– Is the back-up server in the same place (building/street/city/country)?– How many people are responsible server management and maintenance?–What is the frequency of system back-ups?–Where are the back-up tapes / CDs kept?
In 2012, computer failure cost RBS £100 million
OPERATIONAL RISK MANAGEMENT: IDENTIFICATION
•Sales
– It is important for bank personnel to understand fully what they are selling to their customers
– Advertisements on print and electronic media, one-on-one sale pitches and all other marketing and sales material must go through strict scrutiny
– Telephonic sales calls must be recorded and scrutinised by the senior management to identify “conversations” that may lead to potential losses
In UK, mis-selling of PPI has cost banks billions of pounds
OPERATIONAL RISK MANAGEMENT: IDENTIFICATION
•Documentation
–It is absolutely imperative that all the legal documents used for Islamic financial products are vetted by competent personnel well-versed in Shari’a and law
[In a lot of cases, law firms preparing documents for Islamic financial contracts adpat/amend the templates that they otherwise use for conventional financial products; this may leave reference to “interest”, penalty etc unchanged, which may make the contract Shari’a non-compliant]–For conventional banks involved in Islamic banking and finance, it is
important that they ensure that the Shari’a documents are executed and a proper record of the same is maintained, in addition to the legal documentation required conventionally
OPERATIONAL RISK MANAGEMENT: MEASUREMENT
•There are two main approaches to quantify operational risk management:
– Basic Indicator Approach [BIA] – Standardised Approach [STA]
OPERATIONAL RISK MANAGEMENT: BIA
• The BIA is based on the following simple formula:
KBIA = α.GI
where
KBIA = Capital charge under BIA
α = the pre-defined scaling factor set by BCBS
GI = average gross income over the last three years• Gross income is used as a measure of operational risk because:
–It is a reasonable indicator of the size of the activities–It is readily available–It is verifiable–It is reasonably consistent and comparable across jurisdictions –It has the advantage of being counter-cyclical
OPERATIONAL RISK MANAGEMENT: BIA
• The gross income is the sum of:
–Net interest income–Net non-interest income–Net trading income–Other income
• For Islamic banks, the gross income can be sum of:–Net income from service-based activities–Net trading income from the Murabaha, Salam, Ijara based transactions–Other income may include investments in Shari’a compliant securities,
including Sukuk, and Mudaraba and Musharak based investments
OPERATIONAL RISK MANAGEMENT: STA
•The STA is a more detailed approach that classifies bank activities into eight business lines:
1. Corporate finance
2. Trading and sales
3. Retail banking
4. Commercial banking
5. Payment and settlements
6. Agency services• Asset management• Retail brokerage
OPERATIONAL RISK MANAGEMENT: STA
•The STA is based on the following modified formula:
KSTA = Σi=1 βi.GIi
where
KSTA = The capital charge under the Standardised Approach
GI = Average annual level of income in the last three years
βi = Beta values for each business line
8
BETA VALUES FOR DIFFERENT BUSINESS LINES
Corporate finance = β1 = 0.18
Trading and sales = β2 = 0.18
Retail banking = β3 = 0.12
Commercial banking = β4 = 0.15
Payment and settlements = β5 = 0.18
Agency services = β6 = 0.15
Asset management = β7 = 0.12
Retail brokerage = β8 = 0.12
STA COMPARED BETWEEN A AND BA B
Identification Excellent Good
Measurement Very Good Average
Monitoring Excellent Average
Reporting Good Bad
Mitigation Good Good
Control Good Good
β1 0.18 0.18
β2 0.18 0.18
β3 0.12 0.12
β4 0.15 0.15
β5 0.18 0.18
β6 0.15 0.15
β7 0.12 0.12
β8 0.12 0.12
STA COMPARED BETWEEN A AND BA B
Identification Excellent Good
Measurement Very Good Average
Monitoring Excellent Average
Reporting Good Bad
Mitigation Good Good
Control Good Good
β1
β2
β3
β4
β5
β6
β7
β8
<
<
<
<
<
<
<
<
BIA AND STA : CRITICISM
– “Eating fried shrimps lead to capital punishment”– Gross income approach – is it adequate to capture the incidence of
operational risk?– How about other factors?
• Sources of income (number of products and investments)• Stability/volatility of income• Number of employees• Number of clients
QUANTIFICATION OF OPERANTIONAL RISK: MANAGEMENT APPROACH
– Instead of relating the operational risk to the size of the organisation (gross income), it might not be a bad idea to look into the management function deeply to come up with a measure of operational risk.
– For example, a one-man firm (an owner-managed firm) should have less incidence of operational risk as compared to a firm with multiple personnel (owners as well as managers).• Hence, complexity of organisation should be considered as a factor that
may affect the operational risk– More complex organisations should be more prone to operational
risk– In complex organisations, both the management and control
functions should be strong to reduce incidence of operational risk
QUANTIFICATION OF OPERANTIONAL RISK: MANAGEMENT APPROACH
– In IFIs, there should be an additional control function around Shari’a compliance
MEASUREMENT OF MANAGEMENT AND CONTROL FUNCTIONS
Identification
I1 I2 I3 I4 … In
Measurement
Me1 Me2 Me3 Me4 … Men
Monitoring Mo1 Mo2 Mo3 Mo4 … Mon
Reporting R1 R2 R3 R4 … Rn
Mitigation Mi1 Mi3 Mi3 Mi4 … Min
Control C1 C2 C3 C4 … Cn
MEASUREMENT OF MANAGEMENT AND CONTROL FUNCTIONS
B1
B2
B3
… Bn
B1
B2
B3
… Bn
B1
B2
B3
… Bn
B1
B2
B3
… Bn
I11
I12
I13
… I1n
I21
I22
I23
… I2n
I31
I32
I33
… I3n
… In1
In2
In3
… Inn
Me11
Me12
Me13
… Me1n
Me21
Me22
Me23
… Me2n
Me31
Me32
Me33
… Me3n
… Men1
Men2
Men3
… Menn
Mo11
Mo12
Mo13
… Mo1n
Mo21
Mo22
Mo23
… Mo2n
Mo31
Mo32
Mo33
… Mo3n
… Mon1
Mon2
Mon3
… Monn
R11
R12
R13
… R1n
R21
R22
R23
… R2n
R31
R32
R33
… R3n
… Rn1
Rn2
Rn3
… Rnn
Mo11
Mo12
Mo13
… Mo1n
Mo21
Mo22
Mi23
… Mi2n
Mi31
Mi32
Mi33
… Mi3n
… Min1
Min2
Min3
… Minn
C11
C12
C13
… C1n
C21
C22
C23
… C2n
C31
C32
C33
… C3n
… Cn1
Cn2
Cn3
… Cnn
MEASUREMENT OF MANAGEMENT AND CONTROL FUNCTIONS: CONSTRUCTION OF Γ GRID
γ11 γ12 γ13 … γ1j
γ21 γ22 γ23 … γ2j
γ31 γ32 γ33 … γ3j
… … … … …
γi1 γi2 γi3 … γij
MEASUREMENT OF MANAGEMENT AND CONTROL FUNCTIONS: CONSTRUCTION OF WEIGHTS
w11 w12 w13 … w1j
w21 w22 w23 … w2j
w31 w32 w33 … w3j
… … … … …
wi1 wi2 wi3 … wij
MEASUREMENT OF MANAGEMENT AND CONTROL FUNCTIONS: CONSTRUCTION OF Γ GRID
w11γ11 w12γ12 w13γ13 … w1jγ1j
w21γ21 w22γ22 w23γ23 … w2jγ2j
w31γ31 w32γ32 w33γ33 … w3jγ3j
… … … … …
wi1γi1 wi2γi2 wi3γi3 … wijγij
γ1 γ2 γ3 … γj
MEASUREMENT OF MANAGEMENT AND CONTROL FUNCTIONS: CONSTRUCTION OF Γ GRID
where
The final gamma is in standardised form
MODIFIED STA COMPARED BETWEEN A AND BA (γ1 = 0.75) B (γ2 = 0.56)
Identification Excellent Good
Measurement Very Good Average
Monitoring Excellent Average
Reporting Good Bad
Mitigation Good Good
Control Good Good
β1 0.06 0.15
β2 0.06 0.15
β3 0.04 0.10
β4 0.05 0.12
β5 0.06 0.15
β6 0.05 0.12
β7 0.04 0.10
β8 0.04 0.10
<
<
<
<
<
<
<
<
MONITORING AND REPORTING OF OPERATIONAL RISKS
• Operational risk grid should be made available to the top management on a frequent basis
• Dedicated personnel working for the risk management and operational management teams
• Operational risk grid should me made available throughout the organisation, with a score
MITIGATION AND CONTROL OF OPERATIONAL RISKS
• Assurance of compliance with Shari’a– Setting up and maintaining a Shari’a Advisory Committee as per
regulatory requirements in a jurisdiction in which the IFI / Islamic bank is operating
• Documentation of contractual arrangements
• Shari’a compliance review
• Calculation of the impermissible income and its disbursement in accordance with the applicable Shari’a rules and guidelines
• The operational risk score should be a component in the bonus formula for the top management
DISCUSSION POINTS
• Is incidence of operational risk more in Islamic banks than their conventional counterparts? [Khan and Ahmed (2001), among others]
• Whether 8% capital minimum capital requirement is adequate in case of Islamic financial institutions?
• Is there a need for a separate focus on operational risk management given that it is part of the capital adequacy requirements for Islamic financial institutions?
• Any other questions?