Main
>
Legal Framework
>
9. OPERATIONAL RISK
FINANCIAL SERVICES LEGISLATION
RULES
ISLAMIC BANKING BUSINESS PRUDENTIAL RULES
9. OPERATIONAL RISK
9.1. General
9.2. Operational risk—Shari’ah non-compliance
9.3. Operational risk—legal
9.4. Role of governing body—operational risk
9.5. Powers of the AFSA
9.6. Policies—compliance with Shari’ah
9.7. Policies—business continuity
9.8. Policies—information infrastructure
9.9. Policies—outsourcing
9.10. Operational risk Capital requirement - Basic indicator approach
9.11. Operational risks relating to Islamic financial contracts
9.12. Requirements for murabahah and ijarah contracts
9.13. Requirements for salam and istisna contracts
9.14. Requirements for mudarabah and musharakah contracts
9.15. Operational risks—murabahah
9.16. Operational risks—salam
9.17. Operational risks—istisna
9.18. Operational risks—ijarah and IMB contracts
9.19. Operational risks—musharakah
9.20. Operational risks—mudarabah
Entire Act

9. OPERATIONAL RISK

9.1. General

(1) Rules 9.1 to 9.9 of this Chapter sets out the requirements for an Islamic Bank’s operational risk management policy to identify, measure, evaluate, manage and control or mitigate operational risk. Part 11.4 gives guidance on operational risk as it relates to Islamic financial contracts.

(2) Operational risk is the risk resulting from inadequate or failed internal processes, people and systems, or from external events. It can be classified into general risk, Shari’ah noncompliance risk and legal risk.

(3) Operational risk does not include strategic risk and reputational risk.

(4) Part of an Islamic Bank’s general operational risk arises from banking operations that are common to all financial institutions. For example, an Islamic Bank must ensure that its critical payments are made promptly in order to avoid systemic disruptions to other payment systems and money markets.

(5) The other part arises from the asset-backed nature of its financial products. For example, murabahah, salam, istisna and ijarah may give rise to additional forms of operational risk in contract drafting and execution.

Guidance

Although the operational risk that could arise for Islamic Banks can be considered similar to that of conventional banks, the characteristics of such risk may be different, thus:

(a) Shari’ah-compliant products may involve processing steps different from those of their conventional counterparts

(b) the assets held on the balance sheets of Islamic Banks (physical assets and real estate) are different from those of conventional banks

(c) the requirements of Shari’ah-compliance result in different risks relating to information technology products and systems.

9.2. Operational risk—Shari’ah non-compliance

(1) Shari’ah non-compliance risk, of an Islamic Bank, is the risk of non-compliance resulting from the failure of an Islamic Bank’s Shari’ah compliance policy to ensure that Shari’ah rules and principles (as determined by its Shari’ah supervisory board) are complied with.

(2) The risk can lead to non-recognition of an Islamic Bank’s income, and resultant losses. For sukuk, the risk may adversely affect the marketability (and, therefore, the value) of the sukuk.

(3) Shari’ah non-compliance risk can take 2 forms:

(a) the risk relating to potential non-compliance with Shari’ah rules and principles in an Islamic Bank’s operations, including the risk that non permissible income is recognised; and

(b) the risk relating to an Islamic Bank’s fiduciary responsibilities as mudarib towards fund providers under a mudarabah contract, according to which, in the case of negligence, misconduct, fraud or breach of contract by the mudarib, the funds provided by the fund providers become a liability of the mudarib.

9.3. Operational risk—legal

(1) Legal risk, of an Islamic Bank, includes exposures to fines, penalties or punitive damages resulting from supervisory actions as well as private settlements.

(2) The risk can arise from:

  • (a) an Islamic Bank’s operations (that is, from legal risks common to all financial institutions); or
  • (b) problems of legal uncertainty in interpreting and enforcing contracts based on Shari’ah.

(3) Legal risk also includes the risk that sukuk in which an Islamic Bank is the originator, sponsor or manager fail to perform as intended because of a legal deficiency.

9.4. Role of governing body—operational risk

(1) An Islamic Bank’s governing body must ensure that an Islamic Bank’s operational risk management policy addresses, on a firm-wide basis, all the major aspects of operational risk in an Islamic Bank’s business.

(2) In particular, the governing body must ensure that a Shari’ah governance mechanism is incorporated into an Islamic Bank’s operational risk management policy and that there is appropriate cooperation and communication between an Islamic Bank’s risk management function, governing body and the Shari’ah supervisory board.

9.5. Powers of the AFSA

Despite anything in these rules, if the AFSA identifies points of exposure or vulnerability to operational risk that are common to 2 or more Islamic Banks, it may impose specific Capital requirements or limits on each affected firm.

Examples

    (i) outsourcing of important operations by many Islamic Banks to a single provider

  • (ii) severe disruption to providers of payment and settlement services

9.6. Policies—compliance with Shari’ah

An Islamic Bank must establish and implement policies to ensure that its business is conducted in accordance with Shari’ah. The policies must include effective and comprehensive procedures so that an Islamic Bank complies with:

  • (a) Shari’ah (in general and in relation to the requirements for Islamic financial contracts); and
  • (b) the fatwas, rulings and guidelines issued by its Shari’ah supervisory board.

9.7. Policies—business continuity

(1) An Islamic bank’s operational risk management policy must include effective and comprehensive procedures for disaster recovery and business continuity.

(2) An Islamic Bank must have a business continuity plan for possible scenarios of severe business disruption. The plan must provide for an Islamic Bank to continue to operate as a going concern, and to minimise losses (especially those from disturbances to payment and settlement systems), in those scenarios.

9.8. Policies—information infrastructure

(1) An Islamic Bank must establish and implement appropriate information technology policies for the accurate and timely identification, measurement, evaluation, management and control or mitigation of operational risk. In particular, the policies must enable an Islamic Bank to maintain an adequate and sound information infrastructure:

(a) that meets an Islamic Bank’s current and projected requirements (under normal circumstances and in times of stress);

(b) that ensures that the data, and the system itself, remain secure and available; and

(c) that supports integrated and comprehensive risk management.

(2) An Islamic Bank’s information infrastructure must enable an Islamic Bank to compile and analyse operational risk data, and must facilitate reporting to an Islamic Bank’s governing body and senior management and the AFSA.

(3) An Islamic Bank must have appropriate reporting procedures to keep the AFSA informed of developments affecting operational risk at an Islamic Bank.

9.9. Policies—outsourcing

(1) An Islamic Bank must establish appropriate policies to assess, manage and monitor outsourced activities. The management of those activities must include:

  • (a) carrying out due diligence for selecting service providers;
  • (b) structuring outsourcing arrangements;
  • (c) managing and reporting the risks associated with an outsourcing;
  • (d) ensuring effective control over an outsourcing; and
  • (e) contingency planning.

(2) The outsourcing policies must require an Islamic Bank to have comprehensive contracts and service level agreements. The contract and agreements must clearly state the allocation of responsibilities between service providers and an Islamic Bank.

9.10. Operational risk Capital requirement - Basic indicator approach

(1) An Islamic Bank must use the basic indicator approach to operational risk. Operational risk Capital requirement is the amount of Capital that an Islamic Bank must have to cover its operational risk.

(2) An Islamic Bank’s operational risk Capital requirement is calculated in accordance with the following formula:

where:

GI is an Islamic Bank’s average annual gross income (as defined in sub-rule (3) below) for those years (out of the previous 3 years) for which an Islamic Bank’s annual gross income is more than zero. α is 15% or a higher percentage set by the AFSA. n is the number of years out of the previous 3 years for which an Islamic Bank’s gross income is more than zero.

(3) Gross income, for a year, means the total of the following income for the year:

  1. (a) net income from financing activities, which is gross of provisions, operating expenses and depreciation of ijarah assets;
  2. (b) net income from investment activities, which includes an Islamic Bank’s share of profit from mudarabah and musharakah;
  3. (c) fee income, which includes commissions and agency fees; less an Islamic Bank’s share in income attributable to IAHs and other account holders.

(4) Gross income excludes:

  1. (a) realised profits from the sale of securities in the banking book;
  2. (b) realised profits from securities in the ‘Held to Maturity’ category in the banking book;
  3. (c) extraordinary or irregular items of income;
  4. (d) income derived from insurance;
  5. (e) any collection from previously written-off loans; and
  6. (f) income obtained from the disposal of real estate and other assets during the year.

Guidance

Because of the definitions of GI and n, figures for any year in which the annual gross income of a firm is negative or zero must be excluded from both the numerator and denominator when calculating the average.

9.11. Operational risks relating to Islamic financial contracts

An Islamic bank’s failure to comply with the requirements, or any lack of precision in contract documentation, may give rise to Shari’ah non-compliance risk.

9.12. Requirements for murabahah and ijarah contracts

(1) The asset is in existence at the time of sale or lease or, in the case of ijarah, the lease contract is preceded by acquisition of the usufruct of that asset (except if the asset was agreed upon based on a general specification).

(2) The asset is in the legal and constructive possession of the Islamic Bank when it is offered for sale or lease.

(3) The asset is intended to be used by the buyer or lessee for activities or businesses permissible by Shari’ah. If the asset is leased back to its owner in the first lease period, it does not lead to a contract of ’inah.

Guidance

An ’inah (also called bay ’inah or bay-al inah) is a double sale by which the borrower and the lender sell and then resell an asset between them, once for cash and once for a higher price whose payment is deferred. The net result is a loan with interest and, as such, is prohibited by the majority of Shari’ah scholars.

(4) There is no late payment penalty fee or increase in price in exchange for extending or rescheduling the date of payment of accounts receivable or lease receivable, irrespective of whether the obligor is solvent or insolvent.

9.13. Requirements for salam and istisna contracts

(1) Sale and purchase contracts cannot be interdependent and interconditional on each other (such as salam and parallel salam, or istisna and parallel istisna).

(2) The is no penalty clause for delay in the delivery of a commodity that is purchased under a salam contract. However, such a penalty clause is allowed under istisna and parallel istisna.

Guidance

An essential characteristic of a salam or istisna contract is that the subject matter does not, and is not required to, exist physically when the parties enter into the contract.

9.14. Requirements for mudarabah and musharakah contracts

(1) The Capital of the Islamic Bank should be invested in Shari’ah-compliant investments or business activities.

(2) A partner in musharakah cannot guarantee the Capital of another partner, nor may the mudarib guarantee the Capital of the mudarabah.

(3) The purchase price of another partner’s share in a musharakah with a binding promise to purchase can only be set at market value or according to an agreement entered into at the time the contract became binding. However, the agreement should not stipulate that the share be purchased at its nominal value based on the Capital originally contributed.

9.15. Operational risks—murabahah

(1) At the time the murabahah contract becomes binding, it is required that an Islamic Bank has purchased the asset and had it in its legal or constructive possession before selling it to the customer. Therefore, an Islamic Bank should ensure that the legal characteristics of the contract properly match the commercial intent of the transactions.

(2) If the mudarabah customer acts as the agent of an Islamic Bank for purchasing the asset, title to the asset should first pass to an Islamic Bank and not directly to the customer.

9.16. Operational risks—salam

(1) This rule sets out the operational risks that may arise when an Islamic Bank purchases from a customer, under a salam contract, goods against advanced payment.

(2) If the underlying goods are agricultural commodities and the goods delivered are of an inferior quality to that specified in the contract, the Islamic Bank (as buyer) should:

  • (a) reject the goods; or
  • (b) accept them at the originally agreed price.

In the latter case, an Islamic Bank may suffer loss if it sells the goods at a lower price than would have been obtained for those specified in the contract.

(3) The underlying goods may be delivered by the customer before the agreed date. If the goods delivered meet the contract specifications, the Islamic Bank (as buyer):

  • (a) normally has to accept the goods before the agreed delivery date; and
  • (b) may incur additional costs for storage, takaful cover and deterioration (if the goods are perishable) before the goods are resold.

(4) An Islamic Bank may face legal risk if the goods in a parallel salam cannot be delivered to the parallel salam buyer because of:

  • (a) late delivery by the salam seller (the customer); or
  • (b) delay by an Islamic Bank itself.

For legal risk not to arise in such a case, the parallel salam buyer will have to agree to change the delivery date of the goods.

Guidance

In case of a parallel salam, however, the buyer of the commodity from the Islamic Bank may (but is not obliged to) agree to accept the goods at the contract price. In such a case, an Islamic Bank does not suffer any loss of profit.

9.17. Operational risks—istisna

(1) In the case of istisna with parallel istisna, an Islamic Bank contracts to deliver a constructed or manufactured asset and enters into a contract with a subcontractor to construct or manufacture the asset.

(2) The reliance of an Islamic Bank on the subcontractor can expose it to various operational risks such as those set out in (3) to (6) below. These risks need to be managed by a combination of:

  • (a) legal precautions;
  • (b) due diligence in choosing subcontractors; and
  • (c) selection of suitably qualified consultants and staff to carry out the contract with the subcontractor and, ultimately, deliver the constructed or manufactured asset to the customer.

(3) In case of late delivery by the subcontractor, an Islamic Bank may be unable to deliver the asset to the ultimate customer on the agreed date, and can, therefore, be subject to penalties for late delivery.

(4) In case of cost overruns during the construction or manufacturing process (because of increases in the prices of raw materials, increases in manufacturing or production costs or delays by the subcontractor), additional costs may have to be absorbed wholly or partly by an Islamic Bank, in the absence of an agreement in advance with the ultimate customer.

(5) If the subcontractor fails to meet quality standards or other specifications agreed with the ultimate customer, an Islamic Bank may face legal risk if no agreement is reached with the subcontractor and the ultimate customer:

  • (a) for remedying the defects; or
  • (b) for reducing the contract price.

(6) If the subcontractor fails to complete the asset on time, an Islamic Bank may have to find a replacement from the market and can, therefore, be subject to additional costs.

9.18. Operational risks—ijarah and IMB contracts

(1) In an ijarah or IMB contract, an Islamic Bank (as lessor) may face, during the period of lease, the operational risks set out in this rule.

(2) The ultimate use of the ijarah asset should be Shari’ah-compliant. Otherwise, an Islamic Bank will be exposed to non-recognition of the ijarah income as non-permissible, and an Islamic Bank will be required to repossess the asset and find a new lessee.

(3) If the lessee damages the asset in its possession and refuses to pay for the damage, an Islamic Bank will have to repossess the asset and take legal action to cover damages. This might involve operational and litigation costs.

(4) In the event of severe damage or destruction of the asset without the fault of the lessee, an Islamic Bank (as lessor) is required to provide a replacement to the lessee. If the asset is not insured, an Islamic Bank will have to bear the cost of buying the new asset.

(5) Further, if an Islamic Bank fails to provide the lessee with a replacement, the lessee may terminate the ijarah contract without paying the rentals for the remaining period.

(6) In the event of default or misconduct by the lessee, an Islamic Bank may face legal risk in relation to the enforcement of its contractual right to repossess the asset.

9.19. Operational risks—musharakah

(1) In a musharakah contract, an Islamic Bank provides financing on the basis of a profitsharing and loss-sharing contract.

(2) An Islamic Bank may fail to carry out adequate due diligence on the customer or the financed venture.

(3) During the period of the investment, an Islamic Bank may fail to monitor the venture’s financial performance adequately or may not receive the required information from the customer.

9.20. Operational risks—mudarabah

(1) In a mudarabah contract, an Islamic Bank provides financing on the basis of a profitsharing and loss-bearing contract.

(2) An Islamic Bank’s customer (as mudarib) is not required to bear any losses, in the absence of negligence, misconduct, fraud or breach of contract on its part. The customer is required to act in a fiduciary capacity as the manager of an Islamic Bank’s funds.

(3) The absence of an Islamic Bank’s right to control the management of the enterprise as Capital provider (rabb al-mal) may give rise to operational risk.

(4) The customer may fail to provide an Islamic Bank with regular, adequate and reliable information about the financial performance of the venture.

(5) An Islamic Bank may fail to carry out adequate due diligence on the customer or the financed venture.