Entire Act

APPENDIX 3: SUPERVISORY REVIEW AND EVALUATION PROCESS

A. Introduction

1. This appendix to the IBB Module sets out the rules, guidance and norms required to fulfil the regulatory requirements in respect of the regulatory requirements relating to supervisory review and evaluation process outlined in Chapter 14 of the IBB Module. These rules, guidance and norms supplement the regulatory requirements set out in the Rules in Chapter 14 of IBB Module. These elements convey the supervisory expectations of the AFSA regarding completion of the ICAAP process by an Islamic Bank. The AFSA will use these rules, norms and key elements specified here to assess compliance with IBB Module on ICAAP process.

B. Financial Group - Application

2. In relation to Rule 14.1, if an Islamic Bank is part of a Financial Group which is already subject to requirements prescribed in Chapter 14, the AFSA may consider a request for a waiver or modification in relation to those requirements.

C. Internal Capital Adequacy Assessment Process (ICAAP)

3. An Islamic Bank is required to carry out an ICAAP as detailed in Chapter 14 of the IBB Module and in this appendix. This process enables an Islamic Bank to determine and maintain an adequate amount and quality of capital, relative to its risk profile. More information and guidance on the establishment of an ICAAP and the manner of carrying out an ICAAP assessment is elaborated in this section.

4. The ICAAP is an internal process of an Islamic Bank which enables it to determine and maintain the amount and quality of capital that is adequate in relation to the Islamic Bank’s risk profile as assessed by conducting a comprehensive internal risk assessment process. Islamic Banks are encouraged to maintain capital over and above the regulatory minimum capital. The ICAAP, which should be based on an internal risk assessment process, should be embedded in the Islamic Bank’s business and organisational processes.

5. When assessing its capital needs, an Islamic Bank should take into account the impact of economic cycles, and sensitivity to other external risks and factors. For larger or more complex institutions, this may mean developing an appropriate stress testing and scenario testing framework. The AFSA does not prescribe any specific approach for the ICAAP and, consequently, an Islamic Bank can choose to implement an ICAAP which is proportionate to the nature, size and complexity of the business activities. In completing an ICAAP, an Islamic Bank must:

(a) estimate the amount of capital required to absorb potential losses, if any, for the significant risks identified through an internal risk assessment process;

(b) perform reasonable and proportionate sensitivity tests to analyse the impact of variation in the risk parameters of significant risks identified in the internal risk assessment process on the profitability and the capital position of the Islamic Bank;

(c) estimate, using the range and distribution of possible losses estimated from historical data, the level of capital required reasonably to cover likely losses;

(d) estimate the capital required to address potential increase in the Islamic Bank’s Capital Requirement to support planned growth in business levels or any significant deviation in growth from plans; and

(e) document the ranges of capital required for each of the factors identified above and enable the Governing Body and the senior management to form an overall view on the amount and quality of capital which that Islamic Bank should hold.

6. The AFSA does not require an Islamic Bank to implement ICAAP through sophisticated models and the AFSA has no prescribed approach for developing an internal capital model for the Islamic Bank’s ICAAP assessment. However, an Islamic Bank should be able to demonstrate:

(a) the methodologies and metrics employed in assessment of various non-financial risks like Shari’ah non-compliance risk;

(b) the confidence levels set and whether these are linked to its corporate strategy;

(c) the time horizons set for the different types of business that it undertakes;

(d) the extent of historic data used and back-testing carried out;

(e) that it has in place a process to verify the correctness of the model's outputs; and

(f) that it has the skills and resources to operate, maintain and develop the model.

7. If an Islamic Bank's internal model makes explicit or implicit assumptions in relation to correlations within or between risk types, or in relation to diversification benefits between business lines, the Islamic Bank should be able to explain to the AFSA, with the support of empirical evidence, the basis of those assumptions. An Islamic Bank's model should also reflect the past experience of both the Islamic Bank and the sectors in which it operates.

8. The assumptions required to aggregate risks that are modelled and the confidence levels adopted should be considered by the Islamic Bank's senior management. An Islamic Bank must also consider whether any relevant risks, including but not limited to Shari’ah non compliance risk, systems and control risks, are not captured by the model.

9. An Islamic Bank using an internal capital model must validate the assumptions of the model through a comprehensive stress testing programme. In particular, this validation should:

(a) test correlation assumptions (where risks are aggregated in this way) using combined stresses and scenario analyses;

(b) use stress tests to identify the extent to which the Islamic Bank's risk models omit non-linear effects, for instance the behaviour of derivatives in Market Risk models; and

(c) consider not just the effect of parallel shifts in market interest rate curves, but also the effect of those curves becoming steeper or flatter.

10. Any internal assessment of capital adequacy should address diversification benefits and transferability of capital resources between members of the Islamic Bank’s Financial Group. It should also describe the distribution of the capital required by its Financial Group across all entities, including the Islamic Bank.

D. Supervisory Review and Evaluation Process (SREP)

11. The guidance provided in this section of Appendix 3, covers the evaluation criteria and methodology for the supervisory review and evaluation process (referred to as SREP) that the AFSA may use when reviewing and evaluating the ICAAP of an Islamic Bank.

12. The documented results of the ICAAP assessment is required to be submitted to the AFSA. The AFSA will then employ the SREP process to evaluate the quality, completeness and consistency of the ICAAP of the Islamic Bank, to form a view on the overall risk profile of the Islamic Bank and to assess whether the capital held by the Islamic Bank is sufficient to deal with the risks faced by it.

13. Following a review of the ICAAP of an Islamic Bank, the AFSA may engage in a dialogue with the Islamic Bank to evaluate its self-assessment of its risk exposures and where relevant, determine the amount of additional capital which the AFSA considers that the Islamic Bank should hold resulting from the ICAAP or SREP.

14. The AFSA may conduct a SREP to review and evaluate the assessments carried out by an Islamic Bank under its ICAAP. The AFSA may engage with an Islamic Bank in a dialogue where, following an SREP, the AFSA considers that it is or may be appropriate to impose an Individual Capital Requirement on the Islamic Bank. It is important that an Islamic Bank cooperates in an open and co-operative manner with the AFSA in the course of its conduct of the dialogue.

E. The SREP in detail

15. A SREP of an ICAAP forms an integral part of the overall supervisory approach of the AFSA. A SREP is expected to enable assessment of the effectiveness, completeness and quality of an ICAAP in relation to the overall risk profile of the Islamic Bank. It leverages from information collected and assessments carried out as part of the wider supervisory regime, including deskbased reviews, on-site risk assessments, discussions with the Islamic Bank’s management, and reviews completed by internal and external auditors.

16. The SREP is structured to provide consistency of treatment across Islamic Banks, taking into consideration the differences in risk profiles, business strategies and management. An essential element of the SREP is the qualitative assessment of each type of risk and its management within the overall context of the Islamic Bank’s internal governance.

17. The AFSA’s assessment of the individual risk profile of an Islamic Bank will provide the context for evaluation of the Islamic Bank’s ICAAP. The evaluation in turn will be used by the AFSA to augment its understanding of the overall risk profile of that Islamic Bank. Also, in relation to an Islamic Bank, the AFSA might involve the Islamic Bank in a formal discussion of risks and capital adequacy, which might lead to a requirement for additional capital.

18. The SREP for each Islamic Bank will be proportionate in terms of the size, scale and complexity of its business and its impact on financial sector stability. The AFSA will cooperate actively with other supervisory authorities whenever an Islamic Bank is part of a Financial Group and is prudentially regulated on a consolidated basis.

19. The SREP evaluation cycle will be determined in the discretion of the AFSA and be based on the risk assessment, developments in the risk profile and changes in the Islamic Bank’s strategy or products. The SREP is as far as possible aligned with the risk assessment process to ensure that a recent risk assessment is available for the SREP evaluation process.

20. It is envisaged that the AFSA will use a range of supervisory tools of qualitative or quantitative nature to perform the SREP. The SREP is not intended as, and should not constitute, a parallel or secondary ICAAP. Its purpose is to evaluate the quality, completeness and consistency of the ICAAP of the Islamic Bank

F. Review of the ICAAP Assessment

21. Upon receipt of an ICAAP the AFSA would normally:

(a) subject the data employed in ICAAP and its results, to an initial analysis for completeness and accuracy followed by a more detailed comparison with the relevant data held on file at the AFSA about the Islamic Bank;

(b) determine if there are material changes compared with previous submissions;

(c) determine if the submitted data contains indicators of a possible material change in the Islamic Bank’s risk profile;

(d) address and discuss any information gaps or anomalies with the Islamic Bank; and

(e) form an assessment about content and quality of the submission which will be integrated into the overall supervisory approach.

G. Evaluation of the ICAAP

22. The SREP evaluation of the ICAAP covers all activities of an Islamic Bank and takes all relevant data collected during the supervisory process into account. The SREP evaluation process will use desk based reviews, visits and meetings to arrive at a final view. As part of the SREP, the AFSA will consider:

(a) the completeness of the ICAAP by ensuring that it covers all business areas, internal governance and all risk categories of the Islamic Bank;

(b) the soundness and quality of the ICAAP process in relation to the Islamic Bank’s size, business complexity and risk profile;

(c) soundness of qualitative calibration and quantitative methodology whenever employed by the Islamic Bank;

(d) execution of the ICAAP in terms of consistency, quality and documentation;

(e) adequacy of internal controls and quality assurance processes on the ICAAP; and

(f) adequacy of management information and whether the management had responded adequately and in a timely manner to such information.

23. Based on the SREP, the AFSA will form an assessment which will be communicated to the Islamic Bank and flow into the overall supervisory approach. The action required resulting from the ICAAP will be communicated to the Islamic Bank as part of a risk mitigation programme.

24. In relation to an Islamic Bank, where the AFSA does not agree with the results of the Islamic Bank’s ICAAP results, the AFSA will involve the Islamic Bank in a dialogue to reconcile any difference in view to arrive at a consensus estimate of the capital level required to address all risks identified either by the Islamic Bank or by the AFSA in its SREP. Such an estimate will be specified by the AFSA as the Individual Capital Requirement for the Islamic Bank. Where consensus is not possible the AFSA may impose an Individual Capital Requirement on that Islamic Bank.

H. Individual Capital Requirement (ICR)

25. Upon completing the SREP, the AFSA may impose an Individual Capital Requirement on an Islamic Bank as detailed in Chapter 14 of IBB. The ICR may be imposed where the AFSA concludes that the Islamic Bank should hold more capital to provide for its overall risks.