Operational Risk Governance:Sound Practices for the Management and Supervision of Operational Risk BIS June 2011 The Board of Directors Principle 3: The board of directors should establish, approve and periodically review the Framework. The board of directors should oversee senior management to ensure that the policies, processes and systems are implemented effectively at all decision levels. Principle 4: The board of directors should approve and review a risk appetite and tolerance statement for operational risk that articulates the nature, types, and levels of operational risk that the bank is willing to assume. Senior Management Principle 5: Senior management should develop for approval by the board of directors a clear, effective and robust governance structure with well defined, transparent and consistent lines of responsibility. Senior management is responsible for consistently implementing and maintaining throughout the organisation policies, processes and systems for managing operational risk in all of the bank’s material products, services and activities, consistent with the risk appetite and tolerance. Risk Management Environment Identification and Assessment Principle 6: Senior management should ensure the identification and assessment of the operational risk inherent in all material products, activities, processes and systems to ensure the inherent risks and incentives are well understood. Principle 7: Senior management should ensure that there is an approval process for all new products, activities, processes and systems that fully assesses operational risk. Monitoring and Reporting Principle 8: Senior management should implement a process to regularly monitor operational risk profiles and material exposures to losses. Appropriate reporting mechanisms should be in place at the board, senior management, and business line levels that support proactive management of operational risk. Control and Mitigation Principle 9: Banks should have a strong control environment that utilises: policies, processes and systems; appropriate internal controls; and appropriate risk mitigation and/or transfer strategies. Business Resiliency and Continuity Principle 10: Banks should have business resiliency and continuity plans in place to ensure an ability to operate on an ongoing basis and limit losses in the event of severe business disruption. Role of Disclosure Principle 11: A bank’s public disclosures should allow market participants to assess its approach to operational risk management.

Abstract: Risk management is a critical aspect of any organization's success. In this comprehensive 10-page article, we delve deep into the concepts of risk management, risk appetite, risk tolerance, and risk capacity. We explore their definitions, importance, and the interplay between them. Furthermore, we discuss various strategies and best practices for effective risk mitigation in the ever-changing landscape of modern business. Table of Contents 1. Introduction 1.1. The Importance of Risk Management 1.2. Defining Key Concepts2. Understanding Risk 2.1. Types of Risk 2.2. The Risk-Reward Trade-off3. Risk Management Framework 3.1. Identifying Risks 3.2. Assessing Risks 3.3. Managing Risks4. Risk Appetite 4.1. Definition and Significance 4.2. Aligning Risk Appetite with Business Objectives5. Risk Tolerance 5.1. Determining Risk Tolerance 5.2. Balancing Risk and Reward6. Risk Capacity 6.1. Assessing Risk Capacity 6.2. Setting Boundaries7. Strategies for Effective Risk Management 7.1. Diversification 7.2. Risk Transfer 7.3. Risk Avoidance 7.4. Risk Reduction 7.5. Risk Acceptance8. Case Studies 8.1. Enron Corporation 8.2. JPMorgan Chase & the London Whale 8.3. Tesla's Risk-Taking Approach9. Risk Management in the Digital Age 9.1. Cybersecurity Risks 9.2. Data Privacy Risks10. Conclusion 10.1. The Evolving Landscape of Risk Management 10.2. The Imperative of Continuous Adaptation 1. Introduction 1.1. The Importance of Risk Management Risk is an inherent part of business operations. It can manifest in various forms, from financial and operational risks to strategic and reputational risks. Effective risk management is crucial for organizations to not only survive but thrive in a volatile, uncertain, complex, and ambiguous (VUCA) world. Without proper risk management strategies in place, organizations are vulnerable to unexpected setbacks and potential crises. 1.2. Defining Key Concepts Before diving into risk management strategies, it's essential to understand key concepts related to risk. These include risk appetite, risk tolerance, and risk capacity. While these terms are often used interchangeably, they each have distinct meanings and implications for an organization's risk management framework. 2. Understanding Risk 2.1. Types of Risk To effectively manage risk, one must first understand its various forms. Common types of risk include financial risk, operational risk, strategic risk, compliance risk, and reputational risk. Each of these risks poses unique challenges and requires tailored approaches to mitigation. 2.2. The Risk-Reward Trade-off Risk is not inherently negative. In fact, it is often intertwined with opportunities for growth and innovation. The concept of the risk-reward trade-off acknowledges that higher levels of risk can yield greater rewards, but they also come with increased potential for losses. Striking the right balance between risk and reward is a fundamental consideration for any organization. 3. Risk Management Framework 3.1. Identifying Risks Effective risk management begins with the identification of potential risks. This involves a comprehensive analysis of internal and external factors that could impact the organization's objectives. Risk identification is an ongoing process that requires input from all levels of the organization. 3.2. Assessing Risks Once risks are identified, they must be assessed in terms of their potential impact and likelihood. Quantitative and qualitative methods, such as risk matrices and scenario analysis, are commonly used to evaluate risks. This assessment informs the prioritization of risks for mitigation efforts. 3.3. Managing Risks Risk management involves a range of strategies to address identified risks. These strategies can include risk avoidance, risk reduction, risk transfer, risk acceptance, and diversification. The choice of strategy depends on the organization's risk appetite, tolerance, and capacity. 4. Risk Appetite 4.1. Definition and Significance Risk appetite is the level of risk an organization is willing to accept in pursuit of its objectives. It is a fundamental component of an organization's risk management framework as it sets the tone for how much risk is considered acceptable. Risk appetite should align with an organization's strategic goals and values. 4.2. Aligning Risk Appetite with Business Objectives To effectively manage risk, an organization's risk appetite must align with its business objectives. For example, a tech startup seeking rapid growth may have a higher risk appetite, while a well-established financial institution may prioritize stability and have a lower risk appetite. Balancing risk appetite with risk tolerance is critical to avoid taking unnecessary risks or stifling innovation. 5. Risk Tolerance 5.1. Determining Risk Tolerance Risk tolerance is the degree of risk an organization is willing to endure before taking corrective action. It is often measured in terms of specific metrics, such as financial losses or project delays. Determining risk tolerance involves evaluating the organization's financial capacity to withstand losses and its willingness to take risks. 5.2. Balancing Risk and Reward Balancing risk tolerance with risk appetite is essential for maintaining a healthy risk management framework. An organization must strike a balance between pursuing opportunities that align with its risk appetite and ensuring that it does not exceed its risk tolerance, which could lead to catastrophic consequences. 6. Risk Capacity 6.1. Assessing Risk Capacity Risk capacity is the maximum amount of risk an organization can afford to take without jeopardizing its viability. It takes into account the organization's financial resources, capital reserves, and overall financial health. Assessing risk capacity involves evaluating the organization's ability to absorb losses without severe consequences. 6.2. Setting Boundaries Establishing clear boundaries for risk capacity is crucial for avoiding overexposure to risk. These boundaries serve as safeguards to prevent an organization from taking on more risk than it can handle. Effective risk capacity management ensures the organization's long-term sustainability. 7. Strategies for Effective Risk Management 7.1. Diversification Diversification involves spreading investments or operations across a variety of assets or markets. This strategy reduces the impact of a single risk event on the overall portfolio. Diversifying across different industries, geographic regions, or asset classes can mitigate risks associated with economic fluctuations. 7.2. Risk Transfer Risk transfer involves shifting the financial burden of a risk to another party, typically through insurance or contractual agreements. This strategy can be particularly effective for mitigating specific risks, such as liability or property damage. 7.3. Risk Avoidance Risk avoidance entails eliminating activities or investments that carry unacceptable levels of risk. While this strategy can be effective for high-impact, low-probability risks, it may also limit growth opportunities. 7.4. Risk Reduction Risk reduction involves implementing measures to decrease the likelihood or impact of a risk. This may include enhanced security protocols, process improvements, or disaster preparedness plans. 7.5. Risk Acceptance In some cases, organizations may choose to accept certain risks when the potential benefits outweigh the potential losses. Risk acceptance should be a conscious and informed decision, with contingency plans in place. 8. Case Studies 8.1. Enron Corporation The Enron Corporation scandal serves as a cautionary tale of the consequences of failing to manage financial and operational risks adequately. Enron's aggressive risk-taking and lack of transparency ultimately led to its downfall and the loss of billions of dollars for investors. 8.2. JPMorgan Chase & the London Whale The JPMorgan Chase "London Whale" incident highlights the importance of risk monitoring and control. In this case, a trader's risky bets resulted in massive losses for the bank, illustrating the need for robust risk management systems. 8.3. Tesla's Risk-Taking Approach Tesla's ambitious approach to electric vehicle innovation and market disruption showcases the potential rewards of a high-risk, high-reward strategy. Elon Musk's willingness to take substantial risks has propelled Tesla to a dominant position in the electric vehicle industry. 9. Risk Management in the Digital Age 9.1. Cybersecurity Risks The digital age has introduced new and complex risks, particularly in the realm of cybersecurity. Organizations must invest in robust cybersecurity measures to protect sensitive data and infrastructure from cyber threats. 9.2. Data Privacy Risks With the proliferation of data collection and storage, data privacy risks have become a significant concern. Organizations must navigate a web of regulations and consumer expectations to safeguard personal data. 10. Conclusion 10.1. The Evolving Landscape of Risk Management In conclusion, risk management is a dynamic and essential practice for organizations of all sizes and industries. Understanding the concepts of risk appetite, risk tolerance, and risk capacity is fundamental to building a resilient risk management framework. Moreover, the strategies discussed in this article provide valuable insights into mitigating risks and seizing opportunities. 10.2. The Imperative of Continuous Adaptation As the business environment continues to evolve, so too must an organization's approach to risk management. Flexibility, adaptability, and a commitment to staying informed about emerging risks are crucial for navigating the complex and ever-changing landscape of risk management. Incorporating these principles and strategies into your organization's risk management framework will enhance its ability to thrive in the face of uncertainty, ultimately ensuring a more secure and prosperous future. This article provides a comprehensive overview of risk management, risk appetite, risk tolerance, and risk capacity. It explores their definitions, significance, and practical implications for organizations. Additionally, it delves into various strategies and case studies, offering a well-rounded perspective on the complex world of risk management. References and Sources [1] COSO. (2013). Enterprise risk management: Integrating with strategy and performance. Committee of Sponsoring Organizations of the Treadway Commission. [2] Project Management Institute. (2017). A guide to the project management body of knowledge (PMBOK Guide) (6th ed.). Project Management Institute. [3] International Organization for Standardization. (2018). ISO 31000:2018 Risk management. International Organization for Standardization. [4] National Institute of Standards and Technology. (2021). Cybersecurity framework: Version 1.1. National Institute of Standards and Technology. [5] General Data Protection Regulation (EU) 2016/679. Official Journal of the European Union. Specific References [1.1] "Without proper risk management strategies in place, organizations are vulnerable to unexpected setbacks and potential crises." (COSO, 2013) [2.2] "The concept of the risk-reward trade-off acknowledges that higher levels of risk can yield greater rewards, but they also come with increased potential for losses." (Project Management Institute, 2017) [3.1] "Risk identification is an ongoing process that requires input from all levels of the organization." (International Organization for Standardization, 2018) [4.1] "Risk appetite is the level of risk an organization is willing to accept in pursuit of its objectives." (COSO, 2013) [4.2] "An organization's risk appetite must align with its business objectives." (International Organization for Standardization, 2018) [5.1] "Determining risk tolerance involves evaluating the organization's financial capacity to withstand losses and its willingness to take risks." (Project Management Institute, 2017) [5.2] "Balancing risk tolerance with risk appetite is essential for maintaining a healthy risk management framework." (COSO, 2013) [6.1] "Assessing risk capacity involves evaluating the organization's ability to absorb losses without severe consequences." (National Institute of Standards and Technology, 2021) [6.2] "Establishing clear boundaries for risk capacity is crucial for avoiding overexposure to risk." (International Organization for Standardization, 2018) [7.1] "Diversification reduces the impact of a single risk event on the overall portfolio." (Project Management Institute, 2017) [7.2] "Risk transfer can be particularly effective for mitigating specific risks, such as liability or property damage." (COSO, 2013) [7.3] "While risk avoidance can be effective for high-impact, low-probability risks, it may also limit growth opportunities." (National Institute of Standards and Technology, 2021) [7.4] "Risk reduction may include enhanced security protocols, process improvements, or disaster preparedness plans." (International Organization for Standardization, 2018) [7.5] "Risk acceptance should be a conscious and informed decision, with contingency plans in place." (Project Management Institute, 2017) [8.1] "Enron's aggressive risk-taking and lack of transparency ultimately led to its downfall and the loss of billions of dollars for investors." (COSO, 2013) [8.2] "The JPMorgan Chase 'London Whale' incident highlights the importance of risk monitoring and control." (National Institute of Standards and Technology, 2021) [8.3] "Elon Musk's willingness to take substantial risks has propelled Tesla to a dominant position in the electric vehicle industry." (Project Management Institute, 2017) [9.1] "Organizations must invest in robust cybersecurity measures to protect sensitive data and infrastructure from cyber threats." (General Data Protection Regulation, 2016) [9.2] "Organizations must navigate a web of regulations and consumer expectations to safeguard personal data." (National Institute of Standards and Technology, 2021) [10.1] "The digital age has introduced new and complex risks, particularly in the realm of cybersecurity." (Project Management Institute, 2017) [10.2] "Understanding the concepts of risk appetite, risk tolerance, and risk capacity is fundamental to building a resilient risk management framework." (COSO, 2013) Photo credits to http://www.criscexamstudy.com/

Contents 6 Chapter 2: Evolvement of Risk Management: Basel I, II and III. 10 6.1 Introduction: 10 6.2 Section I: Basel I and its shortcomings: 11 6.3 Section 2: Basel II 12 6.4 Section 3: Basel III 13 6.4.1 Summary OF changes. 13 7 Chapter 3: Risk in Islamic Finance Institutions. 14 7.1 Introduction: 14 7.2 Section 1: Islamic Finance Institutions are unique. 16 7.3 Section 2: Types of Risks in the IFIs: 17 8 Chapter 4: Islamic Finance Products, Risks and the key challenges. 19 8.1 Introduction: 19 8.2 Section 1: Risks in Islamic Finance Products: 19 8.2.1 Risks in Musharakah Contracts: 21 8.2.2 Risks in Mudarabah contract: 22 8.2.3 Risks in Murabahah Contract: 24 8.2.4 Risks in Salam Contract: 24 8.2.5 Risks in Istisnaa Contract 25 8.2.6 Risks in Iajrah Contract: 26 8.3 Section 2: Challenges of Risk Management in Islamic Finance Products. 27 9 Chapter 5: Operational Risk in Islamic Finance Institutions. 28 9.1 Introduction: 28 9.2 Section 1: Operational Risk in Musharakah contract: 28 9.3 Section 2: Operational Risk in Mudarabah contract. 29 9.4 Section 3: Operational Risk in Murabahah contract. 29 9.5 Operational Risk in Salam contract. 30 9.6 Operational Risk in Istisnaa contract: 30 9.7 Operational Risk in Ijarah contract: 30 10 Conclusion.. 30 10.1 Findings. 30 10.2 Recommendations. 31 11 References 33 6 Chapter 2: Evolvement of Risk Management: Basel I, II and III 6.1 Introduction: The Basel Committee on Banking Supervision was created in 1974, formed by representatives of Central banks or other supervisory authorities of Belgium, Canada, France, Germany, Italy, Japan, Luxembourg, the Netherlands, Spain, Sweden, Switzerland, the United Kingdom, and the United States. The committee, which meets, and has its secretariat, at the Bank for International Settlements in Basel, Switzerland, has no formal authority. Rather, it works to develop broad supervisory standards and promote best practices, in the expectation that each country will implement the standards in ways most appropriate to its circumstances.[1] The Basel Committee on Banking Supervision issued its first set of guidelines (Basel I) in 1988. Its main objective was to establish minimum capital requirements for Credit Risk (the risk of loss due to the failure of a counterparty to meet its obligations). In 1996 it was amended to include minimum capital requirements for Market Risk in trading books (the risk of loss due to a change in market prices, such as equity prices or interest or exchange rates). As the art of Risk Management has evolved, there was need to review the Basel I Accord and to be replaced with the Basel II (June 2006)[2]. This accord was more complex and aimed to achieve multiple objectives:[3] To improve risk measurement and management To link, to the extent possible, the amount of required capital to the amount of risk taken To further focus the supervisor-bank dialogue on the measurement and Management of risk and the connection between risk and capital To increase the transparency of bank risk-taking to the customers and counterparties that ultimately fund—and hence share—these risk positions. After the 2007-2008 Subprime Crisis, The Basel Committee on Banking Supervision had to adapt the capital requirements guidelines to cater for the new emerged risks. Three sets of publications have been issued: Basel III: Capital (June 2011), Liquidity coverage ratio (LCR) (January 2013), and Net stable funding ratio (NSFR) (October 2014)[4]. The aim of the Basel III new measures is: improve the banking sector's ability to absorb shocks arising from financial and economic stress, whatever the source improve risk management and governance strengthen banks' transparency and disclosures. 6.2 Section I: Basel I and its shortcomings: Basel I had substantially improved the banks’ resilience to Risk, and have provided a framework for capital requirements, however, its simplicity couldn’t cater for complex products and instruments in the large banks. In fact, banks sought to use methods to reduce exposures on products that had the most weights on their capital requirements. Developments in securitization of bank assets and advances of banks’ own risk management, and development of a range of increasingly complex derivative products, led to Credit Crunch. Banks used to invest in Bonds (0% weight) to avoid more requirements on their Capital (as loans weighed 100%). In addition, Basel I have opened a window for regulatory arbitrage[5]. Besides the fact that Basel I was non-binding for banks, it also neglected other aspects of the Risks (Market Risk, Operational Risk and Interest Rate Risk). These shortfalls led to the development of the Basel II Accord. 6.3 Section 2: Basel II Basel II introduction aimed to close the gaps of Basel I. Three Pillars are introduced namely: I - Capital Adequacy Ratio: Minimum Capital Requirements to buffer for shocks emanating from Credit Risk, Market Risk and Operational Risk II – Supervisory Review: “Principle 2 Supervisors should review and evaluate banks’ internal capital adequacy assessments and strategies, as well as their ability to monitor and ensure their compliance with regulatory capital ratios. Supervisors should take appropriate supervisory action if they are not satisfied with the result of this process.[6]” III- Market Discipline (Disclosure): market discipline – ensures that the market provides yet another set of eyes. The third pillar is intended to strengthen incentives for prudent risk management. Greater transparency in banks’ financial reporting should allow marketplace participants to better reward well-managed banks and penalize poorly-managed ones 3 Pillars of Basel II [7] 6.4 Section 3: Basel III Basel III was introduced in December 2010, its main aims were to reform: bank-level, or micro prudential, regulation, which will help raise the resilience of individual banking institutions to periods of stress. macroprudential, system wide risks that can build up across the banking sector as well as the procyclical amplification of these risks over time.[8] 6.4.1 Summary OF changes[9] “Regarding Pillar I (calculation of Capital Requirements), it should not be surprising that changes were specified. The requirement of Tier 1 capital making up 4% of the total 8% was now increased to 6% (of the total 8% which remains the same) and more significantly, the common equity component of Tier 1 was moved from 2% to 4.5% (of the now 6% total). This is supplemented by new rules calculating many of the capital charges to address the mispricing of risk before the crisis. A Leverage Ratio has been added to the arsenal of the Basel III Accords under Pillar I but the relevant capital to be applied has yet to be agreed on. Capital Conservation Buffer of 2.5% to consist of common equity will be required in addition to the minimum in 1. What this translates as in aggregate is a minimum core equity requirement of 7% (4.5+2.5) and the Total Tier 1 to increase to 8.5% (6+2.5) . A Countercyclical Buffer (between 0-2.5%) to come into play when there is excessive credit growth in the economy to be implemented according to national circumstances (No time frame specified). To address Liquidity Risk, the 30 day Liquidity Coverage Ratio for internationally active banks has been introduced attempting to ensure adequate levels of “unencumbered, high-quality liquid assets that can be converted into cash to meet its liquidity needs for a 30 day calendar time horizon under a significantly severe liquidity stress scenario specified by supervisors” (BCBS, p 3, Dec 2010)71. It is calculated as follows: Complimenting 5 above is the Net Stable Funding Ratio. The Committees stated objective here is “to promote more medium and long-term funding of the assets and activities of banking organisations” and it “establishes a minimum acceptable amount of stable funding based on the liquidity characteristics of an institutions assets and activities over a one year horizon” (p25, ibid). It is calculated as follows: Further standards are being developed regarding systemically important banks which “could include capital surcharge, contingent capital and bail in debt”.” [10] 7 Chapter 3: Risk in Islamic Finance Institutions 7.1 Introduction: Islamic Banks have come a long way since they were first established in the 1960s, they are now competing in the global Market and have shown their resiliency in the face of the global crises. Assets of Full-Fledged Islamic Retail Banks in OIC Countries (2005 USD prices, in Billions)[11] And the Islamic finance Industry is fast moving covering almost every continent. With this evolvement, Islamic Banks are required to enhance and develop products and becoming more complex. Also, Islamic Banks are unique in their nature and face different challenges from conventional Banks. Islamic Banks to be at all times Sharia compliant, have to abide by maxims: “(Entitlement to) profit is accompanied by responsibility (for associated expenses and possible loss)” الغنم بالغرم “Profit is entitled for the (risk of) ownership, the (risk of) effort and (risk of) liability/responsibility”. يستحق الربح اما بالمال واما بالعمل واما الضمان Which means, that Risk is within the DNA of Islamic Finance, and an IFI will not be entitled for profit unless it bears a proportionate Risk of loss[12]. 7.2 Section 1: Islamic Finance Institutions are unique As stated in the introduction IFIs are unique, hence, Risk inherits this uniqueness. In the sense, IFIs have to apply the Objectives of Sharia’a (مقاصد الشريعة)[13], IFIs are subject to three types of Risk[14]: Essential Risk, Forbidden Risk and Tolerable risk to be avoided. Essential Risk: it is intrinsic to the IFIs’ operating model, it has to be taken to legitimate the FI profits to abide by the maxim الغنم بالغرم. in Murabahah Contract, the seller must bear the risks of the commodity by the means of ownership (Risks are only transferred when the original buyer (the seller) have owned the commodity before selling to his customer. This principle is applicable to all Islamic Finance Products. Forbidden Risk: this kind of risk is banned by the Sharia’a, it applies to excessive uncertainty (الغرر الفاحش). It is always due to transactions on unknown terms or object of a contract (Gambling, Fraud). It can be divided into these categories: Risk or uncertainty associated with time of payment) غرر في الاجل (for instance, unconfirmed date of payment in the case of a deferred sale (Al-Kasani, 2003). Risk or Uncertainty associated with existence of commodity) غرر في الوجود ( for instance, trading of an item that does not exist (Al-Kasani, 2003). Risk or Uncertainty associated with quality of commodity) غرر في الصفة (for instance, ambiguity happens in the specifications and features of the goods (Al-Sarakhsi, 1993). Risk or Uncertainty associated with quantity of commodity) غرر في المقدار (for instance, selling something without specifying the price or quantity of the goods (Ibn Abidin, 1992). Uncertainty associated with possession of commodity) غرر في الحصول (for instance, trading of birds in the sky or fish in the sea (Ibn Muflih, 1997). Tolerable risk to be avoided: they are all other types of Risk as long as they are not under any of the aforementioned. They are tolerable from the perspective of the Objectives of Sharia’a. these are, and not limited to, Credit Risk, Market Risk, Liquidity Risk and Operational Risk. IFIs operate based on two Profit Sharing models, Two-tier Mudarabah Profit Sharing on both assets and liability sides (all assets are financed by modes of financing Mudaradah; and one-tier Mudarabah with different investment products (Murabahah, Ijarah, Istisna’a etc..)[15]. Profit Sharing models modifies the nature of Risk compared to Conventional Banks. In fact, besides the Types of Risks that Conventional Banks are exposed to, there are specific types of Risk that the IFIs face. I will discuss all those Risks in the following Section 7.3 Section 2: Types of Risks in the IFIs: Islamic Banks, because they have to abide by the PLS (Profit-Loss Sharing) principle, the returns on saving and investment accounts are non-fixed. Depositors share the Risks form the operations of the IFI. On the other side, the financing models of assets by the IFI brings another sort of Risk from the known to the conventional Banks. E.Kozarević, M.Baraković Nurikić & N.Nuhanović[16] state that IFI face 5 types of Risk, namely: financial risk, business risk, safety-deposit risk, management risk, and other types of Islamic banks’ risk. Some of these Risks are shared with those of the traditional Banks, and others are unique to the IFIs. The following chart[17] illustrates the ratio of shared and unique Risks in IFIs Tariqullah Khan Habib Ahmed provides more details on these unique Risks and their nature in IFIs. He lists them as follows[18]: Credit Risk: in IFIs takes two forms: Payment/settlement Risk (in Salam or Istisnaa contracts), when one of the parties’ defaults on payment of cash or delivery of the assets, exposing one of the parties to potential losses Non-payment of the share of the bank by the partner as per the terms of the Musharakah or Mudarabah contracts Counterparty Risk: when in contracts like Murabahah are subject to the non-performance of a trading partner. Benchmark Risk: IFIs have to abide by providing finance with a fixed Profit Rate for the full period of the contract (Benchmark + Markup), however, only one component (the Markup) is fixed and the benchmark is subject to the market fluctuations and expose the IFI to Risk. Liquidity Risk: IFIs face this kind of Risk when they cannot have cash at a low cost or they are not able to sell some assets. This risk is in fact very problematic for IFIs, as they are little or not at all Sharia compliant Liquidity Management instruments to cater for such risk. Operational Risk: risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk[19]. It is IFIs apex sources of risk. In fact, as IFIs suffer most of the time from the lack of qualified professionals capable of handling the Islamic Finance types of contracts. Also, rare are technology providers than can understand systems capable of handling, sometimes, complex Islamic processes and products. Legal Risk: IFIs are very prone to this Risk, primarily due to the lack of Jurisprudence that standardizes the rules governing the Islamic Financing Contracts. In most of the countries where IFIs operates the state laws and regulations are inspired from the French or British Laws. Hence it opens the door to interpretation problems and potential losses from unenforced contracts. Withdrawal Risk: IFIs opposite to traditional banks do not offer fixed return on saving and investment accounts. Depositors may take decisions to reach for better stable revenues especially that the rates of return offered by the IFIs are variable, this introduces withdrawal risk. Fiduciary Risk: this risk is especially due to the incapability of an IFI to comply with Sharia rules in all its contract, customers may lose confidence and trust and withdraw their deposits. Displaced Commercial Risk: IFIs, tend in times of low revenues from the pools of depositors (under Mudarabah contracts where depositors act as Rab Al Mal, and the Bank as Mudarib) to transfer the Risks to the equity shareholders to minimize the Risk of Withdrawal. 8 Chapter 4: Islamic Finance Products, Risks and the key challenges 8.1 Introduction: Risk Management in IFIs is primordial to their success and their ability to generate value for their shareholders. I have discussed above the uniqueness of Risks within the IFIs and how Risk is part of the DNA of IFIs products and instruments (Essential Risks: Profit – Loss Sharing, Forbidden Risk: Uncertainty and Gambling, and Manageable Risks: Credit, Market and Operational Risk). I have also given some insights on how each IF contract can encompass different aspects of Risk (see Tariqullah Khan Habib Ahmed, 2001). In IFIs, Risks tend to be more aligned with the type of the contract due the its unique structure and the nature of the deal between the parties during the life of this contract. In the coming sections I will attempt to discuss Risk Management in relation to IF products (Musharakah, Mudarabah, Murabaha, Salam, Istisna, and Ijarah)[20] and highlight some of the challenges posed to IFIs to manage those Risks. 8.2 Section 1: Risks in Islamic Finance Products: A quick comparison of different risks in Islamic finance with conventional finance reveals that credit risk, commodity risk, liquidity risk, market risk, legal risk, and regulatory risks are higher in Islamic financing compared to conventional banking. Risk profiling – conventional vs Islamic banks[21] These Risk profiles are higher in IFIs as highlighted due to the nature of the contracts and Sharia Compliance prerequisites that they are subject to. According to Standing Committee for Economic and Commercial Cooperation of the Organization of Islamic Cooperation (COMCEC)[22], Credit and Operational Risk are the most prevalent to IFIs, the following table provides a picture of the perception of Risk by IFIs. Perception of Risks in Modes of Financing Notes: 1 = Critically Unimportant, 2 = Unimportant, 3 = Neutral, 4 = Important, 5 = Critically Important. Values are in Percentage (%). 8.2.1 Risks in Musharakah Contracts: The Musharakah in a contract of partnership between the bank and its partner In Musharakah Contract the main Risks are: Credit Risk, Operational, Market and Liquidity. These Risks differ from Permanent Musharakah and Diminishing Musharakah, in permanent Musharakah contract the IFI is exposed to mainly Operational Risk Losses from failure of the partner to manage the business. The figure bellow highlights the Risks in Permanent Musharakah contract lifecycle[23]: Credit, operational, market, and liquidity risks during the lifetime of Permanent Mushãrakah contracts The Business under the Musharakah may default to generate cash resulting in Credit Risk exposure as shown in cycles 1 and 2 in above figure. As result the IFI may suffer liquidity issues and hence inability to finance other investment opportunities. Any major Losses may lead to hinder continuation of the business and will impact the market share price at last equity payment date. In such scenario, the IFI is exposed to Market Risk. The same highlighted herein is applicable to Diminishing Musharaakah with slight differences. Credit, operational, market, and liquidity risks during the lifetime of Diminishing Musharakah contracts Tariqullah Khan Habib Ahmed[24] states that even though scholars and regulators have preference with regards to Musharakah products, IFIs use them rarely due to the high credit exposure. In fact the Islamic Financial Services Board (IFSB) emphasizes the importance of credit risk in this contract “22. The following premises relate to the sound processes of credit risk management in IIFS: The role of IIFS can embrace those of financiers, suppliers, Muḍārib and Mushārakah partners. IIFS concern themselves with the risk of a counterparty’s failure to meet their obligations in terms of receiving deferred payment and making or taking delivery of an asset.”[25] 8.2.2 Risks in Mudarabah contract: Mudarabah Contract is partnership between the IFI and an Entrepreneur, where the IFI provides Capital and the Entrepreneur provides expertise. Any Losses that emerge during the lifetime of the contract are fully covered by the IFI. The IFI relies on the Entrepreneurs ability to manage the business and generate profits. On the other hand, the Entrepreneur gives assurance that he will deploy the apex of his knowledge to use the invested capital optimally. In the event of external adverse circumstances or internal business disruption, the IFI is exposed to Operational Risk which may lead to full coverage of the losses. This causes a drain of cash that consequently leads to liquidity constraints (Liquidity Risk). In the case where the Entrepreneur is enable to deliver or commit to the payment of the IFIs share of profit as per the terms of the contract, the IFI is exposed to Credit Risk. Risks in Mudarabah contract agreements during the investment period[26] 8.2.3 Risks in Murabahah Contract: The IFIs must assume ownership of the goods before it sells it to the issuer of the purchase order. Between the time of the promise to purchase and the time of signing the Murabahah contract, the IFI is exposed to Operational Risk and Market Risk. Any damage or defects are the responsibility of the IFI, in addition to the Market commodity price fluctuations. Different types of Risks interact during the lifetime of a Murabahah contract, and IFIs should consider all Risks as interrelated in order to reduce their magnitude. As the buyer will pay the price of the goods on a deferred equal payment, the IFI is exposed to Credit Risk in the event of default. Also as the Profit Rate is composed of a fixed part (the Markup) and a variable part (the Benchmark), the IFI is exposed to Markup Risk in the scenario when the Benchmark rate increases and hence reducing the share of the Profit Rate. Credit, operational, and market risks during the lifetime of a Murãbaha contract[27] 8.2.4 Risks in Salam Contract: Forward sale is prohibited by the Sharia, However Salam have been clearly allowed by the Prophet Mohammed PBOH with conditions: "عَنِ ابْنِ عَبَّاسٍ رضى الله عنهما قَالَ قَدِمَ رَسُولُ اللَّهِ الْمَدِينَةَ ، وَالنَّاسُ يُسْلِفُونَ فِى الثَّمَرِ الْعَامَ وَالْعَامَيْنِ - أَوْ قَالَ عَامَيْنِ أَوْ ثَلاَثَةً . فَقَالَ " مَنْ سَلَّفَ فِى تَمْرٍ فَلْيُسْلِفْ فِى كَيْلٍ مَعْلُومٍ ، وَوَزْنٍ مَعْلُومٍ ، إِلَى أَجَلٍ مَعْلُومٍ" Salam is when a buyer advances the payment for goods to be delivered sometimes in the future. The Salam contract benefits the three parties, the seller and the buyer lock the price and hence protect against prices fluctuation, the IFI reduces the costs of storage The Salam contract have two Counterparty Risks[28]: The inability of the supplier to deliver on time or never (Credit Risk), or the goods are delivered in a different quality than the agreed in the terms of contract. Sometimes even if the supplier has a good credit record, external events (Operational Risk) may hurdle the delivery of the agreed goods. When such defaults occur the IFSB[29] considers them as part of Credit Risk (Counterparty Risk)[30] As Salam contract ends with a physical delivery of goods, the IFI faces storage costs and commodity price fluctuations (Market Risk). Market Risk issues and Markup Risk. The IFI, due to commodity price volatility may be unable to re-sell the goods at a profitable rate. The IFI may also be exposed to Credit Risk in case the buyer (with whom a Parallel Slam contact have been signed) defaults. Operational, credit, market, and liquidity risks during the lifetime of Salam contracts[31] 8.2.5 Risks in Istisnaa Contract The IFI, as in Salam contract, is exposed to Counterparty Risks, the Manufacturer ( Saneaa) may fail to deliver as per the terms of the contract (quality and time of delivery). Credit Risk (as per the IFSB definition) is less as the Risk of External Events[32] (natural disasters) compared to Salam. However, as Ioannis Akkizidis and Sunil Kumar Khandelwal[33] state, the supplier may default due to External Events that hurdles him from producing and delivering the goods subject to the Istisnaa contract. In the Parallel Istisnaa contract, the buyer may default in paying in full and/or on time which exposes the IFI to Credit Risk (Counterparty Risk). The manufacturer (Sanea) may delay the delivery of the goods as agreed in the terms exposed the IFI to Operational, Reputational and hence liquidity Risk[34]. The IFI is also exposed to Market Risk, in the sense that the price of the commodity is fixed at the time of the contract and the commodity prices are changing and may take an adverse shift against the IFI at the time of execution of the Parallel Istisnaa contract. Operational, credit, market, and liquidity risks during the lifetime of Istisnã contracts[35] Under some Fiqh jurisdictions the Istinaa contract is not binding for the supplier[36], and this also exposes the IFI to Counterparty Risk[37]. 8.2.6 Risks in Iajrah Contract: Ijarah is a leasing finance mode that gives the usufruct right to the lessee. The IFI is exposed to Credit, Market, Operational and Liquidity Risks. Any default of payment by the lessee leaves the IFI exposed to Credit Risk. The default may due to the lessee’s business risk or market prices volatility or just that the lessee is not willing to pay as per the terms of the Ijarah contract. If the lessee choses to exist the contract before the term of the contract, the IFI, in addition to Credit Risk, is exposed to Liquidity Risk and expected future revenues are considered as losses and directly impact the Cash Flows of the IFI. In case of catastrophic events, as the IFI is the owner of the property, it is exposed to Operational Risk. The IFI is exposed to Market Risk when the estimation of the rent value doesn’t meet the actual market prices. The figure below summarizes the Risks of the an Ijarah contract lifetime[38] 8.3 Section 2: Challenges of Risk Management in Islamic Finance Products. In the light of what have been discussed in section 1 of this chapter, it is clear that each of the Islamic Finance contract encompasses more than one type of Risk. This kind of complexity makes the Management of Risk very difficult and cumbersome. IFI have to invest hugely in people and systems to facilitate the process of the said. Conventional Risk Management techniques and tools are based on interest, gambling and speculation which are forbidden by the Sharia[39]. Also, the lack of financial engineering and innovations when it comes to developing Sharia Compliant Hedging Financial Instruments leaves the IFIs with limited tools of Risk Management. IFIs face more Operational Risk due to the multitude of contract and their Sharia compliance prerequisites, changing and lack of required skills, technology issues and lack of specialized technology developers. The World Bank[40] identified some challenges in Risk Management in IFIs “future growth and development will depend largely on the nature of innovations introduced in the market. The immediate need is to develop instruments that enhance liquidity; to develop secondary, money, and interbank markets; and to perform asset-liability and risk management.” 9 Chapter 5: Operational Risk in Islamic Finance Institutions 9.1 Introduction: The Islamic Financial Services Board define Operational Risk as “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. IIFS shall also incorporate possible causes of loss resulting from Sharī`ah non-compliance and the failure in their fiduciary responsibilities.”[41] IFIs, besides their exposure to Operational Risk sources, have also to incorporate probable losses from Sharia non-compliance issues. In fact, in the same IFSB guidelines it is stated that the IFI: “shall ensure that their contract documentation complies with Sharī`ah rules and principles – with regard to formation, termination and elements possibly affecting contract performance such as fraud, misrepresentation, duress or any other rights and obligations.”[42] That being said, let’s examine the Operational Risk aspects in each type of the Islamic finance contracts. 9.2 Section 1: Operational Risk in Musharakah contract: Operational Risk perception by IFIs seems to be higher in Musharakah contracts, mainly due the complexity of the contract and its implementation[43]. This complexity may emerge in Sharia non-compliance Risk and hence the nullity of the Musharakah contract. The IFI have management rights over the partnership and inherits all the aspects of Risks. The Operational Risk takes its source from the business risk. Any External Event Risk, failure of processes, systems and people that affect the investment entity directly impact the IFIs stake. The losses may range from partial loss of profits to full loss of all the invested share of capital of the IFI. Another aspect of Operational Risk in Musharakah, is that the IFI is an active partner (unlike Mudarabah), where the IFI’s management have to take business decisions on how the entity should operate, this means that the IFI should have the adequate set of skills in the different industries where it chooses to invest. Lack of these skills exposes the IFI to huge Operational Risk losses. Legal Interpretation of the Musharakah contract may lead to Operational losses[44]. When some terms of the contract may be interpreted not according to Sharia rules and questioning the legality of the contract. Even if the IFI have invested in a technology to manage its products and processes, the partner may have little or no sophisticated systems to operate, hence, the accounting processes may differ substantially from those used by the IFI, especially on the recognition of revenues and profits which leads to Operational losses. 9.3 Section 2: Operational Risk in Mudarabah contract Alike the Musharakah, Mudarabah have higher Operational exposure compared to other types of Risks. Operational Risk is even higher in Mudarabah contract than the Musharakah. Any losses from External Events or Business failure are fully covered by the IFI (Rab Al Mal). The Agent (Partner) has full responsibility of management which poses another major Risk, the IFI will not have the ability to manage the Operational Risks emanating from the business operations. The IFI have to ensure that the set of skills it has is capable of assessing the agent’s knowledge and experience before entering the Mudarabah. Lack of those skills exposes the IFI to Operational Losses that can range to full loss of the invested capital. 9.4 Section 3: Operational Risk in Murabahah contract In Murabahah contract, the IFI is exposed to Operational Risk during the period from the Purchase Order up to contract acceptance by the customer. The other aspects of Operational Risk (Sharia non-compliance and Legal Risk) arise after the contract signature. Before the contract signature: the IFI is exposed to External Events, in the sense that Risks of damage of goods bought due to external events are the responsibility of the IFI. Process Risks can emerge from the failure of the execution of the Murabahah deal, especially when the sequence of events is not respected (e.g. signing the Murabahah contract before the goods are transferred to the ownership of the IFI) People Risk arises when the staff responsible of the execution of the Murabahah lack knowledge of the product and its Sharia perquisites or are under pressure for sales targets (aggressive sales). The IFI is exposed to operational losses by nullity of the executed contracts. System Risks arise when the infrastructure is not suitable for the Islamic Finance products and hence does not cater for Sharia prerequisites. IFI face challenges in finding specialized technology providers who have the required set of skills to develop Sharia compliant Systems After the contract signature: The IFI face major issues in the interpretation of the Islamic Products contracts, it is very common in Murabahah that the contract is voided due to the strict legal interpretation instead of catering for the Sharia principles. Sharia non-compliance Risk arises when the contract is found breaching the Sharia rules. The IFI is forced to reimburse all cashed profits and incurs operational losses. 9.5 Operational Risk in Salam contract In the Salam Contract, the IFI is exposed to Operational Risk from External Events for the whole period, from the time of advancement of the capital until the delivery of the goods. The whole investment is at stake. Sharia non-compliance issues may arise due to the strict terms that have to be applied, any discrepancies can cause Operational losses. Adding to that the legal interpretation issues that may emerge after litigations. The IFI should also ensure that it has the set of skills to assess the project subject to Salam contract. The lack of skills may impact the IFI as a credit default. 9.6 Operational Risk in Istisnaa contract: Istisnaa contract is different from the Salam as the payments are scheduled with the delivery of the goods or the phases of the project. Between each payment, the IFI is exposed to Operational losses due to External Events impacting the business under Istisnaa contract. Also, failure of processes, lack of expertise or system issues will have an impact on the business continuity, thus, exposing the IFI to losses at least equal to the amount of made payments. The IFI have also to ensure that the human resources responsible of oversight of the project have adequate skills, lack of these resource will impact the project performance and result in operational losses. 9.7 Operational Risk in Ijarah contract: In Ijarah contract the ownership of the asset remains with the IFI, which means it assumes all Operational Risk Events during the tenor of the contract. Catastrophic events may impact the leased asset and the IFI will incur partial or total loss of the invested capital plus all future lease payments by the lessee. It is also exposed to Operational losses due to misconduct of the lessee. 10 Conclusion 10.1 Findings Risk in IFIs is a very different beast that the one faced by conventional banks. Conventional banks transfer their risk profiles to their counterparties by means of interest, interest bearing hedging instruments or insurance. However, the IFIs are active partners with their counterparties and have to abide by the Sharia maxims: “(Entitlement to) profit is accompanied by responsibility (for associated expenses and possible loss)” الغنم بالغرم, and “Profit is entitled for the (risk of) ownership, the (risk of) effort and (risk of) liability/responsibility”. يستحق الربح اما بالمال واما بالعمل واما الضمان. The Islamic Finance contracts and their execution is complex and entails interdependencies of multiple risk types. One contract may expose the IFI, during its lifecycle, to Operational Risk, Credit Risk and Market Risk (e.g. Murabahah contract). IFIs have also to live with Systemic Risks when it operates in an environment with legal interpretations different from the Sharia principles or when it is unable to find technology providers that support in implementing systems catering for Sharia compliant products. In this researches, I came to the conclusion that the major Risk that IFIs are exposed to is Operational Risk: People Risk: Lack of qualification and/or conviction in Sahariaa compliant finance exposes the IFI to Operational losses and Reputational damage Process Risk: the complexity of the lifecycle of the Islamic Finance contract and its execution requires investment in robust controls and clear Policies and Procedures. Any failure exposes the IFI to Operational losses including Legal Risk, Sahariaa non-compliance Risk and Reputational damage. System Risk: due the nature of the Islamic contracts, the IFI have to extensively invest in technology infrastructure to reduce the manual intervention and people interpretations. However, it is noticed that the offer from the technology providers is low and exposes the IFIs to losses from failures of systems to meet the business requirements. External Events: this kind of Risk can only be mitigated by means of insurance. IFIs in general have difficulties to find Sharia compliant insurance companies, and even if they do, the costs are higher. 10.2 Recommendations In the light of the above, and in my opinion, Operational Risks seems to be the major concern for the IFIs. Thus, efforts need to invested in: Culture and business knowledge: IFIs are under the obligation, to minimize their Operational Risk exposure, to invest extensively in the most valuable asset, i.e. Human Resources. Efforts have already started and need to be intensified (the CIBAFI program of certification in Islamic Finance and the Professional Executive Master degrees). In Kuwait, the Central Bank of Kuwait have issued instructions (20/12/2016) regarding the Sharia Audit Governance. It had clearly stated that the Sharia Audit staff have to be qualified in Islamic Finance besides their Sharia qualification. Legal environment: the IFIs have the obligation to spread awareness through the State institutions about the Islamic Finance and its governing Sharia rules, encourage jurisprudence that issue guidelines on Islamic Finance contracts. Technology infrastructure: efforts to be made in investing in growing technology providers to develop offering of systems compatible with Islamic Finance business. Process and Policy issues: The supervisory entities are required to enhance the control framework around IFIs and cater for their uniqueness. Bahrain and emirates Central Banks started implementing the unified Sharia Governing entity that will enhance and unify the guidelines and controls around Sharia compliant products. [1] Federal Reserve Bulletin, September 2003, Capital Standards for Banks: The Evolving Basel Accord, p. 1 [2] BCBS, Basel II: The New Basel Capital Accord - third consultative paper April 2003 and Revised international capital framework, June 2006 [3] Federal Reserve Bulletin, September 2003, Capital Standards for Banks: The Evolving Basel Accord, p. 3 [4] Basel III: international regulatory framework for banks [5] Sean Kenny, To What Extent were the Limitations of the Previous Basel Accords (I & II) overlooked by Basel III?, Master programme in Economic History, Lund University, School of Economics and Management, June 2011, p. 16 [6] BCBS- Pillar 2 (Supervisory Review Process), the New Basel Capital Accord, Principal 2 [7] Basel II, Tamer Bakiciol Nicolas Cojocaru-Durand DongxuLu, December 2008, p. 11 [8] BIS, BCSB, Basel III: international regulatory framework for banks [9] Sean Kenny, To What Extent were the Limitations of the Previous Basel Accords (I & II) overlooked by Basel III?, Master programme in Economic History, Lund University, School of Economics and Management, June 2011, p.40 [10] Basel Committee on Banking Supervision, Basel III: International Framework for Liquidity Risk Measurement, Standards and Monitoring, Dec 10, Bank for International Settlements. Formulae taken from same document This document contains 47 pages while the other paper contains 33. http://wwww.basel-ii-risk.com/basel-iii-guide-to-the-changes/ [11] Ahmad Alharbi, Development of the Islamic Banking System, Journal of Islamic Banking and Finance June 2015, Vol. 3, No. 1, p. 17 [12] Syed Ehsan Ullah Agha, RISK MANAGEMENT IN ISLAMIC FINANCE: AN ANALYSIS FROM OBJECTIVES OF SHARI’AH PERSPECTIVE, International Journal of Business, Economics and Law, Vol. 7, Issue 3 (Aug.) 2015 [13] Syed Ehsan Ullah Agha, RISK MANAGEMENT IN ISLAMIC FINANCE: AN ANALYSIS FROM OBJECTIVES OF SHARI’AH PERSPECTIVE, International Journal of Business, Economics and Law, Vol. 7, Issue 3 (Aug.) 2015 [14] Ibid p.51 [15] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 52, Islamic Development Bank, Islamic Research and Training Institute [16] Specifics of Risk Management in Islamic Finance and Banking, with Emphasis on Bosnia and Herzegovina, E.Kozarević, M.Baraković Nurikić & N.Nuhanović, Bahar/Spring 2014, Volume 4, Issue 1, Çankırı Karatekin University, Journal of The Faculty of Economics, and Administrative Sciences, p. 155 [17] Ibid, p.155 [18] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 54, Islamic Development Bank, Islamic Research and Training Institute [19] BCBS Principles for the Sound Management of Operational Risk, 2011, p. 3 [20] Ioannis Akkizidis and Sunil Kumar Khandelwal, Financial Risk Management for Islamic Banking and Finance, Palgrave Macmillan, Chapter 2, p. 28 [21] Ibid, p. 38 [22] Standing Committee for Economic and Commercial Cooperation of the Organization of Islamic Cooperation (COMCEC ), Risk Management in Islamic Financial Instruments, COMCEC Coordination Office, September 2014, p. 108 [23] Ioannis Akkizidis and Sunil Kumar Khandelwal, Financial Risk Management for Islamic Banking and Finance, Palgrave Macmillan, Chapter 2, p. 45 [24] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 54, Islamic Development Bank, Islamic Research and Training Institute [25] ISLAMIC FINANCIAL SERVICES BOARD, GUIDING PRINCIPLES OF RISK MANAGEMENT FOR INSTITUTIONS (OTHER THAN INSURANCE INSTITUTIONS) OFFERING ONLY ISLAMIC FINANCIAL SERVICES, December 2005, p. 6 [26] Ioannis Akkizidis and Sunil Kumar Khandelwal, Financial Risk Management for Islamic Banking and Finance, Palgrave Macmillan, Chapter 2, p. 45 [27] Ibid p. 56 [28] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 57, Islamic Development Bank, Islamic Research and Training Institute [29] ISLAMIC FINANCIAL SERVICES BOARD, GUIDING PRINCIPLES OF RISK MANAGEMENT FOR INSTITUTIONS (OTHER THAN INSURANCE INSTITUTIONS) OFFERING ONLY ISLAMIC FINANCIAL SERVICES December (IFSB), Credit Risk, 2.3. Operational Considerations, December 2005, p. 7 [30] Ioannis Akkizidis and Sunil Kumar Khandelwal, Financial Risk Management for Islamic Banking and Finance, Palgrave Macmillan, Chapter 2, p. 59 [31] Ioannis Akkizidis and Sunil Kumar Khandelwal, Financial Risk Management for Islamic Banking and Finance, Palgrave Macmillan, Chapter 2, p. 61 [32] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 57, Islamic Development Bank, Islamic Research and Training Institute [33] Ibid p. 64 [34] Ibid p. 65 [35] Ioannis Akkizidis and Sunil Kumar Khandelwal, Financial Risk Management for Islamic Banking and Finance, Palgrave Macmillan, Chapter 2, p. 66 [36] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 57, Islamic Development Bank, Islamic Research and Training Institute [37] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 58, Islamic Development Bank, Islamic Research and Training Institute [38] Ioannis Akkizidis and Sunil Kumar Khandelwal, Financial Risk Management for Islamic Banking and Finance, Palgrave Macmillan, Chapter 2, p. 71 [39] Nurhafiza Abdul Kader Malim PhD, Islamic Banking and Risk Management: Issues and Challenges, Journal of Islamic Banking and Finance Oct.- Dec. 2015, p. 68 [40] Hennie van Greuning Zamir Iqbal, Risk Analysis for Islamic Banks, THE WORLD BANK Washington, D.C., December 2008, p. 258 [41] The Islamic Financial Services Board (IFSB), GUIDING PRINCIPLES OF RISK MANAGEMENT FOR INSTITUTIONS (OTHER THAN INSURANCE INSTITUTIONS) OFFERING ONLY ISLAMIC FINANCIAL SERVICES December 2005, p. 26 [42] Ibid, p 27 [43] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 66, Islamic Development Bank, Islamic Research and Training Institute [44] Ahmad Mohamed Rahim, Operational Risks in Islamic Profit Sharing Contracts and Ways to Overcome Them, MSc in Islamic Finance, The Global University of Islamic Finance, October 2014 (http://www.inceif.org/research-bulletin/operational-risks-islamic-profit-sharing-contracts-ways-overcome/)