Dans le contexte conomique actuel, les petites et moyennes entreprises (PME) et les petites et moyennes industries (PMI) doivent naviguer dans un environnement de plus en plus complexe et comp titif. Pour survivre et prosp rer, il est crucial de mettre en place des strat gies de gestion des risques efficaces. Une approche prouv e et accessible pour les PME/PMI est le modèle des Trois Lignes de D fense (3 LoD). Cette m thode, simple et abordable, permet de renforcer le contrôle interne et de s curiser les op rations. Voici comment impl menter cette strat gie de manière pragmatique et efficiente, en soulignant en fin d'article l'expertise de M3T Consulting. Comprendre le Modèle des Trois Lignes de D fense Le modèle des 3 LoD distingue les responsabilit s de gestion des risques en trois niveaux distincts, assurant ainsi une r partition claire et efficace des rôles au sein de l'entreprise. Première Ligne de D fense (LoD1) : Gestion Op rationnelle Les quipes op rationnelles sont en première ligne pour identifier et g rer les risques au quotidien. Elles mettent en œuvre et appliquent les contrôles internes n cessaires pour pr venir les incidents et minimiser les impacts n gatifs sur l'entreprise. Cette première ligne est essentielle car elle est directement impliqu e dans les activit s quotidiennes de l'entreprise, ce qui lui permet de d tecter rapidement les anomalies et de r agir en cons quence. Deuxième Ligne de D fense (LoD2) : Fonctions de Surveillance Les fonctions de surveillance incluent les d partements de conformit et de gestion des risques. Ces quipes supervisent les activit s de la première ligne, fournissent des conseils et s'assurent que les contrôles internes sont ad quats et efficaces. Elles jouent un rôle crucial en valuant les politiques et en recommandant des am liorations pour renforcer le système de contrôle interne. La deuxième ligne agit comme un filet de s curit suppl mentaire, garantissant que les processus sont correctement suivis et que les risques sont g r s de manière proactive. Troisième Ligne de D fense (LoD3) : Audit Interne L'audit interne fournit une valuation ind pendante de l'efficacit globale du contrôle interne et des processus de gestion des risques. Cette troisième ligne de d fense v rifie que les deux premières lignes fonctionnent correctement et am liore en continu les pratiques de gestion des risques. En fournissant une perspective ind pendante, l'audit interne aide à identifier les faiblesses du système et à proposer des actions correctives pour am liorer la r silience de l'entreprise. Impl menter les Trois Lignes de D fense dans une PME/PMI D finir les Rôles et Responsabilit s Pour r ussir l'impl mentation des trois lignes de d fense, il est crucial de d finir clairement les rôles et responsabilit s de chaque employ . Chaque membre de l'organisation doit comprendre son rôle dans la gestion des risques et la mise en œuvre des contrôles internes. Cette clart permet de garantir que tous les niveaux de l'entreprise sont align s et travaillent ensemble pour atteindre les objectifs de gestion des risques. Former les Équipes La formation est essentielle pour s'assurer que tous les employ s sont conscients des risques potentiels et des meilleures pratiques pour les g rer. Des sessions r gulières de formation et de sensibilisation peuvent grandement am liorer l'efficacit des contrôles internes. En investissant dans la formation, les PME/PMI peuvent d velopper les comp tences n cessaires pour identifier et g rer les risques de manière proactive, renforçant ainsi leur r silience globale. Utiliser des Outils de Gestion des Risques Investir dans des outils de gestion des risques abordables peut aider à automatiser certains aspects du contrôle interne, tels que la surveillance continue et la g n ration de rapports de risques. De nombreux outils sont disponibles à des prix accessibles pour les PME/PMI, permettant ainsi de tirer parti des technologies modernes pour am liorer les processus de gestion des risques. Ces outils peuvent galement faciliter la communication et la collaboration entre les diff rentes lignes de d fense, assurant ainsi une gestion des risques plus coh rente et int gr e. Cr er une Fonction d'Audit Interne Proportionn e Pour la troisième ligne de d fense, les PME/PMI peuvent externaliser la fonction d'audit interne à des consultants sp cialis s si elles ne disposent pas des ressources n cessaires en interne. Cette approche permet de b n ficier d'une valuation ind pendante et objective des processus de contrôle interne. En externalisant l'audit interne, les PME/PMI peuvent galement acc der à des expertises sp cialis es et à des perspectives externes, ce qui peut être particulièrement b n fique pour identifier les opportunit s d'am lioration et de renforcement du système de contrôle interne. Encourager une Culture de Transparence et de Responsabilisation Une culture d'entreprise qui valorise la transparence et la responsabilisation est essentielle pour la r ussite de toute strat gie de gestion des risques. Les dirigeants doivent promouvoir une communication ouverte et un environnement où les employ s se sentent responsabilis s. En encourageant la transparence, les entreprises peuvent cr er un climat de confiance où les employ s sont plus enclins à signaler les anomalies et à proposer des solutions pour am liorer les processus internes. Cette culture de responsabilisation contribue galement à renforcer l'engagement des employ s envers les objectifs de gestion des risques. Les Avantages de l'Impl mentation des Trois Lignes de D fense Structure et Clart dans la Gestion des Risques L'impl mentation des trois lignes de d fense permet de d finir une structure claire pour la gestion des risques, facilitant ainsi la d tection et la r solution des problèmes potentiels. Chaque ligne de d fense joue un rôle sp cifique et compl mentaire, assurant une approche holistique de la gestion des risques. La première ligne, en tant directement impliqu e dans les op rations quotidiennes, permet une r action rapide aux incidents. La deuxième ligne apporte une surveillance et des conseils pour renforcer les contrôles. La troisième ligne, par son ind pendance, offre une valuation objective des systèmes en place. Accès à des Expertises et Technologies Modernes L'utilisation d'outils de gestion des risques et l'externalisation de l'audit interne permettent aux PME/PMI d'acc der à des expertises sp cialis es et à des technologies modernes, sans n cessiter des investissements importants. Les outils de gestion des risques peuvent automatiser la surveillance continue et la g n ration de rapports, facilitant ainsi la d tection pr coce des anomalies et la prise de d cisions inform es. En externalisant l'audit interne, les PME/PMI b n ficient de perspectives externes et d' valuations ind pendantes, ce qui est essentiel pour am liorer constamment le système de contrôle interne. Renforcement de la R silience Organisationnelle En mettant en œuvre les trois lignes de d fense, les PME/PMI peuvent renforcer leur r silience face aux risques op rationnels. Cette approche permet de s curiser les op rations quotidiennes et de promouvoir une culture de transparence et de responsabilisation au sein de l'organisation. Une gestion proactive des risques r duit non seulement les incidents, mais am liore galement la capacit de l'entreprise à r agir efficacement en cas de crise. La r silience organisationnelle est renforc e par une meilleure anticipation des risques et une r ponse rapide et coordonn e aux d fis. Am lioration de la Confiance des Parties Prenantes La mise en place des trois lignes de d fense peut galement am liorer la confiance des parties prenantes, y compris les clients, les investisseurs et les r gulateurs. Une gestion efficace des risques d montre l'engagement de l'entreprise à maintenir des standards lev s de gouvernance et de conformit . Les clients sont plus enclins à faire confiance à une entreprise qui prend des mesures proactives pour s curiser ses op rations. Les investisseurs, de leur côt , voient dans une gestion rigoureuse des risques un indicateur de stabilit et de durabilit de l'entreprise. Enfin, les r gulateurs appr cient les efforts des entreprises qui s'alignent sur les meilleures pratiques en matière de gestion des risques. Cas Pratiques et Retours d'Exp rience Exemple 1 : Digitalisation des Processus chez XYZ Manufacturing XYZ Manufacturing, une PME sp cialis e dans la production de composants m caniques, a r cemment mis en œuvre les trois lignes de d fense pour am liorer la gestion des risques op rationnels. Grâce à la digitalisation de ses processus, XYZ a pu automatiser la surveillance des lignes de production et la g n ration de rapports de performance. Les quipes op rationnelles ont t form es à l'utilisation de nouveaux outils technologiques, permettant une d tection rapide des anomalies. La fonction de conformit a jou un rôle cl en fournissant des conseils et des recommandations pour am liorer les contrôles internes. Enfin, l'audit interne, externalis à M3T Consulting, a r alis une valuation ind pendante des systèmes en place, permettant d'identifier des opportunit s d'am lioration et de renforcer la r silience de l'entreprise. Exemple 2 : Gestion des Risques dans une Banque R gionale Une banque r gionale a adopt le modèle des trois lignes de d fense pour am liorer sa gestion des risques financiers et op rationnels. La première ligne, constitu e des d partements op rationnels, a t form e à la d tection des risques et à la mise en place de contrôles appropri s. La deuxième ligne, incluant les d partements de conformit et de gestion des risques, a d velopp des politiques et des proc dures pour renforcer les contrôles internes. L'audit interne, men par un cabinet externe, a valu l'efficacit des contrôles et propos des actions correctives pour am liorer le système de gestion des risques. Cette approche int gr e a permis à la banque de renforcer sa r silience face aux risques et d'am liorer la confiance des clients et des r gulateurs. Conclusion L'impl mentation d'un dispositif de contrôle interne bas sur le modèle des Trois Lignes de D fense est une strat gie accessible et efficace pour les PME/PMI. En adoptant cette approche structur e, les entreprises peuvent renforcer leur r silience face aux risques op rationnels et s curiser leurs op rations quotidiennes. Cette strat gie permet galement de promouvoir une culture de transparence et de responsabilisation, essentielle pour une gestion proactive des risques. M3T Consulting : Votre Partenaire de Confiance pour la Gestion des Risques Chez M3T Consulting, nous sommes sp cialis s dans l'accompagnement des entreprises dans leur transition num rique et la mise en place de dispositifs de contrôle interne. Notre expertise en gestion des risques nous permet de proposer des solutions adapt es aux besoins sp cifiques de chaque organisation, en assurant une impl mentation efficace des trois lignes de d fense. Pour en savoir plus sur nos services, consultez nos publications sur LinkedIn et notre site web M3T Consulting. Commencez dès aujourd'hui à mettre en place les trois lignes de d fense dans votre entreprise et voyez la diff rence qu'une gestion proactive des risques peut apporter !

Contents 6 Chapter 2: Evolvement of Risk Management: Basel I, II and III. 10 6.1 Introduction: 10 6.2 Section I: Basel I and its shortcomings: 11 6.3 Section 2: Basel II 12 6.4 Section 3: Basel III 13 6.4.1 Summary OF changes. 13 7 Chapter 3: Risk in Islamic Finance Institutions. 14 7.1 Introduction: 14 7.2 Section 1: Islamic Finance Institutions are unique. 16 7.3 Section 2: Types of Risks in the IFIs: 17 8 Chapter 4: Islamic Finance Products, Risks and the key challenges. 19 8.1 Introduction: 19 8.2 Section 1: Risks in Islamic Finance Products: 19 8.2.1 Risks in Musharakah Contracts: 21 8.2.2 Risks in Mudarabah contract: 22 8.2.3 Risks in Murabahah Contract: 24 8.2.4 Risks in Salam Contract: 24 8.2.5 Risks in Istisnaa Contract 25 8.2.6 Risks in Iajrah Contract: 26 8.3 Section 2: Challenges of Risk Management in Islamic Finance Products. 27 9 Chapter 5: Operational Risk in Islamic Finance Institutions. 28 9.1 Introduction: 28 9.2 Section 1: Operational Risk in Musharakah contract: 28 9.3 Section 2: Operational Risk in Mudarabah contract. 29 9.4 Section 3: Operational Risk in Murabahah contract. 29 9.5 Operational Risk in Salam contract. 30 9.6 Operational Risk in Istisnaa contract: 30 9.7 Operational Risk in Ijarah contract: 30 10 Conclusion.. 30 10.1 Findings. 30 10.2 Recommendations. 31 11 References 33 6 Chapter 2: Evolvement of Risk Management: Basel I, II and III 6.1 Introduction: The Basel Committee on Banking Supervision was created in 1974, formed by representatives of Central banks or other supervisory authorities of Belgium, Canada, France, Germany, Italy, Japan, Luxembourg, the Netherlands, Spain, Sweden, Switzerland, the United Kingdom, and the United States. The committee, which meets, and has its secretariat, at the Bank for International Settlements in Basel, Switzerland, has no formal authority. Rather, it works to develop broad supervisory standards and promote best practices, in the expectation that each country will implement the standards in ways most appropriate to its circumstances.[1] The Basel Committee on Banking Supervision issued its first set of guidelines (Basel I) in 1988. Its main objective was to establish minimum capital requirements for Credit Risk (the risk of loss due to the failure of a counterparty to meet its obligations). In 1996 it was amended to include minimum capital requirements for Market Risk in trading books (the risk of loss due to a change in market prices, such as equity prices or interest or exchange rates). As the art of Risk Management has evolved, there was need to review the Basel I Accord and to be replaced with the Basel II (June 2006)[2]. This accord was more complex and aimed to achieve multiple objectives:[3] To improve risk measurement and management To link, to the extent possible, the amount of required capital to the amount of risk taken To further focus the supervisor-bank dialogue on the measurement and Management of risk and the connection between risk and capital To increase the transparency of bank risk-taking to the customers and counterparties that ultimately fund—and hence share—these risk positions. After the 2007-2008 Subprime Crisis, The Basel Committee on Banking Supervision had to adapt the capital requirements guidelines to cater for the new emerged risks. Three sets of publications have been issued: Basel III: Capital (June 2011), Liquidity coverage ratio (LCR) (January 2013), and Net stable funding ratio (NSFR) (October 2014)[4]. The aim of the Basel III new measures is: improve the banking sector's ability to absorb shocks arising from financial and economic stress, whatever the source improve risk management and governance strengthen banks' transparency and disclosures. 6.2 Section I: Basel I and its shortcomings: Basel I had substantially improved the banks’ resilience to Risk, and have provided a framework for capital requirements, however, its simplicity couldn’t cater for complex products and instruments in the large banks. In fact, banks sought to use methods to reduce exposures on products that had the most weights on their capital requirements. Developments in securitization of bank assets and advances of banks’ own risk management, and development of a range of increasingly complex derivative products, led to Credit Crunch. Banks used to invest in Bonds (0% weight) to avoid more requirements on their Capital (as loans weighed 100%). In addition, Basel I have opened a window for regulatory arbitrage[5]. Besides the fact that Basel I was non-binding for banks, it also neglected other aspects of the Risks (Market Risk, Operational Risk and Interest Rate Risk). These shortfalls led to the development of the Basel II Accord. 6.3 Section 2: Basel II Basel II introduction aimed to close the gaps of Basel I. Three Pillars are introduced namely: I - Capital Adequacy Ratio: Minimum Capital Requirements to buffer for shocks emanating from Credit Risk, Market Risk and Operational Risk II – Supervisory Review: “Principle 2 Supervisors should review and evaluate banks’ internal capital adequacy assessments and strategies, as well as their ability to monitor and ensure their compliance with regulatory capital ratios. Supervisors should take appropriate supervisory action if they are not satisfied with the result of this process.[6]” III- Market Discipline (Disclosure): market discipline – ensures that the market provides yet another set of eyes. The third pillar is intended to strengthen incentives for prudent risk management. Greater transparency in banks’ financial reporting should allow marketplace participants to better reward well-managed banks and penalize poorly-managed ones 3 Pillars of Basel II [7] 6.4 Section 3: Basel III Basel III was introduced in December 2010, its main aims were to reform: bank-level, or micro prudential, regulation, which will help raise the resilience of individual banking institutions to periods of stress. macroprudential, system wide risks that can build up across the banking sector as well as the procyclical amplification of these risks over time.[8] 6.4.1 Summary OF changes[9] “Regarding Pillar I (calculation of Capital Requirements), it should not be surprising that changes were specified. The requirement of Tier 1 capital making up 4% of the total 8% was now increased to 6% (of the total 8% which remains the same) and more significantly, the common equity component of Tier 1 was moved from 2% to 4.5% (of the now 6% total). This is supplemented by new rules calculating many of the capital charges to address the mispricing of risk before the crisis. A Leverage Ratio has been added to the arsenal of the Basel III Accords under Pillar I but the relevant capital to be applied has yet to be agreed on. Capital Conservation Buffer of 2.5% to consist of common equity will be required in addition to the minimum in 1. What this translates as in aggregate is a minimum core equity requirement of 7% (4.5+2.5) and the Total Tier 1 to increase to 8.5% (6+2.5) . A Countercyclical Buffer (between 0-2.5%) to come into play when there is excessive credit growth in the economy to be implemented according to national circumstances (No time frame specified). To address Liquidity Risk, the 30 day Liquidity Coverage Ratio for internationally active banks has been introduced attempting to ensure adequate levels of “unencumbered, high-quality liquid assets that can be converted into cash to meet its liquidity needs for a 30 day calendar time horizon under a significantly severe liquidity stress scenario specified by supervisors” (BCBS, p 3, Dec 2010)71. It is calculated as follows: Complimenting 5 above is the Net Stable Funding Ratio. The Committees stated objective here is “to promote more medium and long-term funding of the assets and activities of banking organisations” and it “establishes a minimum acceptable amount of stable funding based on the liquidity characteristics of an institutions assets and activities over a one year horizon” (p25, ibid). It is calculated as follows: Further standards are being developed regarding systemically important banks which “could include capital surcharge, contingent capital and bail in debt”.” [10] 7 Chapter 3: Risk in Islamic Finance Institutions 7.1 Introduction: Islamic Banks have come a long way since they were first established in the 1960s, they are now competing in the global Market and have shown their resiliency in the face of the global crises. Assets of Full-Fledged Islamic Retail Banks in OIC Countries (2005 USD prices, in Billions)[11] And the Islamic finance Industry is fast moving covering almost every continent. With this evolvement, Islamic Banks are required to enhance and develop products and becoming more complex. Also, Islamic Banks are unique in their nature and face different challenges from conventional Banks. Islamic Banks to be at all times Sharia compliant, have to abide by maxims: “(Entitlement to) profit is accompanied by responsibility (for associated expenses and possible loss)” الغنم بالغرم “Profit is entitled for the (risk of) ownership, the (risk of) effort and (risk of) liability/responsibility”. يستحق الربح اما بالمال واما بالعمل واما الضمان Which means, that Risk is within the DNA of Islamic Finance, and an IFI will not be entitled for profit unless it bears a proportionate Risk of loss[12]. 7.2 Section 1: Islamic Finance Institutions are unique As stated in the introduction IFIs are unique, hence, Risk inherits this uniqueness. In the sense, IFIs have to apply the Objectives of Sharia’a (مقاصد الشريعة)[13], IFIs are subject to three types of Risk[14]: Essential Risk, Forbidden Risk and Tolerable risk to be avoided. Essential Risk: it is intrinsic to the IFIs’ operating model, it has to be taken to legitimate the FI profits to abide by the maxim الغنم بالغرم. in Murabahah Contract, the seller must bear the risks of the commodity by the means of ownership (Risks are only transferred when the original buyer (the seller) have owned the commodity before selling to his customer. This principle is applicable to all Islamic Finance Products. Forbidden Risk: this kind of risk is banned by the Sharia’a, it applies to excessive uncertainty (الغرر الفاحش). It is always due to transactions on unknown terms or object of a contract (Gambling, Fraud). It can be divided into these categories: Risk or uncertainty associated with time of payment) غرر في الاجل (for instance, unconfirmed date of payment in the case of a deferred sale (Al-Kasani, 2003). Risk or Uncertainty associated with existence of commodity) غرر في الوجود ( for instance, trading of an item that does not exist (Al-Kasani, 2003). Risk or Uncertainty associated with quality of commodity) غرر في الصفة (for instance, ambiguity happens in the specifications and features of the goods (Al-Sarakhsi, 1993). Risk or Uncertainty associated with quantity of commodity) غرر في المقدار (for instance, selling something without specifying the price or quantity of the goods (Ibn Abidin, 1992). Uncertainty associated with possession of commodity) غرر في الحصول (for instance, trading of birds in the sky or fish in the sea (Ibn Muflih, 1997). Tolerable risk to be avoided: they are all other types of Risk as long as they are not under any of the aforementioned. They are tolerable from the perspective of the Objectives of Sharia’a. these are, and not limited to, Credit Risk, Market Risk, Liquidity Risk and Operational Risk. IFIs operate based on two Profit Sharing models, Two-tier Mudarabah Profit Sharing on both assets and liability sides (all assets are financed by modes of financing Mudaradah; and one-tier Mudarabah with different investment products (Murabahah, Ijarah, Istisna’a etc..)[15]. Profit Sharing models modifies the nature of Risk compared to Conventional Banks. In fact, besides the Types of Risks that Conventional Banks are exposed to, there are specific types of Risk that the IFIs face. I will discuss all those Risks in the following Section 7.3 Section 2: Types of Risks in the IFIs: Islamic Banks, because they have to abide by the PLS (Profit-Loss Sharing) principle, the returns on saving and investment accounts are non-fixed. Depositors share the Risks form the operations of the IFI. On the other side, the financing models of assets by the IFI brings another sort of Risk from the known to the conventional Banks. E.Kozarević, M.Baraković Nurikić & N.Nuhanović[16] state that IFI face 5 types of Risk, namely: financial risk, business risk, safety-deposit risk, management risk, and other types of Islamic banks’ risk. Some of these Risks are shared with those of the traditional Banks, and others are unique to the IFIs. The following chart[17] illustrates the ratio of shared and unique Risks in IFIs Tariqullah Khan Habib Ahmed provides more details on these unique Risks and their nature in IFIs. He lists them as follows[18]: Credit Risk: in IFIs takes two forms: Payment/settlement Risk (in Salam or Istisnaa contracts), when one of the parties’ defaults on payment of cash or delivery of the assets, exposing one of the parties to potential losses Non-payment of the share of the bank by the partner as per the terms of the Musharakah or Mudarabah contracts Counterparty Risk: when in contracts like Murabahah are subject to the non-performance of a trading partner. Benchmark Risk: IFIs have to abide by providing finance with a fixed Profit Rate for the full period of the contract (Benchmark + Markup), however, only one component (the Markup) is fixed and the benchmark is subject to the market fluctuations and expose the IFI to Risk. Liquidity Risk: IFIs face this kind of Risk when they cannot have cash at a low cost or they are not able to sell some assets. This risk is in fact very problematic for IFIs, as they are little or not at all Sharia compliant Liquidity Management instruments to cater for such risk. Operational Risk: risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk[19]. It is IFIs apex sources of risk. In fact, as IFIs suffer most of the time from the lack of qualified professionals capable of handling the Islamic Finance types of contracts. Also, rare are technology providers than can understand systems capable of handling, sometimes, complex Islamic processes and products. Legal Risk: IFIs are very prone to this Risk, primarily due to the lack of Jurisprudence that standardizes the rules governing the Islamic Financing Contracts. In most of the countries where IFIs operates the state laws and regulations are inspired from the French or British Laws. Hence it opens the door to interpretation problems and potential losses from unenforced contracts. Withdrawal Risk: IFIs opposite to traditional banks do not offer fixed return on saving and investment accounts. Depositors may take decisions to reach for better stable revenues especially that the rates of return offered by the IFIs are variable, this introduces withdrawal risk. Fiduciary Risk: this risk is especially due to the incapability of an IFI to comply with Sharia rules in all its contract, customers may lose confidence and trust and withdraw their deposits. Displaced Commercial Risk: IFIs, tend in times of low revenues from the pools of depositors (under Mudarabah contracts where depositors act as Rab Al Mal, and the Bank as Mudarib) to transfer the Risks to the equity shareholders to minimize the Risk of Withdrawal. 8 Chapter 4: Islamic Finance Products, Risks and the key challenges 8.1 Introduction: Risk Management in IFIs is primordial to their success and their ability to generate value for their shareholders. I have discussed above the uniqueness of Risks within the IFIs and how Risk is part of the DNA of IFIs products and instruments (Essential Risks: Profit – Loss Sharing, Forbidden Risk: Uncertainty and Gambling, and Manageable Risks: Credit, Market and Operational Risk). I have also given some insights on how each IF contract can encompass different aspects of Risk (see Tariqullah Khan Habib Ahmed, 2001). In IFIs, Risks tend to be more aligned with the type of the contract due the its unique structure and the nature of the deal between the parties during the life of this contract. In the coming sections I will attempt to discuss Risk Management in relation to IF products (Musharakah, Mudarabah, Murabaha, Salam, Istisna, and Ijarah)[20] and highlight some of the challenges posed to IFIs to manage those Risks. 8.2 Section 1: Risks in Islamic Finance Products: A quick comparison of different risks in Islamic finance with conventional finance reveals that credit risk, commodity risk, liquidity risk, market risk, legal risk, and regulatory risks are higher in Islamic financing compared to conventional banking. Risk profiling – conventional vs Islamic banks[21] These Risk profiles are higher in IFIs as highlighted due to the nature of the contracts and Sharia Compliance prerequisites that they are subject to. According to Standing Committee for Economic and Commercial Cooperation of the Organization of Islamic Cooperation (COMCEC)[22], Credit and Operational Risk are the most prevalent to IFIs, the following table provides a picture of the perception of Risk by IFIs. Perception of Risks in Modes of Financing Notes: 1 = Critically Unimportant, 2 = Unimportant, 3 = Neutral, 4 = Important, 5 = Critically Important. Values are in Percentage (%). 8.2.1 Risks in Musharakah Contracts: The Musharakah in a contract of partnership between the bank and its partner In Musharakah Contract the main Risks are: Credit Risk, Operational, Market and Liquidity. These Risks differ from Permanent Musharakah and Diminishing Musharakah, in permanent Musharakah contract the IFI is exposed to mainly Operational Risk Losses from failure of the partner to manage the business. The figure bellow highlights the Risks in Permanent Musharakah contract lifecycle[23]: Credit, operational, market, and liquidity risks during the lifetime of Permanent Mushãrakah contracts The Business under the Musharakah may default to generate cash resulting in Credit Risk exposure as shown in cycles 1 and 2 in above figure. As result the IFI may suffer liquidity issues and hence inability to finance other investment opportunities. Any major Losses may lead to hinder continuation of the business and will impact the market share price at last equity payment date. In such scenario, the IFI is exposed to Market Risk. The same highlighted herein is applicable to Diminishing Musharaakah with slight differences. Credit, operational, market, and liquidity risks during the lifetime of Diminishing Musharakah contracts Tariqullah Khan Habib Ahmed[24] states that even though scholars and regulators have preference with regards to Musharakah products, IFIs use them rarely due to the high credit exposure. In fact the Islamic Financial Services Board (IFSB) emphasizes the importance of credit risk in this contract “22. The following premises relate to the sound processes of credit risk management in IIFS: The role of IIFS can embrace those of financiers, suppliers, Muḍārib and Mushārakah partners. IIFS concern themselves with the risk of a counterparty’s failure to meet their obligations in terms of receiving deferred payment and making or taking delivery of an asset.”[25] 8.2.2 Risks in Mudarabah contract: Mudarabah Contract is partnership between the IFI and an Entrepreneur, where the IFI provides Capital and the Entrepreneur provides expertise. Any Losses that emerge during the lifetime of the contract are fully covered by the IFI. The IFI relies on the Entrepreneurs ability to manage the business and generate profits. On the other hand, the Entrepreneur gives assurance that he will deploy the apex of his knowledge to use the invested capital optimally. In the event of external adverse circumstances or internal business disruption, the IFI is exposed to Operational Risk which may lead to full coverage of the losses. This causes a drain of cash that consequently leads to liquidity constraints (Liquidity Risk). In the case where the Entrepreneur is enable to deliver or commit to the payment of the IFIs share of profit as per the terms of the contract, the IFI is exposed to Credit Risk. Risks in Mudarabah contract agreements during the investment period[26] 8.2.3 Risks in Murabahah Contract: The IFIs must assume ownership of the goods before it sells it to the issuer of the purchase order. Between the time of the promise to purchase and the time of signing the Murabahah contract, the IFI is exposed to Operational Risk and Market Risk. Any damage or defects are the responsibility of the IFI, in addition to the Market commodity price fluctuations. Different types of Risks interact during the lifetime of a Murabahah contract, and IFIs should consider all Risks as interrelated in order to reduce their magnitude. As the buyer will pay the price of the goods on a deferred equal payment, the IFI is exposed to Credit Risk in the event of default. Also as the Profit Rate is composed of a fixed part (the Markup) and a variable part (the Benchmark), the IFI is exposed to Markup Risk in the scenario when the Benchmark rate increases and hence reducing the share of the Profit Rate. Credit, operational, and market risks during the lifetime of a Murãbaha contract[27] 8.2.4 Risks in Salam Contract: Forward sale is prohibited by the Sharia, However Salam have been clearly allowed by the Prophet Mohammed PBOH with conditions: "عَنِ ابْنِ عَبَّاسٍ رضى الله عنهما قَالَ قَدِمَ رَسُولُ اللَّهِ الْمَدِينَةَ ، وَالنَّاسُ يُسْلِفُونَ فِى الثَّمَرِ الْعَامَ وَالْعَامَيْنِ - أَوْ قَالَ عَامَيْنِ أَوْ ثَلاَثَةً . فَقَالَ " مَنْ سَلَّفَ فِى تَمْرٍ فَلْيُسْلِفْ فِى كَيْلٍ مَعْلُومٍ ، وَوَزْنٍ مَعْلُومٍ ، إِلَى أَجَلٍ مَعْلُومٍ" Salam is when a buyer advances the payment for goods to be delivered sometimes in the future. The Salam contract benefits the three parties, the seller and the buyer lock the price and hence protect against prices fluctuation, the IFI reduces the costs of storage The Salam contract have two Counterparty Risks[28]: The inability of the supplier to deliver on time or never (Credit Risk), or the goods are delivered in a different quality than the agreed in the terms of contract. Sometimes even if the supplier has a good credit record, external events (Operational Risk) may hurdle the delivery of the agreed goods. When such defaults occur the IFSB[29] considers them as part of Credit Risk (Counterparty Risk)[30] As Salam contract ends with a physical delivery of goods, the IFI faces storage costs and commodity price fluctuations (Market Risk). Market Risk issues and Markup Risk. The IFI, due to commodity price volatility may be unable to re-sell the goods at a profitable rate. The IFI may also be exposed to Credit Risk in case the buyer (with whom a Parallel Slam contact have been signed) defaults. Operational, credit, market, and liquidity risks during the lifetime of Salam contracts[31] 8.2.5 Risks in Istisnaa Contract The IFI, as in Salam contract, is exposed to Counterparty Risks, the Manufacturer ( Saneaa) may fail to deliver as per the terms of the contract (quality and time of delivery). Credit Risk (as per the IFSB definition) is less as the Risk of External Events[32] (natural disasters) compared to Salam. However, as Ioannis Akkizidis and Sunil Kumar Khandelwal[33] state, the supplier may default due to External Events that hurdles him from producing and delivering the goods subject to the Istisnaa contract. In the Parallel Istisnaa contract, the buyer may default in paying in full and/or on time which exposes the IFI to Credit Risk (Counterparty Risk). The manufacturer (Sanea) may delay the delivery of the goods as agreed in the terms exposed the IFI to Operational, Reputational and hence liquidity Risk[34]. The IFI is also exposed to Market Risk, in the sense that the price of the commodity is fixed at the time of the contract and the commodity prices are changing and may take an adverse shift against the IFI at the time of execution of the Parallel Istisnaa contract. Operational, credit, market, and liquidity risks during the lifetime of Istisnã contracts[35] Under some Fiqh jurisdictions the Istinaa contract is not binding for the supplier[36], and this also exposes the IFI to Counterparty Risk[37]. 8.2.6 Risks in Iajrah Contract: Ijarah is a leasing finance mode that gives the usufruct right to the lessee. The IFI is exposed to Credit, Market, Operational and Liquidity Risks. Any default of payment by the lessee leaves the IFI exposed to Credit Risk. The default may due to the lessee’s business risk or market prices volatility or just that the lessee is not willing to pay as per the terms of the Ijarah contract. If the lessee choses to exist the contract before the term of the contract, the IFI, in addition to Credit Risk, is exposed to Liquidity Risk and expected future revenues are considered as losses and directly impact the Cash Flows of the IFI. In case of catastrophic events, as the IFI is the owner of the property, it is exposed to Operational Risk. The IFI is exposed to Market Risk when the estimation of the rent value doesn’t meet the actual market prices. The figure below summarizes the Risks of the an Ijarah contract lifetime[38] 8.3 Section 2: Challenges of Risk Management in Islamic Finance Products. In the light of what have been discussed in section 1 of this chapter, it is clear that each of the Islamic Finance contract encompasses more than one type of Risk. This kind of complexity makes the Management of Risk very difficult and cumbersome. IFI have to invest hugely in people and systems to facilitate the process of the said. Conventional Risk Management techniques and tools are based on interest, gambling and speculation which are forbidden by the Sharia[39]. Also, the lack of financial engineering and innovations when it comes to developing Sharia Compliant Hedging Financial Instruments leaves the IFIs with limited tools of Risk Management. IFIs face more Operational Risk due to the multitude of contract and their Sharia compliance prerequisites, changing and lack of required skills, technology issues and lack of specialized technology developers. The World Bank[40] identified some challenges in Risk Management in IFIs “future growth and development will depend largely on the nature of innovations introduced in the market. The immediate need is to develop instruments that enhance liquidity; to develop secondary, money, and interbank markets; and to perform asset-liability and risk management.” 9 Chapter 5: Operational Risk in Islamic Finance Institutions 9.1 Introduction: The Islamic Financial Services Board define Operational Risk as “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. IIFS shall also incorporate possible causes of loss resulting from Sharī`ah non-compliance and the failure in their fiduciary responsibilities.”[41] IFIs, besides their exposure to Operational Risk sources, have also to incorporate probable losses from Sharia non-compliance issues. In fact, in the same IFSB guidelines it is stated that the IFI: “shall ensure that their contract documentation complies with Sharī`ah rules and principles – with regard to formation, termination and elements possibly affecting contract performance such as fraud, misrepresentation, duress or any other rights and obligations.”[42] That being said, let’s examine the Operational Risk aspects in each type of the Islamic finance contracts. 9.2 Section 1: Operational Risk in Musharakah contract: Operational Risk perception by IFIs seems to be higher in Musharakah contracts, mainly due the complexity of the contract and its implementation[43]. This complexity may emerge in Sharia non-compliance Risk and hence the nullity of the Musharakah contract. The IFI have management rights over the partnership and inherits all the aspects of Risks. The Operational Risk takes its source from the business risk. Any External Event Risk, failure of processes, systems and people that affect the investment entity directly impact the IFIs stake. The losses may range from partial loss of profits to full loss of all the invested share of capital of the IFI. Another aspect of Operational Risk in Musharakah, is that the IFI is an active partner (unlike Mudarabah), where the IFI’s management have to take business decisions on how the entity should operate, this means that the IFI should have the adequate set of skills in the different industries where it chooses to invest. Lack of these skills exposes the IFI to huge Operational Risk losses. Legal Interpretation of the Musharakah contract may lead to Operational losses[44]. When some terms of the contract may be interpreted not according to Sharia rules and questioning the legality of the contract. Even if the IFI have invested in a technology to manage its products and processes, the partner may have little or no sophisticated systems to operate, hence, the accounting processes may differ substantially from those used by the IFI, especially on the recognition of revenues and profits which leads to Operational losses. 9.3 Section 2: Operational Risk in Mudarabah contract Alike the Musharakah, Mudarabah have higher Operational exposure compared to other types of Risks. Operational Risk is even higher in Mudarabah contract than the Musharakah. Any losses from External Events or Business failure are fully covered by the IFI (Rab Al Mal). The Agent (Partner) has full responsibility of management which poses another major Risk, the IFI will not have the ability to manage the Operational Risks emanating from the business operations. The IFI have to ensure that the set of skills it has is capable of assessing the agent’s knowledge and experience before entering the Mudarabah. Lack of those skills exposes the IFI to Operational Losses that can range to full loss of the invested capital. 9.4 Section 3: Operational Risk in Murabahah contract In Murabahah contract, the IFI is exposed to Operational Risk during the period from the Purchase Order up to contract acceptance by the customer. The other aspects of Operational Risk (Sharia non-compliance and Legal Risk) arise after the contract signature. Before the contract signature: the IFI is exposed to External Events, in the sense that Risks of damage of goods bought due to external events are the responsibility of the IFI. Process Risks can emerge from the failure of the execution of the Murabahah deal, especially when the sequence of events is not respected (e.g. signing the Murabahah contract before the goods are transferred to the ownership of the IFI) People Risk arises when the staff responsible of the execution of the Murabahah lack knowledge of the product and its Sharia perquisites or are under pressure for sales targets (aggressive sales). The IFI is exposed to operational losses by nullity of the executed contracts. System Risks arise when the infrastructure is not suitable for the Islamic Finance products and hence does not cater for Sharia prerequisites. IFI face challenges in finding specialized technology providers who have the required set of skills to develop Sharia compliant Systems After the contract signature: The IFI face major issues in the interpretation of the Islamic Products contracts, it is very common in Murabahah that the contract is voided due to the strict legal interpretation instead of catering for the Sharia principles. Sharia non-compliance Risk arises when the contract is found breaching the Sharia rules. The IFI is forced to reimburse all cashed profits and incurs operational losses. 9.5 Operational Risk in Salam contract In the Salam Contract, the IFI is exposed to Operational Risk from External Events for the whole period, from the time of advancement of the capital until the delivery of the goods. The whole investment is at stake. Sharia non-compliance issues may arise due to the strict terms that have to be applied, any discrepancies can cause Operational losses. Adding to that the legal interpretation issues that may emerge after litigations. The IFI should also ensure that it has the set of skills to assess the project subject to Salam contract. The lack of skills may impact the IFI as a credit default. 9.6 Operational Risk in Istisnaa contract: Istisnaa contract is different from the Salam as the payments are scheduled with the delivery of the goods or the phases of the project. Between each payment, the IFI is exposed to Operational losses due to External Events impacting the business under Istisnaa contract. Also, failure of processes, lack of expertise or system issues will have an impact on the business continuity, thus, exposing the IFI to losses at least equal to the amount of made payments. The IFI have also to ensure that the human resources responsible of oversight of the project have adequate skills, lack of these resource will impact the project performance and result in operational losses. 9.7 Operational Risk in Ijarah contract: In Ijarah contract the ownership of the asset remains with the IFI, which means it assumes all Operational Risk Events during the tenor of the contract. Catastrophic events may impact the leased asset and the IFI will incur partial or total loss of the invested capital plus all future lease payments by the lessee. It is also exposed to Operational losses due to misconduct of the lessee. 10 Conclusion 10.1 Findings Risk in IFIs is a very different beast that the one faced by conventional banks. Conventional banks transfer their risk profiles to their counterparties by means of interest, interest bearing hedging instruments or insurance. However, the IFIs are active partners with their counterparties and have to abide by the Sharia maxims: “(Entitlement to) profit is accompanied by responsibility (for associated expenses and possible loss)” الغنم بالغرم, and “Profit is entitled for the (risk of) ownership, the (risk of) effort and (risk of) liability/responsibility”. يستحق الربح اما بالمال واما بالعمل واما الضمان. The Islamic Finance contracts and their execution is complex and entails interdependencies of multiple risk types. One contract may expose the IFI, during its lifecycle, to Operational Risk, Credit Risk and Market Risk (e.g. Murabahah contract). IFIs have also to live with Systemic Risks when it operates in an environment with legal interpretations different from the Sharia principles or when it is unable to find technology providers that support in implementing systems catering for Sharia compliant products. In this researches, I came to the conclusion that the major Risk that IFIs are exposed to is Operational Risk: People Risk: Lack of qualification and/or conviction in Sahariaa compliant finance exposes the IFI to Operational losses and Reputational damage Process Risk: the complexity of the lifecycle of the Islamic Finance contract and its execution requires investment in robust controls and clear Policies and Procedures. Any failure exposes the IFI to Operational losses including Legal Risk, Sahariaa non-compliance Risk and Reputational damage. System Risk: due the nature of the Islamic contracts, the IFI have to extensively invest in technology infrastructure to reduce the manual intervention and people interpretations. However, it is noticed that the offer from the technology providers is low and exposes the IFIs to losses from failures of systems to meet the business requirements. External Events: this kind of Risk can only be mitigated by means of insurance. IFIs in general have difficulties to find Sharia compliant insurance companies, and even if they do, the costs are higher. 10.2 Recommendations In the light of the above, and in my opinion, Operational Risks seems to be the major concern for the IFIs. Thus, efforts need to invested in: Culture and business knowledge: IFIs are under the obligation, to minimize their Operational Risk exposure, to invest extensively in the most valuable asset, i.e. Human Resources. Efforts have already started and need to be intensified (the CIBAFI program of certification in Islamic Finance and the Professional Executive Master degrees). In Kuwait, the Central Bank of Kuwait have issued instructions (20/12/2016) regarding the Sharia Audit Governance. It had clearly stated that the Sharia Audit staff have to be qualified in Islamic Finance besides their Sharia qualification. Legal environment: the IFIs have the obligation to spread awareness through the State institutions about the Islamic Finance and its governing Sharia rules, encourage jurisprudence that issue guidelines on Islamic Finance contracts. Technology infrastructure: efforts to be made in investing in growing technology providers to develop offering of systems compatible with Islamic Finance business. Process and Policy issues: The supervisory entities are required to enhance the control framework around IFIs and cater for their uniqueness. Bahrain and emirates Central Banks started implementing the unified Sharia Governing entity that will enhance and unify the guidelines and controls around Sharia compliant products. [1] Federal Reserve Bulletin, September 2003, Capital Standards for Banks: The Evolving Basel Accord, p. 1 [2] BCBS, Basel II: The New Basel Capital Accord - third consultative paper April 2003 and Revised international capital framework, June 2006 [3] Federal Reserve Bulletin, September 2003, Capital Standards for Banks: The Evolving Basel Accord, p. 3 [4] Basel III: international regulatory framework for banks [5] Sean Kenny, To What Extent were the Limitations of the Previous Basel Accords (I & II) overlooked by Basel III?, Master programme in Economic History, Lund University, School of Economics and Management, June 2011, p. 16 [6] BCBS- Pillar 2 (Supervisory Review Process), the New Basel Capital Accord, Principal 2 [7] Basel II, Tamer Bakiciol Nicolas Cojocaru-Durand DongxuLu, December 2008, p. 11 [8] BIS, BCSB, Basel III: international regulatory framework for banks [9] Sean Kenny, To What Extent were the Limitations of the Previous Basel Accords (I & II) overlooked by Basel III?, Master programme in Economic History, Lund University, School of Economics and Management, June 2011, p.40 [10] Basel Committee on Banking Supervision, Basel III: International Framework for Liquidity Risk Measurement, Standards and Monitoring, Dec 10, Bank for International Settlements. Formulae taken from same document This document contains 47 pages while the other paper contains 33. http://wwww.basel-ii-risk.com/basel-iii-guide-to-the-changes/ [11] Ahmad Alharbi, Development of the Islamic Banking System, Journal of Islamic Banking and Finance June 2015, Vol. 3, No. 1, p. 17 [12] Syed Ehsan Ullah Agha, RISK MANAGEMENT IN ISLAMIC FINANCE: AN ANALYSIS FROM OBJECTIVES OF SHARI’AH PERSPECTIVE, International Journal of Business, Economics and Law, Vol. 7, Issue 3 (Aug.) 2015 [13] Syed Ehsan Ullah Agha, RISK MANAGEMENT IN ISLAMIC FINANCE: AN ANALYSIS FROM OBJECTIVES OF SHARI’AH PERSPECTIVE, International Journal of Business, Economics and Law, Vol. 7, Issue 3 (Aug.) 2015 [14] Ibid p.51 [15] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 52, Islamic Development Bank, Islamic Research and Training Institute [16] Specifics of Risk Management in Islamic Finance and Banking, with Emphasis on Bosnia and Herzegovina, E.Kozarević, M.Baraković Nurikić & N.Nuhanović, Bahar/Spring 2014, Volume 4, Issue 1, Çankırı Karatekin University, Journal of The Faculty of Economics, and Administrative Sciences, p. 155 [17] Ibid, p.155 [18] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 54, Islamic Development Bank, Islamic Research and Training Institute [19] BCBS Principles for the Sound Management of Operational Risk, 2011, p. 3 [20] Ioannis Akkizidis and Sunil Kumar Khandelwal, Financial Risk Management for Islamic Banking and Finance, Palgrave Macmillan, Chapter 2, p. 28 [21] Ibid, p. 38 [22] Standing Committee for Economic and Commercial Cooperation of the Organization of Islamic Cooperation (COMCEC ), Risk Management in Islamic Financial Instruments, COMCEC Coordination Office, September 2014, p. 108 [23] Ioannis Akkizidis and Sunil Kumar Khandelwal, Financial Risk Management for Islamic Banking and Finance, Palgrave Macmillan, Chapter 2, p. 45 [24] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 54, Islamic Development Bank, Islamic Research and Training Institute [25] ISLAMIC FINANCIAL SERVICES BOARD, GUIDING PRINCIPLES OF RISK MANAGEMENT FOR INSTITUTIONS (OTHER THAN INSURANCE INSTITUTIONS) OFFERING ONLY ISLAMIC FINANCIAL SERVICES, December 2005, p. 6 [26] Ioannis Akkizidis and Sunil Kumar Khandelwal, Financial Risk Management for Islamic Banking and Finance, Palgrave Macmillan, Chapter 2, p. 45 [27] Ibid p. 56 [28] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 57, Islamic Development Bank, Islamic Research and Training Institute [29] ISLAMIC FINANCIAL SERVICES BOARD, GUIDING PRINCIPLES OF RISK MANAGEMENT FOR INSTITUTIONS (OTHER THAN INSURANCE INSTITUTIONS) OFFERING ONLY ISLAMIC FINANCIAL SERVICES December (IFSB), Credit Risk, 2.3. Operational Considerations, December 2005, p. 7 [30] Ioannis Akkizidis and Sunil Kumar Khandelwal, Financial Risk Management for Islamic Banking and Finance, Palgrave Macmillan, Chapter 2, p. 59 [31] Ioannis Akkizidis and Sunil Kumar Khandelwal, Financial Risk Management for Islamic Banking and Finance, Palgrave Macmillan, Chapter 2, p. 61 [32] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 57, Islamic Development Bank, Islamic Research and Training Institute [33] Ibid p. 64 [34] Ibid p. 65 [35] Ioannis Akkizidis and Sunil Kumar Khandelwal, Financial Risk Management for Islamic Banking and Finance, Palgrave Macmillan, Chapter 2, p. 66 [36] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 57, Islamic Development Bank, Islamic Research and Training Institute [37] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 58, Islamic Development Bank, Islamic Research and Training Institute [38] Ioannis Akkizidis and Sunil Kumar Khandelwal, Financial Risk Management for Islamic Banking and Finance, Palgrave Macmillan, Chapter 2, p. 71 [39] Nurhafiza Abdul Kader Malim PhD, Islamic Banking and Risk Management: Issues and Challenges, Journal of Islamic Banking and Finance Oct.- Dec. 2015, p. 68 [40] Hennie van Greuning Zamir Iqbal, Risk Analysis for Islamic Banks, THE WORLD BANK Washington, D.C., December 2008, p. 258 [41] The Islamic Financial Services Board (IFSB), GUIDING PRINCIPLES OF RISK MANAGEMENT FOR INSTITUTIONS (OTHER THAN INSURANCE INSTITUTIONS) OFFERING ONLY ISLAMIC FINANCIAL SERVICES December 2005, p. 26 [42] Ibid, p 27 [43] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 66, Islamic Development Bank, Islamic Research and Training Institute [44] Ahmad Mohamed Rahim, Operational Risks in Islamic Profit Sharing Contracts and Ways to Overcome Them, MSc in Islamic Finance, The Global University of Islamic Finance, October 2014 (http://www.inceif.org/research-bulletin/operational-risks-islamic-profit-sharing-contracts-ways-overcome/)

Contents 1 Abstract.. 4 2 Introduction.. 4 3 Objective: 5 4 Plan of the paper: 5 5 Chapter 1: Risk History and definitions. 5 5.1 Introduction: 5 5.2 Section I: Risk Management History: 6 5.3 Section 2: Definitions of Risk Management: 7 5.3.1 Market Risk: 8 5.3.2 Credit Risk. 8 5.3.3 Liquidity Risk: 8 5.3.4 Operational Risk: 9 6 Chapter 2: Evolvement of Risk Management: Basel I, II and III. 10 6.1 Introduction: 10 6.2 Section I: Basel I and its shortcomings: 11 6.3 Section 2: Basel II 12 6.4 Section 3: Basel III 13 6.4.1 Summary OF changes. 13 7 Chapter 3: Risk in Islamic Finance Institutions. 14 7.1 Introduction: 14 7.2 Section 1: Islamic Finance Institutions are unique. 16 7.3 Section 2: Types of Risks in the IFIs: 17 8 Chapter 4: Islamic Finance Products, Risks and the key challenges. 19 8.1 Introduction: 19 8.2 Section 1: Risks in Islamic Finance Products: 19 8.2.1 Risks in Musharakah Contracts: 21 8.2.2 Risks in Mudarabah contract: 22 8.2.3 Risks in Murabahah Contract: 24 8.2.4 Risks in Salam Contract: 24 8.2.5 Risks in Istisnaa Contract 25 8.2.6 Risks in Iajrah Contract: 26 8.3 Section 2: Challenges of Risk Management in Islamic Finance Products. 27 9 Chapter 5: Operational Risk in Islamic Finance Institutions. 28 9.1 Introduction: 28 9.2 Section 1: Operational Risk in Musharakah contract: 28 9.3 Section 2: Operational Risk in Mudarabah contract. 29 9.4 Section 3: Operational Risk in Murabahah contract. 29 9.5 Operational Risk in Salam contract. 30 9.6 Operational Risk in Istisnaa contract: 30 9.7 Operational Risk in Ijarah contract: 30 10 Conclusion.. 30 10.1 Findings. 30 10.2 Recommendations. 31 11 References. 33 1 Abstract As IFIs are growing extensively and expected to grow up to 15% in the coming years, it is primordial that all the industry stakeholders start to invest their efforts to develop the Risk Management disciplines. The IFSB and AAOIFI are not sparing any effort to guide and participate in shaping the IF Risk Management, however, they tend to be inspired by the existing frameworks historically developed for Conventional Banks. Islamic Finance contracts are very different in nature and in substance from conventional banks, thus, the conventional Risk Management cannot cater for their uniqueness. This paper tried to highlight uniqueness of risk aspects within the IF contracts, and focused on Operational Risk, which is in my opinion in the major risk for IFI. 2 Introduction Risk Management have evolved since its first appearance after the World War II. The Bank of International Settlement have tried to adapt to the changes in the Finance industry and issued 3 version of the Basel Guidelines on Capital Requirements (Basel I, II and III). These guidelines have identified Capital Requirements for Credit Risk, Market Risk and Operational Risk. They also issued Sound Practices for Risk Management for each type of Risk. With the venue of the Islamic Finance Industry in the 1960s, Risk Management tools had to adapt to the uniqueness of their products. IFSB and AOIIFI have invested huge efforts in developing Risk Management guidelines for IFIs. Scholars and Islamic Finance practitioners issued multitude of papers attempting to circle aspects of Risk in the Islamic Finance Contracts. They have demonstrated that Islamic Finance encompasses other types of Risk that are unknown to conventional Banks (Fiduciary Risk, Sharia non-compliance Risk, Commercial Displaced Risk, etc.) Many of those scholars have also found out that the IFIs are more exposed to Operational Risk than the conventional banks, mainly due to the complexity of the contracts and their execution. This research is an attempt to add some more light on Risks faced by Islamic Finance Institution with a special focus on Operational Risk. 3 Objective: Risk Management in IFIs tends to be complex and least understood by the business and even by the Risk Management practitioners, in this research I will attempt to define Risks in IFIs and clarify its specifications by demonstrating its uniqueness, especially in the Islamic Finance contracts, where each contract can encompass more than one type of Risk. I will also try to cover some more details of Operational Risk aspects in the IF contracts and demonstrate its importance and complexity during the lifecycle. That being discussed I will propose some actions that can enhance the Operational Risk Management within the IFIs. 4 Plan of the paper: In this paper, I will be defining Risk Management in general in Financial Institutions and its degree of evolvement especially in conventional banking, how Risk is different in Islamic Financial Institutions from conventional banks, their instruments and what are the key challenges. Then I will be discussing the Operational Risk Management in Islamic Finance Institutions and its specifications. 5 Chapter 1: Risk History and definitions 5.1 Introduction: Risk Management emerged after the World War II, and began to be studied in universities as a discipline with the two academic books ( Mehr and Hedges (1963) and Williams and Hems (1964)[1]. Risk Management was, for a long time, the ultimate tool for Insurance Industry aiming to mitigate Risks related to individuals and companies from losses incurred from accidents[2] After 1950s, and due to the increasing costs of insurance, various Risk Management activities were introduced to the business (e.g. business continuity, self-insurance). Derivatives were introduced after 1970s to mitigate the faced risks. Market, Credit, and Operational Risk Management tools were introduced to manage the emerging risks from the intensified activities with insurance and Finance industries (consequently after 1980s for Market and Credit and 1990s for Operational Risk)[3] The objective of a financial institution (or for any kind of business) is to maximize shareholders’ profits by adding value and best usage of available resources. Financial institutions, in particular, have to manage Risks to achieve the aforesaid objective. Risk is defined as a possible adverse, one or more, outcomes, it is unknown for its intrinsic volatility and unpredictability. Financial institutions face different types of Risks. Business Risks, which “arises from the nature of a firm’s business. It relates to factors affecting the product market. Financial risk arises from possible losses in financial markets due to movements in financial variables [4]”. Oldfield and Santomero classifies Risk in three types: risks that can be eliminated, those that can be transferred to others, and the risks that can be managed by the institution. [5]” Besides the above given definitions, Risk can also be defined as Financial Risk, i.e. Credit Risk and Market Risk, and non-Financial Risk, i.e., among others, Operational Risk, Legal Risk, Reputational Risk and Strategic Risk.[6] 5.2 Section I: Risk Management History: Risk Management historically was the main objective of the insurance industry. After the World War II, large companies started to mitigate their risks by introducing Self-Insurance techniques. It was largely applied to cover adverse financial impacts consequent of events of losses or Market volatility. After 1970s, Financial Risk Management emerges as a cornerstone for multitude of companies including banks. In Fact, Stock Market prices, exchange rates, commodity prices, were their main concerns. Table 1: Milestones in the History of Risk Management[7] In 1990s Risk Management took more momentum and became a high priority matter for corporates, Board of Director have now the responsibility of oversight and monitoring policies effected by the Board Audit and Risk Management Committees. Financial Institution, after 2000s are required to implement capital reserves for risks, especially after the major defaults and the Enron bankruptcy case. Basel II (2004) issued guidelines on more robust capital requirements on banks for Credit Risk, also introduced rules on managing Operational Risk. In 2010 Basel III came as a response to the 2008 subprime crisis, with more constraints on capital requirements and new Liquidity Risk Management guidelines. 5.3 Section 2: Definitions of Risk Management: According to Wikipedia, “Risk management is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events[8] or to maximize the realization of opportunities. Risk management’s objective is to assure uncertainty does not deflect the endeavor from the business goals.[9]” Financial Institutions face generally two types of Risk, Financial and Non-Financial[10] (Gleason 2000). Financial Risks are those due Market volatility (Market Risk), and those due customers’ defaults (Credit Risk). Non-Financial Risk includes, but not limited to, Operational Risk, Legal Risk, Reputational Risk, Regulatory Compliance Risk. 5.3.1 Market Risk: Market Risk is defined as the risk from adverse volatility of traded instruments and assets in a well-defined Market[11]. Market Risk can affect both banking and trading books. In the sense that it is originated from equity price risk, interest rate risk, currency risk, and commodity price risk. Market Risk is said systematic when it arises due to the general volatility of prices and overall changes in policies in the economy. When the price of a specific asset or instruments changes due to events inherent to it, it is categorized as unsystematic Risk. 5.3.2 Credit Risk “Credit risk is most simply defined as the potential that a bank borrower or counterparty will fail to meet its obligations in accordance with agreed terms. The goal of credit risk management is to maximize a bank's risk-adjusted rate of return by maintaining credit risk exposure within acceptable parameters. Banks need to manage the credit risk inherent in the entire portfolio as well as the risk in individual credits or transactions. Banks should also consider the relationships between credit risk and other risks. The effective management of credit risk is a critical component of a comprehensive approach to risk management and essential to the long-term success of any banking organization.”[12] Credit Risk is the risk that counterparty will fail to meet its obligations timely and fully in accordance with the agreed terms[13]. 5.3.3 Liquidity Risk: The Principles for Sound Liquidity Risk Management and Supervision[14] (BCBS 2008) defines Liquidity as “the ability of a bank to fund increases in assets and meet obligations as they come due, without incurring unacceptable losses.” Liquidity Risk arises then from adverse circumstances that hurdles a bank to normally operate and meet its liabilities when due. Funding Liquidity Risk occurs when banks are unable to secure funds at a reasonable cost from borrowing, Asset Liquidity Risk arises when banks face difficulties to generate liquidity from sale of assets.[15] 5.3.4 Operational Risk: The BCBS Principles for the Sound Management of Operational Risk defines Operational Risk as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk.[16] Operational Risk was for a long time out of the radar of the corporates and scholars, it was not quite understood. Power writes: “Operational risk was conceived as a composite term for a wide variety of organizational and behavioural risk issues which were traditionally excluded from formal definitions of market and credit risk. The explosion of operational risk discourse gave new structure and rationality to what had traditionally been regarded as a risk management residual and negatively described as non-financial risk.”[17] The Bank of international Settlements (BIS) have categorized Operational Risk into four causal categories[18]: · Process · Business Process (lack of proper due diligence, inadequate/problematic account reconciliation, etc.) · Business Risks (merger risk, new product risk, etc.) · Errors and Omissions (inadequate/problematic security, inadequate/problematic quality control, etc.) · Specific Liabilities (employee benefits, employer, directors and officers, etc.) · People · Employee Errors (general transaction errors, incorrect routing of transaction, etc.) · Human Resource Issues (employee unavailability, hiring/firing, etc.) · Personal Injury – Physical Injury (bodily injury, health and safety, etc.) Personal Injury – Non–Physical Injury (libel/defamation/slander, discrimination/harassment, etc.) · Wrongful Acts (fraud, trading misdeeds, etc.) · Information Technology · General Technology Problems (operational error – technology related, unauthorized use/misuse of technology, etc.) · Hardware (equipment failure, inadequate/unavailable hardware, etc.) · Security (hacking, firewall failure, external disruption, etc.) · Software (computer virus, programming bug, etc.) · Systems (system failures, system maintenance, etc.) · Telecommunications (telephone, fax, etc.) · External Events · Disasters (natural disasters, non–natural disasters, etc.) · External Misdeeds (external fraud, external money laundering, etc.) · Litigation/Regulation (capital control, regulatory change, legal change, etc.) · Relationships · Legal/Contractual (securities law violations, legal liabilities, etc.) · Negligence (gross negligence, general negligence, etc.) · Sales Discrimination (lending discrimination, client Discrimination, etc.) · Sales Related Issues (churning, sales misrepresentation, high pressure sales tactics, etc.) · Specific Omissions (failure to pay proper fees, failure to file proper report, etc.) Gene Alvares attempted a mapping exercise between the Causal Categories and Basel Risk Types (Alvares, Global Association of Risk Professionals GARP studies. 2002). Mapping illustration between the Basel Committee’s proposed operational risk event classification scheme and Zurich IC2 format. (Alvarez, 2002)[19] References Georges Dionne, Risk Management: History and Critique, March 2013 Harrington and Neihaus, 2013, Georges Dionne, Risk Management: History and Critique, March 2013 Jorion and Khoury 1996, reference cited by Tariqullah Khan Habib Ahmed: Risk Management: An Analysis Of Issues In Islamic Financial Industry, 2001, Islamic Development Bank, Islamic Research and Training Institute Oldfield and Santomero (1997), reference cited by Tariqullah Khan Habib Ahmed: Risk Management: An Analysis Of Issues In Islamic Financial Industry, 2001, , Islamic Development Bank, Islamic Research and Training Institute Tariqullah Khan Habib Ahmed: Risk Management: An Analysis Of Issues In Islamic Financial Industry, 2001, Islamic Development Bank, Islamic Research and Training Institute Hubbard, Douglas (2009). The Failure of Risk Management: Why It's Broken and How to Fix It. John Wiley & Sons. (Wikipedia) Antunes, Ricardo; Gonzalez, Vicente (3 March 2015). "A Production Model for Construction: A Theoretical Framework". Buildings. 5 (1): 209–228. doi:10.3390/buildings5010209. (Wikipedia) BCBS - Principles for the Management of Credit Risk - final document, September 2000 BCBS - Principles for Sound Liquidity Risk Management and Supervision - final document, September 2008 BCBS Principles for the Sound Management of Operational Risk, 2011 Power p. 103 Cited by Johannes Gaus aus Böblingen, The Risks of Financial Risk Management, Master-Thesis, Economics of Financial Institutions European Business School, Department Corporate Management & Economics, Zeppelin University Marinoiu Ana Maria, Bucharest University of Economics, Faculty of International Business and Economics, Operational Risk In International Business: Taxonomy And Assessment Methods, Federal Reserve Bulletin, September 2003, Capital Standards for Banks: The Evolving Basel Accord BCBS, Basel II: The New Basel Capital Accord - third consultative paper April 2003 and Revised international capital framework, June 2006 Basel III: international regulatory framework for banks Sean Kenny, To What Extent were the Limitations of the Previous Basel Accords (I & II) overlooked by Basel III?, Master programme in Economic History, Lund University, School of Economics and Management, June 2011 BCBS- Pillar 2 (Supervisory Review Process), the New Basel Capital Accord, Principal 2 Basel II, Tamer Bakiciol Nicolas Cojocaru-Durand DongxuLu, December 2008 BIS, BCSB, Basel III: international regulatory framework for banks Basel Committee on Banking Supervision, Basel III: International Framework for Liquidity Risk Measurement, Standards and Monitoring, Dec 10, Bank for International Settlements. http://wwww.basel-ii-risk.com/basel-iii-guide-to-the-changes/ Ahmad Alharbi, Development of the Islamic Banking System, Journal of Islamic Banking and Finance June 2015, Vol. 3, No. 1 Syed Ehsan Ullah Agha, RISK MANAGEMENT IN ISLAMIC FINANCE: AN ANALYSIS FROM OBJECTIVES OF SHARI’AH PERSPECTIVE, International Journal of Business, Economics and Law, Vol. 7, Issue 3 (Aug.) 2015 Specifics of Risk Management in Islamic Finance and Banking, with Emphasis on Bosnia and Herzegovina, E.Kozarević, M.Baraković Nurikić & N.Nuhanović, Bahar/Spring 2014, Volume 4, Issue 1, Çankırı Karatekin University, Journal of The Faculty of Economics, and Administrative Sciences. Ioannis Akkizidis and Sunil Kumar Khandelwal, Financial Risk Management for Islamic Banking and Finance, Palgrave Macmillan. Standing Committee for Economic and Commercial Cooperation of the Organization of Islamic Cooperation (COMCEC), Risk Management in Islamic Financial Instruments, COMCEC Coordination Office, September 2014. ISLAMIC FINANCIAL SERVICES BOARD, GUIDING PRINCIPLES OF RISK MANAGEMENT FOR INSTITUTIONS (OTHER THAN INSURANCE INSTITUTIONS) OFFERING ONLY ISLAMIC FINANCIAL SERVICES, December 2005. Nurhafiza Abdul Kader Malim PhD, Islamic Banking and Risk Management: Issues and Challenges, Journal of Islamic Banking and Finance Oct.- Dec. 2015. Hennie van Greuning Zamir Iqbal, Risk Analysis for Islamic Banks, THE WORLD BANK Washington, D.C., December 2008. Ahmad Mohamed Rahim, Operational Risks in Islamic Profit Sharing Contracts and Ways to Overcome Them, MSc in Islamic Finance, The Global University of Islamic Finance, October 2014 (http://www.inceif.org/research-bulletin/operational-risks-islamic-profit-sharing-contracts-ways-overcome/) [1] Georges Dionne, Risk Management: History and Critique, March 2013, p. 1 [2] Harrington and Neihaus, 2013, Georges Dionne, Risk Management: History and Critique, March 2013, p. 1 [3] Georges Dionne, Risk Management: History and Critique, March 2013, p. 1 [4] Jorion and Khoury 1996, p. 2, reference cited by Tariqullah Khan Habib Ahmed: Risk Management: An Analysis Of Issues In Islamic Financial Industry, 2001,p. 26, Islamic Development Bank, Islamic Research and Training Institute [5] Oldfield and Santomero (1997), reference cited by Tariqullah Khan Habib Ahmed: Risk Management: An Analysis Of Issues In Islamic Financial Industry, 2001,p. 27, Islamic Development Bank, Islamic Research and Training Institute [6] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis Of Issues In Islamic Financial Industry, 2001,p. 28, Islamic Development Bank, Islamic Research and Training Institute [7] Georges Dionne, Risk Management: History and Critique, March 2013, p. 6 [8] Hubbard, Douglas (2009). The Failure of Risk Management: Why It's Broken and How to Fix It. John Wiley & Sons. p. 46. (Wikipedia) [9] Antunes, Ricardo; Gonzalez, Vicente (3 March 2015). "A Production Model for Construction: A Theoretical Framework". Buildings. 5 (1): 209–228. doi:10.3390/buildings5010209. (Wikipedia) [10] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 28, Islamic Development Bank, Islamic Research and Training Institute [11] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 28, Islamic Development Bank, Islamic Research and Training Institute [12] BCBS - Principles for the Management of Credit Risk - final document, September 2000 [13] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 29, Islamic Development Bank, Islamic Research and Training Institute [14] BCBS - Principles for Sound Liquidity Risk Management and Supervision - final document, September 2008 [15] Tariqullah Khan Habib Ahmed: Risk Management: An Analysis of Issues in Islamic Financial Industry, 2001, p. 29, Islamic Development Bank, Islamic Research and Training Institute [16] BCBS Principles for the Sound Management of Operational Risk, 2011, p. 3 [17] Power p. 103 Cited by Johannes Gaus aus Böblingen, The Risks of Financial Risk Management, Master-Thesis, Economics of Financial Institutions European Business School, Department Corporate Management & Economics, Zeppelin University, p. 38 [18] Marinoiu Ana Maria, Bucharest University of Economics, Faculty of International Business and Economics, Operational Risk In International Business: Taxonomy And Assessment Methods, P. 196 [19] Marinoiu Ana Maria, Bucharest University of Economics, Faculty of International Business and Economics, Operational Risk in International Business: Taxonomy and Assessment Methods, P. 197