Exchange Ideas
Islamic Banking Risk ManagementWhen the conventional banking system is facing crises in the current economic downturn, Islamic Banking is actually growing every day. What is the reason behind such success? What are the risk management techniques in Islamic Banking March 01, 2012 Importance of Risk Appetite in Enterprise wide Risk ManagementAfter the debacle of Kabul Bank, the biggest worry for the Afghan Government, Central Bank of Afghanistan and relevant international agencies like International Monetary Fund (IMF) and World Bank is to strengthen up the banking industry of Afghanistan by focusing more on effective risk management at the individual banks. “If you must play, decide on three things at the start: the rules of the game, the stakes, and the moment to quit”. The bank’s should decide before playing about the risks that they can actually take or willing to take and in which sectors and what would be the cut off limits. Central Bank of Afghanistan has instructed all banks to develop proper risk management frameworks. Almost all banks operating in Afghanistan are re-enforcing the pillars of their risk management framework. The purpose of this article is to highlight the importance of risk management with focus on risk appetite management. Developing a risk management framework without defining your risk appetite is like designing a bridge without knowing which river it needs to span. The bridge might be too long or too short, too high or too low, and may not be the best solution to cross the river. Under the Afghanistan banking laws, the highest corporate body of any bank is the Board of Directors or Board of Supervisor’s. It’s the responsibility of the Board of Supervisor’s to define the bank’s strategy, balancing opportunities and expected rewards against related risks. The Board of Supervisor’s has to be clear about the banks risk appetite i.e. which are the risks that the bank is able to take and which it cannot. The risk appetite should be consistent with the culture of the bank and with its capacity to manage risks inherent in its business activities. Board may test the risk appetite through scenario games of possible risk events: how acceptable would the impact of the failure of a large IT project be or simply the default of a large obligor? Well defined risk appetite, risk tolerance and risk targets are required in execution of business strategy, effective risk management and for obtaining competitive edge. Once the bank’s overall risk appetite has been clearly defined, the Board of Supervisor’s should communicate it broadly throughout the bank to ensure all actions of the institution are in line with the risk appetite. Risk taking is part and parcel of banking services, there is no reward without taking risk. When assessing the quality of a bank’s risk management framework, rating agencies examine whether the bank has a clearly articulated risk appetite process and to what degree this process is integrated with its strategy and the culture. Lack of clarity about strategy would make it difficult for the management to measure performance beyond financial data. A proper risk appetite framework would always take into account the risks that the institution can manage better than its competitors. It is the link between strategy, risks, opportunities and risk management. The right choice of the type and the quantity of risks the bank accepts is part and parcel of an effort to gain a competitive advantage. A good description of a bank’s risk appetite will comprise of both qualitative as well as quantitative aspects. Executive management may only approve expansion in new business areas e.g. Islamic Banking, if it is sure that it has gathered sufficient knowledge of the specific business issues and risks involved. And that it has the organizational and technical infrastructure in place to effectively manage new risks arising from expansion into new business area. Risk appetite regarding the bank’s strategic goals would first be translated into risk tolerance for specific categories of risk, e.g., strategic, credit, market, operational and compliance risks. For each risk category, the resulting risk tolerance has to be in line with the bank’s risk appetite. For example in human resource, bank may set its risk tolerance regarding overall staff turnover to “not exceeding 10% annually”. Then, the management can cascade risk tolerance further down the risk management pyramid and set risk targets for different business units. As the Afghan banking industry has tremendous shortage of educated work force, many bank employees are studying for their degrees after official banking hours. When they graduate, they get offers from International agencies or their contractors for four times or more than salaries they were taking at banks. Consequently, increasing the staff turnover rate and leaving behind a pool of unqualified staff. A risk target is the optimal level of risk that an organization wants to take in pursuit of a specific business goal. Through the risk target, the bank determines the desired balance between risk and reward. The risk target correlates risk tolerance to specific business plans and business metrics. The risk target should be set on the basis of desired return against the risks in achieving those returns and its capability of managing those risks. The risk target can be expressed as a point between an upper and a lower risk. Breach of risk limits will raise flags for corrective action at the process level. If a business unit reaches the upper risk limit, it will have to manage down its risk level, unless a new analysis of the risk/ return balance justifies the risk position. If a lower risk limit is breached, i.e. if the actual risk taking falls below a minimum, the business unit would have to add more risk. Here, I conclude the article by emphasizing that the definition of risk appetite can never be a one off exercise for the bank, as the risk appetite, tolerance, targets and limits are not static, especially in the current turbulent environment of Afghanistan. They have to be up-dated according to changes in a bank’s environment i.e. economy, markets, regulations, foreign investment, technology, foreign troops providing security, US Presidential elections campaign and above all its own performance. Afghan banks have to react quickly to such changes in their risk environment and take corrective actions with modifications in risk targets, limits, tolerance and appetite. Only proper enterprise wide risk management can sail them out of the thick soup and guide them towards the shores of maturity. Continue reading "Importance of Risk Appetite in Enterprise wide Risk Management" Posted by Fahad at 12:05 PM | Comments (1) August 26, 2010 Operational Risk ManagementIn this era of global financial crisis where company after company, economy after economy is plunging into deep crisis, efficient risk management departments have become a necessity. We have seen companies like Fannie Mae & Freddie Mac being taken over by US government, Merrill Lynch being bought by Bank of America and American International Group (AIG) relying on help from US government. Nassim Talebs prediction of Black Swans is fast becoming a reality with the days of comforts of Greenspans regulatory insulated environment going on the fast wane. While conventional banks are facing crisis Islamic Banks are still growing and making profits. As Warren Buffet once rightly said Risk comes from not knowing what you are doing. Islamic Banking industry cannot sit back and pretend to have divine protection. Risk management professionals need to move fast in order to block arrival of a Black Swan in the Islamic Banking industry. One of the major hubs of Islamic Banking Dubai has already seen a domino which could easily have become a Black Swan. The banking environment is continuously changing. The comfort of an insulated environment offered by regulations in the past is on the fast wane. The resulting uncertainties are calling for proper risk identification, measurement and management. Where as, a well known Shariah Adviser Dr Zubair Usmani views that the Islamic banking industry remained largely unaffected of the US economic downturn because of the principle of lending backed by assets. He emphasized his views by explaining that for example if he sells his mobile to person A, Person A pays money to him and also gets the custody of the mobile phone i.e. asset backed transaction. On the other hand, Islamic Banks are more prone to operational risk than conventional banks. Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and system or from external events. Such risk is one of the oldest risks in banking that has been managed all along quite informally but of late has suddenly caught everyones attention. This is due to the reaction to the major loss events occurring internally and the push from regulators side. The great religion Islam also teaches risk management to its followers. For example The Holy Koran depicts the concept in Surah Yusuf: Verse 67: Operational risk is associated with human error, system failures and inadequate procedures and controls. It is the risk of loss arising from the potential that inadequate information system, technology failures, breaches in internal controls, fraud, unforeseen catastrophes, or other operational problems may result in unexpected losses or reputation problems. Following are the examples of famous operational risk incidents rocking the international financial Institutions: a) Barings Bank went bankrupt due to amassing of USD 1.3 Billion unreported losses over two years. The number of fraud and forgery cases in the banking industry is on the rise for last few years due to weakened operational risk management. Regulators have taken some steps for the proper monitoring of operational risk management i.e. collecting details of fraud & forgery cases being detected in the banks. It also ensures sound practice for the management of operational risk and also monitors the magnitude and trends of the risk emanating from the failures in control environment and system of the banks. There is a famous quote em>bite off more than you can chew, then chew it i.e. One should plan more than he can do, then do it. Ordinary people may think people working at Islamic banks are hundred percent fraud and error free. While the result of a survey of nine Pakistani banks dealing in Islamic banking products conducted by MayfairBusinessConsultants.com revealed otherwise. The following figure shows the result of the survey:
It shows that 22% considered human error or fraud as low risk, 33% considered it as medium risk and another 33% considered it as high risk. 44% considered incomplete information as low risk, 22% considered it as medium risk and another 22% considered it as high risk. 11% considered operational disruption as low risk, 33% considered it as medium risk and another 33% considered it as high risk. This means that Pakistani Islamic Banking industry considers human error or fraud and operational disruption as potential operational risks for their banks. Strong risk management policies/ procedures and regular training of the staff can help in overcoming such potential risks. The first step in the risk management process is to acknowledge the reality of risk. Denial is a common tactic that substitutes deliberate ignorance for thoughtful planning. As per the regulators advice and senior managements acknowledgement of reality of operational risk, a totally independent Operational Risk Management function is required for effective management of operational risks at every bank. The function assesses monitors and reports operational risks as a whole and ensures that the management of operational risk in the bank is carried out as per strategy and policy. To accomplish the task, the function would help establish policies, standards and coordinate various risk management activities. Besides, it would also provide guidance relating to various risk management tools, monitor and handle incidents and prepare reports for the senior management. Banks should initiate Risk Control Self Assessment (RCSA) and Key Risk Indicators (KRI) exercises for monitoring and managing operational risk. KRIs are required to be established for operational risks to ensure the escalation of significant risk issues to appropriate management levels. Regular reviews should be carried out by internal audit, or other qualified parties, to analyze the control environment and test the effectiveness of implemented controls, thereby ensuring business operations are conducted in a controlled manner. Operational risk management function should then monitor the quantitative/ qualitative aspects periodically and advise the senior management on the potential risks which may arise i.e. ring early warning bells. To cope with the challenge of creating consistent and workable processes for managing operational risks, the banks should adopt a risk management culture that emphasizes at all levels the importance of managing risk as part of each individual's daily activities. Staff and managers should instinctively look for risks and consider their impacts when making effective operational decisions. An effective monitoring process is essential for adequate management of operational risk. Regular monitoring would allow quick detection and correctness of deficiencies in the policies, processes and procedures for managing operational risk. Prompt detection and solution of these deficiencies can substantially reduce the potential frequency and severity of a loss. Hence we conclude that without anticipation and proper planning of the situation beforehand, Islamic banks would be left in deep lurch (without knowing what to do & what not to do) and probably left relying on artificial assistance from helpful entities. Only their vigilant stance can curtail non performing loans, reduce severity of operational risk events and lead to a superior quality of banking. Posted by Fahad at 05:06 AM | Comments (0) May 24, 2010 POINTERS: Musharakah Risk ManagementMusharakah
Credit Risk-Management Operational Risk Management Market Risk Management Liquidity Risk Management Example (COURTESY: Taken from "Handbook of Islamic Banking (2nd Edition)" to be published towards end of 2011, by Edward Elgar Publishers) Posted by Fahad at 12:28 PM | Comments (4) January 21, 2010 Islamic Banking Risk ManagementPosted by Fahad at 09:55 AM | Comments (0) January 16, 2010 About MyselfI have an MBA from Bradford University (UK) and BSc (Hons) Business Information System & IT Middlesex University (UK). I also have a Certificate Financial Risk Management in EU Banking from ESC Toulouse (France) and a Certificate in Islamic Banking from State Bank of Pakistan (Pakistan). Currently, I am working as Chief Risk Officer at a medium sized commercial bank. I am also the Co-Regional Director PRMIA Lahore/ Islamabad. Posted by Fahad at 08:47 AM | Comments (6) |
 Categories
ArchivesRecent Entries |
