qwertyuiopasdfghjklzxcvbn

mqwertyuiopasdfghjklzxcv
bnmqwertyuiopasdfghjklzx
cvbnmqwertyuiopasdfghjkl
Islamic Banking and Finance
Risk Management in Islamic Banking
zxcvbnmqwertyuiopasdfghj
klzxcvbnmqwertyuiopasdfg
By: Urooj Fatima
Rimsha Chawla
Komal Rehman

hjklzxcvbnmqwertyuiopasd
Nimra Rehman
Uzair Naveed

fghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbnmqwertyuio
pasdfghjklzxcvbnmqwertyu
iopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwe
rtyuiopasdfghjklzxcvbnmq
wertyuiopasdfghjklzxcvbn
mqwertyuiopasdfghjklzxcv
bnmqwertyuiopasdfghjklzx
cvbnmqwertyuiopasdfghjkl
Risk Management in Islamic Banking
Types of Risks
Types of risks common in Islamic and Conventional Banking
1. Credit risk: The potential that counterparty fails to meet its obligations in accordance with
agreed terms and conditions of a credit-related contract. The credit risk is not limited only on
the failure of repaying the loan but includes also the delay of paying it.
2. Market risk: The potential impact of adverse price movements, such as benchmark rates,
foreign exchange rates, equity prices, on the economic value of an asset.
3. Liquidity risk: The potential loss arising from the Bank’s inability either to meet its obligations
or to fund increases in assets as they fall due without incurring unacceptable costs or losses.
4. Operational risk: The potential loss resulting from inadequate or failed internal processes,
people and system or external events - ‘BCBS (Basel Committee on Banking Supervision)
definition’

Types of risks unique in Islamic Banking

1. Shariah noncompliance risk: The risk of loss that arises from the failure of the IBs to comply
with the Shariah rules and principles determined by the Shariah board or the relevant body in
the jurisdiction in which the IB operates. (IFSB definition)
2. Rate of return risk: The potential impact on the returns caused by unexpected change in the
rate of returns.
3. Displaced Commercial risk: The risk that the bank may confront commercial pressure to pay
returns that exceed the rate that has been earned on its assets financed by investment account
holders. The bank foregoes part or its entire share of profit in order to retain its fund providers
and dissuade them from withdrawing their funds.
4. Equity Investment risk: The risk arising from entering into a partnership for the purpose of
undertaking or participating in a particular financing or general business activity as described in
the contract, and in which the provider of finance shares in the business risk. This risk is relevant
under Mudarabah and Musharakah contracts.
5. Inventory risk: Risk arising from holding items in inventory either for resale under a Murabahah
contract, or with a view to leasing under the ijarah contract.

Nature of Risks in Islamic Banks

All businesses including financial institutions face risk and uncertainty. However, Islamic banking faces
some special kinds of risks given their nature of activities. Amongst common risks, the degree and
intensity vary between Islamic banks and commercial banks due to unique business nature of Islamic
banks. For instance, the conventional banks face market risk in the trading book transactions only
whereas Islamic banks face market risk in both banking and trading books transactions, which make
them different in applying, however they are similar in meaning in both of them.
SBP and IFSB Risk Management Guidelines for IBIs/IIFS’
General Requirement:
Principle 1: IIFS/ IBIs shall have in place a comprehensive risk management and reporting process,
including appropriate board and senior management oversight, to identify, measure, monitor, report
and control relevant categories of risks and, where appropriate, to hold adequate capital against these
risks. The process shall take into account appropriate steps to comply with Sharī`ah rules and principles
and to ensure the adequacy of relevant risk reporting to the supervisory authority.

Risk Management Process

This process requires the implementation of appropriate policies, limits, procedures and effective
management information systems (MIS) for internal risk reporting and decision making that are
commensurate with the scope, complexity and nature of IBIs’ activities.

Internal Controls: IBIs shall ensure that an adequate system of controls with appropriate checks and
balances is in place. Control reports should be prepared by independent department that will be
periodically submitted to board or senior management committee.

In addition to the above, following general requirements shall also be taken into account by the IBI.

a. Application of Emergency and Contingency Plan : The senior management shall draw up an
emergency and contingency plan, approved by the board of directors in order to be able to deal
with risks and problems, which may arise from unforeseen events.
b. Integration of Risk Management: This requires having a structure in place to look at risk
interrelationships across the organization. Such a setup could be in the form of a separate
department or bank’s Risk Management Committee could perform such function.
c. Risk Measurement: For each category of risk, IBIs are encouraged to establish systems/models
that quantify their risk profile.
d. Utilization: The IBIs should develop a mechanism, which should, to the possible extent, monitor
that funds provided by them were utilized for the purpose these were advanced.
e. Role of Finance Administration Department: It should be separated from finance origination
department. It should be among the responsibilities of Finance Administration Department to
monitor that the documents are obtained according to the requirement as specified in the
product.
f. Human Resource: IBI shall ensure that staff has been adequately trained regarding Shariah
principles and procedures.

o Rate of Return Risk and Displaced Commercial Risk:

IFSB defines the rate of return risk in Islamic banks, as it is the risk resulted from unknown return on an
investment made by IAH (investment account holder). Since IBIs’ responsibility is to manage their PLS
deposit holders’ expectations and their liabilities to current account holders, the rate of return risk is a
strategic risk issue forming part of IBIs’ balance sheet risk management. An increase in benchmark rates
may result in PLS deposit holders’ having expectations of a higher rate of return. Rate of return risk
differs from interest rate risk in that IBIs are concerned with the result of their investment activities at
the end of the investment-holding period. Such results cannot be pre-determined exactly (SBP).

IFSB considers Displaced Commercial risk as an exclusive type of risk in Islamic banks that arises in
consequence of rate of return risk since it results when Islamic banks is obliged to pay a return that
exceeds the rate that has been earned on assets financed by IAH. IBIs may decide to waive their rights
to part or their entire Mudarib share of profits in order to satisfy and retain their fund providers and
dissuade them from withdrawing their funds.

Rate of Return Risk Management:

IFSB has put some rules to help Islamic banks managing the rate of return risk:

1. Placing appropriate systems for identifying and measuring the factors, which give rise to rate of
return risk and undertake the analysis of risk exposures arising from their consolidated balance
sheet activities.
2. Employing techniques ranging from simple gapping analysis method to advance simulation or
dynamic approaches to assess future cash flow variability and net income. The estimates
derived from selected approaches may provide acceptable approximations of periodic future
earnings’ variability; hence, the outcomes will yield different levels of expected returns to IAH.
3. Cash flow forecasting for instruments and contracts where Islamic banks are required to
simulate and assess their behavioral maturity, underlying assumptions and parameters.
4. Employing balance sheet techniques to minimize their exposures using the following strategies;
a) Developing new Shariah-compliant instruments; and
b) Issuing securitization tranches of Shariah permissible assets.

Displaced Commercial Risk Management:

Islamic banks have in general two standard practices of retaining reserves to mitigate Displaced
commercial risk: the retention of the Profit Equalization Reserve (PER) and the Investment Risk Reserve
(IRR).

- Profit Equalization Reserve (PER): is the amount appropriated by IIFS out of their gross income,
before allocating the Mudārib share, in order to maintain a certain level of return on investment
for IAH and increase owners’ equity.
- Investment Risk Reserve (IRR): is the amount appropriated by Islamic banks out of income of
IAH, after allocating the Mudārib share, in order to cushion the effects of the risk of future
investment losses on IAH.

IFSB has assigned standards for managing the displaced commercial risk:

1. Islamic banks shall have in place a policy and framework for managing the expectations of their
shareholders and IAH. Where market rates of returns of competitors’ IAH are higher than those
of IIFSs’ IAH, the Islamic banks will evaluate the nature and extent of the expectations of their
IAHs and assess the amount of the gap between competitors’ rates and their own IAHs’
expected rates.
 2. Islamic banks have to develop an appropriate level of the balances of PER (price to earnings
ratio), taking into consideration the essential function, to mitigate displaced commercial risk.
Some IIFS maintain the proportion relating to IAH in this reserve within the IAH equity, with the
purpose of smoothing returns to IAH, and in particular, to enhance their returns if these are
below those of competitors. This implies that there will be years in which the balance of this
reserve will be increased, and others in which it will be depleted.

o Equity Investment Risk Management

It is the risk arising from entering into a partnership under Mudarabah or Musharakah Contract for the
purpose of financing or general business activity. The characteristics of such equity investments include
considerations as to the quality of the partner, underlying business activities and ongoing operational
matters. By nature, this type of equity investment is exposed to a confluence of risks associated with
Muḍārib or Mushārakah partner, business activity and operations.

The IFSB have defined three main principles for managing the equity investment risk:

First; in terms of risk management strategies and reporting process :

1. define and set the objectives of, and criteria for, investments using profit sharing instruments,
including the types of investment, tolerance for risk, expected returns and desired holding
periods. For example, a Musharakah structure may contain an option for redemption whereby
the IIFS as financiers have a contractual right to require their partner periodically to purchase,
under a separate contract, a proportion of the Islamic bank’s share in the investment at net
asset value or, if the contract so specifies on some agreed basis (Diminishing Musharakah).
2. monitor continuously the performance and operations of the entity in which Islamic banks
invest as partners. These should include evaluation of Sharī`ah compliance, adequate financial
reporting by, and periodical meetings with, partners and proper recordkeeping of these
meetings.
3. Islamic banks shall analyze and determine possible factors affecting the expected volume and
timing of cash flows for both returns and capital gains arising from equity investments.

Second; in terms of valuation methodologies:

1. Islamic banks shall agree with the Mudārib and/or Musharakah partners, before entering into
any agreement, on the appropriate valuation methods and periods for which the profit is to be
calculated and allocated taking into account market practices and liquidity features.
2. Islamic banks shall assess and take measures to deal with the risks associated with potential
manipulation of reported results leading to overstatements or understatements of partnership
earnings.
3. Islamic banks may agree with the Mudārib and/or Musharakah partners to engage independent
parties where necessary to carry out audits and valuations of the investments.

Third; Strategies for extension or redemption:

1. Islamic banks shall establish the criteria for exit strategies, including the redemption of equity
investments and the divestiture of under-performing investments. The criteria may include
 alternative exit routes and the timing of exit. In case of losses where improved business
prospects exist, Islamic banks may indicate an investment extension period. Islamic banks’
expectations should be based on their assessment that there are plausible grounds for believing
that there will be a business turnaround during the period resulting in the view that the
investment will, in time, recover and yield profits.
2. Islamic banks shall recognize that, as a going concern, an investee may not always have the
liquidity necessary to enable making profit distributions. Hence, Islamic banks shall agree with
the investment partner the methods for the treatment of retained profits by the investee.

o Operational Risk Management

IBIs /IIFS are exposed to risks arising from failures in their internal controls involving processes, people
and systems. IBIs are also exposed to reputational risk arising from failures in governance, business
strategy and process.

Shariah Non Compliance Risk

Shariah non-compliance risk is the risk that arises from IBIs’ failure to comply with the Shariah rules and
principles prescribed by State Bank of Pakistan and Shariah Advisor of the IBIs. Shariah compliance is
critical to IBIs’ operations and such compliance requirements must permeate throughout the
organisation and their products and activities. As a majority of the fund providers uses Shariah-
compliant banking services as a matter of principle, their perception regarding IBIs’ compliance with
Shariah rules and principles is of great importance to sustainability of IBIs. In this regard, Shariah
compliance is considered as falling within a higher priority category in relation to other identified risks.

SBP and IFSB have set out some principles for operational risk mitigation as following:

1. IBIs shall undertake a Shariah compliance review at least annually, performed either by a
separate Shariah audit department or as part of the existing internal audit function by persons
having the required knowledge and expertise for the purpose. The objective is to ensure that (a)
the nature of the IBIs’s financing and equity investment and (b) their operations are executed in
adherence to the applicable Shariah rules and principles as per the fatwa, policies and
procedures approved by the IBIs’s Shariah Advisor.
2. IBIs shall keep track of income not recognized arising out of Shariah non-compliance and assess
the probability of similar cases arising in the future. Based on historical reviews and potential
areas of Shariah non-compliance, the IBIs may assess potential profits that cannot be recognized
as eligible IBIs’ profits.
3. IBIs’ can hedge part of their operational risk if needed.
4. Risk assessment, monitoring, and management including periodic reviews, stress testing, and
allocation of appropriate amount of economic capital.
5. Establish Business Contingency plans.
6. The internal auditors play an important role in mitigating operational risk – establish adequate
internal controls make sure that reporting systems are consistent.
 o Market Risk Management
Market risk is defined as the risk of losses in on- and off-balance sheet positions arising from movements
in market prices i.e. fluctuations in values in tradable, marketable or leaseable assets (including sukuk)
and in off-balance sheet individual portfolios.

Sub categories:
o Mark up/ Rate of Return Risk
o Foreign Exchange/Currency Risk
a) Currency Mismatch Risk: Mismatch in assets and liabilities due to devaluation or
appreciation of a currency.
b) Currency Rate Risk: Changes/fluctuations in currency rates.
o Price Change Risk
a) Equity Investment Risk
b) Inventory Risk
c) Commodity Risk: Fluctuations in commodity prices
d) Leased Asset Value Risk: In case of operating ijarah, the fall in the residual value of the
leased asset at the termination.

With respect to manage these sources of market risks:

1. There should be middle office to perform market risk management function and to
independently monitor, measure and analyze risks inherent in treasury operations of Islamic
Banks.
2. Islamic Banks shall develop a market risk strategy including the level of acceptable market risk
appetite taking into account of contractual agreements with fund providers, types of risk-taking
activities and target markets in order to maximize returns while keeping exposures at or below
the pre-determined levels.
3. The strategy should be reviewed periodically by appropriate level of senior management,
communicated to relevant staff and disclosed to fund providers.
4. In the valuation of assets where no direct market prices are available, Islamic banks shall
incorporate in their own product programs a detailed approach to valuing their market risk
positions. Islamic banks may employ appropriate forecasting techniques to assess the potential
value of these assets.
5. Where available valuation methodologies are deficient, Islamic banks shall assess the need
a) to allocate funds to cover risks resulting from illiquidity, new assets and uncertainty in
assumptions underlying valuation and realization;
b) to establish a contractual agreement with the counterparty specifying the methods to
be used in valuing the assets.

o Liquidity Risk Management

The potential that counterparty fails to meet its obligations in accordance with agreed terms and
conditions of a credit-related contract. The credit risk is not limited only on the failure of repaying the
loan but includes also the delay of paying it. Liquidity risk can be categorized into two major types;
Funding and Market liquidity risk.
Funding liquidity risk is the risk that an Islamic banking will not be able to meet efficiently both its
expected and unexpected current and future cash flow and collateral needs without affecting either
daily operations or the financial condition of the Islamic banking. Market liquidity risk is the risk that an
IIFS cannot easily offset or eliminate a position at the market price because of inadequate market depth
or market disruption.

Liquidity risk sensitivity in Islamic banks:

Liquidity risk is one of the most critical risks facing Islamic banks. IFSB specify the following reasons that
act as a critical factor in managing liquidity risks in Islamic banks:

a. Limited availability of a Shariah-compatible money market and intra bank Market is the leading
cause of liquidity risk. Prohibition by Shariah law from borrowing based on interest in case of
need and the absence of an active interbank money market have restricted Islamic banks’
options to manage their liquidity positions efficiently.
b. Shallow secondary markets are another source of liquidity risk. The Financial instruments that
can be traded in the secondary market are limited such as conventional bonds and T-bill that is
commonly used in the conventional banks, and the Shariah imposes certain limitations on the
trading of financial claims, unless such claims are linked to a real asset. Therefore, there is a
need to develop asset backed tradable securities, known as sukuk. Even where instruments are
available, the number of market participants is limited. Typical avenues of liquidity management
available to conventional Banks-the interbank market, secondary market for debt instruments,
and discount windows from the lender of last resort (central bank) are all considered as based
on Riba (interest) and, therefore, are not acceptable. Conventional banks have access to
borrowing with overnight to extended short-term maturity through well-developed and efficient
interbank markets. This access is vital for meeting the institution’s need for short-term cash
flow.
c. Certain characteristics of some Islamic instruments give rise to liquidity risks for Islamic banks.
For example, liquidity becomes a problem given the cancellation risks in murabahah or the
inability to trade murabahah or bay’ al salaam contracts, which can be traded only at par
.Islamic banks hold a considerable proportion of funds as demand deposits in current accounts,
and these can be withdrawn at any time. Banks guarantee repayment of the principal deposited,
and account holders do not have rights to a share in the profits. Some Islamic banks invest only
a small fraction of the current account holders’ funds and, in the absence of liquid short-term
instruments, maintain a high level of idle cash.

There is a strong interactions between funding and market liquidity risk, thus in order to meet the
shortfall in funding liquidity, an Islamic banks can opt to sell its assets in the Islamic money market. In
this way, funding liquidity risk is mitigated through raising cash by the selling of assets. Insufficient
market depth – due to the lack of an adequate number of players, as well as the insufficient quantity
and volume of instruments in the market – can make it difficult for an Islamic bank to generate cash by
selling assets, thus contributing to an increased funding liquidity risk.

On the other side Liquidity needs is determined by the difference between the inflows and outflows in
each period ( i.e. the excess or deficit of funds) provides a starting point from which to measure a bank’s
future liquidity excess or shortfall at any given time. Once its liquidity needs have been determined, the
bank must decide how to fulfill them, a bank may increase its liquidity through asset management,
liability management, or (and most frequently) a combination of both.

Risk Management: In practice, a bank may meet its liquidity needs by disposing of liquid assets or assets
that are nearly liquid, such as assets in the trading portfolio. Under liability management, this can be
achieved by increasing short-term borrowings or short-term deposit liabilities, by increasing the
maturity of liabilities, and ultimately by increasing capital. However, for Islamic Banks there are some
major elements to be taken into account in managing the liquidity risk:

1. Cashflows have to be categorized according to the types of products i.e.

a. Known cash flows - the maturities and the amounts are known in advance. This category
includes receivables from Murabahah, Ijarah, and Diminishing Musharakah.
b. Conditional but predictable cash flows – (as in Salam, Istisnah and dimensioning
musharakah) conditionality is defined in terms of the type of contract or performance of
work based on the agreed terms and conditions over an agreed period.
c. Conditional and unpredictable cash flows - are related to equity participations by the Islamic
banks where the recovery of invested capital and possible levels of return on investment are
conditional on the financial results of the activity in which the funds are invested, as in
Musharakah and Mudarabah.
2. For measuring liquidity risk, an Islamic bank should utilize a range of measurement techniques,
time horizons and levels of granularity. Depending upon the nature, size and complexity of
operations of an Islamic banks, The most widely used tool for measuring and monitoring
liquidity risk in the Islamic banks has been the cash-flow mismatch/maturity gap for calculating
the net funding requirement, which is based on an estimation of the amount and timing of
future cash flows with respect to contractual or expected maturity. A minority of Islamic banks
also utilize more sophisticated modeling techniques, such as static simulations, value at risk,
liquidity at risk and others. As a starting point, proforma cash-flow statements are an important
tool for adequately measuring and projecting the liquidity risk.
3. The maturity gap approach helps the Islamic banks to address the net funding requirement in
each time horizon. The analysis of net funding requirements involves the construction of a
maturity ladder and the calculation of a cumulative net excess or deficit in funding at a series of
points in time. For calculating net funding requirements, the Islamic banks should analyze
prospective cash flows based on assumptions of the future behavior of assets liabilities and off-
balance sheet items listed above in the categorization of cash flow, and then calculate the
cumulative net excess or shortfall over the time frame. For example, if there is a significant
funding requirement two months from now, an Islamic bank may choose to acquire an asset
maturing on that day, or seek to renew or roll over a liability. It is more difficult to offset a large
gap as it gets closer.
4. As fiduciary agents, the IBIs are concerned with matching their investment policies with risk
appetites of PLS deposit holders and shareholders. If these investment policies are not
consistent with the expectations and risk appetites of PLS deposit holders, the latter may
withdraw their funds leading to a liquidity crisis for the IBIs. This applies particularly to PLS
deposit holders.
5. Due to IBIs’ dual role in meeting their obligations to current account holders and managing the
expectations of their PLS deposit holders, the IBIs should make periodical cash-flow analyses
 under various market scenarios and conditions. The scenarios may vary, depending on local
market conditions, and may be based on, i) a “normal” operating environment (for example a
steady state condition); and ii) scenarios of adverse circumstances (for example non-linear
events and chaotic conditions). For example:
a. The analysis shall include assumptions about the repayment of invested capital
to the PLS deposit holders.
b. The scenarios shall be based on relevant assumptions based on factors affecting
the IBIs’ on- and off-balance sheet exposures. Liquidity levels and early
withdrawal profiles computed under these scenarios will be back-tested
periodically to validate the underlying assumptions of the measurement
process.
c. In analyses based on behavioural assumptions and scenarios, IBIs will assess and
apply the liquidity measures that reflect the specificities of each portfolio.
6. By issuing securitization tranches of Shariah permissible assets.
7. Possible liquidity arrangements with the central bank (on an interest-free basis).

o Credit Risk Management

The potential that counterparty fails to meet its obligations in accordance with agreed terms and
conditions of a credit-related contract. The credit risk is not limited only on the failure of repaying the
loan but includes also the delay of paying it.

Generally credit risk management for Islamic banks is complicated further by additional externalities.
Especially in the case of default by the counterparty, Islamic banks are prohibited from charging any
accrued interest or imposing any penalty, except in the case of deliberate procrastination. Clients may
take advantage by delaying payment, knowing that the bank will not charge a penalty or require extra
payments. During the delay, the bank’s capital is stuck in a nonproductive activity and the bank’s
investors-depositors are not earning any income.

The following premises relate to the sound processes of credit risk management in IBIs:

a. Due to the unique characteristics of each financing instrument, such as the non-binding
nature of some contracts, the commencement stage involving credit risk varies. Therefore,
credit risk shall be assessed separately for each financing instrument to facilitate
appropriate internal controls and risk management systems.
b. IBIs will consider other types of risks that give rise to credit risk. For example, during the
contract life, the risk inherent in a Murabahah contract is transformed from market risk to
credit risk. In another example, the invested capital in a Mudarabah or Musharakah
contract will be transformed to debt in case of proven negligence or misconduct of the
Mudarib or the Musharakah’s managing partner.
c. Using collateral and pledges as security against credit risk is a common practice among all
Islamic banks. However, posting collateral as security is not without difficulties, especially in
emerging markets. Typical problems include illiquidity of the collateral or inability of the
bank to sell the collateral, difficulties in determining the fair market value on a periodic
basis, and legal hindrances and obstacles in taking possession of the collateral. These
 fluctuations in the price/value of the collateral are the ‘indirect commodity risk’ for Islamic
Banks. Therefore, IBIs need to keep a close eye on the value of the collateral as well (this is
included in the off-balance sheet activities).
d. IBIs shall carry out a due diligence and credit review in respect of counterparties
(retail/consumer, corporate or sovereign) prior to deciding on the choice of an appropriate
Islamic financing instrument. The Banks usually do make models to assess the profile of a
counterparty. Based on these models, the banks also allocate credit ratings (called ‘score
card’) to each of its customer/partner.

Risk Management Framework of Different Islamic

Banks:
Meezan Bank

Islamic Banking Department of the State Bank of Pakistan works under its Shariah Board, which
comprises of renowned and reputed Shariah Scholars including Justice (R) Mufti Muhammad Taqi
Usmani, Mufti Muhammad Zubair Usmani and Dr. Muhammad Qaseem. Some of the key regulations
under which Islamic Banking industry operates are:

■ Shari’ah Governance Framework for Islamic Banking Institutions – 2015

■ Instructions for Profit & Loss Distribution and Pool Management for Islamic Banking Institutions –
2012
■ Guidelines on Islamic Financing for Agriculture – 2008
■ Risk Management Guidelines for Islamic Banking Institutions – 2008
■ Guidelines for Islamic Microfinance Business by Financial Institutions – 2007
■ Six AAOIFI standards adopted by State Bank of Pakistan. AAOIFI is the premier standard setting
organization for Islamic Financial Institutions globally

Role of Shariah Supervisory Board

The Shariah Supervisory Board (SSB) is entrusted with the duty of directing, reviewing and supervising
the activities of the Bank in order to ensure that they are in compliance with the rules and principles of
Shariah. All products and services of the Bank are launched with the approval of the Shariah Supervisory
Board whose roles also entail the following:

 To develop a comprehensive Shariah-compliance framework for all areas of operations of the

Bank that serves as a guiding principle to the Bank for maintaining its commitments towards
adherence to principles of Shariah.
 Ensure Shariah-compliance of all aspects of the Bank by virtue of having unhindered access to all
books of accounts, records and documents.
 Guide and direct the Bank through rigorous deliberation on issues placed before the Shariah
Supervisory Board.
 Monitor the Shariah-compliance of the Bank through Shariah Audit and Shariah-compliance
reviews and prescribe appropriate enforcements whenever needed.
Materiality Approach

While managing various Meezan Bank continued to explore opportunities to achieve its
risks, the Bank also focuses strategic objectives while ensuring proper risk mitigates and controls
on materiality concept. in place. Under the overall supervision of the Board of Directors and
Resources are diversified to Shariah Supervisory Board, various business units of the Bank
medium to high risky areas continued to explore new business opportunities in close coordination
while minor risks are with Risk Management, Compliance, PDSC,Information Technology
typically managed through and Operations departments, keeping in mind the risk appetite of the
transfer and outsourcing Bank. New business opportunities are supported through state of the
strategy. The Bank manages art data centre, successful implementation of new version of core
all its critical operations on banking system, broad spectrum of alternate distribution channels
its own. The Bank defines its with enhanced security environment, increased focus on personalized
risk appetite at the level of banking and high standards of service quality. While searching for
risk it is prepared to take new business opportunities and improving its internal processes, the
while pursuing its business Bank is fully cognizant of strategic, Shariah non-compliance,
strategy recognizing a range regulatory and reputational risks as well as risks arising from people,
of possible outcomes as processes, systems and external events. Risk management in banking
business plans are has been transformed over the past decade, largely in response to
implemented. Meezan regulations that emerged from the global financial crisis, technological
Bank’s risk appetite is innovations and cyber crimes. The Bank continuously improves upon
expressed both in qualitative its Risk Management Framework established by the Board of
and quantitative terms to Directors by enhancing oversight by the Board, its Board Risk
allow tracking of Management Committee and Management Committees. The Bank
performance in line with implements an entity wide ‘Three Lines of Defence” model for risk
strategic plan, business management. Business lines/ front offices serve as first line of defence
environment and and are primarily responsible for managing risks on day-to-day basis.
expectations of Risk management and other control functions being the second line of
stakeholders. The Bank defence are responsible for assisting business lines for designing and
emphasizes on diversified implementing adequate controls to manage risks. The internal audit
risk assessment tools and function is responsible for providing independent assurance on
techniques and risk adequacy of Bank’s risk management environment. The Bank
mitigates to better deal with vigorously improves upon its risk policies, procedural manuals,
the opportunities that it systems, tools and techniques, management information systems and
comes across. Integrated human resources capacity. The Bank has enhanced its collaboration
efforts help the Bank in with solution providers for strengthening its control profile. Risk
significantly expanding its management tools help the Bank in identification, assessment,
deposit base, financing reporting and management of both conventional risks and risks
portfolio and branch peculiar to Meezan Bank. Further, these tools are subject to continual
network without exposing development and refinement. Risk Management strategies for various
itself to unwarranted risks. risk types and business continuity plan and IT disaster recovery
The Bank will continue to arrangements are also in place to mitigate actual and potential risks.
explore new business
opportunities coupled with
proper risk mitigants and
controls to serve its
widening customer base
Insha’Allah.
This enables the transformation of Bank’s risk management methodology from being ‘crisis fighters’ to
‘proactive and systematic risk managers’.

Business Continuity Plan

The Business Continuity Management (BCM) is a life cycle with the objective of ensuring organizational
resilience during crisis situations. In Meezan Bank the business continuity is managed at strategic,
tactical and operational level. It involves documented plans and effective decision making, coordinated
efforts and operational continuity. The Bank has in place a comprehensive business continuity
framework with clear set of governance structure, business continuity and information technology
disaster recovery plans, clearly defined roles and responsibilities of individuals and teams for disaster
response, recovery, resumption and restoration of activities to a pre-defined level of operation following
disruption. The BCM program is in line with the guidelines issued by the regulator and industry
standards and is subject to periodic reviews. It sets out the agreed arrangements for bringing disaster
events under control and ensures availability of necessary resources for maintaining critical business
functions. Having a BCM framework in place helps the Bank to ensure safety of human resources,
protection of critical assets and resumption of mission critical activities from alternate processing site(s)
in case the primary site(s) are not accessible or available. In Meezan Bank, the first priority is always to
ensure the safety of human life in case of any disaster. Detailed business continuity including
information disaster recovery plans have been established with the approval of the Board of Directors.
The Bank has also established Alternate Processing Sites at three different locations within Karachi with
the overall objective to ensure resumption of Mission Critical Activities (MCAs) in case of disaster. IT
disaster recovery is managed from Islamabad. The Bank’s BCM team continuously strives to improve
upon business continuity preparedness of the Bank. During the year, the Bank continued testing the
effectiveness of business continuity arrangements through periodic drills, performance of critical
operations from alternate sites, information technology disaster management activities as well as
evacuation exercises. Branch evacuation procedures have been further refined and emergency response
teams have been streamlined. The Bank conducted evacuation drills for its entire branch network that
enables the Bank to test the resilience against unforeseen hazardous eventualities. Outcomes of drills
are documented and necessary improvements are an on-going process. This strengthens the confidence
of stakeholders regarding the availability of products and services under stress scenarios and embeds
business continuity within the organizational culture of the Bank.

Risk Management Framework

Risk Management Framework in Meezan Bank encompasses sound governance and organizational
structure, policy & procedural framework, risk assessment techniques, tools, systems and reporting
structure closely aligned with the Bank’s strategy set by its Board of Directors and commensurate with
size of the Bank. The Bank implements an entity wide ‘Three Lines of Defence’ model for risk
management. Business lines / front offices serve as first line of defence and are primarily responsible for
managing risks on day-to-day basis. Risk management and other control functions being the second line
of defence are responsible for assisting business lines for designing and implementing adequate controls
to manage risks. The internal audit function is responsible for providing independent assurance on
adequacy of Bank’s risk management environment. Risk Management activities broadly take place
simultaneously at different hierarchy levels i.e. strategic, macro and micro. The overall responsibility for
risk management rests with the Board of Directors and it has constituted Board Risk Management
Committee comprising of Board members with clear terms of reference. Under the guidance of the
Board, the scope of Risk Management Group (RMG) has been continuously refined since its inception,
mainly focusing on establishing & improving upon risk management policies, procedural manuals, limit
structure, systems and controls. It also includes risk assessment techniques, periodic monitoring,
multilevel reporting of risk profile, generating early warning signals and enhancing level of awareness
about risk management principles and practices at all levels of the organization. These developments
are in line with applicable Shariah guidelines, regulatory framework including but not limited to Basel
accord, industry benchmarks and nature of Bank’s businesses. Specialized committees comprising of
senior management team members with relevant experience and expertise perform their functions a
per their approved terms of reference so as to ensure that risk exposures are within tolerable level and
in line with strategic and business goals. The committees include:

1. Credit Risk Management Committee (CRMC)

2. Asset Liability Management Committee (ALCO)
3. Compliance & Operational Risk Management Committee (CORMC)

The CRMC ensures that credit risk activities are in line with approved policies, regulatory requirements,
Bank’s risk appetite and industry norms. Credit Committee, the sub-committee of CRMC is the highest
level body for approval of financing transactions. ALCO reviews market, liquidity and country risk
exposures, assets and liabilities mix and maturity profile, sets pricing and takes decisions for sound
liquidity management. The Bank has established the Compliance and Operational Risk Management
Committee (CORMC) replacing Internal Controls & Operational Risk Management Committee (ICORC)
that will focus on compliance risk issues in addition to operational risk and control issues previously
covered under ICORC. The Committee will also facilitate in implementation of compliance program and
oversee money laundering and financing terrorism risk. Credit risk is being managed through
comprehensive financing policies and detailed procedures, well-defined credit approval mechanism,
prudently delegated financing approval authorities, optimal risk-reward trade off, concentration limits,
adequate collateral coverage, documentation and hindsight reviews. Growth in financing is ensured
while focusing on comprehensive risk analysis, portfolio diversification and improved turnaround time.
The Bank conducts stress testing for credit, market, liquidity and operational risk by applying various
shocks under different scenarios. Market risk is managed through the Board approved market risk
policy; approval of market risk limits, counterparty and dealer limits and regular review and monitoring
of the investment portfolio by the Bank’s ALCO. The Bank applies value at risk techniques for market risk
measurement. Day-to-day liquidity management is done through cash flow matching, bank placements,
deposit mix, meeting regulatory reserve requirement and maintaining adequate liquid assets. Further,
the Bank has also implemented the SBP Basel Liquidity guidelines which also strengthen the liquidity risk
framework. Country risk exposures are managed through policy parameters and limits establishment.
Contingency funding plan is in place to address liquidity management in times of crisis situations.
Operational risk is managed through standing operating procedures, deployment of necessary human
resources, training and development, segregation of duties, strengthening maker and checker and
approving mechanism, risk indicators, system based reports, business continuity and disaster recovery
plans. Under RMG, capacity building both in terms of hiring of additional fresh and experienced human
resources and participation in variety of training and development program is a continuous process. Full-
fledged credit risk function caters corporate, investment banking, commercial & SME, agriculture and
consumer business segments. The coverage of RMG in credit assessment of individual and group
customers has been enhanced through four-eye principle, limits structuring and deployment of risk
officers in the field. During the year, the Bank automated its financing approval process by implementing
“Financing Origination System” for corporate and commercial customers. Enterprise Risk Management
(ERM) setup is in place under RMG catering market, liquidity, financial institutions, operational, business
continuity risks, Basel implementation, hindsight reviews of financing cases, their monitoring and risks
related policy framework. The role of ERM has been closely integrated into formulating capital strategy
of the Bank. The role of market risk function in monitoring of treasury activities has been strengthened
with limits structuring, their monitoring, reporting and system improvements. Operational losses
reporting, risk and control self-assessment, enhanced coverage of key risk indicators and improvements
in processes through risk identification, mitigates and awareness sessions reflects upon continuous
improvements in operational risk management framework. Coverage of business continuity plans has
been further strengthened at branch level by conducting evacuation drills. Enhanced coverage of
information reports from risk perspective, close coordination with other stakeholders to view risk profile
at enterprise level and risk modules will further strengthen the role of RMG in identification,
assessment, reporting and managing risks.

Shariah Audit & Islamic Financial Advisory

Shariah Audit
Meezan Bank has a dedicated and independent Shariah Audit function in place to ensure that all its
operations are carried out in compliance with Shariah rules and principles as prescribed by the Shariah
Supervisory Board, Resident Shariah Board Member (RSBM) and State Bank of Pakistan, as well as to
ensurethat a robust Shariah control system is in place and is working effectively. To ensure efficiency of
Shariah controls, the Shariah Audit function focuses on the following areas:

■ Evaluation and assessment of Shariah control systems that are in place

■ Eradication of non-Shariah-compliant income, if any, and identification of Shariah-compliant returns

■ Support bank’s staff in learning, developing and refining Shariah skills as a tool to mitigate Shariah
non-compliance risk

■ Conducting on-site sessions with staff members to enhance their Islamic banking knowledge; training
sessions on ‘How to improve Shariah Audit Rating’ are also conducted as a hand-holding activity at
branches across the country

■ Evaluation of Treasury operations on an ongoing basis to assist Treasury in ensuring Shariah

compliance in their day to day operations

■ Conducting audits of pool management, profit calculation and distribution process in order to ensure
Shariah-compliance as well as to protect depositor’s rights as ‘Rab-ul-maal’

■ Continuously improving the quality of Shariah reviews and audits by the way of introducing new risk-
based evaluation methodologies and models for assessing bank’s activities

■ Implementation of Quality Assurance and review so as to bring best practices and standardization to
Shariah Audit activities.
Dubai Islamic Bank
RISK FRAMEWORK
The Bank’s Risk management framework is based on three pillars; (a) Risk Principles and Strategies, (b)
Organizational Structures and Procedures and (c) Prudent Risk Measurement and Monitoring Processes
which are closely aligned with the activities of the Bank so as to give maximum value to the shareholders
while ensuring that risks are kept within an acceptable level / risk appetite. Credit risk arises from the
potential that an obligor is either unwilling to perform on an obligation or its ability to perform such
obligation is impaired resulting in economic loss to the Bank. The credit risk arises mainly from both
direct financing activities as well as contingent liabilities. The objective of credit risk management
framework / policies for the Bank is to achieve sustainable and superior risk versus reward performance
whilst maintaining credit risk exposure in line with the approved risk appetite. The Bank has adopted
Standardised Approach for calculation of capital charge against credit risk. Therefore, risk weights for
the credit risk related assets (on-balance sheet and off-balance sheet - market and non-market related
exposures) are assigned taking into consideration external rating(s) of counterparty(s) for the purpose of
calculating Risk Weighted Assets. The Board determines the overall risk appetite and philosophy for the
Bank. The overall risk is monitored by the Board Risk Monitoring Committee (BRMC). The terms of
reference of BRMC have been approved by the Board. Various Management Committees such as Risk
Management Committee (RMC), Operational Risk Management Committee (ORMC), Management
Credit Committee (MCC) and Asset and Liability Committee (ALCO) support these goals. The Chief
Executive Officer (CEO) and Chief Risk Officer (CRO), in close coordination with all business / support
functions, ensure that the Risk Management Framework approved by the Board is implemented in true
spirit and risk limits are communicated and adhered for quantifiable risks by those who accept risks on
behalf of the organization. Further, they also ensure that the non-quantifiable risks are communicated
as guidelines and adhered to in management business decisions.

Al Baraka Bank
Risk Management
The Board through its sub- committee called BRC regularly monitors the bank’s risk profile. The Risk
Management Department (RMD) is the organizational arm performing the functions of identifying,
measuring, monitoring and controlling the various risks and assists the apex level committee and the
various sub- committees in conversion of policies into action. The BRC comprises of Executive and non-
Executive Directors and the Chief Risk Officer. One of the non-Executive Directors chairs the BRC, who is
responsible for planning, management and control of the aforementioned risks of the Bank.

Sub Committees:

- Credit Committee
- Asset and Liability Management committee (ALCO)
- Audit Committee

Credit Committee is responsible for approving and monitoring all financing transactions and the overall
quality of the asset portfolio. For this purpose, it has formulated credit policy to effectively monitor the
risk profile of the bank’s asset portfolio and to ensure strict adherence to the SBP’s Prudential
Regulations, Banking Companies Ordinance, 1962 and any other regulatory requirement.

ALCO has the responsibility for the formulation of overall strategy and oversight of the assets liability
management function. ALCO monitors the maintenance of the liquidity ratios, depositor’s concentration
both in terms of overall funding mix and avoidance of reliance on large deposits. The Board have
approved a comprehensive liquidity management policy.

The Audit Committee works to ensure that the best practices of the code of Corporate Governance and
other policies and procedures are being complied with.