Special Issue

Contents

CORPORATE GOVERNANCE FOR ISLAMIC BANKING 1

SUSTAINABILITY AND CAUX ROUND TABLE PRINCIPLES
Khaliq Ahmad

DISPUTE RESOLUTION MECHANISMS IN THE ISLAMIC FINANCE 19

INDUSTRY IN MALAYSIA: TOWARDS A LEGAL FRAMEWORK
Engku Rabiah Adawiah Engku Ali, Umar A. Oseni,
Adewale Abideen Adeyemi, Nor Razinah Binti Mohd. Zain

REPLICATION OF SHORT SELLING IN ISLAMIC FINANCE 41

Aznan Hasan
Sarfaraz Dawar Khan

SHARI’AH RISK MANAGEMENT FRAMEWORK 67

FOR ISLAMIC FINANCIAL INSTITUTIONS
Rusni Hassan

THE APPLICATION OF TANĀZUL AND ITS SHARĪ’AH ISSUES 87

IN EQUITY-BASED ṢUKŪK
Azman Mohd Noor, Muhamad Nasir Haron
Sri Zuraihan Mohammad

THE LEGAL AND BENEFICIAL OWNERSHIP CONUNDRUM 111

IN SOVEREIGN ṢUKŪK STRUCTURING
Umar A. Oseni

EMBEDDED OPTIONS AND THE ISSUE OF GHARAR: 149

EMPIRICAL EVIDENCE FROM MALAYSIA
Razali Haron

FOREIGN OWNERSHIP, EFFICIENCY AND SOLVENCY: 173

ANALYSIS OF TAKAFUL FIRMS IN THE GCC REGION
Adewale Abideen Adeyemi, Zarinah Hamid,
Asafa Adeyinka Dauda

ECONOMIC SECURITY REQUIRES MONETARY AND PRICE STABILITY: 205

ANALYSIS OF MALAYSIAN MACROECONOMIC AND CREDIT DATA
Adam Abdullah

SALE OF GOODS AND SALE OF DEBTS: 249

A COMPARATIVE ANALYSIS
Buerhan Saiti and Adam Abdullah

ISLAMIC COOPERATIVE: 273

AN ALTERNATIVE TO COMMERCIAL ISLAMIC BANKING
Richard Gerald Gonsalves
Salina Hj. Kassim

NOTES ON CONTRIBUTORS 293

 SHARI’AH RISK MANAGEMENT FRAMEWORK FOR
ISLAMIC FINANCIAL INSTITUTIONS

Rusni Hassan

Abstract
In addition to systematic and unsystematic risks faced by traditional
financial institutions, Islamic banks are widely exposed to Shari’ah
risks with regards to the needs for ensuring Shari’ah compliance of
its operational activities and financial products. In order to mitigate
these additional risks, IFIs are urged to establish a comprehensive
Shari’ah risks management tool that can help them to monitor their
banking, financing and investment activities in conformity with
Shari’ah principles and hence enhance their sustainability in the
long run. Therefore, the objective of this paper is to contribute to
discussion on the development of the Shari’ah risk management
framework for IFIs. This paper refers to Islamic primary sources of
knowledge, the Quran and hadith in scrutinizing the permissibility of
risk management practices by IFIs. The processes that take place in
Shari’ah risk management; (i) risk identification; (ii) risk
measurement and; (iii) risk monitoring/controlling are then
thoroughly discussed. This paper hopes to shed some light on the
importance of having a comprehensive standard of procedures in
performing Shari’ah risk management function.

Keywords: Shari’ah risks, Islamic risk management, shari’ah

compliance.

67
RUSNI HASSAN

1.0 Introduction
Having learnt from the recent global economic crisis that badly hit
financial institutions around the globe in 2008 and 2009, many
regulators, practitioners and researchers of banking industry have
conceded that an effective risk management is indeed essential to
sustaining business growth and profitability of the banks, be they
conventional or Islamic. Moreover, it was found that effective risk
management to be one of the significant factors influencing the
performance of bank stocks1. As a repercussion of the subprime
bubble burst in 2007-2009 that led to the reprehensible collapses of
financial giants including Lehman Brothers, a new rulebook, Basel
III, was formulated to include several measures to reinforce resilience
of the banking sector. With the formulation of effective control
measures and revisiting bank and customer relationship, this newly
amended rulebook aims to overcome risk management failures that
previously were considered one of the main causes of the worldwide
financial crisis2. In addition, the fresh capital adequacy framework,
which accentuates immensely on liquidity risk, credit risk and market
risk under ordinary and stressed market conditions, has been made
mandatory to require banks to maintain a minimum level of capital to
cover up losses and to run operating activities as a going concern. In
addition to systematic and unsystematic risks faced by traditional
financial institutions, Islamic banks are widely exposed to Shari’ah
risks with regards to the needs for ensuring Shari’ah compliance of
its operational activities and financial products. In order to mitigate
these additional risks, Islamic financial institutions (IFIs) are urged to
establish a comprehensive Shari’ah risks management tool that can
help them to monitor their banking, financing and investment
activities in conformity with Shari’ah principles, and hence enhance
their sustainability in the long run. Therefore, the objective of this
research paper is to contribute to the discussion on the development

1
R. Sensarma and M. Jayadev, “Are bank stocks sensitive to risk management?,”
The Journal of Risk Finance 10, 1 (2009): 7-22.
2
G. Sabato, “Financial crisis: where did risk management fail?,” (2009), Available
at SSRN: http://ssrn.com/abstract¼1460762.; J. Holland, “Banks, knowledge and
crisis: a case of knowledge and learning failure,” Journal of Financial Regulation
and Compliance 18, 2 (2010):87-105.

68
 SHARI’AH RISK MANAGEMENT FRAMEWORK FOR ISLAMIC FINANCIAL INSTITUTIONS

of Shari’ah risk management framework for IFIs. In order to achieve

its objective, this paper provide a thorough discussion on the
processes that take place in Shari’ah risk management; (i) risk
identification; (ii) risk measurement and; (iii) risk
monitoring/controlling. We hope to shed some light on the
importance of having a comprehensive standard of procedures in
performing Shari’ah risk management function.

2.0 Definition of Risk Management Practice

Risk management is defined in The Oxford Dictionary for Business
and Management as “a process that aims to help organizations to
understand, evaluate, and take actions on all their risk”. Similarly,
risk management can be defined as “the process by which managers
satisfy the need to manage [a] Bank‟s risk exposure by identifying
key risk factors; obtaining consistent, understandable, operational
risk measures; choosing which risk to reduce, and which to increase
and by what means; and establishing procedures to monitor the
resulting risk positions” 3 . In addition, the Basel Committee for
Banking Supervision in 2001defined risk management practice as a
sequence of the following four processes:
1. The identification of events into one or more broad categories
of market, credit, operational and other risks into specific
sub-categories;
2. The measurement and assessment of risks using data and risk
model;
3. The monitoring and reporting of the risk assessments on a
timely basis; and
4. The control of these risks by senior management.

The definition of risk management was also provided in the

Guiding Principles of Risk Management for Institutions issued by the
Islamic Financial Service Board in December 2005, whereby risk
management is defined as a process that consists of risk identification,
measurement, mitigation, monitoring, reporting and control. This

3
Abdul Ghafar Ismail, Money, Islamic Banks and the real Economy (Singapore:
Cengage Learning Asia Pte Ltd, 2010): 242.

69
RUSNI HASSAN

definition was adopted and became the main area of interest of this
research paper. An extensive discussion on these processes of risk
management practice is provided in the latter section.

3.0 Islamic Perspective of Risk Management Practices

Given its vital roles in ensuring sustainability of the operations and
market capitalizations of Islamic banks operations and market
capitalization, enormous attention has been channelled to the
development of risk management practices within their internal
management and control system. Yet, to adopt such practice requires
a valid explanation on its permissibility from the perspective of Islam.
In this section, we provide a discussion on how Islam perceives the
practice of managing risks among Islamic financial service providers
by referring to the divine texts, the Quran and hadith of the Prophet.
It is evident that the concept of risk management was quite
well-established in Islam. Based on verse 67 of Surah Yusuf, we read

O my children, do not enter the capital of Egypt by one

gate but go into it by different gates. However, know it
well that I cannot ward off you Allah‟s will for none
other than He has nay authority whatsoever. In Him I
have put my trust and all who want to rely upon anyone
should put their trust in Him alone.4

This concept of risk management is also further supported by several

hadith of Prophet Muhammad (peace be upon him) and a number of
legal maxims derived from it as follows:

4
Sayyid Abul Ala Maududi, Tafhim al-Quran – The Meaning of the Quran,
www.englishtfsir.com.

70
 SHARI’AH RISK MANAGEMENT FRAMEWORK FOR ISLAMIC FINANCIAL INSTITUTIONS

Table 1: Hadith of Prophet and legal maxims on permissibility of risk

management practices

Hadith Legal Maxims

“Prophet (s.a.w.) once asked a Bedouin Harm must be eliminated
who had left his camel untied, “Why do you
not tie your camel?” The Bedouin
answered: “I put my trust in God.” The
Prophet (s.a.w.) then said, “Tie up your
camel first then put your trust in God.”

“Whoever dies in protecting his property, Harm must be eliminated as

he dies as a martyr” much as possible

“In Islam, harm should neither be initiated Repelling harm takes priority
nor reciprocated” over seeking benefit

In addition, the permissibility of risk management practice can also

be discussed based on its relations to the objectives of Shari’ah.
Majority of IFIs tend to utilize a risk management framework for the
purpose of preserving wealth by ways of avoiding any potential risk
that could possibly lead to financial loss to either depositors or
shareholders5. This inarguably aligns with the important objectives of
Islamic economics as prescribed by shari’ah (maslahah). This, once
again, can be referred to as a recommendation made on the act of
recording debt transacted between contracting parties as narrated in
verse 282 and 283 of Surah al Baqarah. The objective of recording
debts is to minimize potential dispute and protect the interests
amongst the contracting parties. Therefore, this act, as recommended
in the Holy Quran, can be a manifestation for allowing the risk
management practices in order to minimize credit risks, emanating
from failures of settling debt.

5
A. Wajdi, “Principles and application of Risk management and hedging
Instruments in Islamic Finance”, 2014, www.asyrafwajdi.com/v25/index.php/article

71
RUSNI HASSAN

4.0 Shari’ah Risk Management Framework

In particular, Principle 7.15 of the Shari’ah Governance Framework
(SGF) 2010 defines Shari’ah risk management as “a function that
consists of identifying, measuring, monitoring and controlling the
Shari’ah non-compliance risks in order to mitigate the risks arising
from non-compliance events”. The same principle also requires risk
management to be systematic to enable the bank to have effective
businesses and activities without being exposed to unacceptable risks.
Therefore, apart from credit, market, liquidity and operational risk
management, Shari’ah risk management and control function must
also form one of the parts in IFI‟s integrated risk management
framework. Furthermore, Principle 7.17 of the SGF 2010 adds that
this technical and complex function indeed requires qualified or
experienced risk management officers who have good Shari’ah
knowledge to effectively perform such functions.
As referred to in Principle 7.18 of the SGF 2010, Shari’ah
non-compliance risk management function is determined by
involving the following steps:

i. Facilitating the process of identifying, measuring, controlling

and monitoring Shari’ah non-compliance risks inherent in the
IFI‟s operation.
ii. Formulating and recommending appropriate Shari’ah
non-compliance risk management practices and guidelines;
and
iii. Developing and implementing processes for Shari’ah
non-compliance risk awareness in the IFI.

5.0 Shari’ah Risk Management Process

As mentioned earlier, Shari’ah risk management involves three
important steps:

Risk Risk Risk Monitoring/

Identification Measurement Controlling

Figure 1: Shari’ah Risk Management Process

72
 SHARI’AH RISK MANAGEMENT FRAMEWORK FOR ISLAMIC FINANCIAL INSTITUTIONS

5.1 Risk Identification

Risk identification relates to a process of understanding the nature
and impacts on current and future activities of the institution6. This
process aims to enlighten the institution, as far as possible, about the
nature of the key variables or factors that can lead to occurrence of
unintended effects. Besides, the main purpose of risk identification
process should be revolved around developing a robust understanding
of the key factors that will pave ways for the next processes of risk
management7. In this study, the identification process focuses on
causal factors or variables that lead to non-compliance events. This is
done based on a belief that a problem can only be solved if its origins
and sources are known and are identifiable.
First, the risk management officer should be aware of internal
and external factors that may lead to a Shari’ah non-compliance risk.
Shari’ah non-compliance risk is determined as a subset of
operational risk. Thus, it is vital to refer to the definition of
operational risk in order to shed some light on this issue. According
to the Basel Committee for Banking Supervision, the operational risk
is the risk of financial loss or damage resulting from inadequate or
failed internal processes, people and systems or from external events.
This definition identifies the factors that can lead to operational risk
and hence was adopted by this study as the guiding themes of the
identification process. Therefore, it is noteworthy to mention that the
above-mentioned elements, namely, people, system and process have
been regarded as the main causal factors that contribute to the
occurrence of non-compliance events as discussed in the next
section8.

6
D. B. Hertz and H. Thomas, Risk Analysis and its applications (Chichester: Wiley,
1983).
7
Lubka Chankova, “Risk Identification- Basic stage in risk management,”
Environmental Management & Health Journal 13, 3 (2002): 290-297.
8
Hylmun Izhar and Zakaria Salah Ali Hassan, “Applying Core Principles of Risk
Management in Islamic Banks‟ Operational Risk Analysis,” Afro Eurasian Studies
2(1/2) (2013): 15-40; Hylmun Izhar, “Identifying Operational Risk Exposures in
Islamic Banking,” Kyoto Bulletin of Islamic Area Studies 3, 2 (2010): 17–53.

73
RUSNI HASSAN

5.1.1 People
In this context, the word „people‟ refers to groups of stakeholders
who are involved in the operations of IFIs. Those include
management officers, board of directors, Shari’ah advisors and staffs
of IFIs. It is argued that accountability of ensuring compliance of
Islamic banking products to shari’ah should not be confined merely
to shari’ah advisor, but also to other divisions within IFIs. This
factor has been given a significant attention in the SGF 2010, as
reflected in the objective of SGF itself, which is to, inter alia,
“provide a comprehensive guidance to the [B]oard, [they] Shari’ah
Committee and [they] [M]anagement of the IFI in discharging its
duties in matters relating to Shari’ah”. Based on this premise, it is
submitted that any weaknesses or shortcomings arising from people,
who are liable for the mismanagement of IFIs, may lead to events
that can trigger a Shari’ah non-compliance risk. Next, we outline
some of the possible events arising from people factor that could
possibly lead to a Shari’ah non-compliance risk:

Table 2: Summary of events arising from people factor that lead to

Shari’ah non-compliance risk

People factor
Fatwa risk Lack of clarification and deliberation about the
product will deprive the SC from having important
information and facts that are crucial in the
formation of fatwa for the given product and
hence lead to misleading decision making.

Failure to interpret fatwa given by the SC in the

right context indeed can lead to adverse impacts
on bank performance.

The management of IFIs does not abide to the

fatwa issued by the SC despite having a clear
ruling on the matter and hence lead to Shari’ah
non-compliance events.

74
 SHARI’AH RISK MANAGEMENT FRAMEWORK FOR ISLAMIC FINANCIAL INSTITUTIONS

Falsification of Bank‟s staffs may falsify or amend the particulars

Information/ of the products to prevent it from being declared
misrepresentation/ void due to violation of Shari’ah principles.
fraud and negligence

Guideline violations Lack of communication and cooperation between

and unapproved SC and legal counsels may lead to Shari’ah
products, non-compliance risk where the parties do not
transactions, or legal properly address some breaches contained in the
documentation instruments.

Insufficient resources This relates to the lack of qualified personnel to

and inadequate carry out the task in maintaining compliance with
training Shari’ah in all activities and operations of IFIs.

Shari’ah non-compliance risk may emerge when

the staffs are not properly trained to conduct their
job as specified in their job scope.

Inadequacy of knowledge may cause the staffs to

make mistakes in their task.

5.1.2 Process
This element refers to the process involved in product development
adopted in the operation of IFIs. The product development covers
both the pre-product approval (i.e. process of product structuring and
developing prior to introduction to the market) as well as to the
post-product approval process (i.e. process after the product has been
offered to the customers and transactions have been carried out). The
process adopted in pre-product approval involves the issuance of
Shari’ah decisions, product structuring or design processes backed
by comprehensive Shari’ah research, vetting of contracts and
agreements, as well as compliance checks, before the product is
offered to the customers. On the other hand, the process involved in
post-product approval includes Shari’ah audit and Shari’ah review

75
RUSNI HASSAN

that are conducted to ensure compliance with Shari’ah in the

implementation of every product offered to the customers. It must be
noted that the whole process adopted throughout the life-cycle of any
product must be given proper attention as any process in each stage
may become potential avenues for Shari’ah non-compliance risk.
Shari’ah non-compliance risk may occur during the product
development process due to improper structuring of products, lack of
internal research in understanding the appropriate Shari’ah concepts,
and misrepresentation of the product at the issuance or marketing
stage of the product. We highlight some of the events relating to
process adopted in product development in Islamic banking that can
lead to the occurrence of Shari’ah non-compliance risk:

Table 3: Summary of events arising from process factor that lead to

Shari’ah non-compliance risk

Process factor
Unclear processes, Lack of clear processes, policies and procedures
policies, procedures, or may lead to variations of the practices within the
responsibilities/lack of IFI that will increase the possibility of Shari’ah
them violations.

Leads to a situation where IFIs may mix the profit

derived from unlawful activities with the rest of
the lawful profit.

Lack of clear process can be seen in distribution

of profit derived from investment accounts that
are operated based on profit sharing concepts.
IFIs may end up managing such accounts on a
fixed-interest basis, although it is declared that
such accounts are administered according to a
profit and loss basis.

76
 SHARI’AH RISK MANAGEMENT FRAMEWORK FOR ISLAMIC FINANCIAL INSTITUTIONS

Inadequate internal There are three main bodies in Shari’ah

Shari’ah governance governance arrangement within an IFI, namely,
arrangements Board of Directors, SC and management.

The Board is ultimately accountable and

responsible on the overall Shari’ah governance
framework and Shari’ah compliance of the IFI.

The SC shall be responsible and accountable for

all its decisions, views and opinions related to
Shari’ah matters.

The management shall be responsible for

observing and implementing Shari’ah rulings and
decisions made by the SAC and the SC
respectively.

Insufficient disclosure Principle 2.9 of the SGF requires the SC to

and transparency prepare full and proper disclosure on the state of
compliance in an IFI‟s annual report to declare
that the operation and business of IFI comply
with Shari’ah.

5.1.3 System
In this context, system factor refers to information technology system
utilized in the operation of IFIs. The information technology
infrastructure and system plays an importance role in the daily
operation of IFIs. The registration, execution and implementation of
products in IFIs are done using the IT system. Therefore, the IT
system must be capable of reflecting the true nature of Shari’ah
principles. In other words, the system must be capable of blocking
any attempt to transact any impermissible contract. However, most
IT systems used by IFIs are adopted from the ones that are utilized in
conventional banks. They are deemed not suitable to be utilized in
IFIs. Besides, restructuring the existing IT system to make it
Shari’ah-compliant would involve huge cost. Thus, this section
explains the events which originate from the failure of the IT system
in complying with Shari’ah principles:

77
RUSNI HASSAN

Table 4: Summary of events arising from the IT System factor that

lead to Shari’ah non-compliance risk

System factor
Process and system IT system used by the IFIs must have a Shari’ah
accounting compliance status that is capable of ensuring strict
mismatches, adherence to shari’ah in all contracts entered into by
inadequate product the IFIs.
modules, poor
reporting, and Use of software and telecommunications systems
unapproved that are not tailored to the needs of Islamic banks
software could also contribute to Shari’ah non-compliance
risk, as it is not capable of blocking the
impermissible transactions under Islamic Law.

Inexperienced Vendor of the IT modules may overlook some of the

vendor, non-timely common features that must be inserted in the
support, non-user modules to ensure Shari’ah compliance in the
friendly system, and system.
system mistake
Lack of knowledge and experience may lead the
vendors to develop an IT system that is not friendly
to Shari’ah rules and principles.

5.2 Risk Measurement

In the risk measurement process, the risk manager should be
concerned with the extent of damage caused by the annulment and
invalidation of the contract. The risk manager of IFIs must classify
the risk according to the extent of damage that will be caused to the
institution. This helps the IFI to give more attention on the severe
risk as compared to the one that carries slight damage9.

9
Romzie Rosman, “Risk Management Practices and Risk Management Processes of
Islamic Banks: A Proposed Framework,” International Review of Business Research
Papers 5, 1 (2009): 250

78
 SHARI’AH RISK MANAGEMENT FRAMEWORK FOR ISLAMIC FINANCIAL INSTITUTIONS

Practically, the Shari’ah non-compliance risk can be classified

into three categories, namely, severe, medium and tolerable.
Normally, risk will be classified as „severe‟ if the non-compliance
event leads to invalidation of contracts or non-recognition of income.
This risk that also causes the defects in the contracts cannot be
rectified and cured. For instance, thus is true in a contract entered
into by the IFI and the customer that involves non-halal income like
financing gambling activities. Another example would be the
illegitimate nature of a gambling activity that would cause the
contract to be void and the income derived from that financing would
not be recognized under Islamic transaction law.
Whereas, a medium level of risk can relate to a situation of
conditions of the aqad that are not fulfilled. This event may cause the
contract to be defective, yet non-fulfilment of the conditions can be
rectifiable, and this may not necessarily invalidate the contract. In
this regard, the Hanafi approach to dealing with defective contract
can be applied to make necessary rectification for the impugned
contract. One of the examples for this type of contract is a contract
with invalid condition. According to Hanafis’ view, the existence of
the invalid condition in a contract does not render the contract void,
but it causes the same to be irregular. Thus, this irregularity can be
rectified by severing the invalid condition from the contract.
Lastly, tolerable risk relates to the events that do not lead to the
consequences mentioned under the severe and medium risk. For
example, indecent the mode of attire among the IFIs staffs may lead
to a reputational risk since the staffs of Islamic Bank are expected to
wear decent attire. Similarly, improper marketing through indecent
posters made by IFI may also tarnish the reputation of the institution.
The measurement of Shari’ah non-compliance risk, according to the
status of a contract, can be summarized as follows:

79
RUSNI HASSAN

Table 5: Measurement of Shari’ah non-compliance risk

Level of Shari’ah Description

non-compliance risk
Severe Non-compliance events lead to invalidation of
contract and non-recognition of income
Example: financing gambling activities or
investment in production of alcohol and liquor.

Medium Contract with a defect in an accessory attribute

(wasf)
Example: existence of an invalid condition in a
contract, problem with the delivery of the subject
matter, insufficient information about the subject
matter (jahalah).

Tolerable Events that do not lead to the consequences

mentioned under high and medium type of risk
Example: improper advertisement about product
and indecent attire among the staffs.

5.3 Risk Monitoring

The last stage of the risk management process deals with risk
monitoring and controlling. Risk monitoring can be used to ensure
that risk management practices are sound and effective. A proper risk
monitoring also helps IFIs to discover mistakes at an early stage
rather than suffer the bad consequences from the dormant untraceable
risk10. Besides, a risk monitoring mechanism is used to monitor the
variables and factors that can lead to a Shari’ah non-compliance risk.
The monitoring process utilizes data collected from the
previous audit or inspection 11 . One of the tools used in risk
monitoring is the Key Risk Indicator (KRI). KRI is a mathematical
formula that includes all parameters that describe the operational

10
Al-Tamimi, “Risk Management Practices: An Empirical Analysis of the UAE
Commercial Banks,” Finance India 16, 3 (2002): 1045-1057.
11
Rosman, “Risk Management”.

80
 SHARI’AH RISK MANAGEMENT FRAMEWORK FOR ISLAMIC FINANCIAL INSTITUTIONS

variation of specific operations within specific business lines12. KRI

can be used as a tool in measuring the actual value of the cause and
effect arising from non-compliance events. KRI predicts possible
occurrences of non-compliance events to enable the IFIs to take
reasonable preventive and corrective measures to avoid any loss
arising from such non-compliance events. For example, a Shari’ah
non-compliance risk can be discovered from an employee‟s mistake
and negligence. Hence, the risk monitoring mechanism would ensure
that a similar risk will not happen again in the future by checking and
analyzing the sources of the risk in order to avoid the events leading
to the identified risk from such factors. The application of this tool
depends heavily on the availability of information and data that refers
to the KRIs. It is stated that KRIs consist of mostly quantitative
measures intended to provide insight into operational risk exposures
and control measures13. We provide some examples here of KRI to
monitor potential sources of Shari’ah non-compliance risk:

Table 6: Application of KRI in monitoring process adopted from

Akkizidis and Kumar (2008)

Sources of Events Some Key

Shari’ah Risk Indicators
Non-compliance
risk

People • Fatwa risk • Staff turnover rates

• Fraud and • Staff training and experience
misrepresentation level
• Incompetent staff • Number of approvals that are
• Non-Performance not compliant to Shari’ah
of Obligation rules and principles

12
L. Kalyvas and I. Akkizidis, Integrating Market, Credit and Operational Risk: A
complete guide for bankers and risk professionals (London: Risk Books Incisive
Financial Publishing Ltd, 2006).
13
J. Young, Operational Risk Management: The practical application of a
qualitative approach (Pretoria: Van Schaik Publishers. Pretoria, 2006).

81
RUSNI HASSAN

Process • Unclear process and • Number of contracts that are

policies inconsistent with IFI policies
• Settlement failure rate
• Number of default
• Number of contracts that are
not Shari’ah compliant

System • IT is not Shari’ah • Number of contracts that are

compliant not Shari’ah compliant.
• System failure rate
• Number of failed operation

Next, we explore the scope of the monitoring process as

envisaged under the SGF. It is submitted that the role of the Shari’ah
management risk department is confined to the area relating to the
pre-product approval. However, the management of Shari’ah
non-compliance risk requires collective efforts by all departments
within the IFIs to ensure compliance with Shari’ah rules in all
operations of the IFIs. This notion is enshrined under Principle 7 of
the SGF which mentions that “the IFI must establish a robust and
comprehensive Shari’ah compliance function comprising review and
audit functions, supported by [a] risk management control process
and internal research capacity”.
On the other hand, the controlling mechanism for post product
approval is vested in the hand of a Shari’ah review department and a
Shari’ah audit department. The Shari’ah review function refers to
regular “check-up” made to assess the level of compliance to
Shari’ah in the operation and business of IFIs. Shari’ah review
function aims to ensure that the operation of IFIs does not conflict
with Shari’ah compliance. Shari’ah review should cover end-to-end
a product development process which starts from product structuring
to product offering. Appendix 7 of the SGF explains the end- to-end
product development process as follows:

82
 SHARI’AH RISK MANAGEMENT FRAMEWORK FOR ISLAMIC FINANCIAL INSTITUTIONS

Table 7: End-to-end product development process as described in the

SGF 2010

Production stage Description

Pre-product i. Pre-product approval process involves namely the
approval issuance of Shari’ah decisions, product
structuring or design processes backed by
comprehensive Shari’ah research, vetting of
contracts and agreements, as well as compliance
checks, before the product is offered to the
customers.
ii. There shall be a formal and transparent procedure
for issuance of Shari’ah decisions which are well
documented and approved by the Board and
Shari’ah Committee.
iii. An IFI shall ensure that the pre-product approval
process includes, among others, a review of the
concept, structure, term sheet, documentations,
policies and procedures, pamphlets, brochures
and advertising materials. The documents shall be
approved by the Shari’ah Committee of the IFI.
Post-product i. Post-product approval process involves
aaproval monitoring product implementation to ensure
compliance with Shari’ah principles, identifying
the area of potential Shari’ah non-compliance
risk and proposing the relevant actions to the
management.
ii. An IFI must ensure that post-product approval in
its Shari’ah governance framework also includes
internal Shari’ah review and Shari’ah governance
reporting. Without such follow-up, the IFI would
not be able to monitor the consistency of its
Shari’ah compliance and effectively manage any
Shari’ah non-compliance risks that may arise
over time.

Apart from that, the controlling and monitoring process is

further enhanced by a Shari’ah audit that must be carried out by the

83
RUSNI HASSAN

internal auditor of the IFI. Principle 1.3 of the SGF 2010 mentions
that Shari’ah audit is one of the main components in Shari’ah
Governance Framework. Shari’ah audit refers to periodical
assessment, with the purpose of providing independent assessment
and valuation as to the level of compliance with Shari’ah in relation
to businesses and operations of IFIs. The Shari’ah audit must be
conducted at least once a year. The scope of Shari’ah audit covers a
wide range of areas which includes audit on financial statement,
compliance audit on organizational structure, people, process and
information technology systems and review on the adequacy of the
Shari’ah governance arrangement. This reflects the main spirit
embedded in SGF since every key function must cooperate in
ensuring compliance with Shari’ah. In addition, the SGF also
mentions the appointment of external auditors to conduct
independent Shari’ah audit on the IFIs. However, this requirement is
not mandatory in nature, but it is left to the discretion of the IFI
whether to hire external auditors or not. The following table
summarizes the roles of the different organs in IFIs that are
responsible in managing Shari’ah non-compliance risk:

Table 8: Summary of the role of different organs in IFIs in managing

Shari’ah non-compliance risk

Organs Roles
Shari’ah Research - Conducts pre-product approval process,
research, vetting of issues for submission, and
undertake administrative and secretarial
matters relating to the Shari’ah Committee.
- Handles administrative and secretarial matters
relating to the Shari’ah Committee.
- Job scope revolves around pre-product
approval (ex-ante).

Shari’ah Review - Monitors Shari’ah compliance of products.

- Supports the work of the Shari’ah committee
and basic requirement of IFIs.
- Job scope relates to a post-product approval or
an ex-post assurance process.

84
 SHARI’AH RISK MANAGEMENT FRAMEWORK FOR ISLAMIC FINANCIAL INSTITUTIONS

Shari’ah Audit - Can be performed by internal auditor or

external auditor.
- Mandatory requirement under SGF only
requires internal auditor.
- Job scope relates to ex-post audit that report
directly to the Board.

Shari’ah Risk - Facilitating the process of identifying,

Management measuring, controlling and monitoring
Shari’ah non-compliance risks.
- Job scope relates to pre-product approval.

6.0 Conclusion
The objective of this paper is to contribute to the discussion on the
development of the Shari’ah risk management framework for IFIs.
Effective management of risks that could possibly lead to Shari’ah
non-compliance of products is inarguably significant for IFIs to
ensure they are able to retain customers‟ confidence on purity of their
business operations and hence enhance their market capitalization in
order to compete in the market which is highly dynamic in nature.
Based on divine revelation, this study concludes that the risk
management practice is deemed permissible and highly encouraged
due to its protection of customer‟s wealth, with a provision that it
does not involve any elements that contradict Shari’ah principles.
This paper then presents a Shari’ah risk management framework,
which comprises the following steps: (i) risk identification; (ii) risk
measurement and (iii) risk monitoring/controlling. Abiding to this
process of risk management is very important as it provide a
comprehensive guidance for IFIs in detecting and eliminating risks
from the entire aspect of operations in Islamic banking and finance,
including human resources, business processes and procedures as
well as technological advancements. This paper also provided a
discussion on the roles of organs that are responsible for managing
Shari’ah non-compliance risks such as Shari’ah Research, Shari’ah
Audit and Shari’ah Review.

85