New Risk Management Module for Islamic Bank Licensees

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 1 Industry Comments General Comments: Ref CBB’s Response A licensee noted that the consultation paper – incorporating principles from the IFSB‟s guidance (Dec 2005) and the BIS – represents a comprehensive coverage of the best practice requirements to cover six broad categories of risk exposures which are deemed to exist in an Islamic bank. However, it is opined that the implementation of such best practice requirements should not be made mandatory for institutions where certain categories of inherent risks are minimal and not of significance to the institution due to immateriality of worst case potential impact. (See Para 2.1 and Para 4.1 below). A criteria for such exemption should be considered to avoid ambiguity. A suggestion would be to have a simple decision tree approach to exempt institutions by a measure taking into consideration size of capital, total assets, total liabilities, number of employees, etc. Regardless of the consultation paper, risk management in an Islamic bank involves breaking down the institutions‟ risks and complexity in innovation into basic building blocks as well as evaluating risks based on an extreme value perspective. Following this train of thought, an Islamic bank should i. Have a holistic and integrated enterprise risk management framework to cover, amongst others, structural risks in products e.g. Sharia compliance, scholar risks; capital - on top of the six categories of risk exposures as prescribed by the consultation paper; and ii. Ensure scenario analysis and/or stress testing (with back testing) modules in its risk management framework. The prescriptive emphasis on managing risks associated with an Islamic bank‟s unrestricted investment accounts from the perspective of liquidity and displaced commercial risk management is appreciated. GR-1 The rules are mandatory for all Islamic banks to comply with. The IFSB paper does not differentiate between banks with different profiles, such as investment firms. A bank should set strict limits to avoid these risks.

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 2 A licensee noted that the new module is clearly (and quite properly) substantially based on the IFSB 2005 paper. However, there are some departures:

1. There are several references in RM to „collective investment undertakings‟ where the original IFSB paper talked about „restricted investment accounts‟.  LR-1.3.34 defines a collective investment undertaking as “any arrangements, authorised by or registered with the CBB, with respect to property of any description, including money, the purpose or effect of which is to enable persons taking part in the arrangements to participate in or receive profits or income arising from the acquisition, holding or disposal of the property or sums paid out of such profits or income”.  The Glossary to Volume 2 defines a restricted investment account as one where “the investment account holder imposes certain restrictions as to where, how and for what purpose his funds are to be invested. Further, the Islamic bank may be restricted from commingling its own funds with the restricted investment account funds for purposes of investment. In addition, there may be other restrictions which investment account holders may impose. For example, investment account holders may require the Islamic bank not to invest their funds in instalment sales transactions or without guarantor or collateral or require that the Islamic bank itself should carry out the investment itself rather than through a third party. Restricted participating investment bonds and restricted participating investment units (investment funds) and any other accounts of a similar nature are equivalent to the restricted investment accounts”. It‟s not clear why this change was made, as these terms are not interchangeable. Insofar as Islamic banks are concerned it is preferable to stick to „Restricted Investment Accounts‟ and „Unrestricted Investment Accounts‟ rather than use the additional terminology of CIU‟s which causes confusion. GR-2 Following the issuance of Volume 7 on Collective Investment Undertakings (CIUs), all future RIAs are to be issued as CIUs. The CBB will soon be issuing a directive in Volume 2 to provide guidance and explain this item further.

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 3 2. The drafting has been subtly altered in many instances and again it is not clear what the intention was. Specifically, words like „shall‟, „should‟, „may‟ and „must‟ have been swapped around. Thus the mandatory-sounding „shall‟ in the IFSB paper has become a suggestive „should‟ (or sometimes a different mandatory word - „must‟), a suggestive „should‟ (and sometimes „may‟) has become a mandatory „must‟, and so on. 3. Strategic risk and information security risk have not been covered. In the interests of completeness it is recommended these be included. 4. There are a few typos/minor mistakes (in RM-A.1.2, RM-2.2.8, RM-5.3.3, RM￾6.2 (heading) and RM-7.2.5). 2. The CBB Rulebook format uses only the terms “must” and “should”. Therefore, any mandatory rule, the word “must” is used; and any guidance rule, the word “should” is used. 3. These specific risks are not covered by the IFSB which was used as a basis for the Module and some of these risks are covered under other parts of the Module (e.g. information security risk can be considered as part of operational risk). 4. Noted.

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 4 A licensee noted that:

1. Consolidation of Risk management: As there are already various sections of the CBB Rulebook (Volume 2-Islamic Banks) that cover in great detail, certain core elements of risk management e.g. CM Module which deals with Credit Risk, OM Module which deals with Operational Risk, LM Module which deals with Liquidity Risk and several other modules; it is suggested that all these risk management modules be consolidated under one risk module, preferably in the RM Module for ease of reference.
2. Limited Coverage of Risk Governance: In the licensee‟s view there needs to be more clarity on the Central bank‟s expectations on risk governance and it is noted that this important issue is not covered in great detail under the General Section of the new module.
3. Pillar 2 Risks: The proposed module covers credit, market, liquidity, equity investment, rate of return, and operational risks but if the module is to set clear guidelines on the CBB‟s expectations on the management of risk it needs to be comprehensive and cover additional risks; particularly Pillar 2 risks e.g. strategic risk, reputational risk, etc.
4. Liquidity Risk: In their view with impending implementation of Basel III, particularly liquidity risk measurement, it is recommended that the CBB‟s expectations on liquidity risk management be benchmarked with liquidity risk standards in Basel III. This proposed module makes no mention of LCR and NFSR yet these are two key benchmark liquidity ratios banks will be expected to comply with in the not so distant future. In addition, the liquidity risk recommendations in the RM module does not (unlike in Basel III) make a distinction between short-term and long-term liquidity management. Further as noted above, LM Module already contains liquidity risk management requirements and it is suggested consolidating LM Module with the proposed RM Module. GR-3 1. The proposed Module is a general high level Risk Management Module which acts as a complement to several other existing modules. The other modules will have more detailed rules and will be cross-referenced to Module RM.
5. This is discussed in more detail in Module HC. The proposed module covers the risks identified in the IFSB paper. Other types of risks will be incorporated in other modules of risk that will complement the RM Module.
6. The proposed module incorporates the IFSB guiding principles. The Basel III requirements are not final. It is intended to move to the Basel III requirements in due course with these measures in place in the meantime. In addition, Module LM will remain separate in the interest of keeping Modules to a manageable length and highlighting the importance of managing liquidity risk on its own. Module RM will have a cross reference to Module LM.

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 5 A licensee noted that the Table of Contents includes “RM-B.2 Branches, Subsidiaries and Affiliates” which has no corresponding details in the main document. A licensee noted the following comments:  A key element of effective risk management is to maintain a sound and consistent risk culture throughout the institution. The consultation paper needs to consider that risk management as primarily managing risk at all level. Risk Management should be a process as well as a role in the financial institution which should be implemented through strong risk culture. Risk management should not be confined to risk specialists or control functions. Since the business of an institution mainly involves risk taking, business units, under the oversight of the management body, should be primarily responsible for managing risks on a day-to-day basis, taking into account the institution‟s risk tolerance/appetite and in line with its policies, procedures and controls. Therefore, it is a key element of effective risk management to maintain a sound and consistent risk culture throughout an institution which should be developed at both solo and consolidated levels.  The risk management framework should be holistic extending across all the institution‟s business, support and control units, recognizing fully the economic substance of its risk exposures and encompassing all relevant risks (e.g. financial and non-financial, on and off balance sheet, and whether or not contingent or contractual). It should be evaluated bottom up and top down, through the management chain as well as across business lines, using consistent terminology and compatible methodologies throughout the institution and its group.  When identifying and measuring risks, the institution should develop forward￾looking and backward-looking tools which allow for the aggregation of risk exposures across business lines and support the identification of risk concentrations. Forward-looking tools (such as scenario analysis and stress tests) should identify potential risk exposures under a range of adverse GR-4 This will be deleted from the Table of Contents. Noted. The proposed module incorporates the comments suggested by the licensee. Stress testing will be covered in more details in future amendments.

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 6 circumstances; backward-looking tools should help review the actual risk profile against the institution‟s risk tolerance/appetite and its risk management framework and provide input for any adjustment.  Risk management function needs to have the appropriate standing and appropriate authority. The risk management function shall be actively involved at an early stage in elaborating the bank‟s risk strategy and in all material risk management decisions.  Institution which is a holding company of many subsidiaries should consider and report all group specific risks, interdependencies, group risk profile impacts, specificities of the group, scalable group level risks, key drivers of solvency needs and diversification effects assumed at group level.  Guidelines is required to set out sound risk management principles or best practice standards to govern Technology Risk Management to guide the financial institutions in establishing a sound and robust technology risk management framework, strengthening system security, reliability, resiliency, availability and recoverability, and deploying dynamic authentication to protect customer data, transactions and systems. A licensee suggested introducing Compliance Risk and/or Strategic Risk as a secondary type of risk within the document. Possibly as a sub-paragraph within the “Operational Risk”. Also, they noted that the document does not have separate sections for other types of risk, example Investment Risk and/or reputational Risk, etc. In addition, the document does not emphasize on the roles of Board and Management Committees in terms of Risk Ownership & responsibilities. A licensee noted a couple of type errors as follows:  The word “ans” is noted in Sections RM-5.3.3.  Section RM-5.3.14 on page 5 of 5 should read as RM-5.3.16 From readability point of view, it is noted that this paper discusses rules for many risks for which CBB has dedicated rulebooks and modules. Replicating the rules in This has been added under General requirements. Group Risk will be covered under future work dealing with consolidated supervision. Technology risk is part of operational risk and is covered there. These types of risks will be incorporated in more detail in the Module OM, as Module RM is a higher level module. Noted. The proposed Module is a general high level Risk Management Module which acts

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 7 this module/paper would make readability of the rules difficult for users and exposes them to confusion and non-compliant. as a complement to several other existing modules. The modules will have more detailed rules and will not cause confusion and will have proper cross reference to Modules dedicated to specific risks. Specific Comments: Reference to the draft Directive: Comments REF CBB’s Response RM-A.1.8 Islamic bank licensees are also exposed to reputational risk arising from failures in governance, business strategy and processes. Negative publicity about the concerned Islamic bank licensees‟ business practices, particularly relating to Shari‟a non-compliance in products and services, could have an impact upon market position, profitability and liquidity. A licensee noted that with regard to reputation risk, apart from passing references in paragraphs RM-A.1.8, RM￾4.3.3, RM-5.3.3/12 and RM-7.2.2 there is no guidance on how to measure, monitor and manage this risk. Additional guidance would be helpful. A-1 Reputation risk is a qualitative factor and is not a risk that can easily be integrated into a set of quantitative standards and principles. Management may provide safeguards to prevent loss of reputation by measures such as codes of conduct and whistle-blowing procedures. These are not matters covered in the IFSB RM paper and are more matters of governance (see Module HC). RM-1.1.3 The Board must approve the risk management objectives, strategies, policies and procedures that are consistent with the Islamic bank licensee‟s financial condition, risk profile and risk tolerance. The risk management objectives, strategies, A licensee noted that this paragraph is about risk management objectives, strategies, policies and procedures. The cross reference to HC-9.2 might not be accurate, since that section HC-9.2 is about Governance and Disclosure per Shari‟a Principles. B-1 The cross reference is correct; Sharia‟ Compliance is a risk.

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 8 policies and procedures must be stated in a set of formal risk management documents. The risk management documents must be communicated at all levels within the Islamic bank licensee involved in the implementation of risk management policies (see Sections HC-1.2, HC-9.2, CM-2.1 and CM￾4.7 for more detailed rules and guidance). RM-2.2.4 Islamic bank licensees must have in place: (a) An appropriate credit strategy document which includes pricing and tolerance for undertaking various credit risks; (b) A risk management structure with effective oversight of credit risk management: This includes credit policies and operational procedures including credit criteria and credit review processes, acceptable forms of risk mitigation, and limit setting; (c) An appropriate measurement and careful analysis of exposures, including market- and liquidity￾sensitive exposures; and (d) A system: A licensee noted that RM-2.2.4 states that banks must “ensure that adequate provisions are allocated in accordance with CBB’s requirements”. This Section is referring to CBB‟s proposed changes to the CM-Module which is still in “consultative” stage. Therefore, until such time CBB enacts the proposed changes, reference to such rule should be removed/reconsidered. A licensee noted that the term “System(s)” has been repeated in different places within the Module, however, in few places the term has to be more defined to reflect the extent of required infrastructure to implement the suggested “system”. D-1 D-2 Disagree. The CBB has some existing requirements and these must be followed. The word “system” as a generic term in this context. And the CBB (and IFSB) mean use it in a general sense rather than as a term with a specific set of parameters.

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 9 (i) To monitor the condition of ongoing individual credits to ensure the financings are made in accordance with the Islamic bank licensees’ policies and procedures; (ii) To manage problem credit situations according to an established remedial process; and (iii) To ensure adequate provisions are allocated in accordance with CBB requirements. RM-2.2.5 Islamic bank licensees must implement a credit strategy using various instruments in compliance with Sharia’, whereby the credit strategy recognizes the potential credit exposures that may arise at different stages of the various financing agreements. A licensee seeks more clarification regarding the clause. E-1 Please refer to RM-2.2.8 and Module CA for more clarification on credit strategies. RM-2.2.10 When setting the level of risk appetite relating to counterparties, the Board must ensure that: (a) The expected rate of return on a transaction is commensurate with the risks incurred; and (b) Measures have been put in place to prevent excessive credit risk (at both individual and portfolio levels) and risk concentration A licensee suggested adding reference to “setting the level of risk appetite relating to counterparties” to CBB exposures limits for counterparties. F-1 Agree, the reference will be added.

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 10 (for example financing instruments, economic activity, geographical and sectoral spread). RM-2.2.12 Islamic bank licensees must establish policies and procedures defining eligible counterparties (retail/consumer, corporate or sovereign), the nature of approved financings and types of appropriate financing instruments. The risk management function must obtain sufficient information to permit a comprehensive assessment of the risk profile of the counterparty prior to the financing being granted. A licensee noted that the detailed requirements in the area of credit risk management e.g. credit strategy, MIS, are opined to be rather excessive for an Islamic investment bank which does not focus on the extension of credit as its business strategy. Further, paragraph RM2.2.12 - as a requirement to establish policies and procedures which defined eligible counterparties according to type of borrowers e.g. retail/consumer, corporate or sovereign – may not be relevant to an investment bank which focuses in private equity, venture capital and business development assets. Also, the risk treatment of the extension of Qard Hasan to investment project companies i.e. whether it is a credit risk or equity investment risk needs to be included. G-1 The proposed Module RM applies to all Islamic Banks. Defining the eligible counterparties depends for each bank and the type of borrowers it deals with. RM-2.2.14 Islamic bank licensees must receive their Shari’a Supervisory Board Fatwa on all new financing proposals that have not been proposed before or A licensee noted, for avoidance of doubts, that the word “proposal” in this paragraph should be reworded to “new products/structures”. H-1 The word “proposal” may involve structures and products, not just transactions. No change to be made.

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 11 amendments to existing contracts. Islamic bank licensees may also engage appropriate technical expert (for example an engineer) to evaluate the feasibility of a proposed new project and to assess and approve progress billings to be made under the contract. Also it is proposed that “materiality” be used in determining the need for engaging technical experts such as the amount of the project/exposure. Hence, banks should consider engaging technical experts if the amount of the exposure merits such an engagement. This is a matter of choice or guidance. RM-2.2.15 In a financing involving several related agreements, Islamic bank licensees need to be aware of the binding obligations arising in connection with credit risks associated with the underlying assets for each agreement. To be Sharia compliant, subject to the interpretation of its Sharia scholars, an Islamic bank licensee must ensure that all components of the financial structure are contractually independent, although these may be executed in a parallel manner despite their interrelated nature. A licensee noted that RM-2.2.15 states that “… banks must ensure that all components of the financial structures are contractually independent…”. This should be left to be determined by the legal and sharia as there may be incidents where the components of the financial structure should be combined into one contract. This also depends on the prevailing laws in the country of exposure. I-1 This Paragraph is Guidance. The reference to “must” will be changed to “should”. RM-3.1.1 This Chapter sets out the principles and rules pertaining to the management of risks inherent in the holding of equity instruments for investment purposes. In particular, for Islamic bank licensees, the relevant instruments are typically those based A licensee suggested that equity instruments definition not to be restricted to Mudharabah and Musharakah contracts but shall include all types of equity instruments. Also, Musharakah contract as per definition by AAOIFI standard number 4 has the characteristics of a partnership K-1 The definition is not restricted to mudarabah and Musharakah. It says “typically based” and is not exclusive. Also, RM-3.2.1 states that “The type of equity investment risk dealt with in this Chapter may be broadly defined as the risk arising from entering into a

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 12 on the Mudarabah and Musharakah contracts. This Chapter focuses on such instruments. The risks entailed by holding equity instruments for trading or liquidity purposes are dealt with under market risk in Chapter RM-4. While investments made via Mudarabah and Musharakah instruments may contribute substantially to Islamic bank licensees’ earnings, they entail significant market, liquidity, credit and other risks, potentially giving rise to volatility in earnings and capital. rather than the aspects of equity investments. partnership for the purpose of undertaking or participating in a particular financing or general business activity as described in the contract, and in which the provider of finance shares in the business risk.” Therefore, it is correct to have partnership characteristics under equity investments risk. RM-3.3.7 Islamic bank licensees must use Shari‟a compliant risk-mitigating techniques, which reduce the impact of possible capital impairment of an investment. This may include the use of Shari‟a permissible security from the partner. A licensee noted that the requirement of this paragraph to use Shari‟a compliant risk mitigating techniques to reduce impact of capital impairment of an investment – particularly in the private equity, venture capital and business development space – may not be practically implemented. Since there are limited Shari‟a compliant risk mitigating techniques (especially those which are financial in nature) for alternative investments in the private equity, venture capital and business development space, this requirement may not be practically implemented nor cost effective. It is noted however, that an Islamic banking institutions should use the Shari‟a compliant risk mitigating L-1 This Rule will be changed to guidance and language changed as per suggestion provided. Islamic bank licensees should – if applicable – use Shari‟a compliant risk￾mitigating techniques – both financial and non-financial in nature – to reduce the impact of possible capital impairment of an investment.

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 13 techniques for equity investments if these are available or when developed by IIFM if applicable. Clause RM-3.3.7 could be reworded as “Islamic bank licensees should – if applicable – use Shari‟a compliant risk￾mitigating techniques – both financial and non-financial in nature – to reduce the impact of possible capital impairment of an investment. A licensee noted that this requirement is not in accordance with Sharia rules as one partner cannot guarantee the investment of another partner (unless in case of Gross Negligence). Refer to AAOIFI Sharia Standard number 12 for details (section 3/1/4 of the Standard). A licensee suggested replacing the word „must‟ with „may‟ as each investment is unique. This will be a business decision for the bank to take if it sees suitable to use a Shari‟a compliant risk-mitigating technique. RM-3.3.8 Islamic bank licensees must ensure that their valuation methodologies are appropriate and consistent, and assess the potential impacts of their methods on profit A licensee noted that any such agreement should be in coordination and clearance by the External Auditor as such External Auditor may not accept the methodology used and accordingly refuse to clear the accounts at year-ends. M-1 The valuation methodology is reviewed by the external auditor as part of the year end audit exercise, so there is no need to add such statement.

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 14 calculations and allocations. The methods must be mutually agreed between the Islamic bank licensees and the Mudarib and/or Musharakah partners. A licensee suggested omission of the second sentence. There is no necessity to share the valuation methodology with the Mudarib and/or the Musharakah partner as the bank possesses the expertise to fulfill this task. In addition , this may create disagreement between the two parties that will impede progress of the investment and adversely affect the Bank‟s business and profitability M-2 Disagree. It is sensible that the partners mutually agree upon the valuation methodology to ensure transparency and avoid disputes at a later date. RM-3.3.9 Islamic bank licensees must agree with the Mudarib and/or Musharakah partners before entering into any agreement, on the appropriate valuation methods and periods for which the profit is to be calculated and allocated taking into account market practices and liquidity features. A licensee noted that, for avoidance of doubts, it is proposed that the “before entering into any agreement” to be reworded to “in the agreement” as it sounds more legally-binding. N-1 Disagree, “before” is definitely better. RM-3.3.11 In the case of a change of the partnership’s shares in a Musharakah (for example in a Diminishing Musharakah), the shares changing hands must be valued at fair value. A licensee noted that any such valuation to be done in accordance with AAOIFI Sharia Standard # 12 in respect of Musharakah profit sharing. O-1 Relevant accounting standards must be followed. Other (future) standards may be relevant. RM-4.3.3 Islamic bank licensees must establish a sound and comprehensive market risk management process and A licensee noted that the detailed requirements in the area of market risk management – in particular the establishment of a strong MIS for P-1 Disagree. Upgrading and establishing of systems (MIS) is part of good risk management.

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 15 information system, which (among others) comprise: (a) A conceptual framework to assist in identifying underlying market risks; (b) Guidelines governing risk taking activities in different portfolios of assets financed by investments accounts and portfolios of Collective Investment Undertakings and their market risk limits; (c) Appropriate frameworks for pricing, valuation and income recognition; and (d) A strong MIS for controlling, monitoring and reporting market risk exposure and performance to appropriate levels of senior management. controlling, monitoring and reporting market risk exposures should be dictated by the materiality of the market risk exposure which an institution is exposed. Preamble will be amended as follows: “Islamic bank licensees must establish an appropriate sound…” RM-5.1.1 This Chapter sets out guidance pertaining to liquidity risks, which highlights the key elements for effective liquidity management within the scope of Islamic bank licensees‟ exposures. Islamic bank licensees solicit and attract various sources of funds to channel to their financing and investment activities. Islamic bank licensees may have A licensee noted that the management of the liquidity risk associated with failing to collect cash from committed investors subsequent to their subscription should be properly detailed and emphasized in an Islamic investment bank. Q-1 Noted. Module RM incorporates general high level rules. A liquidity risk Management Module will be more appropriate for more detailed guidelines on the management of liquidity risk

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 16 various kinds of obligations, such as requirements to repay current account holders on demand, to provide committed funds in Musharakah transactions, and to make available cash flows for expenses or profit payments. RM-5.3.2 Islamic bank licensees must maintain adequate liquidity to meet their obligations at all times. In this regard and taking into consideration the nature of the Islamic bank licensees, its business activities and its capital market environment, the Islamic bank licensees must have in place liquidity management policies, which must be reviewed periodically by the Board, covering: (a) Strategy for managing liquidity involving effective board of directors (BOD)and senior management oversight; (b) A framework for developing and implementing sound processes for measuring and monitoring liquidity; (c) Adequate systems in place for monitoring and reporting liquidity exposures on a periodic A licensee noted that for sub- paragraph (d), the willingness and ability of shareholders to provide capital when necessary might not be definite at the time of preparing the Liquidity Policy. A licensee noted for sub-paragraph (d) assessing the willingness and ability of shareholders to provide additional capital when required is extremely unpredictable as this will be subject to numerous elements. It is not realistic to include the shareholders‟ ability in the liquidity management policy and hence omission of part (d) is recommended. R-1 R-2 The policies will be reviewed periodically; therefore, the willingness of shareholders can be assessed and changed periodically. Disagree. Where a bank has shareholders that are controllers, it needs to know if they are prepared to provide additional financial support or not. (d) will be amended as follows: Adequate funding capacity, with particular reference to the board’s assessment of the willingness and ability and likely support of shareholders to provide additional capital when necessary

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 17 basis; (d) Adequate funding capacity, with particular reference to the willingness and ability of shareholders to provide additional capital when necessary; (e) Access to liquidity through fixed asset realizations and arrangements such as sale and lease-back; and (f) Liquidity crisis management. RM-5.3.12 Islamic bank licensees‟ liquidity management policies must include some form of contractually agreed orderly liquidation procedures, to avoid having to liquidate assets at unfavorable prices, resulting in the erosion of the IAH capital and damage to the Islamic bank licensees‟ reputation and viability. A licensee noted that the requirement in the proposed module that liquidity management policies include some form of “contractually agreed” orderly liquidation procedure to avoid having to liquidate assets at unfavorable prices might not be implementable. In a stressed market the premium placed on liquidity increases as demonstrated during the 2008 crisis; therefore, to have a “contractually” agreed orderly liquidation might not be possible, as buyer‟s financial position and ability to pay could have changed as well. Secondly for wholesale investment banks that hold private equity assets, this requirement will not be practical value as buyers would not agree to contractually committing themselves to acquire investments without T-1 Will delete reference to „contractually agreed‟ procedures.

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 18 prior due diligence. A licensee noted that they are unable to determine if this Section is referring to Liquidity Contingency Planning or not. Some explanations would be highly suitable. T-2 Paragraphs RM-5.3.13 onwards until the end of the section, are referring to contingency planning. RM-5.3.15 Where appropriate, Islamic bank licensees should include in their contingency plans the following factors and define appropriate action points at each stage: (d) Possible liquidity arrangements with the CBB (on an interest-free basis); A licensee noted that point (d) on possible liquidity arrangements with the CBB (on an interest free basis) is much appreciated and should be made available in a practical manner. U-1 Sub paragraph (d) will be deleted. Section RM-7 A licensee noted that recent papers from the Basel committee on Operational Risk appear to provide more detailed and updated guidance on operational risk management (which is already captured in the OM Module) than is provided in Section RM-7 of the proposed module. Having noted the above, it is also recommended that the CBB reconcile best practice recommendations from both the IFSB and BCBS and come up with a single RM Module. As a result of the gradual change from Basel II to Basel III it will become more critical that regulatory risk management guidelines and requirements V-1 The CBB issued a consultation in order to maintain full compliance with the Principles for the Sound Management of Operational Risk under Basel II framework. Accordingly, revisions have been made to Module OM of the CBB Rulebook and were issued as part of the October 2012 Rulebook update. The Updated Module OM complements and give more detailed guidelines in addition to the proposed Module RM.

New Risk Management Module for Islamic Bank Licensees Industry Comments and Feedback Volume 2 January 2013 19 are harmonized with the capital adequacy framework as in post Basel II environment discussion of risk can no longer be divorced from the parallel discussion on adequacy of capital to support such risks. RM-7.2.5 If Islamic bank licensees do not comply with Shari‟a rules and principles, their transactions must be cancelled and income generated from them are considered illegitimate. A licensee noted that the clause introduces the requirement that any non-compliance with Shari‟a would be grounds for cancelling transactions. It is recommended that the CBB reconsiders this requirement as it is not practical and to introduce some remedy to address any such non￾compliance on case by case basis (subject to approval of the Bank‟s SSB), depending on the level of non-compliance and the migration ways of managing non￾compliance. W-1 The Rule will be amended as follows: The bank‟s Shari‟a Supervisory Board is responsible for establishing policies to deal with any Shari‟a non-compliant transaction, taking into account its reputational risk and it must also follow existing AAOIFI disclosure requirements.