2023-11-14

Added · Updated

Risk Management Framework for Shari’ah Compliant Banking

The Saudi Central Bank (SAMA) issued the Risk Management Framework for Shari’ah Compliant Banking to establish minimum principles for managing credit, market, operational, liquidity, and equity investment risks in Islamic banking. This framework supersedes previous circulars and mandates that domestic banks implement comprehensive risk oversight, independent governance structures, and robust identification and measurement methodologies for Shari’ah-specific risks. Banks are required to ensure strict compliance with Shari’ah rules, maintain adequate capital and liquidity buffers, and report effectively to the Board and Senior Management starting from March 3, 2024.

Saudi Central Bank logo

Saudi Arabia

Saudi Central Bank

Click to view thumbnail

Saudi Central Bank (SAMA) Risk Management Framework for Shari’ah Compliant Banking

November 2023


Contents

  1. Introduction....................................................................................................................... 3
  2. Objective .......................................................................................................................... 3
  3. Scope of Application ........................................................................................................ 3
  4. Definitions........................................................................................................................ 4
  5. Risk Oversight ................................................................................................................. 6
  6. Risk Management Requirements...................................................................................... 7
  7. Credit Risk ....................................................................................................................... 9
  8. Market Risk...................................................................................................................... 10
  9. Operational Risk .............................................................................................................. 11
  10. Liquidity Risk ................................................................................................................ 13
  11. Equity Investment Risk.................................................................................................. 14
  12. Effective Date ................................................................................................................ 14

1. Introduction Risk Management Framework for Shari’ah Compliant Banking is issued by SAMA in exercise of the powers vested upon its law issued by the Royal Decree No. M/36 on 11-04-1442H (26 Nov 2020G) and the Banking Control Law issued by the Royal Decree No. M/5 on 22-02-1386H (11 June 1966G) and the rules for Enforcing its Provisions issued by Ministerial Decision No 3/2149 on 14-10-1406AH.

The Risk Management Framework for Shari’ah compliant banking provides principles for establishing and implementing effective risk management in the banks offering Shari’ah compliant product and services. This framework shall be read together with the Shari’ah Governance Framework for Shari’ah Compliant Banking issued by SAMA (February 2020) and any subsequent updates.

Banks should be aware that the conduct of Shari’ah compliant banking activities may expose the bank to various types of risks including, but not limited to:

  • Credit Risk
  • Market Risk
  • Operational Risk
  • Liquidity Risk
  • Equity Investment Risk

This framework updates and supersedes the previous Risk Management Framework for Shari’ah Compliant Banking issued by SAMA circular No. 43038156 on 27-04-1443H (02-12-2021G).

2. Objective The Risk Management Framework for Shari’ah Compliant Banking sets out SAMA’s regulatory expectations on banks’ management of risk unique in Shari’ah compliant banking activities to supplement existing risk management requirements issued by SAMA.

3. Scope of Application Risk Management Framework for Shari’ah Compliant Banking shall be applicable to all domestic banks licensed by SAMA under the Banking Control Law that conduct Shari’ah compliant banking activities. Banks must ensure that compliance practices by their majority owned subsidiary(ies) or branches conducting Shari’ah compliant banking activities outside Saudi Arabia are consistent with the requirements of this framework.


4. Definitions The following terms and phrases used in this document shall have the corresponding meanings unless otherwise stated.

SAMA: The Saudi Central Bank.

Bank: Any domestic bank that is licensed to carry out banking business in Saudi Arabia in accordance with the provisions of the Banking Control Law and that conduct Shari’ah compliant banking either as a full-fledged Islamic bank or through an Islamic Window.

Full Fledged Islamic Bank: A bank conducts only Shari’ah compliant banking.

Islamic Window: That part of a conventional bank (which may be a branch or a dedicated unit of that bank) that provides Shari’ah compliant finance and investment services both for assets and liabilities products.

Credit Risk: The risk that a bank recipient of financing or counterparty fails to meet its obligations in accordance with agreed terms.

Market Risk: The risk of losses in on- and off-balance sheet positions arising from adverse in market price, i.e. fluctuations in market values of tradable, marketable or leasable assets (including Sukuk) and off-balance sheet individual portfolios.

Operational Risk: The risk of losses resulting from inadequacy or failure of internal processes, people and systems, or from external events.

Shari’ah Non-compliance Risk (SNCR): The risk of non-compliance resulting from the failure of a bank’s Shari’ah governance mechanism (systems and personnel) that ensure its compliance with Shari’ah rules and principles as determined by its Shari’ah Committee, and may result in adverse financial or non-financial impact on the bank.

Fiduciary Risk: The risk that arises from a bank’s failure to perform in accordance with explicit and implicit standards applicable to their fiduciary responsibilities.

Liquidity Risk: The risk of potential loss to the institution arising from its inability either to meet its obligations or to fund increases in assets as they fall due without incurring unacceptable costs or losses.

Equity Investment Risk: The financial risk involved in holding equity in a particular investment.

Board: The Board of Directors appointed by the shareholders in line with applicable laws and regulations.


Senior Management: The Senior Management consists of a key group of individuals responsible for overseeing the day-to-day management of the bank and they shall be accountable in this respect. These individuals should have the necessary experience, competence and integrity to manage the business under the Board’s supervision. The Board shall have appropriate controls applicable to these individuals.

Salam: The sale of a specified commodity that is of a known type, quantity and attributes for a known price paid at the time of signing the contract for its delivery in the future in one or several batches.

Parallel Salam: A second Salam contract with a third party to acquire for a specified price a commodity of known type, quantity and attributes, which corresponds to the specifications of the commodity in the first Salam contract without the presence of any links between the two contracts.

Sukuk: Certificates that represent a proportional undivided ownership right in tangible assets, or a pool of tangible assets, receivables and other types of assets. These assets could be in a specific project or specific investment activity that is Shari’ah compliant.

Murabahah: A sale contract whereby the bank sells to a customer a specified asset, whereby the selling price is the sum of the cost price and an agreed profit margin. The Murabahah contract can be preceded by a promise to purchase from the customer.

Commodity Murabahah (Tawarruq): A Murabahah transaction based on the purchase of a commodity from a seller or a broker and its resale to the customer on the basis of deferred Murabahah, followed by the sale of the commodity by the customer for a spot price to a third party for the purpose of obtaining liquidity, provided that there are no links between the two contracts.

Ijarah: A contract made to lease the usufruct of a specified asset for an agreed period against a specified rental. It could be preceded by a unilateral binding promise from one of the contracting parties. As for the Ijarah contract, it is binding on both contracting parties.

Ijarah Mawṣufah Fi Al-Dhimmah (Forward Lease): A contract where the lessor leases the usufruct of a specific future asset, which will be delivered by the lessor to the lessee for the latter to acquire the usufruct on a specific date in the future. This usufruct can be of an asset or of service.

Ijarah Muntahia Bi Al Tamlik: A lease contract combined with a separate promise from the lessor giving the lessee a binding promise to own the asset at the end of the lease period either by purchase of the asset through a token consideration, or by the payment of an agreed upon price or the payment of its market value. This can be done through a promise to sell, a promise to donate, or a contract of conditional donation.


Istisna: The sale of a specified asset, with an obligation on the part of the seller to manufacture/construct it using his own materials and to deliver it on a specific date in return for a specific price to be paid in one lump sum or instalments.

Parallel Istisna: A second Istisna contract whereby a third party commits to manufacture/construct a specified asset, which corresponds to the specifications of the asset in the first Istisna contract without the presence of any links between the two contracts.

Wakalah: An agency contract where the customer (principal) appoints an institution as agent (wakil) to carry out the business on his behalf. The contract can be for a fee or without a fee.

Musharakah: A partnership contract in which the partners agree to contribute capital to an enterprise, whether existing or new. Profits generated by that enterprise are shared in accordance with the percentage specified in the Musharakah contract, while losses are shared in proportion to each partner’s share of capital.

Mudarabah: A partnership contract between the capital provider (rabb al-māl) and an entrepreneur (muḍārib) whereby the capital provider would contribute capital to an enterprise or activity that is to be managed by the entrepreneur. Profits generated by that enterprise or activity are shared in accordance with the percentage specified in the contract, while losses are to be borne solely by the capital provider unless the losses are due to misconduct, negligence or breach of contracted terms.

5. Risk Oversight 5.1 Principle 1.0: Banks conducting Shari’ah compliant banking activities shall have in place a comprehensive risk management framework, including appropriate board and senior management oversight, to identify, measure, monitor, report and control all relevant risks arising from Shari’ah compliant banking activities, taking into account compliance with Shari’ah rules and principles.

Board of Directors (Board) Oversight: 5.2 Board must have active oversight of their risk management activities, including risks arising from Shari’ah compliant banking activities. The Board or the delegated committee of the Board shall approve the risk management objectives, strategies and policies, risk appetite and risk tolerance of the bank, taking into consideration the overall economic and financial conditions. Shari’ah compliant banking activities conducted by the bank shall be consistent with the risk appetite and within the risk tolerance level approved by the Board or the delegated committee.


5.3 Board or the delegated committee shall ensure that there is an effective risk management structure and policies and procedures governing the conduct of Shari’ah complaint banking activities, including adequate systems for measuring, monitoring, reporting and controlling risk exposures commensurate with the scope, size and complexity of the bank’s business and operations.

5.4 Board or the delegated committee shall review the effectiveness of the risk management practices periodically and make appropriate changes as and when necessary.

5.5 Board or the delegated committee must ensure that the risk management function is independent from risk taking functions and is reporting directly to the Chief Executive officer/General Manager. The Chief Risk Officer shall have independent report and access to the Risk Management Committee.

Senior Management Oversight: 5.6 Senior management must ensure that the policies and procedures clearly establish roles and responsibilities, and lines of accountability of various functions within the bank for managing, monitoring and reporting risk arising from Shari’ah compliant banking activities.

5.7 Senior management must ensure that there are well defined policies and procedures managing risks arising from Shari’ah compliant banking activities, in line with the risk appetite and risk tolerance approved by the Board or the delegated committee, and ensure that these policies and procedures are effectively implemented.

6. Risk Management Requirements 6.1 Banks must have in place sound processes for identification, measurement, mitigation, monitoring and reporting of risks associated with Shari’ah compliant banking activities. Risk management processes for Shari’ah compliant banking activities should be integrated with the overall risk management framework, where relevant, to ensure the bank have an overall view of risk exposures and interlinkages with other activities and functions within the bank.

6.2 Banks must ensure that there are adequate system of controls and processes for monitoring compliance with the established policies and limits, Shari’ah rules and principles and other regulatory requirements, as applicable. The state of compliance should be reported to the Risk Management Committee and Senior management periodically or more frequently, when necessary.


6.3 Banks must ensure that effective management information systems (MIS) are in place to support their risk management activities, decision making, facilitate compliance with internal and SAMA’ prudential and supervisory reporting requirements.

6.4 Banks must be aware and understand the different types of risk inherent in all Shari’ah compliant banking products that they offer. Banks must have in place appropriate risk management approaches and methodologies to identify and differentiate various risk components in Shari’ah financial products and the underlying contracts used in these products. For example, risk inherent may differ at different stages of the life of the product that would require the bank to distinguish and quantify each category of risk using different approaches and methodologies. Banks must ensure these methodologies are assessed and validated by independent risk management function or external independent validation to ensure that the risk categorization and measurement methodologies used are appropriate and effective.

6.5 Banks that offer profit sharing investment accounts (PSIAs) must establish mechanisms for monitor that funds provided by the account holders were utilized for purposes that are in line with the terms and conditions agreed with account holders. Banks must also comply with the risk management requirements set out in the PSIAs Rules (September 2022) and any subsequent updates.

6.6 Banks must ensure that the structuring of products, underlying transactions and contracts are fully compliant with Shari’ah rules and principles. Banks must have in place appropriate functions and structure (e.g. Shari’ah risk administration department or unit either separated or embedded within the risk originating function) to ensure that documentation of transactions required for Shari’ah compliant products are complete and that the sequencing of transactions and contracts, are compliant with Shari’ah rules and principles. For example, the dates play a very important role in Murabahah transactions and any transaction can be rendered invalid if the sequencing of obtaining documents is changed.

6.7 Board, senior management and staff should have sound knowledge, skills and understanding of Shari’ah rules and principles as well as risks associated with Shari’ah compliant products and services offered by the bank. Banks should periodically review adequacy of resources, competencies and skills for the operation of Shari’ah compliant banking activities and have in place training programs to address any gaps identified in internal capacity and competencies.


7. Credit Risk 7.1 Principle 2.0: Banks shall have in place appropriate methodologies and adequate systems, infrastructure and resources for identifying, measuring, managing and reporting the credit risk exposures arising from Shari’ah compliant financing products.

7.2 Banks must have well-defined criteria and policies and processes for approving new credit, renewing and refinancing existing Shari’ah compliant financing. These criteria should include the type, nature and amount of credit exposures, including the terms and conditions and other contractual obligations under the Shari’ah compliant contract used that the bank may accept and in line with the approved-risk appetite, risk limits, risk bearing capacity as well as SAMA’s requirements on responsible lending.

7.3 Banks must have in place sound processes for managing credit risk in Shari’ah compliant financing contracts, including processes for: 7.3.1 continued monitoring of counterparty’s ability and willingness to repay under the terms of the financing, performance of the underlying assets; processes for classification of the performance of the credit exposures; 7.3.2 tracking, triggering and reporting credit exposures that require prompt action; 7.3.3 monitoring completeness of documentation, counterparty’s compliance with terms and conditions and other contractual requirements of the Shari’ah compliant contract, collateral and other forms of credit risk mitigation; 7.3.4 identifying different types of risks involved in a Shari’ah financing transaction, and measuring credit risk and other risks (where applicable) for each different type of Shari’ah financing contract (e.g. financing contract based on PSIAs) and at different stages of the underlying contracts (e.g. contracts which involve purchase and sale of commodities); 7.3.5 assessing and ensuring credit risk mitigating techniques used in each Shari’ah compliant financing are legally enforceable and compliant with Shari’ah rules and principles; 7.3.6 identifying problem credits on a timely basis and implementation of workout, restructuring, rescheduling, recovery, or other appropriate measures, and ensuring compliance with Shari’ah rules and principles.


8. Market Risk 8.1 Principle 3.0: Banks must have in place an appropriate framework for market risk management (including reporting) in respect of all assets held, including those that do not have a liquid market and/or are exposed to high price volatility.

8.2 Banks must develop a market risk management strategy including the level of acceptable market risk taking into account contractual agreements with fund providers, types of risk-taking activities and target markets to ensure that exposures remain at or below the pre-determined levels and within the limit of the bank’s risk bearing capacity. Banks should review the strategy periodically, communicate to relevant staff and disclose to fund providers.

8.3 Banks must establish a sound and comprehensive market risk management system and processes which shall include: 8.3.1 processes for identifying underlying market risk exposures arising from Shari’ah compliant contract; 8.3.2 setting a middle office or an independent market risk management function to monitor, measure and analyze risks inherent in the treasury operations of a Shari’ah compliant banking activities and periodically report to senior management market risk exposures and risk mitigation and control measures; 8.3.3 policies, procedures and systems for pricing, valuation and income recognition; and 8.3.4 effective management information system for monitoring and measuring asset risk exposure and performance, and reporting to senior management and board.

8.4 Banks must, at all time, be able to quantify market risk exposures, analyze and report to senior management and board their exposure to potential losses in their net open asset positions both under normal and stressed market conditions.

8.5 Banks must assess the market structure including consideration on the level of liquidity giving rise to heightened market risk, and availability of market prices in assets where the bank is exposed to. For example, assets traded in illiquid markets may not be realizable at prices quoted in other more active markets. In the valuation of assets where no direct market prices are available, banks should have in place valuation framework and methodologies for their market risk positions, which may include appropriate forecasting or valuation models to estimate the value of assets.


8.6 Where valuation methodologies are deficient, banks should establish a contractual agreement with the counterparty specifying the methods to be used in valuing the assets or assess the need to allocate funds to cover risks resulting from illiquidity and uncertainty in assumptions underlying valuation and realization.

8.7 Banks’ market risk management framework should also account for the risks associated to the following Shari’ah products: 8.7.1 The risks that relate to the current and future volatility of market values of specific assets (for example, the commodity price of a Salam asset, the market value of a Sukuk, the market value of Murabahah assets purchased to be delivered over a specific period) and of foreign exchange rates. 8.7.2 In Salam, banks can be exposed to counterparty credit risk on a long position and commodity price fluctuations while holding the subject matter until it is disposed of. In the case of Parallel Salam, there is also the risk that a failure of delivery of the subject matter would leave the banks exposed to commodity price risk as a result of the need to purchase a similar asset in the spot market in order to honor the Parallel Salam contract.

8.8 Banks must also consider their exposures to foreign exchange risk arising from changes in foreign exchange rate in cross-border transactions and those arising from receivables and payables denominated in foreign currencies.

8.9 Banks must ensure that their exposures to market risk are subject to internally pre-determined market risk limits. Banks may as part of its risk management strategy hedge their market risk exposures using Shari’ah compliant instruments. Banks must ensure that market risk exposures are reported to senior management when exposures are approaching or has breached pre-determined limits, and implement measures to bring the exposures to compliance as soon as practicable.

9. Operational Risk 9.1 Principle