RISK MANAGEMENT FOR ISLAMIC FINANCIAL INSTITUTIONSTK 5413

SUBMITTED TOPROFESSOR SAIFUL AZHAR ROSLY

PREPARED BYAHMAD PAZIL MD ISA 1400109

SEMESTER SEPTEMBER 2015

TABLE OF CONTENTCONTENTPAGES

1. Risk Management Framework of RHB Islamic Bank3

2. Risk Appetite9

3. Bank Financial Scorecard13

4. Credit Risk14

5. Allowances For Loan Impairment17

6. Credit-Risk Sharing Between Bank And Depositors18

7. Securities Bought/held for Trading in Islamic Bank20

8. Derivative Financial Instruments22

9. Risk-Sensitive Assets (RSA) and Risk-Sensitive Liabilities (RSL)23

10. Risk Weight (RW) And Banks Regulatory Capital24

11. Market Risk26

12. Operational Risk27

13. Possible Factors That Can Cause Bank To Fail31

1. RISK MANAGEMENT FRAMEWORK OF RHB ISLAMIC BANKRisk ManagementRisk is inherent in the Banks activities and is managed through a process of on-going identification, measurement and monitoring, subject to limits and other controls. Besides credit risk, the Bank is exposed to a range of other risk types such as market, liquidity, operational, legal, shariah and strategic and cross-border, as well as other forms of risk inherent to its strategy, product range and geographical coverage.Effective risk management is fundamental to drive sustainable growth and shareholder value, while sustaining competitive advantage, and is thus a central part of the proactive risk management of the Bank.The Group Risk Management Framework governs the management of risks in the RHB Banking Group (the Group), as follows: It provides a holistic overview of the risk and control environment of the Group, with risk management aimed towards loss minimisation and protection against losses which may occur through, principally, the failure of effective checks and controls in the organisation. It sets out the strategic progression of risk management towards becoming a value creation enterprise. This is realised through building up capabilities and infrastructure in risk management sophistication, and enhanced risk quantification to optimise risk adjusted returnsThe Risk Management Framework contains five fundamental principles that drive the philosophy of risk management in the Group. They are: Risk governance from the Boards of Directors of various operating entities within the Group; Clear understanding of risk management ownership; Institutionalisation of a risk-focused organisation; Alignment of risk management to business strategies; and Optimisation of risk-adjusted returns.

Principle 1: Risk Governance from the Boards of Directors of various operating entities in the GroupThe ultimate responsibility of the Boards of Directors in the Group is to ensure that an effective risk management strategy is in place and uniformly understood across the Group. The Group has a structured framework to support the Boards oversight responsibilities.Risk governance and organisationThe Board of Directors (Board) through the BRC/Islamic Risk Management Committee (IRMC), GCRC and the Group Risk & Credit Management function establishes the risk appetite and risk principles for the Group and its relevant entities. The BRC is the principal Board Committee that provides oversight over risk management for the Group to ensure that the Groups risk management process is in place and functional. The BRC assists the Board to review the Groups overall risk management philosophy, risk management framework, risk management policy and risk management models. An IRMC has also been established to assist the Board of RHB Islamic Bank to focus on risk issues relevant and unique to RHB Islamic Bank.The responsibility for the supervision of the day-to-day management of enterprise risk and capital matters is delegated to the GCRC comprising Senior Management of the Group and which reports directly to the BRC and the Group Management Committee (GMC). There are other committees set up to manage specific areas of risks in the Group.

Figure 1: An overview of this governance framework at Group level

Principle 2: Clear Understanding of Risk Management OwnershipProactive risk ownership is important for effective management of risk. This promotes a risk awareness culture throughout the Group. The strategic business units (SBUs) and strategic functional units (SFUs) of the respective operating entities in the Group are collectively responsible for identifying, managing and reporting risks. The business units manage certain defined risks supported by the services provided by the functional units, including the risk management functionPrinciple 3: Institutionalisation of a Risk-Focused OrganisationIn addition to risk ownership, a risk-focused culture is promoted throughout the Group through strengthening of the central risk coordination functions and continuous reinforcement of a risk and control environment within the Group.Central Risk Coordination FunctionGroup Risk & Credit Management function is independent of the business function to ensure that the necessary balance in risk/return decisions is not compromised by short-term pressures to generate revenues. The said function is headed by the Group Chief Risk Officer.The roles and responsibilities of the Group Chief Risk Officer include: Facilitating the setting of the strategic direction and overall policy on management and control of risk of the Group; Ensuring industry best practices in risk management are adopted across the Group, including the setting of risk management parameters and risk underwriting models; Developing a pro-active, balanced and risk-attuned culture within the Group; Advising Senior Management, the GCRC, BRC/IRMC and the Board on risk issues and their possible impact on the Group in the achievement of its objectives and strategies; and Administering the delegation of discretionary powers to Management personnel within the Group. Group Risk & Credit Management consists of Group Risk Management, Group Credit Management and Group Risk Operations, provides independent oversight on business activities and implements the Group Risk Management Framework in order to protect and safeguard the Groups assets, and to prevent and mitigate financial and reputational losses to the Group. Key areas for which Group Risk Management is responsible include the Groups risk policy and framework, day-to-day risk measurement and monitoring, providing timely risk analysis to management, and ensuring compliance to regulatory risk reporting requirements.Group Credit Management oversees the Group-wide credit evaluation and assessment, approval and credit monitoring functions by providing credit risk assessment assurance on credit proposals, highlighting and monitoring business units in rehabilitating potential problematic accounts, and improving credit process efficiency.Group Risk Operations is responsible for strategizing and implementing a comprehensive enterprise-wide risk governance framework, and managing the development of robust risk management infrastructure and tools, aligned with the Groups strategy for growth and keeping pace with the market requirements and competitive business environment. Group Risk Operations drives the operationalisation of the Groups risk transformation initiatives in establishing risk management as a valuable business partner.Risk and Control EnvironmentThe business and functional heads are accountable for risk management in their businesses and functions, and for overseas operations where they have governance responsibilities. The business and functional units have clear segregation of duties to ensure that business processes are functioning effectively. There is accountability delegated to the appropriate authority to enable them to execute their respective authorities in meeting the business strategies without compromising the risk management process.The primary responsibility for managing risks, therefore, rests with the business managers who are best equipped to ensure that risk management and control are continuously focused on the way business is conducted. There is a continuous review of business activities and processes to identify significant risk areas and implement control procedures to operate within established corporate policies and limits.

Principle 4: Alignment of Risk Management to Business StrategiesThe Group Risk Management Framework serves to align the Groups business strategy to risk strategy, and vice-versa. This is articulated through the risk appetite setting and the Groups annual business and financial budgetary plan, which is facilitated by the integration of risk measures in capital management.Risk appetite is set by the Board and reported through various metrics that enable the Bank and the Group to manage capital constraints and shareholders expectations. The risk appetite is a key component of the management of risks and describes the types and level of risk that the Bank and the Group are prepared to accept in delivering its strategy.Principle 5: Optimisation of Risk-Adjusted ReturnsOne of the objectives of capital management is to reflect a risk-adjusted return assumed by the businesses throughout the Group. By linking risk to capital, the risk-adjusted return measure contributes to the creation of shareholder value by facilitating the allocation of capital to the businesses.The medium to long-term strategy and principle of risk management of the Group is to intensify the integration of capital management within the Group. The Group is progressively implementing a risk-adjusted return based framework for allocation of capital to business units and for performance measurement and management

THE RISK MANAGEMENT PROCESSThe risk management framework provides the support infrastructure for the bank to monitor the risk management process on all positions it is taking. Risk management is not restricted to specific levels, functions or departments within an Islamic banking set-up. Rather it involves all banking activities whether it is at the front, middle or back office. The oversight function of the board of directors puts risk management as top priority in making sure that earnings and capital are protected against potential losses or risks arising from systematic and unsystematic events.The risk management process is the process of anticipating and analysing risks and coming up with effective and efficient ways of managing as well as removing them. There are four steps involved in this process1. Risk Identification2. Risk Measurement3. Risk Treatment/Mitigation4. Risk Monitoring and Reporting

Risk IdentificationAt the point of loan, bay bithaman ajil (BBA) and any other financing origination, often at the credit committee level. For example, in a BBA facility, the major risk is credit risk. The same applies to other credit related products such as al-ijarah thumma al-bay (AITAB) and tawarruq.When the bank books an exposure based on musharakah, the major risk is business risk. If the bank takes ownership of asset in a BBA transaction, the bank faces business risk apart from the credit risk awaiting the deferred installment payments. Other exposures such as istisna and salam carry both business and credit risk. Market risk prevails in all exposures involving future obligations as cost of funds tend fluctuate over time All credit, market and liquidity risk management policies and limits are tabled to the banks credit committee, asset and liability committee and risk management committee before being approved by the board. New products and variations of existing products are vetted through the new product implementation process and signed-off by respective business s, risk control s and support s before they are allowed to be introducedRisk MeasurementWhen all the risks have been identified, they must be given some value which will be used by the bank to estimate the potential loss of the exposure when customers default on their obligations. This is done by measuring the identified risks using the appropriate techniques and models. As an example, credit risks in loans and BBA is measured by obtaining the expected loss (EL) and unexpected loss (UL) of the facility. Risk parameters such as the probability of default (PD), exposure at given default (EAGD) and loss given default (LGD) will have to be estimated to arrive at the respective values of EL and UL. Market risk is measured using Earning-at-Risk (EaR), Capital-at-Risk (CaR) and Value-at-Risk (VaR).Risk MitigationOnce the risks have been identified and measured, it is vital to mitigate the risk. Four approaches may be possible such as:1. Risk avoidance the bank will not give the loan or extend the financing at all.2. Risk reduction in credit risk, this is done by securing more collateral from thecustomer.3. Risk transfer market risks can be mitigated by using financial derivatives. In Islam,this is possible for hedging purposes once a position is taken by the bank, e.g., issuinga trade finance facility in foreign currency.4. Risk retention this involves accepting the loss or benefit of gain from a risk when itoccurs. More often than not, an Islamic bank faces market risks and is unable to findthe means to mitigate it. This is true for a fixed rate BBA financing as opposed to afloating rate BBA financing.Risk Monitoring and ReportingThe risk management committee provides regular risk reporting to the board and senior management to communicate risk exposures and propose steps to mitigate risk exposures such as financing exposures and movement of non-performing financing.

2. RISK APPETITERHB has financed 1.03% aggressively, 26.6% conservatively and 72.37 % moderately RHB financed maximum amount within 20% to 100% credit risk level. So, we can say RHB is moderate risk taker. And 26.6% of total investment is in 0% credit risk level. In this level RHB invested in Government security, Bond etc. As we know, any bank needs to keep at least 20% of total investment in 0% credit risk level, RHB has maintained more than 20%. Risk appetite of RHB on RWA100%If risk weighted is more than 100% then it is considered as aggressive risk appetite. RHB financed RM 9.426 billion at 100% credit risk level and financed RM 386 million at risk weight is 150%. And this RM 386 million is highly risky financing among the total financing of the RHB. Now we can calculate the capital requirement for this highly risky financing.Table 4: Capital Requirement @ RW 150% (RM000)Credit RateFinancing AmountRWACapital Requirement

150%386,177579,26546,341

RHB needs RM 46.341 million capital requirement to finance 386.177 million at RW 150%. It is high capital requirement against such small amount of financing. That means the more risk in financing the more capital will be needed to back up.

RHBs risk appetite positionIf we look at the data below we can see that RHB financed more between 20% - 100% risk weight. So RHBs risk appetite position is medium. RHB financed aggressively only 1.03% out of total financing amount. On the other hand, RHB financed 26.60% of total financing amount in 0% credit risk level. We can say RHB is 26.60% conservative. Again, RHB financed 72.37% out of total financing amount within 20% to 100% credit risk level. Figure 2: Credit Risk Exposures (Before Credit Risk Mitigation) by Remaining Maturity as at 31 December 2014

Based on the capital adequacy discloser above, RHB has taken mix risk appetite strategy. From their portfolio of financing we can see that they have financed in different risk level such as conservative, moderate and Aggressive. If we consider financing between (20 %< RWA