(1) This Chapter sets out:
(a) the requirements for an Islamic banking business firm’s operational risk management policy to identify, measure, evaluate, manage and control or mitigate operational risk;
(b) the requirements for the firm to collect data on losses caused by operational risk events; and
(c) how to calculate the firm’s operational risk capital requirement.
The firm’s operational risk capital requirement is part of its risk-based capital requirement—see rule 3.2.5
(4) Legal risk can arise from:
(a) the firm’s operations (that is, from legal risks common to all financial institutions); or
(b) problems of legal uncertainty in interpreting and enforcing contracts based on Shari’a.
For examples of the operational risks that may arise from Islamic financial contracts, see Part 7.4
(6) Shari’a non-compliance risk
is the risk to an Islamic banking business firm of non-compliance resulting from the failure of the firm’s Shari’a compliance policy to ensure that Shari’a rules and principles (as determined by its Shari’a supervisory board) are complied with.
1 Shari’a non-compliance risk can lead to non-recognition of an Islamic banking business firm’s income, and resultant losses. For sukuk, the risk may adversely affect the marketability (and, therefore, the value) of the sukuk.
2 Shari’a non-compliance risk can take 2 forms:
• the risk relating to potential non-compliance with Shari’a rules and principles in the firm’s operations, including the risk that non-permissible income is recognised; and
• the risk relating to the firm’s fiduciary responsibilities as mudarib towards fund providers under a mudarabah contract, according to which, in the case of negligence, misconduct, fraud or breach of contract by the mudarib, the funds provided by the fund providers become a liability of the mudarib.
3 Although the operational risk that could arise for Islamic banking business firms can be considered similar to that of conventional banks, the characteristics of such risk may be different, thus:
• Shari’a-compliant products may involve processing steps different from those of their conventional counterparts
• the assets held on the balance sheets of Islamic banking business firms (physical assets and real estate) are different from those of conventional banks
• the requirements of Shari’a compliance result in different risks relating to information technology products and systems.
4 For examples of Shari’a requirements that must be complied with by an Islamic banking business firm in relation to Islamic financial contracts, see Part 7.5
. Failure to comply with the requirements gives rise to Shari’a non-compliance risk.