• IBANK Part 7.3 IBANK Part 7.3 Collection and reporting of operational loss data

    • IBANK 7.3.1 Basic requirement—operational loss dataset

      (1) An Islamic banking business firm must have documented procedures and processes to identify, collect and treat internal loss data for operational risk events. However, the firm need not collect data on any operational risk event for which the gross amount of loss is less than QR 40,000.
      (2) In this Chapter, the set of data resulting from that collection is called the firm’s operational loss dataset.
      (3) The procedures and processes:
      (a) must be subject to validation before the dataset is used to calculate the firm’s operational risk capital requirement; and
      (b) must be regularly independently reviewed by the firm’s internal or external audit functions.
      (4) The procedures and processes must provide for the collection of at least the following information for an operational risk event:
      (a) the gross amount of the resulting loss (the gross loss);
      (b) if available, the date when the event happened or began (date of occurrence);
      (c) the date when the firm became aware of the event (date of discovery);
      (d) the date (or dates) when the event resulted in a loss, reserve or provision against a loss being recognised in the firm’s profit and loss accounts (date of accounting);
      (e) any recovery of the gross loss;
      (f) descriptive information about the drivers or causes of the event.
      (5) The level of detail of the information the firm collects about an event must be proportionate to the gross loss amount resulting from the event.
      (6) When building the dataset, the firm must use the date of accounting as the date of a loss (except that, in the case of a legal loss event (that is, a legal event that results in a loss), the bank must use a date no later than the date of accounting).
      (7) If 2 or more losses:
      (a) had the same operational risk event in common as a cause; or
      (b) were caused by related operational risk events over time, but were posted to the accounts over several years;
      the losses must be allocated to the corresponding years of the loss database, in line with their accounting treatment.
      (8) Data on losses that result from mergers or acquisitions must be included in the dataset.
      (9) The following are not to be included in the dataset:
      (a) costs of general maintenance on property, plant or equipment;
      (b) internal or external expenditure to enhance the firm’s business after operational risk losses (such as upgrades, improvements, risk assessment initiatives and enhancements);
      (c) takaful fees or premiums.
      Derived from QFCRA RM/2015-2 (as from 1st January 2016)
      Amended by QFCRA RM/2020-3 (as from 1st January 2021)

    • IBANK 7.3.2 Meaning of gross loss, recovery and net loss for operational risk events

      (1) The gross loss for an operational risk event is the loss resulting from the event before any kind of recovery. Gross loss from such an event includes:
      (a) any direct charge (including any impairment or settlement) to the relevant firm’s profit and loss accounts;
      (b) costs incurred as a result of the event, including expenses directly linked to the event (such as legal expenses and fees paid to advisors or suppliers) and costs of repairs or replacements;
      (c) provisions or reserves accounted for in the profit and loss accounts against the loss;
      (d) losses temporarily booked in transitory or suspense accounts and not yet reflected in the profit and loss accounts;
      (e) negative economic effects, booked in an accounting period, resulting from operational risk events affecting cash flows or financial statements in previous accounting periods.
      (2) A recovery for an operational risk event is an independent occurrence, related to the event, but separate in time, in which funds, or inflows of economic benefits, are received from a third party.
      payments received from takaful entities
      repayments received from perpetrators of fraud
      recoveries of misdirected transfers
      (3) The net loss for an operational risk event is the loss resulting from the event after any recovery.
      Derived from QFCRA RM/2020-3 (as from 1st January 2021)

    • IBANK 7.3.3 Reporting to Regulatory Authority

      The Regulatory Authority may, by notice given to an Islamic banking business firm, require the firm to report internal loss data in the level 1 categories set out in Annex 9, Detailed loss event classification, to International Convergence of Capital Measurement and Capital Standards: A Revised Framework Comprehensive Version, published by the Basel Committee on Banking Supervision in June 2006.

      Derived from QFCRA RM/2020-3 (as from 1st January 2021)