IBANK 7.1.1 Introduction

(1) This Chapter sets out:
(a) the requirements for an Islamic banking business firm’s operational risk management policy to identify, measure, evaluate, manage and control or mitigate operational risk;
(b) the requirements for the firm to collect data on losses caused by operational risk events; and
(c) how to calculate the firm’s operational risk capital requirement.

Note The firm’s operational risk capital requirement is part of its risk-based capital requirement—see rule 3.2.5.
(2) Operational risk is the risk resulting from inadequate or failed internal processes, people and systems, or from external events. Operational risk includes legal risk and Shari’a non-compliance risk but does not include strategic risk or reputational risk.
(3) Legal risk, of an Islamic banking business firm, includes exposures to fines, penalties or punitive damages resulting from supervisory actions as well as private settlements.
(4) Legal risk can arise from:
(a) the firm’s operations (that is, from legal risks common to all financial institutions); or
(b) problems of legal uncertainty in interpreting and enforcing contracts based on Shari’a.

Note For examples of the operational risks that may arise from Islamic financial contracts, see Part 7.4.
(5) Legal risk also includes the risk that sukuk in which the firm is the originator, sponsor or manager fail to perform as intended because of a legal deficiency.
(6) Shari’a non-compliance risk is the risk to an Islamic banking business firm of non-compliance resulting from the failure of the firm’s Shari’a compliance policy to ensure that Shari’a rules and principles (as determined by its Shari’a supervisory board) are complied with.
Guidance
1 Shari’a non-compliance risk can lead to non-recognition of an Islamic banking business firm’s income, and resultant losses. For sukuk, the risk may adversely affect the marketability (and, therefore, the value) of the sukuk.
2 Shari’a non-compliance risk can take 2 forms:
• the risk relating to potential non-compliance with Shari’a rules and principles in the firm’s operations, including the risk that non-permissible income is recognised; and
• the risk relating to the firm’s fiduciary responsibilities as mudarib towards fund providers under a mudarabah contract, according to which, in the case of negligence, misconduct, fraud or breach of contract by the mudarib, the funds provided by the fund providers become a liability of the mudarib.
3 Although the operational risk that could arise for Islamic banking business firms can be considered similar to that of conventional banks, the characteristics of such risk may be different, thus:
• Shari’a-compliant products may involve processing steps different from those of their conventional counterparts
• the assets held on the balance sheets of Islamic banking business firms (physical assets and real estate) are different from those of conventional banks
• the requirements of Shari’a compliance result in different risks relating to information technology products and systems.
4 For examples of Shari’a requirements that must be complied with by an Islamic banking business firm in relation to Islamic financial contracts, see Part 7.5. Failure to comply with the requirements gives rise to Shari’a non-compliance risk.
Derived from QFCRA RM/2015-2 (as from 1st January 2016)
Amended by QFCRA RM/2020-3 (as from 1st January 2021)