4.1An IB must establish, implement and maintain a risk governance framework that enables it to identify, assess, monitor, mitigate and control risks. The risk governance framework consists of policies, procedures processes, systems, controls and limits. The risk governance framework must be comprehensive and address the specific risks associated with Shari’ah compliant businesses and activities.
4.2IBs that are branches of foreign licensed financial institutions must adhere to this Standard or establish equivalent arrangements to ensure regulatory comparability and consistency. The equivalent arrangement, if applicable, should include the matters related to general assembly, the Board and its Committees without contradicting the prevailing laws in the UAE. The equivalent arrangements must be submitted to the Central Bank for approval.
4.3IBs must ensure an adequate system of controls with appropriate checks and balances are in place. The controls must (a) comply with the Islamic Shari’ah, (b) comply with applicable regulatory and internal policies and procedures; and (c) take into account the integrity of risk management processes.
4.4In addition to the minimum elements of the risk governance framework stated in the Central Bank’s Risk Management Standards (153/2018), IBs must incorporate the following minimum elements into the risk governance framework:
a.Internal Shari’ah Supervisory Committee,
b.Internal Shari’ah Compliance, and
c.Internal Shari’ah Audit.
4.5In defining and assessing risks, IBs must consider both the probability of the risk materializing and its potential impact on the IB. In addition to the factors to be assessed in the context of the potential risk impact as stated within Central Bank’s Risk Management Standards (153/2018) the IB must also assess the ability to meet its fiduciary responsibility to Investment Account Holders (IAH), both restricted and unrestricted investment accounts.
4.6IBs risk governance framework must address all material risks which at a minimum must include the following items:
a.Credit Risk;
b.Market Risk;
c.Liquidity Risk;
d.Operational Risk and Shari’ah Non-compliance Risk;
e.Displaced Commercial Risk;
f.Equity Investment Risk;
g.Rate of Return Risk;
h.Risks arising from its strategic objectives and business plans; and
i.Other risks that singly, or in combination with different risks, may have a material impact on the IB.
4.7The Board is ultimately responsible for developing the IB’s Shari’ah compliant risk governance framework. The framework must incorporate a “three lines of defense” approach. In addition to the stated requirements within the Central Bank’s Risk Management Standards (153/2018) the IB’s approach should also include provisions relating to:
-Internal Shari’ah Supervision Committee (ISSC);
-Internal Shari’ah compliance, and
-Internal Shari’ah Audit.
4.8The risk appetite statement must reflect a written articulation of the aggregate level and types of risk that an IB is willing to accept, or avoid, in order to achieve its business objectives. However, an IB should have no tolerance toward Shari’ah non-compliance risk. In addition to the minimum items set-out within Central Bank’s Risk Management Standards (153/2018), an IB’s risk appetite statement must also cover the following risks:
-Shari’ah Non-Compliance Risk,
-Displaced Commercial Risk,
-Rate of Return Risk and
-Equity Investment Risk.
4.9IBs must define and document roles and responsibilities towards IBs’ risk governance framework.
4.10The Board’s Risk Committee (“Risk Committee”) is responsible to review and approve the establishment of framework for managing all material risks as part of the overall risk management framework of the IB and must oversee its implementation by the Senior Management.
4.11The Risk Committee must supervise and monitor the management of Shari’ah non-compliance risk and set controls in relation to this type of risk, in consultation with the ISSC and through the internal Shari’ah control division, or section.
4.12The Risk Committee must ensure there is an information system that enables the IB to measure, assess and report all risks including but not limited to Shari’ah Non-Compliance Risk, Equity Investment Risk and Displaced Commercial Risk. Reports must be provided on a timely manner to the Board and Senior Management, in formats suitable for their use and understanding.
4.13In addition to the minimum items set-out within Central Bank’s Risk Management Regulation, IBs must include in its documented ICAAP, within the Internal Control review, provisions relating to the Internal Shari’ah Audit function.
4.14IBs should manage risks in accordance with the Shari’ah rules and the scope determined by the contracts IBs use as basis for their financial transactions. IBs may not transfer risks to counterparties, or avoid responsibilities and ownership risks, which result from using specific contracts. IBs may manage these risks by other means that do not conflict with the provisions of Islamic Shari’ah.