| 4.9 | The Bank shall have a sound process for executing all elements of risk management including risk identification, measurement, mitigation, monitoring, reporting and control. This process requires the implementation of appropriate policies, limits, procedures and effective management information systems (MIS) for internal risk reporting and decision making that are commensurate with the scope, complexity and nature of the Banks’ activities.
|
| 4.10 | The Bank shall ensure that an adequate system of controls with appropriate checks and balances is set in place. The controls shall (a) comply with the shari’sah rules and principles; (b) comply with applicable regulatory and internal policies and procedures; and (c) take into account the integrity of risk management processes.
|
| 4.11 | The Bank shall make appropriate and timely disclosure of information to depositors having deposits on Profit and Loss Sharing basis (also known as Profit-sharing Investment Accounts, PSIAs) so that they are able to assess the potential risks and rewards of their deposits and protect their own interests in their decision making process.
|
| 4.12 | In addition to the above, the following general requirements shall also be taken into account by Banks:
|
| | i. | Application of Emergency and Contingency Plan: The Senior Management shall draw up an emergency and contingency plan, approved by the Business Continuity Committee as required under the Business Continuity Management Framework issued by SAMA in February 2017 or the updated version as applicable in order to be able to deal with risks and problems which may arise from unforeseen events.
|
| | ii. | Integration of Risk Management: While assessing and managing risk, the management should have an overall view of risks the Bank is exposed to. This requires having a structure in place to look at risk interrelationships across the Bank. Such a setup could be in the form of a separate department or Bank’s Risk Management Committee could perform such a function. The structure should be such that ensures effective monitoring and control over risks being taken.
|
| | iii. | Risk Measurement: For each category of risk, the Bank is encouraged to establish systems/models that quantify its risk profile. The results of these models should be assessed and validated by an independent function within or outside the Bank.
|
| | iv. | Utilization: The Bank should develop a mechanism which should, to the highest possible extent, monitor that funds provided by the depositors and investors were utilized for the purpose these were advanced.
|
| | v. | Role of Risk Administration Department: It should be separated from the department originating the risk. It should be among the responsibilities of Risk Administration Department to monitor that the documents are obtained according to the requirements as specified in the product. For example, the dates play a very important role in Murabahah transactions and any transaction can be rendered invalid if the sequencing of obtaining documents is changed.
|
| | vi. | Management Information System: The Bank should specify control reports to be prepared by the independent risk management department that should be periodically (at least quarterly) submitted to the related committee of Board and the Senior Management.
|
| | vii. | Human Resources: The Bank shall ensure that the board members, senior management and staff working on related Shari’ah compliant products and processes have been adequately trained regarding Shari'ah principles and procedures.
|
| 4.13 | The risk management approaches and methodologies must be able to distinguish the different nature and combination of risks that are associated with various types of Shari'ah compliant contracts used to structure financial products. A robust and dynamic risk assessment approach is required for products that involve different types of Shari’ah compliant contracts throughout the life of the product.
|
