Читать книгу Risk Management for Islamic Banks - Imam Wahyudi - Страница 18

In facing risks, Islamic banks need to acquire various risk management methods as ammunition. This should be done from the very beginning, at the point of deciding on the risk management goals and strategy, as well as identifying, measuring, and mitigating risks; running supervision; and reporting the implementation of risk management that has been done. Risk management practices need to occur continuously, the same way that risks constantly change and grow in amount and variety.

Risk management practices continuously experience changes from time to time. Classic risk management focuses in determining the risk limit while ensuring that the business run is still profitable. The cutting-edge practice of risk management ensures that the organization has achieved the expected risk-adjusted performance. The evolution that has happened in risk-management practices is not only in the context of concept and framework, but also covers methods, measurement, and risk mitigation. The evolution of risk management is illustrated in Figure 2.1.

Figure 2.1 The Evolution of Islamic Risk Management

The current principles and methods of risk management have been used by many financial institutions and are claimed to be quite sensitive to risk. This progress is undoubtedly connected to the development of new methods in risk management, a more complete and informative database, and more advanced and well-developed information systems. But on the other hand, the types and forms of risk have also changed, along with the development of risk management practices. With those drastic changes, the probability of having a large risk exposure and having that risk actually manifest as a major problem can be reduced and avoided. The high degree of interconnection and interdependence between banks has changed the face of risk. Systemic risk, which was previously not well known, became a very popular concern after the global financial crisis of 2008. The term “too big to fail” which was often used before, has now been eclipsed by the term “too many to fail.” From the crisis itself, we can see that risk itself has changed into something more complex and multifaceted than before.

Building Philosophy and Organizational Culture

The process of risk management should begin by building organizational culture, instilling philosophy, and integrating an institution's vision and mission into the existing system. Not only is it necessary to build physical risk management systems (e.g., socializing the jargon, the information system technology, standard operating procedures, reward and punishment systems, etc.), but also it is more important to build an awareness and culture of risk management. Each employee in an Islamic bank must be aware of and understand that risk is always with them, all the time. They need to be aware that no matter how small the risk they are exposed to, that risk is a liable threat not only to them, but also to the banks where they work. This could extend to the disturbance of daily operations, the losses experienced by a bank's business, and even to the extent of threatening the bank's continued operations.

Building Organizational Structure

Because risk management is a continuous management process, its application should be supported by a strong and effective organizational structure. An organizational structure supportive of the application of risk management does not merely form a risk management division or department. More than that, the risk management process should be arranged in a way that combines both top-down and bottom-up approaches. The responsibility and decision making related to risk-management should be formulated at every managerial level. The top-down and bottom-up approaches to the risk management of Islamic banks are done simultaneously and concurrently, as shown in Figure 2.2.

Figure 2.2 Top-Down and Bottom-Up Approaches

In a top-down approach, the top management formulates the guidelines, policy, and strategy related to risk management. Included in this are risk limit, risk mitigation, risk-return profile, and the like. These formulations are then socialized comprehensively, from the highest echelons of top management to the lowest level of the Islamic bank's structural position. The bottom-up approach, on the other hand, is done as the Islamic bank runs its daily operations in a routine and contiguous manner. In transactions done by officers in various branches of the Islamic bank, spread throughout all regions, the first part of risk exists. Risk began with the existence of the transaction itself, as the risk-return profile for each transaction must be able to be accurately estimated. The types of transactions entered by the officers are of course different from one unit (departments or division) to the next.

The simplest process of risk management usually consists of three stages: the guideline-determination process, the decision-making process and the monitoring process. In the guideline-determination process, certain guides and standards of risk management like the determination of risk limit, the delegation of tasks related to risk management, operational standards, return benchmark, etc., is determined by top management. The guidelines that have been formed are then socialized to all components of various levels in the Islamic bank. After that, the decision-making process can be handled by various components in the Islamic bank's structure. Many decisions that are directly related to risk are decisions that are related to banking transactions. Finally, all risks that emerge from various financial transactions must always be monitored and supervised to ensure that information related to the risk exposure of the Islamic bank is always up-to-date. The monitoring process can function as an early warning system. If there is a transaction whose risk contribution can drastically increase the risk exposure of the Islamic bank, then a good monitoring process should be able to detect this as it happens, enabling timely prevention or mitigation.

Preparing an Adequate Database System

The purpose of a continuous risk management process is to be well prepared to face the challenges of the evolving present. This is extremely reliant on the readiness of the database system; the adequacy of the information technology system, software, and hardware; the discipline in recording every risk-carrying event; the adequacy of reporting standards; and the construction of analysis procedure, as well as continuous and periodical evaluation.

The database system, the adequacy of the information technology system, and the discipline in recording every risk-carrying event are all-important aspects that must be the focus of the Islamic bank's attention. Without the support of all those aspects, the identification and measurement of risk will experience many obstacles. If errors do happen, but are not registered in the Islamic bank's database system, then the resulting measurement is invalid. Seen from the procurement costs, building a database and information system that are related to risk management is expensive. But the benefits received from the availability of such a risk database and information system, built according to the bank's need and specification, are much more significant compared to the cost outlay.

Organization-Based Risk Mapping

Modern risk management practice divides risk into several types. The division is very useful for Islamic banks to differentiate one type of risk from another, enabling them to more accurately identify, measure, and mitigate those risks. Other than dividing risks according to their types, Islamic banks also need to map those various risks to their sources and to the roles of various units in risk management. By mapping the risks, the Islamic bank can more easily identify, measure, and control various available risks. Figure 2.3 shows a simple risk-mapping method (only covering several types of risks) based on their sources and the responsibility of each unit in risk management.

Figure 2.3 Risk Mapping Based on Business Line and Unit Function

The source of risk can be mapped based on the line of business owned by the Islamic bank – that is, commercial bank, investment bank, and banking activity in the financial market. All transaction activity entered by a commercial bank generates credit risk, liquidity risk, and rate-of-return risk. Credit risk came from transactions channeling loans and financing done by the Islamic bank, and liquidity risk came from the Islamic bank's activity in assisting in the liquidation process of a customer's savings. All the transactions done by an investment bank also generate credit risk, liquidity risk, and rate-of-return risk, but with a degree, form, and transaction that are different from commercial banks. With mapping, the Islamic bank can more easily control its entire risk exposure. The risk management manager can easily see which line of business has contributed the most to the total risk faced by the Islamic bank; which business line has exceeded the risk limits set to them and should therefore reduce their risk exposure; and which line of business should receive special priority under certain conditions.

Measuring and Reporting Risk

After identification, risk needs to be measured consistently and presented in an easily understandable form, not just for purposes of risk mitigation by the bank, but also because it is usually required by the regulator. To ensure that a bank is not threatened by bankruptcy, the bank's capital must be ascertained to be enough in amount to weather the various risks currently faced by the bank. In evaluating whether the bank's capital is enough or not, the regulator requires that the bank calculate the potential loss that will be borne if the risk actually manifested as a real problem. Calculating risk is necessary not merely to measure the current capital adequacy ratio, but also to determine the minimum amount of additional capital that needed to be raised to fulfil it. The risk measurement model plays an important role in the entire risk management process, because from the model of risk measurement, the risk and return position of the Islamic bank can be known. Information related to risk and return is an important issue to consider in formulating the framework and guidelines of risk management applied by the Islamic bank, where they will determine every transaction done by every unit of the Islamic bank. A mistake in determining the risk measurement model will lead to a fatal consequence to the application of risk management as a whole, because any mistake in the risk measurement model will lead to a mistake in the calculation of risk and return profile by the Islamic bank. The simple way to measure and report the risk faced is that the bank can construct and utilize the risk matrix as in Table 2.1.

Table 2.1 Constructing the Risk Matrix

Risk Mitigation

Once a particular risk is identified and measured, hopefully its actual occurrence can be minimized. Yet if the probability of it happening is significant, or if (despite its level of rarity) it could do a significant amount of harm, then it is still important to enact mitigation efforts to minimize the effects as much as possible. The risk mitigation strategies that can be chosen by the Islamic bank are different for differing types of risk. The Islamic bank needs to put in place various mitigation techniques that are appropriate for all the risks it faces. To add to this endeavor, unlike a conventional bank, an Islamic bank also has other limitations in risk mitigation techniques. The principle of syari'ah compliance should always be put first, even when mitigating risk.