IFSB 17 Core Principles For Islamic Finance Regulation Banking Segment

Transcription

1. ISLAMIC FINANCIAL SERVICES BOARD CORE PRINCIPLES FOR ISLAMIC FINANCE REGULATION (BANKING SEGMENT)(CPIFR) April 2015
2. Published by : Islamic Financial Services Board Level 5, Sasana Kijang, Bank Negara Malaysia 2, Jalan Dato’ Onn, 50480 Kuala Lumpur, Malaysia Email: ifsb_sec@ifsb.org ISBN: 978-967-5687-44-0 All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, or stored in any retrieval system of any nature without prior written permission, except for permitted fair dealing under the Copyright, Designs and Patents Act 1988, or in accordance with the terms of a license issued by the Copyright, Designs and Patents Act 1988, or in accordance with the terms of a license issued by the Copyright Licensing Agency in respect of photocopying and/or reprographic reproduction. Application for permission for other use of copyright material, including permission to reproduce extracts in other published works, shall be made to the publisher(s). Full acknowledgement of the author, publisher(s) and source must be given. © 2015 Islamic Financial Services Board
3. ABOUT THE ISLAMIC FINANCIAL SERVICES BOARD (IFSB) The IFSB is an international standard-setting organisation which was officially inaugurated on 3 November 2002 and started operations on 10 March 2003. The organisation promotes and enhances the soundness and stability of the Islamic financial services industry by issuing global prudential standards and guiding principles for the industry, broadly defined to include banking, capital markets and insurance sectors. The standards prepared by the IFSB follow a lengthy due process as outlined in its Guidelines and Procedures for the Preparation of Standards/Guidelines, which includes the issuance of exposure drafts, and the holding of workshops and, where necessary, public hearings. The IFSB also conducts research and coordinates initiatives on industry-related issues, as well as organises roundtables, seminars and conferences for regulators and industry stakeholders. Towards this end, the IFSB works closely with relevant international, regional and national organisations, research/educational institutions and market players. For more information about the IFSB, please visit www.ifsb.org.
5. COUNCIL MEMBERS * H.E. Dr Ahmad Mohamed Ali President, Islamic Development Bank H.E. Rasheed M. Al-Maraj Governor, Central Bank of Bahrain H.E. Dr Atiur Rahman Governor, Bangladesh Bank H.E. Yusof Abd Rahman Managing Director, Autoriti Monetari Brunei Darussalam H.E. Ahmed Osman Governor, Banque Centrale De Djibouti H.E. Hisham Ramez Abdel Hafez Governor, Central Bank of Egypt H.E. Agus D.W. Martowardojo Governor, Bank Indonesia H.E. Dr Valiollah Seif Governor, Central Bank of the Islamic Republic of Iran H.E. Dr Ziad Fariz Governor, Central Bank of Jordan H.E. Dr Mohammad Y. Al Hashel Governor, Central Bank of Kuwait H.E. Abdellatif Jouahri Governor, Bank Al-Maghrib H.E. Dr Zeti Akhtar Aziz Governor, Bank Negara Malaysia H.E. Dr Azeema Adam Governor, Maldives Monetary Authority H.E. Rameswurlall Basant Roi G.C.S.K. Governor, Bank of Mauritius H.E. Godwin Emefiele Governor, Central Bank of Nigeria H.E. Ashraf Mahmood Wathra Governor, State Bank of Pakistan H.E. Sheikh Abdulla Saoud Al-Thani Governor, Qatar Central Bank H.E Dr Fahad Al-Mubarak Governor, Saudi Arabian Monetary Agency H.E. Ravi Menon Managing Director, Monetary Authority of Singapore H.E. Abdelrahman Hassan Abdelrahman Hashim Governor, Central Bank of Sudan H.E. Mutalip Ünal Acting Chairman, Banking Regulation and Supervisory Agency, Turkey H. E. Mubarak Rashed Khamis Al Mansoori Governor, Central Bank of the United Arab Emirates *In alphabetical order of the country the member’s organisation represents i
6. TECHNICAL TECHNICAL COMMITTEE COMMITTEE Chairman Chairman H .E. Dr Ahmed Abdulkarim Alkholifey – Saudi Arabian Monetary Agency H.E. Dr Ahmed Abdulkarim Alkholifey – Saudi Arabian Monetary Agency (from 10 December 2013) (from 10 December 2013) Dr Abdulrahman A. Al-Hamidy – Saudi Arabian Monetary Agency (until 24 October 2013) Dr Abdulrahman A. Al-Hamidy – Saudi Arabian Monetary Agency (until 24 October 2013) Deputy Chairman Chairman Deputy Mr Mu’jib Mr. Mu’jib Turki Turki Al Al Turki Turki – – Qatar Qatar Central Central Bank Bank (from (from 77 April April 2013) 2013) Dr Mohammad Yousef Al Hashel – Central Bank of Kuwait (until 29 March 2012) 2012) Mr. Khalid Hamad Abdulrahman Hamad – Central Bank of Bahrain (until 12 December Mr Khalid Hamad Abdulrahman Hamad––Central CentralBank Bankof ofKuwait Bahrain(until (until2912March December Dr. Mohammad Yousef Al Hashel 2012)2012) Members* Dr Haseeb SalmanUllah Sayed Ali Mr Siddiqui (from30 (until 29March March2012) 2012) Mr Ahmed HaseebAbdul Ullah Khalid Siddiqui Mr (from630 March 2012) (until April 2013) Mr Lotfi Ahmed Abdul Khalid Mr S. Zairi (until 630April 2013) March 2012) (from Mrs Aysha Mr Lotfi S. AlJalahma Zairi (until 2014) (from28 30February March 2012) Mr Hussain Ali Sharaf Mrs Aysha AlJalahma (from 27 March 2014) (until 28 February 2014) Mr K.M. Abdul Wadood Mr Hussain Ali2014) Sharaf (until 4 March (from 27 March 2014) Mr Md Nasiruzzaman Mr K.M. Abdul Wadood (until 20 October 2014) (until 4 March 2014) Mr Chowdhury Md. Feroz Bin Alam Mr Md (from 11Nasiruzzaman December 2014) (until 20 October 2014) Ms Mahani Mohsin Mr Chowdhury Bin Alam (from 27 March Md.Feroz 2014) (from 11 December 2014) Mr Tarek El-Sayed Fayed Ms Mahani Mohsin (from 18 November 2011) (From 27 March 2014) Mr Nawawi Mr Farag Abdul Hameed Faraq (until 5 December 2013) (until 17 November 2011) Dr MrAgusman Tarek El-Sayed Fayed (from 2014) (from 12 18 March November 2011) Dr. Dadang Muljawan Dr Mulya Effendi Siregar (from (until 13 29 March March 2015) 2012) Mr Edy Setiadi Mr Nawawi (from 27 March 2014) (until 5 December 2013) Mr Morteza Setak Mr Agusman (from 30 March 2012) (from 27 March 2014) Dr Salehabadi MrAli Edy Setiadi (until 20 October 2014) (from 27 March 2014) Dr Ali Saeedi Mr. Abdolmahdi Arjman Nejad (from 13 March 2015) (until 29 March 2012) Mr Arafat Alfayoumi Mr Morteza Setak (from 27 March 2014) (from 30 March 2014) Mr Talal Al Zemami Dr Ali27 Salehabadi (from March 2014) (until 20 October 2014) Ishak Mr Bakarudin Mr Arafat Alfayoumi 2011) (from 18 November (from 27 March 2014) Abidin Mr Zainal Izlan Zainal (from 30 March 2012) Islamic Development Bank Islamic Development Bank Islamic Corporation for the Development of the Islamic Development Bank Private Sector (ICD) Islamic Corporation Insurance ofofInvestment Islamic Corporation for for thethe Development the and Sector Export Credit Private (ICD) (ICIEC) Central Bank of Bahrain Islamic Corporation for the Insurance of Investment and Export Credit (ICIEC) Central Bank of Bahrain Central Bank of Bahrain Bangladesh Central Bank of Bank Bahrain Bangladesh Bank Bangladesh Bank Bangladesh Bank Bangladesh Bank Autoriti Monetari Bangladesh Bank Brunei Darussalam Central Bank of Egypt Autoriti Monetari Brunei Darussalam BankBank Indonesia Central of Egypt BankBank Indonesia Central of Egypt Bank Indonesia Bank Indonesia Indonesia Financial Services Authority Bank Indonesia Central Bank of the Islamic Republic of Iran Bank Indonesia Securities and Exchange Iran Indonesia Financial Services Organization, Authority Securities and Organization, Central Bank of theExchange Islamic Republic of IranIran Central Bank of Jordan Central Bank of the Islamic Republic of Iran Capital Market Authority of Kuwait Securities and Exchange Organization, Iran Bank Negara Malaysia Central Bank of Jordan Securities Commission Malaysia ii
7. MrBashir Talal AlAliyu Zemami Dr Umar (until 2014) (from20 27October March 2014) Capital Market Authority of Kuwait Central Bank of Nigeria Mr.Saleem Ahmad Ullah Hizzad Baharuddin Mr Sana Ullah (until 2014) (until 20 17 October November 2011) Mr MoiniIshak Mr Yavar Bakarudin (from 2015)2011) (From13 18March November Mr Ahmed Al Mamari Dato Dr NikAliRamlah Mahmood (from (until 27 29 March 2014) 2012) Mr Shaker MrOsamah Zainal Izlan Zainal Abidin (from (from13 30March March2015) 2012) Ms Chuin Hwei Dr Ng Bashir Umar Aliyu (until April 2013)2014) (until620 October Mr Keng MrTan Ahmed AliHeng Al Mamari (until 2014) (from13 27November March 2014) Mr Goh Cheng Mr Ethan Saleem Ullah SanaHing Ullah (from 13 November 2014) (until 20 October 2014) Mrs Rabaa Ahmed El Khalifa Makki Mr. Adrian Leong Chua (until 6 AprilTsen 2013) (until 29 March 2012) Dr Badreldin Gorashi Mustafa Ms Ng Hwei (from 7 Chuin April 2013) (until 6 April 2013) Mr Mehmet Siddik Yurtcicek Mr Tan Heng 27Keng March 2014) (from (until 13 November 2014) Mr Ahmet Bicer Mr. Ethan Goh Cheng (from 27 March 2014) Hing (from 13 November 2014) Mr Bircan Akpinar Mr. Mohammed Ali Elshiekh Terifi (from 27 March 2014) (until 28 March 2011) Mr Khalid Omar Al-Kharji Mr Mohamed Elhassan Elsheikh (from 13 April 2009) (until 11 December 2012) Mr Prasanna Seshachellam Mrs Rabaa Ahmed El Khalifa Makki (from 12 December 2012) (until 6 April 2013) Bank Negara Malaysia State Bank of Pakistan Dr Badreldin Gorashi Mustafa (from 7 April 2013) Central Bank of Sudan Mr Mehmet Siddik Yurtcicek (from 27 March 2014) Banking Regulation and Supervision Agency of the Republic of Turkey Mr Bircan Akpinar (from 27 March 2014) Capital Market Board of Turkey Mr Ahmet Bicer (from 27 March 2014) Central Bank of the Republic of Turkey Mr Khalid Omar Al-Kharji (from 13 April 2009) Central Bank of the United Arab Emirates Mr Peter Casey (until 11 December 2012) Dubai Financial Services Authority, United Arab Emirates Mr Prasanna Seshachellam (from 12 December 2012) Dubai Financial Services Authority, United Arab Emirates State Bank of Pakistan Bank Negara Malaysia CapitalCommission Market Authority of Oman Securities Malaysia Saudi Arabian Monetary Agency Securities Commission Malaysia Monetary Authority Central Bank of Nigeria of Singapore Monetary Capital MarketAuthority AuthorityofofSingapore Oman Monetary State Bank of Authority Pakistan of Singapore Central Bank ofofSudan Monetary Authority Singapore Central Bank ofofSudan Monetary Authority Singapore Banking Regulation and Supervision Agency of Monetary Authority of Singapore Republic of Turkey CentralAuthority Bank of Republic of Turkey Monetary of Singapore Capital Market Board of Turkey Central Bank of Sudan Central Bank of the United Arab Emirates Central Bank of Sudan Dubai Financial Services Authority, United Arab Emirates Central Bank of Sudan *In alphabetical order of the country the member’s organisation represents *In alphabetical order of the country the member’s organisation represents iii
8. CORE PRINCIPLES FOR ISLAMIC FINANCE REGULATION WORKING GROUP Chairman Mr Bakarudin Ishak – Bank Negara Malaysia Deputy Chairman Mr Prasanna Seshachellam – Dubai Financial Services Authority Members* Mr Ashraf Mohammed Asian Development Bank Dr Karl Cordewener Basel Committee on Banking Supervision Dr Mohamed Afzal Norat International Monetary Fund Mr Inwon Song International Monetary Fund Dr Salman Syed Ali Islamic Development Bank Dr Abayomi A. Alawode The World Bank Mrs Aysha Aljalahma (until 4 March 2014) Central Bank of Bahrain Mr Md Nurul Amin (until 6 October 2013) Bangladesh Bank Dr Md Kabir Ahmed (from 27 November 2013) Bangladesh Bank Ms DK Faadzilah Hilalul Fatima Pg Dato Hj Abu Bakar Autoriti Monetari Brunei Darussalam Ms Mariawati Omar Autoriti Monetari Brunei Darussalam Mr Ashraf Bahie El-Din Central Bank of Egypt Mr Deden Firman Hendarsyah (until 4 March 2014) Bank Indonesia Mr Rifki Ismal (from 4 March 2014) Bank Indonesia Mrs Mahnaz Bahrami (until 12 November 2013) Central Bank of the Islamic Republic of Iran Mr Hamidreza Ghaniabadi (from 2 December 2013) Central Bank of the Islamic Republic of Iran Mr Mubarak Al Refaei Capital Markets Authority of Kuwait Mr Khairul Iswar Ibrahim Bank Negara Malaysia Mr Badlishah Bashah Securities Commission Malaysia Mr Muhammad Wada Muazu Lere Central Bank of Nigeria Mr Bello Hassan Central Bank of Nigeria Dr Talmiz Usman National Insurance Commission, Nigeria Mr Zulfikar Ali Khokhar (until 22 May 2014) State Bank of Pakistan Mr Mahmood Shafqat (from 22 May 2014) State Bank of Pakistan Mr Eyad Nassar Palestine Monetary Authority Dr Ali Al Amari Qatar Financial Centre Regulatory Authority iv
9. Mr Yasser Alghofily Saudi Arabian Monetary Agency Ms Mashair Mohamed Ibrahim Sabir Central Bank of Sudan Mr Mustafa Ayaz Banking Regulation and Supervision Agency , Turkey Mr Onder Dogan Capital Markets Board of Turkey Mr Mehmet Onay Central Bank of the Republic of Turkey Mr Burak Dogan Central Bank of the Turkish Republic of Northern Cyprus Dr Obaid Saif Al Zaabi Securities and Commodities Authority, UAE Mr Simon Gray (until 4 March 2014) Dubai Financial Services Authority, UAE Ms Gladys Chongo Mposha Bank of Zambia *In alphabetical order of the country the member’s organisation represents ISLAMIC DEVELOPMENT BANK SHARĪ`AH BOARD* Chairman Sheikh Dr Hussein Hamed Hassan Deputy Chairman Sheikh Dr Abdulsattar Abu Ghuddah H.E. Sheikh Abdullah Bin Suleiman Al-Mani’ Member Sheikh Mohammad Ali Taskhiri Member Sheikh Mohamed Mokhtar Sellami Member Sheikh Muhammad Taqi Al-Usmani Member *In alphabetical order SECRETARIAT, ISLAMIC FINANCIAL SERVICES BOARD Mr Jaseem Ahmed Secretary-General Mr Zahid ur Rehman Khokher Assistant Secretary-General Mr Peter Casey Consultant Professor Simon Archer Consultant Mr Abozer Majzoub Mohammed Osman Member of the Secretariat, Technical and Research Mr Jamshaid Anwar Chattha (until 15 October 2014) Member of the Secretariat, Technical and Research v
10. TABLE OF CONTENTS ABBREVIATIONS ....................................................................................................................... v iii SECTION 1: INTRODUCTION ...................................................................................................... 1 1.1 Background: The Need for Core Principles ....................................................................1 1.2 Main Premises and Objectives ........................................................................................2 1.3 General Approach of the CPIFR ......................................................................................2 1.4 Scope and Application of the CPIFR ..............................................................................3 1.5 Implementation Date ........................................................................................................4 1.6 Structure of the CPIFR ....................................................................................................4 1.7 The CPIFR .........................................................................................................................4 SECTION 2: PRECONDITIONS FOR EFFECTIVE SUPERVISION OF IIFS ...............................9 2.1 Necessary Preconditions for Effective Supervision .....................................................9 2.2 Sound and Sustainable Macroeconomic Policies ........................................................9 2.3 Well-established Framework for Financial Stability Policy Formulation ..................10 2.4 Well-developed Public Infrastructure ...........................................................................10 2.5 Clear Framework for Crisis Management, Recovery and Resolution .......................11 2.6 Appropriate Level of Systemic Protection (or Public Safety Net) .............................11 2.7 Effective Market Discipline ............................................................................................12 SECTION 3: ASSESSMENT METHODOLOGY FOR CPIFR .....................................................13 3.1 Use of the Methodology ................................................................................................13 3.2 Assessment of Compliance ..........................................................................................13 3.3 Practical Considerations in Conducting an Assessment ..........................................15 SECTION 4: CRITERIA FOR ASSESSING COMPLIANCE WITH THE CPIFR FOR IIFS ........ 17 4.1 General Approach on the Applicability of Existing BCPs ..........................................17 4.2 CPIFR Related to Supervisory Powers, Responsibilities and Functions .................17 CPIFR 1: Responsibilities, objectives and powers (BCP 1) .............................................18 CPIFR 2: Independence, accountability, resourcing and legal protection for supervisors (BCP 2) ............................................................................................................................ 20 CPIFR 4: Permissible activities .......................................................................................20 CPIFR 5: Licensing criteria (BCP 5) ............................................................................. ..21 CPIFR 6: Transfer of significant ownership (BCP 6) ........................................................22 CPIFR 7: Major acquisitions .............................................................................................23 CPIFR 3: Cooperation and collaboration (BCP 3) ...........................................................20 vi
11. CPIFR 8 : Supervisory approach (BCP 8) .........................................................................24 CPIFR 9: Supervisory techniques and tools ....................................................................25 CPIFR 10: Supervisory reporting .....................................................................................26 CPIFR 11: Corrective and sanctioning powers of supervisors ........................................28 CPIFR 12: Consolidated supervision ..............................................................................29 CPIFR 13: Home-host relationships ................................................................................30 4.3 CPIFR Related to Prudential Regulations and Requirements for IIFS .....................32 CPIFR 14: Treatment of investment account holders (IAHs) ...........................................32 CPIFR 15: Corporate governance ...................................................................................34 CPIFR 16: Sharī`ah governance framework ...................................................................35 CPIFR 17: Risk management process ............................................................................38 CPIFR 18: Capital adequacy ...........................................................................................41 CPIFR 19: Credit risk .......................................................................................................43 CPIFR 20: Problem assets, provisions and reserves ......................................................45 CPIFR 21: Concentration risk and large exposure limits ................................................46 CPIFR 22: Transactions with related parties ...................................................................48 CPIFR 23: Country and transfer risks (BCP 21) ..............................................................49 CPIFR 24: Equity investment risk ....................................................................................50 CPIFR 25: Market risk .....................................................................................................51 CPIFR 26: Rate of return risk ...........................................................................................52 CPIFR 27: Liquidity risk ...................................................................................................54 CPIFR 28: Operational risk ..............................................................................................56 CPIFR 29: Internal control and audit ...............................................................................57 CPIFR 30: Financial reporting and external audit (BCP 27) .............................................59 CPIFR 31: Transparency and market discipline ...............................................................60 CPIFR 32: Islamic “windows” operations .........................................................................61 CPIFR 33: Abuse of financial services (BCP 29) .............................................................63 APPENDIX A: MAPPING THE BCPs: THE CPIFR APPROACH .............................................. 66 DEFINITIONS .............................................................................................................................. 67 vii
12. ABBREVIATIONS BCBS Basel Committee on Banking Supervision BCPs Basel Core Principles – BCBS’s Core Principles for Effective Banking Supervision, revised September 2012 BOD Board of directors CDD Customer due diligence CMT Commodity Murābahah transactions CPIFR Core Principles for Islamic Finance Regulation CPIFRWG Core Principles for Islamic Finance Regulation Working Group DCR Displaced commercial risk D-SIBs Domestic systemically important banks ERM Enterprise risk management FSAP Financial sector assessment programme GFC Global financial crisis GN-1 IFSB Guidance Note on Recognition of Ratings by External Credit Assessment Institutions on Sharī`ah-compliant Financial Instruments, March 2008 GN-2 IFSB Guidance Note in Connection with the Risk Management and Capital Adequacy Standards: Commodity Murābahah Transactions, December 2010 GN-3 IFSB Guidance Note on the Practice of Smoothing the Profits Payout to Investment Account Holders, December 2010 GN-4 IFSB Guidance Note in Connection with the IFSB Capital Adequacy Standards: The Determination of Alpha in the Capital Adequacy Ratio, March 2011 IAHs Investment account holders IAIS International Association of Insurance Supervisors IFSB Islamic Financial Services Board IFSB-1 IFSB Guiding Principles on Risk Management, December 2005 IFSB-2 IFSB Capital Adequacy Standard, December 2005 IFSB-3 IFSB Guiding Principles on Corporate Governance, December 2006 IFSB-4 IFSB Disclosure to Promote Transparency and Market Discipline, December 2007 IFSB-7 IFSB Guiding Principles on Capital Adequacy Requirements for Sukūk, Securitisations and Real Estate Investment, January 2009 IFSB-9 IFSB Guiding Principles on Conduct of Business for Institutions offering Islamic Financial Services, December 2009 IFSB-10 IFSB Guiding Principles on Sharī`ah Governance System, December 2009 IFSB-12 IFSB Guiding Principles on Liquidity Risk Management for IIFS, March 2012 IFSB-13 IFSB Guiding Principles on Stress Testing for Institutions offering Islamic Financial Services, March 2012 viii
13. IFSB-15 IFSB Revised Capital Adequacy Standard , December 2013 IFSB-16 IFSB Revised Guidance on Key Elements in the Supervisory Review Process, March 2014 IFSI Islamic financial services industry IIFS Institutions offering Islamic financial services in banking segments ISCU Internal Sharī`ah Compliance Unit ISRU Internal Sharī`ah Review Unit IMF International Monetary Fund IOSCO International Organization of Securities Commissions LOLR Lender of last resort IAH Investment account holders IRR Investment risk reserve PER Profit equalisation reserve PSIA Profit-sharing investment account RIAH Restricted investment account holders ROR Rate of return RSAs Regulatory and supervisory authorities R-SIBs Regionally systematically important banks SCDIS Sharī`ah-compliant deposit insurance scheme SLOLR Sharī`ah-compliant lender of last resort SSB Sharī`ah Supervisory Board UIAH Unrestricted investment account holders UPSIA Unrestricted profits sharing investment accounts ix
15. Bismillahirrahmanirrahim Allahummasalliwasallim ‘alaSayyidina Muhammad wa’alaalihiwasahbihi SECTION 1: INTRODUCTION 1.1 Background: The Need for Core Principles 1. The Islamic financial services industry (IFSI), with its proposition of inclusiveness, has rapidly progressed across the globe, embracing not only Muslim-majority economies but also other emerging markets and advanced economies. The development of this industry encompasses not only an increase in the business volume and number of institutions offering Islamic financial services (IIFS), but also an enhanced variety of the products and services offered, improved legal and regulatory infrastructure, and new initiatives for international cooperation. Accordingly, the IFSI has gained significant market share, and now constitutes an important building block of the financial systems in many jurisdictions. This development and growth has raised a number of challenges for the resilience and stability of financial systems, and for the protection of their users. 2. Core Principles, such as those issued by the Basel Committee on Banking Supervision (BCBS), the International Organization of Securities Commissions (IOSCO) and the International Association of Insurance Supervisors (IAIS), have become a standard tool to guide regulators and supervisors in developing their regulatory regimes and practices. They also serve as the bases for regulatory and supervisory authorities (RSAs) themselves, or external parties such as the multilateral agencies, to assess the strength and effectiveness of regulation and supervision. 3. The global financial crisis (GFC) in 2008 and the sovereign debt crisis have highlighted the significance of a well-articulated microprudential and macroprudential policy framework for ensuring financial sector stability focusing on: (a) assessment of risks to the financial sector; (b) the financial stability policy framework; and (c) capabilities for resolving crises. In addition, the increased integration of the IFSI into the global financial system makes it necessary for the RSAs of the IIFS to ensure that their regulatory frameworks remain relevant in line with the changes in the global financial environment. 4. However, many RSAs, including those new to the regulation and supervision of the IFSI, face challenges in identifying and applying appropriate principles and benchmarks for assessing the gaps in the existing structures and the policies in their jurisdictions. This is in part because the unique features of IIFS call for special regulation and supervision that effectively address their specificities. The approach to regulating and supervising IIFS needs to reflect: (a) the nature of risks to which IIFS are exposed; and (b) the financial infrastructure needed for effective regulation and supervision, which will result in additional or different regulation and supervisory practices to address the potential risks inherent in the IIFS’ operations. 5. In view of the above, the Islamic Financial Services Board (IFSB) Council, in its 21st Meeting held on 12 December 2012 at Islamic Development Bank headquarters in Jeddah, Kingdom of Saudi Arabia, approved the preparation of a set of IFSB Core Principles for Islamic Finance Regulation (hereinafter referred to as “CPIFR”) and the setting up of a Core Principles for Islamic Finance Regulation Working Group (CPIFRWG) for this purpose. It is this working group, under the direction and guidance of the Technical Committee, which has developed these Core Principles and associated assessment methodology. The work has been informed by a survey of RSAs with supervisory responsibilities for Islamic banking in their jurisdictions. This survey, and the CPIRWG’s own deliberations, identified a number of areas in which existing Core Principles either do not deal, or deal inadequately, with the specificities of Islamic finance, thus confirming the need for the present exercise. 6. The present Core Principles deal only with the regulation and supervision of Islamic banking. Other sectors of Islamic finance (principally Takāful and Islamic capital markets) raise different issues, as indeed their conventional counterparts differ from conventional banking. They are at present substantially smaller in scale than Islamic banking. The IFSB proposes to develop Core Principles for these other sectors in the future. In the meantime, however, the present Core Principles may be of some assistance to RSAs in those sectors in areas common across Islamic finance – for example, Sharī`ah governance. 1
16. 1 .2 Main Premises and Objectives 7. The first objective of the IFSB is: “To promote the development of a prudent and transparent Islamic financial services industry through introducing new, or adapting existing, international standards consistent with Sharī`ah principles, and recommending these for adoption.” In pursuit of this objective, the IFSB’s approach is to build on the standards adopted by relevant conventional standard-setters – in this case, principally the BCBS – and to adapt or supplement them only to the extent necessary to deal with the specificities of Islamic finance. It seeks to cooperate with other standard-setters as closely as possible, and in the present instance has benefited from a close working relationship with the BCBS throughout the life of the working group. 8. The main objective of the CPIFR is to provide a set of core principles for the regulation and supervision of the IFSI, taking into consideration the specificities of the IIFS in the banking segment and the lessons learned from the financial crisis, and complementing the existing international standards, principally the BCBS’s Core Principles for Effective Banking Supervision (Basel Core Principles, or BCPs). In particular, the objectives of the CPIFR include: (a) providing a minimum international standard for sound regulatory and supervisory practices for the effective supervision of the IIFS; (b) protecting consumers and other stakeholders by ensuring that the claim to Sharī`ah compliance made explicitly or implicitly by any IIFS is soundly based; (c) safeguarding systemic stability by preserving the linkages between the financial sector and the real economic sector1 which underlie Islamic finance; and (d) ensuring that IIFS act in accordance with their fiduciary responsibilities in all their operations, especially in regard to investment account holders (i.e. investors in profit-sharing investment accounts [PSIAs]). 9. The IFSB envisages that these Core Principles will be used by jurisdictions as a benchmark for assessing the quality of their regulatory and supervisory systems, and for identifying future work to achieve a baseline level of sound regulations and practices for Islamic finance. The CPIFR will promote further integration of Islamic finance with the international architecture for financial stability, while simultaneously providing incentives for improving the prudential framework across jurisdictions so that it is harmonised and consistently implemented across the globe. Furthermore, the CPIFR may also assist IFSB member jurisdictions in: (a) the International Monetary Fund (IMF) and the World Bank financial sector assessment programme (FSAP); (b) self-assessment; (c) reviews conducted by private third parties; and (d) peer reviews conducted, for instance, within regional groupings of banking RSAs. 10. Based on the above premises and objectives, the following subsection describes the general approach to the 33 CPIFR presented in this document. 1.3 General Approach of the CPIFR 11. Following the general approach set out in paragraph 8 above, the starting-point for development of the present Core Principles has been the BCPs and the supporting assessment methodology, as revised in September 2012.2 As already noted, a careful analysis was made of the areas in which the BCP did not adequately address the specificities of Islamic finance. Following this, several new Core Principles have been developed for Islamic finance, while some BCPs are amended significantly, generally at the level of the assessment criteria rather than the Principles themselves. Other BCPs have been retained in view of their common applicability to both conventional and Islamic finance. The text of these BCPs is given unchanged except for cosmetic changes such as the use of the term “IIFS” instead of “bank” at some points. It should be noted that even where principles or criteria are unchanged, their detailed application to Islamic finance may be different from their application to conventional finance. The table in Appendix A indicates the approach that has been taken and provides a mapping between the BCPs and the CPIFR. 1 The term “real economic sector” refers to the part of the economy which is concerned with actual production of goods and services. 2 Core Principles for Effective Banking Supervision, BCBS, September 2012, www.bis.org/publ/bcbs230.htm. 2
17. 12 . Each CPIFR is supported by assessment criteria. These are divided between essential and additional criteria. For the purposes of assessments, the essential criteria are the only elements on which to gauge full compliance with a Core Principle. The additional criteria are suggested best practices that jurisdictions having systemically significant IIFS (i.e. domestic systemically important banks [D-SIBs] or regionally systemically important banks [R-SIBs]) should aim for, and assessment against them is voluntary. Since international regulatory standards tend to become more stringent over time, in case of doubt a supervisory authority would be well-advised to regard additional criteria as good practice which it should attempt to apply, and therefore not as entirely optional. 13. The CPIFR are neutral with regard to different approaches to supervision of IIFS, so long as the over-arching objectives (as set out above) are achieved. They are not designed to cover all the needs and circumstances of every banking system. Instead, specific jurisdiction circumstances should be more appropriately considered in the context of the assessments and in the dialogue between assessors and jurisdiction authorities. 14. Supervisory authorities should apply the CPIFR in the supervision of all Islamic banking institutions within their jurisdictions.3 Individual jurisdictions – in particular, those with advanced markets and IIFS – may expand upon the CPIFR in order to achieve best supervisory practice. 15. A high degree of compliance with the CPIFR should foster overall financial system stability; however, this will not guarantee it, nor will it prevent the failure of IIFS. Banking supervision cannot, and should not, provide an assurance that IIFS will not fail. In a market economy, failures are part of the risk-taking behaviour of corporate and individual entities. However, supervision should aim to reduce the probability and impact of a bank failure; in particular, timely action of supervisors will help to ensure that when failure occurs, it is in an orderly manner. 16. The IFSB stands ready to encourage work at the national level to implement the Core Principles in conjunction with other supervisory bodies and interested parties. The IFSB invites international financial institutions and other agencies to use the CPIFR in assisting individual jurisdictions to strengthen their supervisory arrangements. The IFSB will continue to collaborate closely with those institutions and agencies, and remains committed to further enhancing its interaction with supervisors from the nonmember jurisdictions. 17. Where the IFSB has already published standards in a relevant area, these are reflected at a high level in the Core Principles. In some areas, the IFSB has done limited work, and the Core Principles are therefore its first definitive standards; in such areas, the IFSB may define standards in more detail in the future. Revisions to existing IFSB standards and guidance, and any new standards and guidance, will be designed to strengthen the regulatory regime. Supervisory authorities are encouraged to move towards the adoption of updated and new international supervisory standards as they are issued. 1.4 Scope and Application of the CPIFR 18. The CPIFR are primarily intended to guide the firm-level supervision of full-fledged (i.e. separately incorporated) banking IIFS with due consideration to “proportionality”, taking account of their size, sophistication and complexity, and references to IIFS should be read in that light. These IIFS include, but are not limited to, commercial banks, investment banks and other fund-mobilising institutions, as determined by the respective supervisory authorities, that offer services in accordance with Sharī`ah rules and principles. 19. Islamic “windows” (i.e. units that are not separately incorporated) are present in a majority of the IFSB member jurisdictions where Islamic finance is operating, and the supervisory practices for regulating them – in particular, relating to capital requirements – vary considerably across jurisdictions. This diversity of operations of windows raises a number of issues on supervision which may not be substantially the same as those raised by full-fledged IIFS – in particular, from a governance perspective. The CPIFR set out a specific Principle, CPIFR 32, for supervisory authorities having Islamic window operations within their jurisdictions. This Principle covers aspects of regulation and supervision specific to “windows”, but 3 In jurisdictions where non-bank financial institutions provide funds mobilisation and financing services similar to those of banks, many of the Principles set out in this document would also be appropriate to such non-bank financial institutions. However, it is also acknowledged that some of these categories of institutions may be regulated differently from banks as long as they do not, collectively, account for a significant proportion of funds mobilised in a financial system. 3
18. the other CPIFR will also apply to windows , subject to recognising their branch status (which affects governance, etc.) and to materiality. An important aim in this respect is to avoid regulatory arbitrage within the jurisdiction. 20. The first BCP, reproduced in this document as CPIFR 1, sets out the promotion of safety and soundness of banks and the banking system as the primary objective for banking supervision. Jurisdictions may assign other responsibilities to the banking supervisor provided they do not conflict with this primary objective. The BCBS indicates that the banking supervisor might, for instance, in some jurisdictions be tasked with responsibilities for: (a) depositor protection; (b) financial stability; (c) consumer protection; or (d) financial inclusion. Since Islamic banks typically mobilise substantial funds on a basis other than deposit (as this term is generally understood) 4, it is to be expected that RSAs responsible for supervising IIFS will take some regulatory steps for the protection of investment account holders (IAH). While it should not be an objective of banking supervision to prevent bank failures, supervision should aim to reduce the probability and impact of a bank failure, including by working with resolution authorities, so that when failure occurs, it is in an orderly manner. 21. The CPIFR strengthen the requirements for supervisory authorities, the approaches to supervision and supervisory authorities’ expectations of IIFS. This is achieved through a greater focus on effective risk-based supervision and the need for early intervention and timely supervisory actions. Supervisory authorities should assess the risk profile of IIFS, in terms of the risks they run, the efficacy of their risk management, and the risks they pose to the banking and financial systems. This risk-based process targets supervisory resources where they can be utilised to the best effect, focusing on outcomes as well as processes, moving beyond passive assessment of compliance with rules. 22. The BCPs set out the powers that supervisory authorities should have in order to address safety and soundness concerns. These powers are equally relevant to Islamic finance, and these BCPs are among those incorporated in full into the CPIFR. It is equally crucial that supervisory authorities use these powers once weaknesses or deficiencies are identified. Adopting a forward-looking approach to supervision through early intervention can prevent an identified weakness from developing into a threat to safety and soundness. This is particularly true for highly complex and bank-specific issues (e.g. liquidity risk) where effective supervisory actions must be tailored to a bank’s individual circumstances. 1.5 Implementation Date 23. The CPIFR should be implemented by supervisory authorities in compliance with Sharī`ah and within the legal framework of their respective jurisdictions. The IFSB will expect its members to start implementing the standard from January 2016 (or later where the relevant application date of an underlying IFSB standard is a later date), meaning that by this date the guidance should be transposed into national supervisory guidelines and be reflected in the national supervisory manuals/handbooks, where applicable, and implemented in supervisory practices. 1.6 Structure of the CPIFR 24. The CPIFR document is structured in four sections. Section 2 presents an overview of the preconditions for effective supervision of IIFS. Section 3 outlines the use of the assessment methodology in assessing compliance with the CPIFR, and practical considerations in conducting an assessment. Section 4 sets out the CPIFR in full, with their associated assessment criteria. 25. The CPIFR have been set out in a broadly logical order. This largely reflects the order of the BCPs, but the additional principles have been inserted at points appropriate to their substance (see Appendix A). There is inevitably some overlap in the topics treated; for example, corporate governance is an important issue in its own right, but is also relevant to other issues such as risk management. However, the CPIFR have avoided repeating or restating text in the interests of clarity for both supervisory authorities and possible assessors. 1.7 The CPIFR CPIFR 1: Responsibilities, objectives and powers. An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of IIFS and banking groups. A suitable legal framework for banking supervision is in place to provide each responsible authority with the 4 Typically through PSIA. 4
19. necessary legal powers to authorise banks , conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns. CPIFR 2: Independence, accountability, resourcing and legal protection for supervisory authorities. The supervisory authority possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisory authority. CPIFR 3: Cooperation and collaboration. Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information. CPIFR 4: Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled. CPIFR 5: Licensing criteria. The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of [BOD5] members and senior management) of the IIFS and its wider group, and its strategic and operating plan, internal controls, risk management and projected financial condition (including capital base). Where the proposed owner or parent organisation is a foreign bank, the prior consent of its home supervisory authority is obtained. CPIFR 6: Transfer of significant ownership. The supervisory authority has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing IIFS to other parties. CPIFR 7: Major acquisitions. The supervisory authority has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by an IIFS, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the IIFS to undue risks or hinder effective supervision. CPIFR 8: Supervisory approach. An effective system of banking supervision requires the supervisory authority to develop and maintain a forward-looking assessment of the risk profile of individual IIFS and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from IIFS and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve IIFS in an orderly manner if they become non-viable. CPIFR 9: Supervisory techniques and tools. The supervisory authority uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of an IIFS. CPIFR 10: Supervisory reporting. The supervisory authority collects, reviews and analyses prudential reports and statistical returns from IIFS on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts. CPIFR 11: Corrective and sanctioning powers of supervisors. The supervisory authority acts at an early stage to address unsafe and unsound practices or activities that could pose risks to an IIFS or to the banking system. The supervisory authority has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking licence or to recommend its revocation. CPIFR 12: Consolidated supervision. An essential element of banking supervision is that the supervisory authority supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide. 5 Board of directors. 5
20. CPIFR 13 : Home-host relationships. Home and host supervisory authorities of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisory authorities require the local operations of foreign IIFS to be conducted to the same standards as those required of domestic IIFS. CPIFR 14: Treatment of investment account holders (IAH). The supervisory authority determines how IAH are treated in its jurisdiction. The supervisory authority also determines the various implications (including the regulatory treatment, governance and disclosures, and capital adequacy and associated risk-absorbency features, etc.) relating to IAHs within its jurisdiction. CPIFR 15: Corporate governance. The supervisory authority determines that IIFS demonstrate they have adequate corporate governance and address the relevant aspects of corporate governance from the perspective of IIFS. The supervisory authority also determines that IIFS and banking groups have robust corporate governance policies and processes covering, for example, strategic direction, group and organisational structure, control environment, responsibilities of the IIFS’s BOD and senior management, and compensation. These policies and processes are commensurate with the risk profile and systemic importance of the IIFS. CPIFR 16: Sharī`ah governance framework. The supervisory authority determines that IIFS have a robust Sharī`ah governance system in order to ensure an effective independent oversight of Sharī`ah compliance over various structures and processes within the organisational framework. The Sharī`ah governance structure adopted by an IIFS is commensurate and proportionate with the size, complexity and nature of its business. The supervisory authority also determines the general approach to Sharī`ah governance in its jurisdiction, and lays down key elements of the process. CPIFR 17: Risk management process. The supervisory authority determines that IIFS have a comprehensive risk management process (including effective BOD and senior management oversight) to identify, measure, evaluate, monitor, report and control or mitigate all material risks on a timely basis and to assess the adequacy of their capital and liquidity in relation to their risk profile and market and macroeconomic conditions. The process takes into account appropriate steps to comply with Sharī`ah rules and principles and to ensure the adequacy of relevant risk reporting to the supervisory authority. This extends to development and review of contingency arrangements (including robust and credible recovery plans where warranted) that take into account the specific circumstances of an IIFS. The risk management process is commensurate with the risk profile and systemic importance of the IIFS. CPIFR 18: Capital adequacy. The supervisory authority sets prudent and appropriate capital adequacy requirements for IIFS that reflect the risks undertaken by, and presented by, an IIFS in the context of the markets and macroeconomic conditions in which it operates. The supervisory authority defines the components of regulatory capital (which must comply with Sharī`ah rules and principles), bearing in mind their ability to absorb losses. The supervisory authority requires IIFS to apply an appropriate capital adequacy approach that reflects the extent of risk-sharing between an IIFS’s own capital (shareholders’ funds) and that of its IAHs, and the resultant levels of displaced commercial risk (DCR) and the associated alpha factor. CPIFR 19: Credit risk. The supervisory authority determines that IIFS have an adequate credit risk management process that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate credit risk (including counterparty credit risk) on a timely basis. The full credit lifecycle is covered including credit underwriting, credit evaluation, and the ongoing management of the IIFS’s financing and investment portfolios. CPIFR 20: Problem assets, provisions and reserves. The supervisory authority determines that IIFS have adequate policies and processes for the early identification and management of problem assets, and the maintenance of adequate provisions and reserves. CPIFR 21: Concentration risk and large exposure limits. The supervisory authority determines that IIFS have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate concentrations of risk on a timely basis. Supervisory authorities set prudential limits to restrict bank exposures to single counterparties or groups of connected counterparties. CPIFR 22: Transactions with related parties. In order to prevent abuses arising in transactions with related parties and to address the risk of conflict of interest, the supervisory authority requires IIFS to enter into any transactions with related parties on an arm’s length basis; to monitor these transactions; 6
21. to take appropriate steps to control or mitigate the risks ; and to write off exposures to related parties in accordance with standard policies and processes. CPIFR 23: Country and transfer risks. The supervisory authority determines that IIFS have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate country risk and transfer risk in their international financing and investment activities on a timely basis. CPIFR 24: Equity investment risk. The supervisory authority satisfies itself that adequate policies and procedures including appropriate strategies, risk management and reporting processes are in place for equity investment risk management, including Muḍārabah and Mushārakah investments in the banking book (i.e. financing on a profit-and-loss sharing basis), taking into account the IIFS’s appetite and tolerance for risk. In addition, the supervisory authority ensures that the IIFS have in place appropriate and consistent valuation methodologies; define and establish the exit strategies in respect of their equity investment activities; and have sufficient capital when engaging in equity investment activities. CPIFR 25: Market risks. The supervisory authority determines that IIFS have an adequate market risk management process that takes into account their risk appetite, risk profile, and market and macroeconomic conditions and the risk of a significant deterioration in market liquidity. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate market risks on a timely basis. CPIFR 26: Rate of return risk. The supervisory authority determines that IIFS have adequate systems to identify, measure, evaluate, monitor, report and control or mitigate rate of return (ROR) risk in the banking book on a timely basis. These systems take into account the IIFS’s risk appetite, risk profile and market and macroeconomic conditions. The supervisory authority also assesses the capacity of an IIFS to manage the ROR risk and any resultant DCR, and obtains sufficient information to assess its IAHs’ behavioural and maturity profiles. CPIFR 27: Liquidity risk. The supervisory authority sets prudent and appropriate liquidity requirements (which can include either quantitative or qualitative requirements or both) for IIFS that reflect the liquidity needs of the IIFS. The supervisory authority determines that IIFS have a strategy that enables prudent management of liquidity risk and compliance with liquidity requirements. The strategy takes into account the IIFS’s risk profile as well as market and macroeconomic conditions and includes prudent policies and processes, consistent with the IIFS’s risk appetite, to identify, measure, evaluate, monitor, report and control or mitigate liquidity risk over an appropriate set of time horizons. CPIFR 28: Operational risk. The supervisory authority determines that IIFS have an adequate operational risk management framework that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk on a timely basis. CPIFR 29: Internal control and audit. The supervisory authority determines that IIFS have adequate internal control frameworks to establish and maintain a properly controlled operating environment for the conduct of their business taking into account their risk profile. These include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the IIFS, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding the IIFS’s assets; and appropriate independent internal audit and compliance functions to test adherence to these controls as well as applicable laws and regulations. CPIFR 30: Financial reporting and external audit. The supervisory authority determines that IIFS and banking groups maintain adequate and reliable records, prepare financial statements in accordance with accounting policies and practices that are widely accepted internationally and annually publish information that fairly reflects their financial condition and performance and bears an independent external auditor’s opinion. The supervisory authority also determines that IIFS and parent companies of banking groups have adequate governance and oversight of the external audit function. CPIFR 31: Transparency and market discipline. The supervisory authority determines that IIFS and banking groups regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes. The supervisory authority also determines that IIFS implement a process for assessing the appropriateness of their disclosures, including validation and frequency. 7
22. CPIFR 32 : Islamic “windows” operations. Supervisory authorities define what forms of Islamic “windows” are permitted in their jurisdictions. The supervisory authorities review Islamic windows’ operations within their supervisory review process using the existing supervisory tools. The supervisory authorities in jurisdictions where windows are present satisfy themselves that the institutions offering such windows have the internal systems, procedures and controls to provide reasonable assurance that: (a) the transactions and dealings of the windows are in compliance with Sharī`ah rules and principles; (b) appropriate risk management policies and practices are followed; (c) Islamic and non-Islamic business are properly segregated; and (d) the institution provides adequate disclosures for its window operations. CPIFR 33: Abuse of financial services. The supervisory authority determines that IIFS have adequate policies and processes, including strict customer due diligence rules to promote high ethical and professional standards in the financial sector and to prevent IIFS from being used, intentionally or unintentionally, for criminal activities. 8
23. SECTION 2 : PRECONDITIONS FOR EFFECTIVE SUPERVISION OF IIFS 2.1 Necessary Preconditions for Effective Supervision 26. In jurisdictions where IIFS operate alongside conventional institutions, the supervisory authority needs to recognise the requirement for a regulatory framework that is both consistent with Islamic precepts and able to meet internationally acceptable prudential requirements, as well as providing a level playing field for both IIFS and conventional institutions. 27. The BCPs and IFSB-16 set out “preconditions” (i.e. necessary conditions) for effective banking supervision. These are generally matters that are outside the direct or sole jurisdiction of banking supervisors. Accordingly, while any assessment against the CPIFR should include the assessors’ opinion on how weaknesses in the preconditions for effective banking supervision hinder effective supervision and how effectively supervisory measures mitigate these weaknesses, this opinion should be qualitative rather than providing any kind of graded assessment. 28. Where supervisory authorities have concerns that the preconditions could impact the efficiency or effectiveness of regulation and supervision of IIFS, they should make the government and relevant authorities aware of them, and of their actual or potential negative repercussions for the feasibility of achieving supervisory objectives. Supervisory authorities should work with the government and relevant authorities to address concerns that are outside the direct or sole jurisdiction of the supervisory authorities. Supervisory authorities should also, as part of their normal business, adopt measures to address the effects of such concerns on the efficiency or effectiveness of the regulation and supervision of banks. The preconditions include: (a) sound and sustainable macroeconomic policies; (b) a well-established framework for financial stability policy formulation; (c) a well-developed public infrastructure; (d) a clear framework for crisis management, recovery and resolution; (e) an appropriate level of systemic protection (or public safety net); and (f) effective market discipline. 29. In principle, the broad preconditions are equally relevant for the IFSI; however, they need to be properly interpreted to provide a basis for effective supervision of IIFS. In particular, several of the preconditions need to be approached in ways that recognise the specificities of Islamic finance if they are to provide the level playing field referred to above. Examples include the frameworks for recovery and resolution and the tools for systemic protection. With regard to the soundness and sustainability of macroeconomic policies, it is acknowledged that these are not within the scope of authority of banking supervisors, but the latter will need to react if they perceive that existing policies are undermining the safety and soundness of the banking system. Other preconditions, such as a clear framework for crisis management, recovery and resolution and an appropriate level of systemic protection (or public safety net), are under consideration by the IFSB. 2.2 Sound and Sustainable Macroeconomic Policies 30. Sound macroeconomic policies (mainly fiscal and monetary policies) are the foundation of a stable financial system. Without sound policies, imbalances such as high government borrowing and spending, and an excessive shortage or supply of liquidity, may arise and affect the stability of the financial system. Further, certain government policies6 may specifically use banks and other financial intermediaries as instruments, which may inhibit effective supervision as a result of objectives or practices which are inconsistent with it. 31. Without sound and sustainable macroeconomic policies, banking supervision would not be effective and would remain limited to a supporting role only. Governments should set their road maps in order to ensure financial stability and have their own predetermined systems to regulate their financial sectors in order to sustain stability in return. These issues are highly correlated. The cooperation and collaboration 6 Examples of such policies include accumulation of large quantities of government securities; reduced access to capital markets due to government controls or growing imbalances; degradation in asset quality after loose monetary policies; and government-directed lending or forbearance requirements as an economic policy response to deteriorating economic conditions. 9
24. of all regulatory bodies in the financial sector and availability of alternative policies are necessary for well-developed contingency planning , and having special supervision policies for institutions that carry potential systemic risk is crucial for the sake of the whole sector. 2.3 Well-established Framework for Financial Stability Policy Formulation 32. In view of the impact and interplay between the real economy and banks and the financial system, it is important that there should exist a clear framework for macroprudential surveillance and financial stability policy formulation. Such a framework should set out the authorities or those responsible for identifying systemic and emerging risks in the financial system, monitoring and analysing market and other financial and economic factors that may lead to accumulation of systemic risks, formulating and implementing appropriate policies, and assessing how such policies may affect the banks and the financial system. It should also include mechanisms for effective cooperation and coordination among the relevant agencies. It should be noted that there are a number of macroprudential issues that need to be addressed in part through supervisory consideration of IIFSs’ business models and practices. These include procyclicality, leverage and excessive credit expansion, among other issues. 2.4 Well-developed Public Infrastructure 33. A well-developed public infrastructure needs to comprise the following elements, which, if not adequately provided, can contribute to the weakening of financial systems and markets, or frustrate their improvement. In particular, a well-developed public infrastructure in the context of a supervisory regime for IIFS in a jurisdiction would include, among other things: (a) a system of business laws, including corporate, bankruptcy, contract, consumer protection and private property laws, which is consistently enforced and provides a mechanism for the fair resolution of disputes; (b) comprehensive and well-defined accounting principles and rules that are accepted internationally; (c) a system of independent external audits, to ensure that users of financial statements, including banks, have independent assurance that the accounts provide a true and fair view of the financial position of the company and are prepared according to established accounting principles, with auditors held accountable for their work; (d) an efficient and independent judiciary; (e) availability of competent,7 independent and experienced professionals (e.g. accountants, auditors and lawyers), whose work complies with transparent technical and ethical standards set and enforced by official or professional bodies consistent with international standards, and who are subject to appropriate oversight; (f) well-defined rules governing, and adequate supervision of, other financial markets and, where appropriate, their participants; (g) secure, efficient and well-regulated payment and clearing systems (including central counterparties) for the settlement of financial transactions where counterparty risks are effectively controlled and managed; (h) efficient and effective credit bureaus that make available credit information on recipients of financing8 and/or databases that assist in the assessment of risks; and (i) public availability of basic economic, financial and social statistics. 34. In the context of Islamic finance, it is particularly important that there be clarity as to the way in which issues of Sharī`ah will be addressed by the legal system, should they be pleaded as relevant to a case. 7 “Competence”, in this context, should include an understanding of Islamic finance sufficient for the functions they need to discharge in relation to IIFS. 8 Core Principles for Effective Banking Supervision, BCBS, September 2012, refers here to “borrowers”. 10
25. 2 .5 Clear Framework for Crisis Management, Recovery and Resolution 35. Effective crisis management frameworks and resolution regimes help to minimise potential disruptions to financial stability arising from banks and financial institutions that are in distress or failing. A sound institutional framework for crisis management and resolution requires a clear mandate and an effective legal underpinning for each relevant authority (such as banking supervisors, national resolution authorities, finance ministries and central banks). The relevant authorities should have a broad range of powers and appropriate tools provided in law to resolve a financial institution that is no longer viable and where there is no reasonable prospect of it becoming viable. There should also be agreement among the relevant authorities on their individual and joint responsibilities for crisis management and resolution, and how they will discharge these responsibilities in a coordinated manner. This should include the ability to share confidential information among one another to facilitate planning in advance to handle recovery and resolution situations and to manage such events when they occur. 36. In some jurisdictions, while the efforts are under way to establish a structured and formal framework for crisis management, individual elements of the crisis management framework are already in place. The supervisory authorities enter into arrangements with other supervisory authorities on a regular basis to coordinate financial stability measures – in particular, in the areas of surveillance and supervision – to facilitate the timely implementation of pre-emptive responses to systemic risk. 37. There are particular issues in relation to recovery and resolution in Islamic finance, including, for example, the correct contractual treatment of IAHs, Sukūk issued by the IIFS as capital instruments (mostly equity based) and the rights of their holders, and priorities among creditors of a failed institution. The principles that will be applied need to be established well in advance of any failure or potential failure. 2.6 Appropriate Level of Systemic Protection (or Public Safety Net) 38. Deciding on the appropriate level of systemic protection is a policy question to be addressed by the relevant authorities, including the government and central bank, particularly where it may result in a commitment of public funds. Supervisory authorities will have an important role to play because of their in-depth knowledge of the financial institutions involved. In handling systemic issues, it is necessary to balance several factors: (a) addressing the risks to confidence in the financial system and limiting contagion to otherwise sound institutions; and (b) minimising the distortion to market signals and discipline. 39. The strengthening of financial safety nets comprises the establishment of a lender of last resort (LOLR) and deposit insurance scheme for Islamic banks, both in a Sharī`ah-compliant manner. These facilities are considered important components of financial safety nets in the banking sector. The global financial crisis has demonstrated the need for ensuring financial stability within the jurisdiction, and supervisory authorities have been urged to develop appropriate safety nets which maintain confidence in the financial system and avert panic by funds providers to IIFS. 40. A key element of the framework for systemic protection is a Sharī`ah-compliant deposit insurance scheme (SCDIS) designed to apply to unrestricted profit-sharing investment accounts (UPSIA). Provided such a system is transparent and carefully designed, it can contribute to public confidence in the system and thus limit contagion from IIFS in distress. A conventional deposit insurance system has been established in many jurisdictions, but the business model of IIFS calls for certain adjustments in the way such a scheme should be structured and operationalised. The business model of the IIFS differs on both sides of the balance sheet when compared to their conventional counterparts, and designing appropriate protection for fund providers, mainly IAH, requires careful consideration of Sharī`ah issues.9 41. With respect to LOLR facilities, IIFS cannot obtain funds from LOLR facilities or discount windows, as these involve the payment of interest. Contingency arrangements to obtain funds using Sharī`ahcompliant financial instruments are therefore necessary, and are feasible as is evident from their existence in several jurisdictions. It should be noted that the GFC, and the associated drying up of liquidity in financial markets across jurisdictions, have tested supervisory authorities’ ability to manage situations of stress, and highlight the need for effective LOLR facilities to support IIFS in situations of serious stress. The experiences have also indicated the need for supervisory authorities to provide greater clarity on their 9 At the time of writing, the IFSB is preparing a working paper on the SCDIS issue. It should also be noted that SCDIS and Sharī`ahcompliant lender of last resort (SLOLR) are available in certain jurisdictions. 11
26. roles as providers of Shar ī`ah-compliant liquidity support and LOLR facilities to IIFS in both normal and stressed times.10 2.7 Effective Market Discipline 42. Effective market discipline depends, in part, on adequate flows of information to market participants, appropriate financial incentives to reward well-managed institutions, and arrangements that ensure that investors are not insulated from the consequences of their decisions. Among the issues to be addressed are corporate governance and ensuring that accurate, meaningful, transparent and timely information is provided by financing recipients to investors and creditors. Market signals can be distorted and discipline undermined if governments seek to influence or override commercial decisions, particularly financing decisions, to achieve public policy objectives. In these circumstances, it is important that, if governments or their related entities provide or guarantee the financing, such arrangements are disclosed and there is a formal process for compensating financial institutions when such financing ceases to perform. In this respect, governments should promote market discipline in order to allow the supervisory authorities to apply efficient and up-to-date regulatory mandates. 43. The fact that capital and return on investment for PSIAs depend on the IIFS’s profitability indicates that transparency is even more crucial in the IFSI than in the conventional sector. Applicable international accounting and auditing standards are the underlying supports for risk management, control systems and market discipline. Accordingly, if these standards are applied and enforced in conjunction with IFSB4, the information should be accurate, relevant, timely and accessible, to meet the needs of various stakeholders. Implementation of such standards would make it easier to compare financial statements of IIFS, particularly in terms of income recognition and profit calculation. This would enable the IAHs to assess the type of investment and risk characteristics, based on IIFSs’ disclosure of their investment strategies and risk exposures. A regulatory authority therefore has a role in reinforcing market discipline by requiring timely and relevant information disclosures.11 44. It is well known that, while a number of these “preconditions” are problematic in emerging markets, market discipline is particularly so. 10 Refer to IFSB Working Paper: “Strengthening the Financial Safety Net: The Role of Sharī`ah-Compliant Lender of Last Resort (SLOLR) Facilities as an Emergency Financing Mechanism”, April 2014. 11 Refer to IFSB-4: Disclosures to Promote Transparency and Market Discipline for Institutions offering Islamic Financial Services (excluding Islamic Insurance (Takāful) Institutions and Islamic Mutual Funds), December 2007. 12
27. SECTION 3 : ASSESSMENT METHODOLOGY FOR CPIFR 45. The discussion in this section on the use of the CPIFR assessment methodology and practical considerations for conducting an assessment is in line with that of the BCBS as set out in its revised Basel Core Principles and Assessment Methodology document. 3.1 Use of the Methodology 46. An assessment of the current situation of a jurisdiction’s compliance with the CPIFR can be considered a useful tool in the jurisdiction’s implementation of an effective system of Islamic banking supervision. In order to achieve objectivity and comparability of compliance with the CPIFR in the different jurisdiction-level assessments, supervisory authorities and assessors should refer to this assessment methodology, which does not eliminate the need for both parties to use their judgment in assessing compliance. Such an assessment should identify weaknesses in the existing system of supervision and regulation, and form a basis for remedial measures by government authorities and banking supervisory authorities. 47. The IFSB has decided not to make assessments of its own to maintain the current division of labour between the IFSB’s standard-setting and the international financial institutions’ assessment functions (i.e. conducted primarily by the IMF and the World Bank). However, the IFSB, together with its partners, is prepared to assist in other ways – for example, by providing Facilitating the Implementation of Standards workshops and training. 48. The assessment methodology – which includes a set of essential and additional assessment criteria for each principle – can be used in multiple contexts as presented in Section 1: (a) self-assessments performed by banking supervisors themselves; (b) IMF and World Bank assessments of the quality of supervisory systems – for example, in the context of FSAP; (c) reviews conducted by private third parties such as consulting firms; or (d) peer reviews conducted, for instance, within regional groupings of banking supervisors. The following factors are crucial in the assessment of CPIFR: 3.2 (a) In order to achieve full objectivity, compliance with the CPIFR is best assessed by suitably qualified external parties consisting of two individuals with strong supervisory backgrounds who bring varied perspectives so as to provide checks and balances; however, experience has shown that a recent self-assessment is a highly useful input to an outside party assessment. (b) A proper level of knowledge in Islamic finance is a prerequisite for the assessor in order to perform his or her duties in a proper way. (c) A fair assessment of the banking supervisory process cannot be performed without the genuine cooperation of all relevant authorities. (d) The process of assessing each of the CPIFR requires a judgmental weighing of numerous elements that only qualified assessors with practical, relevant experience can provide. (e) The assessment requires some legal and accounting expertise in the interpretation of compliance with the CPIFR; these legal and accounting interpretations must be in relation to the legislative and accounting structure of the relevant jurisdiction. They may also require the advice of additional legal and accounting experts, which can be sought subsequent to the on-site assessment. (f) The assessment must be comprehensive and in sufficient depth to allow a judgment on whether criteria are fulfilled in practice, not just in theory. Laws and regulations need to be sufficient in scope and depth, and be effectively enforced and complied with. Their existence alone does not provide enough indication that the criteria are met. Assessment of Compliance 49. The primary objective of an assessment should be the identification of the nature and extent of any weaknesses in the banking supervisory system and compliance with individual principles. While the process of implementing the CPIFR starts with the assessment of compliance, assessment is a means to an end, not an objective in itself. Instead, the assessment will allow the supervisory authority (and, in some instances, the government) to initiate a strategy to improve the banking supervisory system, as necessary. 13
28. 50 . To assess compliance with a Principle, this methodology proposes a set of essential and additional assessment criteria for each Principle. By default, for the purposes of grading, the essential criteria are the only elements on which to gauge full compliance with a CPIFR. The additional criteria are suggested best practices that jurisdictions having advanced IIFS should aim for. Going forward, jurisdictions will have the following three assessment options: (a) Unless the jurisdiction explicitly opts for any other option, compliance with the CPIFR will be assessed and graded only with reference to the essential criteria. (b) A jurisdiction may voluntarily choose to be assessed against the additional criteria, in order to identify areas in which it could enhance its regulation and supervision further and benefit from assessors’ commentary on how it could be achieved. However, compliance with the CPIFR will still be graded only with reference to the essential criteria. (c) To accommodate jurisdictions that further seek to attain best supervisory practices, a jurisdiction may voluntarily choose to be assessed and graded against the additional criteria, in addition to the essential criteria. 51. For assessments of the CPIFR by external parties,12 the following four-grade scale will be used: compliant, largely compliant, materially non-compliant, and non-compliant. A brief description of gradings and their applicability is provided below. 1. 1. Compliant. A jurisdiction will be considered compliant with a Principle when all essential criteria applicable for this jurisdiction are met without any significant deficiencies. There may be instances, of course, where a jurisdiction can demonstrate that the Principle has been achieved by other means. Conversely, due to the specific conditions in individual jurisdictions, the essential criteria may not always be sufficient to achieve the objective of the Principle, and therefore other measures may also be needed in order for the aspect of banking supervision addressed by the Principle to be considered effective. 2. 2. Largely compliant. A jurisdiction will be considered largely compliant with a Principle whenever only minor shortcomings are observed that do not raise any concerns about the authority’s ability and clear intent to achieve full compliance with the Principle within a prescribed period of time. The assessment “largely compliant” can be used when the system does not meet all essential criteria, but the overall effectiveness is sufficiently good, and no material risks are left unaddressed. 3. 3. Materially non-compliant. A jurisdiction will be considered materially non-compliant with a Principle whenever there are severe shortcomings, despite the existence of formal rules, regulations and procedures, and there is evidence that supervision has clearly not been effective, that practical implementation is weak, or that the shortcomings are sufficient to raise doubts about the authority’s ability to achieve compliance. It is acknowledged that the “gap” between “largely compliant” and “materially non-compliant” is wide, and that the choice may be difficult. On the other hand, the intention has been to force the assessors to make a clear statement. 4. 4. Non-compliant. A jurisdiction will be considered non-compliant with a Principle whenever there has been no substantive implementation of the Principle, several essential criteria are not complied with, or supervision is manifestly ineffective. 52. In addition, a Principle will be considered “not applicable” when, in the view of the assessor, the Principle does not apply given the structural, legal and institutional features of a jurisdiction. In some instances, when being assessed under the BCP, jurisdictions have argued that, in the case of certain embryonic or immaterial banking activities that were not being supervised, an assessment of “not applicable” should have been given, rather than “non-compliant”. This is especially an issue for Islamic finance, given its nascent state in many jurisdictions. Whether an assessment of “not applicable” is appropriate is an issue for judgment by the assessor, although activities that are relatively insignificant at the time of assessment may later assume greater importance and authorities need to be aware of, and prepared for, such developments. The supervisory system should permit such activities to be monitored, even if no regulation or supervision is considered immediately necessary. “Not applicable” would be an 12 While gradings of self-assessments may provide useful information to the authorities, these are not mandatory as the assessors will arrive at their own independent judgment. 14
29. appropriate assessment if the supervisors are aware of the phenomenon , and would be capable of taking action, but there is realistically no chance that the activities will grow sufficiently in volume to pose a risk. 53. Grading is not an exact science and the CPIFR can be met in different ways. The assessment criteria should not be seen as a checklist approach to compliance but as a qualitative exercise. Compliance with some criteria may be more critical for effectiveness of supervision, depending on the situation and circumstances in a given jurisdiction. Hence, the number of criteria complied with is not always an indication of the overall compliance rating for any given Principle. Emphasis should be placed on the commentary that should accompany each Principle grading, rather than on the grading itself. The primary goal of the exercise is not to apply a “grade”, but rather to focus authorities on areas needing attention in order to set the stage for improvements and develop an action plan that prioritises the improvements needed to achieve full compliance with the CPIFR. 54. The assessment should also include the assessors’ opinion on how weaknesses in the preconditions for effective Islamic banking supervision, as discussed in Section 2, hinder effective supervision and how effectively supervisory measures mitigate these weaknesses. This opinion should be qualitative, rather than providing any kind of graded assessment. Recommendations with regard to the preconditions should not be part of the action plan associated with the CPIFR assessment, but should be included, for instance, in other general recommendations for strengthening the environment of financial sector supervision. 55. The CPIFR are minimum standards to be applied by all Islamic banking supervisory authorities. In implementing some of them, supervisory authorities will need to take into account the risk profile and systemic importance of individual IIFS, particularly for those CPIFR where supervisory authorities have to determine the adequacy of IIFS’ risk management policies and processes. 3.3 Practical Considerations in Conducting an Assessment 56. While the IFSB does not have a specific role in setting out detailed guidelines on the preparation and presentation of assessment reports, it believes there are a few considerations that assessors should take into account when conducting an assessment and preparing the assessment report. 57. First, when conducting an assessment, the assessor must have free access to a range of information and interested parties. The required information may include not only published information, such as the relevant laws, regulations and policies, but also more sensitive information, such as any self-assessments, operational guidelines for supervisory authorities and, where possible, supervisory assessments of individual IIFS. This information should be provided as long as it does not violate legal requirements for supervisory authorities to hold such information confidential. Experience from assessments has shown that secrecy issues can often be solved through ad hoc arrangements between the assessor and the assessed authority. The assessor will need to meet with a range of individuals and organisations, including the banking supervisory authority or authorities, other domestic supervisory authorities, any relevant government ministries, Islamic bankers and bankers’ associations, auditors and other financial sector participants. Special note should be made of instances when any required information is not provided, as well as of what impact this might have on the accuracy of the assessment. 58. Second, the assessment of compliance with each CPIFR requires the evaluation of a chain of related requirements which, depending on the Principle, may encompass law, prudential regulation, supervisory guidelines, on-site examinations and off-site analysis, supervisory reporting and public disclosures, and evidence of enforcement or non-enforcement. Further, the assessment must ensure that the requirements are put into practice. This also requires assessing whether the supervisory authority has the necessary operational autonomy, skills, resources and commitment to implement the CPIFR. 59. Third, assessments should not focus solely on deficiencies but should also highlight specific achievements. This approach will provide a better picture of the effectiveness of supervision of the IFSI. 60. Fourth, there are certain jurisdictions where non-bank IIFS that are not part of a supervised banking group engage in some bank-like activities; these institutions may make up a significant portion of the total financial system and may be largely unsupervised. Since the CPIFR deal specifically with Islamic banking supervision, they cannot be used for formal assessments of these non-bank IIFS. However, the assessment report should, at a minimum, mention those activities where non-banks have an impact on the supervised banks and the potential problems that may arise as a result of non-bank activities. 15
30. 61 . Fifth, the development of cross-border Islamic financial services leads to increased complications when conducting CPIFR assessments, especially given differences in, for example, interpretations of Sharī`ah. Improved cooperation and information sharing between home and host jurisdiction supervisors is of central importance, both in normal times and in crisis situations. The assessor must therefore determine that such cooperation and information sharing actually takes place to the extent needed, bearing in mind the size and complexity of the Islamic banking links between the two jurisdictions. 62. Sixth, the CPFIR are intended to be applicable to both dual banking environments and fully Islamic banking environments. Where a jurisdiction has both significant Islamic banking and significant conventional banking sectors, it will normally be convenient to assess both at the same time. This reflects the fact that the CPIFR and the BCP cover much of the same territory, and many issues will therefore need to be considered only once. This is true not only of the Core Principles and their assessment criteria, but also of the preconditions for effective supervision. A dual assessment of this kind will also be able to assess the relevant linkages between the IFSI and its conventional counterpart, and their implications for financial stability. At what point in the development of Islamic finance in a jurisdiction an assessment against the CPIFR is appropriate will be a matter of judgment depending on both the significance of the sector and its projected development. 16
31. SECTION 4 : CRITERIA FOR ASSESSING COMPLIANCE WITH THE CPIFR FOR IIFS 63. This section lists the assessment criteria for each of the 33 CPIFR under two separate headings: “Essential criteria” and “Additional criteria”. Where appropriate, the documents on which the criteria are founded have been cited. As mentioned earlier, essential criteria are those elements that should be present in order to demonstrate compliance with a Principle. Additional criteria may be particularly relevant to the supervision of more sophisticated Islamic banking organisations, and jurisdictions with such institutions should aim to achieve them. By and large, the compliance grading will be based on the essential criteria; the assessor will comment on, but not grade, compliance with the additional criteria unless the jurisdiction undergoing the assessment has voluntarily chosen to be graded against the additional criteria too. 4.1 General Approach on the Applicability of Existing BCPs 64. As previously noted, many of the BCPs are equally applicable to both conventional and Islamic banking (though the details of their application may differ). These BCPs have been incorporated into the CPIFR essentially unchanged, in order to produce a single, complete, set of principles. Where this has been done, the relevant BCP number is cited immediately after the CPIFR number. Several other BCPs have been modified to deal with the specificities of Islamic finance, generally at the level of assessment criteria rather than the Principle itself. One, BCP 23, has been replaced (by CPIFR 26), and four further Principles have been added. These deal comprehensively with certain topics of particular relevance to Islamic finance. The details, and a mapping from the BCPs to the CPIFR, are given in Appendix A. Where related topics are dealt with in different Principles, the relationship has generally been indicated by a cross-reference rather than by repeating or restating material. This is to allow a focused approach to both assessment and implementation, and to avoid the confusion that may arise if similar concepts are expressed differently in different places. 4.2 CPIFR Related to Supervisory Powers, Responsibilities and Functions CPIFR 1: Responsibilities, objectives and powers CPIFR 2: Independence, accountability, resourcing and legal protection for supervisors CPIFR 3: Cooperation and collaboration CPIFR 4: Permissible activities CPIFR 5: Licensing criteria CPIFR 6: Transfer of significant ownership CPIFR 7: Major acquisitions CPIFR 8: Supervisory approach CPIFR 9: Supervisory techniques and tools CPIFR 10: Supervisory reporting CPIFR 11: Corrective and sanctioning powers of supervisory authorities CPIFR 12: Consolidated supervision CPIFR 13: Home-host relationships CPIFR 1: Responsibilities, objectives and powers (BCP 1) An effective system of banking supervision has clear responsibilities and objectives for each authority involved in the supervision of institutions offering Islamic financial services (IIFS) and banking groups.13 A suitable legal framework for banking supervision is in place to provide each responsible authority with the necessary legal powers to authorise banks, conduct ongoing supervision, address compliance with laws and undertake timely corrective actions to address safety and soundness concerns.14,15 13 In this document, “banking group” includes the holding company, the IIFS and its offices, Islamic “windows”, subsidiaries, affiliates and joint ventures, both domestic and foreign. Risks from other entities in the wider group – for example, non-bank (including non-financial) entities – may also be relevant. This group-wide approach to supervision goes beyond accounting consolidation. 14 The activities of authorising IIFS (or banks), ongoing supervision and corrective actions are elaborated in the subsequent Principles. 15 Responsibilities for Sharī`ah matters, and the relevant powers of supervisory authorities, are dealt with in CPIFR 16. 17
32. Essential criteria 1 . The responsibilities and objectives of each of the authorities involved in banking supervision16 are clearly defined in legislation and publicly disclosed. Where more than one authority is responsible for supervising the banking system, a credible and publicly available framework is in place to avoid regulatory and supervisory gaps. 2. The primary objective of banking supervision is to promote the safety and soundness of IIFS and the banking system. If the banking supervisory authority is assigned broader responsibilities, these are subordinate to the primary objective and do not conflict with it. 3. Laws and regulations provide a framework for the supervisory authority to set and enforce minimum prudential standards for IIFS and banking groups. The supervisory authority has the power to increase the prudential requirements for individual IIFS and banking groups based on their risk profile17 and systemic importance.18 4. Banking laws, regulations and prudential standards are updated as necessary to ensure that they remain effective and relevant to changing industry and regulatory practices. These are subject to public consultation, as appropriate. 5. The supervisory authority has the power to: (a) have full access to IIFS’ and banking groups’ BOD, management, staff and records and, where necessary, to the corresponding bodies elsewhere in the group, in order to review compliance with internal rules and limits as well as external laws and regulations; (b) the overall activities of a banking group, both domestic and cross-border; and (c) the foreign activities of IIFS incorporated in its jurisdiction. 6. When, in a supervisory authority’s judgment, an IIFS is not complying with laws or regulations, or it is or is likely to be engaging in unsafe or unsound practices or actions that have the potential to jeopardise the IIFS or the banking system, the supervisory authority has the power to: (a) take (and/or require an IIFS to take) timely corrective action; (b) impose a range of sanctions; (c) revoke the IIFS’s licence; and (d) cooperate and collaborate with relevant authorities to achieve an orderly resolution of the IIFS, including triggering resolution where appropriate. 7. The supervisory authority has the power to review the activities of parent companies, and of companies affiliated with parent companies, to determine their impact on the safety and soundness of the IIFS and the banking group. CPIFR 2: Independence, accountability, resourcing and legal protection for supervisors (BCP 2) The supervisory authority possesses operational independence, transparent processes, sound governance, budgetary processes that do not undermine autonomy and adequate resources, and is accountable for the discharge of its duties and use of its resources. The legal framework for banking supervision includes legal protection for the supervisory authority. 16 Such an authority is called “the supervisory authority” throughout this paper, except where the longer form “the banking supervisory authority” has been necessary for clarification. 17 In this document, “risk profile” refers to the nature and scale of the risk exposures undertaken by an IIFS. In this document, “systemic importance” is determined by the size, interconnectedness, substitutability, global or cross-jurisdictional activity (if any), and complexity of the IIFS, as set out in IFSB-15. 18 18
33. Essential criteria 1 . The operational independence, accountability and governance of the supervisory authority are prescribed in legislation and publicly disclosed. There is no government or industry interference that compromises the operational independence of the supervisory authority. The supervisory authority has full discretion to take any supervisory actions or decisions on IIFS and banking groups under its supervision. 2. The process for the appointment and removal of the head(s) of the supervisory authority and members of its governing body is transparent. The head(s) of the supervisory authority is (are) appointed for a minimum term and is removed from office during his/her) term only for reasons specified in law or if (s)he is not physically or mentally capable of carrying out the role or has been found guilty of misconduct. The reason(s) for removal is publicly disclosed. 3. The supervisory authority publishes its objectives and is accountable through a transparent framework for the discharge of its duties in relation to those objectives.19 4. The supervisory authority has effective internal governance and communication processes that enable supervisory decisions to be taken at a level appropriate to the significance of the issue and timely decisions to be taken in the case of an emergency. The governing body is structured to avoid any real or perceived conflicts of interest. 5. The supervisory authority and its staff have credibility based on their professionalism and integrity. There are rules on how to avoid conflicts of interest and on the appropriate use of information obtained through work, with sanctions in place if these are not followed. 6. The supervisory authority has adequate resources for the conduct of effective supervision and oversight. It is financed in a manner that does not undermine its autonomy or operational independence. This includes: (a) a budget that provides for staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the IIFS and banking groups supervised; (b) salary scales that allow it to attract and retain qualified staff; (c) the ability to commission external experts with the necessary professional skills and independence, and subject to necessary confidentiality restrictions to conduct supervisory tasks; (d) a budget and programme for the regular training of staff; (e) a technology budget sufficient to equip its staff with the tools needed to supervise the banking industry and assess individual banks and banking groups; and (f) a travel budget that allows appropriate on-site work, effective cross-border cooperation, and participation in domestic and international meetings of significant relevance (e.g. supervisory colleges). 7. As part of their annual resource planning exercise, supervisory authorities regularly take stock of existing skills and projected requirements over the short and medium term, taking into account relevant emerging supervisory practices. Supervisory authorities review and implement measures to bridge any gaps in numbers and/or skill-sets identified. 8. In determining supervisory programmes and allocating resources, supervisory authorities take into account the risk profile and systemic importance of individual IIFS and banking groups, and the different mitigation approaches available. 9. Laws provide protection to the supervisory authority and its staff against lawsuits for actions taken and/or omissions made while discharging their duties in good faith. The supervisory authority and its staff are adequately protected against the costs of defending their actions and/or omissions made while discharging their duties in good faith. 19 Refer to Principle CPIFR 1, Essential Criterion 1. 19
34. CPIFR 3 : Cooperation and collaboration (BCP 3) Laws, regulations or other arrangements provide a framework for cooperation and collaboration with relevant domestic authorities and foreign supervisors. These arrangements reflect the need to protect confidential information.20 Essential criteria 1. Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with all domestic authorities with responsibility for the safety and soundness of IIFS, other financial institutions and/or the stability of the financial system. There is evidence that these arrangements work in practice, where necessary. 2. Arrangements, formal or informal, are in place for cooperation, including analysis and sharing of information, and undertaking collaborative work, with relevant foreign supervisory authorities of IIFS and banking groups. There is evidence that these arrangements work in practice, where necessary. 3. The supervisory authority may provide confidential information to another domestic authority or foreign supervisory authority but must take reasonable steps to determine that any confidential information so released will be used only for IIFS-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party. 4. The supervisory authority receiving confidential information from other supervisory authorities uses the confidential information for IIFS-specific or system-wide supervisory purposes only. The supervisory authority does not disclose confidential information received to third parties without the permission of the supervisory authority providing the information and is able to deny any demand (other than a court order or mandate from a legislative body) for confidential information in its possession. In the event that the supervisory authority is legally compelled to disclose confidential information it has received from another supervisory authority, the supervisory authority promptly notifies the originating supervisory authority, indicating what information it is compelled to release and the circumstances surrounding the release. Where consent to pass on confidential information is not given, the supervisory authority uses all reasonable means to resist such a demand or protect the confidentiality of the information. 5. Processes are in place for the supervisory authority to support resolution authorities (e.g. central banks and finance ministries as appropriate) to undertake recovery and resolution planning and actions. CPIFR 4: Permissible activities The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined and the use of the word “bank” in names is controlled.21 Essential criteria 1. The term “bank” is clearly defined in laws or regulations. 2. The permissible activities of institutions that are licensed and subject to supervision as banks are clearly defined either by supervisors, or in laws or regulations.22 3. The use of the word “bank” and any derivations such as “banking” in a name, including domain names, is limited to licensed and supervised institutions in all circumstances where the general public might otherwise be misled. 20 Principle CPIFR 3 is developed further in the Principles dealing with “Consolidated supervision” (CPIFR 12), “Home-host relationships” (CPIFR 13) and “Abuse of financial services” (CPIFR 33). 21 The use of the word “Islamic”, expressly or by implication, is dealt with in CPIFR 16. Note that the activities undertaken by Islamic banks (or IIFS) may differ from those undertaken by conventional banks, and this may need to be taken into account in structuring the regime. 22 20
35. 4 . The taking of deposits from, or offering UPSIA23 to, the public is reserved for institutions that are licensed and subject to supervision as banks.24 5. The supervisory authority or licensing authority publishes or otherwise makes available a current list of licensed banks, including branches of foreign banks, operating within its jurisdiction in a way that is easily accessible to the public. CPIFR 5: Licensing criteria (BCP 5) The licensing authority has the power to set criteria and reject applications for establishments that do not meet the criteria. At a minimum, the licensing process consists of an assessment of the ownership structure and governance (including the fitness and propriety of BOD members and senior management25) of the IIFS and its wider group, and its strategic and operating plan, internal controls, risk management and projected financial condition (including capital base). Where the proposed owner or parent organisation is a foreign bank, the prior consent of its home supervisory authority is obtained.26 Essential criteria 1. The law identifies the authority responsible for granting and withdrawing a banking licence. The licensing authority could be the banking supervisory authority or another competent authority. If the licensing authority and the supervisory authority are not the same, the supervisory authority has the right to have its views on each application considered, and its concerns addressed. In addition, the licensing authority provides the supervisory authority with any information that may be material to the supervision of the licensed IIFS. The supervisory authority imposes prudential conditions or limitations on the newly licensed IIFS, where appropriate. 2. Laws or regulations give the licensing authority the power to set criteria for licensing IIFS. If the criteria are not fulfilled or if the information provided is inadequate, the licensing authority has the power to reject an application. If the licensing authority or supervisory authority determines that the licence was based on false information, the licence can be revoked. 3. The criteria for issuing licences are consistent with those applied in ongoing supervision. 4. The licensing authority determines that the proposed legal, managerial, operational and ownership structures of the IIFS and its wider group will not hinder effective supervision on both a solo and a consolidated basis. The licensing authority also determines, where appropriate, that these structures will not hinder effective implementation of corrective measures in the future. 5. The licensing authority identifies and determines the suitability of the IIFS’s major shareholders, including the ultimate beneficial owners, and others that may exert significant influence. It also assesses the transparency of the ownership structure, the sources of initial capital and the ability of shareholders to provide additional financial support, where needed. 6. A minimum initial capital amount is stipulated for all IIFS. 7. The licensing authority, at authorisation, evaluates the IIFS’s proposed BOD members and senior management as to expertise and integrity (fit and proper test), and any potential for conflicts of interest. The fit and proper criteria include: (a) skills and experience in relevant financial operations commensurate with the intended activities of the IIFS; and (b) no record of criminal activities or 23 Refer to CPIFR 14. The IFSB recognises the presence in some countries of non-banking financial institutions that take deposits but may be regulated differently from banks. These institutions should be subject to a form of regulation commensurate with the type and size of their business and, collectively, should not hold a significant proportion of deposits in the financial system. 25 This document refers to a governance structure composed of a board (BOD) and senior management. The IFSB recognises that there are significant differences in the legislative and regulatory frameworks across jurisdictions regarding these functions. Some jurisdictions use a two-tier board structure, where the supervisory function of the board is performed by a separate entity known as a “supervisory board”, which has no executive functions. Other jurisdictions, in contrast, use a one-tier board structure in which the board has a broader role. Owing to these differences, this document does not advocate a specific board structure. Consequently, in this document, the terms “BOD” and “senior management” are only used as a way to refer to the oversight function and the management function in general, and should be interpreted throughout the document in accordance with the applicable law within each jurisdiction. 26 Refer also to CPIFR 16 for conditions relating to Sharī`ah compliance, and to CPIFR 32 in respect of Islamic “windows”. 24 21
36. adverse regulatory judgments that make a person unfit to uphold important positions in an IIFS .27 The licensing authority determines whether the IIFS’s BOD has collective sound knowledge of the material activities that the IIFS intends to pursue, and the associated risks. 8. The licensing authority reviews the proposed strategic and operating plans of the IIFS. This includes determining that an appropriate system of corporate governance, risk management and internal controls, including those related to the detection and prevention of criminal activities, as well as the oversight of proposed outsourced functions, will be in place. The operational structure is required to reflect the scope and degree of sophistication of the proposed activities of the IIFS.28 9. The licensing authority reviews pro forma financial statements and projections of the proposed IIFS. This includes an assessment of the adequacy of the financial strength to support the proposed strategic plan, as well as financial information on the principal shareholders of the IIFS. 10. In the case of foreign banks establishing a branch or a subsidiary, before issuing a licence, the host supervisory authority establishes that no objection (or a statement of no objection) from the home supervisory authority has been received. For cross-border banking operations in its country, the host supervisory authority determines whether the home supervisory authority practises global consolidated supervision. 11. The licensing authority or supervisory authority has policies and processes to monitor the progress of new entrants in meeting their business and strategic goals, and to determine that supervisory requirements outlined in the licence approval are being met. CPIFR 6: Transfer of significant ownership (BCP 6) The supervisory authority29 has the power to review, reject and impose prudential conditions on any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing IIFS to other parties. (Reference document: BCBS’s Parallel-owned banking structures, January 2003.) Essential criteria 1. Laws or regulations contain clear definitions of “significant ownership” and “controlling interest”. 2. There are requirements to obtain supervisory approval or provide immediate notification of proposed changes that would result in a change in ownership, including beneficial ownership, or the exercise of voting rights over a particular threshold or change in controlling interest. 3. The supervisory authority has the power to reject any proposal for a change in significant ownership, including beneficial ownership, or controlling interest, or prevent the exercise of voting rights in respect of such investments to ensure that any change in significant ownership meets criteria comparable to those used for licensing IIFS. If the supervisory authority determines that the change in significant ownership was based on false information, the supervisory authority has the power to reject, modify or reverse the change in significant ownership. 4. The supervisory authority obtains from IIFS, through periodic reporting or on-site examinations, the names and holdings of all significant shareholders or those that exert controlling influence, including the identities of beneficial owners of shares being held by nominees, custodians and through vehicles that might be used to disguise ownership. 5. The supervisory authority has the power to take appropriate action to modify, reverse or otherwise address a change of control that has taken place without the necessary notification to or approval from the supervisory authority. 27 Refer to Principle CPIFR 15, Essential Criterion 10. Refer to Principle CPIFR 33. While the term “supervisory authority” is used throughout Principle CPIFR 6, the IFSB recognises that in a few countries these issues might be addressed by a separate licensing authority. 28 29 22
37. 6 . Laws or regulations or the supervisory authority require IIFS to notify the supervisory authority as soon as they become aware of any material information which may negatively affect the suitability of a major shareholder or a party that has a controlling interest. CPIFR 7: Major acquisitions The supervisory authority has the power to approve or reject (or recommend to the responsible authority the approval or rejection of), and impose prudential conditions on, major acquisitions or investments by an IIFS, against prescribed criteria, including the establishment of cross-border operations, and to determine that corporate affiliations or structures do not expose the IIFS to undue risks or hinder effective supervision. Essential criteria 1. Laws or regulations clearly define: (a) what types and amounts (absolute and/or in relation to an IIFS’s capital) of acquisitions and investments need prior supervisory approval; and (b) cases for which notification after the acquisition or investment is sufficient. Such cases are primarily activities closely related to banking and where the investment is small relative to the IIFS’s capital. 2. Laws or regulations provide criteria by which to judge individual proposals. 3. Consistent with the licensing requirements, among the objective criteria that the supervisory authority uses is that any new acquisitions and investments do not expose the IIFS to undue risks or hinder effective supervision. The supervisory authority also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.30 The supervisory authority can prohibit IIFS from making major acquisitions/investments (including the establishment of cross-border banking operations) in countries with laws or regulations prohibiting information flows deemed necessary for adequate consolidated supervision. The supervisory authority takes into consideration the effectiveness of supervision in the host country and its own ability to exercise supervision on a consolidated basis. 4. The supervisory authority determines that an IIFS’s acquisitions are Sharī`ah-compliant types of businesses, or that viable plans and timetables exist for their conversion to Sharī`ah compliance. 5. The supervisory authority determines that an IIFS has, from the outset, adequate financial, managerial and organisational resources to handle the acquisition/investment. 6. The supervisory authority is aware of the risks that non-banking activities can pose to a banking group and has the means to take action to mitigate those risks. The supervisory authority considers the ability of the IIFS to manage these risks prior to permitting investment in non-banking activities. Additional criterion 1. The supervisory authority reviews major acquisitions or investments by other entities in the banking group to determine that these do not expose the IIFS to any undue risks or hinder effective supervision. The supervisory authority also determines, where appropriate, that these new acquisitions and investments will not hinder effective implementation of corrective measures in the future.31 Where necessary, the supervisory authority is able to effectively address the risks to the IIFS arising from such acquisitions or investments. 30 In the case of major acquisitions, this determination may take into account whether the acquisition or investment creates obstacles to the orderly resolution of the IIFS. 31 Refer to footnote 29 under Principle CPIFR 7, Essential Criterion 3. 23
38. CPIFR 8 : Supervisory approach (BCP 8) An effective system of banking supervision requires the supervisory authority to develop and maintain a forward-looking assessment of the risk profile of individual IIFS and banking groups, proportionate to their systemic importance; identify, assess and address risks emanating from IIFS and the banking system as a whole; have a framework in place for early intervention; and have plans in place, in partnership with other relevant authorities, to take action to resolve IIFS in an orderly manner if they become non-viable. Essential criteria 1. The supervisory authority uses a methodology for determining and assessing on an ongoing basis the nature, impact and scope of the risks: (a) which IIFS or banking groups are exposed to, including risks posed by entities in the wider group; and (b) which IIFS or banking groups present to the safety and soundness of the banking system. The methodology addresses, among other things, the business focus, group structure, risk profile, internal control environment and the resolvability of IIFS, and permits relevant comparisons between IIFS. The frequency and intensity of supervision of IIFS and banking groups reflect the outcome of this analysis. 2. The supervisory authority has processes to understand the risk profile of IIFS and banking groups and employs a well-defined methodology to establish a forward-looking view of the profile. The nature of the supervisory work on each IIFS is based on the results of this analysis. 3. The supervisory authority assesses IIFS’ and banking groups’ compliance with prudential regulations and other legal requirements. 4. The supervisory authority takes the macroeconomic environment into account in its risk assessment of IIFS and banking groups. The supervisory authority also takes into account cross-sectoral developments – for example, in non-bank financial institutions – through frequent contact with their regulators. 5. The supervisory authority, in conjunction with other relevant authorities, identifies, monitors and assesses the build-up of risks, trends and concentrations within and across the banking system as a whole. This includes, among other things, IIFS’ problem assets and sources of liquidity (such as domestic and foreign currency funding conditions, and costs). The supervisory authority incorporates this analysis into its assessment of IIFS and banking groups and addresses proactively any serious threat to the stability of the banking system. The supervisory authority communicates any significant trends or emerging risks identified to IIFS and to other relevant authorities with responsibilities for financial system stability. 6. Drawing on information provided by the IIFS and other national supervisory authorities, the supervisory authority, in conjunction with the resolution authority, assesses the IIFS’s resolvability where appropriate, having regard to the IIFS’s risk profile and systemic importance. When IIFSspecific barriers to orderly resolution are identified, the supervisory authority requires, where necessary, IIFS to adopt appropriate measures, such as changes to business strategies, managerial, operational and ownership structures, and internal procedures. Any such measures take into account their effect on the soundness and stability of ongoing business. 7. The supervisory authority has a clear framework or process for handling IIFS in times of stress, such that any decisions to require or undertake recovery or resolution actions are made in a timely manner. 8. Where the supervisory authority becomes aware of bank-like activities being performed fully or partially outside the regulatory perimeter, the supervisory authority takes appropriate steps to draw the matter to the attention of the responsible authority. Where the supervisory authority becomes aware of IIFS restructuring their activities to avoid the regulatory perimeter, the supervisor takes appropriate steps to address this. 24
39. CPIFR 9 : Supervisory techniques and tools The supervisory authority uses an appropriate range of techniques and tools to implement the supervisory approach and deploys supervisory resources on a proportionate basis, taking into account the risk profile and systemic importance of an IIFS. (Reference documents: IFSB-15, December 2013; and IFSB-16, March 2014.) Essential criteria 1. The supervisory authority employs an appropriate mix of on-site32 and off-site33 supervision to evaluate the condition of IIFS and banking groups, their risk profile, internal control environment and the corrective measures necessary to address supervisory concerns. The specific mix between on-site and off-site supervision may be determined by the particular conditions and circumstances of the country and the IIFS. The supervisory authority regularly assesses the quality, effectiveness and integration of its on-site and off-site functions, and amends its approach as needed. 2. The supervisory authority has a coherent process for planning and executing on-site and off-site activities. There are policies and processes to ensure that such activities are conducted on a thorough and consistent basis with clear responsibilities, objectives and outputs, and that there is effective coordination and information sharing between the on-site and off-site functions. 3. The supervisory authority uses a variety of information to regularly review and assess the safety and soundness of IIFS, the evaluation of material risks, and the identification of necessary corrective actions and supervisory actions. This includes information such as prudential reports, statistical returns, information on an IIFS’s related entities, and publicly available information. The supervisory authority determines that information provided by IIFS is reliable34 and obtains, as necessary, additional information on the IIFS and their related entities. 4. The supervisory authority uses a variety of tools to regularly review and assess the safety and soundness of IIFS and the banking system, such as: (a) analysis of financial statements and accounts; (b) business model analysis; (c) horizontal peer reviews; (d) review of the outcome of stress tests undertaken by the IIFS; and (e) analysis of corporate governance, including risk management and internal control systems. The supervisory authority communicates its findings to the IIFS as appropriate and requires the IIFS to take action to mitigate any particular vulnerabilities that have the potential to affect its safety and soundness. The supervisory authority uses its analysis to determine follow-up work required, if any. 5. The supervisory authority, in conjunction with other relevant authorities, seeks to identify, assess and mitigate any emerging risks across IIFS and to the banking system as a whole, potentially including conducting supervisory stress tests (on individual IIFS or system-wide). The supervisory authority communicates its findings as appropriate to either an IIFS or the industry, and requires IIFS to take action to mitigate any particular vulnerabilities that have the potential to affect the stability of the banking system, where appropriate. The supervisory authority uses its analysis to determine follow-up work required, if any. 32 On-site work is used as a tool to provide independent verification that adequate policies, procedures and controls exist at IIFS, determine that information reported by IIFS is reliable, obtain additional information on the IIFS and its related companies needed for the assessment of the condition of the IIFS, monitor the IIFS’s follow-up on supervisory concerns, etc. 33 Off-site work is used as a tool to regularly review and analyse the financial condition of IIFS, follow up on matters requiring further attention, identify and evaluate developing risks, and help identify the priorities, scope of further off-site and on-site work, etc. 34 Refer to Principle CPIFR 10. 25
40. 6 . The supervisory authority evaluates the work of an IIFS’s internal audit function, and determines whether, and to what extent, it may rely on the internal auditors’ work to identify areas of potential risk. 7. The supervisory authority maintains sufficiently frequent contacts as appropriate with an IIFS’s BOD, non-executive BOD members, and senior and middle management (including heads of individual business units and control functions) to develop an understanding of and to assess matters such as strategy, group structure, corporate governance, performance, capital adequacy, liquidity, asset quality, risk management systems and internal controls. Where necessary, the supervisory authority challenges the IIFS’s BOD and senior management on the assumptions made in setting strategies and business models. 8. The supervisory authority communicates to the IIFS the findings of its on- and off-site supervisory analyses in a timely manner by means of written reports or through discussions or meetings with the IIFS’s management. The supervisory authority meets with the IIFS’s senior management and the BOD to discuss the results of supervisory examinations and the external audits as appropriate. The supervisory authority also meets separately with the IIFS’s independent BOD members as necessary. 9. The supervisory authority undertakes appropriate and timely follow-up to check that IIFS have addressed supervisory concerns or implemented requirements communicated to them. This includes early escalation to the appropriate level of the supervisory authority and to the IIFS’s BOD if action points are not addressed in an adequate or timely manner. 10. The supervisory authority requires IIFS to notify it in advance of any substantive changes in their activities, products, structure and overall condition or as soon as they become aware of any material adverse developments, including breach of legal, prudential or Sharī`ah requirements. 11. The supervisory authority may make use of independent third parties, such as auditors, provided there is a clear and detailed mandate for the work. However, the supervisory authority cannot outsource its prudential responsibilities to third parties. When using third parties, the supervisory authority assesses whether the output can be relied upon to the degree intended and takes into consideration the biases that may influence third parties. 12. The supervisory authority has an adequate information system which facilitates the processing, monitoring and analysis of prudential information. The system aids the identification of areas requiring follow-up action. Additional criterion 1. The supervisory authority has a framework for periodic independent review – for example, by an internal audit function or third-party assessor – of the adequacy and effectiveness of the range of its available supervisory tools and their use, and makes changes as appropriate. CPIFR 10: Supervisory reporting The supervisory authority collects, reviews and analyses prudential reports and statistical returns35 from IIFS on both a solo and a consolidated basis, and independently verifies these reports through either on-site examinations or use of external experts. Essential criteria 1. The supervisory authority has the power36 to require IIFS to submit information, on both a solo and a consolidated basis, on their financial condition, performance and risks, on demand and at regular intervals. These reports provide information such as on- and off-balance sheet assets and liabilities, profit and loss, capital adequacy, liquidity, large exposures, risk concentrations (including by economic sector, geography and currency), asset quality, financing loss provisioning, related party transactions, IAHs, equity investment risk, ROR risk, DCR and market risk. 35 In the context of this Principle, “prudential reports and statistical returns” are distinct from and in addition to required accounting reports. The former are addressed by this Principle, and the latter are addressed in Principle CPIFR 30. 36 Refer to Principle CPIFR 2. 26
41. 2 . The supervisory authority provides reporting instructions that clearly describe the accounting standards to be used in preparing supervisory reports. Such standards are based on accounting principles and rules that are widely accepted internationally. 3. The supervisory authority requires IIFS to have sound governance structures and control processes for methodologies that produce valuations. The measurement of fair values maximises the use of relevant and reliable inputs and is consistently applied for risk management and reporting purposes. The valuation framework and control procedures are subject to adequate independent validation and verification, either internally or by an external expert. The supervisory authority assesses whether the valuation used for regulatory purposes is reliable and prudent. Where the supervisory authority determines that valuations are not sufficiently prudent, the supervisory authority requires the IIFS to make adjustments to its reporting for capital adequacy or regulatory reporting purposes. 4. The supervisory authority collects and analyses information from IIFS at a frequency commensurate with the nature of the information requested, and the risk profile and systemic importance of the IIFS. 5. In order to make meaningful comparisons between IIFS and banking groups, the supervisory authority collects data from all IIFS and all relevant entities covered by consolidated supervision on a comparable basis and related to the same dates (stock data) and periods (flow data). 6. The supervisory authority has the power to request and receive any relevant information from IIFS, as well as any entities in the wider group, irrespective of their activities, where the supervisory authority believes that it is material to the condition of the IIFS or banking group, or to the assessment of the risks of the IIFS or banking group, or is needed to support resolution planning. This includes internal management information. 7. The supervisory authority has the power to access37 all IIFS records for the furtherance of supervisory work. The supervisory authority also has similar access to the IIFS’s BOD, management and staff, when required. 8. The supervisory authority has a means of enforcing compliance with the requirement that the information be submitted on a timely and accurate basis. The supervisory authority determines that the appropriate level of the IIFS’s senior management is responsible for the accuracy of supervisory returns, imposes sanctions for misreporting and persistent errors, and requires that inaccurate information be amended. 9. The supervisory authority utilises policies and procedures to determine the validity and integrity of supervisory information. This includes a programme for the periodic verification of supervisory returns by means either of the supervisory authority’s own staff or of external experts.38 10. The supervisory authority clearly defines and documents the roles and responsibilities of external experts,39 including the scope of the work, when they are appointed to conduct supervisory tasks. The supervisory authority assesses the suitability of experts for the designated task(s) and the quality of the work, and takes into consideration conflicts of interest that could influence the output/ recommendations by external experts. External experts may be utilised for routine validation or to examine specific aspects of IIFS’ operations. 11. The supervisory authority requires that external experts bring to its attention promptly any material shortcomings identified during the course of any work undertaken by them for supervisory purposes. 12. The supervisory authority has a process in place to periodically review the information collected to determine that it satisfies a supervisory need. 37 Refer to Principle CPIFR 1, Essential Criterion 5. May be external auditors or other qualified external parties, commissioned with an appropriate mandate, and subject to appropriate confidentiality restrictions. 39 May be external auditors or other qualified external parties, commissioned with an appropriate mandate, and subject to appropriate confidentiality restrictions. External experts may conduct reviews used by the supervisory authority, yet it is ultimately the supervisory authority that must be satisfied with the results of the reviews conducted by such external experts. 38 27
42. CPIFR 11 : Corrective and sanctioning powers of supervisors The supervisory authority acts at an early stage to address unsafe and unsound practices or activities that could pose risks to an IIFS or to the banking system. The supervisory authority has at its disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability to revoke the banking licence or to recommend its revocation. (Reference documents: IFSB-12, March 2012; IFSB-16, March 2014; and BCBS’s Parallel-owned banking structures, January 2003.) Essential criteria 1. The supervisory authority raises supervisory concerns with the IIFS’s management or, where appropriate, the IIFS’s BOD, at an early stage, and requires that these concerns be addressed in a timely manner. Where the supervisory authority requires the IIFS to take significant corrective actions, these are addressed in a written document to the IIFS’s BOD. The supervisory authority requires the IIFS to submit regular written progress reports and checks that corrective actions are completed satisfactorily. The supervisory authority follows through conclusively and in a timely manner on matters that are identified. 2. The supervisory authority has available40 an appropriate range of supervisory tools for use when, in the supervisory authority’s judgment, an IIFS is not complying with laws, regulations or supervisory actions, is engaged in unsafe or unsound practices or in activities that could pose risks to the IIFS or the banking system, or when the interests of UIAHs or depositors are otherwise threatened. 3. The supervisory authority has the power to act where an IIFS falls below established regulatory threshold requirements, including prescribed regulatory ratios or measurements. The supervisory authority also has the power to intervene at an early stage to require an IIFS to take action to prevent it from reaching its regulatory threshold requirements. The supervisory authority has a range of options to address such scenarios. 4. The supervisory authority has available a broad range of possible measures to address, at an early stage, such scenarios as described in Essential Criterion 2 above. These measures include the ability to require an IIFS to take timely corrective action or to impose sanctions expeditiously. In practice, the range of measures is applied in accordance with the gravity of a situation. The supervisory authority provides clear prudential objectives or sets out the actions to be taken, which may include restricting the current activities of the IIFS, imposing more stringent prudential limits and requirements, withholding approval of new activities or acquisitions, restricting or suspending payments to shareholders or share repurchases, restricting asset transfers, barring individuals from the banking sector, replacing or restricting the powers of managers, BOD members or controlling owners, facilitating a takeover by or merger with a healthier institution, providing for the interim management of the IIFS, and revoking or recommending the revocation of the banking licence. 5. The supervisory authority applies sanctions not only to an IIFS but, when and if necessary, also to management and/or the BOD, or individuals therein. 6. The supervisory authority has the power to take corrective actions, including ring-fencing of an IIFS from the actions of parent companies, subsidiaries, parallel-owned banking structures and other related entities in matters that could impair the safety and soundness of the IIFS or the banking system. 7. The supervisory authority cooperates and collaborates with relevant authorities in deciding when and how to effect the orderly resolution of a problem IIFS situation (which could include closure, or assisting in restructuring, or merger with a stronger institution). Additional criteria 1. 40 Laws or regulations guard against the supervisory authority unduly delaying appropriate corrective actions. Refer to Principle CPIFR 1. 28
43. 2 . When taking formal corrective action in relation to an IIFS, the supervisory authority informs the supervisory authority of non-bank-related financial entities of its actions and, where appropriate, coordinates its actions with them. CPIFR 12: Consolidated supervision An essential element of banking supervision is that the supervisory authority supervises the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential standards to all aspects of the business conducted by the banking group worldwide.41 (Reference documents: IFSB-16, March 2014; BCBS’s Supervision of cross-border banking, October 1996; BCBS’s Minimum standards for the supervision of international banking groups and their crossborder establishments, July 1992; BCBS’s Principles for the supervision of banks’ foreign establishments, May 1983; and BCBS’s Consolidated supervision of banks’ international activities, March 1979.) Essential criteria 1. The supervisory authority understands the overall structure of the banking group and is familiar with all the material activities (including non-banking activities) conducted by entities in the wider group, both domestic and cross-border. The supervisory authority understands and assesses how group-wide risks are managed and takes action when risks arising from the banking group and other entities in the wider group – in particular, contagion and reputation risks – may jeopardise the safety and soundness of the IIFS and the banking system. 2. The supervisory authority imposes prudential standards and collects and analyses financial and other information on a consolidated basis for the IIFS group, covering areas such as capital adequacy, liquidity, large exposures, exposures to related parties, financing limits and group structure. 3. The supervisory authority determines that appropriate Sharī`ah compliance systems are in place across the group. In terms of Sharī`ah compliance at the consolidated42 level – in particular, in cases where the Sharī`ah is being interpreted differently across jurisdictions – the supervisory authorities promote: (a) harmonisation of legal and Sharī`ah compliance frameworks; (b) the enhancement of collaboration between the relevant Sharī`ah boards in various jurisdictions; and (c) the sharing of the rulings and the basis of Sharī`ah rulings. 4. The supervisory authority reviews whether the oversight of an IIFS’s foreign operations by management (of the parent IIFS or head office and, where relevant, the holding company) is adequate, having regard to their risk profile and systemic importance, and there is no hindrance in host countries for the parent IIFS to have access to all the material information from their foreign branches and subsidiaries. The supervisory authority also determines that IIFS’ policies and processes require the local management of any cross-border operations to have the necessary expertise to manage those operations in a safe and sound manner, and in compliance with Sharī`ah principles as well as supervisory and regulatory requirements. The home supervisory authority takes into account the effectiveness of supervision conducted in the host countries in which its IIFS have material operations. 5. The home supervisory authority visits the foreign offices periodically, the location and frequency being determined by the risk profile and systemic importance of the foreign operation. The supervisory authority meets the host supervisory authorities during these visits. The supervisory authority has a policy for assessing whether it needs to conduct on-site examinations of an IFIS’s foreign operations, or require additional reporting, and has the power and resources to take those steps as and when appropriate. 6. The supervisory authority reviews the main activities of parent companies, and of companies affiliated with the parent companies, that have a material impact on the safety and soundness of the IIFS and the banking group, and takes appropriate supervisory action. 41 Refer to footnote 12 under Principle CPIFR 1. “Consolidated supervision” is generally defined as a comprehensive approach to banking supervision which seeks to evaluate the strength of an entire group, taking into account all the risks which may affect a bank, regardless of whether these risks are carried in the books of the bank or of related entities. 42 29
44. 7 . 8. The supervisory authority limits the range of activities the consolidated group may conduct and the locations in which activities can be conducted (including the closing of foreign offices) if it determines that: (a) the safety and soundness of the IIFS and banking group is compromised because the activities expose the IIFS or banking group to excessive risk and/or are not properly managed; (b) the supervision by other supervisory authorities is not adequate relative to the risks the activities present; and/or (c) the exercise of effective supervision on a consolidated basis is hindered. In addition to supervising on a consolidated basis, the responsible supervisory authority supervises individual IIFS in the group. The responsible supervisory authority supervises each IIFS on a standalone basis and understands its relationship with other members of the group.43 Additional criterion 1. For countries which allow corporate ownership of IIFS, the supervisory authority has the power to establish and enforce fit and proper standards for owners and senior management of parent companies. CPIFR 13: Home-host relationships Home and host supervisory authorities of cross-border banking groups share information and cooperate for effective supervision of the group and group entities, and effective handling of crisis situations. Supervisory authorities require the local operations of foreign IIFS to be conducted to the same standards as those required of domestic IIFS. (Reference documents: IFSB-12, March 2012; IFSB-16, March 2014; FSB Key Attributes for Effective Resolution Regimes, November 2011; BCBS’s Good practice principles on supervisory colleges, October 2010; BCBS’s The high-level principles for the cross-border implementation of the New Accord, August 2003; BCBS’s Report on cross-border banking supervision, June 1996; BCBS’s Information flows between banking supervisory authorities, April 1990; and BCBS’s Principles for the supervision of banks’ foreign establishments (Concordat), May 1983.) Essential criteria 1. The home supervisory authority establishes bank-specific supervisory colleges for banking groups with material cross-border operations to enhance its effective oversight, taking into account the risk profile and systemic importance of the banking group and the corresponding needs of its supervisory authorities. In its broadest sense, the host supervisory authority who has a relevant subsidiary or a significant branch (or Islamic window) in its jurisdiction and who, therefore, has a shared interest in the effective supervisory oversight of the banking group, is included in the college. The structure of the college reflects the nature of the banking group and the needs of its supervisory authorities. 2. Home and host supervisory authorities share appropriate information on a timely basis in line with their respective roles and responsibilities, both bilaterally and through colleges. This includes information both on the material risks and risk management practices of the banking group44 and on the supervisors’ assessments of the safety and soundness of the relevant entity under their jurisdiction. Informal or formal arrangements (such as memoranda of understanding) are in place to enable the exchange of confidential information. 3. Home and host supervisory authorities coordinate and plan supervisory activities or undertake collaborative work if common areas of interest are identified in order to improve the effectiveness and efficiency of supervision of cross-border banking groups.45 43 Refer to Principle CPIFR 18, Additional Criterion 1. See Illustrative example of information exchange in colleges of the October 2010 BCBS Good practice principles on supervisory colleges for further information on the extent of information sharing expected. 45 Cross-sectoral exposures are particularly pertinent within the IFSI and raise concerns for authorities that supervise IIFS on a “silo” basis. In this respect, the IIFS may have a range of activities that cross supervisory boundaries. The supervisory authority needs to assess the risks on a consolidated basis. Restricted investment accounts, for example, are akin to collective investment schemes, which are normally supervised by the securities market supervisor. Another example relates to having Takāful as a separate line of business within the IIFS – for example, in a subsidiary. In jurisdictions where these activities are supervised by a separate regulatory entity, close cooperation with such other supervisory authorities is crucial. 44 30
45. 4 . Home and host supervisory authorities provide each other with appropriate information, including: (a) their treatment of IAHs; (b) Sharī`ah governance and Sharī`ah issues; and, where appropriate, (c) the treatment of Islamic windows. 5. The home supervisory authority develops an agreed communication strategy with the relevant host supervisory authorities. The scope and nature of the strategy reflects the risk profile and systemic importance of the cross-border operations of the bank or banking group. Home and host supervisors also agree on the communication of views and outcomes of joint activities and college meetings to banks, where appropriate, to ensure consistency of messages on group-wide issues. 6. Where appropriate, given an IIFS’s risk profile and systemic importance, the home supervisor, working with its national resolution authorities, develops a framework for cross-border crisis cooperation and coordination among the relevant home and host authorities. The relevant authorities share information on crisis preparations from an early stage in a way that does not materially compromise the prospect of a successful resolution and subject to the application of rules on confidentiality. 7. Where appropriate, given an IIFS’s risk profile and systemic importance, the home supervisory authority, working with its national resolution authorities and relevant host authorities, develops a group resolution plan. The relevant authorities share any information necessary for the development and maintenance of a credible resolution plan. Supervisory authorities also alert and consult relevant authorities and supervisors (both home and host) promptly when taking any recovery and resolution measures. 8. The host supervisory authority’s national laws or regulations require that the cross-border operations of foreign IIFS are subject to prudential, inspection and regulatory reporting requirements similar to those for domestic IIFS. 9. The home supervisory authority is given on-site access to local offices and subsidiaries of a banking group in order to facilitate their assessment of the group’s safety and soundness and compliance with customer due diligence requirements. The home supervisory authority informs host supervisors of intended visits to local offices and subsidiaries of banking groups. 10. A supervisory authority that takes consequential action on the basis of information received from another supervisory authority consults with that supervisory authority, to the extent possible, before taking such action. 31
46. 4 .3 CPIFR Related to Prudential Regulations and Requirements for IIFS CPIFR 14: Treatment of investment account holders (IAHs) CPIFR 15: Corporate governance CPIFR 16: Sharī`ah governance framework CPIFR 17: Risk management process CPIFR 18: Capital adequacy CPIFR 19: Credit risk CPIFR 20: Problem assets, provisions and reserves CPIFR 21: Concentration risk and large exposure limits CPIFR 22: Transactions with related parties CPIFR 23: Country and transfer risks CPIFR 24: Equity investment risk CPIFR 25: Market risks CPIFR 26: Rate of return risk CPIFR 27: Liquidity risk CPIFR 28: Operational risk CPIFR 29: Internal control and audit CPIFR 30: Financial reporting and external audit CPIFR 31: Transparency and market discipline CPIFR 32: Islamic “windows” operations CPIFR 33: Abuse of financial services CPIFR 14: Treatment of investment account holders (IAHs)46 The supervisory authority determines how (IAHs are treated in its jurisdiction. The supervisory authority also determines the various implications (including the regulatory treatment, governance and disclosures, and capital adequacy and associated risk-absorbency features, etc.) relating to IAHs within its jurisdiction. (Reference documents: IFSB-1, December 2005; IFSB-4, December 2009; IFSB-10, December 2009; GN-3, December 2010; GN-4, March 2011; IFSB-15, December 2013; IFSB-13, March 2012; and IFSB16, March 2014.) Essential criteria 1. The supervisory authority determines, from a prudential perspective, how UIAHs are treated by the IIFS47 in the jurisdiction. In this respect, UIAHs are treated in any one of the following ways: (a) as investors who bear all the earnings volatility and risks of losses on their investment accounts (absent misconduct or negligence on the part of the IIFS). In such cases, the (credit and market risk-weighted) assets financed by the funds of the UIAH are excluded from the denominator of the standard capital adequacy formula; (b) as a liability of the IIFS, which therefore bears the risk of the assets funded by UIAHs;48 or 46 Various aspects of CPIFR 14 are developed further in the principles dealing with “Corporate governance” (CPIFR 15), “Capital adequacy” (CPIFR 18), “Rate of return risk” (CPIFR 26), and “Transparency and market discipline” (CPIFR 31). 47 The term “IIFS”, as defined in Section 1, is used throughout this document, except where the term “bank” has been used for clarification. 48 In the opinion of the Sharī`ah board of the Islamic Development Bank, this approach is not Sharī`ah-compliant. 32
47. (c) as partially risk absorbent so that the IIFS bears part of the earnings volatility of the assets funded by the UIAH. In such a case, IIFS include a corresponding proportion (known as “alpha” (α) factor) of the credit and market risk-weighted assets financed by UIAH in the denominator of the standard capital adequacy formula.49 2. The supervisory authority requires that initial risk disclosures to IAHs are consistent with the prudential treatment of their accounts. 3. The supervisory authority requires IIFS to apply the appropriate treatment of IIFS in all capital adequacy matters, including their own determinations of their capital needs, and internal models where these are permitted for capital adequacy purposes. 4. The supervisory authority determines that investment accounts are managed by the IIFS within the parameters of the given mandate, including all requirements as written in the contractual agreement between the IIFS as Muḍārib or Wakīl and the IAHs, and any declared policies for the use of smoothing mechanisms such as a profit equalisation reserve (PER) or investment risk reserve (IRR). The supervisory authority also determines that IAHs are adequately advised by the IIFS of their contractual rights and risks in regard to investment account products, including primary investment and asset allocation strategies and the method of calculating the profit/loss made from their investments. 5. The supervisory authority determines that an IIFS, when managing the investments of the IAHs, clearly displays the level of competence necessary to fulfil its fiduciary duties as Muḍārib or Wakīl and that adequate policies and procedures are in place.50 6. The supervisory authority prescribes formal guidance for IIFS to ensure they fulfil their fiduciary duties towards their IAHs (whether UIAHs or RIAHs). 7. The supervisory authority determines that IIFS clearly indicate the existence of various practices of smoothing the profit payout to IAHs that are employed, due to various internal and regulatory considerations, to mitigate the risk of withdrawal of funds by IAH (withdrawal risk). Where supervisory authorities have approved various techniques of smoothing in their respective jurisdictions, they provide a policy (or written guideline) to IIFS with respect to these practices, with particular reference to the criteria or procedures used by them to assess an IIFS’s exposure to DCR in assessing the IIFS’s capital adequacy.51 8. In jurisdictions where real estate investment is permissible, supervisory authorities provide prudential limits on the percentage of UIAHs’ funds that may be invested in real estate and a limit to single exposures within the jurisdiction.52 In this respect, the supervisory authority reviews IIFSs’ operations to ensure that they have adequate resources and capabilities for undertaking real estate investment activities through UIAHs’ funds. 9. The supervisory authority determines that stress testing 6.3conducted by the IIFS takes account of the risks associated with investment accounts and the position of IAHs as providers of risk-absorbent funds.53 The supervisory authority also determines that the Governance Committee (or equivalent) is actively involved in the development of the scenarios with respect to IAHs, particularly in the context of unrestricted PSIA. 10. Where the supervisory authority determines the capital adequacy treatment of IAH on a case-bycase basis, rather than for all IIFS in its jurisdiction, it requires IIFS to implement a sound and robust measurement methodology for DCR based on adequate and reliable data. The supervisory authority also assesses and evaluates the reliability and accuracy of the methodology as a basis for measuring the proportion of the risk that is effectively borne by IIFS in the form of DCR. 49 Whether the IIFS engages in practices designed to smooth returns or principal risk to IAH will be evidence as to whether the IAH are being treated as risk absorbent. Such smoothing practices are not normally employed in the case of restricted IAH (RIAH), but where they are, RIAH should be treated for capital adequacy purposes similarly to UIAH. In addition to determining whether smoothing arrangements exist, the supervisory authority may take into account whether the IIFS may come under market pressure to increase returns to avoid investors withdrawing their funds (DCR). 50 Refer to CPIFR 15, Essential Criterion 2. 51 GN-3 gives examples of smoothing practices used by IIFS. 52 Some supervisory authorities adopt a combined approach in limiting the risks to which the IIFS or its IAHs are exposed through restricting the total amount of exposures in the sector, restricting the usage of unrestricted investment accounts, or applying specific risk weights for this investment. 53 See IFSB-13, and in particular the narrative to Principle 3.10. 33
48. 11 . The supervisory authority determines that IIFS provide timely and relevant continuing disclosures to IAHs (including profit calculation and distribution, and investment strategies and risk exposures). 12. The supervisory authority determines that an IIFS maintains separate accounts in respect of the IIFS’s operations undertaken for RIAHs and ensures proper maintenance of records for all transactions in investments. 13. The supervisory authority’s approach to IAHs, including its prudential approach, is in accordance with the authority’s best understanding of the contractual rights of the parties, including UIAHs, according to applicable law during the insolvency or liquidation of the IIFS. CPIFR 15: Corporate governance The supervisory authority determines that IIFS demonstrate they have adequate corporate governance and address the relevant aspects of corporate governance from the perspective of IIFS. The supervisory authority also determines that IIFS and banking groups have robust corporate governance policies and processes covering, for example, strategic direction, group and organisational structure, control environment, responsibilities of the IIFS’s BOD and senior management, and compensation. These policies and processes are commensurate with the risk profile and systemic importance of the IIFS. (Reference documents: IFSB-3, December 2006; IFSB-16, March 2014; BCBS’s Principles for enhancing corporate governance, October 2010; and BCBS’s Compensation principles and standards assessment methodology, January 2010.) Essential criteria 1. Laws, regulations or the supervisory authority establish the responsibilities of an IIFS’s BOD and senior management with respect to corporate governance to ensure there is effective control over the IIFS’s entire business. The supervisory authority provides guidance to IIFS and banking groups on expectations for sound corporate governance. 2. The supervisory authority determines that IIFS address the relevant aspects of corporate governance, taking into account the specificities of IIFS. The general elements of governance in IIFS include: (a) compliance with Sharī`ah rules and principles; (b) the role of the Sharī`ah board in the governance, the role of auditors in terms of independence and accountability, and the extent to which the supervisory authority can rely on third parties; (c) the rights of the IAH: processes and controls in IIFS (such as a Governance Committee54) for protecting their rights; and (d) transparency of financial reporting in respect of investment accounts.55 3. The supervisory authority regularly performs a comprehensive evaluation of an IIFS’s overall corporate governance policies and practices and determines that the IIFS has robust corporate governance policies and processes commensurate with its risk profile and systemic importance. The supervisory authority requires effective and timely remedial action by an IIFS to address material deficiencies in its corporate governance policies and practices. 4. The supervisory authority determines that governance structures and processes for nominating and appointing BOD members are appropriate for IIFS and across the banking group. BOD membership includes experienced non-executive members, where appropriate. Commensurate with the risk profile and systemic importance, BOD structures include audit, governance, risk oversight and remuneration committees with experienced non-executive members. 54 A Governance Committee is another board committee, comprising at least three members, as recommended in IFSB-3, and specifically mandated to protect the interests of the IAHs. Three members include: (s) a member of the Audit Committee; (b) a Sharī`ah scholar (possibly from the IIFS’s Sharī`ah board); and (c) a non-executive director (selected based on the director’s experience and ability to contribute to the process). 55 Refer to CPIFR 31, Essential Criterion 3. 34
49. 5 . BOD members are suitably qualified, effective and exercise their “duty of care” and “duty of loyalty”.56 6. The supervisory authority determines that an IIFS’s BOD approves and oversees implementation of the bank’s strategic direction, risk appetite57 and strategy, and related policies, establishes and communicates corporate culture and values (e.g. through a code of conduct), and establishes conflicts of interest policies and a strong control environment. 7. The supervisory authority determines that an IIFS’s BOD, except where required otherwise by laws or regulations, has established fit and proper standards in selecting senior management, maintains plans for succession, and actively and critically oversees senior management’s execution of the policies set by the BOD, including monitoring senior management’s performance against standards established for them. 8. The supervisory authority determines that an IIFS’s BOD actively oversees the design and operation of the bank’s and banking group’s compensation system, and that it has appropriate incentives, which are aligned with prudent risk taking. The compensation system, and related performance standards, are consistent with the long-term objectives and financial soundness of the IIFS and is rectified if there are deficiencies. 9. The supervisory authority also holds regular discussions involving the BOD, the Audit Committee and the Sharī`ah board or its representative,58 including a combined meeting with all parties present at the same time. 10. The supervisory authority determines that an IIFS’s BOD and senior management know and understand the IIFS’s and banking group’s operational structure and its risks, including those arising from the use of structures that impede transparency (e.g. special purpose or related structures). The supervisory authority also determines that risks are effectively managed and mitigated, as appropriate. 11. The supervisory authority has the power to require changes in the composition of the IIFS’s BOD if it believes that any individuals are not fulfilling their duties related to the satisfaction of these criteria. Additional criterion 1. Laws, regulations or the supervisory authority require IIFS to notify the supervisory authority as soon as they become aware of any material and bona fide information that may negatively affect the fitness and propriety of an IIFS’s BOD member, a member of the senior management or a Sharī`ah board member. CPIFR 16: Sharī`ah governance framework59 The supervisory authority determines that IIFS have a robust Sharī`ah governance system in order to ensure an effective independent oversight of Sharī`ah compliance over various structures and processes within the organisational framework. The Sharī`ah governance structure adopted by an IIFS is commensurate and proportionate with the size, complexity and nature of its business. The supervisory authority also determines the general approach to Sharī`ah governance in its jurisdiction, and lays down key elements of the process. 56 The OECD (OECD glossary of corporate governance-related terms in “Experiences from the Regional Corporate Governance Roundtables”, 2003, www.oecd.org/dataoecd/19/26/23742340.pdf.) defines “duty of care” as “The duty of a board member to act on an informed and prudent basis in decisions with respect to the company. Often interpreted as requiring the board member to approach the affairs of the company in the same way that a ’prudent man’ would approach his own affairs. Liability under the duty of care is frequently mitigated by the business judgement rule.” The OECD defines “duty of loyalty” as “The duty of the board member to act in the interest of the company and shareholders. The duty of loyalty should prevent individual board members from acting in their own interest, or the interest of another individual or group, at the expense of the company and all shareholders.” 57 Risk appetite reflects the level of aggregate risk that the IIFS’s BOD is willing to assume and manage in the pursuit of the IIFS’s business objectives. Risk appetite may include both quantitative and qualitative elements, as appropriate, and encompass a range of measures. For the purposes of this document, the terms “risk appetite” and “risk tolerance” are treated synonymously. 58 For example, and with the agreement of the Sharī`ah board, one of its members or the internal head of Sharī`ah compliance 59 The IFSB’s guiding principles on Sharī`ah governance (IFSB-10) address the components of a sound Sharī`ah governance system, especially with regard to the competence, independence, confidentiality and consistency of Sharī`ah boards. Given the Sharī`ah governance needs and requirements of different types of IIFS, IFSB-10 acknowledges that there are various Sharī`ah governance structures and models that have been adopted in different jurisdictions where IIFS are present, suggesting a no “single model” or “one-size-fits-all” approach. For instance, in some jurisdictions, there is a national body (e.g. a national Sharī`ah Council) that has the authority to issue Fatāwa (i.e. Sharī`ah pronouncements/resolutions) that are mandatory for IIFS in that jurisdiction), while in the majority of jurisdictions it is an IIFS’s Sharī`ah board that issues Fatāwa applicable to that IIFS. 35
50. (Reference documents: IFSB-10, December 2009; and IFSB-16, March 2014.) Essential criteria 1. Laws, regulations or the supervisory authority determine that the IIFS are under an obligation to ensure that their products and services comply with Sharī`ah rules and principles. The supervisory authority further determines that in all aspects of IIFS operations, including products and services, a governance structure, policies and procedures exist to ensure that the Sharī`ah rules and principles are adhered to at all times. 2. Laws, regulations or the supervisory authority ensure that a financial institution is not allowed to represent itself as “Islamic”, either expressly or by implication, without having such a governance structure, policies and procedures. 3. The supervisory authority determines that the Sharī`ah board of an IIFS plays a strong and independent60 oversight role, with adequate capability to exercise objective judgment on Sharī`ahrelated matters. The supervisory authority also determines that IIFS has in place an appropriate and transparent process for resolving any differences of opinion between the BOD and the Sharī`ah board. This process may include having direct access (after duly informing the supervisory authority) to the shareholders as a “whistle-blower”.61 4. The supervisory authority requires that each IIFS has a properly functioning Sharī`ah governance system in place, which clearly demonstrates, among other things: (a) clear terms of reference regarding the Sharī`ah board’s62 mandate, reporting line and responsibility; (b) well-defined operating procedures and lines of reporting; and (c) good understanding of, and familiarity with, professional ethics and conduct. 5. The supervisory authority determines that an IIFS ensures that the key members of its Sharī`ah governance system fulfil acceptable “fit and proper” criteria.63 6. The supervisory authority determines that IIFS comply at all times with the Sharī`ah rules and principles as determined by the relevant body in the jurisdiction in which they operate with respect to their products and activities. 7. The supervisory authority requires IIFS to have in place an appropriate mechanism for obtaining rulings from Sharī`ah scholars, applying Fatāwa (i.e. Sharī`ah pronouncements/resolutions)64 and monitoring Sharī`ah compliance in all aspects of their business operations. 8. The supervisory authority determines the requirement and criteria for the establishment of a Sharī`ah board or equivalent body in an IIFS’s governance structure. The supervisory authority also determines that the qualifications of the members of the Sharī`ah board are subject to review, and makes available evaluation criteria65 for the assessment of the qualifications and reporting responsibilities of the Sharī`ah board. 60 A Sharī`ah board can only be deemed “independent” when none of its members has a blood or intimate relationship with the IIFS, its related companies or its officers that could interfere, or be reasonably perceived to interfere, with the exercise of independent judgment in the best interests of the IIFS by the Sharī`ah board. In the case of Sharī`ah advisory firms, such a firm can only be deemed independent from the IIFS if they are not related parties, such as in terms of having common shareholders or common directors. 61 In some jurisdictions the supervisory authority may be involved in this process of resolving differences, without compromising the binding nature of the pronouncements/resolutions of the Sharī`ah board. 62 A reference to Sharī`ah board in this essential criterion includes clear terms of reference for a Sharī`ah adviser reporting to a national Sharī`ah Council (where one exists), and to firms that are allowed to use the services of an external Sharī`ah consultancy, in their jurisdictions. 63 Appendix 4 to IFSB-10 gives examples of competence criteria for members of a Sharī`ah board. 64 This refers to a juristic opinion on any matter pertaining to Sharī`ah issues in Islamic finance, given by the appropriately mandated Sharī`ah board. 65 Commonly referred to as “fit and proper criteria for members of the Sharī`ah board”. 36
51. 9 . The supervisory authority determines that the Sharī`ah board or comparable body is provided with complete, adequate and timely information prior to all meetings and on an ongoing basis on any product or transaction on which a pronouncement is sought, including having its attention drawn to any areas of possible difficulty identified by the IIFS’s management. The management of an IIFS has an obligation to supply the Sharī`ah board with complete, accurate and adequate information in a timely manner. The supervisory authority also determines that the Sharī`ah board has free access to the company’s senior management for all the information it needs. 10. The supervisory authority requires an IIFS’s Sharī`ah governance system to cover the relevant ex-ante and ex-post processes. Ex-ante processes cover those for: (a) the issuance of Sharī`ah pronouncements/resolutions; and (b) compliance checks before the product is offered to the customers. Ex-post processes cover internal and external Sharī`ah review66 and Sharī`ah governance reporting. The supervisory authority also determines that IIFS engage appropriate experts, including a Sharī`ah adviser or Sharī`ah board, to review and ensure that new financing proposals that have not been proposed before or amendments to existing contracts are Sharī`ah-compliant at all times. 11. The supervisory authority determines that the IIFS’s Sharī`ah board has free access to the internal Sharī`ah compliance unit/department (ISCU) and internal Sharī`ah review/audit unit/department (ISRU), respectively, to check whether internal control and compliance procedures have been appropriately followed and that applicable rules and regulations to which the IIFS is subject have been complied with. 12. The supervisory authority determines that the following elements in the Sharī`ah governance mechanism have been reflected by IIFS: (a) issuance procedures of relevant Sharī`ah pronouncements/resolutions and dissemination of information on such Sharī`ah pronouncements/resolutions to the operative personnel of the IIFS who monitor day-to-day compliance with the Sharī`ah pronouncements/resolutions; (b) an internal Sharī`ah compliance review/audit for verifying that Sharī`ah compliance has been achieved; and (c) an annual Sharī`ah compliance review/audit for verifying that the internal Sharī`ah compliance review/audit has been appropriately carried out and its findings have been duly noted by the Sharī`ah board. 13. The supervisory authority determines that an IIFS facilitates continuous professional development of persons serving on its Sharī`ah board, as well as its ISCU and ISRU, if any. The supervisory authority also determines that training policies are established with adequate consideration given to training needs to ensure compliance with the IIFS’s operational and internal control policies and procedures, and all applicable legal and regulatory requirements to which the IIFS generally, and members of the Sharī`ah board and internal Sharī`ah officers particularly, are subject. 14. The supervisory authority determines that there is a formal assessment of the effectiveness of an IIFS’s Sharī`ah board as a whole and of the contribution by each member to the effectiveness of the Sharī`ah board. The supervisory authority also determines that an IIFS’ BOD specifies and adopts a process for assessing the effectiveness of the Sharī`ah board as a whole, as well as the contribution by each individual member to its effectiveness. The criteria for this assessment should be established by the BOD in consultation with the SSB. The performance assessment report is submitted to the BOD for its review. 15. The supervisory authority has the power to have full access to the Sharī`ah board and relevant staff and records in order to monitor compliance with relevant laws and regulations, and internal compliance with the pronouncements/resolutions of the Sharī`ah board. This includes access to both internal and external Sharī`ah audits, and to the assessment of the effectiveness of the Sharī`ah board. 66 See IFSB-10 – in particular, paragraphs 3–6. 37
52. CPIFR 17 : Risk management process The supervisory authority determines that IIFS67 have a comprehensive risk management process (including effective BOD and senior management oversight) to identify, measure, evaluate, monitor, report and control or mitigate68 all material risks on a timely basis and to assess the adequacy of their capital and liquidity in relation to their risk profile and market and macroeconomic conditions. The process takes into account appropriate steps to comply with Sharī`ah rules and principles and to ensure the adequacy of relevant risk reporting to the supervisory authority. This extends to development and review of contingency arrangements (including robust and credible recovery plans where warranted) that take into account the specific circumstances of an IIFS. The risk management process is commensurate with the risk profile and systemic importance of the IIFS.69 (Reference documents: IFSB-1, December 2005; IFSB-12, March 2012; IFSB-13, March 2012; IFSB16, March 2014; BCBS’s Principles for enhancing corporate governance, October 2010; and BCBS’s Enhancements to the Basel II framework, July 2009.) Essential criteria 1. 2. 3. The supervisory authority determines that IIFS have appropriate risk management strategies that have been approved by the IIFS’s BOD, and that the BOD sets a suitable risk appetite to define the level of risk the IIFS is willing to assume or tolerate. The supervisory authority also determines that the BOD ensures that: (a) a sound risk management culture is established throughout the IIFS; (b) policies and processes are developed for risk-taking, that are consistent with the risk management strategy and the established risk appetite; (c) uncertainties attached to risk measurement are recognised; (d) appropriate limits are established that are consistent with the IIFS’s risk appetite, risk profile and capital strength, and that are understood by, and regularly communicated to, relevant staff; and (e) senior management take the steps necessary to monitor and control all material risks consistent with the approved strategies and risk appetite. The supervisory authority requires IIFS to have comprehensive risk management policies and processes to identify, measure, evaluate, monitor, report and control or mitigate all material risks. The supervisory authority determines that these processes are adequate: (a) to provide a comprehensive “IIFS-wide” view of risk across all material risk types; (b) for the risk profile and systemic importance of the IIFS; and (c) to assess risks arising from the macroeconomic environment affecting the markets in which the IIFS operates and to incorporate such assessments into the IIFS’s risk management process. The supervisory authority determines that risk management strategies, policies, processes and limits: (a) are properly documented; (b) comply with Sharī`ah rules and principles as interpreted by its Sharī`ah board or other relevant authority;70 67 For the purposes of assessing risk management by IIFS in the context of Principles CPIFR 17 to 28, an IIFS’s risk management framework should take an integrated “bank-wide” perspective of the IIFS’s risk exposure, encompassing the IIFS’s individual business lines and business units. Where an IIFS is a member of a group of companies, the risk management framework should in addition cover the risk exposure across and within the “banking group” (see footnote 12 under CPIFR 1) and take account of risks posed to the IIFS or members of the banking group through other entities in the wider group. 68 To some extent the precise requirements may vary from risk type to risk type (Principles CPIFR 17 to 28) as reflected by the underlying reference documents. 69 It should be noted that while, in this and other principles, the supervisory authority is required to determine that IIFSs’ risk management policies and processes are being adhered to, the responsibility for ensuring adherence remains with an IIFS’s BOD and senior management. 70 Such as a national Sharī`ah Council. See Footnote 61 in CPIFR 16. 38
53. (c) provide for adequate and timely identification, measurement, monitoring, control and mitigation of the risks posed by its financing, investing, trading, securitisation, off-balance sheet, fiduciary and other significant activities at the business line and IIFS-wide levels; (d) clearly delineate accountability and lines of authority across the IIFS’s various business activities, and ensure there is a clear separation between business lines and the risk function; (e) are regularly reviewed and appropriately adjusted to reflect changing risk appetites, risk profiles, and market and macroeconomic conditions; and (f) are communicated within the IIFS. The supervisory authority determines that exceptions to established policies, processes and limits receive the prompt attention of, and authorisation by, the appropriate level of management and the IIFS’s BOD where necessary. 4. The supervisory authority determines that the IIFS’s BOD and senior management obtain sufficient information on, and understand, the nature and level of risk being taken by the IIFS and how this risk relates to adequate levels of capital and liquidity. The supervisory authority also determines that the BOD and senior management regularly review and understand the implications and limitations (including the risk measurement uncertainties) of the risk management information that they receive. 5. The supervisory authority determines that IIFS have an appropriate internal process for assessing their overall capital and liquidity adequacy in relation to their risk appetite and risk profile. The supervisory authority reviews and evaluates IIFS’ internal capital and liquidity adequacy assessments and strategies. 6. Where IIFS use models to measure components of risk, the supervisor determines that: (a) IIFS comply with supervisory standards on their use; (b) the IIFS’ BODs and senior management understand the limitations and uncertainties relating to the output of the models and the risk inherent in their use; and (c) IIFS perform regular and independent validation and testing of the models. The supervisory authority assesses whether the model outputs appear reasonable as a reflection of the risks assumed. 7. The supervisory authority determines that IIFS have information systems that are adequate (both under normal circumstances and in periods of stress) for measuring, assessing and reporting on the size, composition and quality of exposures on an IIFS-wide basis across all risk types, products and counterparties. The supervisory authority also determines that these reports reflect the IIFS’s risk profile and capital and liquidity needs, and are provided on a timely basis to the IIFS’s BOD and senior management in a form suitable for their use. 8. The supervisory authority determines that IIFS have adequate policies and processes to ensure that an IIFS’s BOD and senior management understand the risks (including Sharī`ah non-compliance risks) inherent in new products,71 material modifications to existing products, and major management initiatives (such as changes in systems, processes, business model and major acquisitions). The supervisory authority determines that the IIFS’s risk management function also captures risks specific to IIFS, such as equity investment risk in the banking book, ROR risk and DCR, as well as Sharī`ah non-compliance risk and fiduciary risk, and covers transformation of risk”72 at various 71 New products include those developed by the IIFS or by a third party. Transformation of risk occurs at various contractual stages for certain Islamic financing instruments. In this context, the IIFS may be exposed to market risk at a certain contractual stage and to credit risk at later stages. For instance, in a Murābahah transaction, the market risk “transforms” into credit risk, in the sense that the market risk exposure to the subject matter of the contract which is applicable when the latter is held by the IIFS prior to the sale is replaced after the sale by the credit risk exposure to the counterparty if the payment is on deferred terms. 72 39
54. stages of investment life cycles within the specific risks of the IIFS . The supervisory authority also determines that the BOD and senior management are able to monitor and manage these risks on an ongoing basis. The supervisory authority also determines that the IIFS’s policies and processes require the undertaking of any major activities of this nature to be approved by their BOD or a specific committee of the BOD. 9. The supervisory authority determines that IIFS have risk management functions covering all material risks, including the risks posed by concentrations, securitisation, off-balance sheet exposures (including the effects of any capital market activities of the IIFS such as securitisation exposures or special purpose entities leading to off-balance sheet exposures), valuation practices and other risk exposures, with sufficient resources, independence, authority and access to the IIFSs’ BOD to perform their duties effectively. The supervisory authority determines that their duties are clearly segregated from risk-taking functions in the IIFS and that they report on risk exposures directly to the BOD and senior management. The supervisory authority also determines that the risk management function is subject to regular review by the internal audit function. 10. The supervisory authority determines that a Sharī`ah governance mechanism is incorporated into the risk management framework. The supervisory authority also determines that there is an appropriate cooperation and communication mechanism between an IIFS’s risk management unit and its Sharī`ah governance system (i.e. Sharī`ah board, ISCU and ISRU) to promote the effectiveness of enterprise risk management. 11. The supervisory authority requires larger and more complex IIFS to have a dedicated risk management unit overseen by a chief risk officer (CRO) or equivalent function, whose expertise includes a good understanding of the specificities of Islamic finance. If the CRO of an IIFS is removed from his or her position for any reason, this should be done with the prior approval of the BOD and generally should be disclosed publicly. The IIFS should also discuss the reasons for such removal with its supervisory authority.73 12. The supervisory authority issues standards related to, in particular, credit risk, market risk, liquidity risk, equity investment risk, ROR risk in the banking book and operational risk, taking into account specificities of the IFSI. 13. The supervisory authority requires IIFS to have appropriate contingency arrangements, as an integral part of their risk management process, to address risks that may materialise and actions to be taken in stress conditions (including those that will pose a serious risk to their viability). If warranted by its risk profile and systemic importance, the contingency arrangements include robust and credible recovery plans that take into account the specific circumstances of the IIFS. The supervisory authority, working with resolution authorities as appropriate, assesses the adequacy of IIFS’ contingency arrangements in the light of their risk profile and systemic importance (including reviewing any recovery plans) and their likely feasibility during periods of stress. The supervisory authority seeks improvements if deficiencies are identified. 14. The supervisory authority evaluates an IIFS’s profiles under the different risk categories in the various modes of financing and investment, as well as the concentration of such risks, and assesses the appropriateness and quality of the IIFS’s risk management system. In evaluating such risks, the supervisory authority requires IIFS to adopt forward-looking stress testing programmes commensurate with their risk profile and systemic importance, as an integral part of their risk management process. The supervisory authority regularly assesses an IIFS’s stress testing programme and determines that it captures material sources of risk and adopts plausible adverse scenarios that could adversely affect the institution’s financial performance and financial position. The supervisory authority also determines that the IIFS integrates the results into its decision-making, risk management processes (including contingency arrangements), and assessment of its capital and liquidity levels. Where appropriate, the scope of the supervisory authority’s assessment includes the extent to which the stress testing programme: 73 The establishment of an internal risk function and a CRO may be problematic for some IIFS, particularly small IIFS and newly established Islamic “windows”. Therefore, supervisory authorities should provide criteria to determine which IIFS are required to have a CRO or similar position, and what alternative arrangements are acceptable for smaller IIFS or windows. 40
55. (a) promotes risk identification and control on an IIFS-wide basis; (b) adopts suitably severe assumptions and seeks to address feedback effects and system-wide interaction between risks; (c) benefits from the active involvement of the BOD and senior management; and (d) is appropriately documented and regularly maintained and updated. The supervisory authority requires corrective action if material deficiencies are identified in an IIFS’s stress testing programme, or if the results of stress tests are not adequately taken into consideration in the IIFS’s decision-making process. 15. The supervisory authority assesses whether IIFS appropriately account for risks (including liquidity impacts) in their internal pricing, performance measurement and new product approval process for all significant business activities. Additional criterion 1. The supervisory authority requires IIFS to have appropriate policies and processes for assessing other material risks not directly addressed in the subsequent principles, such as reputational and strategic risks. CPIFR 18: Capital adequacy The supervisory authority sets prudent and appropriate capital adequacy requirements for IIFS that reflect the risks undertaken by, and presented by, an IIFS in the context of the markets and macroeconomic conditions in which it operates. The supervisory authority defines the components of regulatory capital (which must comply with Sharī`ah rules and principles), bearing in mind their ability to absorb losses. The supervisory authority requires IIFS to apply an appropriate capital adequacy approach that reflects the extent of risk-sharing between an IIFS’s own capital (shareholders’ funds) and that of its IAHs, and the resultant levels of DCR and the associated alpha factor. (Reference documents: IFSB-15, December 2013; GN-1, March 2008; GN-2, December 2010; GN-3, December 2010; GN-4, March 2011; and IFSB-16, March 2014.) Essential criteria 1. Laws, regulations or the supervisory authority require IIFS to calculate and consistently observe prescribed capital requirements, including thresholds by reference to which an IIFS might be subject to supervisory action. Laws, regulations or the supervisory authority define the qualifying components of regulatory capital, ensuring that emphasis is given to those elements of capital permanently available to absorb losses on a going concern basis. 2. The supervisory authority specifies and requires IIFS to implement: (a) maintenance of high-quality regulatory capital components (in particular, for components other than common equity), as well as regulatory adjustments and deductions attached to these components as reflected in IFSB-15, which comply with Sharī`ah rules and principles; (b) application of the capital conservation buffer, counter-cyclical buffer and leverage ratio for IIFS, keeping in mind IIFS’ balance sheet structures and specificities in regard to these requirements; (c) the capital adequacy requirements of various risk exposures related to products and services offered by IIFS; and (d) the capital adequacy treatment of an IIFS’s involvement in Sukūk issuance and securitisation processes in various capacities, including as originator, servicer and credit enhancer. 41
56. 3 . The supervisory authority sets prudent and appropriate capital requirements with regard to equity investment offered by the IIFS through various types of equity-based contracts and its impact on IIFS’ capital.74 4. The supervisory authority specifies, and requires IIFS to apply, an appropriate capital adequacy approach that reflects the extent of risk-sharing between IIFS’ own capital (shareholders’ funds) and that of the IAHs, and the resultant levels of DCR and alpha factor.75 5. The supervisory authority determines that an assessment of the appropriate level of the capital adequacy requirements for IIFS is based on an analysis of the different risk exposures (to which the IIFS are exposed for various contracts at different contract stages) arising from the underlying asset portfolio, as well as off-balance sheet exposures and the results of the supervisory review process, taking into account ROR risk and other risks that may give rise to DCR. 6. The supervisory authority has the power to impose a specific capital charge and/or limits on all material risk exposures, if warranted, including in respect of risks that the supervisory authority considers not to have been adequately transferred or mitigated through transactions (e.g. securitisation transactions) entered into by the IIFS. Both on-balance sheet and off-balance sheet risks are included in the calculation of prescribed capital requirements. 7. The prescribed capital requirements reflect the risk profile and systemic importance of IIFS76 in the context of the markets and macroeconomic conditions in which they operate and constrain the buildup of leverage in IIFS and the banking sector. Laws and regulations in a particular jurisdiction may set higher overall capital adequacy standards than the applicable IFSB requirements.77 8. The use of IIFS’ internal assessments of risk as inputs to the calculation of regulatory capital is approved by the supervisory authority. If the supervisory authority approves such use: 9. (a) such assessments adhere to rigorous qualifying standards; (b) any cessation of such use, or any material modification of the IIFS’s processes and models for producing such internal assessments, are subject to the approval of the supervisory authority; (c) the supervisory authority has the capacity to evaluate an IIFS’s internal assessment process in order to determine that the relevant qualifying standards are met and that the IIFS’s internal assessments can be relied upon as a reasonable reflection of the risks undertaken; (d) the supervisory authority has the power to impose conditions on its approvals if the supervisory authority considers it prudent to do so; and (e) if an IIFS does not continue to meet the qualifying standards or the conditions imposed by the supervisory authority on an ongoing basis, the supervisory authority has the power to revoke its approval. The supervisory authority has the power to require IIFS to adopt a forward-looking approach to capital management (including the conduct of appropriate stress testing).78 The supervisory authority has the power to require IIFS: (a) to set capital levels and manage available capital in anticipation of possible events or changes in market conditions that could have an adverse effect; and 74 Reference is made to section 3.1.3 of IFSB-15, which provides guidance on the capital adequacy treatment of various equity-based contracts, which can be offered solely or in combination with other contracts such as Ijārah or Murābahah. 75 Refer to CPIFR 14, Essential Criterion 3; and IFSB GN-4. 76 In assessing the adequacy of an IIFS’s capital levels in light of its risk profile, the supervisory authority critically focuses, on, among other things: (a) the potential loss absorbency of the instruments included in the IIFS’s capital base; (b) the appropriateness of risk weights as a proxy for the risk profile of its exposures; (c) the adequacy of provisions and reserves to cover loss expected on its exposures; and (d) the quality of its risk management and controls. Consequently, capital requirements may vary from IIFS to IIFS to ensure that each IIFS is operating with the appropriate level of capital to support the risks it is running and the risks it poses. 77 As set out in IFSB-15. 78 “Stress testing” comprises a range of activities from simple sensitivity analysis to more complex scenario analyses and reverse stress testing. 42
57. (b) to have in place feasible contingency arrangements to maintain or strengthen capital positions in times of stress, as appropriate in the light of the risk profile and systemic importance of the IIFS. Additional criterion 1. The supervisory authority requires adequate distribution of capital within different entities of a banking group according to the allocation of risks.79 CPIFR 19: Credit risk80 The supervisory authority determines that IIFS have an adequate credit risk management process that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate credit risk81 (including counterparty credit risk82) on a timely basis. The full credit lifecycle is covered including credit underwriting, credit evaluation, and the ongoing management of the IIFS’s financing and investment portfolios. (Reference documents: IFSB-1, December 2005; IFSB-13, March 2012; IFSB-15, December 2013; and IFSB-16, March 2014.) Essential criteria 1. Laws, regulations or the supervisory authority require IIFS to have appropriate credit risk management processes that provide a comprehensive IIFS-wide view of credit risk exposures. The supervisory authority determines that the processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the IIFS, take into account market and macroeconomic conditions, and result in prudent standards of credit underwriting, evaluation, administration and monitoring. 2. The supervisory authority determines that an IIFS’s BOD approves, and regularly reviews, the credit risk management strategy and significant policies and processes for assuming,83 identifying, measuring, evaluating, monitoring, reporting and controlling or mitigating credit risk (including counterparty credit risk and associated potential future exposure) and that these are consistent with the risk appetite set by the BOD. The supervisory authority also determines that senior management implements the credit risk strategy approved by the BOD and develops the aforementioned policies and processes. 3. The supervisory authority requires, and regularly determines, that such policies and processes establish an appropriate and properly controlled credit risk environment, including: (a) a well-documented and effectively implemented strategy and sound policies and processes in compliance with Sharī`ah rules and principles for assuming credit risk, without undue reliance on external credit assessments; (b) well-defined criteria and policies and processes for approving new exposures (including prudent financing standards), renewing and refinancing existing exposures, and identifying the appropriate approval authority for the size and complexity of the exposures; (c) effective credit administration policies and processes, including continued analysis of a financing recipient’s ability and willingness to repay under the terms of the financing (including review of the performance of underlying assets in the case of securitisation exposures); monitoring of documentation, legal covenants, contractual requirements, collateral and other forms of credit risk mitigation; and an appropriate asset grading or classification system; 79 Refer to CPIFR 12, Essential Criterion 8. CPIFR 19 covers the evaluation of assets in greater detail; CPIFR 20 covers the management of problem assets. Credit risk may result from the following: on-balance sheet and off-balance sheet exposures, including financing, investments, interbank financing, Sharī`ah-compliant hedging transactions, and trading activities. This definition is applicable to IIFS managing the financing exposures of receivables and leases (e.g. Murābahah, Diminishing Mushārakah and Ijārah) and working capital financing transactions/ projects (e.g. Salam, Istisnā` or Muḍārabah). 82 Counterparty credit risk includes credit risk exposures arising over the counter or through organised markets from Sharī`ah-compliant financial instruments. 83 “Assuming” includes the assumption of all types of risk that give rise to credit risk, including credit risk or counterparty risk associated with various financial instruments. 80 81 43
58. 4 . (d) effective information systems for accurate and timely identification, aggregation and reporting of credit risk exposures to the IIFS’s BOD and senior management on an ongoing basis; (e) prudent and appropriate credit limits, consistent with the IIFS’s risk appetite, risk profile and capital strength, which are understood by, and regularly communicated to, relevant staff; (f) exception tracking and reporting processes that ensure prompt action at the appropriate level of the IIFS’s senior management or BOD where necessary; and (g) effective controls (including in respect of the quality, reliability and relevancy of data, and of validation procedures) around the use of models to identify and measure credit risk and set limits. The supervisory authority requires that IIFS: (a) have in place a strategy for financing, using instruments in compliance with Sharī`ah, and in accordance with any specific requirements of the jurisdictions in which they operate; (b) recognise the potential credit exposures that may arise at different stages of the various financing agreements (including financing based on profit-sharing modes); (c) carry out a due diligence review in respect of eligible counterparties (retail/consumer, corporate or sovereign) prior to deciding whether financing should be provided as well as the choice of an appropriate Islamic financing instrument; (d) develop and implement appropriate risk measurement and reporting methodologies relevant to each Islamic financing instrument in respect of managing their counterparty risks, which may arise at different contract stages (including counterparty performance risk in Salam and Istisnā` contracts); (e) have in place Sharī`ah-compliant credit risk mitigating techniques (including permissible and enforceable collateral and guarantees) appropriate for each Islamic financing instrument; and (f) assess and establish appropriate policies and procedures pertaining to the risks associated with their own exposures in parallel transactions. 5. The supervisory authority determines that IIFS have policies and processes to monitor the total indebtedness of entities to which they extend credit and any risk factors (including changes in credit quality and collateral values) that may result in default, including significant unhedged foreign exchange risk. 6. The supervisory authority requires that IIFS make credit decisions free of conflicts of interest and on an arm’s length basis. 7. The supervisory authority requires that the credit policy prescribes that major credit risk exposures exceeding a certain amount or percentage of the IIFS’s capital are to be decided by the IIFS’s BOD or senior management. The same applies to credit risk exposures that are especially risky or otherwise not in line with the mainstream of the IIFS’s activities. 8. The supervisory authority has full access to information in the credit and investment portfolios and to the IIFS officers involved in assuming, managing, controlling and reporting on credit risk. In this respect, the supervisory authority considers developing information sharing procedures. 9. The supervisory authority requires IIFS to include their credit risk exposures – covering, among other things, non-performing financing and highly leveraged counterparties – in their stress testing programmes, for risk management purposes. The supervisory authority also determines that the effectiveness of risk mitigation techniques that are Sharī`ah-compliant is systematically challenged in the credit risk stress testing programmes. 44
59. CPIFR 20 : Problem assets, provisions and reserves84 The supervisory authority determines that IIFS have adequate policies and processes for the early identification and management of problem assets, and the maintenance of adequate provisions and reserves.85 (Reference documents: IFSB-1, December 2005; IFSB-13, March 2012; IFSB-15, December 2013; IFSB-16, March 2014; BCBS’s Sound credit risk assessment and valuation for loans, June 2006; and BCBS’s Principles for the management of credit risk, September 2000.) Essential criteria 1. Laws, regulations or the supervisory authority require IIFS to formulate policies and processes for identifying and managing problem assets. In addition, laws, regulations or the supervisory authority require regular review by IIFS of their problem assets (at an individual level or at a portfolio level for assets with homogeneous characteristics) and asset classification, provisioning and write-offs. 2. The supervisory authority determines the adequacy of an IIFS’s policies and processes for grading and classifying its assets and establishing appropriate and robust provisioning levels. The reviews supporting the supervisory authority’s opinion may be conducted by external experts, with the supervisory authority reviewing the work of the external experts to determine the adequacy of the IIFS’s policies and processes. 3. The supervisory authority determines that the IIFS’s system for classification and provisioning takes into account off-balance sheet exposures.86 4. The supervisory authority determines that IIFS have appropriate policies and processes to ensure that provisions and write-offs are timely and reflect realistic repayment and recovery expectations, taking into account market and macroeconomic conditions. 5. The supervisory authority determines that IIFS have appropriate policies and processes, and organisational resources for the early identification of deteriorating assets, for ongoing oversight of problem assets, and for collecting on past due obligations. For portfolios of credit exposures with homogeneous characteristics, the exposures are classified when payments are contractually in arrears for a minimum number of days (e.g. 30, 60, 90 days). The supervisory authority tests IIFS’ treatment of assets with a view to identifying any material circumvention of the classification and provisioning standards (e.g. rescheduling, refinancing or reclassification87). 6. The supervisory authority obtains information on a regular basis, and in relevant detail, or has full access to information concerning the classification of assets and provisioning. The supervisory authority requires IIFS to have adequate documentation to support their classification and provisioning levels. 7. The supervisory authority assesses whether the classification of the assets and the provisioning is adequate for prudential purposes. If asset classifications are inaccurate or provisions are deemed to be inadequate for prudential purposes (e.g. if the supervisory authority considers existing or anticipated deterioration in asset quality to be of concern or if the provisions do not fully reflect losses expected to be incurred), the supervisory authority has the power to require the IIFS to adjust its classifications of individual assets, increase its levels of provisioning, reserves or capital, and, if necessary, impose other remedial measures. 8. The supervisory authority requires IIFS to have appropriate mechanisms in place for regularly assessing the value of risk mitigants, including guarantees and collateral. The valuation of collateral reflects the net realisable value, taking into account prevailing market conditions. 84 CPIFR 19 covers the evaluation of assets in greater detail; CPIFR 20 covers the management of problem assets. Reserves for the purposes of this Principle are “below the line” non-distributable appropriations of profit required by a supervisory authority in addition to provisions (“above the line” charges to profit). 86 It is recognised that there are two different types of off-balance sheet exposures: those that can be unilaterally cancelled by the IIFS (based on contractual arrangements and therefore may not be subject to provisioning), and those that cannot be unilaterally cancelled. 87 Referring to Essential Criterion 5, it may be noted that the prohibition of Riba does not allow IIFS to refinance debts on the basis of renegotiated higher markup rates. Debt rescheduling or restructuring arrangements (without an increase in the amount of the debt) are allowed. 85 45
60. 9 . Laws, regulations or the supervisory authority establish criteria for assets to be: (a) identified as a problem asset (e.g. a financing is identified as a problem asset when there is reason to believe that all amounts due, including principal and markup profit, will not be collected in accordance with the contractual terms of the financing agreement); and (b) reclassified as performing (e.g. a financing is reclassified as performing when all arrears have been cleared and the financing has been brought fully current, repayments have been made in a timely manner over a continuous repayment period, and continued collection, in accordance with the contractual terms, is expected). 10. The supervisory authority determines that the IIFS’s BOD obtains timely and appropriate information on the condition of the IIFS’s asset portfolio, including classification of assets, the level of provisions and reserves, and major problem assets. The information includes, at a minimum, summary results of the latest asset review process, comparative trends in the overall quality of problem assets, and measurements of existing or anticipated deterioration in asset quality and losses expected to be incurred. 11. The supervisory authority requires that valuation, classification and provisioning, at least for significant exposures, are conducted on an individual item basis. For this purpose, supervisory authorities require IIFS to set an appropriate threshold for the purpose of identifying significant exposures, and to regularly review the level of the threshold. 12. The supervisory authority regularly assesses any trends and concentrations in risk and risk build-up across the banking sector in relation to IIFS’ problem assets and takes into account any observed concentration in the risk mitigation strategies adopted by banks and the potential effect on the efficacy of the mitigant in reducing loss. The supervisory authority considers the adequacy of provisions and reserves at the IIFS and banking system level in the light of this assessment. (a) establish limits on the degree of reliance and the assumed enforceability of collateral and guarantees;88 (b) have appropriate credit management systems and administrative procedures (i.e. administrative and financial measures) in place to undertake early remedial action in the case of financial distress of a counterparty or, in particular, for managing problem credits, potential and defaulting counterparties; and (c) set appropriate measures for early settlements,89 which are permissible under their Sharī`ah rules and principles, for each Islamic financing instrument. 13. In jurisdictions where non-wilful defaults are recognised by practice, the supervisory authority establishes criteria and procedures for dealing with non-wilful defaulters. CPIFR 21: Concentration risk and large exposure limits The supervisory authority determines that IIFS have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate concentrations of risk on a timely basis. Supervisory authorities set prudential limits to restrict bank exposures to single counterparties or groups of connected counterparties.90 (Reference documents: BCBS’s Cross-sectoral review of group-wide identification and management of risk concentrations, April 2008; BCBS’s Sound credit risk assessment and valuation for loans, June 2006; BCBS’s Principles for managing credit risk, September 2000; Measuring and controlling large credit exposures, January 1991; BCBS’s Supervisory framework for measuring and controlling large credit exposures, April 2014; and IFSB-16, March 2014.) The non-binding promise and legal enforcement aspects vary among IIFS or from one jurisdiction to another, which may give rise to operational risks and other risk management problems relating to Sharī`ah compliance. 89 Some customers may expect a discount, which the IIFS can give of their own volition as a commercial decision made on a case-by-case basis provided such provision is not stated in the contract. Alternatively, irrespective of industry practice, IIFS may grant a discretionary rebate to their customers by reducing the amount of the debt in subsequent transactions. 90 Connected counterparties may include natural persons as well as a group of companies related financially or by common ownership, management or any combination thereof. 88 46
61. Essential criteria 1 . Laws, regulations or the supervisory authority require IIFS to have policies and processes that provide a comprehensive bank-wide view of significant sources of concentration risk.91 Exposures arising from off-balance sheet, as well as on-balance sheet, items and from contingent liabilities are captured. 2. The supervisory authority determines that an IIFS’s information systems identify and aggregate on a timely basis, and facilitate active management of, exposures, creating risk concentrations and large exposure92 to single counterparties or groups of connected counterparties. 3. The supervisory authority determines that an IIFS’s risk management policies and processes establish thresholds for acceptable concentrations of risk, reflecting the IIFS’s risk appetite, risk profile and capital strength, which are understood by, and regularly communicated to, relevant staff. The supervisory authority also determines that the IIFS’s policies and processes require all material concentrations to be regularly reviewed and reported to the IIFS’s BOD. 4. The supervisory authority determines that an IIFS manages concentration risk arising from UPSIAs separately, as well as for the IIFS in aggregate. The supervisory authority reviews, and if necessary constrains, significant risk concentrations within the assets financed through the UPSIAs.93 5. The supervisory authority regularly obtains information that enables concentrations within an IIFS’s portfolio, including sectoral, geographical and currency exposures, to be reviewed. 6. In respect of credit exposure to single counterparties or groups of connected counterparties, laws or regulations explicitly define, or the supervisory authority has the power to define, a “group of connected counterparties” to reflect actual risk exposure. The supervisory authority may exercise discretion in applying this definition on a case-by-case basis. 7. Laws, regulations or the supervisory authority set prudent and appropriate94 requirements to control and constrain large credit exposures to a single counterparty or a group of connected counterparties. “Exposures” for this purpose include all claims and transactions (including real estate investments), on-balance sheet as well as off-balance sheet. The supervisory authority determines that senior management monitors these limits and that they are not exceeded on a solo or consolidated basis. 8. The supervisory authority requires IIFS to include the impact of significant risk concentrations in their stress testing programmes for risk management purposes. 9. In respect of credit exposure to single counterparties or groups of connected counterparties, IIFS are required to adhere to the following:95 (a) 10% or more of an IIFS’s capital is defined as a large exposure; and (b) 25% of an IIFS’s capital is the limit for an individual large exposure to a private-sector nonbank counterparty or a group of connected counterparties. 91 This includes credit concentrations through exposure to: single counterparties and groups of connected counterparties both direct and indirect (such as through exposure to collateral or to credit protection provided by a single counterparty), counterparties in the same industry, economic sector or geographic region, and counterparties whose financial performance is dependent on the same activity or commodity as well as off-balance sheet exposures (including guarantees and other commitments) and also market and other risk concentrations where a IIFS is overly exposed to particular asset classes, products, collateral, or currencies. 92 The measure of credit exposure, in the context of large exposures to single counterparties and groups of connected counterparties, should reflect the maximum possible loss from their failure (i.e. it should encompass actual claims and potential claims, as well as contingent liabilities). The risk-weighting concept adopted in the Basel and IFSB capital standards should not be used in measuring credit exposure for this purpose, as the relevant risk weights were devised as a measure of credit risk on a basket basis and their use for measuring credit concentrations could significantly underestimate potential losses. 93 Note that excessive risk concentration within assets financed through UPSIAs might put the IIFS in breach of the fiduciary duties to IAH discussed in CPIFR 14. In the case when UPSIA are treated as a liability as per CPIFR 14, Essential Criterion 1(b), then concentration risk does not need to be considered separately. However, see footnote 47 to CPIFR 14, Essential Criterion 1(b) on the Sharī`ah issues raised by such treatment. 94 Such requirements should, at least for internationally active banks, reflect the applicable Basel standards (e.g. see BCBS’s Supervisory framework for measuring and controlling large credit exposures, April 2014). 95 In the BCPs, this is an additional – rather than an essential – criterion, reflecting the fact that the BCPs were issued before the document referred to in the previous footnote. 47
62. Minor deviations from these limits may be acceptable , especially if explicitly temporary or related to very small or specialised IIFS. CPIFR 22: Transactions with related parties In order to prevent abuses arising in transactions with related parties and to address the risk of conflict of interest, the supervisory authority requires IIFS to enter into any transactions with related parties on an arm’s length basis; to monitor these transactions; to take appropriate steps to control or mitigate the risks; and to write off exposures to related parties in accordance with standard policies and processes. (Reference document: IFSB-16, March 2014; and BCBS’s Principles for the management of credit risk, September 2000.) Essential criteria 1. Laws or regulations provide, or the supervisory authority has the power to prescribe, a comprehensive definition of “related parties”. This considers the parties and related parties transactions identified below. The supervisory authority may exercise discretion in applying this definition on a case-bycase basis and may take into account local specifics in prescribing what would constitute a related party or a related party transaction. (a) Related parties can include, among other things, an IIFS’s subsidiaries, affiliates, and any party (including their subsidiaries, affiliates and special purpose entities) that the IIFS exerts control over or that exerts control over the IIFS, the IIFS’s major shareholders, BOD members, senior management, Sharī`ah board members, an external auditor of the IIFS and key staff, their direct and related interests, and their close96 family members, as well as corresponding persons in affiliated companies. (b) Related party transactions include on- and off-balance sheet credit exposures and claims, as well as dealings such as service contracts, asset purchases and sales, construction contracts, lease (Ijārah) contracts, financing, borrowings (through Qarḍ) and write-offs. They also include transactions that are entered into in situations in which an unrelated party with whom the IIFS has an existing exposure subsequently becomes a related party. 2. Laws, regulations or the supervisory authority require that transactions with related parties are not undertaken on more favourable terms (e.g. in credit assessment, tenor, financing rates, fees, amortisation schedules, requirement for collateral) than corresponding transactions with nonrelated counterparties.97 3. The supervisory authority requires that transactions with related parties and the write-off of related party exposures exceeding specified amounts or otherwise posing special risks are subject to prior approval by the IIFS’s BOD. The supervisory authority requires that BOD members with conflicts of interest are excluded from the approval process of granting and managing related party transactions. 4. The supervisory authority determines that IIFS have policies and processes to prevent persons benefiting from the transaction and/or persons related to such a person from being part of the process of granting and managing the transaction. 5. Laws or regulations set, or the supervisory authority has the power to set on a general or caseby-case basis, limits for exposures to related parties, to deduct such exposures from capital when assessing capital adequacy, or to require collateralisation of such exposures in a Sharī`ah-compliant way. When limits are set on aggregate exposures to related parties, those are at least as strict as those for single counterparties or groups of connected counterparties. 6. The supervisory authority determines that IIFS have policies and processes to identify individual exposures to and transactions with related parties as well as the total amount of exposures, 96 As defined in IFSB-16, close members of the family of a person are those family members who may be expected to influence, or be influenced by, that person in their dealings with the entity and include, but are not limited to: (a) that person’s parents, children or spouse(s); (b) children of that person’s spouse(s); (c) dependants of that person or that person’s spouse(s); and (d) that person’s sibling(s). 97 An exception may be appropriate for beneficial terms that are part of overall remuneration packages (e.g. staff receiving credit at favourable financing rates). 48
63. and to monitor and report on them through an independent credit review or audit process . The supervisory authority determines that exceptions to policies, processes and limits are reported to the appropriate level of the IIFS’s senior management and, if necessary, to the BOD, for timely action. The supervisory authority also determines that senior management monitors related party transactions on an ongoing basis, and that the BOD also provides oversight of these transactions. 7. The supervisory authority obtains and reviews information on aggregate exposures to related parties. CPIFR 23: Country and transfer risks (BCP 21) The supervisory authority determines that IIFS have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate country risk98 and transfer risk99 in their international financing and investment activities on a timely basis. (Reference document: BCBS’s Management of banks’ international lending, March 1982.) Essential criteria 1. The supervisory authority determines that an IIFS’s policies and processes give due regard to the identification, measurement, evaluation, monitoring, reporting and control or mitigation of country risk and transfer risk. The supervisory authority also determines that the processes are consistent with the risk profile, systemic importance and risk appetite of the IIFS, take into account market and macroeconomic conditions, and provide a comprehensive bank-wide view of country and transfer risk exposure. Exposures (including, where relevant, intragroup exposures) are identified, monitored and managed on a regional and an individual country basis (in addition to the end-counterparty basis). IIFS are required to monitor and evaluate developments in country risk and in transfer risk, and apply appropriate countermeasures. 2. The supervisory authority determines that IIFS’ strategies, policies and processes for the management of country and transfer risks have been approved by the IIFS’ BOD and that the BOD oversees management in a way that ensures that these policies and processes are implemented effectively and are fully integrated into the IIFS’ overall risk management process. 3. The supervisory authority determines that IIFS have information systems, risk management systems and internal control systems that accurately aggregate, monitor and report country exposures on a timely basis, and ensure adherence to established country exposure limits. 4. There is supervisory oversight of the setting of appropriate provisions against country risk and transfer risk. Different international practices are acceptable as long as they lead to risk-based results. These include: (a) The supervisory authority (or some other official authority) decides on appropriate minimum provisioning by regularly setting fixed percentages for exposures to each country, taking into account prevailing conditions. The supervisory authority reviews minimum provisioning levels where appropriate. (b) The supervisory authority (or some other official authority) regularly sets percentage ranges for each country, taking into account prevailing conditions. The IIFS may decide, within these ranges, which provisioning to apply for the individual exposures. The supervisory authority reviews percentage ranges for provisioning purposes where appropriate. (c) The IIFS itself (or some other body, such as the national bankers association) sets percentages or guidelines, or even decides, for each individual financing, on the appropriate provisioning. The adequacy of the provisioning will then be judged by the external auditor and/or by the supervisory authority. 98 Country risk is the risk of exposure to loss caused by events in a foreign country. The concept is broader than sovereign risk, as all forms of lending or investment activity, whether to/with individuals, corporates, banks or governments, are covered. 99 Transfer risk is the risk that a recipient of financing will not be able to convert local currency into foreign exchange and so will be unable to meet his or her financial obligation in foreign currency. The risk normally arises from exchange restrictions imposed by the government in the client’s country. (Reference document: IMF paper on External Debt Statistics – Guide for compilers and users, 2003.) 49
64. 5 . The supervisory authority requires IIFS to include appropriate scenarios in their stress testing programmes to reflect country and transfer risk analysis for risk management purposes. 6. The supervisory authority regularly obtains and reviews sufficient information on a timely basis on the country risk and transfer risk of banks. The supervisory authority also has the power to obtain additional information as needed (e.g. in crisis situations). CPIFR 24: Equity investment risk100 The supervisory authority satisfies itself that adequate policies and procedures including appropriate strategies, risk management and reporting processes are in place for equity investment risk management, including Muḍārabah and Mushārakah investments in the banking book (i.e. financing on a profit-and-loss sharing basis), taking into account the IIFS’s appetite and tolerance for risk. In addition, the supervisory authority ensures that the IIFS: have in place appropriate and consistent valuation methodologies; define and establish the exit strategies in respect of their equity investment activities; and have sufficient capital when engaging in equity investment activities. (Reference documents: IFSB-1, December 2005; IFSB-4, December 2009; IFSB-15, December 2013; IFSB-13, March 2012; and IFSB-16, March 2014.) Essential criteria 1. Laws, regulations or the supervisory authority determine that the IIFS define and set the objectives of, and criteria for, investments using profit-sharing instruments (e.g. Muḍārabah and Mushārakah investments in the banking book), including the types of investment, tolerance for risk, expected returns and desired holding periods.101 2. The supervisory authority determines that the IIFS have, and keep under review, policies, procedures and an appropriate management structure for evaluating and managing the risks involved in the acquisition of, holding and exiting from profit-sharing investments. The supervisory authority ensures that proper infrastructure and capacity are in place to monitor continuously the performance and operations of the entity in which IIFS invest as partners.102 3. The supervisory authority determines that an IIFS ensures that its valuation methodologies103 are appropriate and consistent, and that it assesses the potential impacts of its methods (mutually agreed between the IIFS and the Muḍārib and/or Mushārakah partners) on profit calculations and allocations, taking into account market practices and liquidity features. The supervisory authority also determines that the IIFS assesses and takes measures to deal with the risks associated with potential manipulation of reported results leading to overstatements or understatements of partnership earnings. 4. The supervisory authority determines that an IIFS defines and establishes general criteria for exit strategies in respect of its equity investment activities, including extension and redemption conditions with the mutual consent of the parties for Muḍārabah and Mushārakah investments, alternative exit routes and the timing of exit. 5. The supervisory authority sets rules or guidelines for measuring, managing and reporting the risk exposures when dealing with non-performing equity investments and providing provisions. 100 The risks entailed by holding equity instruments for trading or liquidity purposes are dealt with under market risk in CPIFR 25. For example, a Mushārakah structure may contain an option for redemption whereby the IIFS as financiers have a contractual right to require their partner periodically to purchase, under a separate contract, a proportion of the IIFS’s share in the investment at net asset value or, if the contract so specifies on some agreed basis (Diminishing Mushārakah). 102 Where an IIFS invests as a partner (through Muḍārabah or Mushārakah) with an entrepreneur or business, a critical consideration is the quality of the other partner. Due diligence on the risk profile of that partner is essential to the fulfilment of IIFSs’ fiduciary responsibilities as an investor of IAH funds on a profit-sharing and loss-bearing basis (Muḍārabah) or a profit-and-loss sharing basis (Mushārakah). This risk profile includes the past record of the management team and quality of the business plan of, and human resources involved in, the proposed Muḍārabah or Mushārakah activity. 103 Valuation and accounting play an important role in measuring the quality of an equity investment, especially in a privately held entity, for which independent price quotations are neither available nor sufficient in volume to provide a basis for meaningful liquidity or market valuation. An appropriate and agreed method to be applied to determine the profit of the investment can be in the form of a certain percentage of either gross or net profit earned by the Muḍārabah or Mushārakah business, or any other mutually agreed terms. In the case of a change of the partnership’s shares in a Mushārakah (e.g. in a Diminishing Mushārakah), the shares changing hands should be valued at fair value or on some other mutually agreed basis. 101 50
65. 6 . The supervisory authority determines that there is a systematic process for regularly reviewing and updating the Mushārakah and Muḍārabah policies, processes and limits, to take into account the risk appetite of the IIFS and changes that take place in the IFSI. 7. The supervisory authority determines that appropriate policies and procedures on stress testing for Mushārakah- and Muḍārabah-related exposures are clearly specified by the IIFS. CPIFR 25: Market risk104 The supervisory authority determines that IIFS have an adequate market risk management process that takes into account their risk appetite, risk profile, and market and macroeconomic conditions and the risk of a significant deterioration in market liquidity. This includes prudent policies and processes to identify, measure, evaluate, monitor, report and control or mitigate market risks on a timely basis. (Reference documents: IFSB-1, December 2005; IFSB-13, March 2012; IFSB-15, December 2013; IFSB-16, March 2014; BCBS’s Revisions to the Basel II market risk framework, February 2011; BCBS’s Guidelines for computing capital for incremental risk in the trading book, July 2009; BCBS’s Supervisory guidance for assessing banks’ financial instrument fair value practices, April 2009; and BCBS’s Amendment to the Capital Accord to incorporate market risks, January 2005.) Essential criteria 1. Laws, regulations or the supervisory authority require IIFS to have appropriate market risk management processes that provide a comprehensive bank-wide view of market risk exposure. The supervisory authority determines that these processes are consistent with the risk appetite, risk profile, systemic importance and capital strength of the IIFS; take into account market and macroeconomic conditions and the risk of a significant deterioration in market liquidity; and clearly articulate the roles and responsibilities for identification, measuring, monitoring and control of market risk. 2. The supervisory authority determines that IIFS’ strategies, policies and processes for the management of market risk have been approved by the IIFS’ BOD and that the BOD oversees management in a way that ensures that these policies and processes are implemented effectively and fully integrated into the IIFS’ overall risk management process. 3. The supervisory authority determines that the IIFS’s policies and processes establish an appropriate and properly controlled market risk environment in compliance with Sharī`ah rules and principles, including: (a) effective information systems for accurate and timely identification, aggregation, monitoring and reporting of market risk exposure to the IIFS’s BOD and senior management; (b) internal systems and controls, and internal limits set by IIFS for their market risk management, taking into account contractual agreements with fund providers in respect of all assets held, including those that do not have a ready market and/or are exposed to high price volatility; (c) guidelines governing risk-taking activities in different portfolios of restricted IAH and their market risk limits; (d) appropriate market risk limits consistent with the IIFS’s risk appetite, risk profile and capital strength, and with the management’s ability to manage market risk and which are understood by, and regularly communicated to, relevant staff; (e) exception tracking and reporting processes that ensure prompt action at the appropriate level of the IIFS’s senior management or BOD, where necessary; 104 The IFSB defines market risk as the risk of losses in on- and off-balance sheet positions arising from movements in market prices – that is, fluctuations in values in tradable, marketable or leasable assets (including Sukūk) and in off-balance sheet individual portfolios (e.g. restricted investment accounts). The risks relate to the current and future volatility of market values of specific assets (e.g. the commodity price of a Salam asset, the market value of a Sukūk, the market value of Murābahah assets purchased to be delivered over a specific period) and of foreign exchange rates. 51
66. (f) effective controls around the use of models to identify and measure market risk, and set limits; and (g) sound policies and processes for allocation of exposures to the trading book. 4. The supervisory authority determines that there are systems and controls to ensure that IIFS’ marked-to-market positions are revalued frequently. The supervisory authority also determines that all transactions are captured on a timely basis and that the valuation process uses consistent and prudent practices, and reliable market data verified by a function independent of the relevant risktaking business units (or, in the absence of market prices, internal or industry-accepted models). To the extent that the IIFS relies on modelling for the purposes of valuation, the IIFS is required to ensure that the model is validated by a function independent of the relevant risk-taking business units. The supervisory authority requires IIFS to establish and maintain policies and processes for considering valuation adjustments for positions that otherwise cannot be prudently valued, including concentrated, less liquid, and stale positions. 5. The supervisory authority determines that IIFS hold appropriate levels of capital against unexpected losses and make appropriate valuation adjustments for uncertainties in determining the fair value of assets and liabilities. 6. The supervisory authority requires IIFS to include market risk exposures in their stress testing programmes for risk management purposes. The tests should cover, among other things, different types of Sukūk, equities, current and future volatility of market values of specific assets (such as Sukūk, Salām, Murābahah), and foreign exchange105 fluctuations. CPIFR 26: Rate of return risk106 The supervisory authority determines that IIFS have adequate systems to identify, measure, evaluate, monitor, report and control or mitigate rate of return (ROR) risk in the banking book on a timely basis. These systems take into account the IIFS’s risk appetite, risk profile and market and macroeconomic conditions. The supervisory authority also assesses the capacity of an IIFS to manage the ROR risk and any resultant DCR, and obtains sufficient information to assess its IAHs’ behavioural and maturity profiles. (Reference documents: IFSB-1, December 2005; GN-3, December 2010; GN-4, March 2011; and IFSB-16, March 2014.) Essential criteria 1. Laws, regulations or the supervisory authority require IIFS to have an appropriate ROR risk107 strategy and ROR management framework that provides a comprehensive IIFS-wide view of rate of return risk. This includes policies and processes to identify, measure, evaluate, monitor, report and control or mitigate material sources of ROR. The supervisory authority determines that the IIFS’s strategy, policies and processes are consistent with the risk appetite, risk profile and systemic importance of the IIFS, take into account market and macroeconomic conditions, and are regularly reviewed and appropriately adjusted, where necessary, with the IIFS’s changing risk profile and market developments. 2. The supervisory authority determines that an IIFS’s strategy, policies and processes for the management of ROR have been approved, and are regularly reviewed, by the IIFS’s board. The supervisory authority also determines that senior management ensures that the strategy, policies and processes are developed and implemented effectively. 105 Gold, silver and currency fall under foreign exchange risk in accordance with the Sharī`ah rules and principles that require the exchange of currencies to be made in an equal amount and on a spot basis. On the other hand, the Basel 1996 Market Risk Amendment (Section A3) treats gold as being under foreign exchange risk, and silver as being under commodity risk. 106 Wherever “rate of return risk” is used in this Principle, the term refers to rate of return risk in the banking book only. 107 ROR risk in the banking book of an IIFS (which is an analogue of interest rate risk in the banking book in conventional banks as defined by the BCBS) arises from the possible impact on the net income and cash flow of the IIFS arising from the effect of changes in the market rates and relevant benchmark rates on the returns on assets and on the returns payable on funding. It differs from interest rate risk in that IIFS are concerned with the returns on their investment activities at the end of the investment holding period and with the impact on net income and cash flow after the sharing of returns with IAH. ROR risk leads to DCR if the IIFS absorbs all or part of any shortfall in the returns payable to IAH by reducing its Muḍārib share or by donation from the shareholders’ share of income. 52
67. 3 . The supervisory authority assesses the capacity of IIFS to manage ROR risk. The supervisory authority obtains sufficient information to assess the IAHs’ behavioural and maturity profiles, and to satisfy itself as to the adequacy and quality of IIFSs’ policies and procedures regarding the management of ROR risk. Where the supervisory authority has a policy of stating an expected rate of return to UIAH, the supervisory authority establishes a framework within which this is to be undertaken by the IIFS operating in its jurisdiction. The framework may include, among other methods, applicable periods and recognisable income and expenses, and other calculation bases relating to the use of funds. This framework should assist the supervisory authority to assess the efficiency of IIFS in terms of their profitability and prudent management. 4. The supervisory authority determines that IIFS are aware of the factors that give rise to ROR risk, and that they have in place appropriate systems for identifying and measuring the factors which give rise to ROR risk.108 In assessing whether a potential threat is likely to have a material, likely and imminent impact on a balance sheet position, IIFS will ensure that they understand the different characteristics of their balance sheet positions in the different currencies and jurisdictions within which they operate.109 5. The supervisory authority ensures that IIFS consider ROR risk when setting and reviewing business and product strategies, and assess its impact on their balance sheet structure. 6. The supervisory authority determines that IIFS’ policies and processes establish an appropriate and properly controlled ROR environment, including: (a) comprehensive and appropriate ROR measurement systems; (b) regular review, and independent (internal or external) validation, of any models used by the functions tasked with managing ROR (including review of key model assumptions); (c) appropriate limits, approved by the IIFS’ boards and senior management, that reflect the IIFS’ risk appetite, risk profile and capital strength, and which are understood by, and regularly communicated to, relevant staff; (d) effective exception tracking and reporting processes which ensure prompt action at the appropriate level of the IIFS’ senior management or boards where necessary; and (e) effective information systems for accurate and timely identification, aggregation, monitoring and reporting of ROR exposure to the IIFS’ boards and senior management. 7. The supervisory authority obtains from IIFS sufficient and timely information with which to evaluate their level of benchmark rate risk. This information should take appropriate account of the range of maturities and currencies in each IIFS’s portfolio, including off-balance sheet items, as well as other relevant factors, such as the distinction between fixed-rate and variable-rate Sharī`ah-compliant contracts. Supervisory authorities collect additional information from IIFS on those positions where the behavioural maturity is different from the contractual maturity. 8. The supervisory authority requires IIFS to have in place an appropriate framework for managing DCR, where applicable. This requires the IIFS to have in place a policy and framework for managing the expectations of their shareholders and IAHs. Where market rates of return of competitors’ IAH are higher than those of the IIFS’s IAH, the IIFS will evaluate the nature and extent of the expectations of their IAHs and assess the amount of the gap between competitors’ rates and its own IAHs’ expected rates. In this context, IIFS need to develop and maintain an informed judgment about an appropriate level of the balances of PER (or an equivalent reserve maintained by the IIFS), bearing in mind that its essential function is to provide mitigation of DCR. 9. The supervisory authority requires IIFS to include appropriate scenarios in their stress testing programmes to measure their vulnerability to loss under adverse benchmark rate movements. 108 The primary form of ROR risk to which the IIFS are exposed comprises increasing long-term fixed rates in the market. In general, profit rates earned on assets reflect the benchmark of the previous period and do not correspond immediately to changes in increased benchmark rates. 109 For example, in case of early repayment made by the customer (in Murābahah or Ijārah transactions) in certain jurisdictions, IIFS may accept full settlement but give rebates on subsequent transactions, while in other jurisdictions the IIFS may give rebates immediately at their discretion without any reference to this in the contract. 53
68. Additional criteria 1 . The supervisory authority obtains from IIFS the results of their internal ROR measurement systems, expressed in terms of the threat to economic value, including using a standardised benchmark rate shock on the banking book. 2. The supervisory authority should particularly assess whether the internal measurement systems of IIFS adequately capture the benchmark rate risks in their banking book. CPIFR 27: Liquidity risk The supervisory authority sets prudent and appropriate liquidity requirements (which can include either quantitative or qualitative requirements or both) for IIFS that reflect the liquidity needs of the IIFS. The supervisory authority determines that IIFS have a strategy that enables prudent management of liquidity risk and compliance with liquidity requirements. The strategy takes into account the IIFS’s risk profile as well as market and macroeconomic conditions and includes prudent policies and processes, consistent with the IIFS’s risk appetite, to identify, measure, evaluate, monitor, report and control or mitigate liquidity risk over an appropriate set of time horizons. (Reference documents: IFSB-1, December 2005; IFSB-12, March 2012; IFSB-13, March 2012; IFSB-15, December 2013; IFSB-16, March 2014; GN-2, December 2010; GN-6, April 2015; and IFSB Working Paper on Strengthening the Financial Safety Net: The Role of Sharī`ah-compliant Lender-of Last-Resort (SLOLR) Facilities as an Emergency Financing Mechanism, April 2014.) Essential criteria 1. Laws, regulations or the supervisory authority require IIFS to consistently observe prescribed liquidity requirements including thresholds by reference to which an IIFS is subject to supervisory action. 2. The prescribed liquidity requirements reflect the liquidity risk profile of IIFS (including on- and offbalance sheet risks) in the context of the markets and macroeconomic conditions in which they operate. 3. The supervisory authority determines that IIFS have a robust liquidity management framework that requires the IIFS to maintain sufficient liquidity to withstand a range of stress events, and includes appropriate policies and processes for managing liquidity risk that have been approved by the IIFS’ BOD. The supervisory authority determines that these policies and processes provide a comprehensive bank-wide view of liquidity risk and are consistent with the IIFS’ risk profile and systemic importance. 4. The supervisory authority determines that IIFS’ liquidity strategy, policies and processes establish an appropriate and properly controlled liquidity risk environment in compliance with Sharī`ah rules and principles and within the context of available Sharī`ah-compliant instruments and markets, including: (a) clear articulation of an overall liquidity risk appetite that is appropriate for the IIFS’ business and their role in the financial system and that is approved by the IIFS’ BOD; (b) sound day-to-day, and where appropriate intraday, liquidity risk management practices; (c) effective information systems to enable active identification, aggregation, monitoring and control of liquidity risk exposures and funding needs (including active management of collateral positions) IIFS-wide; (d) adequate oversight by the IIFS’ BOD in ensuring that management effectively implements policies and processes for the management of liquidity risk in a manner consistent with the IIFS’ liquidity risk appetite; (e) regular review by the IIFS’ BOD (at least annually) and appropriate adjustment of the IIFS’ strategy, policies and processes for the management of liquidity risk in the light of the banks’ changing risk profile and external developments in the markets and macroeconomic conditi ons in which they operate; and 54
69. (f) 5. 6. adequate liquidity at all times for meeting the potential cash withdrawal requirements of their current account holders, UIAH and (in some cases) RIAH, and commodity Murābahah transaction (CMT) -based deposits (reverse Murābahah). The supervisory authority requires IIFS to establish, and regularly review, funding strategies and policies and processes for the ongoing measurement and monitoring of funding requirements and the effective management of funding risk. The policies and processes include consideration of how other risks (e.g. credit, market, DCR, operational (including Sharī`ah non-compliance risk) and reputation risk) may impact the IIFS’s overall liquidity strategy, and include: (a) an analysis of funding requirements under alternative scenarios; (b) the maintenance of a cushion of high-quality, unencumbered, liquid assets that can be used, without impediment, to obtain funding in times of stress;110 (c) diversification in the sources (including counterparties, instruments, currencies and markets) and tenor of funding, and regular review of concentration limits; (d) regular efforts to establish and maintain relationships with liability holders; (e) regular assessment of the capacity to sell assets; and (f) the constraints on obtaining Sharī`ah-compliant funding from market sources, as well as from the supervisory authority. The supervisory authority determines that IIFS have robust liquidity contingency funding plans to handle liquidity problems. The supervisory authority determines that the IIFS’s contingency funding plan is formally articulated, adequately documented, and sets out the IIFS’s strategy for addressing liquidity shortfalls in a range of stress environments without placing reliance on LOLR support. The supervisory authority also determines that the IIFS’s contingency funding plan establishes clear lines of responsibility, includes clear communication plans (including communication with the supervisor), and is regularly tested and updated to ensure it is operationally robust. The supervisory authority assesses whether, in the light of the IIFS’s risk profile and systemic importance, the IIFS’s contingency funding plan is feasible and requires the IIFS to address any deficiencies. 7. When an IIFS is part of a financial group which has a centralised structure for managing liquidity risk, the supervisory authority determines that the BOD and senior management at the group/parent level prepares a strategy, policies and procedures for the Islamic operations taking into account the position of such operations within the overall group/parent, with due consideration to mutual independencies and constraints in transfers of liquidity on a Sharī`ah-compliant basis between the group entities. 8. The supervisory authority requires IIFS to include in their stress testing programmes a variety of short-term and protracted bank-specific and market-wide liquidity stress scenarios111 (individually and in combination), using conservative and regularly reviewed assumptions, for risk management purposes. The supervisory authority determines that the results of the stress tests are used by the IIFS to adjust its liquidity risk management strategies, policies and positions, and to develop effective contingency funding plans. 9. The supervisory authority identifies those IIFS carrying out significant foreign currency liquidity transformation. Where an IIFS’s foreign currency business is significant, or the IIFS has significant exposure in a given currency, the supervisory authority requires the IIFS to undertake separate analysis of its strategy and monitor its liquidity needs separately for each such significant currency. This includes the use of stress testing to determine the appropriateness of mismatches in that 110 Guidance on the application of the global liquidity standards Liquidity Coverage Ratio (LCR) and Net Stable Funding Ratio (NSFR) is provided in GN-6. 111 This includes incorporating various categories of asset and liability positions based on: (a) known cash flows (Murābahah, CMT-based assets, Ijārah, Ijārah Sukūk and Diminishing Mushārakah on the assets side, and CMT-based liabilities on the liabilities side); (b) conditional but predictable cash flows (Salām and Istisnā` receivables); and (c) conditional but unpredictable cash flows (Mushārakah and Muḍārabah investments on the assets side and unrestricted PSIA on the liabilities side). 55
70. currency and , where appropriate, the setting and regular review of limits on the size of its cash flow mismatches for foreign currencies in aggregate and for each significant currency individually. In such cases, the supervisory authority also monitors the IIFS’s liquidity needs in each significant currency, and evaluates the IIFS’s ability to transfer liquidity from one currency to another across jurisdictions and legal entities. 10. The supervisory authority (or some other official authority) provides a clear statement of policy on the provision of Sharī`ah-compliant liquidity support (in particular, on the availability of a Sharī`ahcompliant LOLR facility), in both normal and stressed times. Additional criterion 1. The supervisory authority determines that IIFS’ levels of encumbered balance sheet assets are managed within acceptable limits to mitigate the risks posed by excessive levels of encumbrance in terms of the impact on an IIFS’s cost of funding and the implications for the sustainability of its longterm liquidity position. The supervisory authority requires IIFS to commit to adequate disclosure and to set appropriate limits to mitigate identified risks. CPIFR 28: Operational risk The supervisory authority determines that IIFS have an adequate operational risk management framework that takes into account their risk appetite, risk profile and market and macroeconomic conditions. This includes prudent policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk112 on a timely basis. (Reference documents: IFSB-1, December 2005; IFSB-13, March 2012; IFSB-15, December 2013; IFSB-16, March 2014; BCBS’s principles for the sound management of operational risk, June 2011; BCBS’s High-level principles for business continuity, August 2006; and Joint Forum Outsourcing in financial services, February 2005.) Essential criteria 1. Law, regulations or the supervisory authority require IIFS to have appropriate operational risk management strategies, policies and processes to identify, assess, evaluate, monitor, report and control or mitigate operational risk. The supervisory authority determines that the IIFS’s strategy, policies and processes are consistent with the IIFS’s risk profile, systemic importance, risk appetite and capital strength, take into account market and macroeconomic conditions, and address all major aspects of operational risk prevalent in the businesses of the IIFS on a bank-wide basis (including periods when operational risk could increase). 2. The supervisory authority requires IIFS’ strategies, policies and processes for the management of operational risk (including an IIFS’s risk appetite for operational risk) to be approved and regularly reviewed by the IIFS’s BOD. The supervisory authority also requires that the BOD oversees management in ensuring that these policies and processes are implemented effectively. 3. The supervisory authority determines that the approved strategy and significant policies and processes for the management of operational risk are implemented effectively by management and fully integrated into the IIFS’s overall risk management process. 4. The supervisory authority reviews the quality and comprehensiveness of the IIFS’s disaster recovery and business continuity plans to assess their feasibility in scenarios of severe business disruption which might plausibly affect the IIFS. In so doing, the supervisory authority determines that the IIFS is able to operate as a going concern and minimise losses, including those that may arise from disturbances to payment and settlement systems, in the event of severe business disruption. 5. The supervisory authority determines that IIFS have established appropriate information technology policies and processes to identify, assess, monitor and manage technology risks. The supervisory 112 Following the usage of the BCBS and IFSB-1, “operational risk” is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. This definition includes legal, fiduciary and Sharī`ah non-compliance risk, but excludes strategic and reputational risk. 56
71. authority also determines that IIFS have appropriate and sound information technology infrastructure to meet their current and projected business requirements (under normal circumstances and in periods of stress), which ensures data and system integrity, security and availability, and supports integrated and comprehensive risk management. 6. The supervisory authority determines that IIFS have appropriate and effective information systems to: (a) monitor operational risk; (b) compile and analyse operational risk data; and (c) facilitate appropriate reporting mechanisms at the IIFS’ BOD, senior management and business line levels that support proactive management of operational risk. 7. The supervisory authority requires that IIFS have appropriate reporting mechanisms to keep the supervisory authority apprised of developments affecting operational risk at IIFS in their jurisdictions. 8. The supervisory authority determines that IIFS keep track of income recognised from Sharī`ah noncompliant sources and assess the probability of similar cases arising in the future. Based on historical reviews and potential areas of Sharī`ah non-compliance, the IIFS may assess potential profits that cannot be recognised as eligible IIFS profits. 9. The supervisory authority determines that an IIFS considers Sharī`ah non-compliance risk as part of operational risk under the internal capital adequacy assessment process (ICAAP). 10. The supervisory authority determines that IIFS have established appropriate policies and processes to assess, manage and monitor outsourced activities. The outsourcing risk management programme covers: (a) conducting appropriate due diligence for selecting potential service providers; (b) structuring the outsourcing arrangement; (c) managing and monitoring the risks associated with the outsourcing arrangement; (d) ensuring an effective control environment; and (e) establishing viable contingency planning. Outsourcing policies and processes require the IIFS to have comprehensive contracts and/or service-level agreements with a clear allocation of responsibilities between the outsourcing provider and the IIFS. Additional criterion 1. The supervisory authority regularly identifies any common points of exposure to operational risk or potential vulnerability (e.g. outsourcing of key operations by many IIFS to a common service provider or disruption to outsourcing providers of payment and settlement activities). CPIFR 29: Internal control and audit The supervisory authority determines that IIFS have adequate internal control frameworks to establish and maintain a properly controlled operating environment for the conduct of their business taking into account their risk profile. These include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the IIFS, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding the IIFS’s assets; and appropriate independent113 internal audit and compliance functions to test adherence to these controls as well as applicable laws and regulations. 113 In assessing independence, supervisors give due regard to the control systems designed to avoid conflicts of interest in the performance measurement of staff in the compliance, control and internal audit functions. For example, the remuneration of such staff should be determined independently of the business lines that they oversee. 57
72. (Reference documents: IFSB-3, December 2006; IFSB-16, March 2014; BCBS’s Internal audit function in banks, June 2012; BCBS’s Compliance and the compliance function in banks, April 2005; and BCBS’s Framework for internal control systems in banking organisations, September 1998.) Essential criteria 1. Laws, regulations or the supervisory authority require IIFS to have internal control frameworks that are adequate to establish a properly controlled operating environment for the conduct of their business, taking into account their risk profile. These controls are the responsibility of the IIFS’s BOD and/ or senior management and deal with organisational structure, accounting policies and processes, checks and balances, and the safeguarding of assets and investments (including measures for the prevention and early detection and reporting of misuse such as fraud, embezzlement, unauthorised trading and computer intrusion). More specifically, these controls address: (a) organisational structure: definitions of duties and responsibilities, including clear delegation of authority (e.g. clear financing approval limits), decision-making policies and processes, separation of critical functions (e.g. business origination, payments, reconciliation, risk management, accounting, audit and compliance); (b) accounting policies and processes: reconciliation of accounts, control lists, information for management; (c) checks and balances (or “four eyes principle”): segregation of duties, cross-checking, dual control of assets, double signatures; and (d) safeguarding assets and investments: including physical control and computer access. 2. The supervisory authority determines that there is an appropriate balance in the skills and resources of the back office, control functions and operational management relative to the business origination units. The supervisory authority also determines that the staff of the back office and control functions have sufficient expertise and authority within the organisation (and, where appropriate, in the case of control functions, sufficient access to the IIFS’s BOD) to be an effective check and balance to the business origination units. 3. The supervisory authority determines that IIFS have an adequately staffed, permanent and independent compliance function114 that assists senior management in managing effectively the compliance risks faced by the IIFS. The supervisory authority determines that staff within the compliance function are suitably trained, have relevant experience, and have sufficient authority within the IIFS to perform their role effectively. The supervisory authority determines that the IIFS’s BOD exercises oversight of the management of the compliance function. 4. The supervisory authority determines that IIFS have an independent, permanent and effective internal audit function115 charged with: 5. (a) assessing whether existing policies, processes and internal controls (including risk management, compliance, Sharī`ah compliance and corporate governance processes) are effective, appropriate and remain sufficient for the IIFS’s business; and (b) ensuring that policies and processes are complied with. The supervisory authority determines that the internal audit function: (a) has sufficient resources, and staff that are suitably trained and have relevant experience to understand and evaluate the business they are auditing, including, where appropriate, specific types of risk applicable to IIFS such as Sharī`ah compliance issues; 114 The term “compliance function” does not necessarily denote an organisational unit. Compliance staff may reside in operating business units or local subsidiaries and report up to operating business line management or local management, provided such staff also have a reporting line through to the head of compliance who should be independent from business lines. 115 The term “internal audit function” does not necessarily denote an organisational unit. Some jurisdictions allow small IIFS to implement a system of independent reviews – for example, conducted by external experts – of key internal controls as an alternative. 58
73. (b) has appropriate independence with reporting lines to the IIFS’s BOD or to an audit committee of the BOD, and has status within the IIFS to ensure that senior management reacts to and acts upon its recommendations; (c) is kept informed in a timely manner of any material changes made to the IIFS’s risk management strategy, policies or processes; (d) has full access to and communication with any member of staff as well as full access to records, files or data of the IIFS and its affiliates, whenever relevant to the performance of its duties; (e) employs a methodology that identifies the material risks run by the IIFS; (f) prepares an audit plan, which is reviewed regularly, based on its own risk assessment and allocates its resources accordingly; and (g) has the authority to assess any outsourced functions. 6. The supervisory authority provides and enforces guidelines on internal Sharī`ah audits.116 7. The supervisory authority determines that IIFS undertake a Sharī`ah compliance review at least annually, performed either by a separate Sharī`ah control department or as part of the existing internal and external audit function by persons having the required knowledge and expertise for the purpose. 8. When assessing the effectiveness of the control (including internal audit) and compliance functions of the IIFS and its external audit, the supervisory authority holds discussions with the IIFS’s compliance function to assess its role, authority and effectiveness, and with its internal and external auditors and its Audit Committee regarding the audit scope and recent audit findings. CPIFR 30: Financial reporting and external audit (BCP 27) The supervisory authority determines that IIFS and banking groups maintain adequate and reliable records, prepare financial statements in accordance with accounting policies and practices that are widely accepted internationally and annually publish information that fairly reflects their financial condition and performance and bears an independent external auditor’s opinion. The supervisory authority also determines that IIFS and parent companies of banking groups have adequate governance and oversight of the external audit function. (Reference documents: IFSB-4, December 2009; IFSB-16, March 2014; BCBS’s Supervisory guidance for assessing banks’ financial instruments fair value practices, April 2009; BCBS’s External audit quality and banking supervision, December 2008; and BCBS’s The relationship between banking supervisors and banks’ external auditors, January 2002.) Essential criteria 1. The supervisory authority117 holds an IIFS’s BOD and management responsible for ensuring that financial statements are prepared in accordance with accounting policies and practices that are widely accepted internationally, suitably interpreted for Sharī`ah-compliant products and structures, and that these are supported by record-keeping systems in order to produce adequate and reliable data. 2. The supervisory authority holds an IIFS’s BOD and management responsible for ensuring that the financial statements issued annually to the public bear an independent external auditor’s opinion as a result of an audit conducted in accordance with internationally accepted auditing practices and standards. 3. The supervisory authority determines that IIFS use valuation practices consistent with accounting standards widely accepted internationally. The supervisory authority also determines that the framework, structure and processes for fair value estimation are subject to independent verification and validation, and that IIFS document any significant differences between the valuations used for financial reporting and regulatory purposes. 116 In this context, it may choose to do so by reference to guidelines established by other bodies. this essential criterion, the supervisory authority is not necessarily limited to the banking supervisory authority. The responsibility for ensuring that financial statements are prepared in accordance with accounting policies and practices may also be vested with securities and market supervisory authorities. 117 In 59
74. 4 . Laws or regulations set, or the supervisory authority has the power to establish, the scope of external audits of IIFS and the standards to be followed in performing such audits. These require the use of a risk and materiality based approach in planning and performing the external audit. 5. Supervisory guidelines or local auditing standards determine that audits cover areas such as the financing portfolio, financing loss provisions, non-performing assets, asset valuations, trading and other securities activities, Sharī`ah-compliant hedging instruments, asset securitisations, consolidation of and other involvement with off-balance sheet vehicles, and the adequacy of internal controls over financial reporting. 6. The supervisory authority has the power to reject and rescind the appointment of an external auditor who is deemed to have inadequate expertise or independence, or is not subject to or does not adhere to established professional standards. 7. The supervisory authority determines that IIFS rotate their external auditors (either the firm or individuals within the firm) from time to time. 8. The supervisory authority meets periodically with external audit firms to discuss issues of common interest relating to IIFS operations. 9. The supervisory authority requires the external auditor, directly or through the IIFS, to report to the supervisor matters of material significance – for example, failure to comply with the licensing criteria or breaches of banking or other laws, significant deficiencies and control weaknesses in the IIFS’s financial reporting process, or other matters that they believe are likely to be of material significance to the functions of the supervisory authority. Laws or regulations provide that auditors who make any such reports in good faith cannot be held liable for breach of a duty of confidentiality. Additional criterion 1. The supervisory authority has the power to access external auditors’ working papers, where necessary. CPIFR 31: Transparency and market discipline The supervisory authority determines that IIFS and banking groups regularly publish information on a consolidated and, where appropriate, solo basis that is easily accessible and fairly reflects their financial condition, performance, risk exposures, risk management strategies and corporate governance policies and processes. The supervisory authority also determines that IIFS implement a process for assessing the appropriateness of their disclosures, including validation and frequency. (Reference documents: IFSB-4, December 2009; and IFSB-16, March 2014.) Essential criteria 1. Laws, regulations or the supervisory authority require periodic public disclosures118 of information by IIFS on a consolidated and, where appropriate, solo basis that adequately reflect the IIFS’s true financial condition and performance, and adhere to standards promoting comparability, relevance, reliability and timeliness of the information disclosed. 2. The supervisory authority determines that an IIFS has a formal disclosure policy that is approved by its BOD. The disclosure policy addresses the IIFS’s approach for determining what disclosures it will make and the internal controls over the disclosure process. In addition, the supervisory authority determines that the IIFS implements a process for assessing the appropriateness of its disclosures, including validation and frequency. 3. The supervisory authority determines that the required disclosures include both qualitative and quantitative information on an IIFS’s financial performance, financial position, capital structure, capital adequacy, investment accounts (including specific disclosures on UIAHs and RIAHs), risk 118 For the purposes of this essential criterion, the disclosure requirement may be found in applicable accounting, stock exchange listing, or other similar rules, instead of or in addition to directives issued by the supervisory authority. 60
75. management strategies and practices , categories of risk, aggregate exposures to related parties, transactions with related parties, general and Sharī`ah governance arrangements and remuneration, accounting policies, and basic business, management, and consumer-friendly disclosures for retail IAHs. The scope and content of information provided and the level of disaggregation and detail are commensurate with the risk profile and systemic importance of the IIFS. 4. Laws, regulations or the supervisory authority require IIFS to disclose all material entities in the group structure (including Islamic windows). 5. The supervisory authority or another government agency effectively reviews and enforces compliance with disclosure standards. 6. The supervisory authority or other relevant body regularly publishes information on the banking system in aggregate to facilitate public understanding of the banking system and the exercise of market discipline. Such information includes aggregate data on balance sheet indicators and statistical parameters that reflect the principal aspects of an IIFS’s operations (balance sheet structure, capital ratios, income-earning capacity and risk profiles). 7. The supervisory authority determines that disclosures reinforce (a) discipline, and (b) fiduciary duties towards various stakeholders, particularly the IAH, with regard, among other things, to an IIFS’s compliance with Sharī`ah rules and principles. The supervisory authority also determines that disclosures focus on financial, risk and governance disclosures to enable market participants to assess the different categories and the overall level of risk in IIFS, the extent of risk-sharing and DCR borne by shareholders, the practice of smoothing of returns on profit-sharing investment accounts and the resultant risk-return mix for IAH. Additional criterion 1. The disclosure requirements imposed promote disclosure of information that will help in understanding an IIFS’s risk exposures during a financial reporting period – for example, on average exposures or turnover during the reporting period. CPIFR 32: Islamic “windows” operations Supervisory authorities define what forms of Islamic “windows” are permitted in their jurisdictions. The supervisory authorities review Islamic windows’ operations within their supervisory review process using the existing supervisory tools. The supervisory authorities in jurisdictions where windows are present satisfy themselves that the institutions offering such windows have the internal systems, procedures and controls to provide reasonable assurance that (a) the transactions and dealings of the windows are in compliance with Sharī`ah rules and principles; (b) appropriate risk management policies and practices are followed; (c) Islamic and non-Islamic business are properly segregated; and (d) the institution provides adequate disclosures for its window operations. (Reference documents: IFSB-4, December 2009; IFSB-10, December 2009; IFSB-15, December 2013; and IFSB-16, March 2014.) Essential criteria 1. Laws, regulations or the supervisory authority determine, with appropriate definitions, what forms of Islamic window operation are permitted to operate in the jurisdiction.119 119 The term “window” may be used in two different senses. (a) An Islamic “window operation” is defined as being part of a conventional financial institution (which may be a branch or dedicated unit of that institution, but not a separate legal entity) that provides both fund management (investment accounts) and financing and investment that are Sharī`ah-compliant. In principle, these windows are potentially “self-contained” (or “full windows”) in terms of Sharī`ah-compliant financial intermediation, as the funds managed will be invested in Sharī`ahcompliant assets, and segregation of assets (with separate accounting for profit and loss) is properly maintained between the Islamic window and its parent funds. (b) The term “window” is used in some jurisdictions to refer to an operation whereby an institution invests funds in Sharī`ah-compliant assets (such as home purchase plans based on Ijārah Muntahia Bittamlīk, Diminishing Mushārakah or Murābahah) without such funds having been mobilised on a Sharī`ah-compliant basis or specifically for Sharī`ah-compliant investment purposes. Such operations clearly do not meet the definition of an Islamic window given in (a) above, but are referred to as “asset-side only windows”. Such operations may be carried out through either branches that offer current account facilities or other units of the institution. The supervisory issues raised by such operations are substantially different from those raised by full-fledged IIFS, but include issues of risk management in respect of the Sharī`ah-compliant assets and of applying appropriate risk weightings to those assets for capital adequacy purposes. 61
76. 2 . The supervisory authority determines that an Islamic window has, both initially and on an ongoing basis, a minimum amount of funding from the conventional parent as required by the laws and regulations of the jurisdiction, including its capital adequacy and liquidity requirements. 3. The supervisory authority determines that an institution with Islamic windows has a system such that the separation of Islamic assets and funds from non-Sharī`ah-compliant assets and funds is made transparent. The system should act both to prevent the window from investing in non-Sharī`ahcompliant assets, and from channelling investors’ funds back to the conventional parent entity.120 4. Supervisory authorities in jurisdictions where windows are present satisfy themselves that the institutions offering such windows have the internal systems, procedures and controls to provide reasonable assurance that: (a) the transactions and dealings of the windows are in compliance with Sharī`ah rules and principles; and (b) appropriate risk management policies and practices are followed. 5. The supervisory authority requires a window to apply Sharī`ah governance arrangements comparable to those of a full-fledged IIFS. If the supervisory authority permits any variation to those arrangements (in respect of the institution’s Islamic business), it should have clear reasons for doing so. In such cases, the supervisory authority should satisfy itself that pertinent Sharī`ah Fatāwa and resolutions are complied with by the financial institution’s management in their offering of Islamic financial services. 6. The supervisory authority takes account of the Sharī`ah-compliant assets of the window, as well as the risk-bearing nature of the Sharī`ah-compliant funds that are invested in these assets, in assessing the capital adequacy of the conventional financial institution concerned. The IFSB’s Revised Capital Adequacy Standard provides a measurement approach that may be used for this purpose, although in general the overall capital regulatory requirement is embodied in the regulatory requirement at the main institutional (consolidated121 or parent) level, irrespective of whether the parent is in the same jurisdiction or in another jurisdiction. 7. The supervisory authority determines and understands the manner in which capital and liquidity are to be made available to Islamic windows, and how losses generated by the windows will eventually be absorbed. 8. In cases where a conventional bank offers Islamic operations through Islamic windows, supervisory authorities fully evaluate the liquidity risk management framework at both the group/parent level and Islamic entity level. The supervisory authority also determines that senior management of a conventional bank operating Islamic operations in the form of an Islamic window is aware of the differences, complexities and constraints in managing liquidity in the Islamic operations vis-à-vis at the bank level.122 A particular issue arises when the parent entity of an Islamic window operation is situated in another jurisdiction and there are restrictions on, or impediments to, fund transfers between the parent and the window. 9. The supervisory authority requires the Islamic window to disclose information that is material in the sense that its omission or misstatement could influence a user relying on that information for the purpose of making economic and legitimate assessments or decisions in accordance with Sharī`ah requirements. The supervisory authority requires the institution to publish a full separate set of financial statements for its window operation either in the notes to the financial statements of the conventional financial institution of which the window is a part, or separately in readily accessible form. In particular, the supervisory authority requires the institution to disclose publicly, among other things: (a) sources of funds to cover a liquidity deficit of the window, if any; (b) capital adequacy related disclosures; 120 The window’s share of profits from managing those funds may, of course, be channelled back to the parent. However, any losses of the parent conventional financial institution should not lead to a withdrawal of funds from the Islamic window, which would leave it unable to meet its capital adequacy and liquidity requirements. 121 For the purpose of the principle on Islamic windows, the term “consolidation” refers to consolidation of the window with its parent conventional bank of which it is a branch or division. This term should not be confused with the group consolidation of a parent company and its subsidiaries at the banking group level. 122 Normally, in the case of Islamic window operations, a dedicated funding line is made available from the head office treasury to meet any liquidity shortfalls in normal and stressed times, on a Sharī`ah-compliant basis. 62
77. (c) risk management and governance; (d) appointment of a competent Sharī`ah scholar or Sharī`ah board; and (e) a Sharī`ah compliance report covering, among other things, the mechanism established to provide Sharī`ah oversight of the activities of an Islamic window. 10. The supervisory authority’s approach to a window, including its prudential approach, reflects its best understanding of how an Islamic window will be treated in liquidation or other insolvency, including the contractual rights of the window’s clients, including UIAHs, according to applicable law. 11. If the supervisory authority has a policy requiring Islamic windows to be converted into Islamic banking subsidiaries, the criteria for requiring conversion are clearly specified (e.g. in terms of asset size of the window in absolute terms or as a percentage of the parent’s balance sheet, years of operation, etc.). Such criteria are clearly grounded in the overall legal and regulatory framework in the jurisdiction as well as its overall strategic plan for the Islamic banking industry, if any. CPIFR 33: Abuse of financial services (BCP 29) The supervisory authority determines that IIFS have adequate policies and processes, including strict customer due diligence (CDD) rules to promote high ethical and professional standards in the financial sector and prevent IIFS from being used, intentionally or unintentionally, for criminal activities.123,124 (Reference documents: FATF Recommendations, February 2012; BCBS’s Consolidated KYC risk management, October 2004; BCBS’s Shell banks and booking offices, January 2003; and BCBS’s Customer due diligence for banks, October 2001.) Essential criteria 1. Laws or regulations establish the duties, responsibilities and powers of the supervisory authority related to the supervision of IIFS’ internal controls and enforcement of the relevant laws and regulations regarding criminal activities. 2. The supervisory authority determines that IIFS have adequate policies and processes that promote high ethical and professional standards and prevent the IIFS from being used, intentionally or unintentionally, for criminal activities. This includes the prevention and detection of criminal activity, and reporting of such suspected activities to the appropriate authorities. 3. In addition to reporting to the financial intelligence unit or other designated authorities, IIFS report to the banking supervisory authority suspicious activities and incidents of fraud when such activities/ incidents are material to the safety, soundness or reputation of the IIFS.125 4. If the supervisory authority becomes aware of any additional suspicious transactions, it informs the financial intelligence unit and, if applicable, other designated authority of such transactions. In addition, the supervisory authority, directly or indirectly, shares information related to suspected or actual criminal activities with relevant authorities. 123 The IFSB is aware that, in some jurisdictions, other authorities, such as a financial intelligence unit (FIU), rather than a banking supervisor, may have primary responsibility for assessing compliance with laws and regulations regarding criminal activities in banks, such as fraud, money laundering and the financing of terrorism. Thus, in the context of this principle, “the supervisory authority” might refer to such other authorities – in particular, in Essential Criteria 7, 8 and 10. In such jurisdictions, the banking supervisor cooperates with such authorities to achieve adherence with the criteria mentioned in this principle. 124 Sharī`ah compliance in itself demands high ethical standards and conduct, and the absence of activities that would result in fraud and criminal activity. 125 Consistent with international standards, IIFS are to report suspicious activities involving cases of potential money laundering and the financing of terrorism to the relevant national centre, established either as an independent governmental authority or within an existing authority or authorities that serves as an FIU. 63
78. 5 . 6. The supervisory authority determines that IIFS establish CDD policies and processes that are well documented and communicated to all relevant staff. The supervisory authority also determines that such policies and processes are integrated into the IIFS’s overall risk management and there are appropriate steps to identify, assess, monitor, manage and mitigate risks of money laundering and the financing of terrorism with respect to customers, countries and regions, as well as to products, services, transactions and delivery channels on an ongoing basis. The CDD management programme, on a group-wide basis, has as its essential elements: (a) a customer acceptance policy that identifies business relationships that the IIFS will not accept based on identified risks; (b) a customer identification, verification and due diligence programme on an ongoing basis; this encompasses verification of beneficial ownership, understanding the purpose and nature of the business relationship, and risk-based reviews to ensure that records are updated and relevant; (c) policies and processes to monitor and recognise unusual or potentially suspicious transactions; (d) enhanced due diligence on high-risk accounts (e.g. escalation to the IIFS’s senior management level of decisions on entering into business relationships with these accounts or maintaining such relationships when an existing relationship becomes high-risk); (e) enhanced due diligence on politically exposed persons (including, among other things, escalation to the IIFS’s senior management level of decisions on entering into business relationships with these persons); and (f) clear rules on what records must be kept on CDD and individual transactions and their retention period. Such records have at least a five-year retention period. The supervisory authority determines that IIFS have in addition to normal due diligence, specific policies and processes regarding correspondent banking. Such policies and processes include: (a) gathering sufficient information about their respondent IIFS to understand fully the nature of their business and customer base, and how they are supervised; and (b) not establishing or continuing correspondent relationships with those that do not have adequate controls against criminal activities or that are not effectively supervised by the relevant authorities, or with those banks that are considered to be shell banks. 7. The supervisory authority determines that IIFS have sufficient controls and systems to prevent, identify and report potential abuses of financial services, including money laundering and the financing of terrorism. 8. The supervisory authority has adequate powers to take action against an IIFS that does not comply with its obligations related to relevant laws and regulations regarding criminal activities. 9. The supervisory authority determines that IIFS have: (a) requirements for internal audit and/or external experts126 to independently evaluate the relevant risk management policies, processes and controls. The supervisory authority has access to their reports; (b) established policies and processes to designate compliance officers at the IIFS’ management level, and appoint a relevant dedicated officer to whom potential abuses of the IIFS’ financial services (including suspicious transactions) are reported; (c) adequate screening policies and processes to ensure high ethical and professional standards when hiring staff; or when entering into an agency or outsourcing relationship; and 126 These could be external auditors or other qualified parties, commissioned with an appropriate mandate, and subject to appropriate confidentiality restrictions. 64
79. (d) on going training programmes for their staff, including on CDD and methods to monitor and detect criminal and suspicious activities. 10. The supervisory authority determines that IIFS have and follow clear policies and processes for staff to report any problems related to the abuse of the IIFS’ financial services to either local management or the relevant dedicated officer or to both. The supervisory authority also determines that IIFS have and utilise adequate management information systems to provide the IIFS’ BOD, management and the dedicated officers with timely and appropriate information on such activities. 11. Laws provide that a member of an IIFS’s staff who reports suspicious activity in good faith either internally or directly to the relevant authority cannot be held liable. 12. The supervisory authority, directly or indirectly, cooperates with the relevant domestic and foreign financial sector supervisory authorities or shares with them information related to suspected or actual criminal activities where this information is for supervisory purposes. 13. Unless this is performed by another authority, the supervisory authority has in-house resources with specialist expertise for addressing criminal activities. In this case, the supervisory authority regularly provides information on risks of money laundering and the financing of terrorism to the IIFS. 65
80. APPENDIX A MAPPING THE BCPs : THE CPIFR APPROACH BCPs CPIFR Approach: Revised CPs in the form of CPIFR Reflecting the Specificities of IIFS Supervisory powers, responsibilities and functions CP 1: Responsibilities, objectives and powers Retained unamended: CPIFR 1 CP2: Independence, accountability, resourcing and legal protection for supervisors Retained unamended: CPIFR 2 CP3: Cooperation and collaboration Retained unamended: CPIFR 3 CP4: Permissible activities Amended: CPIFR 4 CP5: Licensing criteria Retained unamended: CPIFR 5 CP6: Transfer of significant ownership Retained unamended: CPIFR 6 CP7: Major acquisitions Amended: CPIFR 7 CP8: Supervisory approach Retained unamended: CPIFR 8 CP9: Supervisory techniques and tools Amended: CPIFR 9 CP10: Supervisory reporting Amended: CPIFR 10 CP11: Corrective and sanctioning powers of supervisors Amended: CPIFR 11 CP12: Consolidated supervision Amended: CPIFR 12 CP13: Home-host relationships Amended: CPIFR 13 Prudential regulations and requirements CP14: Corporate governance Amended: CPIFR 15 CP15: Risk management process Amended: CPIFR 17 CP16: Capital adequacy Amended: CPIFR 18 CP17: Credit risk Amended: CPIFR 19 CP18: Problem assets, provisions and reserves Amended: CPIFR 20 CP19: Concentration risk and large exposure limits Amended: CPIFR 21 CP20: Transactions with related parties Amended: CPIFR 22 CP21: Country and transfer risks Retained unamended: CPIFR 23 CP22: Market risks Amended: CPIFR 25 CP23: Interest rate risk in the banking book N/A But CP23 replaced with CPIFR 26 CP24: Liquidity risk Amended: CPIFR 27 CP25: Operational risk Amended: CPIFR 28 CP26: Internal control and audit Amended: CPIFR 29 CP27: Financial reporting and external audit Retained unamended: CPIFR 30 CP28: Disclosure and transparency Amended: CPIFR 31 CP29: Abuse of financial services Retained unamended: CPIFR 33 Additional core principles Treatment of PSIA/IAHs New: CPIFR 14 Sharī`ah governance framework New: CPIFR 16 Equity investment risk New: CPIFR 24 Rate of return risk [replacing CP23] New: CPIFR 26 Islamic “windows” operations New: CPIFR 32 66
81. DEFINITIONS The following definitions are intended to assist readers in their general understanding of the terms used in this Standard . The list is by no means exhaustive. Alpha (α) Alpha (α) Commodity Murābahah Diminishing Mushārakah Displaced commercial risk (DCR) Displaced commercial risk (DCR) “Alpha (α)” is a measure of the proportion of actual credit and market risk on assets financed by investment account holders’ funds that is transferred to shareholders – that is, the displaced commercial risk. The parameter “alpha” is dependent on the supervisory authority’s directive in the jurisdiction in which the institution offering Islamic financial services (IIFS) operates. The value of “alpha” varies from 0 to 1. GN-4 provides a methodology to estimate the value of “alpha” to be used when the supervisory discretion formula is applied in calculating the capital adequacy ratio of IIFS. The term “commodity Murābahah transactions as a tool for liquidity management” refers to a Murābahah-based purchase and sale transaction of Sharī`ahcompliant commodities, whether on cash or deferred payment terms. A form of partnership in which one of the partners promises to buy the equity share of the other partner over a period of time until the title to the equity is completely transferred to the buying partner. The transaction starts with the formation of a partnership, after which buying and selling of the other partner’s equity takes place at market value or the price agreed upon at the time of entering into the contract. The “buying and selling” is independent of the partnership contract and should not be stipulated in the partnership contract, since the buying partner is only allowed to promise to buy. It is also not permitted that one contract be entered into as a condition for concluding the other. An institution offering Islamic financial services (IIFS) that undertakes the role of a Muḍārib for investment account holders (IAHs) may donate a part of its Muḍārib share and/or its profit to the IAHs in order to smooth the returns payable to them, and the risk of an IIFS being obliged to do this for commercial or other reasons is called “displaced commercial risk”. This is because initially the risk (volatility of returns) is to be borne by Rabb al-Māl (IAHs) but it has been displaced onto the IIFS as it accepts to do so. Governance Committee The Governance Committee is another board committee, as recommended Governance Committee in IFSB-3, established by the board of directors, and specifically mandated to protect the interests of the investment account holders. Hamish al-Jiddiyyah (HJ) Hamish al-Jiddiyyah (HJ) carries a limited recourse to the extent of damages incurred by the institution offering Islamic financial services (IIFS) when the purchase orderer fails to honour a binding promise to purchase (PP) Hamish al-Jiddiyyah or promise to lease (PL). The IIFS has recourse to the clients in the PP/PL (HJ) if the HJ is insufficient to cover the damages. If the amount was more than the recognised damages, the balance should be given back to the clients. Moreover, if the damage was not recognised, the whole amount should be returned to the client. Ijārah An agreement made by an institution offering Islamic financial services to lease to a customer an asset specified by the customer for an agreed period against specified rental. An Ijārah contract commences with a promise to lease that is binding on the part of the potential lessee prior to entering the Ijārah contract. Investment risk reserves (IRR) The amount appropriated by the institution offering Islamic financial services out of the profit of investment account holders (IAHs), after allocating the Muḍārib’s share of profit, in order to cushion against future investment losses for IAHs. Istisnā` A contract of sale of specified objects to be manufactured or constructed, with an obligation on the part of the manufacturer or builder to deliver the objects to the customer upon completion. 67
82. Mu ḍārabah Muḍārabah Mushārakah Mushārakah A partnership contract between the capital provider (Rabb al-Māl) and an entrepreneur (Muḍārib) whereby the capital provider would contribute capital to an enterprise or activity that is to be managed by the entrepreneur. Profits generated by that enterprise or activity are shared in accordance with the percentage specified in the contract, while losses are to be borne solely by the capital provider unless they are due to the entrepreneur’s misconduct, negligence or breach of contracted terms. Various deposit (investment) products are structured using this concept. A partnership contract in which the partners (Shurakā’, sing: Shārik) agree to contribute capital to an enterprise, whether existing or new, or towards the ownership of an asset, either on a temporary or permanent basis. Profits generated by that enterprise or asset are shared in accordance with the percentage specified in the Mushārakah agreement, while losses are shared in proportion to each partner’s share of capital. Various products, such as financing imports, exports, working capital, project finance, etc., can be structured using this concept. Profit equalisation Profit equalisation reserve (PER) reserve (PER) The amount appropriated by the institution offering Islamic financial services out of the Muḍārabah profits, before allocating the Muḍārib’s share of profit, in order to maintain a certain level of return on investment for unrestricted investment account holders. Qarḍ A loan intended to allow the borrower to use the funds for a period with the understanding that this would be repaid at the end of the period, where it is not permissible for any increase in cash or benefit. Salam An agreement to purchase, at a predetermined price, a specified kind of commodity not currently available to the seller, which is to be delivered on a specified future date as per agreed specifications and specified quality. The institution offering Islamic financial services as the buyer makes full payment of the purchase price upon conclusion of a Salam contract. The commodity may or may not be traded over-the-counter or on an exchange. Sharī`ah supervisory board Specific body set up or engaged by the institution offering Islamic financial services to carry out and implement its Sharī`ah governance system. Sukūk Certificates that represent a proportional undivided ownership right in tangible assets, or a pool of assets that are Sharī`ah-compliant. Sukūk securitisation Sukūk securitisation (Sharī`ah-compliant (Sharī`ah-compliant securitisation) securitisation) Securitisation is the process of issuing Sukūk or investment certificates which represent a common share of certain assets; these Sukūk or certificates can be issued by the owners of such assets or another body (a special purpose entity) as trustee acting as a fiduciary. Takāful A contract whereby a group of participants (Mushtarikīn) agree among themselves to support one another by contributing a sum of money into a common fund, which will be used for mutual assistance of the members against specified loss or damage. Takāful Unrestricted investment accounts holders The account holders authorise the institution offering Islamic financial services (IIFS) to invest their funds based on Muḍārabah contracts without imposing any restrictions. The IIFS can commingle these funds with their own funds and invest them in a pooled portfolio. Wakālah An agency contract where the customer (principal) appoints the institution offering Islamic financial services as agent (Wakīl) to carry out the business on their behalf and where a fee (or no fee) is charged to the principal based on the contract agreement. 68