an increase in inflation in the market that the rational, strictly transactional investors will start to expect to get a higher rate of return. These changes in expectations of the rate of return can trigger the transfer of funds to other banks.
Investment Risk
This risk occurs as a result of the Islamic bank bearing the risk of the debtor's business experiencing losses when the business is financed with a profit–loss sharing contract, like mudharabah or musyarakah. The investment risk is larger if the profit-sharing base used is operating profit or net profit of the debtor's business. If the debtor's business goes bankrupt, the Islamic bank can lose the principal financing channeled to the debtor.
Fiduciary Risk
Fiduciary risk is a risk that arises from the Islamic bank's failure in fulfilling both an implicit and explicit standard that can be applied towards their fiduciary responsibility. Investment failure can cause the Islamic bank to experience bankruptcy (insolvency) in which it cannot pay back its third-party funds. AAOIFI categorizes a risk as a fiduciary risk if an Islamic bank provides a rate of return that is lower than the market rate and if the depositors interpret this low rate of return as being due to the Islamic bank making mistakes in managing their funds and to violations in the Islamic bank's investment contract.
Stages in Risk Management
In facing risks, Islamic banks need to acquire various risk management methods as ammunition. This should be done from the very beginning, at the point of deciding on the risk management goals and strategy, as well as identifying, measuring, and mitigating risks; running supervision; and reporting the implementation of risk management that has been done. Risk management practices need to occur continuously, the same way that risks constantly change and grow in amount and variety.
Risk management practices continuously experience changes from time to time. Classic risk management focuses in determining the risk limit while ensuring that the business run is still profitable. The cutting-edge practice of risk management ensures that the organization has achieved the expected risk-adjusted performance. The evolution that has happened in risk-management practices is not only in the context of concept and framework, but also covers methods, measurement, and risk mitigation. The evolution of risk management is illustrated in Figure 2.1.
Figure 2.1 The Evolution of Islamic Risk Management
The current principles and methods of risk management have been used by many financial institutions and are claimed to be quite sensitive to risk. This progress is undoubtedly connected to the development of new methods in risk management, a more complete and informative database, and more advanced and well-developed information systems. But on the other hand, the types and forms of risk have also changed, along with the development of risk management practices. With those drastic changes, the probability of having a large risk exposure and having that risk actually manifest as a major problem can be reduced and avoided. The high degree of interconnection and interdependence between banks has changed the face of risk. Systemic risk, which was previously not well known, became a very popular concern after the global financial crisis of 2008. The term “too big to fail” which was often used before, has now been eclipsed by the term “too many to fail.” From the crisis itself, we can see that risk itself has changed into something more complex and multifaceted than before.
Building Philosophy and Organizational Culture
The process of risk management should begin by building organizational culture, instilling philosophy, and integrating an institution's vision and mission into the existing system. Not only is it necessary to build physical risk management systems (e.g., socializing the jargon, the information system technology, standard operating procedures, reward and punishment systems, etc.), but also it is more important to build an awareness and culture of risk management. Each employee in an Islamic bank must be aware of and understand that risk is always with them, all the time. They need to be aware that no matter how small the risk they are exposed to, that risk is a liable threat not only to them, but also to the banks where they work. This could extend to the disturbance of daily operations, the losses experienced by a bank's business, and even to the extent of threatening the bank's continued operations.
Building Organizational Structure
Because risk management is a continuous management process, its application should be supported by a strong and effective organizational structure. An organizational structure supportive of the application of risk management does not merely form a risk management division or department. More than that, the risk management process should be arranged in a way that combines both top-down and bottom-up approaches. The responsibility and decision making related to risk-management should be formulated at every managerial level. The top-down and bottom-up approaches to the risk management of Islamic banks are done simultaneously and concurrently, as shown in Figure 2.2.
Figure 2.2 Top-Down and Bottom-Up Approaches
In a top-down approach, the top management formulates the guidelines, policy, and strategy related to risk management. Included in this are risk limit, risk mitigation, risk-return profile, and the like. These formulations are then socialized comprehensively, from the highest echelons of top management to the lowest level of the Islamic bank's structural position. The bottom-up approach, on the other hand, is done as the Islamic bank runs its daily operations in a routine and contiguous manner. In transactions done by officers in various branches of the Islamic bank, spread throughout all regions, the first part of risk exists. Risk began with the existence of the transaction itself, as the risk-return profile for each transaction must be able to be accurately estimated. The types of transactions entered by the officers are of course different from one unit (departments or division) to the next.
The simplest process of risk management usually consists of three stages: the guideline-determination process, the decision-making process and the monitoring process. In the guideline-determination process, certain guides and standards of risk management like the determination of risk limit, the delegation of tasks related to risk management, operational standards, return benchmark, etc., is determined by top management. The guidelines that have been formed are then socialized to all components of various levels in the Islamic bank. After that, the decision-making process can be handled by various components in the Islamic bank's structure. Many decisions that are directly related to risk are decisions that are related to banking transactions. Finally, all risks that emerge from various financial transactions must always be monitored and supervised to ensure that information related to the risk exposure of the Islamic bank is always up-to-date. The monitoring process can function as an early warning system. If there is a transaction whose risk contribution can drastically increase the risk exposure of the Islamic bank, then a good monitoring process should be able to detect this as it happens, enabling timely prevention or mitigation.
Preparing an Adequate Database System
The purpose of a continuous risk management process is to be well prepared to face the challenges of the evolving present. This is extremely reliant on the readiness of the database system; the adequacy of the information technology system, software, and hardware; the discipline in recording every risk-carrying event; the adequacy of reporting standards; and the construction of analysis procedure, as well as continuous and periodical evaluation.
The database system, the adequacy of the information technology system, and the discipline in recording every risk-carrying event are all-important aspects that must be the focus of the Islamic bank's attention. Without the support of all those aspects, the identification and measurement of risk will experience many obstacles. If errors do happen, but are
