Back Custom print Link Text Only Rich Text Print

  • HC-3.5 HC-3.5 Risk Committee

    • HC-3.5.1

      The risk committee of the Bahraini Islamic bank licensee must have at least three directors of which the majority must be independent. In addition, the committee members must have experience in risk management issues and practices and have no conflict of interest with any other duties they may have.

      Added: April 2023

    • HC-3.5.2

      The chairperson of the risk committee must:

      (a) Be independent;
      (b) Not be the chairperson of the Board, unless he is considered independent; and
      (c) Not be the chairperson of any other Board committee.
      Added: April 2023

    • HC-3.5.3

      The CEO and other senior management must not be members of the risk committee.

      Added: April 2023

    • HC-3.5.4

      The licensee must have a strong and appropriate risk governance framework which:

      (a) Includes a strong risk culture, and a well-developed risk appetite articulated through the risk appetite statement (RAS);
      (b) Outlines actions to be taken when the stated risk limits are breached, including disciplinary actions for excessive risk-taking, escalation procedures and notification to the Board; and
      (c) Includes well-defined organisational responsibilities for risk management.
      Added: April 2023

    • HC-3.5.5

      The Bahraini Islamic bank licensee’s RAS must:

      (a) Include both quantitative and qualitative considerations;
      (b) Establish the individual and aggregate level and types of risks that the bank is willing to assume;
      (c) Define the boundaries and business considerations according to which the bank is expected to operate;
      (d) Be aligned with the bank’s strategic, capital and financial plans and compensation practices; and
      (e) Be communicated effectively throughout the bank, linking it to daily operational decision-making and establishing the means to raise risk issues and strategic concerns across the bank on a timely and proactive basis.
      Added: April 2023

    • HC-3.5.6

      Islamic bank licensees must avoid organisational silos that can impede effective sharing of risk information across the organisation and can result in decisions being taken in isolation from the rest of the bank. Accordingly, the Board, senior management and control functions must re-evaluate established practices in order to encourage greater communication.

      Added: April 2023

    • HC-3.5.7

      The risk committee must, at minimum:

      (a) Recommend the appointment or removal of the Chief Risk Officer (CRO) or equivalent. The licensee must also discuss the reasons for removal with the CBB;
      (b) Discuss all risk strategies on both an aggregated basis and by type of risk and make recommendations to the Board, and on the risk appetite;
      (c) Ensure that:
      i. Risks are identified, measured, aggregated, controlled, mitigated, monitored and reported on an ongoing basis across all business lines, the licensee as a whole, its subsidiaries and overseas branches (if any);
      ii. Risk identification and measurement include both quantitative and qualitative elements;
      iii. Each key risk has a policy, process and controls;
      iv. The licensee has sufficient and robust management information system and policies, supported by appropriate control procedures and processes, designed to ensure that the licensee’s risk identification, measurement, aggregation, controlling, mitigation, monitoring and reporting capabilities are commensurate with the licensee’s size, complexity and risk profile. The sophistication of the licensee’s risk management information system and internal control infrastructure must keep pace with changes to the licensee’s risk profile, the external risk landscape and industry practices;
      i. The licensee’s risk management infrastructure, including a sufficiently robust data infrastructure, data governance and architecture and information technology infrastructure keeps pace with developments such as balance sheet and revenue growth, increasing complexity of the licensee’s business, risk configuration or operating structure, geographical expansion, mergers and acquisitions, or the introduction of new products or business lines;
      ii. Senior management has in place processes to promote the licensee’s adherence to the approved risk policies and risk appetite;
      iii. The licensee’s policies must determine the key management decisions that must be taken by more than one person;
      iv. The licensee has an adequate communication within the licensee about risk, both across the organisation and through reporting to the Board and senior management;
      v. The licensee has a strong risk culture that promotes risk awareness and encourages open communication and challenge about risk-taking across the organisation as well as vertically to and from the Board and senior management; and
      vi. The licensee has adequate escalation procedures on risks related matters.
      (d) Advise the Board on the licensee’s risk appetite, overseeing senior management’s implementation of the RAS, reporting on the state of risk culture in the licensee, and interacting with and overseeing the CRO;
      (e) Oversee the strategies for capital and liquidity management as well as for all relevant risks of the licensee, such as credit, market, operational, rate of return risk in the banking book and reputational risks, to ensure that they are consistent with the stated risk appetite;
      (f) Commission every five years a quality review of the effectiveness and efficiency of the risk management framework and function by a third-party consultant, other than the external auditor. The results of such independent review must be provided to the CBB by 31st May of the relevant year. More specifically, an Islamic bank licensee must undertake reviews referred to above with regards to the following individual areas that are relevant to the risk management framework:
      i. ICAAP Framework referred to in Module IC;
      ii. Capital adequacy requirements under Module CA;
      iii. Recovery and resolution planning (RRP) and related documents referred to in Module DS;
      iv. Credit risk management framework and compliance with Module CM;
      v. Operational risk management framework and compliance with Module OM;
      vi. Stress testing framework included in Module ST;
      vii. Liquidity risk management framework and compliance with Module LM; and
      viii. Compliance with Module RR.
      (g) Receive regular reporting and communication from the CRO and other relevant functions about the licensee’s current risk profile, current state of the risk culture, utilisation against the established risk appetite and limits, limit breaches and mitigation plans.
      Added: April 2023

    • HC-3.5.8

      There must be effective communication and coordination between the audit committee and the risk committee to facilitate the exchange of information and effective coverage of all risks, including emerging risks, and any needed adjustments to the risk governance framework of the bank.

      Added: April 2023