This chapter investigates the operational risk management and practices of Islamic and conventional banks in Saudi Arabia. Authors employ a sample of four Islamic and eight conventional banks and data gathered through a novel questionnaire administered to senior officers and managers carrying out risk management activity across five aspects of operational risk management: (i) understanding risk, (ii) risk management, (iii) risk assessment analysis, (iv) risk identification, and (v) risk monitoring. The results demonstrate that all of these play an important role in determining the quality of operational risk management. However, risk assessment analysis and risk monitoring are the most influential in determining the overall quality of operational risk management in both conventional and Islamic banks. Overall, conventional banks in Saudi Arabia are better than Islamic banks at operational risk management practices, suggesting the need for careful planning and strategizing, sound recruiting and training policies, and prudent monitoring of capital adequacy by regulators.
TopIntroduction
In banking, operational risk results from the failure to maintain smooth internal processes, the retention of skillful people, and the prevention of losses associated with external negative events. For this reason, operational risk is highly dynamic in nature, relating as it does to the risks associated with changes in regulation, consumer preferences, national, regional and international growth, information technology, and fraudulent and dishonest behaviour, among others. In fact, anything not particularly related to credit and market risk comes under the broad umbrella of operational risk, with several important, severe, and diverse risks arising recently in banking from a large number of potential sources.
These include internal fraud (misappropriation, tax evasion, bribery), external fraud (information theft, hacking, forgery), employment practices and workplace conditions (discrimination, OH&S), and clients, products, and business practice (market manipulation, improper trading, product defects, account churning). Operational risk also encompasses damage to physical assets (natural disasters and terrorism), business disruption (utility, software, and hardware failures) and execution, delivery, and process management (data entry and accounting errors, failed mandatory reporting). Bonson et al. (2008), Anghelache et al. (2010), Sturm (2013), Fiordelisi et al. (2014), Al-Hussaini and Karkoulian (2015), Diallo et al. (2015), Martinez-Sanchez et al. (2016), Peters et al. (2016), Abdymomunov and Ergen (2017), Kaspereit et al. (2017), Barakat (2018), Khalil and Alam (2018) and Zhu et al. (2019) discuss a variety of aspects of operational risk as they relate to banking.
Islamic banks, of course, share many of these operational risks with conventional banks. These have come to the fore for both types of banks since recognised by Basel II as a distinct class of risk outside market, credit and interest rate risk, most logically because unlike these risks, operational risk is neither willingly incurred nor revenue driven. However, financial operations are often more complex in Islamic banks given differences in governance and regulation, and financial agreements more diverse because of a lack of standardised and commonplace contracts. In addition, Islamic banks face unique operational risks arising from the potential lack of adherence of the organisation and its products and services to Shari’ah (Hylmun, 2010). Only through a better knowledge of operational risk management and its practices can banks of all types, but especially Islamic banks with their unique and additional operational risks, hope to survive and thrive.
Unfortunately, there is relatively little empirical work dealing with operational risk in banking, but especially in Islamic banks. One particular problem is that unlike credit and market risk, which are readily quantifiable in banking, operational risk defies parametrization. Basel II recognises this by placing its conceptualisation firmly in the hands of banks themselves. Typically, banks use a macro-level approach to determine the sources of potential loss, including those factors relating to people, processes, systems and external factors (Chutia, 2013). It is clear from this definition the huge potential scope of operational risk as it relates to banking, carrying with it a concomitant problem of conducting operational risk management analysis. This makes the development of a possible classification scheme for this type of risk difficult, with these mostly based on the nature of the risk, the influence of the risk, the expectancy, magnitude and frequency of the loss, and the events, hazards and type of consequence (Hylmun, 2010).