Alizz Islamic Bank’s dynamic approach to digital risk
With over three-and-a-half decades of banking experience across three continents, six countries and in multiple languages, Venkatesh Kallur, Chief Risk Officer (CRO) at Alizz Islamic Bank has seen the nature of the industry transformed by the rise of digital banking. “I still recall back in the mid-90s in Toronto, when I had to transfer $1,000 from Canada to my parents in India. It used to take about 15 days and I had to follow up with my bank at least half a dozen times,” Kallur remembers. “Today, I sit in my bedroom, open my tablet or smartphone, trigger a transaction and tomorrow morning the money is in an account on the other side of the world.”
Kallur has watched the advent of online and mobile banking revolutionise financial exchange on a global scale, but at the same time he has borne witness to the proliferation of new challenges and digital risks. From North American financial institutions like American Express and the Bank of Montreal, Kallur has moved to the world of Islamic banking, arriving at Alizz Islamic Bank in August 2017. “One of my biggest strengths has been my ability to adapt to new cultures, new languages and new environments,” he explains. “All along I’ve tried to keep an open mind and focused on how best to collaborate with different people.” This adaptability has served Kallur well throughout a career in an industry that has moved from bricks, mortar and paper records to mobile banking, data analytics and the cloud in a few short decades. We sit down with Kallur to explore the threats and opportunities across the changing face of banking, the nature of risk management in Islamic finance and the ways in which institutions like Alizz Islamic Bank can manage change in an ever-changing world.
Founded in 2013, the Alizz Islamic Bank provides Islamic banking services in the Sultanate of Oman. In contrast to traditional banking, Islamic finance – in accordance with Sharia law – prohibits the charging of interest, also forbidding loans to a business or customer operating in violation of Sharia law (for example, businesses selling alcohol). Instead of collecting interest, Islamic lenders generate revenue from a portion of the customer’s profits while also sharing in any losses. “The principal means of Islamic finance are based on trading, and it is essential that risk be involved in any mercantile activity, so banks and financial institutions will trade in Sharia-compliant investments with the money deposited by customers, sharing the risks and the profits between them,” explains Kallur, who notes that Islamic Banking therefore has to be more risk averse. “In an Islamic bank, there’s the risk of Sharia non-compliance. If a product or a contract we commit to is not Sharia compliant, then that whole source of income is quarantined.” In addition to adapting to a new form of banking, Kallur is constantly working to identify and assess the risks that advances in digital banking may pose to Alizz.
“With the evolution of technology, CROs are faced with increasingly dynamic challenges. Risk management functions will have to reinvent themselves and become enablers and drivers of digital transformation. How banks navigate the risks and opportunities presented by technological innovations will dictate their ability to thrive,” says Kallur. He continues, noting that emerging digital risks also go hand-in-hand with increased competition: “Broader geopolitical, social and environmental concerns are looming larger, as regulatory fragmentation continues and competition intensifies. Fintechs and major technology companies seek traction in profitable parts of financial services, while banks’ strategic options to deliver 11% to 15% return on investment narrow.” He also notes that cybersecurity – protecting information as well as capital – has become top of mind for banks, due the ‘phenomenally’ increased risk created by increased digitization of operations and records. “In the ‘good old days’ we used to take a big black book, sit down and make various entries. You can’t hack into that. Now, in addition to other operational risks, information and cybersecurity risks have emerged into their own threat category.” In order to maintain security, Alizz utilises the ‘three lines of defence’ model: business units, referring to “relationship managers who are managing the risks with their customers”; risk management, Kallur’s purview, which involves harnessing behavioral, predictive and scenario-based analytics; and internal audits, which ensure compliance frameworks and internal controls are appropriate.
One emerging technology occupying a great deal of conversational real estate in the banking space is the adoption of cryptocurrencies and blockchain technology. Kallur acknowledges that “cryptocurrencies can help multinational banks transfer money instead of moving the physical tender”. However, he maintains the skepticism of a risk-assessment veteran. “Cryptocurrencies might give a little bit of operational ease, but they come with their own risks. At this point in time, for example, cryptos are intangible, illiquid and, to a large extent, uninsured. That can lead to extortion and manipulation,” Kallur says, “Don’t get me wrong, I understand the potential, but there is more to do before it can be universalised. It needs to be adoptable, dependable; regular investors –not just the fast movers – need to be protected.”
While CROs like Kallur have less than bullish attitudes to emergent technologies like blockchain, he maintains that the adoption of technology to better process data is at the heart of Alizz Bank’s digital transformation strategy. “With respect to banking in the Middle East, whichever bank that you look at in the region has data quality issues. To me, data is information, information is power, and that's where we should be focusing.” Since starting at Alizz, Kallur has brought in several enhancements in Policy Framework and Credit Underwriting Strategies through Risk Appetite Framework and Target Market and Risk Acceptance criteria, along with required analytics, which provide a 360-degree view of risks at enterprise level, as well as mapping the skillset, bandwidth and the needs of the company through a monthly CRO dashboard.”
Looking to the future, Kallur says: “Information technology, information security and digital banking – be it on mobile phones, computers or tablets – all need to be considered.” He agrees that the introduction of new technologies to any sector results in a shift in the culture of the organisation, but maintains that Alizz is more than equipped to manage change. “Neither change management nor digitalisation are new phenomena,” he says. “However, the variety of technical changes, possibilities and innovations is new, as well as demand for extremely high implementation speed and their extensive spillover effects for the entire organisation.
“This combination has the consequences that various change processes overlap, single-change processes are interrupted, modified or restarted and the organisation thus finds itself in a continuous process of change, if not handled right, thus causing a potential operational risk.” Kallur concludes by noting that, Digital banking is the future. Risk officers have to be prepared. We don’t take blind risks, but calculated ones with a business collaborative approach (risk vs. reward). That’s the nature of my role."
