Home & Garden

Building an Islamic Financial Information System Based on Policy Managements

Description
For many banks and customers in the Middle East and Islamic world, the availability and the ability to apply Islamic Shariah rules on financial activities is very important. In some cases, business and technical barriers can limit the ability to
Categories
Published
of 12
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  13  Building an Islamic financial information system 4  based on policy managements 5  Izzat Alsmadi  a, * , Mohammad Zarour  b 6  a Computer Science Department, Boise State University, 1910 University Drive, Boise, ID 83725, United States 7  b College of Computer Science and IT, Prince Sultan University, P.O. Box 66833, Rafha Street, Riyadh 11586, Saudi Arabia 8  Received 29 March 2014; revised 27 June 2014; accepted 6 November 2014 911  KEYWORDS 1213  Islamic financial systems; 14  Islamic banking; 15  Policy managements; 16  XACML Abstract  For many banks and customers in the Middle East and Islamic world, the availabilityand the ability to apply Islamic Shariah rules on financial activities is very important. In some cases,business and technical barriers can limit the ability to apply and offer financial services that areimplemented according to Shariah rules.In this paper, we discuss enforcing Shariah rules from information technology viewpoint andshow how such rules can be implemented and enforced in a financial establishment. Security autho-rization standard XACML is extended to consider Shariah rules. In this research XACML archi-tecture, that is used and applied in many tools and system architectures, is used to enforceShariah rules in the banking sector rather than its srcinal goal of enforcing security rules wherepolicy management systems such as XACML are usually used.We developed a model based on XACML policy management to show how an Islamic financialinformation system can be used to make decisions for day to day bank activities. Such a system isrequired by all Islamic banks around the world. Currently, most Islamic banks use advisory boardsto provide opinions on general activities. The gap between those high level general rules and deci-sion for each customer business process is to be filled by Islamic financial information systems.The flexible design of the architecture can also be effective where rules can be screened and revis-ited often without the need to restructure the authorization system implemented. Authorizationrules described here are not necessarily the perfect reflection of Shariah opinions. They are onlyshown as a proof of concept and a demonstration of how such rules can be written and imple-mented. ª 2015 The Authors. Production and hosting by Elsevier B.V. on behalf of King Saud University. ThisisanopenaccessarticleundertheCCBY-NC-NDlicense(http://creativecommons.org/licenses/by-nc-nd/4.0/). 1718 1. Introduction 19 According to Islamic Shariah, there are certain rules and reg- 20 ulations that should control financial activities between money 21 lenders and borrowers before making it legal from religious 22 perspectives to prevent Riba (El-Gamal, 2000; Ahmad, 23 1995). Recently, Islamic banking witnessed huge investments *Corresponding author.E-mail addresses: izzatalsmadi@boisestate.edu (I. Alsmadi),mzarour@cis.psu.edu.sa (M. Zarour).Peer review under responsibility of King Saud University. Production and hosting by Elsevier Journal of King Saud University – Computer and Information Sciences (2015)  xxx , xxx  –  xxx King Saud University Journal of King Saud University – Computer and Information Sciences www.ksu.edu.sawww.sciencedirect.comhttp://dx.doi.org/10.1016/j.jksuci.2014.11.0011319-1578  ª  2015 The Authors. Production and hosting by Elsevier B.V. on behalf of King Saud University.This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/). JKSUCI 159 No. of Pages 1223 June 2015 Please cite this article in press as: Alsmadi, I., Zarour, M. Building an Islamic financial information system based on policy managements. Journal of King SaudUniversity – Computer and Information Sciences (2015), http://dx.doi.org/10.1016/j.jksuci.2014.11.001  24  worldwide (McLean, 2013). Islamic banking is not limited to 25  Islamic countries but spread over other countries such as the 26  United States, Europe and the Far East (Imran et al., 2011). 27  The customers of Islamic banks are not limited to Muslim ones 28  only, they are well-received by non-Muslims as well, see for 29  example Abdullah et al. (2012). This can be referred to the fact 30  that Islamic banking through its various products and services 31  promotes equity (Dhumale and Sapcanin, 1999). 32  Despite widespread Islamic banking and its services, nowa- 33  days, Islamic banking is facing several challenges, some of  34  them are technology independent that are related to regulatory 35  issues, awareness and Shariah aspects, see for example 36  Al-Omar and Iqbal (1999), Akhtar and Talreja (2012) and 37  Karbhari et al. (2004). Other challenges are related to how 38  to enforce Shariah rules in the day-to-day banking operations. 39  As stated in ITS (2011) ‘‘One of the greatest challenges in 40  launching an Islamic bank is having access to a well- 41  established independent and active Shariah board. While this 42  process can be rapidly increased by utilizing already existing 43  Shariah boards, it is the implementation of the Shariah board’s 44  rulings into the day-to-day running of banking operations, 45  product development and product rollout that serves as the 46  greatest hurdle to Shariah compliant operations and 47  transformation’’. 48  Accordingly, one of the main challenges is related to the 49  nature of such rules and how to present them to the banking 50  or financial systems in a proper format. This can be related 51  to the different levels of abstraction between religious codes 52  of conducts and what is permitted or not. A second challenge 53  which is also related to the different religious opinions is par- 54  ticularly related to some transactions and whether they are 55  religiously legal or not and how could such rules be applied 56  to real cases. Those for example can receive conflicting opin- 57  ions from the different scholars. For more information about 58  Islamic financial products and challenges facing Islamic bank- 59  ing see El-Gamal (2000), McLean (2013), Imran et al. (2011), 60  Siddiqi (2006), Hassan et al. (2013) and Hassan and Lewis 61  (2007). 62  This research paper is focusing on another dimension (i.e. 63  third challenge) that is related to technical challenges of imple- 64  menting or enforcing Shariah rules in financial institutes’ daily 65  activities. Few research contributions were conducted to take 66  this to technical levels not only from financial perspectives, 67  but also from information technology perspectives. For exam- 68  ple, it is important to automate or semi-automate banking sys- 69  tems, with little human intervention to understand Shariah 70  rules, how can these rules be implemented and where should 71  they be applied. 72  Focusing on the last technical challenge, an information 73  system (proposed) is then expected to handle these three obsta- 74  cles or challenges to be a good candidate solution. 75  In this context, this research work proposes using XACML 76  (the Extensible Access Control Markup Language) from 77  OASIS Committee (2013) to enforce Shariah rules in the bank- 78  ing sector. XACML is a standard for access control policy 79  implementation and management. 80  The remainder of this paper is organized as follows: 81  Section 2 presents briefly the concept of Islamic banking or 82  finance. Section 3 illustrates the XACML language and its 83  architecture. Section 4 presents the related work. Section 5 84 discusses the use of XACML to enforce Islamic policies. 85 Section 6 presents the conclusion and future work. 86 2. Islamic banking or finance 87 The general definition of Islamic banking or finance is that the 88 banking or financial system is abided by Islamic financial rules 89 or rules that are related to monetary issues. For example, 90 Islamic Sharia prohibits what is called ‘‘Riba’’. This is where 91 the money lender has a fixed, inflating or floating amount of  92 money on the money borrower. This is particularly forbidden 93 when money is borrowed and returned. This can be applied to 94 gold or silver where the same type is borrowed and returned. 95 Sharia then prohibits this loan process. Modharaba in Sharia 96 is the process where the money lender is subjected to loss 97 and gain and the process does not always guarantee lender 98 gain in all scenarios. This is then called a risk-sharing rather 99 than risk-free transaction. 100 Sharia also prohibits money inflation (e.g. accumulative 101 interest rate) where the loan amount increases if the borrower 102 delayed the payment process. The added amount to the loan 103 should be fixed through the whole period. 104 There have been some trials to generalize Islamic banking 105 in comparison with traditional banking. For example, an arti- 106 cle posted in the website (AlBaraka Bank Group) indicated 107 four principles for Islamic banking: Prohibition of Interest or 108 Usury, Ethical Standards, Moral and Social Values, and 109 Liability and Business Risk. Most Islamic banking systems 110 or entities include policy guidelines on how to deal making 111 sure that transactions are conducted according to Islamic 112 financial rules. See for example, Islamic Financial rules of  113 Dubai Financial Services Authority (DFSA) (The Islamic 114 Finance Rules (IFR), 2013). 115 Islamic banks in Muslim countries claim to follow Sharia 116 laws and guidelines. However such processes cannot be 117 audited or verified on a daily basis or for each transaction 118 since such processes depend on human domain experts or 119 on those who work as religious advisors for the banks. 120 Hence there is a serious need to build a knowledge manage- 121 ment system through which all Sharia rules can be docu- 122 mented, interrogated, evaluated, etc. Our proposed Sharia 123 policy management system can be either part of the 124 Islamic finance knowledge management system or one of  125 its components. 126 As the first step in the Islamic policy system, we will 127 describe the major general agreed upon financial processes 128 (in the following subsections) that are currently implemented 129 by most Islamic banks. Those high level concepts will be used 130 as parents or even grandparents of the policy management sys- 131 tems. In policy terms, those will be considered as (Policy_Sets) 132 where many policies can be generated as children of those that 133 we will call for now policies. Names and details of the follow- 134 ing Islamic financial activities are taken from a wide range of  135 Islamic resources through the Internet, see for example 136 Islamic Development Bank and Institute of Islamic Banking 137 and Insurance, where the first website is for the Islamic devel- 138 opment bank that is established from many countries to spon- 139 sor Islamic banking and finance in general and the second 140 website is for a non-profit organization established in UK with 141 the general goal of establishing an Islamic banking system. The2 I. Alsmadi, M. Zarour JKSUCI 159 No. of Pages 1223 June 2015 Please cite this article in press as: Alsmadi, I., Zarour, M. Building an Islamic financial information system based on policy managements. Journal of King SaudUniversity – Computer and Information Sciences (2015), http://dx.doi.org/10.1016/j.jksuci.2014.11.001  142  website or organization has its own magazine (NewHorizon 143  Magazine) and books published in this specific field. 144  2.1. Modharaba or profit sharing 145  A basic principle or even policy that many of those policies 146  are extracted from is that in Islamic money cannot be bor- 147  rowed for money. In Modharaba, both the bank and the cus- 148  tomer can invest money with the other side or partner (e.g. 149  the bank or the customers). The business process will then 150  be subjected to gain and loss and each partner will be 151  affected by either case. Usually the money investor partner 152  will lose the money and the other partner will lose the effort 153  or time. 154  2.2. Mosharaka or joint venture 155  This is somewhat similar to profit sharing where investors can 156  contribute to a new business with their money, support, place, 157  equipment and the other partner with the idea, the effort, etc. 158  The main idea from Islamic Sharia perspective is that both 159  partners are subjected to winning or losing money (aka risk 160  sharing rather than risk free for one partner). 161  2.3. Murabaha or cost plus 162  In most cases Murabaha refers to the cases where customers 163  decide to invest their money with the bank. The bank can 164  use the money for building houses, buying lands, establishing 165  businesses, etc. The profit or loss that comes from such invest- 166  ment can then be shared with the customers based on their 167  investment amount. 168  2.4. Wadeea’a or safe keeping 169  In those cases, the customers hold their money in the bank as 170  Wadeea’a for safe keeping. The amount of money is fixed and 171  does not inflate with interest as in other typical banking sys- 172  tems (aka checking not saving accounts). 173  2.5. Ijar or leasing that ends with ownership 174  This is usually used when customers buy apartments or 175  houses. A partnership is formed between both partners where 176  each one will pay a certain amount of money to buy the 177  apartment or the house. The bank usually pays the majority 178  of the capital and hence the customer pays money to the 179  bank for renting of their part of the apartment. The rent 180  amount keeps decreasing as the customer share keeps increas- 181  ing with the bank share decreasing. Some Islamic banks or 182  scholars may still not agree on this process or some of its 183  details. 184  2.6. Gardh Hassan or free loan 185  Some banks offer to their customers loans with no interest at 186  all. In some cases, processing fees are accepted as they are 187  not considered as add-ons on the capital but as loan processing 188  fees. 189 2.7. Bai-Assalam 190 A contract is made between a buyer and a seller. The buyer 191 pays money in advance for some goods that will be received 192 later on. This is usually applied to crops. For the process to 193 be Islamically legal, the sold items should be specified in detail. 194 2.8. Rent or Ijar 195 Islamic laws legalize rent with conditions that rent should spec- 196 ify not only the payment amount but should also specify the 197 period. The rent can be not only for a house, car, land, apart- 198 ment, but it can be also for a service or for using some equip- 199 ment or material. 200 2.9. Sokook or Islamic bonds 201 Sokook are financial certificates that have no interest. The 202 money in such a process can be utilized under one of the legal- 203 ized activities mentioned earlier. 204 2.10. General loans 205 Islam legalizes loans in general within certain conditions. As 206 mentioned earlier money cannot be borrowed and returned 207 as money. Same thing is applied for gold or silver. Typically 208 if a customer for example decides to take a loan from an 209 Islamic bank to buy a car, the bank should own the car first 210 and pay its capital completely. The customer can then buy 211 the car from the bank under a typical loan process. Further 212 interest is fixed and decided at once and cannot then be chan- 213 ged. Nonetheless, most Islamic banks recently modified this 214 scenario and allowed customers to refinance in certain times 215 and under certain conditions. 216 3. XACML 217 XACML is an XML-based standardized language which is 218 developed to replace application specific and proprietary 219 access control policy languages (Liu et al., 2011). It is also con- 220 sidered a security policy creation and management application. 221 XACML includes components to define a security policy to 222 access computer resources (e.g. a data base, an application, 223 and a web service). It also includes rules to specify users and 224 their permissions or privileges. Fig. 1 shows XACML autho- 225 rization elements including: Policy component, policy set, pol- 226 icy, policy administration point, rules, targets, actions, 227 resources, subjects and environments. Details on those compo- 228 nents and their rules can be found in XACML documenta- 229 tions. We will, later on, describe these components with a 230 context example related to the paper subject. 231 Fig. 2 below shows a context diagram for XACML show- 232 ing its major architectural components. The figure shows that 233 XCAML develop, regulate, implement and test rules through 234 four components: PAP, PDP, PEP, PIP. 235 1. Policy Administration Point (PAP). This includes the man- 236 agement component that includes policies’ repository. 237 Different rules can be written in one or more policies that 238 are stored and managed by PAP.Policy management based Islamic financial information system 3 JKSUCI 159 No. of Pages 1223 June 2015 Please cite this article in press as: Alsmadi, I., Zarour, M. Building an Islamic financial information system based on policy managements. Journal of King SaudUniversity – Computer and Information Sciences (2015), http://dx.doi.org/10.1016/j.jksuci.2014.11.001  Figure 1  XACML policy authorization elements (conceptual diagram) (A. El-Gamal, 0000). Figure 2  XACML context and data flow diagram (Committee, 2013). 4 I. Alsmadi, M. Zarour JKSUCI 159 No. of Pages 1223 June 2015 Please cite this article in press as: Alsmadi, I., Zarour, M. Building an Islamic financial information system based on policy managements. Journal of King SaudUniversity – Computer and Information Sciences (2015), http://dx.doi.org/10.1016/j.jksuci.2014.11.001  239  2. Policy Enforcement Point (PEP). This is the interface of the 240  whole XACML to the system or the users. It receives access 241  requests and evaluates them with the help of other compo- 242  nents (especially PDP). Decision to permit or deny access to 243  the subject resource is then taken and communicated to the 244  user by PEP. 245  3. Policy Decision Point. This is the decision engine for access 246  request. Data are collected by PDP from other compo- 247  nents. The component includes an analysis system or com- 248  ponent to make inference decisions. 249  4. Policy Information Point (PIP). This represents the mem- 250  ory or the kitchen where all necessary information from 251  other components, resources, or environment are collected 252  and processed. 253  5. Fig. 2 shows also the steps to make the decision starting 254  from access request step by users or access requesters till 255  making a decision (response) and also decision related obli- 256  gations. Obligations are related to making some alternative 257  choices. For example, a user with a guest account who is 258  searching for items in an e-commerce system is permitted 259  to search and to temporarily reserve items. However, if  260  the user wants to buy an item, the response will be the 261  denial of access to the resource (e.g. check out resource/ser- 262  vice). Obligation canthen for example be offered to the user 263  to alleviate their account or switch to another account with 264  the proper user privilege. 265266  4. Related work 267  XACML (OASIS Committee, 2013), represents the most effec- 268  tive and accepted solution for controlling access in distributed 269  environments (Ardagna et al., 2009). Many products are using 270  and deploying XACML (OASIS Committee, 2011). Several 271  models based on XACML are used to define access rules, for 272  instance Role-Based Access Control (RBAC) is used to enforce 273  policies (Sohr et al., 2008; National Standards Institute Inc., 274  2004; Sandhu et al., 1996; Lampson, 1971). Another model is 275  known as Attribute Based Access Control (ABAC) where the 276  access control decisions are made based on a set of attributes, 277  see for instance (Yuan and Tong, 2005; Kuhn et al., 2010; Shen 278  and Hong, 2006). Controlling access to security-critical sys- 279  tems used by organizations, such as financial institutes, hospi- 280  tals, and military organizations without violating the 281  underlying access control policies is a challenging task (Sohr 282  et al., 2008). 283  XACML is used at large enterprises such as: Bank of  284  America which is also one of the main contributors to 285  XACML (OASIS Committee, 2013). Pardal et al. (2012) 286  showed the utilization of XACML authorization for the trace- 287  ability of supply chain activities. A tool is developed to utilize 288  XACML information and audit policies in Wegdam (2012) 289  where Attribute Based Access Control (ABAC) policies were 290  derived by the banking need for mobility and the cloud. The 291  presentation in Wegdam (2012) showed a case study of using 292  XACML in a Dutch bank as a pilot study. The case study 293  showed the feasibility of applying such policy management 294  in banking systems. Key advantages sought include: 295  Centralization of taking authorizations from applications in 296  one central point. Attributes of security are important and 297 should be enhanced in XACML to work well for dynamic 298 attributes and not only to static ones. 299 Islamic banking and finance are emerging more and more 300 as viable alternatives to conventional interest-based banking 301 and financing (Siddiqi, 2006). The rules and regulations of  302 Islamic finance have been extensively studied in the literature 303 see for example Ahmad (1995), Dhumale and Sapcanin 304 (1999), Siddiqi (2006), Hassan et al. (2013), Beck et al. 305 (2013), Errico (1998), Ahmed (2013) and Samad et al. (2005). 306 Despite that, Islamic banking is rarely investigated from the 307 technical perspective especially from information technical 308 design and modeling viewpoints. Islamic banking information 309 systems (IBIS) are information systems that include within 310 their architecture and design rules to agree with Islamic regu- 311 lations. In most Islamic banks however, these rules are under- 312 stood and applied by humans and not machines. Accordingly, 313 one of the main challenges facing Islamic banking nowadays is 314 having access to a well-established independent and active 315 Shariah board (ITS, 2011). Currently, active boards provide 316 policies that control the Shariah compliant in general. 317 Performing this task on day-to-day banking operations and 318 transformations is very challenging. 319 In general, there is a wide spread agreement on the need for 320 current banks in the Islamic world to be able to handle system- 321 atically financial transactions that are approved by Shariah 322 regulations (Hassan and Lewis, 2007; Errico, 1998; Ben-Arab 323 and Anas, 2008). Islamic Development Bank (IDB) has been 324 leading an effort recently to develop systems according to such 325 regulations (Islamic Development Bank; Islamic Research and 326 Training Institute). The research proposals focus on investigat- 327 ing traditional banking activities and determine what necessary 328 changes are required in the whole banking system framework 329 to be changed to accommodate these regulations. The 330 approach should also absorb Islamic financial activities’ spe- 331 cialties without losing the connection with the general world- 332 wide banking systems. 333 The research work presented in our paper aims to use 334 XACML to develop banking policies that are compliant with 335 Shariah rules and can be used effectively for day-to-day bank- 336 ing operations. 337 5. Using XACML to enforce Islamic policies 338 We claim that this is the first paper to try to tackle the techni- 339 cal issues of Islamic banking with a solution model. In partic- 340 ular, we proposed using a policy management framework 341 (XACML) for: Designing, enforcing and evaluating a financial 342 system where Islamic Shariah laws will be used as part of this 343 financial system. We will demonstrate the proposed system 344 using several examples of Shariah laws and how can they be 345 implemented, enforced and evaluated. Ultimately, the goal is 346 to collect all required information to the components described 347 in XACML class and context diagrams shown earlier. This 348 information can be completed with the assistance of expert 349 domains from both religion and financial sectors. In the fol- 350 lowing section, we will continue focusing only on the techno- 351 logical design aspects of the proposed system.Policy management based Islamic financial information system 5 JKSUCI 159 No. of Pages 1223 June 2015 Please cite this article in press as: Alsmadi, I., Zarour, M. Building an Islamic financial information system based on policy managements. Journal of King SaudUniversity – Computer and Information Sciences (2015), http://dx.doi.org/10.1016/j.jksuci.2014.11.001
Search
Tags
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks