So far we have discussed about the various risks in the Microfinance Sector that affect an MFI. They are
However, we are still not done with all the risk categories and in this last section we shall disucuss about another important risk called Strategic risk.
Strategic risks are risks related to weak governance, weak leadership, poor strategic decisions as well as risks due to regulatory and administrative reasons. These are high impact risks and can adversely affect the organization for a long-term.
Providing governance is the job of the Board of Directors. It is a process through which Board ensures that the organization achieves its mission. Board directs and guides the management on various strategic issues, designs policies and reviews various reports to see that the organization is on the right way to achieving its vision and mission. However, if the Board of Directors were to take wrong decisions, design poor strategies or fail to review performance or take corrective measures in time, the organization runs. Board has to ensure that regulation s of the land are followed otherwise the organization may go out of the regulatory framework prescribed by the government and jeopardize the existence of the institution.
For providing good governance it is very important that the individual Directors of the Board are themselves well qualified and experienced and have clarity about the mission of the organization. The Directors themselves have to be convinced with the mission. The Directors have to work as a cohesive unit, if there are conflicts among the Directors then the Board will not be able to provide right direction to the MFI.
As the MFI s evolve into structured organization, Strategic risk gains more and more importance. Since MFIs have to deal in issues of varied nature it is advisable that MFIs have Directors who also have diverse skills. There could be a mix of people with social, finance, banking and law background. An important aspect of micro-finance business is that although MFIs strive to become sustainable profit maximization is generally not the objective. The Board and the top management of the MFIs have to strike a balance between social objectives and commercial viability of an MFI. Therefore, it is necessary that the Board have people who can appreciate this kind of mission. If the Board cannot appreciate this kind of mission then there is a high probability that the MFI can from its mission.
Another very important aspect of strategic risk is regulatory risk. Regulatory risk refers to risk on non-compliance of the legal requirement as prescribed by the regulations. Micro-finance in India have mostly evolved from the not-for-profit societies or Trusts, which are not strictly regulated as compared to finance companies. As the MFIs grow in Societies and Trust may not be a suitable legal from the carrying out Micro-finance. MFIs are aware of this is why we now see many MFIs transforming from one legal entity into another for the sheer reasons of controlling the regulatory risk by adopting the suitable legal form. MFIs have option to co-operative, not-for-profit Company or non-banking finance company. It is a strategic choice for the MFI to adopt a correct legal form, which is most silted to its vision and mission and enables it to do what it is meant for.
Here again Board has an important role to play in deciding the suitable legal form for the MFI and to oversee smooth transformation. When the micro-finance started many MFIs were accepting public deposits even though it was not allowed. However, the increasing awareness and the realization of the risk it accompanied had most of the MFIs refund client savings. Regulatory risks are very serious in nature as they can bring the MFI in conflict with the law of the land. It is the responsibility of the top management to comply with all the legal requirements to avoid attracting such risk. It is also good to maintain cordial relations with the authorities by updating them on the MFIs activities.
Another form of strategic risk that has become important in recent times is of Political or administrative interference. As the MFIs are generally dealing with the poor their performance is subject to the scrutiny of politicians, administrators and the civil society. Various stakeholders have different interest in the clientele that MFIs serve. It could be a vote bank for some, while some stakeholders may genuinely be concerned about the protection of basic rights of the vulnerable sections. Issues of interest rate, recovery process, penalties, staff behavior with clients are all very sensitive matters and can easily become big socio-political issues.
Any behavioral lapse or any poor policy on part of MFI can bring disrepute to the institution. There could be violent protest, which can result in loss of portfolio, fixed assets and can even be dangerous from the perspective of staff security. There have been cases in India where MFI staffs have been threatened and offices vandalized over issues of interest rates and MFI staff coercion for repayments. These are risks, which have to be dealt immediately by the top management and the Board. It is also necessary to always be aware of this kind of strategic risk, which can fast spurn out of control.
Strategic risk can also emanate from very rapid growth and expansion. This is quite a pertinent risk in the current scenario with most of the MFIs growing very rapidly. Rapid expansion means going to new areas, recruiting new staff and operating through them, making fast disbursements and also arranging for funds. Fast growth increases the volatility in the system and is therefore risky. Going to new areas or running operations through new staff has its own risk. It is also necessary that all the systems such MIS, internal controls also keep pace with the growth. If the systems do nit keep pace with the rapid expansion it can result in losses.
Also it requires high coordination at the top management particularly between the Operation Manager and the finance Manager. This issue was discussed while discussing liquidity risk. Coordination is also required among other department such as HR, which is responsible for recruitment, training and promotion of staff. With expansion staff has to be fast recruited, trained and promoted. It is important therefore that growth is planned and coordinated. MFI has to ensure that all the systems and funding plans are in place to support rapid growth.
Managing Strategic Risks
In order to manage strategic risk it is necessary for the MFIs to have a clear vision and mission. Many MFIs still do not consider vision and mission statement as important and many consider it just a mere formality. However, it is absolutely necessary for an MFI to clearly define what it wants to achieve. A clear vision can guide the organization and often help it in taking many strategic decisions.
Once an MFI has clarity of it own mission then it has to choose a right kind of Board members who agree with the mission of the organization. The Board should be a mix of people having variety of skills and strengths. They should be able provide strategic guidance when the organization needs to make critical decisions. Board should also be proactive in assessing risk and set the acceptable levels of risk.
Transparency is an important issue, which can help, in managing political and administrative risks to a large extent. MFIs should maintain transparency on its interest rates and other polices. It should also regularly report its information through Annual reports and at other forums. Board device strategies to keep various stakeholders informed about the activities of the organization and direct the management to implement fair policies. MFIs should try and involve and interact with various stakeholders such government authorities, local political lenders and media persons on the organization’s philosophy, its activities and other policies.
Business ethics is another important factor that cannot be comprised with. With micro-finance sector having gained a lot of recognition and is exposed to the larger audience. This makes it indispensable to define ethical behavior and code of conduct while dealing with clients. Any deviation from this should be seriously dealt with. It has to be considered that sometimes strict policies on repayment and staff benefit linked to repayments can also boomerang. While designing such policies it is necessary to be aware of its pros and cons and limitations.
The effect of organization’s policies as well as impact of regular operations has to be monitored Mechanisms within the organization are needed which can provide direct feedback to the management and the Board on the field realities, client satisfaction levels and small issues which can emerge as big strategic threats. There should be immediate response from the top to address sensitive issues of socio-political, regulatory, administrative or communal nature.
With growth in the size of MFIs as well as of the sector the complications also increase making governance increasingly complex. In a big size institutions the stake of all involved parties such equity investors, lenders, regulators also increase and hence Board has to assume greater responsibilities in providing good governance, which only can keep strategic risk under control.
Risk Management Framework
We have discussed the various risks that MFIS are exposed to. We had discussed earlier that risk management is a continuous process of identifying risk and addressing them to keep them under acceptable limits. Also risk managements framework has to be pro-active and forward looking rather than just reactionary. MFIs need to constantly identify the risks and measure them and then design suitable policy intervention to address those risks.
GTZ has come out with an effective risk management framework. According to it a good risk management framework in an organization should have the following features.
• MFI should have processes in its regular operations to identify measure and monitor different types of risks that an MFI is exposed to.
• Should have continuous feedback loop between identification, measure and risk and processes to manage them. In simple terms, there should be processes to identify risk and the repot on this should be provided to departments managing them. Based on this feedback management will improve the process to manage risk.
• Management should consider different risk scenarios and be prepared with some solution if the risk comes true.
• Should encourage cost-effective decision-making and more efficient use of resources
• Create an internal culture of “self-supervision” that can identify and manage risks long before they are visible to outside stakeholders or regulators.
For effective management of risk ‘Risk Management Feedback Loop’, which is a six-step cycle, can be followed. The six steps of the cycle are:
1. Identifying, assessing, and prioritizing risks
2. Developing strategies and policies to measure risks.
3. Designing policies and procedures to mitigate risks.
4. Implementing and assigning responsibilities
5. Testing effectives and evaluating results
6. Revising policies and procedures as necessary
This feedback loop is a management tool and can be followed are various levels. E.g. a Branch Manager can follow the loop for his/her branch while a CEO can follow it at the organization level. The exercise can be done from time to time to take to take stock of the risk scenario and be prepared accordingly. The type of risks identified and their severity will changes from time to time, hence it is necessary to constantly carry out this risk analysis.
This section draws from GTS’s Risk Management Framework for MFIs, July 2000.
Identifying, assessing, and prioritizing risks:
The first step in risk management cycle is to identify different risks. In above sections we had discussed the genepageral categories of risks that MFIs face. However, here specific risks pertinent to the MFI have to be identified. E.g. liquidity, legal compliance, competition, portfolio quality, reputation etc can be identified as the risks for an MFI. Once the risks have been identified it necessary to assess the possibility of the adverse event occurring. Based on this information the MFI has to prioritize the risks. This can be done using a risk management matrix. The MFI can lay down all risks in the form of a risk management matrix, which can help it in prioritizing the risks.
In the risk management matrix MFI lists down all the risks it is exposed to. In the second column of the table above, it tries to assess whether that threat is low, moderate or high for it. In the third column it is assessed that how are the existing risk management system within the organization to counter that threat; whether they are weak, acceptable or strong. The fourth column makes the final assessment on the risk exposure of the organization based on the aggregate of the previous two columns.
If the quantity of risk is high and quality of risk management is weak then the aggregate risk is high. The management needs to take as action as it is exposed to that particular risk and does not have sufficient systems to counter it. The fifth column shows the trend of risk as compared to last time when similar exercise was done. E.g. the first risk Credit Policy and underwriting shows aggregate risk profile as ‘moderate’ and direction as stable. This means that while last time such an exercise was done, the aggregate risk on this parameter was ‘moderate’. Since, it was ‘moderate’ last time and now, the direction is ‘stable’. This means that it is not going up or down. Similarly, in Portfolio monitoring and collection risk profile is ‘high’ and direction is ‘stable’. This is not good as despite being recognized high last time it still remains ‘high’ which is not good.
Effort should be made so that the trend is ‘decreasing’ for high risks and stable for low risks. The direction gives the information that whether the steps taken to counter that risk have yielded sufficient results or not. If the risk profile has been stable at high level or it has been increasing then it is warning for the management to react fast or modify its risk management approach for that particular risk. However if it has been coming down then it is a signal that risk management for that particular risk is in the right direction.
Developing strategies and policies to measure risks: Once the risks have been identified and prioritized the MFI has to design suitable policies to measure these risks. The top management and the board generally set policies for the measurement of risk and the acceptable limits of risk. It is a strategic decision to decide the levels of risk that the organization is willing to take. An organization may take aggressive stand and go for rapid growth in the beginning and way be willing to take the associated risk while another organization may like to have gradual growth keeping the risk profile low. The Board plays a crucial role in designing such strategic and deciding what kind of risks have to be avoided, controlled, accepted or transferred. Cost-benefit evaluations, business targets, capacity to absorb risk and external environment are some of the factors that are taken into consideration while taking decision on risk strategy.
Designing policies and procedures to mitigate risks: Once the policies for risk measurement and acceptable thresholds of risks have been set, the MFIs then have to design policies and systems to mitigate risks. All policies and procedures of each department are documented in the form of manuals. Operation Manual is one of the most important manuals, which documents all the policies and procures for the operation department and plays a vital role in controlling credit and operation risk. All policies related to disbursement, collection, cash handling, cash deposition, cash limits, process of recording, reporting, reconciliation of records, signatories, limits and authorities are to be clearly defined in the Operation Manual.
Similarly, clear policies on human resource regarding recruitment, training, incentive/disincentive systems, disciplinary action, promotions, employee benefits and code of conduct has to defined. Another important manual is on Internal Audit, it is necessary that clear policies on internal audit are developed. It should lay down the policies on frequency of audit, forms and formats for audit, scope of audit, methodology to be followed, samples to be taken and reporting system. Such clearly laid out policies and processes are critical for risk management. Lack of polities results in lack of standards to be followed and in dilution of control.
Implementing and assigning responsibilities: Once the policies have been framed it is very important that they are implemented by assigning specific roles and responsibilities to each staff. Without setting responsibility it is not possible to hold anyone accountable for the lack of implementation or for any deviation. It is also important that policy deviations be taken as a serious issue within the organization. If there are deviations those responsible for implementing such as Branch Manager, Area Manager, Operation Manager, Internal Auditor etc. have to be held accountable.
There should be clear procedures for handling cases of policy deviations. These could be in the form of asking for written explanation, marking in the personal staff file impacting promotion, adversely influencing the incentives, supers ions or even dismissals based on the severity of deviation from the policy. It is also important that any modifications or changes in policies are clearly communicated across the staff and the manuals are regularly updated and copies of manual are made available to staff at all levels.
Testing effectiveness and evaluating results: Once the policies have been implemented the top management has to evaluate the results. It should receive regular information from the field and should evaluate how effective the policies have been in mitigating the risks and whether the policies have been able contain the risks within the acceptable limits or not. MIS and reporting system plays a crucial role in this. Effective MIS can generate timely and accurate repots, which has to reach in appropriate form to different levels. Field information should reach the branch on daily basis. This could be in form of details of groups, new clients formed, dropouts, overdues, etc.
While Area office should get the consolidated branch information. An Area office may have several branches under it, so all the repots of various branches should get added at the area level and to form an area level report. The same information should be further consolidated Area wise to be sent to Head Office. Head Office should also receive this information in reasonable time, which could be weekly. Although with intervention of technology, particularly MFIs working in urban areas can consolidated all information and Head Office can receive it on daily basis. However, even in remote areas, information should reach Head Office can evaluate results and see the effectiveness of its policies. Performance should be reported to the Board, which can then take further actions based on the results. The Board must receive concise reports, which can enable it to understand the overall performance through critical indicators. Report to Board must include.
(i) Details of disbursements, repayments, saving collection – product wise breakups
(ii) New clients formed, drop outs, net growth in borrowers and savers – product wise breakups
(iii) Variance analysis: comparison of targets and achievements and variances
(iv) Portfolio quality PAR with ageing, repayment rates
(v) Profitability: Operation Self-sufficiency, Return on asset
(vi) Trend of ratios: PAR, OSS, Return on portfolio, capital adequacy, staff/branch efficiency
(vii) Funding situation – funds required and current position (debt/equity)
(viii) Financial statements: Balance sheet and income statements
This is the most critical information that must be reported to the Board. In addition to operation reports, Internal Audit report, which is presented directly to the Board, provide valuable feedback on the overall risk environment of the organisation. It enables cross-verification of the operation reports and results being presented to the Board, as Internal Audit is an independent check.
Revising policies and procedures as necessary: If on evaluation of results it is found that the policies and processes have not been effective in managing the risks then they have to be revised and redesigned and then re-implemented. It has to be evaluated whether the policy implementation has brought the risk down to the acceptable levels and has it been working as expected. If the results are not as per expectation then the policies have to be revised and fine-tuned and re-implemented.
The risk management loop is a good tool that can help in proactively managing the risk and keeping them under the limits that the MFI considers acceptable.