In our previous post we had covered the types of risks faced by a micro finance which can be read at Microfinance Risks – Part 1
Given below is Part 2 of this series.
Operational risk relates to the risks emanating from failure of internal systems, processes, technology and humans or from external factors such as natural disasters, fires, etc. Basel Committee on Banking Supervision defines operational risk as “the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events”. Earlier, any risk, which was not categorized, as credit risk or market risk was considered to be operational. However this was a vague definition of operational risk. As per the new definition strategic risk is not considered under Operational risk.
Operational risk has gained a lot of importance over the years with increased used of technology and also recognition of importance of human resource in the success or failure of enterprises. Another facet of operational risk is that it cuts across all departments, as human resource and technology are central to all departments. Technological interventions are now something very perceptible in all walks of our life including in banking and finance.
Today financial markets and banking has changed dramatically with lot of reliance on technologies such as ATM, e-banking, tele-banking, credit cards, etc. Secondly, over the years industries across world have recognized the importance of human resource. Human Resource departments within enterprises have gained a lot of importance. Companies now believe in investing g in employees, their capacity building, employee retention, benefits and perks. Salaries and other benefits in India have risen dramatically in the last one decade. This clearly shows that human resource is getting the due recognition and importance that it commands.
To this larger change, micro-finance industry is no exception. Micro-finance has seen its own share of technological advancement. From use of computers for simple desk jobs to the use of advance software, introduction of swipe cards and biometric MFIs have witnessed changes in the IT usage. Strong internal processes, systems, good human resource and preparedness against external events are needed for managing the operational risk.
Operational risk is enhance by increased dependence on technology, low human and business ethics, competition, weak internal systems, in particular weak internal controls.
The Operational risks that an MFI faces can broadly be categorized into five categories.
a) Human risks ; Errors, frauds, collections, animosity.
b) Process risks ; lack of clear procedures on operations suchg as disbursements, repayments, day to day matters, accounting, data recording and reporting, cash handling, auditing.
c) System and technology risks ; failure software, computers, power failures.
d) Relationship risk ; client dissatisfaction, dropouts, loss to competitions, poor products.
e) Asset loss and operational failure due to external events; loss of property and other assets or loss of work due to natural disaster, fires, robberies, thefts, riots etc.
As we discussed earlier human resource plays a key role in success or failures of enterprises. An organization with good human resource can meet most challenges effectively whereas weak human resource enhances the operational risks. Human resource is a complex subject. The issue of keeping employees motivated and to encourage them to be honest and uphold integrity and values is something very subjective and does not have any unique solution. MFIs have to deal with large number of small loan clients and this requires them to keep more number of employees with diverse skill sets at various levels.
These employees are expected to mange cash as well as records, which could be manual, or on computers. Managing these operations of the field with set of staff who have limited education qualification is a challenge of enhances operational risk. MFIs mostly transact in cash, which increases the probability of frauds, misappropriation either by employees or even by clients.
Frauds consist of intentional embezzlements and misappropriations careered out by the staff or client of an MFI. Frauds may vary in degree and the extent of financial damage caused to the MFI. But irrespective of the size of fraud, it brings disrepute to the MFI and threaten the credibility of the organization. Frauds can be caused by simple embezzlement of the organizations money to more complex thefts and misappropriations in nature, which can go on unnoticed for a long period of time. Some of the most common frauds in MFIs are field staff taking bribes for loans, creating fake clients, misreporting information, fudging data and forgery. Most often it has been seen that frauds occurs a result of weak monitoring and audit systems. Staff or clients tend to take advantage of the gap between the senior officials and the field and hence manipulate the situation to their personal advantage.
Similarly, an employee may commit loss to the organization by lack of knowledge, capacity or by error. Human errors can occur anytime at any place. There could be errors in record-keeping, data entry, accounting, MIS, etc. Generally, the field staff of MFI are people with limited education qualification or computer sills making them prone to such errors. Regular training of staff and careful monitoring are therefore very important in micro-finance institutions. Lack of training or monitoring escalates the operational risk due to errors, which are although unintentional but can nevertheless but can nevertheless bring loss to the organization.
Humans can also be destructive sometimes. Employees against whom an action has been taken by the MFI may turn hostile and start working against the organization. They may spread rumors in the community, instigate people, may create problems in the working of the organization in field, may deliberately misreport data, etc.
Process is designed sequence of actions to be taken by different components of a system so that the system can work effectively. In simple terns it means the systematic actions to be taken as part of regular activities for accomplishing various functions. Lack of clearly defined process within an organization can result in confusion, conflicting g actions, duplicity of work resulting in loss of time and other resources. If an organization does not have clearly defined processes, different staff may take different actions to same situation resulting in conflicts and sometimes serious consequences.
Lack of internal processes or inadequacy of the process also weakens the internal control as there are no set parameters against which an action of a staff can be judged. Weak internal systems such procedures for loan disbursement, collection, reporting cash handling etc. Can lure staff and clients to take advantage of the weakness and result in frauds and misappropriation. Lack of standard policies complicates work, as there could be variances in record keeping and reporting making consolidation difficult and to get as there could be variances in record keeping and reporting making consolidation difficult and to get information on time. This impacts decision-making and ultimately results in overall management failure.
Strong internal management systems such as cash planning, cash handling, disbursement procedures, internal checks – monitoring and audits help in managing process related operational risks.
System and Technology Risk
As MFI becomes more and more dependent on technology such as computers, software, hand-help devices, etc. it also enhances their technology related operational risk. Hard disk crash, virus attacks, software or hardware failures, password misuse can impact MFIs to different degrees based on their extent of dependence on technology. MFIs working in rural areas often have to face other such risks as long power cuts which can again disrupt normal operations if proper alternative arrangements such as generators or invertors are available.
To manage this it is important to have proper software backup policies in the organization. It is necessary to invest in updated software and anti-virus, protecting computers from misuses, restricting accesses and limiting authorization of data access to different levels of staff. Daily back ups and storing back-ups at different locations can help in managing such risks. While designing software it is necessary to have strong security features, which can prevent data tempering. A good and efficient process of troubleshooting can help in addressing software or hardware related problems, which can prevent MFIs from losing valuable data or data theft.
Clients are very valuable for MFIs. With competition more and more clients have options of choosing one MFI over another. Loss of clients or high drop out is a big cost to the MFIs. MFIs invest a lot of time and money in identifying clients, training them and nurturing them. Therefore loss of clients results in resource loss, which has been invested on these clients and hence is a big risk. MFIs are increasingly realizing the importance client relation. It is important to be sensitive to client requirements clients can drop out on account of poor products, unfavorable policies and procedures, poor staff behavior or a strong competitor.
As the sector becomes more competitive importance of strong client relation and meeting client requirement will only gain more significance. Managing good client relations can help the MFIs is not only managing this risk but turning it into an opportunity to maximize profits by not losing to competition and building client loyalty and instead attract clients from the competitors.
Basis for effective relationship management is collecting, regularly information about the clients’ satisfaction. This appears to be costly and has not been done by most MFIs so far. However, as MFI-staff interact much more regularly with their clients than other financial institutions do, this offers vast opportunities to “drop” question on satisfaction which are simple and not burdensome.
The greatest opportunity to learn about client satisfactions and to forge a strong relationship is through complaints, though. Most companies do miss the chance of complaint handling. So do MFIs. But complaints are a great opportunity, because it means that a client comes fully self-motivated and willing to convey his feeling s and perceptions of the MFI’s services. It is a kind of information that field staff and managers alike otherwise rarely get hand s on. Therefore, well managed MFIs encourage clients to voice their grievances and provide channels for addressing them.
Asset Loss and Operation Failure Due to External Events
There are various external factors, which are direct threat to an MFI. Such threats may include fire, natural disasters such as floods, draughts, earthquake, tsunami, epidemic etc. There could be other human related external threats as well such as robbery, thefts and rots. Such events although low in probability can cause high damage to the property of the MFI as well as can hamper normal operations for an extended period if time. Such risks can be managed through a variety of strategies. Natural disasters have the capacity to cause very high impact. Natural disasters not only adversely impact the infrastructure such as roads, telecommunications, which will ultimately hamper the MFIs working. Even if a natural disaster has not affected the infrastructure of an MFI directly it may completely destroy client business, which will ultimately result in loss for the MFI.
Riots, wars, communal problems can quite significantly impact the operations of an MFI as such situations may bring an MFI to a complete halt. Riots and other such situation are directly related to the issue of personal security of the staff as well as of the clients and hence are serious risks.
An MFI must keep its portfolio diversified to limit its loss on account of such external factors. If cases of robberies or thefts are common then it is better to transfer risk through insurance, cash carrying by staff can be limited and there can be polices on cash limits at branch. Again insurance for cash in branch or cash in transit can be taken by working out the cash benefit. Insurance involves payments of premium hence it is necessary to evaluate probability of such incident, potential loss possible against the premium the MFI has to pay.
If potential losses or chances are high then it is better to take insurance. For dealing with fire or riot situation MFIs may have standard operating procedures, which could be stepwise set of rules to be followed under such emergency situation. This will help the staff to react in a more coherent manner and can control loss due to frivolous action taken by any staff under emergency. Personal safety and security of staff and client has to be given priority. Keeping backups at alternative places can help in preventing data loss and small fire extinguishers, fire proof vaults and help in controlling losses. Policies on storage and custody of important documents such as checkbook, client documents, cash etc., can again control losses.