Risk Management Graduation Model & Assessment Process Introduction Location Date Assessor Name Play an Ice Breaker – Name Department Position Number of Years at FI
Co-Facilitators Timekeeper Flipchart Notes (decisions, parking lot, action items) Photos
Agenda (1 Hour) Risk Management Initiative in Microfinance (RIM) What is the Risk Management Graduation Model (RMGM) Risk Management Refresher Definition of risk in microfinance The Risk Management House Institutional Graduation Path Assessor’s onsite agenda Expected outputs Risk Management House self-assessment
Ground Rules Turn off mobile devices Be on time Respect everyone’s thoughts and opinions Discussion of risks is not a reflection of department’s performance Need Flipchart
Risk management Initiative in Microfinance (RIM) Vision: a socially-focused microfinance sector through which clients are protected from the impacts of internal and external risks inherent to the delivery of inclusive financial services. Mission: To facilitate knowledge transfer through awareness building, industry collaboration, and the global adoption and implementation of appropriate risk management standards throughout the microfinance sector. Where RIM started: Initiative started in 2013 Member-based initiative made up of organizations with vested interest in RM (investors, tech. service providers, consulting firms, networks, thought leaders, experts) Open and honest collaboration can make us better off, save resources, etc. Goal is to develop awareness, best practices, and appropriate standards Where RIM is headed Discuss RIM’s strategic plan Review RIM’s website for current members and active working groups Review RIM’s news and events webpage for other information
Risk Management Graduation Model (RMGM) 2 1 Risk Management Graduation Model (RMGM) is a list of risk management guidelines (policies, limits, risk management & monitoring tools) for different levels of institutional development. An MFI can assess its own capacity against the framework to identify risk management capacity building priority areas. Different levels of guidelines exist for different tiers of MFIs – high tiered means more complex guidelines Once tier level has been identified, MFI can then establish the guidelines appropriate to its own institution in various risk management categories and organizational foundations to identify risk management gaps With risk management gaps known, an MFI can then proactively work risk management into strategic planning process and plan accordingly 3
I am here to support you in the process of Identify, Assess, and Strategize the Institutional Graduation Path Responsibility for implementation is the MFI’s, not the Assessor’s Discuss entire process and contextual how RMGM Assessment fits in
How is risk defined in microfinance? RIM defines as “the possibility of adverse events occurring and their potential for financial losses and negative social performance” Key points here are: MFIs have dual missions (social/financial). Cannot look at risk from just a financial perspective. Contrast against traditional view of risk as purely financial - but coming from a single bottom line industry such as commercial banking where profit is central motivation. Social performance relates to the social mission of our business. Each FI's social mission will be different so how we assess risk to social mission will be different.
Responsibility for Managing Risk Management (1st Line) Internal Compliance (2nd Line) Risk Management (2nd Line) Internal Audit (3rd Line) Board of Directors External Audit Regulator Whose responsibility is it to manage these the house? Manage the risks?
Board Responsibilities within Risk Management Process Board member responsibilities Risk management process Approve risk management framework ensuring all current and future risks are being proactively identified by SMT Approve proposed changes to risk policies, procedures, and limits submitted by SMT 1. Identify Risks 2. Measure Risks 3. Define Policies and Limits 4. Mitigate & Manage Risks 5. Monitor Risks 6. Revise Policies, Procedures, and Limits Approve risk management framework, including risk measurement approaches proposed by SMT Oversee institutional performance and ensure risk taking remains aligned with risk appetite Describe risk management process highlighting board responsibilities within the process Contrast board roles within process with that of senior management Approve risk management policy, including risk limits which reflect institutional risk appetite proposed by SMT Approve risk mitigation and management strategies and ensure they are implemented
Risk Management House The Framework 2 sides of the coin of management – Growth (Goals) and Risks The Organizational Foundation: the institutional base upon which formal risk management is built The Floor and Risk Management Pillars: the main risk categories that an MFI may face over its life cycle The Roof: the financial and social goals of an MFI
The Foundation Governance and strategy, Risk culture Internal control and management information system (MIS) Governance and strategy sets the tone for the way the institution is run, from its social mission to its financial objectives. Governance and strategy includes the defining and monitoring of an institution’s risk appetite—the acceptable levels of risk the institution is willing to take on in order to reach its financial and social goals. ***A formal risk management framework requires the involvement of the board of directors in the risk management process, beginning with the approval of the institution’s risk appetite vis-à-vis its business plan and strategy. Internal Control & MIS: Separation of functions ; A capable MIS; Formalization and dissemination of policies ; Ex post controls
The Floor & The Pillars Central part of the RM House Strategic Risk (the Floor) Credit Risk (Pillar 1) Financial Risk (Pillar 2) Operational Risk (Pillar 3) The risks and required policies, limits, and tools to manage these risks, will increase with the growth and increasing complexity of the MFI. The floor and pillars constitute the central part of the Risk Management House and together cover the risk areas of strategic risk, credit risk, financial risk, and operational risk. Because they are integral to the house’s structure, they represent the essence of an MFI’s risk management function: to develop and implement a comprehensive and formal risk management framework, including the policies, limits, processes, and tools to identify, measure, mitigate, and monitor risks.
The Floor & The Pillars Credit Risk Financial Risk Operational Risk Risks related to the MFI’s credit activities; includes credit transaction risk and portfolio risk. Risks related to the management of an MFI’s assets and liabilities; includes liquidity risk, market risk, investment portfolio risk, and capital adequacy risk. Risks related to failed people, processes, and systems in an MFI’s daily operations; includes external events risk, and legal and compliance risk. Read through quickly, will go into each definition in the next slides. Strategic Risk Risks related to the management of strategic direction of the institution; includes governance risk and strategic risk.
The Floor: Strategic Risk Governance Risk Strategic Risk Governance is the process through which the board of directors, balancing the interests of all stakeholders and working through management, guides an institution toward fulfilling its corporate mission and protecting the institution’s assets while preventing and overcoming crises. Strategic aspects such as the institution’s mission, vision, strategic plan, and mission alignment amongst shareholders. One of the most important aspects of strategic risk concerns the potential of an MFI to experience mission drift. Also discuss reputation risk.
Pillar 1: Credit Risk Credit Transaction Risk Portfolio Risk risk of financial losses and negative social performance related to loans to clients, caused by inadequate policies regarding loan disbursement, follow-up, and recovery. Portfolio Risk risk of financial losses and negative social performance related to the composition of the overall loan portfolio, caused by inadequate portfolio diversification.
Pillar 2: Financial Risk Liquidity Risk Market Risk Interest Rate Risk Foreign Exchange Risk Investment Portfolio Risk Capital Adequacy Risk Liquidity Risk risk related to the inability to meet current cash obligations in a timely and cost-efficient manner, to have adequate liquidity to fund planned growth and survive through crisis. Liquidity risk often arises because of mismatches in the maturity and concentration profiles, as well as the behavioral nature of an institution’s assets and liabilities. Market Risk Risk related to changes in the value of an MFI’s assets and liabilities. These changes as determined by fluctuations in interest and foreign exchange rates in the market. The structure of an institution’s assets and liabilities has a direct impact on its resiliency against external shocks. This resiliency directly affects an institution’s ability to continue to provide products and services to its clients on a sustainable basis. Market risk is subdivided into interest rate risk and foreign exchange risk. Interest Rate Risk related to unfavorable changes in market interest rates that are caused by mismatches in the re-pricing structure (re-pricing risk) or caused by basis risk—the imperfect correlation between market reference rates and internally managed rates on an MFI’s interest-rate-sensitive assets and liabilities. Foreign Exchange Risk related to unfavorable changes in exchange rates, usually due to mismatches in the currency structure of assets and liabilities. Investment Portfolio Risk Risk related to an MFI’s investment portfolio. It covers the cases in which larger MFIs have a certain percentage of their assets in financial or non-financial investments. Investment portfolio risk also includes equity investments in MFIs or other companies, if applicable. Capital Adequacy Risk Risk related to the capacity of an institution’s equity base to absorb risk. An institution’s equity base is a capital cushion that must be large enough to absorb financial losses associated with all of the business’s other risk areas.
Pillar 3: Operational Risk People risk Process risk Systems risk External events risk Legal and compliance risk. People Risk Risk related to inadequacies in human capital and the management of human resources. This encompasses the inability to attract, manage, motivate, develop, and retain competent resources and often results in human errors, fraud, or other unethical behavior, both internal and external to the institution. Process Risk Risk related to failed internal business processes within every aspect of the business. This can include product design flaws and internal project failures. Systems Risk Risk related to failed internal systems. This encompasses inter-branch connectivity, management information and core banking systems, information technology systems, power backup systems, and other technical systems. External Events Risk Risk related to the occurrence of external events typically outside of an MFI’s control. This encompasses both natural disasters such as hurricanes, flooding, earthquakes, and fires, as well as man-made events such as civil disruptions, war, robberies, arson, road blockades, and terrorist attacks. Legal and Compliance Risk Risk related to non-compliance with internal and external regulations and laws. This encompasses non-compliance with microfinance regulations, anti-money laundering (AML) requirements, tax laws, human resource laws, mandatory vehicle registration, internal codes of ethical conduct, and other regulations.
The Roof: Financial & Social Goals Social Results – an MFI’s capacity to stay true to its social mission and attain its social goals Profitability – an MFI’s capacity to maintain or increase its current level of capital adequacy and attract new investors and shareholders while achieving its social goals Efficiency and Productivity - an MFI’s ability to achieve its goals in a cost-efficient manner. The responsibility for reaching these financial and social goal lies on the MFI’s board and senior management and is not part of the risk management function.
Interdependence & Evolution 1. Good performance drives resources to invest in better risk management 2. Better risk managemen drives positive bottom line 3. Good risk management improves foundations 4. Solid foundations are the basis for building strong risk management. Evolution: - As institution matures and grows (increased tiers) each element of the model gains in complexity (pillars, floor, foundation etc.)
RMGM Graduation Path RMGM has three graduation, or tier, categories Lowest to highest tier offer increasingly more formal risk management guidelines with respect to policies, limits, and risk management and monitoring tools. Tier 1 – highest tier Tier 3 – lowest tier
MFI Tier Definition by MicroRate Sustainability: ROA, calculated as net operating income less taxes as a percentage of average total assets, serves as an indicator for profitability, sustainability, and efficient use of capital. Size: Size is an objective indicator of maturity and total assets is a reasonable criterion for tier purposes. Smaller Tier-3 MFIs (below USD $5 million) are usually either young, operate in a small market, or have not been able to grow organically. Larger institutions are typically stable and consistent. Transparency: Transparency serves as a proxy for maturity by reflecting both the MFI’s willingness and ability to be accountable to the public. Regulated financial institutions represent the highest level of transparency because of the high standards imposed by most local banking authorities. In countries that lack adequate regulation, or for MFIs that do not pursue regulation, Tier 1 transparency can also be assigned to MFIs that have been rated at least once in the last two years. What Tier is Your Institution? What Tier do you plan to be in XX years from now?
Other Considerations Approaching and applying the RMGM flexibly Setting realistic expectations The role of the RMGM vis-à-vis national microfinance regulations Approaching and applying the RMGM flexibly: Although MicroRate’s tier system allows for an objective identification of MFIs and classification into the three categories, each MFI should also take into account its individual institutional realities, future projections, and external context. An MFI will need to make decisions on which RMGM guidelines it will prioritize vis-à-vis its future strategy and available resources. A large, regulated, mature, and sustainable MFI could experience an exceptional event, for instance a very large fraud, which could have significant consequences in terms of profitability and decrease its ROA to less than -5%; in this case, the MFI should still be classified as Tier 1 and meet the RMGM’s Tier 1 guidelines. The RMGM should serve as a roadmap of policies, limits, and tools to implement in relation to an MFI’s institutional development. Setting realistic expectations: Although the Tier 1 guidelines represent a set of policies, limits, and tools that all the MFIs should strive towards, many MFIs will not necessarily meet all of them. Meeting the Tier 3 guidelines already represents an achievement and even a significant challenge for some MFIs. The role of the RMGM vis-à-vis national microfinance regulations: National microfinance regulators are the bodies responsible for the enforcement of regulations relating to best-practice risk management frameworks within a given country or region. The RMGM is not meant to replace the risk management frameworks that regulators put forward, but rather provide regulators with scalable standards through which they can add value to their existing risk management frameworks or provide an appropriate basis from which to develop a new national risk management framework. Similarly, the RMGM framework also provides valuable approaches which can be incorporated into the strengthening of on-site supervision of regulated microfinance institutions.
On-site RMGM Assessment Agenda Location Date Assessor Name Play an Ice Breaker – Name Department Position Number of Years at FI
On-site RMGM Assessment Agenda Inception Meeting On-site Assessment Interviews Analyzing Results Graduation Path Workshop Conclusion Show agenda and discuss. Here is a sample.
How does your Risk Management House look? Risk Management House Self-assessment Due: [[[INSERT DATE OF LAST DAY OF ON-SITE ASSESSMENT INTERVIEWS]]] Contact Info: Assessor’s Contact Information For more information: www.riminitiative.org Note to Assessors: Hand out copies of the Practical Tool 4.1 - Risk Management House Self-Assessment Template This is a take-home exercise for all those in attending at the introduction meeting Read the instruction on the RIM House Self-Assessment Template Give them a deadline – ideally by the last day of on-site assessment interviews (will review during Analyzing Results)