Where Angels Prey

Where Angels Prey is a novel by Ramesh S Arunachalam. Please refer to www.whereangelsprey.com for more information

Wednesday, October 20, 2010

Getting the Legal Framework Right: Critical for Survival of Indian Micro-Finance

Some Ideas for the RBI Sub-Committee, which can take these for what they are worth and what they are not…

In clear terms, any solution to the present problems in micro-finance would require attention to the following:

1.    Bringing activities of all institutions and models of micro-finance under a single regulatory regime (otherwise, you could have regulatory arbitrage[1]). To start with, it would be a special cell/unit in The Reserve Bank of India (or even NABARD) and it could then be moved to a separate regulatory authority, if required. The functions of this single regulatory regime could be as described below

a)    Market Legitimization: (a) Accreditation and registration of institutions for delivery of basic financial services to low income clients; (b) Granting licenses for deposit taking financial services, when institutions meet the existing standards; and (c) Both of the above could be based on internal as well as 3rd party assessments of institutions on several aspects

b)    Market Regulation and Supervision: (a) Appropriate prudential regulation; (b) Supervising both basic and deposit taking institutions in terms of ensuring minimum standards of portfolio quality, cost of operations and the like. Use of third party auditors (without conflict of interest) for portfolio audits, systems audits etc; (c) Imposition of market discipline and ensuring legal compliances and enforcement of other statutory requirements; and (d) Mitigating the impact of scale economies and informational incompleteness (asymmetry) through minimum systems and practices on several aspects including MIS, portfolio management, internal control, risk management, governance, KYC norms etc

c)    Market Protection: (a) Facilitating education of micro-finance clients in terms of their rights as consumers; (b) Taking action on complaints from clients in terms of violations by service providers; and (c) Protection of institutions from various State Level Usury interest ordinances, if required and appropriate

2.    Requiring all institutions to follow HIGHEST standards of corporate Governance including specific disclosure norms. The following practices should be viewed as critical elements of any governance process:

þ  Establishing strategic objectives and a set of corporate values, in tune with the overall industry objectives, that are communicated throughout the organisation.

þ  Setting and enforcing clear lines of responsibility and accountability throughout the organisation.
þ  Ensuring that board members are qualified for their positions, have a clear understanding of their role in corporate governance and are not subject to undue influence from management or outside concerns. The role and functioning of independent and nominee directors deserves specific emphasis here
þ  Ensuring that there is appropriate oversight by senior management, effectively utilising the work conducted by internal and external auditors, in recognition of the important control function they provide.

þ  Ensuring that compensation approaches are consistent with the institutions ethical values, objectives, strategy and control environment including the nature of the industry

þ  Conducting corporate governance in a transparent manner. Transparency can reinforce sound corporate governance. Therefore, public disclosure is desirable in the following areas:

a.    Board structure (size, membership, qualifications and committees);
b.    Senior management structure (responsibilities, reporting lines, qualifications and experience);
c.    Basic organisational structure (line of business structure, legal entity structure);
d.    Information about the incentive structure (remuneration policies, executive compensation, bonuses, stock options) etc;
e.    Nature and extent of transactions with affiliates and related parties[2]

3.    Establishing standards for certain non-negotiables in terms of minimum system requirements such as MIS, risk management and internal controls, internal audits, portfolio management guidelines including assets classification and income recognition, accounting standards, capital adequacy and the like.  Some of these would have to be verified through on-site supervision and special audits and institutions must be given reasonable time to comply.

4.    Ensuring quarterly portfolio audits (conducted by agencies that have no conflict of interest), conducted on a required scale and with sufficient scope. Minimum standards to be met and standardized best practices audit methodology to be defined and adhered to

5.    Implementation of KYC Norms in a rigorous manner by all concerned institutions. This calls for, among others, the following:
þ  Customer acceptance, customer identification and record keeping standards should be implemented with consistent policies and procedures throughout the organization.
þ  Each branch office should maintain and monitor information on its accounts and transactions. This local monitoring should be complemented by a robust process of information sharing between the head office and its branches and regarding accounts and activity that may represent heightened risk.
þ  Internal auditors should verify that appropriate internal controls for KYC are in place and that financial intermediaries are in compliance with supervisory and regulatory guidance. The audit process should include not only a review of policies and procedures but also a review of customer documentation and their records along with sampling of a significant number of random accounts.
þ  The role of audit is particularly important in the evaluation of adherence to KYC standards on a consolidated basis and supervisors should ensure that appropriate frequency, resources and procedures are established in this regard and that they have full access to any relevant reports and documents prepared through the audit process.
þ  Many MFIs now have multiple institutions. Customer due diligence here poses issues that may not be present for single entity. Thus, there should be systems and processes in place to monitor and share information on the identity of customers and account activity of the entire group, and to be alert to customers that use their services through different institutions.
þ  “The Basel Committee believes similar guidance needs to be followed for all non-bank financial institutions and professional intermediaries of financial services including MFIs/Others”.

6.    Outsourcing guide lines for correspondents/other intermediaries with regard to micro-finance, and lastly

Outsourcing is defined as a regulated entity’s use of a third party (either an affiliated entity within a corporate group or an entity that is external to the corporate group) to perform activities on a continuing basis that would normally be undertaken by the regulated entity, now or in the future. Outsourcing can be the initial transfer of an activity (or a part of that activity) from a regulated entity to a third party or the further transfer of an activity (or a part thereof) from one third-party service provider to another, sometimes referred to as “subcontracting.” In some jurisdictions, the initial outsourcing is also referred to as subcontracting. Three points deserve mention here:

a)    Financial services businesses throughout the world are increasingly using third parties to carry out activities that the businesses themselves would normally have undertaken. Industry research and surveys by regulators show financial firms outsourcing significant parts of their regulated and unregulated activities. These outsourcing arrangement are also becoming increasingly complex.
b)    Outsourcing has the potential to transfer risk, management and compliance to third parties who may not be regulated, like in micro-finance.
c)    In these situations, how can financial service businesses remain confident that they remain in charge of their own business and in control of their business risks? How do they know they are complying with their regulatory responsibilities? How can these businesses demonstrate that they are doing so when regulators ask? Most importantly, now can they assure themselves that their agents, 3rd parties are not engaging in practices that could contribute to institutional failure. The current problems in micro-finance can be traced to the broker agent model adopted by many MFIs

Some suggestions[3]

I.              A regulated entity seeking to outsource activities in micro-finance should have in place a comprehensive policy to guide the assessment of whether and how those micro-finance activities can be appropriately outsourced.
II.            The regulated entity should establish a comprehensive outsourcing risk management program to address the outsourced micro-finance activities and the relationship with the service provider (MFI/FI).
III.           The regulated entity should ensure that outsourcing arrangements neither diminishes its ability to fulfil its obligations to customers and regulators, nor impede effective supervision by regulators.
IV.          The regulated entity should conduct appropriate due diligence in selecting third party service providers (MFI/FI).
V.            Outsourcing relationships should be governed by written contracts that clearly describe all material aspects of the outsourcing arrangement, including the rights, responsibilities and expectations of all parties including MFI/FI
VI.          The regulated entity and its service providers should establish and maintain contingency plans, including a plan for sudden events and problems that may occur including political risk.
VII.         The regulated entity should take appropriate steps to require that service providers protect confidential information of both the regulated entity and its clients from intentional or inadvertent disclosure to unauthorized persons.
VIII.        Regulators should take into account outsourcing activities as an integral part of their ongoing assessment of the regulated entity.
IX.          Regulators should assure themselves by appropriate means that any outsourcing arrangements do not hamper the ability of a regulated entity to meet its regulatory requirements.
X.            Regulators should be aware of the potential risks posed where the outsourced activities of multiple regulated entities are concentrated within a limited number of service providers as in micro-finance.

7.    Ensuring compliance on all of the above aspects within a reasonable time frame through a mandatory compliance function at institutions.
þ  Financial intermediaries in micro-finance need a compliance function and it can be defined as follows: “An independent function that identifies, assesses, advises on, monitors and reports on the institutions compliance risk, that is, the risk of legal or regulatory sanctions, financial loss, or loss to reputation an financial intermediaries may suffer as a result of its failure to comply with all applicable laws, regulations, codes of conduct and standards of good practice (together “laws, rules and standards”)”.
þ  The applicable laws, rules and standards are likely to have various sources, including primary legislation, rules and standards issued by supervisors, market conventions, codes of practice promoted by industry associations, and internal codes of conduct applicable to the staff members of the financial intermediaries. They are likely to go beyond what is legally binding and embrace broader norms of integrity and fair dealing.
þ  The purpose of the compliance function is to assist the financial intermediaries in managing its compliance risk. Compliance risk is sometimes also referred to as integrity risk, because a financial intermediaries reputation is closely connected with its adherence to principles of integrity and fair dealing. Supervisors must be satisfied that effective compliance policies and procedures are followed and that management takes appropriate corrective action when breaches of laws, rules and standards are identified.
þ  Compliance with laws, rules and standards helps to maintain the financial intermediaries’ reputation with, and thus meet the expectations of, its customers, the markets and society as a whole. Although compliance with laws, rules and standards has always been important, compliance risk management has become more formalized within the past few years and has emerged as a distinct risk management discipline.

[1] Occurs when MFIs structure or relocating activities/transactions to choose the least burdensome regulator.  This is also described as regulator shopping.
[2]For example, the International Accounting Standards Committee defines related parties as “those able to control or exercise significant influence. Such relationships include: (1) parent-subsidiary relationships; (2) entities under common control; (3) associates; (4) individuals who, through ownership, have significant influence over the enterprise and close members of their families; and (5) key management personnel". The IASC expects that disclosures in this area should include. (a) the nature of relationships where control exists, even if there were no transactions between the related parties; and (b) the nature and amount of transactions with related parties, grouped as appropriate. (IASC International Accounting Standard No. 24, Related Party Disclosures).
[3] Source: Extracted and adapted from the Basel Committee working paper on outsourcing.

No comments:

Post a Comment