Where Angels Prey

Where Angels Prey is a novel by Ramesh S Arunachalam. Please refer to www.whereangelsprey.com for more information

Friday, November 26, 2010

The Governance of Risk Management in MFIs: Lessons from The Andhra Pradesh and Indian Experience

Ramesh S Arunachalam
Rural Finance Practitioner

One of the most important fallouts of the recent crisis has been the apparent lack of and/or failure of risk management at many MFIs. There are several observations I have here and these are articulated below, not in any order of importance:

Internal Controls for Financial Reporting Vs Risk Management: In many MFIs, the (sole) focus on internal controls was mainly for the purpose of financial reporting. This resulted in risk management getting divorced from strategy and its implementation. Also, in several MFIs, the basic tenets of internal control, particularly those pertaining to operating risks, were not followed.

Risk Handled in Piecemeal Fashion: In a few cases, the enterprise (or MFI) as a whole was not considered and risk was handled in a piece meal fashion – so much so that even the boards were completely out of touch with the (risk management) systems in place. Thus, a holistic and comprehensive perspective on risk was lacking

Risk Management Mistaken with Risk Elimination: In one MFI, effective risk management was seen as eliminating risk taking and that is perhaps an inappropriate view of things. MFIs and other stakeholders must understand that RISK is a fundamental driving force in any activity including the business and entrepreneurship of micro-finance. Therefore risk elimination is perhaps strictly not possible. The aim must be to ensure that risks are understood, managed and, where appropriate, communicated throughout the organization, so that the whole MFI can be ready for it, as and when it becomes significant.

Inability to Seriously Anticipate and Properly Manage Political Risk: In several MFIs, the present political risk was neither (seriously) anticipated nor managed on an institution wide basis. People (initially) looking at this risk were perhaps either far too junior or lacked the requisite contextual experience and often, there seemed to be no serious guidance from senior management/board. Most importantly, boards were, in a number of cases, ignorant of the key (political and other key) risks facing their MFIs and came into the picture, much later than required

Lack of Board Involvement in Establishing/Overseeing Risk Management Structure: Without question, the effective implementation of risk management requires involving the Board in both establishing and overseeing the risk management structure. This did not happen and in many MFIs, the Board neither reviewed nor provided guidance about the alignment of overall (Corporate and Micro-Finance) strategy with risk-appetite and the internal risk management structure.

Lack of Independence of Risk Management and Control Functions: To assist the Board in its work, risk management and control functions need to be independent, reporting directly to the Board. However, this was seldom the case and as a result, risk perceptions often got altered by line management (and other staff) and were perhaps not fair representations of the true risk confronting the MFI (A situation akin to not wanting any bad news, often, without realizing that timely bad news affords a great chance to have appropriate on-course corrections). Sometimes, a true picture of the risks perhaps never reached the board, which was left high and dry when the same affected the organisation

So, how then can the Governance of Risk Management be improved in MFIs?

Here are some ideas…for what they are worth and what they are not…

Risk Assessment and Corporate Governance
1.  Sound corporate governance at MFIs can enhance the quality of risk management including the processes adopted. As Governance involves many stakeholders, each with specific assigned responsibilities, they need to ensure that the system as a whole is geared to support the overall corporate and business strategy and ensure the effectiveness of the internal control mechanisms.
2.  While board of directors is certainly not expected to understand every nuance of the micro-finance business or to oversee every micro-finance transaction, they surely need to ensure that management does that using an organized hierarchy of responsibilities. The board, however, does have the responsibility to set the tone regarding their MFIs risk-taking (preferences) and to oversee the internal control processes so that they can reasonably expect that their directives will be actually followed during implementation. They also have the responsibility to hire individuals who they believe have integrity and can exercise a high level of judgment and competence.

Risk Management and Internal Controls
3.  Boards of directors also need to be responsible for ensuring that their MFIs have an effective audit process and that internal controls are adequate for the nature, scope and scale of their micro-finance business. The reporting lines of the internal audit function should be such that the information that board (of directors) receives is impartial and not unduly influenced by (line and other) management. Internal audit is a key element of management's responsibility to validate the strength of internal controls. This aspect should not be underestimated.
4.  Internal controls are the responsibility of line management and line managers must clearly determine the level of risks they need to accept to run their micro-finance business (in accordance with the board’s overall risk appetite) and to assure themselves that the combination of earnings, capital, and internal controls is sufficient to compensate for the risk exposures. This again is a very critical issue.

Risk Management, Growth and Corporate Governance

5.  Internal controls and sound governance become even more important when the MFIs’ operations move into higher-risk areas – like the kind of growth that MFIs experienced during 2007 - 2009. Indeed, when changes are happening as they have in the last three years in Andhra Pradesh, control failures will increase significantly. Rapid growth, introduction of new (adapted) products and delivery channels (use of agents for example) are examples of situations that put stress on the control environment.
6.  When these types of changes occur, "people risks" escalate. These are risks that are related to training employees in new products and processes. Employees who join the MFIs need to learn the culture of the company and the control environment. Employees unfamiliar with their new responsibilities--the systems they use, their changing client profile, the services they provide customers, the oversight expected by their own supervisors and members of internal control functions--are all more likely to create control breaks. As a result, MFIs need to be wary of and manage people risks appropriately and in timely fashion, through a good human resources function.
7.  Rapid growth and change also modify the relative risks to an MFI. For example, the pressure to beat a competitor to market with new/same products (as has been the case in Andhra Pradesh in the last three years) may shortcut the design-review process and omit an important control. In fact, significant controls that were there in the original Grameen (or even India Adapted Grameen) have perhaps been forgotten and that is why we hear of unsound lending and coercive recovery practices, with regard to MFIs today. It is time that MFIs revisit their original model and bring back features that facilitated borrower preparation (so significant in the original Grameen and other models), client protection and client dignity. That would be a very useful strategy to minimize and counter political risk…
8.   Many of the MFIs that have been the center of the recent AP crisis also demonstrate some similar characteristics. Barring a few exceptions, they are mostly led by hard-charging entrepreneurs whose ability to think outside the box pioneered advances in the business of micro-finance. But the personalities of these individuals, in many cases, led to a focus on (perhaps even unmanageable) growth and as a result, inadequate time was spent on building the control infrastructure, much required in such an environment
9.   Another form of people risk is internal fraud. When expectations of the market and supervisors, or pressures of professional/personal life become overwhelming, key staff may step over the ethical and legal boundaries and cover up errors or purposely commit fraud. There is good enough reason to believe that this may have been the case with several of the staff who have been found to be involved in recent frauds in Indian micro-finance. Again, the human resources function must take the driver’s seat and try and reduce (or if possible eliminate) unrealistic expectations and ease work time pressures – so that the staff are not forced to cross the line (or LAKSHMAN REKHA), with regard to ethical behavior on the job. An important aspect here is to ensure that there should be NO disconnect between strategy and risk management on the one hand, and incentives on the other. By incentives is meant not just remuneration but also other aspects such as promotion. That would also help in reducing ‘people risks’

To summarise, although risk management has become much more quantitative, considerable management judgment must be applied to the risk management process and this is what MFIs need to get their boards to facilitate. Frequent, small losses can generally be absorbed in the operating margin of the product or service. It is the low-probability, large losses that provide the greatest challenge. And, it is just such risks--the ones that can severely damage, if not kill, an MFI--that too many institutions do not formally take into consideration. Sometimes, I wonder whether MFIs thought lightly about the risk of political action (because the industry was after all widely regarded as the HOLY Cow of financial inclusion) and this gross underestimation is perhaps one of the main reasons as to why they were completely taken aback when this risk actually became a reality…in Andhra Pradesh…in October 2010…


  1. Risk mmanagement should begin with assessment of loan proposals as every lender ahould take calculated riisk and also provide for any natural and market hazards. The business model adopted by the MFIs did not provide for any such assessment and obviously sooner or later they had to resort to unethical measures to ensure steady repayment and ultimately collapse as such measures lead to resentment and bring pressure on government and media and political parties start campaign against such move beside the consequent legal actionns.--Dr.S.N.Ghosal

  2. Completely agreed. Risk management is all about proactively making a sense of 'risks'and devising appropriate strategy to deal with it. Not many MFIs could sense this risk to any degree. The reason perhaps was an absence of formal risk management structure within the MFIs. If this was assessed to any degree, perhaps MFIs would have looked at their current operating environments more closely and could have taken a proactive action to remedy the situation. Even if this was not alone because of MFIs' ways of operating (since this has a political angle to it); formal risk management systems would have thrown up some early warning signals so that MFIs would be able to take some collective corrective action before the house was set on fire

    Raj Kumar

  3. hi Ramesh, out of all the risks mentioned by u, the biggest risk is societal / polical a.which can finish off the company / sector. hence at the board level they msut be personally responsible to manage this risk. thiis can be done by the board ensuring the foll:
    a. is the lending rate reasonable and the best rate that the company can offer, even if market opportunities are there to charge more rates?
    b. is the rate transparently printed in the pass book and given to client on reducing balance including impact of service charge, security depsoit, advance instalments etc?
    c. is the client fully aware of real cost at which she is borrowing?
    d. is there a cap on profits like a cap on RoE
    e. is there a cap on managerial salariies?
    f. are all other product or service offered purely optional to members and not tied into the loan?
    g. if insurance is offered, is it optional and is the commission earned reasonable? is the commission earned clearly informed to clients by printing in the pass book?
    h. are there sufficient social activities done by the MFI to help improve the members quality of life?
    i. is financial literacy programme interwoven with the loan?
    end of the day, the board members and MD/CEO need to ask themselves the question whether whatever they are doing, are they comfortable to talk about it to politicians, government officials, public, bankers and clients in a open and transparent manner? if yes, they are probably fair in their dealing with the clients. if they are not comfortable about being open about these, then they are being unfair and it is only a m atter of time before the society/politicians/governments react and wipe such companiies out of existence. i believe it is the primary responsibility of the promoter/MD/CEO and entire board to manage this risk

  4. The reason perhaps was an absence of formal risk management structure within the MFIs I like it so much This is good good side Thanks MA.....................

  5. Wow Your blog information is so nice The Governance of Risk Management in MFIs: Lessons from The Andhra Pradesh and Indian Experience

    Taxation Services India