Ramesh S Aruanchalam
Rural Finance Practitioner
There is slowly but surely, an increasing recognition of the importance of ensuring that MFI/Other financial intermediaries (and their BCs) have adequate controls and procedures in place so that they know the clients with whom they are dealing. This is one of the first and most important lessons from the on-going Indian micro-finance crisis
A second lesson is that adequate due diligence on new and existing clients has to be a key part of these controls. Without this due diligence, MFIs/Other financial intermediaries (and their BCs) can become subject to reputational, operational, legal and concentration risks, which can result in significant financial cost – this is again very evident from the present Indian micro-finance crisis. So, it is imperative for regulators/supervisors to examine the KYC procedures currently in place and also draw up (more appropriate) recommended standards applicable to all kinds of financial intermediaries (and their BCs) in micro-finance.
A third lesson is as follows: Sound KYC policies and procedures are very critical in protecting the safety and soundness of financial intermediaries in micro-finance (and their BCs) and the integrity of systems within MFIs. Sound KYC procedures must therefore be seen as a critical element in the effective management of various potential failures in MFIs/Other financial intermediaries (and their BCs) in micro-finance and the present Indian experience has a lot to offer on this. What needs to be better understood and appreciated is that KYC safeguards go MUCH beyond simple record-keeping (which can be tampered with very easily) and require institutions to formulate a customer acceptance policy and a tiered client identification program that involves more extensive due diligence and proactive monitoring.
The fourth lesson is that the need for rigorous customer due diligence standards should not be restricted to MFI headquarters alone. It needs to be followed all through the line, right down to the branch and centers (and the infrastructure of their BCs), where appropriate.
The RBI and other Central Banks must therefore attempt to ensure the implementation of KYC Norms in a rigorous manner by all concerned micro-finance related institutions including their BCs. This calls for, among other things, the following:
- Customer acceptance, customer identification and record keeping standards should be implemented with consistent policies and procedures throughout the organization (and their BCs) and especially, at all levels. It must also be backed by a completely integrated MIS that integrates geographies, products and the like
- Each branch office should maintain and monitor information on its accounts and transactions. This local monitoring must also be complemented by a robust process of information sharing between the head office and all its branches (and BC where applicable). This information shared between HQs and branches must also report on any suspicious accounts and activity that may represent heightened risk. A lot of the agent related problems could have been avoided if these had been in place. And of course, all of this must be vetted by a strong internal audit function, independent of line management, reporting directly to the Board. It does not make sense for the internal audit team to report to the very line management, whose procedures and controls they are evaluating.
- Specifically, internal auditors should verify that appropriate internal controls for KYC are in place and that MFIs/Other financial intermediaries (and their BCs) are in compliance with supervisory and regulatory guidance. The audit process should include not only a review of policies and procedures but also a review of customer documentation and their records along with sampling of a significant number of random accounts. Physical verification of clients and in comparison with appropriate photos IDs must also be a part of this random sampling.
- The role of audit is particularly important in the evaluation of adherence to KYC standards on a consolidated basis and supervisors should ensure that appropriate frequency, resources and procedures are established by MFIs in this regard and that they have full access to any relevant reports and documents prepared through the audit process.
- Several MFIs now have multiple institutions as part of the transformation and their overall strategies and this is especially true in India. Customer due diligence here poses issues that may not be present for single entity. Thus, there should be systems and processes in place to monitor and share information on the identity of customers and account activity of the entire Micro-Finance group (including their BCs), and to be alert to customers that use their services through different institutions.
While all of the above can be done at the institutional level, a whole range of controls would also be required at the level of a CRB (Credit Reference Bureau), which we are still eagerly awaiting in the crisis ridden Indian micro-finance industry…
Have a Nice Day!