Ramesh S Arunachalam
Rural Finance Practitioner
Please recall that the Malegam committee report has recommended on-site supervision of large NBFC MFIs (although it is yet be accepted by the RBI). The key issue is that if the MCR proposals are accepted, then, supervisors will have to carry on examinations in such large NBFC MFIs, which would be some kind of a first for them. This post seeks to highlight some critical risk management issues for such supervisory/examination missions as well as the monitoring visits undertaken by bankers, investors and others including credit rating agencies. Read on…
First, when examiners or other stakeholders assess risk management systems, they need to consider the MFI’s policies, processes, personnel, and control systems. If any of these areas is deficient, so is the MFI’s risk management.
· Policies are statements of actions adopted by the MFI to pursue certain results. Policies often set standards (on risk tolerances, for example) and should be consistent with a MFI’s underlying mission, values, and principles. A policy review should always be triggered when a MFI’s activities or standards change. The burgeoning growth experienced by the large Indian MFIs from April 2007 onwards should have prompted this…
· Processes are the procedures, programs, and practices that impose order on the MFI’s pursuit of its objectives. Processes define how daily activities are carried out. Effective processes are consistent with the underlying policies and are governed by appropriate checks and balances (e.g., internal controls). Again, the phenomenal growth and the kind of results achieved in expanding client and portfolio outreach during the period April 2007 to March 2009 in India should certainly have caused the micro-finance industry (all stakeholders) to closely look (inward) at key processes. In fact, this would have clearly shown that the desire for faster growth and greater efficiency perhaps resulted in MFIs adopting short cuts in the various processes. Much of the process mapping and re-engineering done during this period achieved one impact very successfully – it reduced client level interaction and simply eliminated client relationship building in several places, to help MFIs gain efficiencies. Soon MFIs were just talking to various kinds of intermediaries (call them agents or business correspondents and the like) to add more clients and get them quicker than competition
· Personnel are the MFI staff and managers that execute or oversee processes. Personnel should be qualified and competent, and should perform as expected. They should understand the MFI’s mission, values, policies, and processes. MFIs should design compensation programs to attract, develop, and retain qualified personnel. In addition, compensation programs should be structured in a manner that encourages strong risk management practices. Transformation (a key happening in Indian micro-finance) and consolidation present complicated personnel challenges. Any MFI transformation plan should lay out strategies for adding/retaining staff essential to risk management. Now, the huge growth in the aforementioned period coupled with fast rapid transformation meant that staff turnover was very high and all and sundry were hired and put into positions, without requisite training and orientation. In fact, because the staff were not committed to the original mission, in many MFIs, the mission that percolated to the field got hugely diluted and was focused on mindless and reckless growth, without considering the risks. Frauds and related strategies (like agency micro-finance model) were increasingly used to add more clients in a short time. Overall, the above factors again led to critical risk management issues being given a go by – in many cases, they existed on paper at the headquarters or regional offices but were hardly evident during implementation.
· Control systems are the tools and information systems (e.g., internal/external audit programs) that MFI managers use to measure performance, make decisions about risk, and assess the effectiveness of processes. Feedback should be timely, accurate, and pertinent. Now, when policies, processes and personnel are out of tune and literally perpetuate risk management, control systems will not work on the ground and that is what happened from April 2007 onwards in many MFIs
Thus, as noted above, it is critical for stakeholders to look at MFI policies, processes, personnel and control systems to come to a proper conclusion with regard to the MFI’s risk management system.
Second, because market conditions and MFI structures vary, no single risk management system may work for all kinds of MFIs. The sophistication of risk management systems should be proportionate to the risks present and the size and complexity of an MFI, its operational environment and the like. As an MFI grows more diverse and complex in terms of its products, delivery models, capital sourcing, client demographics and the like, the sophistication of its risk management must also keep pace. Thus, risk management systems of large MFIs must be sufficiently comprehensive to enable senior management to identify and effectively manage the risk throughout the MFI’s diverse operations. Two other aspects deserve special mention here: a) In large MFIs, the focus of (examination) would have to be on the overall integrity and effectiveness of risk management systems; and b) Periodic validation must be a vital component of such large MFI examinations as only then can the integrity of these risk management systems over time be assessed.
Third, sound risk management systems should be able to identify the key risks, measure them appropriately, monitor it continuously and control them where possible and necessary. These aspects are described below:
· Identify risk: To properly identify risks, an MFI must recognize and understand existing risks and risks that may arise from new business initiatives, including risks that originate in sister institutions (subsidiaries in case of MFI holding companies) and/or affiliates, and those that arise from external market forces, or regulatory or statutory changes. Risk identification should be a continuing process, and should occur at both the transaction and portfolio level. A MFI must also identify interdependencies and correlations, across portfolios and lines of business, that may amplify risk exposures. Proper risk identification is critical for MFIs undergoing transformation (from one legal form to another) and consolidations to ensure that risks are appropriately addressed. Risk identification in transforming and consolidating MFIs begins with the establishment of uniform definitions of risk; a common language helps to ensure the success of transformation and consolidation.
· Measure risk: Accurate and timely measurement of risk is essential to effective risk management. A MFI that does not have risk measurement tools has limited ability to control or monitor risk levels. Further, more sophisticated measurement tools are needed as the complexity of the risk increases. An MFI should periodically test to make sure that the measurement tools it uses are accurate. Sound risk measurement tools assess the risks of individual transactions and portfolios, as well as interdependencies, correlations, and aggregate risks across portfolios and lines of business. During MFI transformations and consolidations, the effectiveness of risk measurement tools is often impaired because of the technological incompatibility of the transforming systems or other problems of integration – I have seen this in some of the largest India MFIs that transformed activities from a society/MBT to an NBFC and the MIS and related integration was simply out of tune. Consequently, the resulting (new) company must make a concerted effort to ensure that risks are appropriately measured across the consolidated entity. Larger, more complex MFIs must assess the effect of increased transaction volume across all risk categories.
· Monitor risk: MFIs should monitor risk levels to ensure timely review of risk positions and exceptions. Monitoring reports should be timely, accurate, and informative and should be distributed to appropriate individuals to ensure action, when needed. In many cases, I have seen reports being generated but gathering dust. Further, for large and complex MFIs, monitoring is essential to ensure that management’s decisions are implemented for all geographies, products, and legal entities (including Mutual Benefit Trusts – MBTs, that are a part of many Indian MFIs).
· Control risk: MFIs should establish and communicate risk limits through policies, standards, and procedures that define responsibility and authority. These limits should serve as a means to control exposures to the various risks associated with the MFI’s activities. The limits should be tools that management can adjust when conditions or risk tolerances change. MFIs should also have a process to authorize and document exceptions or changes to risk limits when warranted. In MFIs transforming or consolidating, the transition should be tightly controlled; business plans, lines of authority, and accountability should be clear. Large, complex MFIs should have strong risk controls covering all geographies, products, and legal entities to prevent undue concentrations of risk.
Again, while the field of risk management is at its nascent best in Indian micro-finance, that should not deter us from asking the right questions during monitoring and supervisory examinations and I hope that various stakeholders involved in this crucial aspect recognize and seek to redress this on the ground in real time…
Have A Nice Day!