Microfinance Risks – Operational Risk – Part 2
Operational risk relates to the risks emanating from the failure of internal systems, processes, technology and humans or from external factors such as natural disasters, fires, etc. Basel Committee on Banking Supervision defines operational risk as “the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events”. Earlier, any risk, which was not categorized, as credit risk or market risk was considered to be operational. However, this was a vague definition of operational risk. As per the new definition strategic risk is not considered under Operational risk.
Operational risk has gained a lot of importance over the years with the increased use of technology and also recognition of the importance of human resources in the success or failure of enterprises. Another facet of operational risk is that it cuts across all departments, as human resources and technology are central to all departments. Technological interventions are now something very perceptible in all walks of our life including in banking and finance.
Today financial markets and banking have changed dramatically with a lot of reliance on technologies such as ATM, e-banking, telebanking, credit cards, etc. Secondly, over the years industries across the world have recognized the importance of human resources. Human Resource departments within enterprises have gained a lot of importance. Companies now believe in investing g in employees, their capacity building, employee retention, benefits and perks. Salaries and other benefits in India have risen dramatically in the last decade. This clearly shows that human resource is getting due recognition and importance that it commands.
To this larger change, the micro-finance industry is no exception. Micro-finance has seen its own share of technological advancement. From the use of computers for simple desk jobs to the use of advanced software, the introduction of swipe cards and biometric MFIs have witnessed changes in IT usage. Strong internal processes, systems, good human resources and preparedness against external events are needed for managing the operational risk.
Operational risk is enhanced by increased dependence on technology, low human and business ethics, competition, weak internal systems, in particular weak internal controls.
The Operational risks that MFI faces can broadly be categorized into five categories
a) Human risks; Errors, frauds, collections, animosity.
b) Process risks; lack of clear procedures on operations such as disbursements, repayments, day to day matters, accounting, data recording and reporting, cash handling, auditing.
c) System and technology risks; failure software, computers, power failures.
d) Relationship risk; client dissatisfaction, dropouts, loss to competitions, poor products.
e) Asset loss and operational failure due to external events; loss of property and other assets or loss of work due to natural disasters, fires, robberies, thefts, riots, etc.
As we discussed earlier human resource plays a key role in the success or failures of enterprises. An organization with a good human resource can meet most challenges effectively whereas weak human resources enhance operational risks. Human resources is a complex subject. The issue of keeping employees motivated and to encourage them to be honest and uphold integrity and values is something very subjective and does not have any unique solution. MFIs have to deal with a large number of small loan clients and this requires them to keep more employees with diverse skill sets at various levels.
These employees are expected to manage cash as well as records, which could be manual, or on computers. Managing these operations of the field with a set of staff who have limited education qualification is a challenge of enhances operational risk. MFIs mostly transact in cash, which increases the probability of frauds, misappropriation either by employees or even by clients.
Frauds consist of intentional embezzlements and misappropriations careered out by the staff or client of an MFI. Frauds may vary in degree and the extent of financial damage caused to the MFI. But irrespective of the size of fraud, it brings disrepute to the MFI and threatens the credibility of the organization. Frauds can be caused by simple embezzlement of the organization’s money to more complex thefts and misappropriations in nature, which can go on unnoticed for a long period of time. Some of the most common frauds in MFIs are field staff taking bribes for loans, creating fake clients, misreporting information, fudging data and forgery. Most often it has been seen that frauds occurs a result of weak monitoring and audit systems. Staff or clients tend to take advantage of the gap between the senior officials and the field and hence manipulate the situation to their personal advantage.
Similarly, an employee may commit loss to the organization by lack of knowledge, capacity, or by error. Human errors can occur anytime at any place. There could be errors in record-keeping, data entry, accounting, MIS, etc. Generally, the field staff of MFI is people with limited education qualifications or computer sills making them prone to such errors. Regular training of staff and careful monitoring are therefore very important in micro-finance institutions. Lack of training or monitoring escalates the operational risk due to errors, which are although unintentional but can nevertheless bring loss to the organization.
Humans can also be destructive sometimes. Employees against whom an action has been taken by the MFI may turn hostile and start working against the organization. They may spread rumors in the community, instigate people, may create problems in the working of the organization infield, may deliberately misreport data, etc.
The process is designed as a sequence of actions to be taken by different components of a system so that the system can work effectively. In simple terms, it means the systematic actions to be taken as part of regular activities for accomplishing various functions. Lack of clearly defined processes within an organization can result in confusion, conflicting g actions, the duplicity of work resulting in loss of time and other resources. If an organization does not have clearly defined processes, different staff may take different actions to the same situation resulting in conflicts and sometimes serious consequences.
Lack of internal processes or inadequacy of the process also weakens the internal control as there are no set parameters against which action of staff can be judged. Weak internal systems such as procedures for loan disbursement, collection, reporting cash handling, etc. Can lure staff and clients to take advantage of the weakness and result in fraud and misappropriation. Lack of standard policies complicates work, as there could be variances in record keeping and reporting making consolidation difficult and to get as there could be variances in record keeping and reporting making consolidation difficult and to get information on time. This impacts decision-making and ultimately results in overall management failure.
Strong internal management systems such as cash planning, cash handling, disbursement procedures, internal checks – monitoring and audits help in managing process-related operational risks.
System and Technology Risk
MFI becomes more and more dependent on technology such as computers, software, hand-held devices, etc. it also enhances their technology-related operational risk. Hard disk crash, virus attacks, software or hardware failures, password misuse can impact MFIs to different degrees based on their extent of dependence on technology. MFIs working in rural areas often have to face other such risks as long power cuts which can again disrupt normal operations if proper alternative arrangements such as generators or inverters are available.
To manage this it is important to have proper software backup policies in the organization. It is necessary to invest in updated software and anti-virus, protecting computers from misuses, restricting accesses and limiting authorization of data access to different levels of staff. Daily backups and storing back-ups at different locations can help in managing such risks. While designing software it is necessary to have strong security features, which can prevent data tempering. A good and efficient process of troubleshooting can help in addressing software or hardware related problems, which can prevent MFIs from losing valuable data or data theft.
Clients are very valuable for MFIs. With competition, more and more clients have options of choosing one MFI over another. Loss of clients or high drop out is a big cost to the MFIs. MFIs invest a lot of time and money in identifying clients, training them and nurturing them. Therefore the loss of clients results in resource loss, which has been invested in these clients and hence is a big risk. MFIs are increasingly realizing the importance of client relationships. It is important to be sensitive to client requirements clients can drop out on account of poor products, unfavorable policies and procedures, poor staff behavior, or a strong competitor.
As the sector becomes more competitive importance of strong client relations and meeting client requirements will only gain more significance. Managing good client relations can help the MFIs is not only managing this risk but turning it into an opportunity to maximize profits by not losing to competition and building client loyalty and instead attract clients from the competitors.
The basis for effective relationship management is collecting, regularly information about the clients’ satisfaction. This appears to be costly and has not been done by most MFIs so far. However, as MFI-staff interact much more regularly with their clients than other financial institutions do, this offers vast opportunities to “drop” question on satisfaction which are simple and not burdensome.
The greatest opportunity to learn about client satisfaction and to forge a strong relationship is through complaints, though. Most companies do miss the chance of complaint handling. So do MFIs. But complaints are a great opportunity because it means that a client comes fully self-motivated and willing to convey his feeling s and perceptions of the MFI’s services. It is a kind of information that field staff and managers alike otherwise rarely get hand s on. Therefore, well-managed MFIs encourage clients to voice their grievances and provide channels for addressing them.
Asset Loss and Operation Failure Due to External Events
There are various external factors, which are a direct threat to an MFI. Such threats may include fire, natural disasters such as floods, droughts, earthquakes, tsunami, epidemic,s etc. There could be other human-related external threats as well such as robbery, thefts and rots. Such events although low in probability can cause high damage to the property of the MFI as well as can hamper normal operations for an extended period of time. Such risks can be managed through a variety of strategies. Natural disasters have the capacity to cause a very high impact. Natural disasters not only adversely impact the infrastructure such as roads, telecommunications, which will ultimately hamper the MFIs working. Even if a natural disaster has not affected the infrastructure of an MFI directly it may completely destroy client business, which will ultimately result in a loss for the MFI.
Riots, wars, communal problems can quite significantly impact the operations of an MFI as such situations may bring an MFI to a complete halt. Riots and other such situations are directly related to the issue of personal security of the staff as well as of the clients and hence are serious risks.
An MFI must keep its portfolio diversified to limit its loss on account of such external factors. In cases of robberies or thefts are common then it is better to transfer risk through insurance, cash-carrying by staff can be limited and there can police on cash limits at the branch. Again insurance for cash in branch or cash in transit can be taken by working out the cash benefit. Insurance involves payments of premium hence it is necessary to evaluate the probability of such an incident, potential loss possible against the premium the MFI has to pay.
If potential losses or chances are high then it is better to take insurance. For dealing with fire or riot situations MFIs may have standard operating procedures, which could be a stepwise set of rules to be followed under such an emergency situation. This will help the staff to react in a more coherent manner and can control loss due to frivolous action taken by any staff under emergency. Personal safety and security of staff and clients have to be given priority. Keeping backups at alternative places can help in preventing data loss and small fire extinguishers, fireproof vaults and help in controlling losses. Policies on storage and custody of important documents such as a checkbook, client documents, cash, etc., can again control losses.