Embed Size (px)
Citation preview
Posi
tio
n P
aper
March 2015
Karla Brom
The RIM’s mission is to contribute to the global development of awareness, best practices, and appropriate standards for risk management in microfinance. This paper describes the RIM’s Risk Management Graduation Model (RMGM), which provides an invaluable starting point for all stakeholders with an interest in improving risk management in the microfinance sector. A principal goal of the RIM is to change the approach to risk management and its central driving question from “What is risk management and how do you do it?” to “Why is risk management important to my organization and clients?” The RMGM has been designed with this goal in mind.
Toward a Consistent and Appropriate Risk Management Framework for MFIs
The Risk management Initiative in Microfinance (RIM) is a collaboration of organizations with a vested interest in raising the standards of risk management in the microfinance industry. Since its formation in early 2013, the RIM has gained momentum and is now at a critical juncture and seeks to expand its outreach throughout the microfinance sector. To that end, the RIM has created the Risk Management Graduation Model (RMGM). This framework has been reviewed by risk management experts with years of experience in the microfinance sector. As of January 2015, the RMGM has been pilot tested with fifteen MFIs in fourteen countries to test the consistency and coherency of the framework in practice. Based on the results of these pilot tests, a diagnostic tool will be developed which will allow an MFI to evaluate its gaps vis-à-vis the RMGM framework.
The RMGM and diagnostic tool are not a comprehensive guide to risk management for MFIs, but they do provide an invaluable starting point for all stakeholders with an interest in improved risk management in the microfinance sector. The RIM also seeks to:
• Make an inventory of methodologies and tools currently offered to MFIs.
• Harmonize processes and policies related to risk management in MFIs.
• Propose a scalable framework, founded on risk management approaches adapted to a particular MFI’s size, complexity, and structure, as well as the economic significance of its activities and risk profile.
• Send a common message to stakeholders on the industry’s vision and strategy for risk management.
• Make additional tools and resources publicly available.
2
The RIM arose from the recognition that there is a great and growing need for an integrated risk management approach in the microfinance sector. The RIM’s mission is to contribute to the global development of awareness, best practices, and appropriate standards for risk management in microfinance.
MFIs that take the latter approach understand why risk management is important and why it needs to be formally integrated into the culture, policies, procedures, and processes of their organizations, and they can ultimately figure out how to implement risk management in the most appropriate way for their own institutions.
Risk Management and Microfinance Today
For the past decade, the microfinance sector has been growing and expanding rapidly in a variety of ways—in geographic reach, the number of clients served, the number and size of loans, the types of products and services offered, and funding sources (including deposits). The visibility of the sector has also increased, as demonstrated by Muhammad Yunus receiving the Nobel Prize for his work with Grameen Bank as well as other high-visibility developments such as the IPO of Compartamos, the success of M-Pesa in Kenya, and recent events in Andhra Pradesh, India. This visibility has led to more scrutiny by impact investors, academics, politicians, and regulators and has spawned increased regulation of a sector that used to operate largely outside of formal banking regulation.
Along with growth and expansion have come crises and failures, and perhaps the most marked examples of failure have been the levels of over-indebtedness of clients in countries where microfinance is growing rapidly. The recent switch to emphasizing financial inclusion, rather than simply microfinance, involves a focus on reaching rural poor and on agricultural finance, which is considered an antidote to over-indebtedness since the focus is on reaching past densely populated urban areas where most MFIs already operate. The desire to reach scale and to reach past cities has led to an increased emphasis on mobile money and branchless banking, which usually does not include an assessment of the prerequisite risk management needs to protect the MFI and its clients. On the positive side, the emphasis on financial inclusion has also stressed consumer protection, financial literacy, and adherence to social performance objectives and measures.
Amid this growth and expansion there have been increased requirements—from regulators, investors, and microfinance networks and associations—for formalized risk management. The approach to risk management capacity-building for MFIs to date has been piecemeal and uncoordinated. Product development and growth—especially with the provision of savings
An important goal of the initiative is to change the approach to risk management and its central driving question from “What is risk management and how do you do it?” to “Why is risk management important to my organization and clients?”
3
products and mobile banking—has typically eclipsed the establishment of a strong and integrated risk management framework in MFIs.
According to a recent study by the MIX Market, approximately 58 percent of MFIs report having a risk manager or a team dedicated to risk management, while 48 percent report having a risk management committee at the board level. Seventy-seven percent reported having an internal auditor or a team dedicated to internal audit (though the majority still report to the CEO, which is not best practice), and 63 percent report having an audit committee at the board level.1
We are at a stage in the microfinance sector where most stakeholders are aware of the importance of more formal risk management in MFIs, but there is not yet a full understanding of what that means in practice. For the moment, a “checklist approach” guides risk management in MFIs—merely “checking off” the completion of each requirement, such as risk management policy, risk manager, risk committee —without any real understanding of how a risk management function works and how a formal risk management culture is integrated throughout the organization. This is largely the result of MFIs taking a reactive approach, merely responding to risk management requirements from regulators or funders rather than proactively identifying and understanding risk management gaps themselves.
Risk Management from Three Perspectives
All stakeholders in the microfinance sector have an interest in seeing improved risk management in MFIs, but each of them brings a different understanding and perspective to the issue. The RIM’s activities will engage MFIs, investors, regulators, and MFI networks and associations.
The MFI Perspective
During the past decade, MFIs worldwide have begun a transformation from their status as NGOs to becoming non-banks and ultimately MFI banks. Each stage of growth represents not only an increase in the number of clients served or types of loan products offered, but also, typically, a greater access to commercial funding sources in the forms of debt, equity, or deposits. This transformation may also feature more sophisticated front offices or payment systems, while back offices often lag behind in sophistication.
In their initial stages, MFIs focus on credit risk and the operational risk management processes required to administer their loan portfolio. This focus makes sense given that the loan portfolio is the main business of MFIs. However, operational risk management extends beyond the credit process and as MFIs grow—in number of employees, loans, clients, and funding sources—other areas of risk management require attention as well.
1. Micol Pistelli, Stephanie Geake, and Adrian Gonzalez, Measuring Governance in Microfinance: Initial Findings from a Pilot Project, Microfinance Information Exchange, April 2012, retrieved February 13, 2015, from http://www.themix.org/publications/microbanking-bulletin/2012/04/measuring-governance-microfinance.
4
With greater access to commercial funding sources has come increased focus on risk management in MFIs, mainly to ensure that investors’ funds are protected (i.e., the impetus for risk management is coming from the investor, not the MFI). Risk management capacity building is typically provided by way of technical assistance for a particular investment, and it is often provided ad hoc and in one specific risk area (e.g., credit, operations, financial risk), according to what funders and MFIs think needs the most development. Rarely do stakeholders address integrated risk management, and often the risk definition and approach differs from one technical-assistance provider to the next.
The Investor and Global Network Perspective
Investors recognize that it is in their best interest as well as the best interest of MFI clients that MFIs have developed risk management systems. A significant amount of the risk management technical assistance that MFIs receive is actually financed by technical-assistance facilities attached to specific investment funds. However, investors are not entirely objective third parties when it comes to risk management, nor do they have a thorough understanding of what an integrated risk management framework might look like and how it might grow and evolve in an MFI over time. Lacking any best practices available in the sector, they may be tempted to look to the Basel Committee on Banking Supervision for guidance and, as mentioned below, Basel regulations require substantial distillation in order to understand what is applicable to MFIs.
Global networks have a vested interest in seeing improved risk management in their member MFIs, and a few of the networks such as Opportunity International and FINCA have instituted their own internal risk management frameworks throughout their affiliated institutions. This can have an important demonstration or spillover effect in countries where those MFIs are prominent, but the approach is still proprietary. This leaves the industry with a need for a publicly available framework.
The Regulatory Perspective
Regulators are also driving the increased focus on risk management, but their interest and resources (both financial and human) vary significantly from country to country. Regulation and its application can be politicized, so it is not always the best starting point for evaluating risk management best practices. Regulatory reporting requirements are often focused on aggregating data across the financial sector, and not managing risk, so they don’t provide insights into key risk management measures.
To date, the Consultative Group to Assist the Poor (CGAP) has been the main advocate for the microfinance sector, primarily by pointing out how microfinance activities differ from those of large commercial banks and advocating for activity-based prudential and non-prudential regulation of microfinance activities, rather than applying banking regulation to MFIs. Initially, CGAP also provided detailed outlines of microfinance regulation by country, but since 2009 it has focused on working within the Basel Committee on Banking Supervision (BCBS) to recommend how BCBS guidelines can be adapted to regulate microfinance institutions. Risk
5
management is only one of the areas covered by bank regulation, but regulatory requirements are often the driving force behind risk management implementation in MFIs, so it is important that the microfinance sector has input on how risk management regulation is interpreted. The RIM could therefore play an important role with the workstream on financial inclusion.
The Boulder Microfinance Training Program has also targeted regulators for over ten years and has encouraged them to complete its courses, especially the course on policy and regulation for financial inclusion. In this way, regulators are receiving a consistent message about what areas are important for them to focus on to protect stakeholders and advance financial inclusion goals.
In East Africa, regulators have taken a graduated approach to regulating MFIs for years now. They require that MFIs either evolve from one tier level to another within a certain length of time or that they remain in one tier permanently. Sitting within these tiers are NGOs, non-bank financial institutions (which are not licensed to take deposits), and MFI banks.
The RMGM Approach: A Value Proposition
Given the rapid growth in the number of MFIs globally, as well as the growth in balance sheets and the complexity of products and payment systems, it is imperative to make available a set of consistent risk management definitions, standards, and tools for the entire sector. The RIM was established with the recognition that MFIs of all sizes and complexity would benefit from access to these tools, especially Tier-2 and Tier-3 MFIs looking to chart a course for their risk management development.
The starting point of the RMGM is to explain how risk management for MFIs is similar to that of banks, and how it is different. This exercise effectively prescreens which elements of the Basel regulations are most applicable to MFIs, rather than leaving MFIs, investors, and even regulators floundering to adapt very sophisticated Basel standards to the microfinance sector. In this alone, the RMGM provides a valuable service.
Next, the RMGM identifies different tiers of MFIs, recognizing that smaller and simpler MFIs will not require the same degree of formal risk management as larger and more complex MFIs. This is also a very valuable approach since MFIs are often bombarded with requirements, yet don’t understand how they can integrate those requirements into their existing framework.
To determine which tier a given MFI belongs to, and therefore what level of risk management is appropriate, the RMGM uses MicroRate’s globally accepted classification system as a starting point.2 MicroRate’s tier system focuses mainly on easily measurable factors such as sustainability, size, and transparency. Other factors specific to the MFI in question should also be assessed. These include institutional complexity, number of product offerings (especially
2. MicroRate, “Microfinance Institution Tier Definitions,” April 2013, retrieved February 13, 2015, from http://www.microrate.com/media/downloads/2013/04/MicroRate-White-paper-Microfinance-Institution-Tier-Definitions.pdf.
6
whether the MFI mobilizes deposits), and strategic and institutional support from a regional or global network. For example, for a small or unprofitable MFI in a regional or global network that supports the solid, responsible future growth of its members by strategically mandating and supporting institutional development of top-tiered risk management structures early on in their development, membership may mean being categorized in a higher tier than it would be if only the MicroRate definition was used. Tier categorization must be applied within the contextual lens of the MFI under consideration.
Three Lines of Defense
Another useful way for MFIs to view the role of risk management in their evolving organization is to follow the concept of the “Three Lines of Defense,” which the RMGM also captures. The main operations of these lines of defense and their areas of focus are detailed in Table 1.
Executive Committees Risk Management Committee Audit Committee
Business Line Operations1st Line of Defense
Risk Management2nd Line of Defense
Internal Audit3rd Line of Defense
Real-time operational focus: • Embeds risk
management framework and sound risk management practices into standard operating procedures
• Monitors risk management performance in operations
• Accountable for effectiveness of risk management in operations
Real-time monitoring, management, and review:• Develops and implements risk
management framework—policies, systems, processes, and tools
• Ensures that framework covers risk: ം Identification ം Measurement ം Limits and policies ം Mitigation ം Monitoring ം Revision of policies and
procedures• Exercises delegated authorities• Proactive—stress testing and
scenario planning
Independent review focus:• Reviews effectiveness of
risk management• Confirms level of
compliance with internal policies and procedures
• Recommends improvements and enforces corrective actions when necessary
Table 1. The Three Lines of Defense
7
The three lines of defense emphasize that the primary responsibility for risk management lies with the business lines. So in a smaller MFI (classified in Tier 3), risk management is usually done informally by the business line. As the MFI grows and enters the higher tiers (Tier 1 and Tier 2), the risk management function should formalize and specialize accordingly. The business line is still primarily responsible for risk management, but there is the addition of an audit function, with a committee to ensure that policies and procedures are being followed. In some Tier-2 and in all Tier-1 MFIs, there should be a separate and formal risk management function, as well as a risk management committee of the board. In practice, the majority of Tier-1 and Tier-2 MFIs do not have a fully functioning formal and integrated risk management system; the RMGM will help those MFIs identify where gaps still exist. Risk management is a dynamic process, so even the largest and most complex organizations need to consistently review, evaluate, and improve their risk management capabilities.
The RIM’s Risk Management House
The risk management function does not replace the business line’s responsibility, but rather enhances it by monitoring and analyzing risks, recommending risk management strategies, and preparing stress tests and scenario plans.
8
Constructing and Expanding the Risk Management House
The RMGM describes a risk management infrastructure that should continue to grow and evolve as the MFI grows and evolves. Much as a family may start out with a small and simple house when it first begins and then, as it grows, continue to maintain the house while also making additions and improvements, the RMGM looks at different components of risk management as it would the construction of a house that is thereafter continually improved.
The Foundation
Before anything else, a house must have a foundation. Smaller houses may have smaller foundations that are not capable of holding a big load, but the foundation must exist before the rest of the house can be built, and then it must be maintained and reinforced as additions are made.
The foundation of the RMGM is comprised of the following:
Risk Governance – The board and senior management set a risk appetite for the MFI in line with its financial and social objectives. If the MFI pursues sustainability objectives, it is more likely that it will also achieve its social objectives (social objectives can vary among MFIs). In risk management, the focus is on identifying potential threats to the MFI’s strategy that could come from external events (stress testing and scenario planning) and also creates a set of
Board Senior Management Risk Management Function
Approve strategy, goals, and objectives and provide oversight to assure these are implemented.
Propose strategy, goals, and objectives and implement when approved.
Propose and monitor scenario plans and stress tests.
Approve risk indicators and limits and provide oversight to assure that risk taking remains aligned with risk appetite.
Propose risk indicators and limits and implement when approved.
Propose and monitor risk indicators and limits and implement when approved.
Approve social performance targets and provide oversight to assure these are implemented.
Propose social performance targets and implement when approved.
Coordinate with SPM function to monitor targets.
Approve risk policies and provide oversight to assure they are implemented and revised as necessary.
Propose and comply with risk policies and implement when approved.
Propose and comply with risk policies and implement when approved.
Table 2. Risk Governance Responsibilities
9
policies, procedures, and processes to ensure that risk management is in line with risk appetite. As an MFI evolves, risk management is handled by committees (e.g., the risk management committee, the asset liability committee or ALCO, the credit risk committee) rather than by individuals in coordination with the CEO. If the MFI is part of a larger network, risk governance may be administered according to a governance system laid out by that network.
Strategy – The board and senior management create and approve a business strategy that advances the financial and social objectives of the MFI, keeping in mind the environment in which the MFI operates and the MFI’s risk appetite. Strategy is implemented and operationalized through annual plans and budgeting, which are reviewed and approved by the board.
Risk Culture – The board and senior management set the tone for the way the organization is run and what kind and what level of risk is acceptable in order to grow and achieve sustainability. Emphasis is placed here on transparency, financial literacy, and consumer protection to ensure that products are fairly priced and that microfinance customers understand them. MFIs are in business to provide financial products and services that are appropriate for their clients, not to make money by charging rates that the market will bear, or by taking risks with foreign exchange or interest rate positions. In other words, the treasury should not be seen as a profit center. If the MFI is part of a larger network, the risk culture is usually expressed by that network and communicated through all member MFIs.
Internal Control – The MFI establishes a strong and targeted set of ex post controls to ensure compliance with policies and procedures. This will include a separate and independent audit function (even if that function is only one person) reporting to the board or to the audit committee of the board.
Management Information System (MIS) – An MIS is able to collect data and produce reports that facilitate decision making. The complexity of this system will increase as the size and complexity of the MFI increases, but the basic system must ensure accuracy and timeliness of data, and the accuracy and timeliness of reporting. The system must have adequate firewalls to protect it from fraud or unintentional changes. If the MFI is part of a larger network, that network may provide and maintain the MIS, which, depending on local conditions, can provide benefits but also pose a set of challenges.
The Floor
A floor of strategic risk management is laid on top of the foundation, and provides a connecting surface for the different risk management areas. Strategic risk management has two principal elements:
All of these components of the risk management “foundation” are essential and need to be continuously improved and thereafter maintained for the house to remain standing and be suitable for future home additions.
10
Ongoing Monitoring of Financial, Social, and Risk Indicators – This process ensures that the strategy is being implemented as agreed upon and approved in the annual plan and in accordance with risk appetite. This includes examining and understanding all significant deviations from the plan; it is not just an exercise in expense control or achieving loan disbursement targets. An important distinction between MFIs and banks is that MFIs have an explicit social mission, so monitoring and managing social performance indicators needs to be coordinated with risk management. If there is a social performance management (SPM) function in the MFI, it will coordinate closely with the risk management function to ensure that social performance targets are being met. If there is no separate SPM function, the business will work with the risk management function to communicate social performance targets and track indicators. A failure to adhere to social performance goals and objectives would be equally damaging to the MFI as a failure to achieve financial objectives.
Stress Testing and Scenario Planning – The strategic plan is designed and implemented at a certain point in time, assuming that the internal and external environment remain static. An essential role of strategic risk management is to look forward and anticipate how different elements may change, how those changes could negatively affect the MFI’s operations, and how the MFI should prepare for changes to limit that negative impact. Scenario planning especially involves inputs from all areas of risk management.
The Pillars
The next part of the house is the pillars, which provide the framework for the house. If the pillars are weak, the house will be weak. In the RMGM the pillars are the main risk categories for a financial institution. All of them work together to support the roof and keep the structure in place. A weakness in any one of them can lead to a weakness in the others, and ultimately to a potential collapse of the whole structure. The RMGM identifies three pillars:
Credit Risk Management – This pillar is made up of the policies, procedures, and processes that limit losses to the MFI due to non-repayment by a client or other counterparty. Credit risk management is handled at the transaction level through processes that ensure application, approval, and disbursement of loans in such a way that clients receive the appropriate products and thus will be the most willing and able to repay. At the portfolio level, credit risk management refers to procedures and processes (such as limit setting and monitoring) to guarantee portfolio diversification. Because repayments are an important source of funding, a failure of credit risk management can have important liquidity implications for the MFI.
Financial Risk Management – This involves the policies, procedures, and processes that limit losses to the MFI due to mismatches in the terms (currency, repricing, and repayment) of its assets and liabilities. The supply and cost of funding will change with market forces beyond the control of the organization, and financial risk management is focused on limiting the MFI’s exposure to those risks. An important distinction must be made between market risk in a bank and financial risk in an MFI. In a bank, market risk relates largely to the change in the value of assets in the bank’s trading portfolio, which are marked to market daily and therefore lead to earnings volatility. Financial risk in an MFI is
11
largely related to changes in the value of assets and liabilities in the banking book which are typically reported quarterly (according to Generally Accepted Accounting Principles, or GAAP). The most important financial risk in an MFI is liquidity risk. Capital adequacy—whether designated by company law, investor requirements, microfinance, or banking regulations—is also a key element of financial risk management.
Operational Risk Management – This consists of the policies, procedures, and processes that limit losses to the MFI due to a failure of people, processes, or systems. This is the most all-encompassing risk management area since it touches on all aspects of the business. At minimum, operational risk management should detect and prevent frauds; and ideally, operational risk management make processes more efficient so that operating expenses are decreased and sustainability increased. Operational risk will provide:
• A well-selected, developed, and retained workforce
• An MIS which is consistently maintained and improved
• Policies and procedures which are reviewed at least annually and updated to reflect current conditions
A failure of operational risk management can mean that data flowing through systems is incorrect and/ or untimely, resulting in incomplete information for decision making, or it can mean staff are undertrained and overburdened, thus more prone to making mistakes.
As with the components of the risk management foundation, the risk management pillars need to be continuously maintained, and will certainly need to be strengthened and improved as additions are made to the business. As the MFI grows in size and complexity, the pillars will include more formal policies, procedures, and processes that reflect the additional level of risk taken and that should be reviewed at least annually, certainly every time a new product or funding source is added.
The Roof
Finally, the roof of the house represents the overarching goal of the MFI, which is to attain its double bottom-line objectives sustainably. A house with a weak roof is not very valuable—if the roof is weak or leaking it may collapse and ruin the whole structure. Social performance objectives must go hand in hand with stable earnings. Thus the achievement of stable earnings along with social performance objectives is the hallmark of good risk management.
The goal of a sound and integrated risk management infrastructure is to integrate the components of the “house” to provide support to the MFI’s missions and objectives.
12
Additional Resources and Final Considerations
The Diagnostic Tool
As a concrete application of the framework approach, the RIM will provide a diagnostic tool that will help situate MFIs within the risk management spectrum so they can understand their current status and can use the tool to guide their actions as they evolve into a more complex MFI. This tool will also be invaluable since it offers a dynamic approach to risk management assessment rather than a one-time-only analysis of risk management capabilities.
Graduation Model Knowledge Base
As a final step, the RIM plans to offer a Graduation Model Knowledge Base (or Knowledge Base for short) which will include strategies for calculating risks, things to watch out for, and sample policies and reporting templates, which offer concrete guidance on how to implement a dynamic and integrated risk management framework once the MFI has chosen that course of action. This Knowledge Base will be dynamic, with feedback and inputs from risk management experts, and an initial version is targeted for completion at the end of 2015. An additional resource that the RIM is planning for is a database of risk management experts that includes their areas of expertise.
Collective Advocacy
The RIM is a living and breathing initiative with a framework and diagnostic tool that will be refined and adjusted over time. As such, members of the RIM can play a valuable role in collaborating with regulators as the industry advocates for MFIs. Collaboration can be done at the country, regional, and global level through microfinance associations and in coordination with the workstream on financial inclusion of the BCBS. This approach will ensure that experts in risk management for MFIs shape the discussion as MFI regulation of risk management evolves.
The RIM can also educate microfinance investment vehicles (MIVs) and global microfinance networks on a reasonable set of expectations for risk management in their investee or member MFIs. They might advocate a standardized set of risk reports, which would then alleviate pressure on MFIs who are currently reporting in several different formats to different stakeholders.
Comparing the RMGM to Other Frameworks
BCBS Guidelines – Banking regulation as promulgated by Basel is typically focused on protecting against systemic risk—the failure of one banking organization leading to the failure of the overall financial system—and protecting depositors, who are often the largest providers
13
3. Basel Committee on Banking Supervision, Microfinance Activities and the Core Principles for Effective Banking Supervision, Bank for International Settlements, August 2010, retrieved February 13, 2015, from http://www.bis.org/publ/bcbs175.pdf.
of capital to a bank but who have no governance role. MFIs typically do not pose a systemic risk, so they fall outside of the scope of much of the Basel guidelines. Basel regulation regarding deposit-taking institutions has been distilled for the MFI sector in the publication Microfinance Activities and the Core Principles for Effective Banking Supervision.3 It is important to note that in all of the Basel regulations, a large part of the guidance is provided to regulators and supervisors and not to financial institutions.
Basel II and especially Basel III (which is focused on addressing weaknesses uncovered in the wake of the global financial crisis) are designed primarily for “internationally active banks,” and to a lesser extent for domestic systemically important banks, and are not designed for MFIs or to promote financial inclusion. Basel regulations related to capital adequacy ratios and liquidity requirements are most applicable to MFIs, but still need to be modified to reflect the distinct features of microfinance. The majority of MFI assets are loans that cannot easily be sold for cash, which means that liquidity requirements need to be evaluated differently. On the other hand, the relationship between the MFI and its clients is typically more developed than in formal financial institutions, and this may change the way regulators view default risk.
The RMGM framework defines two big distinctions between banks and MFIs: An obvious one is that MFIs are explicitly double- and triple-bottom-line organizations. The second distinction is that MFIs are in business to provide financial products and services that are appropriate for their clients, not to make money from taking positions on FX or interest rate movements. MFI banking activities are limited to making loans and taking deposits, and holding an investment portfolio to earn some interest from the liquid assets they hold. Basel banking supervision, especially since the financial crisis of 2008, is largely focused on monitoring and limiting the risks in the trading portfolio, and therefore much of it isn’t applicable to MFIs. The message must be stressed very strongly that MFIs should not expect to make money from taking positions on FX or interest rate movements, since that requires an entirely separate set of systems and expertise which do not contribute to the overall goal of financial inclusion. The goal of risk management in an MFI is to minimize potential losses due to the risk-taking activities of the organization.
MFIs should not expect to make money from taking positions on FX or interest rate movements, since that requires an entirely separate set of systems and expertise which do not contribute to the overall goal of financial inclusion.
14
IFC Risk Management Scoring Tool – The IFC has a tiered approach similar to the RMGM’s when evaluating the risk management capabilities of MFIs. It uses this approach both when it is considering investing in an MFI and when it is evaluating the technical-assistance needs of MFIs in its portfolio. The main difference between the RIM approach and that of the IFC is not so much in the definition of terms but perhaps in the target audience of MFIs and in the way that the tools are explained and made available.
The RMGM is designed primarily for less sophisticated MFIs—“less sophisticated” from a risk management perspective—to give them an idea of their current risk management status and what areas they need to improve as they grow their business and their outreach. It can also identify risk management gaps in MFIs that are already offering a complex range of products and services. While the results of the risk management diagnostic can be used by investors and technical-assistance providers, the main purpose is to help the MFI understand its own abilities and where and how those abilities need to be strengthened to reach financial, social performance, and outreach goals. The IFC tool, on the other hand, is more technical and sophisticated, for use by IFC experts. Target MFIs are typically Tier-1 and Tier-2 MFIs that are in the IFC portfolio.
CGAP Microfinance Consensus Guidelines on Regulation and Supervision – The CGAP consensus guidelines on regulation and supervision are an invaluable accompaniment to the RIM. They represent inputs and buy-in from regulators and microfinance experts worldwide, which means the concepts are already well accepted. The target audience is regulators and the broader public, while the target audience for the RMGM and diagnostic tool is MFIs, their investors, and founding networks. The RMGM and the consensus guidelines deliver a similar message to different audiences, but both help translate complex regulatory issues into tangible and concrete risk management actions. This is enormously important for the microfinance sector, especially as it continues to grow and expand into ever more complex products and delivery systems.
Microfinance Stakeholder Uses: A Vision for the Future
The RIM has been active in developing and promoting risk management standards for the microfinance sector for the past two years. The initiative’s Founding Members now seek to expand their collaboration to a broader range of stakeholders throughout the microfinance sector.
While the RIM is a specific initiative focused on risk management, MFIs and others should be encouraged to use it as part of a greater “ecosystem”—for example, using RIM in conjunction with the SPTF/SMART campaign recommendations, or in conjunction with product development and outreach strategies to help identify risks posed by new products or technologies.
15
Stak
ehol
der
RMG
M
Fram
ewor
kDi
agno
stic
To
olKn
owle
dge
Base
Fund
ing
Parti
cipa
tion
in R
IM—
Votin
g M
embe
rshi
p
Fund
ing
Parti
cipa
tion
in R
IM—
Non-
Votin
g M
embe
rshi
p
Risk
M
anag
emen
t In
dust
ry
Foru
ms
RIM
Ad
viso
rsRI
M
Endo
rsem
ent
Seni
or L
evel
In
dust
ry
Expe
rtsX
XX
XX
X
MF
Prac
titio
ners
: Co
nsul
tant
sX
XX
XX
MF
Prac
titio
ners
: Ne
twor
ks a
nd
Asso
ciat
ions
XX
XX
XX
XX
MF
Prac
titio
ners
: M
FI S
taff
XX
XX
MFI
sX
XX
XX
Regu
lato
rsX
XX
XX
XX
X
Gra
ntor
s/Fu
nder
s (e
.g.,
DFIs
, Fo
unda
tions
)X
XX
XX
XX
X
Ratin
g Ag
enci
esX
XX
XX
XX
X
MIV
sX
XX
XX
XX
X
Tabl
e 3.
Cur
rent
RIM
Act
iviti
es
16
The RMGM, Diagnostic Tool, and Knowledge Base – The RMGM and diagnostic tool will provide a publicly available and easy-to-understand explanation of what an integrated risk management infrastructure will look like over time. As such, MFIs can use it to evaluate where they currently stand with risk management compared to suggested best practices, and to chart a path for how to improve in this area. The diagnostic tool can be consulted during each annual planning exercise to ensure that adequate time and financial resources are devoted to upgrading risk management capability. The Knowledge Base will provide practical examples of policy and reporting templates, calculations for various ratios, and more. Regulators, MIVs, networks, and associations can provide inputs as these resources evolve, as well as use them as guidelines when looking at the risk management practices of MFIs under their purview.
Funding Participants—Voting and Non-Voting Membership – Contributing Membership represents full membership and gives an individual or organization the option to participate in the RIM’s steering committee to provide strategic guidance to the initiative. Similarly, Contributing Members gain access to the RIM’s working groups, assuming they meet the working-group membership criteria. Voting membership is composed of the RIM’s eight Founding Members as well as Contributing Members who have subsequently joined. Members can also choose to be non-voting through a less engaged participation if they are not interested in being involved in the operations and governance of the RIM—for example, a member may simply want to fund a specific project. Membership benefits range from recognition on the RIM website and publications to participation in RIM working groups, strategic networking, and the development of risk management industry standards. Through membership, participating organizations become active participants in the development, promotion, and dissemination of the RMGM and in improving risk management practices around the world.
Risk Management Industry Forums – The goal of industry forums is to raise awareness among a broad audience of stakeholders about risk management issues in microfinance, as well as to share how the RIM is addressing those issues. RIM Founding Members currently participate in extended sessions at European Microfinance Week, held in Luxembourg, and in meetings of the African Microfinance Network. Future sessions have been proposed to be held during the Boulder Microfinance Training Program in Turin, Italy, and at the SEEP Network Annual Conferences, in addition to continued participation in the Luxembourg events. These sessions will promote consistent definitions and standards about risk management throughout the sector, as well as provide a space for dialogue about specific issues as they surface.
RIM Advisors – The RIM Advisors are a group of risk management technical experts and influential thought leaders in the microfinance industry who believe risk management is a key component to the realization of a socially focused microfinance sector. Advisors bring necessary credibility to this global initiative while providing key advice to RIM leadership and governing bodies. The RIM seeks advisors among all stakeholders in the microfinance sector.
RIM Endorsement – The RIM is asking individuals to show their support by endorsing the initiative. By providing an endorsement, a stakeholder becomes part of a global initiative which believes that a safer microfinance industry can be achieved through the development of better awareness, best practices, and appropriate standards in risk management. (More information about the endorsement process is available at www.riminitiative.org/endorse.)
17
Risk Management Industry Forum – The RIM is currently seeking funding to organize a global RIM microfinance forum, which would be a standalone conference to discuss current issues in risk management in microfinance, foster dialogue on the issues, and highlight the work the RIM and its members are doing in this area. Representatives of all stakeholders would be present, and there would be separate sessions devoted to topics as wide-ranging as challenges in regulating and supervising risk management in microfinance to suggested dashboards and reports for risk reporting.
Stakeholder
Risk Management Industry Forums
Online Knowledge Exchange
Online Talent Marketplace
RMGM Training of Trainers Course (Individual)
RMGM Implementation (Institution)
Senior Level Industry Experts
X X X
MF Practitioners—Consultants
X X X X X
MF Practitioners—Networks and Associations
X X X X X
MF Practitioners—MFI Staff
X X X X X
MFIs X X X X
Regulators X X X
Grantors/Funders (e.g., DFIs, Foundations)
X X X
Rating Agencies X X X
MIVs X X X
Table 4. Future Planned Activities
18
Online Knowledge Exchange – A long-term goal of the RIM is to create a clearinghouse of knowledge related to risk management in the microfinance sector. This initiative will start with an online resource library which will be supplemented and organized by risk topic over time.
Online Talent Marketplace – In an attempt to link the supply of and demand for risk management expertise, the RIM is pursuing a long-term goal of providing an online clearinghouse of consultants and experts in risk management for microfinance. This clearinghouse would also eventually be the place where request for proposals (RFPs) for risk management projects could be posted.
RMGM Training of Trainers (ToT) – The RIM plans to work through umbrella organizations to train trainers on how to use the RMGM and diagnostic tool. There is a funding opportunity both for the development of ToT materials and for delivering the training.
RMGM Implementation – How the RIM and its partners will implement the RMGM framework at the MFI level is still part of strategic discussions at the RIM. The intent is that MFIs will go beyond assessing their risk management gaps to implementing recommended policies, procedures, reports, and practices.
Risk management Initiative in Microfinance is a collaboration of organizations with a vested interest in raising the standards of risk management in the
microfinance industry.
[email protected] (202) 684-9371
© 2015 Risk management Initiative in Microfinance
1050 17th Street NW Suite 550Washington, DC 20036
Founding Members Contributing Members
Risk management Initiative in Microfinance (RIM) is a collaboration of organizations with a vested interest in raising the standards of risk management in the microfinance industry.
Special Thanks
Special thanks to Appui au Développement Autonome (ADA) for funding the development of this paper and to RIM’s founding and contributing members for strategic support. Individual thanks to Emma Paul, Georgina Vasquez, Kevin Fryatt, Ligia Castro-Monge, Marnix Mulder, and Massimo Vita for review and direction, and to Evrim Kirimkan, Giovanni Calvi, Lynn Exton, and Mansur Mehdi for providing input into the paper’s development. Last, and most importantly, a special thanks to Karla Brom for bringing her expertise, depth of perspective, and vast experience to the discussion.
About the Author
Ms. Brom is an international development and finance expert with over twenty-five years of experience. She has been advising and training on the topic of risk management and governance for MFIs since 2001, working with global networks, investment funds, multilateral agencies, and their MFI partners. Prior to her work in microfinance she was a senior vice president in risk management at Citigroup for seven years, where her responsibilities included risk management oversight of Citigroup’s twenty-three branches in Latin America.
