Embed Size (px)
Citation preview
Risk Management Risk Management Through GovernanceThrough Governance
S.RameshManaging Director
Gaia Advisors
Sa-Dhan
Governance is concerned with the system of law,regulations and practice which will promote the enterprise and ensure accountability.
GovernanceGovernance
Pillars of Governance
Transparency Accountability Responsibility Integrity
Constituents Owners Board Managers Employees Other Stakeholders
3
Key Decisions VariablesKey Decisions Variables
Profitability & Market Value
Capital AccountManagement
Productivity/Cost & Operational Risk
Interest Rate & Other Market Risks
Credit RiskManagement
Liquidity Risk Management
Appropriate BalanceAppropriate Balance-- Expected Profits and Risk Expected Profits and Risk
4
Expected profits
Solvencyrisk
Creditrisk
Operationalrisk
Interestrate risk
Liquidity andfunding risk
Technologyrisk
Foreigncurrency risk
Overheadrisk
Marketrisk
Reputationrisk
Inflation risk
Regulatoryrisk
Risk categories and their importance Risk categories and their importance for MFIfor MFIRisk categories Rating
Credit Loan portfolio risk XXXXX
Interbank risk XX
Market Interest rate risk XXXX
Currency risk
Liquidity Liquidity risk XXXXX
Other risk Performance risk XXXXX
Compliance risk XXXXX
Reputation risk XXXX
Country risk
Operational risk Operational risk XXXXX
Operational risk is every MFI's Operational risk is every MFI's greatest fear.greatest fear.
Staff
Control Failures
Compliance
Rapid Expansion Legal
Multiple Financing
FraudInformation Technology
Management System Failures
Disbursements / Re payments
Human Error
PremisesBusiness Continuity
Credit Risk
Market Risk
• Circumstances that have been identified and if left unattended may lead to a loss in the future, example : technology
• Happening or occurrences that are indicative of the underlying risk, they might have resulted in an economic loss, but did not, example : large cash balances; no monetary loss yet
• Incidents that resulted in a monetary loss Example: Small frauds
Operational RiskOperational Risk
OR can arise fromOR can arise from::
Internal and external fraud
Failure to comply with laws or meet workplace safety standards
Policy breaches
Failure to meet regulatory requirements
Personnel risks
Damage to physical assets
Business disruptions
Transaction processing failures (execution, errors)
Failure of internal controls and corporate governance
But how do you define, analyze and But how do you define, analyze and solve a potential problem before it has solve a potential problem before it has even arisen? even arisen? “ Operational Risk is the risk of loss resulting from
inadequate or failed internal processes, people and systems or from external events”
People Process Technology ReputationOperating Environment
But how do you define, analyze and But how do you define, analyze and solve a potential problem before it has solve a potential problem before it has even arisen? even arisen?
Systems LegalExternal Events Includes legal risk but excludes strategic risk
Operational risk (OR) – People RiskOperational risk (OR) – People Risk
OR is more than people and technology risk. It encompasses all the hidden dangers that do not come under the umbrella of market or credit risk.
People: Positing of Staff in Key Areas
Competency of Staff
Insufficient training,
negligence, integrity, etc.
Work Environment
Employee Motivation
HR initiatives
Frequency and impact of staff turnover/rotation
Operational risk (OR) – Process RiskOperational risk (OR) – Process Risk
Transaction risk:
◦ Operational Manual to execute Transaction◦ Frequency of execution of errors in transactions◦ Business volume fluctuation/ concentration◦ Organizational complexity◦ Product complexity, and major changes
Operational Control risk
◦ Frequency of Violation of operational controls ( exceeding limits, powers)
◦ Efficiency of information flows◦ Frequency of operational disruption◦ Operational Control: inadequate segregation of duties ◦ lack of management supervision◦ inadequate procedures.◦ Risk due to loose security at operational points ( overnight cash)
Operational risk (OR) – Technology RiskOperational risk (OR) – Technology Risk
Technology: Poor technology and Partial /disconnect computerization
Obsolete applications
lack of full automation for consolidation and /or accounts and Operations
MIS complexity, poor design, development and testing.
Systems failure
Volume of transaction Vis-a- Vis level of system development and capacity
Level of Manual intervention required to process transactions
Validity of IT systems
IT related frauds
Operational risk (OR) – Operational risk (OR) –
Reputation risk Customer perception of the Company/MFI Mostly dependent of Field officer Individual is recognized than the institution by the customer Public /Politicians perception of MFIs
Operating Environment Unanticipated changes in external environment Multiple lending Macro Economic Factors like loan waiver, low fund flow to MFIs
leading to failure to keep up commitments to customers
Operational Risk - Operational Risk - 7 OP Risk types7 OP Risk types
Internal Fraud
External Fraud
Employment Practices
Professional Practices
Loss/Damage to assets
Business disruption & system failures
Transaction processing risk
Change
Complacency
Complexity Sources
Operational Risk
Categories
People Process
Technology
Internal External
Interconnection of Operational Risks
Dependencies
Connectivity of
Operational Risk
Exposure
Likely driversof Operational
Risk associated with each
Operational RiskCategory
Risk types contd…Risk types contd…
Internal fraud: intended to defraud, misappropriate property, employee theft
External fraud: robbery, forgery, Collusion.
Employment practices and workplace safety: workers compensation claims, organized labor activities likely
Business disruptions and system failures: hw. and sw. failure.
Execution, delivery and process management: data entry errors, incomplete legal documentation, unapproved access given to client accounts.
How can we addressing Operational How can we addressing Operational Risk?Risk?
Transfer the risk to another party (e.g. through insurance)
Accept and manage the risk through effective management monitoring and control
Put appropriate fall-back plans in place to reduce the impact in case of an operational failure.
Least- Avoid the risk by withdrawing from a business activity
OR ManagementOR Management
Risk Management systems-adequacy, demarcation of responsibilities, day-to-day supervision
Areas- Cash management, internal control & housekeeping, AML controls
Robust internal control-Effective internal Inspection/AuditKYC & AML measures-emphasis
ORM Practices should be based on policy duly ORM Practices should be based on policy duly approved at the board level that describes approved at the board level that describes the processes involved in controlling OR.the processes involved in controlling OR.
Clear strategies and oversight by the Board: Board of Directors should approve and review the MFIs ORM framework.
Internal Control System: ORM framework is subject to effective internal audit by operationally independent and competent staff.
Strong Operational Risk Culture: ORF should be implemented throughout the whole organization, all levels of staff should understand their responsibilities.
Contingency Planning: MFIs should have contingency and business continuity plans to operate on an ongoing basis and limit losses.
Effective internal reporting: Senior management have responsibility for developing policies, processes and procedures for managing OR.
Issues in ORMIssues in ORM
Qualitative vs Quantitative approach Mapping of existing business lines to the
standard business lines Data collection
Proper identification of key risk indicators Monitoring of databases Gathering loss data Estimating frequency/severity of loss
Quality of data Cost/technology implications Overlap with Credit and Market Risk
Distribution of Operational LossesDistribution of Operational Losses
Magnitude of loss
Like-lihood
of Loss
Expected Loss-Loss Prov.
Absorbed
Unexpected Loss -Op. Risk
Capital
Catastrophic Loss -Risk financing using
Core Capital
Expected LossExpected Loss
Expected Loss (EL) - likelihood of failure and
likely loss severity given that a failure occurs
Exposure Indicator (EI) - proxy for the size of a
particular business line’s OR exposure Probability of loss Event (PE) - probability of occurrence of loss event Loss Given that event (LGE) - proportion of transaction or exposure that would be expressed as loss, given the default
EL = EI X PE X LGE
CONCLUSION-CONCLUSION-
DEFINEMONITORMEASUREMITIGATE
