Kevin FRYATT introduced the subject and panellists, who represented different perspectives: that of MFI, investor/technical assistance provider, and consultant respectively. Ligia CASTRO replaced Claire Ozanne of PAMIGA, who unfortunately could not attend.
After presenting the Risk Management Graduation Model (RMGM), Fryatt questioned Charles ISINGOMA on Hofokam’s recent transformation process, and the practical challenges that had meant in terms of risk management. Isingoma explained that probably one of the bigger challenges had been the different backgrounds of Board members. The skills gap to fulfil its oversight role required the Board to engage in training to acquire essential skills. Castro added that there are lots of tools to use, but more important is how to manage Board exposure to capacity building efforts. Boards usually get a lot of training and learn how to use nice words, so it is crucial that they learn to really practice risk management and take on their respective responsibilities: “who is the owner of the risk?” This requires a strategic view on resolving operational issues. Isingoma added that indeed it is important to harmonise and be aware of respective backgrounds in order to effectively tackle challenges.
When asked by Fryatt how to avoid firefighting behaviour in the organisation, Isingoma responded that the appetite for risk management in an organisation, e.g. its risk culture, needs to evolve. According to Castro, backgrounds and values need to be standardised; changing behaviour and overcoming personal views and interests. When asked by Fryatt whether this means formalising the roles of management, Castro agreed and added that a change is needed to evolve from an NGO culture into a formal culture and to overcome the resistance to change.
Florian GROHS reflected on his experience at a recent FMO event on risk management, adding that a risk manager is highly important in a financial institution. Bringing into the discussion the role of the regulators, Grohs explained that forward-looking risk management is difficult to grasp. He gave the example of Cambodia, where a strong oversight role of the regulator was instrumental in avoiding over-indebtedness. This also involved awareness of joint risks and solutions, strong leaders, and the role of MIVs and facilitators in the sector. Castro questioned whether this is then a real concern or more a fashion, as longer term solutions are required to prevent over-indebtedness. According to Grohs, one of the roles of the regulator in this respect is to assure reserve fund provisions.
Fryatt continued by asking the panellists what should be done in the institutions to get them to move from a qualitative approach on risk towards a more quantitative approach. Isingoma mentioned the importance of a strong management information system, which is robust and collects and provides the right data for decision-making. Castro responded that there is an inherent danger with information systems to have poor quality data, therefore requiring training in registering correct and proper data sets. At the same time, she stressed to not only rely on quantitative data but also revert to the basics of qualitative understanding.
A participant from the audience added to this the value of feedback from the work floor, and the 4-eyes principle of checking, i.e. to come with practical solutions rather than too much quantitative analysis. Fryatt confirmed and pointed to the need to build capacities and understanding concerning the graduation model and hence develop specific skills sets for an appropriate comprehensive risk management system. He referred to some kind of ‘urban myth’ that big institutions will have robust risk management systems, which is currently not necessarily the case. The Risk Management House and the Graduation Model offer tools in this respect.
According to Isingoma, in his institution, some risk analytics, like sensitivity analysis, do not yet have a risk management tool. He further explained that Hofokam had identified a need to achieve more sustainability, for which they needed to enhance the internal control processes. They established a risk management department in the period 2007-09 and after 2010, established their department of compliance, with the aim to enhance the capacity for internal accountability. Castro pointed out that the ADA/REDCAMIF project aims to get a buy-in from users to stick to rules and compliance, in order to manage credit, operational and financial risks. She advocates including risk analysis in every strategic plan, and establishing a risk management culture as part of an organisation’s foundation.
Fryatt summarised the discussion on forward-looking risk management among the panellists as being concerned with: risk gaps, risk culture in organisations and boards, and data issues. He then invited questions from the audience. A Rabobank risk manager referred to the corporate responsibility of financial institutions to bring risks under control, and to prevent microfinance causing a next financial crisis. Concerned with putting too much theoretical weight in a risk management framework, he did not fully agree with the Risk Management House fulfilling its purpose if it is built on loose sand. Although the Risk Management Graduation Model addresses Know Your Customer (KYC), from his perspective, the model does not well reflect the reality on the work floor, where ‘knowing the customer’ is important. What if the client is not complying with social, environmental and other issues? We should learn from crises, and not base too much on theoretical models. Another member of the audience, on the other hand, pointed to a number of good developments, and improvement of credit performance. He stressed the importance of rewarding staff and customers through incentives and promotion if there is a good and profitable performance. A participant from Egypt added that the culture is changing, leading to a major exercise in risk management. There is now experience with top-down and bottom-up approaches. ‘Crunching numbers’ is not enough, you need to get buy-in and ownership, so you have to reward people that perform well.
Fryatt concluded that building the Risk Management House indeed requires considerable time and capacity building, in particular also in areas of change management and changing business culture. Castro added that this is not a standardised process, and involves everybody, not just a risk manager. MFIs need to prioritise risk management and be prepared to get their hands dirty. Grohs also pointed to training in risk culture, not only for credit risks but also operational and financial. According to Isingoma, the Risk Management Graduation Model provides a practical framework for MFIs to structure their risk management function.
It was great on all fronts: sessions, speakers, logistics!