Risk Management in Microfinance Banks October Distinction 10 Pass 328 F1 52 F2 172 F3 114 Total 676. General Comment

Transcription

1 General Risk Management in Microfinance Banks October 2012 Questions were drawn to cover all aspects of the syllabus with the aim of equipping candidates with applicable knowledge for their day-to-day real-life operations in their banks. This is to ensure that risks are properly identified, measured, monitored and mitigated/controlled towards enhancing the bottom ines of their respective MFBs while exceeding customers expectation in quality customer service delivery. The performance of the candidates still showed lack of adequate preparation by many of them while those that prepared well presented their answers in clear and logical order thereby earning very good marks for their efforts. Despite the advice in the previous diets for candidates to avoid copying out questions before attempting them, many still repeated this time-wasting exercise. Candidates should maximise their time and earn good marks by reading and abiding by the instructions clearly stated on the question paper and answer books. It must be emphasised that this examination is a professional certification and candidates are advised to read up current issues relating to the industry while being conversant with recent CBN and other regulatory circulars and laws. As an evolving sector of the economy, candidates are encouraged to widen their knowledge base by reading books, educative journals and other publications proffering views, and innovations towards improving capacity in the sector. A total of 676 candidates attempted the paper; 10 of whom came out with distinction while 328 obtained the required pass mark, making a total pass number of 338. This represents 50% of the 676 candidates while another 338, representing 50%, failed to achieve the pass standard as shown below: Distinction 10 Pass 328 F1 52 F2 172 F3 114 Total 676 The main observations and examiner s comments are stated at the beginning of each question and followed by the suggested solutions. NOTE: You are required to: ATTEMPT FIVE (5) QUESTIONS IN ALL. ALL QUESTIONS CARRY EQUAL MARKS. Table below shows the question-by-question performance analysis: Questions Pass Fail No. of Candidates that Attempted Question 1 % of Passes % of Failures % 34% % 17% % 37% % 73% % 93% % 47% % 47% a) What is Enterprise Risk Management (ERM)? (10 marks) b) Identify the major responsibilities of the Board of Directors in the implementation of ERM in a Microfinance Bank. (10 marks) 45 46

2 This is a straight textbook question calling for a sound knowledge and understanding of the training manual for this certification programme requiring a general knowledge of risk management. It was attempted by 61% of the entire candidate with 66% of 411 students passing it. Students are advised to cover the recommended text to enable them tackle questions appropriately. Failure rate of 34% is high for a textbook question. a) (i) Enterprise Risk Management is a process effected by an entity s board of directors, management and other personnel, and applied in setting and across the enterprise. It is designed to identify potential events that may affect the entity and manage risk to be within its appetite, and to provide reasonable assurance regarding the achievement of the entity s objectives. (ii) Or America-based Risk Management Association (RMA) simply defines enterprise risk management as the Methodical Management of all Material Risks. Or (iii) ERM is defined as the process by which organisations in all industries assess, control, exploit, finance and monitor risks from all sources for the purpose of increasing the short and long term value to their stakeholders. (10 marks) b) The Board of Directors is the ultimate risk management organ in any MFB. The major responsibilities of the board of directors in the ERM implementation are as follows: 47 i) Ensure that all significant risks of the bank have been identified. ii) Ensure that appropriate strategies are in place to manage all identified risks. The board should approve the strategies before they are implemented. iii) Demand and review relevant reports from management, as well as internal and external auditors, to determine if existing risk management strategies are being implemented and, where weaknesses are detected, the board directs the management to make necessary adjustments. iv) Ratify risk management policies and guidelines formulated by the management. It holds the management responsible for effective implementation of approved risk management strategies. v) Ascertain, on a continuous basis, if significant risks are being identified and measured/monitored and adequately managed. (10 marks) Question 2 As an expression of your understanding of Risk Management Processes, you are required to write short notes on any five of the following: a) ALCO b) Response to fraud c) Risk events d) Risk driver e) Liquidity ratio f) PAR. This was drawn straight from study manual and CBN Regulatory and Supervisory Guidelines for MFBs in Nigeria. It attracted a 99% of the students attempting it and was the most popular question. In all, 83% recorded a pass, indicating good understanding of the question by students and therefore good 48

3 performance. Only 17% of the candidates failed this question. As at now, the study manual and the CBN guidelines remains the standard text/working document and should be thoroughly studied by students for good performance at this examination. a) ALCO means Asset and Liability Management Committee. This is a management committee charged with the function of setting policies and guidelines in relation to: i) Review of the funding requirements of banks and identifying gaps and directing effective sourcing and utilisation of available resources (funds) or liquidity; ii) Risk identification inherent in the bank s deposit and lending operations; iii) Risk assessment/measurement; iv) Monitoring and management of risks. ALCO periodically reviews risks faced by banks and sets risk tolerance limits for banks. The membership of this committee cuts across key departments and units like operations, credit, treasury and risk management. b) Response to Fraud: This is a damage control measure adopted by the Risk Management Unit of an MFB whenever a fraud occurs or is identified. It is part of a contingency plan which includes the following elements: i) The process of termination of appointments, review of existing policy, legal actions and efforts to recoup losses and plug loopholes identified; ii) The process of approaching/communicating with customers affected or impacted negatively by the incident; iii) Steps to protect the brand image/reputation of the organisation; iv) How to develop public relations and rebuild the trust of clients; 49 v) A decision as to what changes needed to be made to the Internal Control Policies, Procedures, etc., to prevent future occurrence. c) Risk Events: These can be defined as the undesirable outcomes. Desired outcomes that failed to happen can also be referred to as risk events. Examples are: i) Loan falling delinquent; ii) Available capital becoming inadequate to run operations; iii) Investors/Funders withdrawing their funds; and iv) Fraud and forgeries. d) Risk Driver: A risk driver is the reason behind the risk event. If the risk event is the symptom, risk driver is the cause of the symptom. For example, loans have fallen delinquent because loan officers were negligent in their duty of follow-up and monitoring of loan clients. The real problem is the loan officer s failure which, in this case, is called Risk Driver. If MFBs are able to handle the risk drivers, they would reduce or mitigate the chances of the occurrence of risk events. e) Liquidity Ratio: This is the measure of the sufficiency of cash or liquid resources to meet/pay the maturing short-term obligations to depositors, borrowers and other creditors. It is represented thus: Cash +Trade Investments Liquidity Ratio = (Demand Deposits +Short-Term Deposits + Interest Payable on Deposits +Account Payable + Other Liabilities). All MFBs are required to maintain a minimum rate of 20% of their Deposit Liabilities, including 5% compulsory investment in Treasury Bills as part of their liquid assets. f) PAR: This means Portfolio At Risk. It represents the outstanding principal amount of all loans plus accrued 50

4 interest have at least one instalment past due for one or more days. When considering PAR, loans are considered past due if payment has fallen due and remained unpaid. Regulation requires that PAR shall not exceed 2.5% of the loan portfolio of an MFB at any given time. (4 marks for any correct five). Question 3 The Board of Directors of your Bank has just appointed a new MD/CEO to take charge of the Bank s operations due to a recent CBN Examiner s Report indicting the former MD/CEO and the Board for failure to perform key processes of effective risk management strategies which include the periodic review of performance reports. As the Risk Management Team Leader, you are required to identify and briefly describe the three reports essential for this assignment going forward. A standard and relevant question for this subject. About 68% of the candidates attempted the question while 63% of them obtained a pass mark, 37% failed. Performance on this question indicates a good understanding by the students. It is advised that recommended texts should be studied for proper understanding of the questions while enabling students to answer them appropriately. The required periodic performance reports for effective risk management strategies are: a) Management Reports, b) Summary Reports for Senior Managers and Directors, and c) Internal Audit/External Audit Reports. (6 marks 2 for each) 51 The three reports are briefly described as follows: Management Reports: These reports are usually detailed and deal mainly with specifics of growth in customer base, portfolio performance, etc. They primarily review the activities of unit heads like operations, credit and marketing, as the case may be. Management reports include details of the various meeting points/cash centres or branches and their respective contributions towards meeting set targets (if any). The importance of management report is to assist the operations manager to know which branch or cash centre/meeting points are performing or underperforming. These reports are usually reviewed on a weekly or monthly basis as a performance appraisal tool. Summary Reports for Senior Managers and Directors: These reports, as the name implies, avoid unnecessary details of operational activities, but are made up of key performance ratios. This is so because the Board of Directors usually focuses on financial and strategic risks rather than operational risks. Emphases in these reports are on performance ratios rather than the absolute figures. Trends analysis is paramount with focus on variances. Frequency of review of these reports could be quarterly or bi-annually, etc. (5 marks) Internal Audit Reports: Internal Control and Audit are critical elements of risk management system and feedback loop. The reports emphasise on the effectiveness of installed risk management strategies in mitigating identified risks in the course of operations. A very good internal audit report highlights the weaknesses or lapses identified during the risk management processes and draws the attention of management and board to areas requiring review or amendment to existing strategies towards strengthening the control mechanism. (5 marks) 52

5 Question 4 You have just been appointed the Head, Risk Management Department in a newly licensed Microfinance Bank. To avoid the pitfalls of the failed MFBs in Nigeria, your MD has directed that you draw up suitable guidelines to be adopted in setting up a successful Risk Management Process for your Unit. A standard question which was poorly attempted, indicating a lack of serious preparation by candidates. It was attempted by 66% of the candidates while 34% avoided it. Of the 448 candidates that attempted it, only 27% passed while 73% failed. In consultation with the MD/CEO and other members of staff, it has been resolved to adopt the following guidelines: i) Risk management would lead from the top. This implies that the board and senior management must buy into the programme from inception and commit to its consistent implementation. ii) Incorporate risk management into processes and systems designs. iii) Keep the system simple and easy to understand by all stakeholders. iv) Involve all levels of staff in the process. v) Align risk management goals with the goals of individuals in the organisation. vi) Address the most important risks first. vii) Assign responsibilities and set monitoring schedule. viii) Design informative management reporting system to the board and management. ix) Develop effective mechanisms to evaluate internal controls. x) Manage risks continuously using the risk management feedback loop. (2 marks for each correct point) 53 Question 5 In the management of credit portfolio, information technology is very key to credit-monitoring and decision-making towards minimising defaults and delinquency. You are required to highlight areas of risk in loan information along with brief explanations. This standard risk management question was poorly attempted. Only 341 candidates out of a total 676, representing 50% of all candidates, attempted it, making it one of the least attempted questions. Only 25 candidates, representing 7%, passed while 316 of them, representing 93%, failed. This poor performance can be attributed to poor preparation, lack of understanding of the question asked. Here was a question calling for the role of Information and Communication Technology in managing credit portfolio, but many candidates wasted precious time writing on unrelated matters. Adequate preparation cannot be over emphasised. MIS is critical in the management, monitoring and decisionmaking towards minimising defaults and delinquency as follows: Areas of Risks in Explanations Loan Information 1. Accuracy The system should accurately/correctly reflect loans disbursed, payments received to date, and current repayment status of outstanding loans. 2. Security The system must be physically secured in the server room that is well protected. Access to server room should be controlled. Only the MIS supervisor, the CEO and any other person duly authorised should be allowed access. 54

6 3. Effectiveness The frequency of reports generation for internal use should be determined on the basis of need, while monthly, quarterly and half -yearly returns for regulatory compliance should adhere strictly to the standards required by the regulators, etc. 4. Reconciliation The report formats should lend themselves to easy 5. Rescheduling of Loans reconciliation of outstanding items as needed. Rescheduled loans should be separately tracked by the system, so that the old bad loans would not disappear and replaced by a new loan contract that appears to be current. 6. Segmentation The software in use should permit segmentation of facilities, i.e. delinquent loans, by differentiating parameters like loan officers, loan type, etc. 7. Loan Provisions The method for calculating loan loss provisioning Question 6 should adhere to the prudential requirements set by the CBN and take into consideration historical loss experience, the current delinquency status, and the measures put in place to minimise delinquencies. 55 (4 marks for any correct 5 points) A review of Portfolio At Risk of XYZ MFB Ltd indicates a bad debt of 75% in their loan book. You have been hired as a Credit Risk Management expert to advise them on the way to manage or handle their recovery process. Outline your plan of action. This question attracted 66% attempts with 53% passes and 47% failure rate. Performance displayed lack of understanding of the role of a risk manager in the recovery process. It also confirms poor preparation and lack of exposure to risk management environments by many of the candidates. XYZ MFB Ltd may consider the following plan of action in its recovery process: 1) Rebuild Customer Relationships: Loan/Field officers must reach out to customers with a view to reviving their interest in running their accounts as well as re-starting to pay back their outstanding loans. These visits should identify the challenges hindering repayments and solutions proffered while encouraging clients to pay up missed instalments. Reestablish cordial daily and weekly visits for collection of due instalments and savings, as the case may be. 2) Pay Visits to Solidarity Groups: Visit their leaders chairmen/secretaries of their trade associations at their business places as well as home addresses to solicit the support of their family members, apply peer pressure and cooperation in your recovery drive. 3) Enlist the Support of Business Associates/Guarantors: Visit and call upon their guarantors, business associates and family members to impress it upon the debtors to pay up. 4) Introduce Some Incentives for Early Repayment: Introduce new incentives as well as rehearse existing ones to encourage early repayments and compliance with existing terms. 5) Implement Existing Penalties for Default: Review the offer letters and ensure that agreed penalties for default are applied as pressure for repayment as and when due. 6) Restructure Loan: Loan repayment schedule can be restructured for longer period or tenor to allow for more flexible/convenient repayment terms in agreement with client s present financial reality. An overdraft can be restructured to a term loan, repayable over an agreed number of months/weeks, etc. 56

7 7) Reschedule Repayment: New repayment schedule can be agreed to accommodate recent changes in the business operations or cash flow realities, as the case may be. 8) Agree/Offer Waivers/Concessions: Waivers and concessions can be agreed with clients to extract repayment of principal and part of the accrued interest and charges instead of losing out completely. 9) Appoint External Recovery Agents: Some part of or all the bad debts can be outsourced to an external recovery agent to pursue and recover on behalf of the bank at an agreed commission rate. 10) Involve Law Enforcement Agents: The Nigeria Police Force (NPF) and the Economic and Financial Crimes Commission (EFCC) can be engaged to assist the bank s recovery efforts, especially from the recalcitrant clients. 11) Realise Security/Assets Pledged as Collateral: Call in facility and take steps to realise securities pledged. This is usually as a last resort where all efforts to recover fail. (2 marks for any 10 points) Question 7 Managing operational risk in MFBs requires an effective internal control system. You are required to: a) Define Internal Control System. b) Outline its roles in managing operational risks. A straightforward and second most popular question, it was attempted by 78% of the candidates. Performance was not encouraging as only 53% passed while 47% failed due mainly to failure to appreciate the essence of the question. It further revealed shallow/inadequate preparation. It is expected that candidates 57 would devote more time to their preparation and read wide for better performance. a) Effective Internal Control System is the whole system of controls, financial and otherwise, established by Management/Board of Directors in order to carry on the business of the enterprise in an orderly and efficient manner, ensure adherence to management policies, safeguard the assets, and secure as much as possible the completeness and accuracy of the records. (5 marks) b) From the foregoing definition, one can see that internal control plays the roles of identifying, analysing and recommending corrective actions for operational risks, monitoring to ensure implementation by management, and these are achieved through: i. Preventive Controls Prevention of errors, frauds and irregularities. Introducing proactive measures/policies that would forestall possible risks; ii. Detection of errors, frauds and irregularities; iii. Safeguarding the assets of the bank from all risk iv. factors; Instituting, initiating and enforcing compliance with corrective actions/measures to address identified errors or frauds; v. Ensuring that operational, statutory and regulatory requirements are complied with; vi. Ensuring adherence to established management policies, procedures and standards; vii. Ensuring that the Internal Control Guidelines of the bank respond proactively to changing operating environment. viii. Securing, as much as possible, the viability of the business while taking advantage of business opportunities to increase profitability. (3 marks for any correct 5 points) 58