MFI Credit Operational Risk Management Notes Marker and

MFI Credit & Operational Risk Management

Notes Marker and Description for Trainer Marker Description Trainer: What trainer says to introduce the slide Handout: Handout to be passed out on this slide. If blank, there is none. Questions: Suggested questions to ask for participants to reflect Answers: Possible answers to questions asked to participants Group: Group activity and description of how to organize the group and the activity

Welcome

Who we are • • Name MFI Position Something unique that you do everyday without fail

Co-Facilitators • • Timekeeper Flipchart Notes (decisions, parking lot, action items) Photos

Objective By the end of the workshop, you will have increased your ability to: ü Understand integrated risk management framework in a MFI ü Apply basic and foundational risk concepts in your day-to-day work ü Effectively identify, monitor, and manage Credit Risk and Operational Risk in your MFI, employing industry best practices ü Use risk management to enhance your department’s performance ü Develop an action plan for applying Credit and Operational Risk Management skills and systems for your financial institution (Coaching Provided)

Agenda

Integrated Risk Management Framework for MFI

What is Risk: The possibility of an adverse event occurring and its potential for negative implications to the MFI’s objectives, which are financial losses and social performance. LOOK OUT!! DON’T SLIP!!

Say again in… I do _________ to manage the risk of __________. I do _________ to increase________.

What is Risk Management in MFI? Management of the possibility of an adverse event occurring and its potential for negative implications to the MFI’s objectives, which are financial losses and social performance. Participant Workbook: Exercise 1

What is a Risk Management Framework A Risk Framework sets the context in which risks are managed… identified, analysed, controlled, monitored and reviewed. It must be Meaning, how they will be consistent and comprehensive with processes that are embedded in everyday management.

Response to Risk Transfe r Mitigate Accept • (Loss Unacceptable>Control Cost) • (Loss<Control Cost)

What is Integrated Risk Management Framework for MFI?

A Framework: Risk Management House Source: www. riminitiative. org

Source: www. riminitiative. org

Exercise 2: What does your house look like? Source: www. riminitiative. org

Foundational Concepts : Risk Management Context in MFI

Key Concepts of Risk Appetite The aggregate level and type of risk that an organization is willing to seek or accept in the pursuit of its long term business objectives Risk Tolerance (Capacity) The maximum level of risk that the organization can take before being in breach of the regulatory constraints (e. g. , equity, liquidity) or other stakeholders (e. g. , payment of dividends)

Key Concepts of Risk Limits Allocation of the firm’s risk statement to – Specific risk categories (e. g. , credit, market, liquidity, operational) – the business unit (e. g. , retail, capital markets, residential real estate, commercial real estate) – the business line or product (e. g. , concentration limits, limits of VAR) – other levels as appropriate Risk Profile A point in time evaluation of risk exposure of an organization

Risk Capacity/Tolerance, Appetite, and Profile Source: Financial Stability Board. Thematic Review on Risk Governance. Peer Review Report. February 2013

Key Concepts of Risk Management Function The complete policies, processes and procedures in place to identify, measure, monitor and control risks of the organization together Risk Management Policy Guidelines approved by the Board of Directors, whose goal is to prevent critical loss and keep the risk profile of the organization in an acceptable range

Building a Risk Management Framework – Decide who you are and what you will do (Objectives) – Define what you will accept and not accept (Appetite and Tolerance) – Build your institution (Structures and Systems) – Create accountability (Policies and Procedures) – Measure your level of risk (Indicators) – Develop tools and techniques (Monitoring) – Issue reports (Communication)

Responsibility for Managing Risk Central Bank External Stakeholders External Audit Board Internal Audit Internal Stakeholders Risk Management Internal Compliance Management

Roles and Responsibilities Board Member Approve policies Approve risk indicators Monitor adherence Senior Management Identify risks Develop policies Assign responsibility Branch Management Implement policies Monitor adherence Operational Staff Adhere to policies Offer suggestions Provide feedback Internal Audit Staff Verify compliance with policies Identify uncontrolled risks 25

3 Lines of Defense FIRST Line of Defense BUSINESS LINES/OPERATIONS SECOND Line of Defense RISK MANAGEMENT AND COMPLIANCE THIRD Line of Defense INTERNAL AUDIT

3 Lines of Defense IIA POSITION PAPER: THE THREE LINES OF DEFENSE IN EFFECTIVE RISK MANAGEMENT AND CONTROL

Sample Organizational Chart (Tier 1)

The Role of the Chief Risk Officer • Chief Risk Officer is like a goalkeeper – second line of defence and able to see the whole play and strategy in action in front of them. • Ability to see risk across all functional areas allows to propose and assist with ways to mitigate identified risks in discussion and collaboration with the business owners (aka risk owners)

The Responsibility of Chief Risk Officer • Oversees the Risk Management cycle • Monthly/Quarterly reporting of risks to Management and Board • Monitor risk appetite levels as set by the Board • Through Internal Compliance (Ops Mgt. ) ensure that all risk mitigants are in place and working • Raise risk awareness throughout the institution • Implement and test the BCP and DRP processes

The strength of risk management depends more on what is established in the organization’s ____ to motivate, promote and support the policies and procedures of risk management Source: Pw. C. Cure for the Common Culture: Building Effective Risk Cultures at Financial Institutions. April 2011

Risk Culture ". . . The development of a 'risk culture' within the company is perhaps the most fundamental to effective risk management tool. " (Institute of International Finance 2008) "Risk management is more than just formal procedures and policies. It is to build a company where the right people doing the right things at the right time culture. “ (PWC 2011)

What is Risk Culture? BEHAVIORAL FACTORS: Habits and routines that are relevant to identifying and mitigating risks, values, beliefs, knowledge and understanding of risk.

Scale of Culture Map Communicating Low context---------------------High context Evaluating Direct negative feedback------Indirect negative feedback Leading Egalitarian-----------------------Hierarchical Trusting Task-based-----------------Relationship-based Disagreeing Confrontational--------------Avoids confrontation Scheduling Liner Time----------------------Flexible Time Adapted from “the Culture Map: Breaking Through the invisible boundaries of Global Business Erin Meyer

“Indeed, better risk management may be the only truly necessary element of success in banking. ” Alan Greenspan, Chairman FED American Bankers Association Annual Convention October 5, 2004

Reflections