Bank of Lao PDR and Asian Development Bank

INTRODUCTION TO RISK MANAGEMENT

OBJECTIVES: A. TO REVIEW AND UNDERSTAND THE GENERAL AREAS OF RISK FACING MFIs AND HOW MICROFINANCE INSTITUTIONS SHOULD MANAGE THESE RISKS B. TO REVIEW AND UNDERSTAND THE SPECIFIC RISKS FACING MFIs WHO ARE GRANT RECIPIENTS C. TO DISCUSS AND AGREE THE RISK MITIGATION STRATEGIES IN EACH RISK AREA USED IN TRACKING, ASSESSING, AND OVERCOMING ISSUES ARISING

Session 1: TO UNDERSTAND THE GENERAL AREAS OF RISK FACING MFIs

Objective: Time: Materials: to review and understand the various risks facing MFIs 50 minutes Blank poster paper Handout 1 (Risks facing MFIs) Preparation: Have materials ready

Process / Topics for discussion

A. Introduction (10 minutes) Outline objectives and confirm all understand and agree to these (if not then discuss and review). A quick introduction and discussion on institutional-levels risks will start the training, but this serves to contextualize the workshop only. Confirm focus of training is on how best to deal with risks facing microfinance institutions who are receiving grants, and not on practitioner-level risk management. Explain timing is limited, so scope of training is introductory only. Explain this is a generic-level training workshop only, and that more detail is available on request (articles, websites and books can be recommended). Further training on risk management can be provided should this be requested.

Q: What is risk? A: Risk is a concept that denotes (1) a potential negative impact to (2) some characteristic of value that may arise from a future event. We can say that "Risks are events or conditions that may occur, and whose occurrence, if it does take place, has a harmful or negative effect". Exposure to the consequences of uncertainty constitutes a risk. In everyday usage, risk is often used synonymously with the probability of a known loss. Q: What is management?

A: Basic functions of management: Management operates through various functions, often classified as planning, organizing, leading/motivating and controlling.

Planning: deciding what needs to happen in the future (today, next week, next month, next year, over the next 5 years, etc.) and generating plans for action.(What to do?) Organizing: (Implementation) making optimum use of the resources required to enable the successful carrying out of plans. Staffing: Job Analyzing, recruitment, and hiring individual for appropriate job. Leading/Motivating: exhibiting skills in these areas for getting others to play an effective part in achieving plans.(To make individual work willingly in the organization) Controlling: monitoring -- checking progress against plans, which may need modification based on feedback.

B. Risks that microfinance institutions face (20 minutes) 1. ask participants what risks microfinance institutions need to deal with, and write up on poster paper. List all these and discuss which are the main ones, and which can be grouped together (10 minutes) Note: The 7 main areas of institutional-level risks facing MFIs are in the areas of: i. Credit Risk ii. Liquidity risk iii. Market risk iv. Operational risk v. Interest risk, vi. Foreign exchange risk, and vii. Environment Compliance & Regulatory risk 2. Circulate Handout 1 which outlined these risk areas, and ask participants to review (5 minutes) 3. Ask participants if any risk areas in handout not listed, or any risk areas from discussion not in handout, and discuss (5 minutes) C. How do microfinance institutions manage these risks? (20 minutes) 1. ask participants how they think microfinance institutions manage risk. Discuss risk management, covering following points: Microfinance institutions manage risk in various ways. Go through the list from handout 1 and discuss how microfinance institutions can and do manage risks in each of the areas listed. Ask participants WHAT IS RISK MANAGEMENT? Answer: Risk management is a dynamic process of: 1. identifying risks, 2. measuring risks, 3. establishing limits for them, 4. assigning responsibility for and monitoring risks, 5. taking action to offset unfavourable scenarios, and 6. adjusting these risk levels for new information and an institutions changing business. Outline the concept of diversification as a key to minimizing overall risk (this may have been covered in the discussion on how microfinance institution mange the risks listed).

Ask participants what is the PURPOSE OF RISK MANAGEMENT? Answer: from a financial institutions perspective, the purpose of risk management is to: protect the institution from losses (minimize the downside to the MFI); attract capital; and instil confidence in regulators. Explain to participants that all financial institutions should strive to inculcate a Risk Management Philosophy in their institutions. This is that risk management is about proactively managing an institutions business. This approach should be ingrained at all levels of management and reflected in an MFIs processes and procedures. Risk management should not be viewed as merely a defense mechanism. Rather, by taking a prudent and pro-active approach to financial management, an MFI not only limits its risk and potential losses, but also reaps benefits by attracting more (commercial and other) capital, at less cost, and by preserving and improving its good standing with rating agencies, regulators and depositors. For a risk management process to be successful it must be flexible, open, and updated regularly. This is to ensure the assessment of risk level and allocation of resources remains relevant.

Assessing risks: it is important to note that microfinance institutions face different risks over time, and that the levels of risk change. Efforts and resources should be aimed at those risks that are: a. more likely to occur: so have a high probability; b. risks that will have a bigger impact on the microfinance institution it is important to keep in mind that an MFIs corporate bylaws and resolutions specify who has authority to take actions on behalf of the institution. These action and signing authorities impact many financial decisions and need to be incorporated into the design

of a financial risk management policy (examples: opening bank accounts and taking loans). Also, financial management has several layers, although the ultimate accountability for financial management rests with the Board of Directors (or other peak decision-making body as relevant). It merits emphasis that particularly when an MFI is non-regulated and especially if managed by a few key individuals, the importance of the boards role in supervising financial management becomes even more critical. The board is crucial in setting financial policies and risk tolerance, and management is charged with ensuring the implementation of these policies at the

operating level: ensuring that individuals with the right capabilities are hired, carefully drawing clear lines of responsibilities, and ensuring that the magnitude of risks is adequately addressed. Management must build the boards confidence in its capacity to implement these policies. Again, communication is keyallowing managers to identify and address the MFIs risks. Finally, when the MFI is managed by a small number of key managers, key person risk exists and proper segregation of duties becomes imperative. In practice microfinance institutions manage risk in various ways, such as: Planning: This includes longer-term strategic and business plans (3 to 5 years), annual business plans, activity and workplans. The detail of these plans will need to relate to the complexity and scale of the microfinance institution. Monitoring progress against plans: this means having the information (often refered to as management information systems or MIS) to track data that will enable progress against the plan to be monitoried. MIS and Data Collection is a key ingredient in managing risk. Beyond open communications and identification of risks, an institution must make sure it has good management information systems (MIS) and data collection/tracking. Particularly in the case of financial risk management, MFIs should focus on gathering information to monitor progress against its plans and tracking them over time. Tracking these data helps with establishing risk-comfort levels and anticipating future risks; and later it enables an MFI to model volatility scenarios and test the sensitivities of financial projections to varying factors: Interest rate movements Foreign exchange rate movements Core deposits Foreign exchange trading volumes (to provide insight into the liquidity of foreign exchange and access to it) Trading of securities (to help determine the liquidity of investments). Good MIS is key to data collection and risk management measuring, monitoring, and reporting, and cannot be over-emphasized. Especially given the environments in which microfinance institutions operate, they are particularly vulnerable to operational risks/disruptions, and safeguarding information takes on increased importance. Further, sensitizing projections to stress scenarios requires having sound and long term historical data on which to base assumptions. External auditing: independent advice to the highest governance body in the microfinance institution, to management, to regulatory and to consumers. This is mainly to ensure that the financial position of the microfinance institution is transparent. Internal audit function: Regulatory compliance: Independent governance: Tracking client satisfaction (such as through surveys) and developing products that meet their needs. Systems development, including standardisation, such as operations manuals. Staff development and training Liquidity management: as minimum policies for min cash levels must be in place. The determination of minimum cash levels will be impacted by: Mobilization of savings (reserves), especially at initial stages of mobilization. MFIs should maintain higher cash on hand or liquidity until experience is developed and the behaviour of savings clients is more evident (example: solid understanding of core deposit levels.)

 regulatory requirements by BoL (discuss what these are and the risk, cost and other implications) Portfolio at risk levels (PAR) The level of operating expenses will influence the minimum cash holdings for safety cushion purposes Ask participants if they consider the MEASUREMENT OF RISKS AND LIMITS important, and if so why. Answer: Risk Management can be considered as a framework of alarms for re-evaluating risks, creating action plans in advance of the crisis, and requiring management discussions if risk exposures surpass established loss tolerance and trigger levels. Any sound risk management system needs to have established limits for risk exposure. Stress testing scenarios help determine these limits, by testing how far market or other risks can deteriorate and still be absorbed by the financial institutions profit and loss statement without jeopardizing the business. For example the institution needs to assess how many months of losses it can sustain.

Session 2: TO REVIEW AND UNDERSTAND THE SPECIFIC RISKS FACING MFIs WHO ARE GRANT RECIPIENTS
Objective: Time: Materials: Preparation: to review and understand the specific risks facing MFIs who are grant recipients 50 minutes Blank poster paper Have Operations Manual & Annexes ready to in digital projector

Process / Topics for discussion

A. Risks to MFFMU (20 minutes) Q. ask BoL participants what they see as the major risk areas relating to provision of grant funds to MFIs. Specifically. what is the largest risk facing the MFFMU, BoL and ADB with regard the provision of grants? A. The grant recipient microfinance institution collapsing! The risk of the microfinance institution failing would result from one or more of the risk areas discussed in session 1 arising. This could well occur if risk management is sufficiently in place, such as when: Risks are not identified and assessed (e.g. the microfinance institution does not have a plan in place, and/or does not track progress against the key milestones in this plan) Risks areas are not tracked (e.g. the microfinance institution does not know its delinquency or PAR) A plan is in place to deal with the risk (e.g. succession planning for the CEO, or access to sufficient liquidity reserves should there be an issue Immediate implementation of action plans takes place when risks materialize (e.g. clear roles and responsibilities for who is accountable for each risk area identified, and what they will do should the level of risk in the relevant area increase) Q. What other risks are faced by the MFFMU? List on a poster sheet and discuss. ????? Q. What can and does the MFFMU do to ensure risks especially of the microfinance institution failing are minimised? List on a poster sheet and discuss. Answer: The MMFU has/will: Eligibility criteria in place to limit risk (see Grant Fund Operations Manual sections V.) if time discuss these and how these relate to risks facing microfinance institutions. Established an application process to verify that grant recipients are eligible (see Grant Fund Operations Manual section VII.) This includes providing training in the use of the Grant Fund Operations Manual, and in this risk management training if time discuss these and how these relate to risks facing microfinance institutions. Verify that the information provided is accurate (i.e. that it is truthful). This is done by ensuring consistency, such as checking the business plan aims, activities and milestones against the funds requested for reasonableness Smaller grants amounts and tranches Transparency, make public Track milestones Involvement MANAGE RISK AT FRONT NOT END!!! B. Criteria for accessing Grant Fund (20 minutes)

Discuss with BoL team each of the eligibility criteria for the Grand Fund, focusing on the reasons why each of them were established in terms of managing risk.

Remind participants that to qualify for grant funding, MFIs must: 1. be in operation for at least six (6) months; 2. be registered with the Bank of Lao PDR, or in the process of registration; 3. have at least two full-time paid staff, or have a plan to do so within the next six (6) months; 1 4. contribute matching capital at least equal to the amount applied for; 5. have staff capable of preparing regular and periodic financial statements in accordance with BOL requirements; 6. submit a business plan for a minimum period of two years that demonstrates that the MFI: a. will reach a point of full cost recovery i.e. total income (less any grant income) exceeds total expenses b. will have sufficient staffing, management and governance structures in place to provide professional services and be institutionally sustainable c. provides financial services to the poor 2 , which may include loans, savings accounts, microinsurance, transfers, etc.; d. is committed to adopting microfinance best practices to expand services to households, micro and small enterprises. 7. Comply with the Microfinance Decree of the Lao PDR (22 June 2005) and the recently approved regulation for deposit-taking, non deposit-taking MFIs and Savings and Credits Unions dated 18 June 2008. 8. Demonstrate competency and good record keeping 9. Provide names of major shareholders, directors and employees together with evidence of capacities and qualifications 10. Facilitate a site visit by MFFMU designed to examine all transactions to date and interview the MFIs client-beneficiaries (if required). 11. Provide full access to files and accounts. To ensure that the partner MFIs are compliant with the above criteria, remind the participants that this risk from the MFFMU is managed through the due diligence process: Add in here the Risk Assessment Format (Annex 5)

1 2

Two full-time staff is considered the minimum staffing level required for institutional sustainability Poor clients (living on less than US$1 per day) should constitute at least 10% of the MFIs current or planned portfolio

Session 3: TO DISCUSS AND AGREE THE RISK MITIGATION STRATEGIES IN EACH RISK AREA USED IN TRACKING, ASSESSING, AND OVERCOMING ISSUES ARISING
Objective: to discuss and agree the risk mitigation strategies in each risk area used in tracking, assessing and overcoming issues arising Time: 40 minutes Materials: Poster paper with blank Risk Assessment Matrix sheet Blank poster paper Preparation: Have Operations Manual & Annexes ready to in digital projector

Process / Topics for discussion

Obtain participant ideas on risk categories an mitigation strategies use blank Risk Assessment Matrix on poster / flipchart (40 minutes).
a. b. c. d. e. f.

Ask participants to list Risk & Potential Impact (first column) For each Risk area identified, discuss and agree likelihood / consequence / risk level Then for each Risk area identified, discuss and agree treatment to mitigate that risk area For each Risk area, discuss and agree action to be taken if the risk occurs Determine who is responsible for each Risk area identified. Add any comments / notes if relevant

Remind BoL that a decision needs to be taken as to whether a visit to the MFI grant applicant is needed in order to undertake and institutional assessment, to ensure and confirm the applicant details and capacity, and to verify capacity is in place to fulfil plans and milestones outlined in application. In particular such an institutional visit would be undertaken to: Assess the management, board, and governance of the MFI. This would include discussion to verify that the business plan is understood and that there is the necessary commitment to it. This would also include an assessment to ensure that the MFI has a genuine commitment to serving the needs of low income clients.. Assess the capacity of staff to implement the business plan and to perform the activities planned by the MFI Discuss the MFIs loan portfolio performance, methodology, and management, in order to obtain information to support the grant analysis and financial decision. Obtain a clear justification of the use of funds. Identify risks and propose solutions to mitigate risk of operations Undertake a generic financial assessment (could use WEAL financial monitoring tool here), including a review of historic financials, financial forecasts, and any competitive advantage of the MFI. A review of the financial management, internal control and MIS systems would form an integral part of this. Note that this assessment could determine that a separate mini-audit would need to be undertaken at a separate time by a financial specialist. Such a visit must ensure that there is clear justification for the use of grant funds. A level of legal, commercial, technical and environmental due diligence would also be undertaken Negotiation of grant terms and grant agreement could also be discussed (this may, for example, include suggesting a smaller grant amount than was applied for).

Annex 5: Risk Assessment Matrix Format Catalyzing Microfinance for the Poor Project (JFPR 9095)
N Risk and potential impact o 1 Example: Mis-use of funds/corruption 2 Example: Microfinance institution collapses 3 Example: MFIs dont report to BOL 4 Example: MFIs lose BOL license 5 Example: External/environmental issues (e.g. inflation, disasters) 6 Example: MFIs are not pro-poor oriented 7 Etc. 8 Etc. 9 1 0 1 1 1 2 1 3 Likelihood Consequence Risk level Treatment to mitigate risk Action to be taken if occurs Responsibility

Determination of risk levels: Consequence Low (L) Moderate Low Low Medium (M) Extreme High Moderate High (H) Extreme Extreme High Reviewer:

Likelihood

High (H) Medium (M) Low (M)