Risk Management Manual

RISK MANAGEMENT MANUAL
This manual provides resources and tools to aid _______ in the implementation of an
effective risk management program to minimize the cost of risk and maximize protection of
their assets. It contains guidelines on the implementation of ________ Risk Management
System covering the following areas:
 Credit
 Liquidity
 Interest Rate
 Operations
 Foreign Exchange
 Compliance
 Legal
 Loss or Destruction of Facilities and Loss Arising From Frauds
 Information Technology
Non-compliance with any provision shall be reported by the Risk Officer to the Risk
Management Committee for appropriate action.
FOREWORD
The writing of this Manual has been constrained by the dearth of material and models, since
this is a new discipline in the Philippine banking.
Much effort was therefore exerted at origination, which will explain some possible
imperfections of this Manual. Improvements therefore will be a continuous process while
the Manual is being implemented where calls for additions, corrections, amendments, and
revisions will be discovered:
 The review and assessment of performance and compliance with the manual;
 The process of implementation;
 The process of identifying new risks or present risk but not covered in the manual.
RISK MANAGEMENT MANUAL
l. ALALAY SA KAUNLARAN’s Risk Management Philosophy
Microfinance is inherently a business engaged in risk-taking. It is imperative that

risk is dealt with the most prudent and timely manner. We are committed to pinpoint
areas in operations where there are risks in order to safeguard the assets of the
organization. We believe that the ultimate test of competence of _______’s
management is in its ability to control risks in every aspect and at every stage of its
operation.
ll. Definition of Terms
1. Risk
Risk is the compound estimate of the probability, and the severity, of an

adverse event that could severely impact upon ______’s resources and
operations and thus on its profitability or capital position.
2. Risk Management or Risk Management System
This consists of: a comprehensive risk identification and measurement

system: a continuous discovery process to identify loss or risk exposures in
resources and operations; measures to control or prevent the probability
and/or the adversity of an adverse event to within acceptable limits; and a
strong management information system for monitoring, reporting and
controlling present and foreseeable risks or their probable occurrence with
the end objective of enabling Management to take immediate corrective
measures to prevent or minimize losses.
lll. Types of Risk
Since microfinance is inherently a business in risk taking, it follows that its

functioning (fund generation, fund utilization, and related functions) places the
organization at risk. In addition to functional risks, _____’s assets are also exposed
to risks of loss or destruction from intentional or unforeseen events.
The more important risks in _______’s operations are the following:
1. Credit Risk
This is the risk that an obligor will fail to perform his credit obligation to the
organization. Credit risk is the most serious risk faced by _____, second only to an
incompetent, imprudent and irresponsible management. Bad and fraudulent loans
have been the main cause of organizations failures and bankruptcies. Lending is the
essence of Micro-Finance Institutions (MFI) and since the greater incidence of risk
exposure is in loans, the formulation and implementation of sound lending policies
is among the most important responsibilities of the Board of Trustees and
Management.
Incidences of credit risk are found in various stages of a loan’s life:
(a) Foremost is at the processing stage of the credit (where scrutiny is made of
such factors as: credit worthiness; prudential or legal limits; industry limits;
an informed forecast of expected industry or business performance;
concentration limits; compliance with Board policies and legal and regulatory
requirements; degree of risks as between long and short term credit; or
secured and unsecured; moral responsibility; source of repayment; etc.);
(b) Second stage is that of loan supervision where deficiencies and weaknesses
in loan utilization and management may be uncovered and corrective
measures suggested;
(c) Third stage may refer to the collection process where ineffectiveness in
collection efforts may result in non-collection;
(d) The fourth stage is the monitoring stage, which may fall to alert Management
to take appropriate actions to maintain the integrity of the credit.
2. Liquidity Risk
This is the risk that ______ will not be able to, or cannot easily; meet its obligations
as they fall due. The management of this risk is not as simple as the definition
implies. The level of liquidity maintained by ______________ has basic risk
implications. Too little liquidity may cause enormous embarrassment or may even
prove financially fatal. Too much liquidity may result in foregone income as well as
threats to solvency position.
It must also be noted that the amount of liquidity level is most difficult to estimate
and that it cannot be reasonably reduced to a generalized mathematical ratio (such
as “liquid” assets to “loans payable”).
The manual will put forward some principles, concepts and statistical formulation,
which may form roughly the basis for a liquidity management system.
2.1 The Pressures on Liquidity
Historical averages derived from statistical series over a representative period and
an informed forecast of the likely movements of loan releases and collections,
backdrop of the economic, business or political environment will help Management
in estimating the normal, as well as the abnormal, demands for liquidity that must
be provided for.
2.1 The Assets to Meet the Liquidity Pressures
The management of liquidity seeks to maintain an optimum liquidity position.
The following are the type and amount of assets needed to meet the liquidity
demands, as well as concepts on how to achieve an optimum liquidity
position.
2.1.2 The “Primary Reserves”
These are cash and its equivalent, which can readily be used to pay
off the normal day-to-day liquidity pressures for cash payments. The
cash tied up to fund issued postdated checks cannot be included in
the “Primary Reserves”; but the portion in excess of the expected
funds for postdated checks may be included.
The Management should determine the amount level of the Primary

Reserves that should be maintained on the basis of historical
statistical experience, volatility of deposits and informed estimates
and forecasts.
2.1.3 The “Secondary Reserves”
These are the earning assets that can be converted into cash even
before maturity without substantial loss of value such as Treasury
Bills, Bankers Acceptances, Marketable Debt Securities and similar
high-grade paper. Eligible securities tied up in legal reserves may not
be included as part of Secondary Reserves. The Secondary Reserves
can (1) replenish the “Primary Reserves”; (2) meet the abnormal
draw down in deposit, the abnormally large maturing obligations and
operating expenditures, and the releases on/of approved loans.
2.1.4 “Shiftable Assets” /”Tertiary Reserves”/”Investment

Reserves”
These are assets that can be readily “shifted” to cash for sale, or used
as collateral for loans. These assets can backstop the “Primary
Reserves” and “Secondary Reserves” in the event of serious liquidity
pressures thus appropriate amounts of these shiftable assets should
be maintained.
2.1.5 Synchronizing, to the extent possible, maturities of receivables and

liabilities, may also enhance liquidity.
3. Interest Rate Risk
This is the risk that ______________’s profits and/or capital will be adversely
affected by changes in interest rates.
4. Operations Risk
This is a risk to earnings or capital due to improper transactions being made.

Inadequate internal controls, improper training of employees, human error, and
employee fraud are potential causes of transaction risk in the major operations of
the organization.
5. Foreign Exchange Risk
This is a risk to earnings or capital arising from movements in foreign exchange

rates.
6. Compliance Risk
Risk to earning or capital arising from violations of laws, rules and regulations,
prescribed practices or ethical standards.
7. Legal Risk
This is the risk to earnings or capital due to unenforceable or not properly

documented contracts, lawsuits or adverse judgments.
8. Other Risks
In addition to the risks mentioned, there are other risks to which ______________
is exposed, such as:
8.1 Loss or destruction of ______________ facilities, equipment and records

through intentional or accidental events
8.2 Loss arising from frauds, defalcation, embezzlement, or dishonesty
8.3 Information Technology risk such as power outages, natural disasters,

security, viruses, fraud
lV. Risk Management System
The structure of the ______________’s Risk Management System is as follows:
1. The Board of Trustees has the responsibility of adopting policies and

guidelines to govern the safe and prudent functioning of the organization to
the end that risks are effectively managed. These include, but need not be
limited to: policies on lending, on deposits, on asset and liability
management, on liquidity management, on personnel, administration, and
internal control, etc.
2. There shall be a Risk Management Committee which reports to the Board

and composed of:
 Credit Operations Director

 Finance, Accounting and Admin Director
 Internal Audit Director
 Atleast three (2) Board of Trustees: one shall be a member of
Governance Committee and the other shall be a member of Audit
Committee.
 Compliance Officer
2.1 The Risk Management Committee shall have one chairman who shall be in
charge of the work of the Committee.
The major responsibilities of the Chairman shall include, among others:
i. presiding over the Committee meetings and ensuring effective

operation and due performance of duties of the Committee;
ii. deciding on the agenda of the Committee meetings;
iii. ensuring that all members in the Committee have full knowledge of
issues discussed in the meeting and obtain complete and reliable
information;
iv. ensuring that the Committee reaches a clear conclusion to each
proposal which includes passed, rejected and supplementary materials
needed;
v. proposing the convening of special meetings;
vi. signing resolutions of meetings; and
vii. other functions and responsibilities relating to Risk Management.
2.2 The major responsibilities of the Committee members shall include, among
others:
i. attending the Committee meetings, actively airing views on the discussed

issues, and exercising the right to vote;
ii. proposing the items of the Committee meetings;
iii. fully understanding the powers and duties of the Committee as well as the
responsibilities as Committee members, be familiar with the operation and
management status, business activities and development situation of the Bank
relevant to their responsibilities, and ensuring the performance of their duties;
iv. fully guaranteeing the working time and capacity for performing their duties;
The Committee shall have the function of overall supervision and control over
the risk management system of the organization. Its mission is to protect
______________’s scarce capital from losses arising from activities that
expose ______________ to all types of risk. It shall be tasked with the
review of capital allocation to ensure resources are suitably utilized to
optimize returns given ______________’s tolerance for risk.
The same shall also have the authority within the scope of its role and
responsibilities, to:
 obtain any information it needs from any employee and/or external
party (subject to their legal obligation to protect information);
 discuss any matters with the external auditor, or other external
parties (subject to confidentiality considerations);
 request the attendance of any employee at committee meetings; and
 obtain external legal or other professional advice, as considered
necessary to meet its responsibilities, at ______________’s expense
with the prior approval by the Chairman.
Meetings of the committee shall be conducted atleast every semester. Ad

hoc meetings can be called, as required, at the request of the Committee
Chair.
The term of office of the Committee members shall be determined by the

Board. At the expiration of the term of office they could be re-elected and
re-appointed.
3. There shall be a Risk Officer, who will report to the Risk Management
Committee. The Office of the “Risk Officer” and that of “Compliance Officer”
may be occupied by one officer whose duties be as follows:
3.1 To see to it that the provisions of the Risk Management Manual are
complied with by all concerned.
3.2 To conduct familiarization seminars on the provisions of the Manual.
3.3 To conduct a discovery process to identity risks not so far covered by

the existing risk management provisions and submits appropriate
recommendations for their control.
3.4 To monitor monthly to the supervising Risk Management Committee

compliance by all concerned with the Manual.
3.5 To submit to the Board of Trustees, thru the Risk Management

Committee, monthly reports on the implementation of, and
compliance by all concerned with, the Manual, including his
recommendations.
4. The Risk Officer and the Internal Auditor shall also exercise review function
over:
4.1. ______________’s system of internal controls which shall promote

effective and efficient operations; reliable financial and regulatory
reporting; and compliance with relevant laws, regulations, and
policies of the organization. The Risk Officer with the Compliance
Officer and the Internal Auditor shall be responsible for determining
whether internal controls meet these objectives, considering the
overall control environment of the organization; the process of
identifying, analyzing and managing risk; the adequacy of
management information systems; and the adherence to control
activities such as approvals, confirmations and reconciliation.
4.2. The audit and testing of the risk management process and internal
controls on a periodic basis, with the frequency based on a careful
risk assessment.
4.2.1 The depth and frequency of internal audit which shall be

increased if weaknesses and significant changes have
occurred on product lines, modeling methodologies, the risk
oversight process, internal controls or the overall risk profile
of the organization.
4.2.2 The development of adequate controls to bring into the

product development process at the earliest possible stage.
4.3 The continuous evaluation of the independence and overall

effectiveness of the ______________’s risk management functions;
and the involvement in the periodic review and evaluation of all
______________’s policies and procedures developed for the
______________’s key activities.
V. Risk Identification
One of the keys to risk management is risk identification. The two distinct
dimensions being faced by ______________ are the type of risk and
______________ programs that is at risk. To identify bank risk is to look at
the various types of risk and determine which function is potentially vulnerable to
that type of risk.
Vl. Risk Control
1. The Board of Trustees shall approve all significant policies relating to

management of risk throughout the organization. These policies shall be
consistent with ______________’s business strategies, capital strength,
management expertise and overall willingness to take risk.
1.1 The Chairman shall be responsible for ensuring that there are clear
delineation of lines of responsibilities for managing risk, adequate
systems for measuring risk, appropriate structured limits on risk
taking, effective internal controls and comprehensive risk-reporting
process.
1.2 He/She shall ensure that all appropriate approvals are obtained and
that adequate operational procedures and risk control systems are in
place.
2. Risk Management Committee shall review and evaluate risk management

guidelines regularly since any change in either the organization’s activities or
the market environment may create exposure that requires additional
attention.
2.1 The review shall include assessment of risk limits, methodologies,

models and assumptions used in measuring risks.
2.2 The review shall made at least annually, or whenever market

conditions and the ______________’s risk position dictate, to ensure
that they are appropriate and consistent with the ______________’s
risk-taking philosophy.
2.3 Recommended changes in the risk management guidelines shall be

submitted to the Board for approval.
3. The Board of Trustees shall approve the products/services that

______________ shall offer. The policies governing such products/services
shall be approved by the Board and set forth and documented in Policy and
Procedure Manuals duly issued by the Chairman/President.
4. Certain specified transactions, balances and/or positions shall be reported

regularly to higher bodies/officers.
4.1 For credit accommodations
4.2 Foreign exchange transactions
4.3 For investments
4.4 For liquidity management
4.5 For compliance in general
Vll Risk Assessment
1. Auditing Department shall include in its audit program an assessment of the

various types of risk that the unit being examined is vulnerable to as specified
in the risk matrix.
2. The audit examiner in coordination with the Risk and Compliance Officer shall
accomplish the Risk Assessment Report for each type of risk that the unit
being examined is vulnerable to.
3. The results of the risk assessment shall be discussed with the head or officer
in-charge of the unit responsible for the risk. Emphasis shall be given on the
factors that are rated high risk and those whose risk ratings have
deteriorated compared to the previous assessment.
4. The Risk Assessment Report shall be discussed with the Group Head of the
unit concerned, and submitted to the Board of Trustees, thru the Risk
Management Committee, for approval.
4.1 The Group Head, in coordination with the Risk and Compliance
Officer, shall discuss with the head of the unit concerned appropriate
action to be taken to reduce risk exposure in factor/s rated high
and/or rated worse than in the previous assessment.
4.2 The Group Head, in coordination with the Risk and Compliance
Officer, shall set targets for reduction of exposure, monitor
accomplishment of these targets and report results to the
Chairman/President.
Vlll. Risk Control Measures and Procedures
It is enough that risks are: Identified, measured, and assessed. It is equally, and
even more important, that the risks are managed, controlled, minimized or even
avoided. This manual will include risk control measures, vis-à-vis the various types
of risks. These are contained in the following annexes:
Annex A - Credit Risk

Annex B - Liquidity Risk
Annex C - Interest Rate Risk
Annex D - Operations Risk
Annex E - Foreign Exchange Risk
Annex F - Compliance Risk
Annex G - Legal Risk
Annex H - Other Risk
ANNEX
A
Name of Risk : Credit Risk
In Charge : Operations Director
The risk involved is non-payment of a loan, with consequent:
 Loan loss, which in turn impacts adversely on

 Profitability, capital and solvency
The more important stages for risk control in a loan’s life are:
 Processing stage
 Supervision stage
 Collection stage
 Monitoring stage
The corresponding control measures for which are the:
A. The Processing Stage
In General:
The purpose of loan processing is to establish beyond reasonable doubt:
1. That the borrower is creditworthy and can meet his obligation upon maturity.
2. That the loan complies with the lending policies of ______________ as well
as the pertinent legal and regulatory requirements.
In Particular:
1. The borrower shall be required to submit a signed ______________ loan

application which contain essential information when validated and
evaluated, will help to satisfy the purpose of loan processing. (Individual
Lending Guidelines-Part1-Loan application Stage-I-General
Lending Guidelines #9.1a and Group Lending-Client Identification
& Selection #4 Statement of Policies m) An application made by a
married individual shall require the spouse as co-borrower of the loan.
(Individual Lending Guidelines-Part1-Loan application Stage-I-
General Lending Guidelines #3.1)
2. The loan processing must be done with due diligence and care and must
establish the validity of the following factors: (Individual Lending
Guidelines-Part1-Loan application Stage-I-General Lending
Guidelines #3 and Group Lending-Client Identification & Selection
#4
2.1 The moral responsibility of the borrower;
2.2 His relevant qualification and citizenship;

ANNEX A ______Page 2
of 12
2.3 His financial soundness and that of the project to be financed;
2.4 The viability and sustainability of the project being financed;
2.5 The adequacy of collateral offered, in terms of valuation and

marketability;
2.6 The reliability of repayment;
2.7 Compliance with the policies of ______________ and the pertinent

legal and regulatory requirements;
2.8 The ability and willingness to repay the loan;
2.9 Good health and age must not be over 65 on maturity of the loan.
3. Loans shall be granted only in the amounts and the periods essential for the
effective completion of the programs/project to be financed. (Individual
Lending Guidelines-Part1-Loan application Stage-I-General
Lending Guidelines #5 and Group Lending-Initial Group Loans-
Statement of Policies #s 15 to 23)
4. The purpose of the loan must be stated in the loan contract. (Individual
Lending Guidelines-Part 2 Processing of loan application-Loan
Evaluation Process #2.1)
5. The repayment of the loan must be adapted to the nature of the

programs/projects to be financed.
6. Under group lending the members are required to maintain a minimum

balance in their CBU accounts equivalent to 5% of their current loan.
7. In excess of minimum balance of the CBU the member can either withdraw
the money or use it to pay off their unpaid loans in cases they have no money
on the collection date.
8. Members can get another loan only if the balance of their CBU savings is
within the required minimum at the end of the loan cycle.
9. ______________ shall charge interest on loans and other credit

accommodations in consonance with prevailing regulations on interest rate.
9.1 The interest rates shall be reviewed weekly by the CEO, in
consultation with Heads of Finance and Operations, considering
prevailing economic and monetary conditions that could affect cost
of funds, overall profitability and credit risk; the interest rates paid by
other banks and MFIs.
9.2 The Chairman/President shall approve interest rates.

of 12
9.3 All units concerned shall be informed of changes interest rates prior
to effectivity.
9.4 The rate of interest to be charged on the credit accommodation shall

be stipulated on the contract.
10. The true and effective cost of borrowing shall be an integral part of the loan
contract. The borrower shall be furnished, prior to the consummation of the
transaction, a statement containing the following information:
10.1 The charge, individually itemized, which are paid or to be paid by the
borrower in connection with the transaction but which are not
incident to the extension of credit.
10.2 The total amount to be financed.
10.3 The finance charges expressed in terms of pesos and centavos.
10.4 The percentage that the finance charge bears to the total amount to
be financed, expressed as a simple rate on the outstanding unpaid
balance of the obligation.
10.5 Additional charges, if any, which will be collected in case certain

stipulations in the contract are not met by the debtor.
11. Concentration of credit by size, industry and individual shall be in accordance

with banking laws and the ceilings set by the Bangko Sentral ng Pilipinas.
11.1 At least twenty five percent (25%) of loanable funds shall be made
available for Agricultural credit.
12. The dealings of the ______________ with any of its Trustees, officers and
employees shall be in the regular course of business and upon terms not less
favorable to ______________ than those offered to others.
13. The terms loan, borrow, money borrowed and credit accommodations as
used herein shall refer to transactions which involve the grant, renewal or
extension or increase of any loan, discount, credit or advance in any form
whatsoever, and shall include:
ANNEX A ____ Page

4 of 12
13.1 Any advance by means of an incidental or temporary overdraft, cash

item, “vale”, etc.
13.2 Outstanding availments under an established credit line;
13.3 Drawings against an exiting letter of credit;
13.4 The acquisition of discount, purchase, exchange or otherwise of any

note, draft, bill of exchange or other evidence of indebtedness upon
which a trustee, officer or employee may be liable as a maker,
drawer, acceptor, endorser, guarantor or surely;
13.5 Any advance of unearned salary or other unearned compensation for

periods in excess of thirty (30) days;
13.6 Loans or other credit accommodations granted by another financial

intermediary to such trustee, officer or employee from funds of the
bank invested in the other institution’s trust or other department
when there is a clear relationship between the transactions;
13.7 The increase of an existing indebtedness, as well as additional

availments under a credit line or additional drawings against a letter
of credit.
13.8 The sale of assets on credit; and
13.9 Any other transactions as a result of which a trustee, officer or

employee becomes obligated or may become obligated to the
organization , directly or indirectly by any means whatsoever to pay
money or its equivalent such as standby and deferred letters of credit.
14. The terms loans, borrow, money borrowed or credit accommodations as used
herein shall not refer to the following:
14.1 Advances against accrued compensation, or for the purpose of

providing payment of authorized travel, legitimate expenses or other
transactions for the account of the organization or for utilization of
maternity and other leave credits;
14.2 The increase in the amount of outstanding credit accommodations as
a result of additional charges or advances made by the organization
to protect its interest such as taxes, insurance, etc.;
of 12
14.3 Transactions with foreign bank which has stockholdings in the bank
where the foreign bank acts as guarantor through the issuance of
letters of credit or assignment of a deposit in a currency eligible as
[part of the international reserves and held in a bank in the Philippines
to secure credit accommodations granted to another person or entity:
Provided, that the foreign bank stockholder shall automatically be
subject to the ceilings as herein provided in the event that its
contingent liability as guarantor becomes a real liability; and
14.4 Deposits of bank with another bank, whether domestic or foreign,

which has stockholdings in the depositing bank.
14.5 A credit accommodation to DOSRI shall be considered a direct or

indirect borrowing.
14.6. A credit accommodation to DOSRI shall be considered a direct or

indirect borrowing.
14.7 The total outstanding direct credit accommodations to each of the

organization’s employees shall not exceed, at any time, an amount
equivalent to his outstanding expected retirement benefits.
14.8 ______________, in granting loans or other credit accommodations

to employees shall comply with the procedural
of 12
requirements of the Board of Trustees for credit accommodations.
15. The property and chattel offered as collateral by the applicant shall be
appraised to determine its loan value. The Transfer Certificate of Title shall
be verified with the Register of Deeds to establish its authenticity and to
ensure that there are no adverse claims on the property. An affidavit of
ownership must be required on equipment/unit offered as collateral.
Properties located in Urban Areas 70% of appraised value, which shall
and other key cities equal to the market value
Properties located in provincial 60% of the appraised value, which

towns or municipalities shall be equal to % of the market
value
Agricultural properties 60% of appraised value, which shall be

equal to % of market value
Provided that loan value of insured improvements on the property shall not
exceed 60% and 50%, respectively of the appraised value.
Chattel 50% of unit’s appraised value
16. Loans shall be approved by the following:
Loan Amount Approving Authority
Individual Lending
Insert/ amount authority

Group Lending
P4,000.00 to P6,000.00
Increment of P2,000.00 to P5,000.00
P10,000.00 to P 20,000.00
I
17. The loan applicant shall be inform in writing ’s decision on his application.
17.1 If the application is approved, the borrower shall be informed of the

terms and conditions of the credit.
ANNEX A Page
7 of 12
17.2 If the application is denied, the borrower shall be informed of the

reasons for the denial.
18. Upon approval of the loan, all legal documents containing the terms, charges,
interest, repayment schedule and conditions of the loan transactions shall be
prepared and signed by the borrower in the presence of authorized
personnel. The borrower shall be furnished copy of the documents.
18.1 ______________’s Notary Public/legal Retainer shall notarize
documents. Cost of the notarization shall be for the account of the
borrower.
18.2 If the loan is secured by real estate collateral, the mortgage shall be
registered with the Registry of Deeds where the property is located,
prior to the release of the loan, registration expenses shall be for
the account of the borrower.
18.3 Procedures shall be in place to ensure that appropriate and complete

documentation is obtained and is on file.
19. Improvements on real property used as collateral shall be insured with an

insurance company acceptable to the organization except when the loan
value of the lot is enough to cover the amount of loan or when the property
is already insured for the required amount and the borrower has endorsed
the insurance policy, in favor of ______________.
19.1 Insurance premiums shall be for the account of the borrower.
19.2 Amount of coverage shall be equivalent to 100% of the appraised

value of the insurable value of the collateral whichever is lower.
19.3 The policy shall be endorsed by the borrower to the organization.
19.4 The insurance policy shall be renewed annually, until the loan is fully
paid. In case the borrower fails to renew the policy on due date, to
______________ shall advance the premium and charge the
borrower interest thereon, corresponding to the rate stated on the
Promissory note.
20. The Department Head/Branch Manager in accordance with the terms of the
loan shall approve loan releases.
21. Past Due Loans
21.1 Loans accounts shall be classified as past due in accordance with

______________ approved policies.
of 12
21.2 No interest income shall be accrued on past due accounts. Interest

on past due accounts shall be taken up as income only when actual
payments thereon are received.
21.3 No loans shall be renewed or its maturity date extended unless the
corresponding accrued interest receivable shall have been paid.
22. Loan Restructuring
22.1 ______________ shall have full discretion in the restructuring of

loans in order to provide flexibility in arranging the repayment of such
loans without impairing or endangering ______________’s financial
interest, except in special cases approved by the Board such as loans
the funding of which is sourced partly or wholly from currency
obligations. However, the restructuring of loans granted to
employees and their related interest shall be upon terms not less
favorable to the ______________ than those offered to others.
22.2 While loan restructuring shall be considered as management tools to

maintain or improve the soundness of the organization’s lending
operations, this shall be done mainly to assist borrowers towards the
settlement of their loan obligations, taking into account their capacity
to pay.
22.3 Restructured loans are loans the principal terms and conditions of
which have been modified in accordance with a restructuring
agreement setting forth a new plan of payment or a schedule of
payment on a periodic basis.
22.3.1 The modification may include, but shall not be limited to,
change of maturity, interest rate, collateral or increase in the
face amount of the debt resulting from the
capitalization of accrued interest/accumulated charges.
22.3.2 Items in Litigation and loans subject to judicially approved

compromise, as well as those covered by petition for
suspension or new plans of payment approved by the board
shall not be classified as restructured loans.
22.4 In the restructuring of loans, the real estate security and or other
collateral offered shall be appraised at the time of restructuring to
ensure that current market values are being used.
of 12
22.5 Restructuring of loans shall be approved by the Executive Director

and to be reported to the Board of Trustees.
The approval for restructuring of the loan shall state the following:
22.5.1 The basis or justification for the approval;

22.5.2 The basis for its determination of the viability of the
borrowers business particularly his capacity to pay the
loan;
22.5.3 The nature and extent of protection of the institutions

exposure; and
22.5.4 The position taken by each director on the loans

approved for restructuring, if approved by the Board.
22.6 All loans approved for restructuring shall be reported to the Board of
Trustees for confirmation.
22.7 Approval of the request for restructuring shall consider the following,
among others:
22.7.1 The borrower should be able to explain to the satisfaction of

the approving committee the reason why the account has
turned sour;
22.7.2 The committee should be convinced that the reason for the
non-payment of the account or the non-compliance by the
borrower of the terms and conditions of the loan is/are no
longer present and that the borrower’s capacity to pay has
improved and he is now perceived to be capable of servicing
the loan satisfactorily up to its maturity;
22.7.3 The committee should be satisfied that the remaining

collateral of the borrower is/are still sufficient to answer for
the amount of loan sought to be restructured.
ANNEX A _____Page 10
of
22.8 Interest on restructured loans shall only be accrued if the loan is on

current status and there is no previously accrued and/or capitalized
but uncollected interest on such loan. The classification of loan prior
to restructuring shall be retained
22.9 A restructured loan shall be considered as non-performing except

when the loan is current and performing on the date of restructuring.
B. The Supervision Stage
1. A schedule of periodic visitation to large borrowers and /or the projects

financed should be programmed and strictly followed.
2. The visits are designed to ascertain the following among other:
2.1 The proper use of the loan proceeds according to its purpose; and
the deviations from the purpose;
2.2 Potential problems that may affect adversely the loan quality
3. Reports with recommendations shall be submitted on the results of the

visitation, through channels, to Director for Operations, who shall take the
appropriate actions.
C. The Collection Stage
Experience has shown that loans which otherwise are collectible, turn out to be
problem loans due to an ineffective collection process. One important factor in the
effectiveness of the collection effort is its seriousness and determination. The
following are some of the control measures adopted.
1. A system of collection process (with assistance of the corporate lawyer) shall

be developed and approved by the Board of Trustees.
2. The process should define stages and timetable for undertaking the collection
strategy.
of 12
3. Once the process is started, there should be no instance of let-up or

relaxation which borrower may interpret as laxity or non-seriousness in the
collection effort which may impact adversely on the collection effort.
4. The result of the implementation of the collection process shall be monitored,

through channels, to the supervising Director who shall then take appropriate
action.
D. The Monitoring Stage
Loans are the most important resource of ______________ and their deterioration
is the most compelling single cause of organizations failures. This points up the
importance of monitoring for the information of the CEO and the Board of Trustees
that extra due diligence has been followed in implementing the controls on various
stages of the loan process. It is also important that they be given informed
knowledge as to the status of the loan portfolio and its component, to the end that
timely and appropriate actions are taken to prevent or control the deterioration of
the loan portfolio.
The following are some important guidelines in the monitoring of loans:

1. A well-structured report to the CEO and the Board of Trustees should contain
the following information, among others:
1.1 Loans granted/outstanding classified on the basis of maturity,

industry, type, interest rate, collateral
1.2 Past due accounts with aging
1.3 Items in Litigation together with status of cases
1.4 Classification of accounts for purposes of estimating allowance for

bad debts
1.5 Accounts not conforming with established policies and procedures

such as loans released before documentation/registration is
completed, loans released before approval by appropriate
body/officer
1.6 Loans that exceed established ceiling such as loans exceeding internal
or regulatory limits (SBL)
1.7 Unusual or exceptional problems regarding individual large loans,

together with an evaluation of the problem and actions taken, and
recommendation for further actions.
of 12
2. Loan Review
A committee shall periodically review and assess the quality of

______________’s loans and other risk assets.
3. The Credit Officer shall maintain a list of watch credits and report them to
the assigned Loans Review Committee at least monthly. Watch credits are
those that fall under any of the following categories:
3.1. Loans identified by internal loan review as having greater than

unusual risk
3.2. Loans criticized by regulators
3.3. Loans requiring additional attention because of
3.3.1 deteriorating financial conditions in business or industry

3.3.2 reductions in value of collateral that may result in loss
exposure
3.3.3 violations of loan agreements
3.3.4 changes in top management
3.3.5 sudden changes in audit firms
3.3.6 inability to pay seasonal debt
3.3.7 resistance to submit current financial information
RISK ASSESSMENT REPORT

Type of Risk : Credit Risk
Unit in Charge : Operations
TO : THE RISK MANAGEMENT COMMITTEE
THRU : RISK AND COMPLIANCE OFFICER
DATE :
SUBJECT : CREDIT RISK ASSESSMENT CONDUCTED ON
Loans Processing Yes No
1. Are loans supported by the prescribed loan application duly

signed by the borrower?
2. Are borrower’s character and capacity to pay, soundness of the
project being financed, adequacy of the collateral, and other
relevant factors affecting the credit worthiness established?
3. Are amount and term of loans granted equivalent to the amount

and the period essential for the effective completion of the
operations to be financed?
4. Is the purpose of the loan stated in the contract between

______________ and the borrower?
5. Is the repayment of the loan adapted to the nature of the

operations to be financed? If maturity exceeds six (6) months,
have provisions been made for periodic payments, at least
annually?
6. Are borrowers required to leave behind or deposit capital build

up (CBU) back a portion of the loan proceeds and/or are
borrowers prohibited from, or limited in, making withdrawals
from any of his CBU account while any portion of his loan is
outstanding, except in the case of emergency?
7. Do interest rates conform to the approved rates?
8. Are borrowers provided statements of the true and effective cost

of borrowing?
9. Is concentration of credit size, industry and individual in

accordance with banking laws and the ceilings set by the Bangko
Sentral ng Pilipinas for microfinance?
10. Are dealings with any of its officers and its employees and their
related interest in accordance with the rules and regulation
approved by the Board of Trustees?
Credit Risk Assessment Report
Page 2 of 3
Loans Processing Yes No
11. Are properties offered as collateral appraised to determine its

loan value and transfer Certificate of Title verified with the
Register of Deeds to establish its authenticity and to ensure that,
there are no adverse claims on the property? Do loan values
conform to ______________ policy approved by the board?
12. Are loans approved by authorized approving body?

13. Are loans applicants informed in writing of ______________’s
decision on application?
14. Are the required legal documents obtained and if required,

signed by the borrower in the presence of authorized personnel,
notarized and/or registered? Are copies of these documents on
file?
15. Are improvements on real property used as collateral insured

with an insurance company acceptable to ______________?
16. Are loan releases approved by the Department Head and in

accordance with the approved terms of the loan?
17. Is past due loans ratio within the level prescribed by the Board
of Trustees? Are past due loans handled in accordance with the
policies approved by the Board of Trustees?
18. Are loans restructuring policies and procedures followed strictly?
Loans Supervision
1. Is there a schedule of periodic visitation to large borrowers

and/or projects financed to ascertain the proper use of the loan
proceeds and potential problems that may adversely affect the
loan quality? Is the schedule strictly followed?
2. Are reports with recommendations on the results of the

visitation submitted, through channels, to the Director in charge
of Loan Administration?
3. Are appropriate actions taken on the recommendations?
Collection
1. Does the process define stages and timetable for undertaking

the collection strategy?
2. Is the collection process pursued without let-up and relaxation?

Credit Risk Assessment Report
Page 3 of 3
Collection Yes No
3. Are reports on the result of the implementation of the collection

process regularly submitted, through channels, to the
supervising Directors who shall then take appropriate actions?
Loan Monitoring
1. Are reports on past-due and non-performing loans submitted to

the CEO and the Board of Trustees? Do the reports contain all
the details required to monitor performance and credit risk?
2. Are reports on unusual or exceptional problems regarding

individual large loans, together with an evaluation of the
problem and actions taken, and recommendation for further
actions regularly submitted to the CEO and the Board of
Trustees?
3. Is a committee periodically review and assess the quality of the

______________’s loans and other risk assets?
4. Does the Credit Risk Officer maintain a list of watch credits and
report them to the Loans Review Committee at least monthly?
Results of discussion of risk assessment with the unit in charge:
Recommendations:
Areas of Concern Recommendation Action
Risk Examiner
Signature Over Printed Name Date
ANNEX
B
Name of Risk : Liquidity Risk
In Charge : Director-Chief Finance Officer
1. There should be a periodic determination, say on a yearly basis, of the liquidity

demands arising from:
1.1 the normal day-to-day liquidity pressures
1.2 the abnormal liquidity pressures (including loan and contingent demands)
2. Primary reserves in appropriate levels should be maintained to meet the normal day-
to-day liquidity pressures.
3. Secondary reserves in appropriate levels should be maintained to meet the abnormal

liquidity pressures.
4. Tertiary reserves in appropriate levels should be maintained to shore up the primary

and secondary reserves in cases of unusually large and unforeseen liquidity
pressures.
5. Appropriate tools and database should be maintained and updated to provide

management the bases for estimating the various levels of liquidity pressures. These
tools necessarily must include historical statistical series to be taken in the context
of deposit characteristics and behavior, known maturities of obligations and loan and
contingent demands and repayment, as well as an economic and business analysis
to identify business trends (Especially on the negative aspects).
6. Once a determination of liquidity requirements for the succeeding 12 months is

established, periodic reviews of such determination should be made from time to
time.
7. It is also essential that maturities (both of loan receivable, loan releases and other
obligations) should be managed to achieve a smoother cash flow pattern.
Type of Risk : Liquidity Risk
Unit in Charge : Accounting Unit
DATE :
SUBJECT : LIQUIDITY RISK ASSESSMENT CONDUCTED ON
Yes No
1. Is a periodic determination of the liquidity demands arising from:
a. the normal day-to-day liquidity pressures

b. the abnormal liquidity pressures (including loans and
contingent demands)
conducted at least annually?
2. Have appropriate levels been set for:
a. Primary reserves?
b. Secondary reserves?
c. Tertiary reserves?
If yes, are these levels being met?
3. Are the required Liquidity Reserves more than the Primary and
Secondary Reserves? If yes, have the Primary and Secondary
Reserves been raised accordingly?
4. Has a management information system been set to ensure the

regular, timely and accurate reporting of liquidity reserves and
requirements?
5. Is there matching of maturities of assets and liabilities to achieve

smoother cash flow pattern?

Recommendations:
Risk Examiner
ANNEX
C
Name of Risk : Interest Rate Risk
In Charge : Director Chief Finance Officer
Director for Operations
Interest rate setting is constrained by forces of laws, regulations and competition such that
risks on interest rates, in most cases arise: a) from competition effectively setting a narrow
gap for interest margin and if this is happening in a rigid and high general and administrative
cost, this may affect adversely ______________’s profit; and b) from a mismatch of interest
on loans vis-a-vis interest on deposits.
1. Since there is a constant competitive pressure to narrow down interest margins,

______________ have a judicious control of general and administrative expenses,
consistent with efficient operations.
2. Avoid mismatching of interest rates on loans as against rates on deposits. A fixed

interest rate on term loans may prove to be inappropriate in a rising deposit interest
rates.
3. Similarly, long-term fixed rate investment funded by short-term borrowings can

affect adversely ______________’s earning (or even liquidity) positions.
Type of Risk : Interest Rate Risk
Unit in Charge : Accounting Unit
Operations
DATE :
SUBJECT : INTEREST RATE RISK ASSESSMENT CONDUCTED ON
Yes No
1. Is there a periodic review of ______________’s interest rate

structure vis-à-vis market rates and ______________’s profit
plan?
2. Do interest rates on loans have a favorable match vis-à-vis

interest rates on the market?
3. Is long-term fixed rate investment funded by short-term

borrowings?
4. Are changes in interest rates on loans approved by the Executive

Committee?
5. Are changes in interest rates for CBU approved CEO?
Recommendations:
Risk Examiner
ANNEX
D
Name of Risk : Operations Risk
In Charge : VP-Operations
The more important of ______________’s operations involving risks are lending and deposit
operations. The risk control measures on these operations are embedded in the existing
manuals of the organization’s involving these operations.
1. Lending Operations
The policies, procedures and controls with respect to lending operations are in Annex
A hereof.
2. Deposit Operations
The policies, procedures and controls with respect to deposit operations are provided
for in ______________’s manual on CASA which is deemed part of the Risk
Management Manual.
Type of Risk : Operation Risk (Deposits)
Unit in Charge : Branch Banking Group
DATE :
SUBJECT : OPERATIONS RISK-CBU ASSESSMENT

CONDUCTED ON
CBU Opening Yes No
1. Is the client properly identified?
2. Are the CBU owned by two or persons covered by Joint

Account Agreement?
3. Are accounts in the name of legal representatives & juridical

personalities required to submit business and corporate papers
in case of other organized groups?i.e, peoples organization,
cooperatives.
4. Are accountable forms used in opening CBU controlled?
5. Are all documents in opening CBU account authenticated and

approved by branch officers?
6. Are signatures encoded in the k?
Processing of Transactions
1. Is access to signature cards limited to authorized cash section

personnel?
2. Is presentation of request for CBU withdrawal accomplished

before payment?
3. Are CBU request for withdrawal duly approved by the Branch

Manager?
4. Are payment of CBU request paid at once?
5. Are cut-off for CBU reversal especially before month end

established and followed?
Operation-Deposit Risk Assessment Report
Page 2 of 3
Processing of Transactions Yes No

Dormant CBU Accounts
1. Are records of dormant CBU accounts maintained?
2. Are accounts reviewed monthly?
3. Does reactivation of dormant account require approval?
Closing of Dormant CBU Account
1. Is there an approved policy on dormant CBU account?
2. Does closing of dormant account required approval of any

branch manager?
3. Are dormant CBU clients visited by the Branch Manager before

closure the account is made?
Account of a Deceased CBU clients
1. Does closing of account belonging to a deceased client require

submission of legal documents such as Affidavit of Claim, Death
Certificate and Birth Certificate?
2. Can any relatives claim CBU balance of a deceased client?
3. Does payment of dormant CBU approved by the branch

manager?
Operation-Deposit Risk Assessment Report
Page 3 of 3
Cash Handling Yes No
1. Is cash and other accountable forms kept inside the cash vault of
the branch?
2. Do the vault register duly accomplished, witnessed and signed by

the teller? Manager or Supervisor?
3. Is the vault secured by grille door?
4. Is there a vault custodian with no cash accountability and is not a

holder of the main vault door dial/key?
5. Does the vault custodian record all activities inside the vault in the
vault’s logbook?
6. Does the entrant and the vault custodian sign all entries in the vault
logbook?
Recommendations:
Risk Examiner
ANNEX
E
Name of Risk : Foreign Exchange Risk
In Charge : Chief Finance Officer
The more important foreign exchange risk is that arising from exchange rates. If the pesos
weaken, for instance, a long position in assets in foreign exchange currency may result in
earnings for the bank, which will be the opposite if the position is short (meaning there are
more liabilities than assets) in a foreign exchange position. Also, aside from risks in foreign
exchange rates, other risks may arise from the quality of assets held in foreign currency.
1. Acquisition of, and assumption of liabilities in, foreign exchange should only be done
in foreign currencies allowed by the BSP and duly approved by ______________
Board of Trustees.
2. Dealing in foreign currencies should only be in convertible currencies to widen

______________’s accessibility to foreign exchange market and avoid liquidity risks.
3. Such dealings should also be in stable currencies.
4. Maintenance of a mixed foreign currency asset and liability positions should be

avoided.
5. A usual strategy is to maintain a square position but this should not give rise to a
false sense of security since this may not automatically preclude credit or investment
risks in the quality of the foreign currency assets held by the bank nor eliminate risks
in foreign exchange rates which may affect adversely the clients’ ability to honor
their commitments.
Type of Risk : Foreign Exchange Risk
Unit in Charge : Branch Banking Group
Accounting
DATE :
SUBJECT : FOREIGN EXCHANGE RISK ASSESSMENT

CONDUCTED ON
Yes No
1. Are foreign currencies accepted for deposits limited to those allowed

by the BSP?
2. Are foreign currencies sold and purchased limited to those allowed

by the BSP?
3. Are foreign currency deals limited to convertible currencies?
4. Are foreign currencies sold and purchased stable?
5. Are buying and selling rates of foreign currencies based on

prevailing foreign currency exchange rate?
6. Is there a one hundred percent (100%) cover for foreign currency

liabilities?
7. Is this foreign currency cover maintained at all times?
8. Are the required foreign exchange reports prepared and submitted

to the BSP on or before the prescribed deadlines?
9. Are separate books and records maintained for foreign currency

deposits?
Recommendations:
Risk Examiner

ANNEX
F
Name of Risk : Compliance Risk
In Charge : Risk and Compliance Officer
Compliance risk is defined as the risk to earnings or capital arising from violations of laws,
rules and regulations, prescribed practices or ethical standards. And to ensure that the risk
is recognized, monitored, and controlled, the process should include identifying relevant
Philippines laws and regulations, analyzing the corresponding risks of non-compliance,
prioritizing the compliance risks and designing the control measures to minimize or prevent
the occurrence of said risks.
1. A compilation and continuous updating of Philippine laws, banking regulations, and

bank policies and regulations broken down to individual provisions should be
prepared. Among these are:
1.1 The General Banking Law and Thrift Bank Act
1.2 The Central Bank Act
1.3 The BSP Manual of Regulations for Banks (implementing the General Banking
Act, and the Thrift Bank Act)
1.4 The Unclaimed Balances Law
1.5 Republic Act No. 3591 (PDIC)
1.6 The Investment Houses Law
1.7 Tax Reform Act of 1997
1.8 The Corporation Code of the Philippines
1.9 Local Government Code
1.10 The Social Security Act
1.11 The Consumer Act of the Philippines
1.12 The Insurance Law
1.13 Bank Secrecy Law
2. Each relevant provision should be evaluated by the Risk and Compliance Officer in
terms of:
2.1 the consequences of violations in the forms of sanctions and penalties;
ANNEX F ____
Page 2 of 2
2.2 the perceived level of risk involved in its violation;
2.3 the function or unit responsible for initiating or maintaining compliance, and
2.4 the frequency of testing if such compliance is taking place
3. Broadly speaking, provisions to be complied with are those in the law, the regulations
and the internal Bank policies; and compliance is measured in terms of the following:
3.1 definitions (including unsound banking practices)
3.2 prohibitions
3.3 approval requirements
3.4 procedural, accounting, internal control and auditing requirements
3.5 upper and lower limits
3.6 reporting requirements
3.7 others
4. The Risk and Compliance Office periodically monitors transactions, reviews report
and documents, and observes practices to ascertain compliance. In case of doubt,
operating personnel should consult the Risk and Compliance Officer regarding the
relevant provisions of laws, regulations, policies, which might be violated. Findings
on compliance are discussed with the officers concerned. Likewise, the Risk and
Compliance Officer should monitor and review the Board and management’s
supervision and administration of the compliance function, In terms of quality,
adequacy and effectiveness, the development of internal controls aimed to ensure
continuing compliance, and an efficient compliance review and monitoring system.
5. Compliance issues and violations are reported along with other audit exceptions to
the Board of Directors through the Audit Committee and the Risk Management
Committee.
6. As new laws, regulations, and policies are enacted or issued, or amendments to

existing ones introduced, they are appended, inserted or made to replace
superseded provisions in the compilation. Copies of the new laws or amendments
which are usually disseminated in the form of numbered circulars and circular letters
are given to all concerned officers for their guidance and compliance. Any
ambiguities are brought to the attention of the concerned authorities such as the
BSP Supervision and Examination Sector, for clarification, which is then disseminated
accordingly.
Type of Risk : Compliance Risk
Unit in Charge : Office of the Risk and Compliance Officer
DATE :
SUBJECT : COMPLIANCE RISK ASSESSMENT CONDUCTED ON
Yes No
1. Is a compilation of Philippine laws, banking regulations and bank

policies and regulations being prepared?
2. Are the compilations of The Philippine laws regularly updated?
3. Are banking regulations regularly updated?
4. Are the consequences of violations of individual provisions of

law understood?
5. Is the risk level involved per violation evaluated?
6. Is the unit responsible for initiating and maintaining compliance

correctly identified?
7. Is the prescribed frequency of compliance testing being

followed?
8. Are transactions, reports and documents monitored to ascertain

compliance?
9. Are operating personnel cognizant of laws affecting their

respective work?
10. Are violations discussed with them?
11. Are compliance issues reported tap the board of directors

through the audit committee?
12. Are ambiguities in legal provisions brought immediately to the

attention of the concerned authorities?
Compliance Risk Assessment Report
Page 2 of 2
Recommendations:
Risk Examiner

ANNEX
G
Name of Risk : Legal Risk
In Charge : Corporate Legal Counsel
1. The legal risks from contracts
1.1 The Corporate legal counsel reviews all loan contracts and documents before
the loans are availed by ______________.
2. The legal risks from lawsuits are those that could emanate from the non-observance
or implementation by the organization of its commitments or understandings arising
from its contracts, including those for its loans. The risks may be in the form of
possible damages, which the organization may be ordered to pay by reason of the
causes aforementioned. Minimizing these risks is the concern of the corporate legal
counsel and towards this objective, the faithful implementation of the organization’s
contractual obligation are pursued in all respect. In those instances where lawsuits
have been filed, denying or disproving the charge, and failing that, mitigating the
award of damages against the organization has always been the thrust of the
organizations defenses. This is achieved by an in-depth study of the cases and the
affirmative or special defenses, which the rules allow a party defendant to raise.
Type of Risk : Legal Risk
Unit in Charge : Legal Counsel Secretary
DATE :
SUBJECT : LEGAL RISK ASSESSMENT CONDUCTED ON
Yes No
1. Are loan documents reviewed by the Corporate Legal Counsel

prior to release of loan?
2. Are the legal aspects of all contracts entered into by the

organization reviewed to ensure that:
a. ______________’s interest is adequately protected
b. Contracts are enforceable
c. Parties thereto have the legal capacity to enter such

contracts
d. Etc.
3. Are legal aspects of new products such as contracts, terms &

conditions, compliance with provisions of relevant laws and
regulations reviewed by the Corporate Secretary prior to
approval and launching
Recommendations:
Risk Examiner
ANNEX
H
Name of Risk : Other Risks to Include:
 Loss or destruction of ______________ facilities, equipment and records

arising
From theft, robbery, fire, earthquake, gun battles, etc.
In Charge : Administrative Officer
 Loss arising from frauds, defalcation, embezzlement, dishonesty, etc.
In Charge : Branch Manager
 Information Technology Risks, such as backups, power outages, security,

viruses, frauds
In Charge : MIS-Head
Loss or Destruction of Banking Facilities, ______________ Records
1. The Administrative Officer has developed a disaster control program that establishes
measures to prevent controllable disasters such as fire, promotes disaster
preparedness, and establishes survival measure should a disaster occur.
1.1 ______________ personnel have been organized into teams and

responsibilities of each team member have been clearly defined.
1.2 ______________ records and property have been classified and clearly
marked as to their order of priority in case of evacuation.
1.3 Evacuation areas have been identified and the measures for securing
personnel, records and property evacuated to these areas have been
established.
1.4 The disaster control program has been disseminated to all ______________
personnel.
1.5 The Admin Officer shall regularly assess and update the disaster control
program.
1.6 Drills shall be conducted to ensure disaster preparedness.

2. All ______________ offices shall be equipped with standard firefighting equipment
and security alarm systems shall be installed in the branches. These equipment shall
be checked regularly to ensure they function properly.
ANNEX H _____ Page 2

of 14
3. A thorough background checking of security personnel shall be conducted and

NBI/police clearance, neurological/psycho test result is required to ensure that these
personnel do not pose security risks.
4. Security policies and procedures for cash transfers shall be strictly implemented.
Loss arising from Frauds, etc.
1. A truism: A crime becomes a probability if the opportunity to commit a crime is

present. The bank should therefore remove all temptations and opportunities for
frauds, embezzlement.
2. Avoid hiring people who are likely to commit crimes of moral turpitude.
2.1 Do a background check on applicants being considered for employment.
2.2 Check the references given in the application.
2.3 Check applicant’s education.
2.4 Require police or NBI clearance.
2.5 Check with previous employers.
2.6 Do a bank checking on credit record.
2.7 Adopt a forced leave schedule and enforce it strictly.
2.8 Provide adequate compensation.
2.9 Rotate duties unannounced.
3. Segregate the physical handling of a transaction from its recording.
4. No employee shall be made to handle all steps in a transaction involving 2 or more

steps.
5. Adopt a dual control system for sensitive transaction.

6. Joint custody of items of value such as cash in vault, negotiable collateral, securities,
dormant accounts, cashier’s checks.

of 14
Information Technology Risks
1. Physical Security
1.1 Access Restrictions
1.1.1 Access ______________’s Electronic Data Processing Unit is

restricted to authorize personnel. Authorized visitors to the data
center must enter through a reception area, and comply with sign-in
and sign-out control procedures.
1.1.2 The computer operations room, within the data center, shall also be
under strict control. Access to the computer room shall be limited to
the Management Information Systems (MIS) Division personnel. MIS
Division personnel involve in programming shall not be permitted
entrance to the computer operations room, except under the
following circumstances.
 Requests from the MIS System Support personnel to help

with a current problem as approved by the MIS Division
Head.
 Properly authorized job request for a hands-on test or a

special project requiring the presence of a programmer
1.2 Fire Protection
1.2.1 The data center facility shall be protected by fire and smoke
detectors.
1.2.2 Portable fire extinguishers that are environmentally friendly (ensure

that the chemicals will not destroy sensitive equipment) are installed
inside the computer room and other chemical fire extinguishers are
located around the work area.
1.2.3 Computer operations personnel shall be familiar with the locations of

these extinguishers and trained on how to use them.
1.3 Power Failure
1.3.1 ______________ has provided an uninterrupted power supply (UPS)

to be used in the event of a power fluctuation or complete loss of
power. The UPS is intended to provide only enough supplemental
power to allow an orderly shutdown of the system.

of 14
1.3.2 ______________ has installed a generator, which shall provide MIS

Division with sufficient alternative power to run the computer in the
event of a power blackout.
1.4 Housekeeping
1.4.1 Smoking, eating, and drinking in the computer operations room are
prohibited.
1.4.2 Extraneous paper supplies and other combustible material shall not
to be stores in the computer room, since these are fire hazards.
2. Equipment Care and Maintenance
2.1 MIS System Support Personnel Maintenance
MIS System Support personnel are responsible for the routine care of the
equipment, devices, workstations and other except Servers and Main
Systems. Maintenance by the System Support personnel is limited to the
routine procedures and systems assigned to them. System Support
personnel are not permitted to perform any significant equipment repair and
maintenance activities unless authorized by and working with the Head of
the MIS Division or supervisors. System Support personnel shall:
2.1.1 Record suspected hardware and software malfunctions and brings

them to the attention of the MIS Division Head or supervisors.
2.1.2 Note any defective areas on tapes and disks when operating a
computer and enter them on a log. Maintaining such a log will help
determine when tapes and disks should be rotated out of production.
2.1.3 Record all hardware and software “crashes” or errors and note the
reason or suspected reason, the time, and the action taken to correct
the situation and who took the action.
2.2 Vendor Maintenance
The hardware manufacturer shall perform repair service and maintenance

under formal service contracts, which ______________ requires with each
of its significant hardware vendors. For leased equipment, the MIS Division
Head must ensure that the maintenance agreement is included in the lease
agreement. The service contract details what preventive maintenance is to
be performed and what the maintenance schedule is, and it defines
maintenance boundaries between vendors.

of 14
During scheduled preventive maintenance time:
2.2.1 The MIS system support personnel shall always be present in the
computer room with the vendor’s service representative.
2.2.2 The MIS system support personnel responsible for monitoring the
preventive maintenance shall be sure to remove, or secure, all
production programs and data files before pull out of any devices or
equipment from the organization.
2.2.3 After the maintenance, the system activity log shall be printed for
review by the MIS Division Head.
3. Equipment Operations
3.1. Operator Instruction Manuals
______________ has developed operator run manuals to provide specific

instructions for the actual operation of the computer equipment, mainframe,
and peripherals. MIS Division Head and the MIS supervisors shall be
responsible for keeping the manuals current to reflect the present operating
environment. The manuals for operating each system set forth the following
minimum requirements:
3.1.1 Explanation of each program, or run, within the system or application
3.1.2 Program (run) execution sequence, frequency, and priority
3.1.3 Identification of all input/output forms
3.1.4 Instructions for form alignment
3.1.5 Instructions for disposition of input and output

3.1.6 Identification of all required operator responses
3.1.7 Start and restart instructions
3.2 Operating Log
The system has internal operating logs that will records all events and actions
that the System Support personnel take. The log is produce daily and
reviewed by the MIS supervisors or MIS Division Head to ensure that routine
operating schedules are adhered to and to detect any unusual activities. All
non-scheduled jobs shall be supported by job requests.
ANNEX H _____Page 6
of 14
4. Data Security
1.1. Data Media Security
4.1.1 All data media not currently in use shall be kept in the tape/disk
library located within the data center facility.
4.1.2 Access to the library shall be restricted to authorize personnel only.
4.1.3 The librarian shall attend the library during operating shifts.
4.1.4 No item may be removed from the library unless the librarian has
received the proper written request form. The librarian shall remove
the item from the library and give it to the requestor.
4.1.5 All other physical security considerations such as fire protection also
protect the tape library.
4.2 Program Documentation
4.2.1 All programs shall have complete documentation.
4.2.2 All documentation provided with purchased software, packages, or

prepared by ______________’s programming staff, shall be stored in
a secure location outside of the computer room. Backup copies shall
be in the custody of the IT-Auditor.
4.2.3 MIS System Support personnel shall not have access to programming
documentation, including program flow charts, source listings, etc.
4.3 Management Reports

Various management reports are produced automatically by the computer
system, and some are prepared manually. MIS Division shall perform a
scheduled review of these reports, which includes:
4.3.1 Manually prepared logs of equipment failure, software or application

crash, preventive maintenance for hardware, and repairs and
downtime.
4.3.2 Automated reports on computer systems performance, use, job

accounting and capacity.
4.3.3 Electronic reporting on authorized attempts to access the system and

attempts to access information outside the user’s assigned level.
ANNEX H ____ Page 7
of 14
4.3.4 Console logs reflecting all jobs submitted, including reruns, program
abnormal stoppages and utility use.
5, Telecommunication/Online Security
Data communication networks often are linked to internal LANs, providing unique
opportunities for communication between various networks. The combination of
networks, that is, workstation, client server, mini computers and computer
platforms, may all be linked through a common network link. Different users in
different locations at different times can communicate and utilize or share
information. In certain cases, specific information may be carried on proprietary
Networks or dedicated to “this ______________ only” lines, while other information
networks may be communicated via public carriers. The sharing of LAN in formation
and resources through data communications expose the bank to potential
unauthorized access and use.
Controls shall be established to assure that only authorized individuals enter the
system designated to their specific usage, and once they have accessed the
approved systems, these individuals perform only authorized activities. The level of
controls placed on a LAN or LAN/data communications network shall be
commensurate with the level of exposure and cost of the related controls. The
primary focus of these control systems shall be to create a high level of security
discipline for the institution, its networks and services, and its customers. The
controls for data communications network integrating with LANs should include the
following:
 Identifying and authenticating individuals requesting access to the system

and controlling their level of activity.
 Developing and maintaining a methodology to govern passwords and user

IDs.
 Assuring, at both the ______________ and customer levels, that
transactions are reconciled promptly.
 Monitoring network use, including sign-on attempts, to identify anomalies.
 Ensuring security of information during transmission across the network.
 Developing and implementing appropriate internal firewalls to protect a

“secure” or “trusted” network from a “foreign” or “untrusted” network.
If bank staff detect unusual activity or anomalies occurring regarding data access of
the ______________’s LAN through data communication networks, more
sophisticated techniques may have to be utilized to identify the source.

of 14
Security measures and controls for all internal LANs shall be selected based on the
degree of risk, with the following general categories serving as the basic elements
for consideration.
 Access control. Physical barriers such as doors, locks, keys personnel badges,
keyboard locks: on-line controls such as user ID’s, passwords, encryption
 Accountability. Audit trails or audit records monitoring devices to detect

security violations after the fact
 Continuity of service. Devices to prevent loss of power and damage from

fire, flood, or other natural disasters
If the level of security and/or control support for data communication networks or
LANs is of concern, MIS Division shall be authorized to seek further assistance from
other sources such as external outside expertise.
5.1 Terminal Security
Security for the terminal system includes physical restrictions to the terminals
themselves and other software system controls
Software features provide security through controlling activity by terminal,

function, operator, transaction, and data type. Each authorized user shall be
assigned a User ID to provide user identification. Limits to what each
authorized user can do once that user gains access shall be defined in the
system. The type of activity that can be processed at each terminal shall
also be limited and monitored.
Identification and authentication of system activity is a fundamental control,
which requires that the system know and verify the following:
Identification Methods
User Passwords and user ID
Terminal Type, or physical location
Transaction Type of transaction attempted or performed,

what file or application was accessed
Date/Time Automatically tracked by the internal system

clock

of 14
5.1.1 ______________ uses a combination of unique user ID’s and

passwords. Users are instructed to memorize their passwords and
not to write them down or share them with any other person.
5.1.2 Terminal identification is achieved by terminal identifiers, which are

encoded into each terminal.
5.1.3 Transaction type is controlled by user profiles and authorization

tables unique to each user. The profiles control access to programs,
data files, terminals, and type of transactions. Terminals are also
controlled by automatic time-outs and time-of-day restrictions.
5.2 Network Security
5.2.1 A System Firewall shall be installed to prevent unauthorized access

to Metropolitan/Wide Area Networks and Internet based connections.
6. Computer Viruses
______________ will seek to protect itself against deliberate attempts through

computer viruses, worms, and Trojan horses to damage the bank computer system
and databases. Viruses, worms, and Trojan horses primarily enter a computer
system via download software through the internet, network connections or by
sharing diskettes and other electronic media.
A virus is a fragment of a computer program that attaches itself to an executable

program or other file formats already housed within the system. Every time the host
program is executed or file is accessed, the virus attached to it replicates itself. A
virus is deliberately programmed to damage the computer’s software or databases.
and has the capability of severely damaging the integrity of ______________’s
financial data and the ability of the bank to maintain effective operations.
A worm is a self-contained program that can be executed on its own. A worm is

able to replicate itself while using significant disk or hard drive space, severely
slowing down or even shutting off ______________’s computer operations.
A Trojan horse is a vehicle which a worm or a virus enters a computer system. A

Trojan horse is most often brought to a computer system from downloaded bulletin
board software. Although the program itself appears harmless, once inside the
computer, a Trojan horse program releases the dangerous virus or worm it brought
aboard.
ANNEX H _____Page 10
of 14
Management recognizes the risks associated with shared software. Every effort will
be made to ensure computer viruses and worms do not enter ______________’s
system.
6.1 Anti-Virus software shall be installed in all personal computers, laptops and
other handheld devices. The bank’s MIS system support personnel will
screen all software before being installed on any computer.
6.2 The system administrator will maintain a record of all files and directories on
all ______________ computers. It is the responsibility of the administrator
to understand the purpose and function of each file of ______________’s
computers. This record will be updated monthly and compared to the record
of the previous month in an attempt to identify any logic bombs within a
computer, which the virus scanner cannot detect.
6.3. No employee shall install any software on his/her computer; the MIS Division
authorized system support personnel shall install all software.
6.4. No system user may upload either data or programs to ______________’s

computer system without the written permission from the MIS Division Head
or supervisors.
7. Access to operations Working Area
7.1 Access to Operations Working Area
7.1.1 Only authorized personnel shall be allowed entry into the MIS
division. Visitors/guests shall be allowed entry only upon prior
authorization form an MIS division Head/supervisors and provided
they log-in in the visitors/guests log sheet indicating purpose of visit
and the person to be visited.
7.1.2 Pull out of office machines, computer equipment, reference manual,

supplies, etc. shall be allowed only if authorized by an MIS division
Head/supervisors. A corresponding gate permit should likewise
accompany pullout of items.
7.2 Access to Computer Room
7.2.1 The main entrance door of the computer room is equipped with a
security lock requiring the authorized personnel to key-in a PIN
(Personal Identification Number) to unlock the door.
7.2.2 As a security precaution, PIN change shall be done at least once a

month and shall be performed only by the MIS Division Head.
of 14
7.2.3 The PIN shall be known only to the following personnel:
 MIS Head
 MIS Supervisors
 Authorized MIS System Support Staff
7.2.4 Only the following personnel shall be allowed entry into the Computer
Room.
 MIS System Support staff on duty and authorized
 Authorized Data Communication staff members and

communication carrier technical staff performing leased line
repairs/maintenance.
 Technical staff of computer vendors/suppliers performing

repairs/maintenance of the mainframe computer systems and
their peripherals
 Technical staff of computer vendors/suppliers whose

products/equipment are in the computer room for
demo/testing purposes on a case to case basis
 Analysts/Programmer performing problem resolutions

requiring access of the production database under the
supervision of MIS Division Head/supervisors
 Bank’s maintenance staff cleaning the computer room under
the supervision of the MIS personnel on duty
 Those given authorization to enter the computer room by the

MIS Division Head depending on the purpose of access
8. Access to the Computer Systems
8.1 The MIS Division Head shall be designated as the Lead System Administrator
who shall see to it that only the authorized users are logged-in to the system.
He shall also be responsible in effecting changes like parameters in the
system when required.
8.2 The System Administrator shall assign alternate System Administrators to

assist him in his functions and to serve as his backup during his absence.
8.3 Only the MIS System Support personnel on duty shall undertake the
operation of the computer systems and their peripherals.
of 14
8.4 Access of other personnel to the systems for online applications should have
the approval of the Department Heads and the MIS Division Head.
8.5 To gain access to the system, a user shall be assigned a unique user ID and
password of which password shall be known only to him.
8.6 A user’s access to the system shall be limited relative to his functions and
position.
9. Emergency Procedures
______________ has established comprehensive data center emergency procedures

to provide for the protection of personnel and property during an emergency. The
safety of all personnel is first and foremost in any emergency.
9.1 Fire Safety
9.1.1 If the fire does not appear to be an immediate threat to personal

safety, the following steps shall be undertaken:
 Notify the Fire Department.

 If the fire is located within the computer room, use the emergency
power off button to shut down the equipment.
 Notify the MIS Division Head.
 If the fire has not advanced too far, attempt to extinguish it with
a fire extinguisher.
 While ensuring personnel safety at all times, attempt to store any

valuable records in a secure location.
9.1.2 If the fire is determined to be an immediate threat to personal safety,

personnel shall implement the evacuation procedures, close all doors
to the fire area, and notify the fire department when they are safely
away from the area.
9.2 Emergency Evacuation Procedures
9.2.1 The MIS Division Head/supervisor shall be responsible for directing

evacuation.
9.2.2 Supervisors shall be responsible for supervising the evacuation of

their respective areas. Personal safety is of first and foremost
of 14
importance in these emergency procedures, so steps that cannot be

safely completed should be ignored.
9.2.3 The supervisors should attempt to secure all valuable records in safe
place.
 The premises shall be evacuated using the designated escape

routes for each area.
 Doors shall be opened cautiously and only after testing them for
heat.
 Everyone shall gather at the designated assembly point and stay

in the area until instructions to leave are given.
10 Disaster Recovery
Disaster recovery planning for the MIS division includes backup plans for key
elements within the department and contingency plans or strategies for the recovery
of operations.
5.1 Identification of Events with Potential to Disrupt Services
The MIS Division Head shall identify internal and external events that could
disrupt the ______________’s services assess and quantify the probability
of such events and their consequences and develop appropriate contingency
plans to mitigate risk or loss of service.
10.2 Backup Consideration
There shall be provisions for backups related to hardware, programs,

documentation, procedures and data files.
10.2.1 Hardware Backup
While there are several options for obtaining a hardware backup, the
______________ has elected to provide in-house backup, with all
mission-critical equipment installed in a second site.
10.2.2 Program and Documentation Backup
10.2.2.1 Program backup shall include duplicate copies of both the

operating system and the application programs. One set
of program backup shall be maintained in the MIS library,
while another set, which shall also serve as control copy,
shall be maintained at the off-premises
of 14
storage location controlled by the IT Auditor and Head of

MIS Division.
10.2.2.2 ______________ shall use a three-cycle (grandfather-

father-son) retention system to provide a backup of
current data.
10.2.2.3 Master files and transaction files that are sufficient to

recreate the current day’s master files shall be stored both
on and off premises. New backup files shall be rotated to
the off-premises location before the old files are returned
to the data center.
10.3 Disaster Recovery Plan Testing
An annual test of the disaster recovery plan shall be performed. General

objectives for the test include determining the overall feasibility of the
recovery strategies, verifying compatibility of hardware backup, identifying
deficiencies in the plan, providing training for employees involved in disaster
recovery, and providing a mechanism for maintaining and updating the
recovery plan.
Type of Risk : Other Risks–Loss or Destruction of Facilities/Records
and Loss Arising from Frauds
Unit in Charge : ADMINISTRATIVE Officer
________________________________________________________________
DATE :
SUBJECT : OTHER RISKS ASSESSMENT CONDUCTED ON
Loss or Destruction of Facilities Yes No
1. Is the disaster control program being reviewed and updated at least

annually?
2. Are all units informed of ______________’s disaster control

program?
3. Are drills conducted to ensure that all personnel are aware of their
specific roles in the event of a disaster?
4. Are records and equipment marked with evacuation priority?
5. Are all offices equipped with firefighting equipment? Are these

being checked regularly to ensure that they function properly? Do
personnel know how to use this equipment?
6. Is the cash unit equipped with security alarm systems? Do branch

personnel know how to set these alarms?
7. Is a thorough background check of security personnel conducted

prior to assignment in ______________?
Losses Arising from Frauds
1. Is a thorough check of applicants for employment conducted

prior to hiring?
2. Is the principle of segregation of duties being strictly practiced?
3. Is there dual control for sensitive transactions?

4. Is there joint custody of items of value such as cash in vault,
negotiable collateral, securities, dormant accounts and
accountable forms?
Other Risks Assessment Report

Page 2 of 2
Recommendations:
Risk Examiner

Type of Risk : Other Risks–Information System
Unit in Charge : Management Information System
________________________________________________________________
DATE :
SUBJECT : INFORMATION SYSTEM ASSESSMENT CONDUCTED

ON
Physical Security Yes No
1. Is access restricted to the Information System department’s

authorized personnel only
2. Is access of authorized visitors controlled?
a. Are only authorized visitors allowed access to the data

processing facility?
b. Do authorized visitors must enter through the reception

area?
c. Do authorized visitors sign in and sign out?
3. Is the computer room under strict control?
4. Is access to the computer operations room limited to computer

operations personnel?
5. Are programming personnel denied access to the computer except

under very limited and specific circumstances?
6. Is the data center facility protected by fire and smoke detectors?
7. Are computer operations personnel informed of the location of fire

extinguishers and trained in how to use these?
8. Are the alternative power supply and UPS regularly tested?
9. Are defects referred to Administrative Department/supplier for

repair?
Information System Risk Assessment Report
2 of 6
Computer Room Maintenance Yes No
1. Are MIS personnel allowed to eat, drink or smoke in the computer

room?
2. Are confidential materials shredded before disposal?
3. Are supplies kept in the computer room limited to the quantity

required for operations?
4. Are cleaning fluids or other flammable materials stored in the

computer room?
5. Are desks and cabinets locked after scheduled working hours?
Equipment Care and Maintenance
1. Is maintenance by computer operations personnel limited to the

procedures outlined in the computer operation manual?
2. Do computer operators perform any significant equipment

repair?
3. Are cleaning and maintenance routines followed?
4. Are hardware and software “crashes” or errors recorded?
5. Do the record of hardware/software error include the reason or

suspected reason for the problem, the time the action taken to
correct the situation, and who took the action?
6. Are there service contracts with all significant hardware vendors?
7. Are computer operations personnel present in the computer room

with the vendor’s service representative during scheduled
maintenance?
8. Are production programs and data files removed or secured before

any maintenance work is performed on the equipment?
9. Following maintenance is a system activity log printed and reviewed

by the MIS manager?
10. In case exception are noted, are these investigated and reported in
accordance with the manual on Administration of Cases?
Separation and Rotation of Duties
1. Are the duties and responsibilities of computer operations personnel

established to provide delineation of responsibilities?
2. Is there separation of duties between programming and

operations?

3 of 6
Separation and Rotation of Duties Yes No
3. Do all data center employees take two consecutive weeks of

vacation?
Equipment Operations
1. Are operator manuals, which provide specific instructions for the

operation of computer equipment, mainframe and peripherals,
developed and provided to computer operations employees?
2. Are the manuals current?
3. Do the computer systems have internal operating logs, which record

all events and actions that computer operators take?
4. Are these logs produced daily and reviewed by the MIS manager?
5. Are there procedures for controlling equipment operation

environment?
6. Do these procedures address the following areas?
a. Scheduling?
b. Equipment controls?
c. Library controls?
Data Security
1. Are data media secured and kept in the MIS library?
2. Is access to the data media library limited to authorized personnel

only?
3. Are items removed from the library upon filing of the proper written
request form with the librarian?
4. Does the library have fire protection?
5. Are all systems fully documented?
6. Are documentations stored in a secured location outside of the

computer room?
7. Do computer operations personnel have access to programming

documentation?
Telecommunication and Online Security
1. Is access to computer terminals restricted?

4 of 6
Telecommunication and Online Security Yes No
2. Are these activity controls by terminal, function, operator,

transaction and data type whenever possible?
3. Is a log of all terminal transactions maintained?
4. Does the log identity the following:
a. Terminal?
b. User?
c. Transaction detail?
d. Date and time of the day
5. Does the MIS manager review this log periodically?
6. Are exceptions investigated and reported in accordance with the

provisions of the Manual on Administration of Cases?
Emergency Procedures
1. Have data center emergency procedures been established?
2. Are emergency telephone numbers of key data center personnel

maintained?
3. Have steps to be taken during a fire been established?
4. Are MIS personnel aware of these steps?
5. Have officers in charge of directing an evacuation been assigned

and their responsibilities defined?
6. Have the steps to be taken during an evacuation, including the

following been established?
a. Secure all valuable records in a cabinet or locked

desk?
b. Lock and close tape and disk storage cabinets?
c. Designate escape routes?
d. Assembling at a designated point away from the

bank until further instructions are given?
5 of 6
Disaster Recovery Planning Yes No
1. Do the disaster recovery plans include backup plans for key

elements within the department and contingency plans for the
recovery of operations?
2. Is there a periodic review of hardware backup options?
3. Are duplicate copies of the operating system and application

programs made?
4. Are these copies stored off-site?
5. Are copies of any essential documentation stored off-site?
6. Are backup data files stored both on-site and off-site?
7. Does the disaster recovery plan include team assignments during

disaster recovery?
8. Are the duties and responsibilities of the teams defined?
9. Are the following information’s included in the plans?
a. Inventory lists of forms and supplies?
b. Master vendor list?
c. Critical telephone numbers?
d. Notification checklist?
e. Off-premises storage location inventory”
10. Are there procedures to follow during disaster recovery for eah
application or area of the department?
11. Do the procedures include the purpose of the procedure, action or

steps to follow, and reference material?
12. Is the disaster recovery plan tested annually?
13. Are disaster recovery plans upgraded regularly, based on

deficiencies discovered during the tests and/or new
developments/technologies?
6of 6
Recommendations:
Risk Examiner

Risk Management Manual

Uploaded by

Copyright:

Available Formats

You might also like

Risk Management Manual

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Risk Management Manual

Uploaded by

Copyright:

Available Formats

RISK MANAGEMENT MANUAL

 The process of implementation;

l. ALALAY SA KAUNLARAN’s Risk Management Philosophy

Microfinance is inherently a business engaged in risk-taking. It is imperative that

ll. Definition of Terms

Risk is the compound estimate of the probability, and the severity, of an

2. Risk Management or Risk Management System

This consists of: a comprehensive risk identification and measurement

lll. Types of Risk

Since microfinance is inherently a business in risk taking, it follows that its

The more important risks in _______’s operations are the following:

Incidences of credit risk are found in various stages of a loan’s life:

2.1 The Pressures on Liquidity

The management of liquidity seeks to maintain an optimum liquidity position.

2.1.2 The “Primary Reserves”

The Management should determine the amount level of the Primary

2.1.3 The “Secondary Reserves”

2.1.4 “Shiftable Assets” /”Tertiary Reserves”/”Investment

2.1.5 Synchronizing, to the extent possible, maturities of receivables and

This is a risk to earnings or capital due to improper transactions being made.

5. Foreign Exchange Risk

This is a risk to earnings or capital arising from movements in foreign exchange

This is the risk to earnings or capital due to unenforceable or not properly

8.1 Loss or destruction of ______________ facilities, equipment and records

8.2 Loss arising from frauds, defalcation, embezzlement, or dishonesty

8.3 Information Technology risk such as power outages, natural disasters,

lV. Risk Management System

The structure of the ______________’s Risk Management System is as follows:

1. The Board of Trustees has the responsibility of adopting policies and

2. There shall be a Risk Management Committee which reports to the Board

 Credit Operations Director

The major responsibilities of the Chairman shall include, among others:

i. presiding over the Committee meetings and ensuring effective

i. attending the Committee meetings, actively airing views on the discussed

Meetings of the committee shall be conducted atleast every semester. Ad

The term of office of the Committee members shall be determined by the

3.2 To conduct familiarization seminars on the provisions of the Manual.

3.3 To conduct a discovery process to identity risks not so far covered by

3.4 To monitor monthly to the supervising Risk Management Committee

3.5 To submit to the Board of Trustees, thru the Risk Management

4.1. ______________’s system of internal controls which shall promote

4.2.1 The depth and frequency of internal audit which shall be

4.2.2 The development of adequate controls to bring into the

4.3 The continuous evaluation of the independence and overall

Vl. Risk Control

1. The Board of Trustees shall approve all significant policies relating to

2. Risk Management Committee shall review and evaluate risk management

2.1 The review shall include assessment of risk limits, methodologies,

2.2 The review shall made at least annually, or whenever market

2.3 Recommended changes in the risk management guidelines shall be

3. The Board of Trustees shall approve the products/services that

4. Certain specified transactions, balances and/or positions shall be reported

4.1 For credit accommodations

4.2 Foreign exchange transactions

4.3 For investments

4.4 For liquidity management

4.5 For compliance in general