Operational Risk

Operational Risk Types and Definitions

Operational risk is the risk of financial losses and negative social performance related to failed people, processes, and systems in an MFI’s daily operations. As MFIs decentralize and offer a wider range of financial products and alternative delivery channels, the operational risks multiply and it becomes increasingly important to manage them effectively. There are five categories of operational risk: people risk, process risk, systems risk, external events risk, and legal and compliance risk.

  • People Risk – People risk is the risk of financial losses and negative social performance related to inadequacies in human capital and the management of human resources. This encompasses the inability to attract, manage, motivate, develop, and retain competent resources and often results in human errors, fraud, or other unethical behavior, both internal and external to the institution.
  • Process Risk –  Process risk is the risk of financial losses and negative social performance related to failed internal business processes within every aspect of the business. This can include product design flaws and internal project failures.
  • Systems Risk – Systems risk is the risk of financial losses and negative social performance related to failed internal systems. This encompasses inter-branch connectivity, management information and core banking systems, information technology systems, power backup systems, and other technical systems.
  • External Events Risk – External events risk is the risk of financial losses and negative social performance related to the occurrence of external events typically outside of an MFI’s control. This encompasses both natural disasters such as hurricanes, flooding, earthquakes, and fires, as well as man-made events such as civil disruptions, war, robberies, arson, road blockades, and terrorist attacks.
  • Legal and Compliance Risk  – Legal and compliance risk is the risk of financial losses and negative social performance related to non-compliance with internal and external regulations and laws. This encompasses non-compliance with microfinance regulations, anti-money laundering (AML) requirements, tax laws, human resource laws, mandatory vehicle registration, internal codes of ethical conduct, and other regulations.

People Risk

Policies

Tier 3 Guidelines
Tier 2 Guidelines
Tier 1 Guidelines
Formal set of policies and procedures to manage people risks, including: Formal set of policies and procedures to manage people risks, including: Formal set of policies and procedures to manage people risks, including:
• Transparent remuneration policies (including incentives and benefits) for staff and board members • Transparent remuneration policies (including incentives and benefits) for staff and board members • Transparent remuneration policies (including incentives and benefits) for staff and board members

Limits

Tier 3 Guidelines
Tier 2 Guidelines
Tier 1 Guidelines
Not applicable Not applicable Not applicable

Risk Management Tools

Risk Monitoring Tools

Processes Risk

Policies

Tier 3 Guidelines
Tier 2 Guidelines
Tier 1 Guidelines
Formal set of policies and procedures to manage process risks, including: Formal set of policies and procedures to manage process risks, including: Formal set of policies and procedures to manage process risks, including:
• Risk-tracking policy • Risk-tracking policy • Risk-tracking policy
• Policies regarding cash transactions and handling; transport, at branch level, in the field • Policies regarding cash transactions and handling; transport, at branch level, in the field • Policies regarding cash transactions and handling; transport, at branch level, in the field
• Use of insurance policy • Use of insurance policy • Use of insurance policy
• Incident reporting policy
• Risk Self-Assessment policy
• Key Risk Indicator policy

Limits

Tier 3 Guidelines
Tier 2 Guidelines
Tier 1 Guidelines
Not applicable Not applicable Not applicable

Risk Management Tools

Risk Monitoring Tools

Systems Risk

Policies

Limits

Tier 3 Guidelines
Tier 2 Guidelines
Tier 1 Guidelines
Not applicable Not applicable Not applicable

Risk Management Tools

Risk Monitoring Tools

External Events Risk

Policies

Tier 3 Guidelines
Tier 2 Guidelines
Tier 1 Guidelines
Formal set of policies and procedures to manage external events risk, including: Formal set of policies and procedures to manage external events risk, including: Formal set of policies and procedures to manage external events risk, including:
Outsourcing policy Outsourcing policy Outsourcing policy
Security Security Security
Business continuity plan Tested business continuity plan, with alternate site containing installations required for main operations
Crisis management

Limits

Tier 3 Guidelines
Tier 2 Guidelines
Tier 1 Guidelines
Limits on maximum cash at the branches, including: Limits on maximum cash at the branches, including: Limits on maximum cash at the branches, including:
In the safes and vaults In the safes and vaults In the safes and vaults
At the cash desks At the cash desks At the cash desks

Risk Management Tools

Tier 3 Guidelines
Tier 2 Guidelines
Tier 1 Guidelines
Mapping of external event risks (at least every two years) Mapping of external event risks (at least every two years) Annual mapping of external event risks
Security measures at each branch, including: Security measures at each branch, including: Security measures at each branch, including:
Safes and vaults Safes and vaults Safes and vaults with time-delayed opening mechanisms
Guards
Cameras
Business continuity plan strategy
Cash transfers in armored vehicle

Risk Monitoring Tools

Legal and Compliance Risk

Policies

Tier 3 Guidelines
Tier 2 Guidelines
Tier 1 Guidelines
Commitment to manage legal and compliance risk, including: Formal set of policies and procedures to manage legal and compliance risk, including: Formal set of policies and procedures to manage legal and compliance risk, including:
Complaint handling Complaint handling Complaint handling
Anti-money laundering (AML) policy Anti-money laundering (AML) policy
Whistleblower policy
Suspicious transactions
Legal charter: inventory of all applicable legislation (including tax laws) Legal charter: inventory of all applicable legislation (including tax laws) Legal charter: inventory of all applicable legislation (including tax laws)
Code of ethical conduct Code of ethical conduct Code of ethical conduct

Limits

Tier 3 Guidelines
Tier 2 Guidelines
Tier 1 Guidelines
Not applicable Not applicable Not applicable

Risk Management Tools

Tier 3 Guidelines
Tier 2 Guidelines
Tier 1 Guidelines
Not applicable Not applicable Not applicable

Risk Monitoring Tools

Evaluate

RIM’s Risk Management Graduation Model is continually being revised to reflect the consensus standards within the microfinance industry.

Your evaluation and feedback is of utmost importance within this process.

Please provide your valued evaluation and feedback on the Operational Risk component in the form below:

 

Evaluator Information:

 

 

Risk Types & Definitions

 

Please provide your valued evaluation and feedback on the Operational Risk Types & Definitions listed above:

 

Framework Guidelines

 

Please provide your valued evaluation and feedback on the Risk Management Graduation Model framework guidelines listed above: