Operational Risk

Operational risk is the risk of financial losses and negative social performance related to failed people, processes, and systems in an MFI’s daily operations. As MFIs decentralize and offer a wider range of financial products and alternative delivery channels, the operational risks multiply and it becomes increasingly important to manage them effectively. There are five categories of operational risk: people risk, process risk, systems risk, external events risk, and legal and compliance risk.

  • People Risk – People risk is the risk of financial losses and negative social performance related to inadequacies in human capital and the management of human resources. This encompasses the inability to attract, manage, motivate, develop, and retain competent resources and often results in human errors, fraud, or other unethical behavior, both internal and external to the institution.
  • Process Risk –  Process risk is the risk of financial losses and negative social performance related to failed internal business processes within every aspect of the business. This can include product design flaws and internal project failures.
  • Systems Risk – Systems risk is the risk of financial losses and negative social performance related to failed internal systems. This encompasses inter-branch connectivity, management information and core banking systems, information technology systems, power backup systems, and other technical systems.
  • External Events Risk – External events risk is the risk of financial losses and negative social performance related to the occurrence of external events typically outside of an MFI’s control. This encompasses both natural disasters such as hurricanes, flooding, earthquakes, and fires, as well as man-made events such as civil disruptions, war, robberies, arson, road blockades, and terrorist attacks.
  • Legal and Compliance Risk  – Legal and compliance risk is the risk of financial losses and negative social performance related to non-compliance with internal and external regulations and laws. This encompasses non-compliance with microfinance regulations, anti-money laundering (AML) requirements, tax laws, human resource laws, mandatory vehicle registration, internal codes of ethical conduct, and other regulations.
  • Policies
  • Limits
  • Risk Management Tools
  • Risk Monitoring Tools
Tier 3 Guidelines Tier 2 Guidelines Tier 1 Guidelines
Formal set of policies and procedures to manage people risks, including:
Formal set of policies and procedures to manage people risks, including:
Formal set of policies and procedures to manage people risks, including:
Tier 3 Guidelines Tier 2 Guidelines Tier 1 Guidelines
Not applicable
Not applicable
Not applicable
  • Policies
  • Limits
  • Risk Management Tools
  • Risk Monitoring Tools
Tier 3 Guidelines Tier 2 Guidelines Tier 1 Guidelines
Not applicable
Not applicable
Not applicable
  • Policies
  • Limits
  • Risk Management Tools
  • Risk Monitoring Tools
Tier 3 Guidelines Tier 2 Guidelines Tier 1 Guidelines
Not applicable
Not applicable
Not applicable
  • Policies
  • Limits
  • Risk Management Tools
  • Risk Monitoring Tools
Tier 3 Guidelines Tier 2 Guidelines Tier 1 Guidelines
Formal set of policies and procedures to manage external events risk, including:
Formal set of policies and procedures to manage external events risk, including:
Formal set of policies and procedures to manage external events risk, including:
Tier 3 Guidelines Tier 2 Guidelines Tier 1 Guidelines
Limits on maximum cash at the branches, including:
Limits on maximum cash at the branches, including:
Limits on maximum cash at the branches, including:
  • Policies
  • Limits
  • Risk Management Tools
  • Risk Monitoring Tools
Tier 3 Guidelines Tier 2 Guidelines Tier 1 Guidelines
Not applicable
Not applicable
Not applicable
Tier 3 Guidelines Tier 2 Guidelines Tier 1 Guidelines
Not applicable
Not applicable
Not applicable