Strategic Risk
Strategic Risk Types & Definitions
Strategic risk is the risk of inefficiencies related to the management of strategic aspects. Three subcategories have been identified within strategic risk: governance risk, reputation risk and external business risk.
• Governance Risk – Governance risk refers to the risk of inefficiencies caused by an inadequate governance structure and processes, internal control structure and human resources management.
• Governance Structure and Processes Risk – Governance structure and processes risk refers to the risk of inefficiencies caused by an inadequate governance structure and processes.
• Internal Control Risk – Internal control risk refers to the risk of inefficiencies caused by an inadequate internal control structure.
• Human Resources Management Risk – Human resources management risk refers to the risk of inefficiencies caused by an inadequate management of human talent.
• External Business Risk – External business risk refers to the risk of inefficiencies caused by an institution’s business activity in relation to the external business environment, and includes its ability to react to changes in the external business environment as well as to respond to competition.
• Reputation Risk – Reputation risk refers to the risk of inefficiencies caused by negative public opinion.
–
–
Governance Structure and Processes Risk
Policies
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| Formal set of policies and procedures to manage governance structure and processes risk. | Formal set of policies and procedures to manage governance structure and processes risk. | Formal set of policies and procedures to manage governance structure and processes risk. |
| • Institutional by-laws | • Up-to-date institutional by-laws | • Up-to-date institutional by-laws |
| • Participation of BoD members in credit/business committee, ALCO or risk committee and audit committee | • Participation of BoD members in credit/business committee, ALCO committee, risk committee, audit committee and other relevant committees (for example HR, technology) | |
| • Up-to-date elections regulations | • Up-to-date elections regulations | • Up-to-date elections regulations |
| • Internal work regulations | • Internal work regulations | |
| • Travel and subsistence regulations | • Travel and subsistence regulations | |
| • Code of ethical conduct | ||
| • Succession plan for CEO | • Succession plan for CEO | |
| • Succession plan for key managers | ||
| • Policies on information transparency | ||
| • Policies for the management of conflicts of interests | ||
| Mission | Mission, social objectives and activities | Mission, social objectives and activities, and social performance management system |
| Balance in the financial and social strategy provided by the BoD | Balance in the financial and social strategy provided by the BoD |
Limits
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| Limits on the composition of the BoD | Limits on the composition of the BoD | Limits on the composition of the BoD |
| • Composed of 5 to 9 members | • Composed of 5 to 9 members | • Composed of 5 to 9 members |
| • At least 40% of members are professionals and 20% have a social background | • At least 60% of members are professionals and 40% have a social background | |
| Frequency of BoD meetings | Frequency of BoD meetings | Frequency of BoD meetings |
| • Minimum quarterly, maximum three times a month | • Minimum monthly, maximum twice a month | • Monthly |
Risk Management Tools
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| Information flow to the BoD | Information flow to the BoD | Information flow to the BoD |
| • Financial statements and basic portfolio report, and quarterly report on fulfillment of operational plan | • Financial statements, comprehensive portfolio report and report on fulfillment of operational plan | • Well-structured management report that includes a summary of the reports presented to the committees |
| • Annual report of social indicators including an analysis of the risk of mission drift | • Monthly report of social indicators including an analysis of the risk of mission drift | |
| • Information validated by independent area (internal audit, system or accounting) | ||
| Training of members of the BoD | Training of members of the BoD | |
| • Existence of a training plan | • Training plan elaborated based on the auto-evaluation of the BoD | |
| • Existence of a dedicated budget | ||
| Annual auto-evaluation of the BoD and elaboration of an action plan | ||
| Business plan | Business plan aligned with financial and social objectives | |
| Financial projections with 3-5 year horizon and reviewed annually | Financial projections with 3-5 year horizon, reviewed annually and based on different scenarios | |
| Shareholders’ Agreement | ||
| Shareholders’ Agreement: presence of explicit and clearly defined social goals/indicators | ||
| Annual review of conflicts of interest | Annual review of conflicts of interest | |
| Strategic analysis of the variety and quality of products and services | Strategic analysis of the variety and quality of products and services, as well as systematic analysis of client satisfaction | |
| Financial education program for clients | ||
| Clearly communicated performance expectations and lines of accountability | Clearly communicated performance expectations and lines of accountability | Clearly communicated performance expectations and lines of accountability |
Risk Monitoring Tools
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| Up-to-date governance structure and processes risk matrix | ||
| Annual auto-evaluation of the BoD and elaboration of an action plan |
Internal Control Risk
Policies
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| Commitment to manage internal control risk | Formal set of policies and procedures to manage internal control risk | Formal set of policies and procedures to manage internal control risk |
| Financial statements closed within three months after the month’s cut-off date | Financial statements closed within one month after the month’s cut-off date | Financial statements closed within 10 days after the month’s cut-off date |
| Annual external audit | Annual external audit | Annual external audit by renown firm |
| Risk rating in line with regulation | Biennial risk rating | Annual risk rating |
| Biennial social rating |
Limits
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| No specific guidelines | No specific guidelines | No specific guidelines |
Risk Management Tools
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| Separation of functions: | Separation of functions: | Separation of functions: |
| • Existence of at least a CEO, a person in charge of finance, a person in charge of credit/business, and a part-time internal audit function | • Existence of at least a CEO, finance department, credit/business department and internal audit | • Existence of at least a CEO, finance department, credit/business department, internal audit department and risk management department (as well as other departments depending on structure, for example human resources, technology, social responsibility) |
| • Clear definition of functions and responsibilities | • Clear definition of functions and responsibilities | |
| Formalization and dissemination of policies | Formalization and dissemination of policies | Formalization and dissemination of policies |
| • Existence of up-to-date credit manuals, financial management manuals and functions manual | • Existence of up-to-date credit manuals, financial management manuals, functions manual as well as manuals covering other main processes | • Existence of up-to-date credit manuals, financial management manuals, functions manual, internal control manuals as well as manuals covering all other processes |
| • Availability of all relevant manuals to personnel | • Availability of all relevant manuals to personnel | • Availability of all relevant manuals to personnel |
| • Periodic training of staff on relevant policies and procedures | • Periodic training of staff on relevant policies and procedures | • Systematic training of staff on relevant policies and procedures |
| • Periodic evaluation of personnel’s knowledge of relevant manuals | • Periodic evaluation of personnel’s knowledge of relevant manuals | |
| Strict supervision structure, including: | Strict supervision structure, including: | Strict supervision structure, including: |
| • Branch manager and credit/business manager | • Branch manager, regional manager and credit/business manager | |
| • Cross-checking controls | • Cross-checking controls | • Cross-checking controls |
| • Business Plan and Operational Plan | • Business Plan and Operational Plan | • Business Plan and Operational Plan (consolidated and by department) |
| • Individual goals and objectives for field personnel | • Individual goals and objectives for field personnel | • Individual goals and objectives for all personnel |
| • Periodic monitoring of fulfillment of institutional and individual goals and objectives | • Systematic monitoring of fulfillment of institutional and individual goals and objectives | • Systematic monitoring of fulfillment of institutional and individual goals and objectives |
| Ex-post controls | Ex-post controls | Ex-post controls |
| • Internal audit controls based on annual work plan | • Internal audit controls based on annual work plan | • Internal audit controls based on annual work plan |
| • Surprise visits to branches | • Surprise visits to branches | • Surprise visits to branches |
| • Visits to clients | • Visits to clients | • Visits to clients |
Risk Monitoring Tools
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| Internal control risk matrix | Up-to-date internal control risk matrix | |
| Quarterly internal audit reports to Audit Committee | Monthly internal audit reports to Audit Committee | |
| Annual internal audit reports to Board of Directors | Annual internal audit reports to Board of Directors | Annual internal audit reports to Board of Directors |
Human Resources Management Risk
Policies
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| Commitment to manage human resources management risk | Formal set of policies and procedures to manage human resources management risk, including: | Formal set of policies and procedures to manage human resources management risk, including: |
| • Selection | • Selection | |
| • Contracts | • Contracts | |
| • Salaries, economic and non-economic benefits | • Salaries, economic and non-economic benefits | |
| • Staff appraisal | • Staff appraisal | |
| • Training | • Training | |
| • Career plans | ||
| • Code of ethical conduct | • Code of ethical conduct | |
| • Internal work regulations | • Internal work regulations | |
| Availability of human resources manuals to staff | Availability of human resources manuals to staff |
Limits
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| No specific guidelines | No specific guidelines | No specific guidelines |
Risk Management Tools
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| Existence of department dedicated to human resources management | ||
| Effective internal communication system (for example periodic staff reunions, intranet) | Effective internal communication system (for example periodic staff reunions, intranet) |
Risk Monitoring Tools
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| Human resources management risk matrix | Up-to-date human resources management risk matrix | |
| Biennial analysis of staff satisfaction and work climate | Annual analysis of staff satisfaction and work climate | |
| Quarterly analysis of staff turnover rate and reasons | Monthly analysis of staff turnover rate and reasons |
External Business Risk
Policies
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| Commitment to manage external business risk | Formal set of policies and procedures to manage external business risk | Formal set of policies and procedures to manage external business risk |
Limits
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| No specific guidelines | No specific guidelines | No specific guidelines |
Risk Management Tools
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| Business Plan | Comprehensive Business Plan with FODA analysis | Comprehensive Business Plan with FODA analysis |
| Institutional culture to anticipate and prepare for the impact of external events | Institutional culture to anticipate and prepare for the impact of external events | Institutional culture to anticipate and prepare for the impact of external events |
| Existence of sufficient cushion to confront external events | Existence of sufficient cushion to confront external events | |
| Effective feedback loop from field staff to management | Effective feedback loop from field staff to management | Effective feedback loop from field staff to management |
| Periodic client satisfaction surveys and feedback for product development | Constant client satisfaction surveys and feedback for product development |
Risk Monitoring Tools
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| External business risk matrix | Up-to-date external business risk matrix | |
| Periodic monitoring of external business environment | Periodic monitoring of external business environment | Constant monitoring of external business environment |
| • Market studies monitoring competitors’ offer and own competitiveness | • Market studies monitoring competitors’ offer and own competitiveness | • Market studies monitoring competitors’ offer and own competitiveness |
| • Benchmark analysis | • Benchmark analysis | • Benchmark analysis |
| Periodic drop-out analysis (levels, reasons and trends) | Constant client drop-out analysis (levels, reasons and trends) | |
| Participation in microfinance networks | Participation in microfinance networks |
Reputation Risk
Policies
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| Commitment to manage reputation risk, including: | Formal set of policies and procedures to manage reputation risk, including: | Formal set of policies and procedures to manage reputation risk, including: |
| • Credit policies in line with SMART’s client protection principles | • Credit policies in line with SMART’s client protection principles | • Credit policies in line with SMART’s client protection principles |
| • Responsible human resources management | • Responsible human resources management policies | • Responsible human resources management policies |
| • External transparency (for example publishing of financial statements, Mix Market, ratings) | • External transparency (for example publishing of financial statements, Mix Market, ratings) |
Limits
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| No specific guidelines | No specific guidelines | No specific guidelines |
Risk Management Tools
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| Biennial risk rating | Annual risk rating | |
| Biennial social rating | ||
| Client protection certification | ||
| Adequate risk management framework and management information reporting | Optimal risk management framework and management information reporting | |
| Participation in microfinance networks | Participation in microfinance networks |
Risk Monitoring Tools
Tier 3 Guidelines |
Tier 2 Guidelines |
Tier 1 Guidelines |
| Reputation risk matrix | Up-to-date reputation risk matrix |
Evaluate
–
–