Operational risk management of microfinance institutions

By Priya Chetty on June 30, 2017
Image by IFPRI-IMAGES on Flickr

Operational risk management in microfinance institutions are important in day to day operations to mitigate risks such as:

  • frauds,
  • delinquencies,
  • workforce turnover,
  • liquidity,
  • change in interest rates,
  • regulatory among a host of others.

All these risks experienced by the microfinance institutions are categorised into:

  • credit,
  • market,
  • operational and
  • strategic,

falling under financial and non-financial nature respectively (Abhay 2010). Both strategic and operational risks are consequences of human folly, system failures, natural disasters, weaknesses of the board or its poor strategy, regulatory environment which when materializes, leads to financial loses. This article essentially deals with exploring the operational risk associated with the microfinance institutions and its management.

The concept of operational risk

The Basel Committee on Banking Supervision (2001; p.2) referred to the concept of operational risks as:

“the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events”.

With the increased usage of technology and recognition of the significance of human resources in determining enterprise success, the concept of operational risks has gained importance. Besides, the concerned risk takes into its fold all the departments within an enterprise, since both technology and human resources are key to every departmental functioning.

Microfinance institutions in such a scenario are no exception. They have their own share of technological advancements and dependence such as, usage of computers for daily desk jobs to advanced softwares and application of swipe cards and biometrics, among others. However, increased dependence of technological assistance coupled with weak internal systems, low business and human ethics and competition leads to enhanced operational risks within these institutions (Khandelwal 2007).

Types of operational risks

Majorly, the operational risks faced by microfinance institutions are further categorized into five kinds, as reflected below:

Human risks Errors, frauds, collections, animosity
Process risks Lack of clear procedures on operations such as disbursements, repayments, day to day matters, accounting, data recording and reporting, cash handling, auditing
System and technology risks Failure software, computers, power failures
Relationship risk Client dissatisfaction, dropouts, loss to competitions, poor product
Asset loss and operational failure due to external events Loss of property and other assets or loss of work due to natural disaster, fires, robberies, thefts, riots etc.

Categorisation of Operational Risks faced by MFIs’, (Source: Abhay, 2010)

Mitigation of operational risks

Upon identifying various operational risks, a plethora of studies have proposed risk management strategies, which involves processes to mitigate the risks. The concept of operational risk management involves continual cyclic processes of assessment of risks, decision making and employment of risk controls. In addition, the operational risk management acts as pre-empt to weak internal controls and frauds experienced by microfinance institutions thereby protecting the integrity of its employees. Reports of Consultative Group to Assist the Poor (CGAP) (2009) and Mago et al. (2013) organized operational risk management of microfinance institutes into three levels of processes:

  • In-depth: applied before a project implementation, since a considerable amount of time is needed for project preparation and planning. It helps microfinance institutions to develop its human resources through methods like training, crafting of instructions and acquisition of personal protective equipments.
  • Deliberate: applied during the implementation stage of projects, this level involves operational risk management at regular intervals through methods like quality assurance, on-job-training, safety briefs, performance reviews and safety checks.
  • Time Critical: This level of operational risk management is applied during execution of operations involving all the available resources within the microfinance institutions, namely, individuals and teams. This level enables the workforce to accomplish its mission effectively and safely, especially within a limited time and resources supply.

Risk management and feedback loop

MicroFinance Network (2000) has provided a risk management and feedback loop for micro-finance institutions, segregating the process into six stages:

operational risk is one of the major risk in the micro finance institutions which must be addressed properly
Risk management and feedback process system for microfinance institutions (Source: MicroFinance Network, 2000; p. 34)

The loop presented above reflects the stepwise mitigation of operational risks by microfinance organisations. Initiation has been made with identification and prioritization of risks followed by development of strategies in measuring risks. After strategy development, designing of the policies and procedures has been suggested followed by their implementation through assigning of responsibilities to concerned individuals and teams. The results incurred are then evaluated and tested to ensure their effectiveness, thereby enabling the institutions to take care of potential gaps identified. Lastly, the policies and procedures are revised periodically (especially if any gap is being identified) to ensure their efficiency, establishing an enhanced operation risk management process.

Explaining the operational risk management maturity model

McConnell (2005) on the other hand developed an Operational Risk Management Maturity Model (ORMMM). This model focus on the necessity of microfinance institutions to grow maturity in operational risk management process. Thereby establishing an effective practice of tackling varied and dynamic risks attacking their operations. The model has identified five maturity levels along with their requisite criteria, which the institutions need to achieve.

  • Initial: Management recognizes that Operational Risk Management needs to be addressed but there are no standardized processes in place and Operational Risk issues (such as major losses) are only addressed reactively.
  • Managed: Management is aware of Operational Risk Management issues, and selected processes have been identified and implemented, but standardized measurement has not been implemented across the organization
  • Defined: Standardized Operational Risk Management processes are in place across the organization, performance is being monitored but root cause analysis of problems is only occasionally being applied.
  • Quantitatively Managed: Standardized processes are in place and responsibilities and process ownerships are clearly defined. Operational Risk Management processes are aligned with business strategy. Quantitative measurements, such as Key Risk Indicators (KRI), are in place for all processes and economic capital is being allocated against these measures. However, there are no continuous improvement programs in place to align Operational Risk with the organization’s ‘risk appetite’.
  • Optimized: ‘Best practice’ Operational Risk Management processes are in place and are closely aligned with business strategies. Costs and benefits of Operational Risk Management are defined, are balanced against risks and are communicated and applied across the whole organization.

Given the emergence and continuous rise of the microfinance industry providing opportunity for investments by the social entrepreneurs and institutional investors. Therefore it is significant for them to implement effective operational risk management. This is done through continuous assessments and identification of opportunities, threats, technological innovation, improved business operating models. Furthermore, involvement of its specialized workforces and execution of its management policies can help to mitigate the risk. This in turn will ensure quality in terms of products, management and governance. This will further strengthen their systems and plan for market-led growth in future.


  • Abhay, N., 2010. Types of Risks faced by Microfinance Institutions. India Microfinance. Available at: http://indiamicrofinance.com/types-risks-faced-microfinance-institutions.html [Accessed October 21, 2016].
  • Ashta, A. & Khan, S., 2012. Risk mitigation in Microfinance: The need for microequity. In European Microfinance Week. Luxemburg: PwC, p. 19.
  • Basel Committee on Banking Supervision, 2001. Operational Risk, Basel, Switzerland.
  • CGAP, 2009. Operational Risk Management for Microfinance Institutions, Washington.
  • Ernst&Young, 2014. Challenges in microfinance: an EY perspective, London.
  • Khandelwal, A.K., 2007. Microfinance Development Strategy for India. Economic & Political Weekly, 42(13), pp.1127–1129+1131+1133+1135. Available at: http://www.jstor.org/stable/4419411?seq=1#page_scan_tab_contents.
  • Mago, D.S., Hofisi, D.C. & Mago, M.S., 2013. Microfinance Institutions and Operational Risk Management in Zimbabwe: Insights from Masvingo Urban. Mediterranean Journal of Social Sciences, 4(3), pp.159–168.
  • McConnell, P., 2005. Measuring operational risk management systems under Basel II. In Risk Trading Technology. Sydney.
  • MicroFinance Network, 2000. A Risk Management Framework for Microfinance Institutions, Postfach, Eschborn.
  • RAFIP Project, 2014. Risk Management in MFIs. In Risk Management Training Programme for Money Lenders. Accra: MOFEP/RAFIP CAPACITY BUILDING FUND, p. 15.