3 Key Risks in Going Digital – and How Microfinance Institutions Can Address Them: Grameen Foundation provides risk management tips for MFIs adopting mobile solutions
Editor’s note: This is the second in a series by Grameen Foundation on what it takes for institutions that provide microfinance services to go digital. You can read the first post here.
The speed and convenience that make digital services attractive to clients can bring a host of new risks for financial institutions that serve the poor.
For customers, digital services offered via third-party agents eliminate the need to carry cash long distances, and give them more visibility into their accounts through their mobile phones. For financial institutions, going digital means more transactions at a much faster rate with much less direct contact with clients. This can create risks in three key areas:
1. Centralized decision-making
2. Reactive vs. proactive risk management
3. Vendor and distribution partners
Centralized decision-making is risky
Digital information flows quickly, requiring decisions to be made in near real time. For this to happen, staff at the branches must either have authorization to identify and mitigate risk at that level, or have sufficient escalation protocols to support quick decision making. However, risk management is often centralized at the head office, and corrective actions are only taken after issues have been raised, formally reported, and addressed centrally.
Financial institutions could create delegation authorities for decisions to allow faster responses to certain situations, such as day-to-day issues like resolving account balances and opening accounts, or more critical, systemic issues like persistent network outages. As a part of our engagement through the Accelerator program, Grameen Foundation worked with Pride MDI to create a clear set of procedures, owners and decision makers to address problems as they arise. In the new model, the escalation matrix delegates authority to lower level managers who can take immediate action for certain events, and with authority appropriate for their position. These managers then report to the head office after they have taken corrective measures instead of reporting an issue and awaiting guidance.
Reactive risk management finds problems too late
Too often, organizations manage risk retroactively. When transactions happen via a mobile phone versus at the branch, multiple issues can arise before they can be raised at a formal credit committee or risk management committee meeting. This includes an unplanned system outage, challenges reconciling between the mobile network operator’s platform and the institution’s core banking system, or agents lacking cash or e-value to service customers.
As such, the tools used to monitor risk must be suited to the new channel to proactively manage risk identification and prioritization. In our Accelerator program engagement, we shifted Pride MDI’s current approach from managing a long list of Key Performance Indicators (KPIs), to understanding what shortlist of critical Key Risk Indicators (KRIs) could be monitored on a daily, weekly and monthly basis. This shift in the type and the frequency of the monitoring is helping the organization manage risk proactively instead of managing performance retroactively.
Figure 1 (left) shows how an organization could shift the way it monitors customer service, narrowing from five KPIs to two KRIs. Focusing on fewer metrics in real time that can be predictive of a legitimate risk to the business – or at least a changing trend – is much more effective than monitoring several metrics that merely count historical performance issues.
New vendors and distribution partners introduce new opportunities for risk in the system
Digital services require new technical vendors to work within existing systems, such as core banking systems, and those of mobile banking providers and other technical vendors. Having this many inflection points creates multiple opportunities for risk. Developing detailed process flows for each process, interaction, decision and consequence can help a microfinance institution avert a crisis resulting from integration challenges.
However, the risks that arise from new vendors are not only related to technology. For instance, using an external vendor for digital services transfers business performance to a third-party. Financial institutions must now rely on mobile network operator‘s agents for client interaction and customer service. These distribution partners become the liaison between the institution and the client, although they are not employees of the institution. Yet, if a problem arises (for example, the system goes down) it is still the institution that is responsible in the eyes of the client.
Financial institutions can prepare for this shift by developing back-up plans, process duplication and overrides that allow different vendors to interact with one another temporarily in the case of an outage of one partner. To provide sufficient customer service, the institution can work with the mobile network operator to ensure that customer service issues raised with agents are sent to both the operator’s headquarters, as well as to the financial institution. This ensures that the institution knows about the challenges and can engage directly with the customer. In these ways, institutions can approximate direct contact to preemptively understand client concerns before risks grow from localized to systemic problems.
Although many of the risks in building a new distribution channel are operational, risk management for digital services requires a holistic approach involving every division. It is, therefore, critical to have integrated teams, including staff experienced in credit, operations, HR, treasury, marketing and IT. For example, in our Accelerator program, we trained a partner task force within Pride MDI that jointly conducted a baseline assessment to help identify the current risk approach and identify areas in which risk management needed to be strengthened. Now, managers across the organization in this engagement take part in proactively identifying and managing risk.
Sylver Kyeyune, Head, Risk & Compliance, and Ritah Atuhairwe, Information Systems Analyst, at Pride Microfinance Limited (MDI) contributed to the piece.