___________________________________________________________________________

2011/GFPN/WKSP/018 Session 5

Risk Management Regulatory Framework for Microfinance Institutions - The Peruvian Case

Submitted by: Peru

Workshop on Microfinance Best Practices Ha Noi, Viet Nam

7-8 April 2011

1

RISK MANAGEMENT REGULATORY FRAMEWORK FOR MICROFINANCE INSTITUTIONS

The Peruvian Case

Myriam CórdovaMyriam Córdova 

Chief of Microfinance Supervision, SBS ‐ Peru

APEC Workshop on Microfinance Best PracticesApril 2011

Agenda

Context: Microfinance in PeruContext: Microfinance in Peru

Regulatory framework

Recommendations

Myriam Córdova Luna 2

2

Context:Microfinance in Peru

Myriam Córdova Luna

Microfinance in Peru

Microenterprises represent 98% of the totalnumber of enterprises in the country, contributewith 25% of Peruvian GDP, and employ 55% of thecountry labor force.Micro loans represent 6.2% of the total amountgranted by the Peruvian Financial System;however, microclients represent 22.51% of the totaldebtors.Number of micro clients: 1,6 MM (Dec 2010)

Total Portfolio Financial System: US$ 41 176 millions.Total Debtors Financial System: 7 328 563Peruvian GDP: US$ 139 752 millions

Myriam Córdova Luna

3

Baseline

Myriam Córdova Luna 5

Context changed… 

New products and services

MFIsMFIsMFIs competition

Downscaling Transparency of information

Active interest rates reduction

Myriam Córdova Luna 6

1980 1985 1990 1995 2000 2005 2011

MSLOs RSLOs EDPYMEs BANKs

4

Risk Management

Myriam Córdova Luna 7

Enterprise Risk ManagementIntegrated Framework

Regulatory Framework( )(Res.037‐2008)

5

Enterprise Risk ManagementEnterprise Risk Management is aprocess, effected by an entity’sboard of directors, management

Categories of objetives

and other personnel, applied instrategy setting and across theenterprise, designed to identifypotential events that may affectthe entity, and manage risk to bewithin its risk appetite, toprovide reasonable assuranceregarding the achievement ofentity objectives.

Myriam Córdova Luna9

Enterprises should manage their risks proportionately to their size andcomplexity of their operations and services.

Committee of Sponsoring Organizations of the Treadway CommissionCOSO – ERM Framework

•Ethical values, technical and moral qualifications of personnel•Organizational structure• Conditions to define

• Aligned with institutional mission and vision•Consistent with risk tolerance and degree of acceptable risk exposure

•Interdependence among events, as well as influential factors determining them

•Qualitative and quantitative  methods or a mixture of both

Risk Management ‐ Components

Conditions to define reporting lines and allocate responsibilities

Internal environment

p p

Objective setting Event identification Risk Assessment

•Accept the risk, reduce the likelihood of occurrence, reduce its impact, transfer it totally or partially, avoid risk

•Efficiency and effectiveness of business operations, reliability of information and compliance with laws

•Appropriate and timely information to the Board, managers, staff, as well as external stakeholders

•Evaluation of the operation of the comprehensive risk management framework

Risk response Control activities Information and communication Monitoring

12/04/2011 Myriam Córdova Luna 10

6

There is a direct relationship between objectives (what 

tit t i t hi )

Enterprise Risk Management

an entity strives to achieve) and enterprise risk management components (what is needed to achieve the objectives).

It is not strictly a serial processprocess.

Components will not operate the same way in every institution.

Myriam Córdova Luna 11

Committee of Sponsoring Organizations of the Treadway CommissionCOSO – ERM Framewok

Types of Risk 

Credit Risk

MFIsMFIs

Strategic

Risk

Liquidity Operational 

Reputational Risk

Myriam Córdova Luna 12

Risk

Market Risk

Risk

7

Enterprise Risk Management

Should have a comprehensive understanding of the business risks, but not manage each risk separately, ignoring what is 

happening in the rest of the institution

Myriam Córdova Luna 13

Best prospects to long‐term business success

Enterprise Risk 

Management Regulation

Enterprise Risk Management Regulation

Internal and External AuditRes. No 11699‐2008Res. No 17026‐2010 

Conglomerate RiskRes. No 11823‐2010 

Res. No 037‐2008

Credit Risk Liquidity Risk Market Risk Operational  Risk

Credit Risk Management(Res. 3780-2011)

Over-indebtedness Risk

Operational Risk Management (Res. No 2115-2009)

Treasury Management(Res. No 472-2001)

Stress test scenario

Risk Management Supervision(Res. No 509-98)

Additional Capital Requirement (draft published)

Management(Res. No 6941-2008)

Provision RequirementProcyclical Provisions (Res. No 11356-2008)

Foreign Exchange Credit Risk Regulation(Res. N° 41-2005)

Credit Risk Capital Requirement (Res. No 14354-2009)

Business Continuity(Circ. No G-139-2009)

Information Security(Circ. No G-140-2009)

Operational Risk Capital Requirement (Res. N o 2115-2009)

and Contingency Plan, Liquidity by maturity(Circ. No 2093-2001)

Liquidity Risk Management (draft)

Market Risk Management (draft)

Foreign Exchange Risk Management(Res. No 1455-2003)

Interest Rate Risk Management(Circ. No 2087-2001)

Market Risk Capital Requirement (Res. No 6328-2009)

8

Organizational Chart

Annual Meeting of Stockholders

Board

Risk Committee 

Compliance Committee

Audit

Risk Management 

Unit

Compliance Unit

InternalCEO

Business Area 1 Business Area 2 Business Area 3 …

Audit Committee

Internal 

Audit Unit

Myriam Córdova Luna

Roles and Responsibilities

Board Board Design, approve and oversee the ERMDesign, approve and oversee the ERM

ManagementManagementImplement, consistent with the directionImplement, consistent with the directionDesign, approve and oversee the ERM

framework, and promote an internalenvironment that facilitates itsdevelopment.

Provide reasonable assurance that theenterprise manages effectively its risks,consistent with risk tolerances.

Design, approve and oversee the ERMframework, and promote an internalenvironment that facilitates itsdevelopment.

Provide reasonable assurance that theenterprise manages effectively its risks,consistent with risk tolerances.

Implement, consistent with the directionprovided by the Board, appropriatesystems to manage the risk to which theIMF is exposed.

The CEO is ultimately responsible andshould assume ownership. Othermanagers support IMF´s riskmanagement framework, promotecompliance with its risk appetite, and

i k ithi th i h f

Implement, consistent with the directionprovided by the Board, appropriatesystems to manage the risk to which theIMF is exposed.

The CEO is ultimately responsible andshould assume ownership. Othermanagers support IMF´s riskmanagement framework, promotecompliance with its risk appetite, and

i k ithi th i h fmanage risks within their spheres ofresponsibility consistent with riskstolerances.

manage risks within their spheres ofresponsibility consistent with riskstolerances.

Myriam Córdova Luna 16

The risk officer, internal auditor and compliance officer usually have key supportresponsibilities. Other personnel are responsible for executing enterprise risk managementin accordance with established policies, practices, manuals and procedures.

9

How to assure compliance?

Board´s Compliance Statement

Annually, Board members should sign a Compliance Statement in whichthey assure the following:they assure the following:

They are aware of ERM regulations and their role and responsibilitieswithin that framework.

The enterprise manages its risks appropriately according to its size andcomplexity of its products and services, except for deficiencies identifiedand disclosed in the Compliance Statement.

They have received information from managers Audit Committee RiskThey have received information from managers, Audit Committee, RiskCommittee and External Auditors and have adopted corrective measuresto avoid deviations from approved risk management policies andpractices.

Deadline: 120 days after the end of the fiscal year

Myriam Córdova Luna 17

Recommendations

Myriam Córdova Luna

10

Recommendations for effective implementation

IMFs

Board commitment

POLICYMAKERS

Adequate  timeframe ( )Managers ownership 

Comprehensive approach

Multidisciplinary team 

Internal framework and risk matrix design  

External expert advise, if 

(adaptation period) with partial verification milestones.

Internal audit support

Training 

Mechanisms to supervise effective implementation

Myriam Córdova Luna

needed

Internal and external independent assessment

effective implementation (on‐site supervisory guidelines) 

Capital planning self assessment and supervisory review

19

ThanksThanks

wwwwww..sbssbs..gobgob..pepe

mcordova@sbsmcordova@sbs..gobgob..pepe

Myriam Córdova Luna

11

AppendixAppendix

Myriam Córdova Luna

Credit Risk Regulation

Myriam Córdova Luna

12

MICROENTERPRISESCOMMERCIAL

Credit Risk Regulation

REAL ESTATECONSUMER

• Individuals and firms• Finance production, commercial

activities and services• Debt US$ 30 000

• Individuals and firms• Finance production, commercial

activities and services• Debt> US$ 30 000

• Individuals• Home buying or improvement• Mortgage as collateral

• Individuals• Finance payment of goods and

services no related to business

Regulation of microcredit activityRegulation of microcredit activityMyriam Córdova Luna

Credit types(*)

Credit types Criteria to defineCorporate credits Sales higher than US$/. 71 MM

Big enterprise credits Sales from US$/. 7 MM to US$/. 71 MM

Medium enterprise credits Debt higher than US$/. 107M

Small enterprise credits Debt from US$/. 7M to US$/. 107M

Micro enterprise credits Debt lower or equal to US$/. 7M

Revolving consumer credits Up to US$/. 107 M

No revolving consumer credits Up to US$/. 107 M

Real estate  credits Not applicable

(*) Effective since July 2010

Credit Risk Capital Requirement

Myriam Córdova Luna

13

Microcredit Regulation Microcredit Regulation •Criteria: capacity to repay• Recognizes existence of particular credit methodology• Flexibility to provide d i

•Nonperforming loan is classified as nonaccrual if principal and interest have not been paid for at least 30 days. Nonaccrual l “ h b i l ” Th

•Debtor risk rating, by the number of days  overdue. This scheme is more demanding than that applied for commercial loans

documentation

Underwriting process

loans are “cash basis loans.” These loans can have interest credited only when the borrower makes payment.

Accountingrecord

Provisionsrequirement

• IncomeIncome• Capital • Indebtedness in the financial system• Credit history• Installment amount•Business expertise

Criteriarequired

Myriam Córdova Luna

Microenterprise debtor rating according by payment compliance

Number of days overdue

CommercialMicro enterprise and

consumption  Mortgage

Normal No overdue Up to 30

CPP Up to 60 31 to 90

Defficient 61 to 120 91 to 120

Type of creditRisk Category

Up to 8

9 to 30

31 to 60

Uncertain 121 to 365 121 to 365

Loss More than 365 More than 365More than 120

61 to 120

Key issue to ensure proper classification of the portfolio:proper reporting of refinanced loans.

Myriam Córdova Luna

14

Liquidity Risk Regulation

Myriam Córdova Luna

Liquidity Risk Regulation

Regulation requires adequate  administration systems of liquidity risk

Minimum  requirements of liquidity rate:

Current assets  as a percentage of current 

liabilities 

Reporting requirements of assets and liabilities 

matching, by maturity, under regular and stress 

scenarios and asystems of liquidity risk  ab es

National currency: 8% 

Foreign currency: 20%

scenarios, and a contingency  funding 

plan.

Myriam Córdova Luna

15

Market Risk Regulation

Myriam Córdova Luna

Market Risk Regulation

Adequate administration systems 

of market riskorganization, committees, risk units, information 

systems, valuation models

Limits for foreign exchange risk exposure:

Long net position:

< 60% of  capital

Short  net position:    

< 15% of  capital

Exposure limits for interest rate risk:EaR: < 5% of capital

Interest rate Risk (trading book)

Equity Price Risk (trading book)

Foreign Exchange Risk

Commodities Risk

Market Risk Capital Requirement

Myriam Córdova Luna

16

Operational Risk Regulation

Myriam Córdova Luna

Operational Risk Regulation

Adequate administration systems of operational 

risk

Specific regulation to manage technology risk

Information Safety Plan

Business Continuity Plan to ensure an acceptable level of operation of 

critical processes in case major internal or external 

failures occur

Operational Risk Capital Requirement

Establishes an important incentive to improve operational risk management: better operational risk management will lead to lower capital requirements

Myriam Córdova Luna

17

Calculation methodologies 

Advanced Measurement Approach(AMA)

Higher risk sensitivity

Alternative Standard Approach (ASA)

Basic Indicator Approach(BIA)

Lower capital requirement

( )

ASA and AMA requiere previous approval from the Superintendency. While enterprises are not issued the authorization, they should utilize BIA. 

In 2012 capital burden will be doubled for that type of risk. Challenge: Improve operational risk management to migrate to ASA

Myriam Córdova Luna

Additional Capital Requirement(draft published)

Myriam Córdova Luna

18

Additional Capital Requirement Proposal

Risk prone behavior

Buffer Economical 

Cycle

Interest rate risk in the banking book

Systemic

Concentration

Myriam Córdova Luna