The International Monetary Fund (IMF) recently inquired about the updates on high-profile financial scams that took place since last one year and sent a letter to the Finance Ministry to know about the loan recovery drives undertaken by the government in one of the largest scams. Three main financial scams namely Hall-Mark Group (Sonali Bank), AB Trade Link (Basic Bank) and Bismillah Group (Janata Bank, Prime Bank, Shahjalal Islami Bank, Jamuna Bank and Premier Bank) involved an amount of more than Taka 90 billion. All these scams revealed a common fact: irregularities and noncompliance in the process and procedure of loan approvals. And ironically, none of these risks falls within any special category where managing risks are sometimes beyond the control of the banks. It wouldn't be a wrong presumption that there are more such unreported irregularities.
There are risk management standards, policies, procedures, and reporting systems including globally recognised Basel Accord introduced by the Bangladesh Bank as mandatory compliances for all financial institutions. But the most important missing parameters are implementation and execution of these instructions in every financial institution, effectiveness of risks monitoring and reporting, and integrity of the reported information and reports submitted by the financial institutions to the Bangladesh Bank and/or respective regulators.
Risks are inherent in any type of ventures irrespective of industries and even in professional and personal life. Complete elimination of risks is an impossible proposition and not desirable either. But exposure to risks can surely be minimised. If it rains, none can stop it since it is a natural phenomenon and uncontrollable. But the possibility of rain can be predicted and using an umbrella or other protective measures can minimise the chances of getting wet. So are the risks in most of the time. Merely from the example of rain, it can be easily deducted that there are inadequacies in forecasting risks, some of which may be intentional and some are due to the absence of appropriate technologies, tools and techniques, and trained human resources working in risk management.
The most predominant risks in the financial industry are operational risks consisting of people, process and IT system-related risks. Unlike other types of risks like market risks and foreign exchange risks, most of the operational risks are controllable since these risks are typically embedded in the functional processes. Tragically, most of the financial institutions do not have well-documented process manual or operations manual. Even if there is formally-documented operations manual, it is shelved with care for satisfying internal and external auditors and regulators as a part of displaying compliance culture rather than implying execution. In many cases, functional processes lack comprehension in terms of efficiency, service orientation, control mechanisms, and compliance with internal and regulatory polices and guidelines, which ultimately entail huge risk exposures.
There are independent internal control and audit and risk management departments having direct supervisory linkage with the representatives of the Board of Directors in every financial institution as regulated by the Bangladesh Bank. But risk management and audit processes are still very primitive and far behind modern practices. There are huge inadequacies in tools and techniques and trained resources. Added to this is the tendency of the organisations to dump non-performing employees in the internal control and audit department as the last resort of retention. As a result, lapses in controls and other irregularities do not surface in many cases until a serious disaster takes place, let alone the cases of intentional forgery influenced by other entities including politically exposed persons (PEPs).
Risk management culture in Bangladesh is unfortunately like 'firefighting' rather than structured and systematic approach to forecasting and management of risks. Despite repeated financial scams involving huge amount of money and reputation loss in the international market, management mindset towards risk management seriously lacks comprehension and awareness. Risk management is perceived as impediment to business growth and people working in risk management are considered as the 'aliens'. Modernisation of risks management systems, assigning good resources and providing training to existing resources in risk management are treated with the least priority among every other initiatives and investments in the organisations. Ultimately risk management in its true spirit has been a far-reaching reality in most of the organisations.
One of the fundamental prerequisites of administering effective risk management is to have established and structured 'risk database'. Risks are supposed to be forecast, identified, analysed for impacts, and accordingly determine the risk mitigation strategies for implementation. Unfortunately, there is no such data repository either at organisational level or within the Bangladesh Bank. This has caused very limited or no facility to conduct trend analysis for forecasting the risks and define the corresponding probability and impacts. Although, as a part of the Basel Accord implementation, all banks are to determine the 'risk profile' and accordingly preserve minimum corresponding amount as the coverage of the risk exposures (MCR--minimum capital requirement), the accuracy and reliability of determining the MCR remains apprehensively doubtful.
To strengthen the risk management practices, the first and foremost step is the changing mindset of the senior management including the Board of Directors and the regulators. It is imperative to have adequate trained resources and contemporary policies and functional processes in place with appropriate mechanism of monitoring and controlling the outcome. It is equally significant to ensure that set policies and processes are being aligned with the strategic objectives of the organisations for maximising the returns on capital of the shareholders while minimising the exposure to risks.
Technology can play the most crucial role and can be effectively leveraged in establishing appropriate risk management systems including establishment and management of centralised risk database at enterprise and national level. This will enormously empower the financial institutions and the regulators in performing global, national and industry trend analysis for forecasting the risks, analysing the probability and impacts and proactively apply appropriate risk mitigation strategies. Most importantly, this would facilitate establishing an integrated risk management approach which would enable centralised control and monitoring of risks and allow organisations to take the risk exposures by choice, not by chance.
Risk management in this fastest moving and volatile global economy is no more a discretionary option. It is the fulcrum of every function of the organisation including its resources. A risk-awareness culture along with integrated risk management process and systems that are adaptive to organisational strategy is the key to secure the growth and sustainability.
