Microfinance Institutions (MFIs) play a unique role in emerging markets through providing access to financial products and services to a population segment that may otherwise have been financially excluded. A large variety of organisations (e.g. cooperatives, community banks, credit unions, NGOs) may fall under the umbrella term MFI. However, MFIs are generally categorised as those FIs that provide financial products and services to low-income clients who often lack access to other forms of formal financial services. Products extends beyond credit and covers savings, insurance, and basic payment services.
In the context of the ESG Toolkit for FIs, some of the key characteristics that make up an MFI include the following:
- They generally have a loan book which primarily comprises of microloans. The ticket sizes and definition of what thresholds can be used to classify a microloan may vary in different country contexts and users of the toolkit guide will need to consider country guidelines on income level limits for microfinance borrowers.
- The absence of, or reduced emphasis on, collateral.
- Client characteristics which are typically those who do not have access to other formal lenders.
- The purpose of the credit should be for income generating activities or consumer loans.
Through this Toolkit, CDC aims to support MFIs to effectively manage the environmental and social (E&S) and business integrity risks and negative impacts associated with such lending practices, while maximising the positive impact on clients using such products.
2. Key environmental and social aspects
This section outlines some of the material E&S risks, impacts and opportunities that are prevalent within MFI type organisations. Weak management of these issues may lead to financial and/or reputational damage for an MFI and have an impact on its ability to raise third party funding (debt and equity).
- Customer Protection
Successful and sustainable growth of businesses in emerging markets requires that firms understand the customers they serve and keep them at the centre of their work. Digitisation is driving down costs to serve and improving customer acquisition, as well as the increasingly widespread adoption of hybrid business models, presenting newer types of risk. More recently, the impact of COVID-19 on businesses is acute, which has had immediate implications for consumers in some of the most underdeveloped economies and financially vulnerable populations. Since end-client businesses are small and MFIs focus on bottom of the pyramid clients who are usually vulnerable to E&S risks, managing client protection risks should be the highest E&S priority.
CDC developed a set of principles for customer protection: four overarching values to actively assess, manage, and mitigate risk to end customers in our and our companies’ everyday work. Our framework has been developed into a toolkit that enables both ourselves and our investees to follow a practical set of steps to identify areas for improvement and develop a broader set of good practice. To generate business value and achieve sustainable positive impact, each principle corresponds to a different aspect of the organisation and its operations:
- Safeguarding of customers – is intended to be externally-facing and assesses the quality of a company’s interactions and communications with the customer.
- Fair treatment – is internally-facing and assesses whether the company’s business practices are fair to customers.
- Enabling organisation and culture – assesses whether the company’s culture, policies, processes, and governance structure enable it to meet the first two principles.
- Sustainability and innovation – is intended to be forward-looking and assess the company’s ability to be or remain customer centric and proactive about customer risk management.
- E&S Risk Management
While many of E&S risks and impacts associated with MFI operations apply to its day-to-day operational activities (i.e. internal labour and working conditions), there may also be E&S risks, impacts and opportunities related to the performance of its clients (i.e. transactional E&S risks) which will affect a client company’s financial performance and its ability to meet the financial commitment set by the MFI.
MFIs will be exposed to a range of transactional E&S risks through its client’s activities. This will depend on the type, size, and maturity of clients’ businesses being financed, the type and duration of the financing being provided, and the sector and geographic location the client is operating within. Given the nature of financing being provided by MFIs (i.e. often short- to medium-term loans to individuals or small or medium-sized businesses) exposure to E&S risks is typically low, however there are still instances where E&S issues, such as an accident or E&S fine or penalty, may influence a client’s ability to repay a loan. Examples of key E&S risks and impacts associated with MFI type facilities are outlined below:
- Sector-specific E&S risks associated with activities such as small-scale agriculture, manufacturing, taxis, and logistics companies in countries of high road safety risks, etc. (Refer to E&S Sector Profiles for further guidance.)
- Exposure to excluded activities through financing betting and gambling enterprises, bars, or film studios exposed to pornography, small artcraft workshops using wildlife products, small garages selling CFCs for air cooling systems refill, etc.
- Non-compliance with national and local E&S laws and regulations (including fire safety certificates, environmental licenses, etc.), particularly for loans disbursed to clients operating within informal markets.
- Clients’ use of harmful chemicals or pesticides which can pose health or environmental risks.
- Clients operating businesses that are not compliant with national labour and working conditions, with poor working conditions where workers or staff may be exposed to discriminatory practices, human rights abuses, child labour, or forced labour.
It is also important for the MFI to manage internal E&S-related risk (i.e. non-transaction related E&S risks) associated with its day to day business. This includes managing its own staff and workforce and ensuring that it is compliant with national and local labour laws and working conditions. It also includes consideration for the life and fire safety of the buildings in which it operates and the occupational health, safety and security of its staff – particularly for instances where loan officers undertake regular site visits to clients / prospective clients premises. For further information please refer to labour and working conditions alongside other relevant guidance under E&S Topics.
- Client Data Protection, Security, and Privacy
Ensuring the privacy and data security of personal financial data is an essential responsibility of MFIs. MFIs that fail to manage performance in this area are susceptible to legal liabilities, decreased revenue, and consumer confidence. As growth in digital platforms and cloud storage continues and more MFIs’ operations become more technology- and internet-dependent, data security will be an increasingly important issue to manage. Sophisticated technology and continuous training of personnel are essential in a world of growing cybersecurity threats.
On this basis, MFIs should consider designing and implementing data privacy and security policies and appropriate technology systems to govern the gathering, processing, use, distribution, and storage of client information to maintain its confidentiality, safety, and integrity. This includes mitigating client data and identity theft risks, protection against security breaches and fraudulent access, misuse of client information and rapid notification of security breaches, information leaks, cyber-attacks, etc. The policies should cover MFI staff members, including personnel that have left the organisation, and third-party service providers that interact with any confidential information/IT systems.
3. Key considerations when developing an E&S Management System for an MFI.
The section below provides guidance on specific considerations when developing an environmental and social management system (ESMS) for an MFI. For customer protection, refer to further resources provided at the end of this guide, and for general guidance on ESMSs, refer to ‘FI E&S Management Systems’.
Due to the smaller scale of client businesses and high number of loan applications being processed daily, MFIs should ensure that their approach to managing E&S aspects is commensurate to the inherent E&S risk and impacts posed by its clients. MFIs can limit their exposure to clients involved in high-risk sectors or industries that are not aligned with their organisation’s E&S policies through adopting negative screening of applications/application of an E&S Exclusion List.
- E&S PolicyWhen developing an E&S Policy, the MFI should carefully consider the types and significance of the E&S risks to which the MFI and its client portfolio will be exposed. It is also important to consider changing organisational priorities and expectations and aligning the direction of the E&S policy and practices with those of key stakeholders and with changes to its operating environment (i.e. climate change, digital transition, client protection, changing consumer preferences, etc.).
- Roles, responsibilities, and oversight/E&S CapacityThe responsibility for E&S management and performance rests at all levels of the MFI. This ranges from the Executive Management to the Credit and Risks teams, HR and Training Manager to the Loan Officers. Depending on the size of the MFI and the inherent E&S risk profile of its portfolio, it may be necessary to appoint a dedicated E&S Manager to oversee E&S management across the business. The E&S Manager may appoint dedicated E&S resources (i.e. E&S Officers or E&S Champions) to support it and credit teams in the implementation of E&S duties. This should depend upon the level of the E&S issues the MFI is likely to encounter, the size and type of MFI, and how responsibility for E&S implementation is allocated. Loans Officers will also likely play a key role in E&S management given their close interactions with the MFI clients. It will therefore be important to build their capacity and knowledge in identifying and flagging material E&S risks. This should involve the E&S Manager undertaking focused trainings on relevant sector specific E&S risks and impacts that are most relevant to the MFI.
- ProceduresInitial E&S screening against an Exclusion List and risk categorisation of loan applications play a key role in ensuring that MFIs are able to focus their efforts on assessing and managing the most risky applications from an E&S perspective. The Procedures should be lean and focus to cope with the large number of micro-loans that an MFI processes. This should involve E&S risk categorisation of all applications into high, medium, and low E&S risk categories based on the client’s sectors and size of loans – with additional E&S measures (i.e. tailored E&S questionnaires/checklists, site visits, more stringent E&S clauses, etc.) being applied only to those that have higher E&S risks. Consideration for any material E&S issues identified during the credit approvals process should be incorporated into the MFI decision making, which may be centralised or delegated at the branch level depending on the transaction size. E&S clauses and warranties should also be incorporated into loan agreements to ensure that clients comply with E&S requirements of the national and local regulatory frameworks as a minimum, as well as any set E&S requirements such as ILO Core Conventions depending on E&S risks identified in a transaction.
- Performance management/continuous improvementThe level of on-going E&S monitoring should be informed by the initial E&S risk categorisation process or specific E&S risk profile of a client. Typically, the focus will be on routine monitoring of high and/or medium E&S risk clients, to be carried out by Loan Officers, and supported by the E&S Manager/Officer, if required. On-going monitoring could include inspections of business records, site visits, and/or E&S monitoring questionnaires to be populated by chosen clients on a periodic basis. E&S monitoring information received should be collated and stored by the MFI, with key E&S issues/learnings being communicated to relevant management/teams to drive improved performance and continual improvement.
- External communicationE&S information gathered through initial E&S risk appraisal and on-going monitoring activities should be incorporated into annual E&S reports to ensure transparency and accountability between the MFI and its internal and external stakeholders. This can also be made publicly available on the MFI website or other media platforms.
4. Key considerations when developing a Business Integrity Management System for an MFI
Key financial crime risks for MFIs include fraud and anti-money laundering (AML) associated often with the large number of customers/loans and, higher use of cash. There are also operational risks in disbursing loans and collecting deposits especially in rural areas, alongside undertaking effective Know Your C0ustomer (KYC) and Customer Due Diligence (CDD) checks.
Like other FIs, MFIs should ensure they establish a Business Integrity Management System (BIMS) (see Business Integrity section). For MFIs, this should include establishing a compliance function/team to develop, implement and oversee financial crime policies and procedures covering key financial crime risks including fraud, AML, counter-financing terrorism (CFT), anti-bribery & corruption (ABC) and sanctions – see Business Integrity section for an outline of these risks and controls. A financial crime risk assessment should be performed to determine the MFIs risk appetite for financial crime and any exclusions and help shape the detail and extent of policies and procedures. It is expected as a minimum policies should be addressed for internal fraud, employee mis-conduct and AML / KYC/CDD (including risk rating customers as low/high or low/medium/high for AML. Operational risk policies covering loan disbursements/collections and information security/data protection should also be developed.
The compliance team is responsible for ensuring the policies/procedures are reviewed and approved by the Board and implemented across the business areas and in branches as well as being regularly maintained. The team should also provide financial crime advisory support and consider creating risk committees to discuss financial crime risk appetite/policies and high-risk customers/transactions or issues. They should also be responsible for delivering training on financial crime to employees and reporting to the board regularly on compliance against policies using relevant management information (e.g. % number of internal fraud incidents or suspicious activity reports (SARs) generated). The head of compliance should act as the Money-Laundering Reporting Officer (where required by regulation) including reviewing internal SARs and reporting relevant SARs to the regulator. They should also be responsible for ensuring the financial crime/compliance department is adequately staffed (including qualified staff) and have the tools to adequately fulfil its mandate.
The BIMS should also ensure the financial crime and operational risk policies and procedures are regularly audited and tested by internal audit functions or a qualified external auditor
MFIs may consider placing restrictions on certain products and services to lower their risk and promote accessibility. These measures include low-value loan thresholds, geographical restrictions, and restrictions on the type of customer who may use the product (for instance, only individuals). It is important to have a strong reporting mechanism within an MFI to identify suspicion of financial crime, and subsequent implementation of control activities such as enhanced due diligence, escalation, investigation, and reporting procedures. For further guidance, refer to the Business Integrity and the FI BI Management Systems sections of the toolkit.
5. Further Resources
- Guidelines for Responsible Investing in Digital Finance
- CDC Guidance on Protecting Customers during Covid-19
- GOGLA Consumer Protection Code
- Transition of the SMART Campaign
- SPTF Universal Standards
- Corporate Governance for Microfinance Institutions
- ESMS for Microfinance Institution | FIRST for Sustainability
- ILO Fundamental Conventions
- FMO Corporate Governance Toolkit for Banks, NBFIs and MFIs