Chukwunomnso Anyichie, Chief Risk Officer, Coronation Group Limited in this interview sheds light on risk management practices, and discusses strategies for enhancing governance, compliance across financial institutions in Africa, writes Hope Moses-Ashike. Excerpt
What is the concept of Risk Management in Financial services in Africa?
The concept of risk management is crucial for financial services sector in Africa. When we think about risk management in Africa there have been significant improvements over the past decade. On our continent, particularly in Nigeria, many risk management implementations arose due to financial crisis and these improvements have largely been driven by regulators, including those in banking, insurance, pensions, and the Capital Markets. They have all rolled out risk management frameworks aligned with international best practices. These include risk management frameworks such as Iso 31000, COSO and BASELII/III which have formed the basis for developing risk management across various financial sectors in countries like Nigeria, South Africa, Kenya and Ghana.
In more advanced financial institutions in Africa, risks are managed leveraging advanced analytics, comprehensive risk assessment models, and strong governance structures. Recently, the Securities and Exchange Commission (SEC) issued a circular on implementing Enterprise Risk Management Framework Standards like COSO and ISO 31000. They have now introduced controls for enhanced oversight of the risk environment and practices of all capital market operators. These operators must now submit their risk profiles and Board approved enterprise risk management policies to the SEC.
At Coronation Group, we pride ourselves on implementing global best practices. We have implemented Enterprise Risk Management Policies and frameworks approved by our board. We beyond regulatory requirements; we aim to implement global best practices to ensure we manage and mitigate risks effectively, aligning with our strategic objectives.
What are the common risks that financial institutions in Africa face?
One key risk is credit risk. Credit risk occurs when customers or clients cannot repay loans, leading to non-performing loans. In Africa, especially in commodity-reliant countries like Nigeria, the fluctuation of commodity prices impacts debt repayment abilities.
Market risk is another concern. Financial institutions deal with various investment instruments such as mutual funds, stocks, and securities. Market risk involves the volatility of interest rates and exchange rates. For example, in Nigeria, we’ve seen Forex rates and interest rates rise to unprecedented amounts.
Operational risk is also significant, with challenges related to infrastructure such as power, telecoms, and roads, as well as cyber threats. As financial institutions go digital, cyber risks increases.
Regulatory risks arise from the various policies, circulars, and guidelines regulators issue to protect financial systems. I always refer to unprecedented events like COVID-19, numerous circulars were issued weekly, and financial institutions had to ensure compliance, which posed a risk. As a financial institution, make sure you are consistently scanning the regulatory landscape.
Financial Institutions continue to expand to other African countries. The expansion exposes the institution to more regulatory risk in different jurisdictions, due to varying regulatory requirements and guidelines. Managing stakeholders and regulators in these jurisdictions is crucial to ensure compliance.
Finally, rounding up the top five risk for me will be political risk. This risk impacts our businesses due to political instability and policy changes. This risk is closely tied to regulatory risk, as new rules can emerge from different economic views aimed at improving the financial system.
You mentioned compliance to new rules and regulation using companies listed on the Nigerian Stock Exchange as an example. We have seen over time lots of companies defaulting over corporate governance rules and the likes. How do you think all these institutions can really improve their governance?
These issues arise from a failure in control. Effective risk management requires robust controls. Taking for instance the example you gave on the failure of companies to submit their annual financial report on time, system and process controls, performance indicators, and clear lines of accountability should be in place to ensure compliance. Ultimately the board should have effective oversight, ensuring regulatory compliance of their institutions.
Board oversight is crucial. Boards have fiduciary duties and are accountable for overseeing management and the business activities on behalf of the shareholders. Board members are very experienced in their field and as directors but to enable them carry out their responsibilities effectively in our evolving and volatile business environment, it is imperative that there is continuous learning in place for the Board.
Some regulators have implemented strategies to ensure that clear accountability for compliance is at the Board. For instance, the Central Bank of Nigeria requires that there is an executive in charge of Compliance that sits on the Board. They also implemented a Sanctions scheme that includes penalties for individual Executives and Directors. Adopting international standards and tools aids compliance, protecting shareholders and stakeholders. It’s important for the board to understand that if this compliance risk crystallizes what the financial and reputational impact would be. The implementation of Corporate Governance Frameworks across the continent also further emphasizes the role of the Board and the importance of in upholding best Corporate Governance practices.
There has been this clamour, especially from the shareholders, that the financial institutions are over-regulated. How can these institutions be on top of these regulations.
Building professional relationships with regulators is key. In our continent, relationships are crucial. At Coronation, we engage regulators early, discussing our initiatives and carrying them along our journey. This helps when rolling out new products or services.
How has technology improved or impacted risk management in the financial sector?
Technology is a game changer in risk management. There are technology developments that have greatly improved how we manage our risks. One is data analytics. Having that data analytics, especially over time allows for predictive analysis and giving the risk practitioners real time information to enable effective identification and mitigation of risks. Analysis of the data allows for quicker and better decision making. At a push of a button, you’ll be able to immediately see an issue or an emerging risk and can immediately address it. Another is automation, with the development of risk and control tools, mundane data entry and manual processes are more efficient, allowing for the redeployment of resources. Another area where technology has been instrumental is in cybersecurity. Robust security tools, standards and measures have been developed and implemented to fight against cyber threats and to protect the businesses from cyber-attacks. Overall, technology provides real time insights and allows institutions like ours, to respond quickly to emerging risks that may crystallize.
With the myriads of risks faced regularly, what strategy can financial institutions deploy to enhance their resilience in business?
First, I’ll talk about stress testing. Carrying out stress tests to assess and prepare for adverse scenarios and identifying. I’ll tell you an interesting story. So, I was the director in charge of Governance, Risk and Compliance at PricewaterhouseCoopers. I was there 12 years prior to joining Coronation. I remember several years ago I had a banking client where I suggested stress test scenarios on foreign exchange, I suggested using N1,000/$1 at the time where forex was N300 to $1. They did not find the scenario plausible and a couple of years later we saw the exchange rate reach and surpass the proposed scenario.
Stress testing is a great tool and strategy where you can assess the outcome of different scenarios and its impact on your business, balance sheet, on your P&L. Management is then able to determine what actions they need to take to bring the company back to business as usual. This is a key tool to use especially with emerging risks. Therefore, stress testing is a key strategy that all all institutions in Africa need to put in place to enhance their resilience.
Another way to enhance resilience is by maintaining adequate capital for the company and ensuring that they have capital buffers to cover the material risks in the business. If you’re familiar with the Basel Framework which is an international regulation and global best practice standards in risk management, it requires institutions to calculate the amount of capital they need to cover their risks. This is global bank regulation that has been adopted by several African Central Banks including CBN. At Coronation we believe in adopting global best practices to manage risk and that the BASEL standards adds great value to our business. Therefore, even though this regulation is applicable to banks we have implemented the Internal Capital Adequacy Assessment Process (ICAAP) across the Coronation ecosystem to manage our capital adequacy, looking at our material risks.
Another strategy to enhance resilience is diversification. In Africa, there’s a lot of reliance on volatile sectors, and in cases of significant concentration there could be a higher risk exposure. Diversification is a good mitigant for concentration risk. We’re starting to see people diversify into other sectors such as manufacturing, tourism, agriculture. Diversification is important to reduce your concentration risk because you don’t want something to happen in that particular sector.
Finally, our risk culture; promoting a culture of risk awareness and proactive management. Risk management does not sit with the risk department. We have three lines of defense, the first line – business units and management. Whether it’s your salespeople, your tellers, your investment managers, your agency – they are the ones who actually on a daily basis have to manage risk. You have a second line of defense; risk and compliance. And then you have your third line of defense which is your internal audit. Every single person within your institution should be a risk manager.
