Risk Management Policy

Preamble

The Board of Directors (“Board”) of ELIMU BORA SERVICES LIMITED (“Company” or “NCPL”), has adopted the following policy which encompasses practices relating to identification, assessment, monitoring and mitigation of various risks to the business. Risk Management Policy of the Company seeks to minimize unfavorable impact on the business objectives and develop stakeholder value. Further, the risk management practices seek to sustain and enhance long-term competitive advantage for the Company.

Purpose

This Policy has been framed in accordance with the Risk Management framework as issued by Reserve Bank (“RESERVE BANK”) vide Master Direction DNBR. PD. 008/03.10.119/2016-17 dated September 01, 2016 (“RESERVE BANK Circular”) and amendments thereon.

The purpose of this policy is to address unanticipated and unintended losses to the human resources & financial assets of the Company without unnecessarily limiting the activities that advance its mission and goals. NCPL has introduced effective risk management systems that address the issues relating to various risks. The effective management of risk is vital to the continued growth of the Company.

Principles

For risk management to be effective, all operations/departments of the Company must apply the following principles to the context of the business and its objectives:

• Risk management must create and protect value
• Risk management is integrated into organizational processes.
• Explicit risk management helps decision-makers make informed choices.
• Risk management is focused on the sources of uncertainty around the achievement of objectives
• Risk management must be tailored to the context and fit for purpose
• Risk management is dynamic, iterative and responsive to change.

Definitions

• “Board” means Board of Directors of the Company.
• “Company/NCPL” means ELIMU BORA SERVICES LIMITED
• "Directors” mean individual Director or Directors on the Board of the Company.
• “Policy” means Risk Management Policy
• “RESERVE BANK” means Reserve Bank
• “RCM” means Risk Control Matrix

Policy

NCPL recognizes that Risk management as one of the key drivers of growth and for enhancement of corporate governance. Accordingly, the Board has framed the following Risk Management Policy:

To continuously thrive for available risks in the organization which directly or indirectly effect the functioning of the organization.

To ensure the protection of rights & values of Shareholders by establishing a well- organized Risk Management Framework.

Selecting, maintaining and enhancing the risk management tools used by the Program to provide analyses that inform and support the investment actions of the entire Organization.

Identification, Measurement and Assessment of Risk

Management’s responsibility, as delegated by the Board, is to operationalize the Risk Management Program and ensure that formal procedures are put in place to identify and define risk with input from representatives across the businesses.

Measurement of risk is completed considering both quantitative and qualitative means using the likelihood and impact criteria as developed by Management and as reviewed by the Board.

The management has identified certain inherent and residual risks which have been divided in accordance with likelihood and its impact on the business.

Following risks have been identified by the organization:

• Strategic Risk – This risk is related to the overall business strategies and the related economic/business environment
• Operational Risk - Arising out of technology failure, fraud, error, inadequate financial capacity to fulfil obligations and/ or to provide remedies, outsourcing of activities to vendors.
• Market Risk - Risks related to changes in various markets in which the Company operates.
• Financial Risk - These risks includes movement in interest rates and also liquidity risks inherent to the business
• Reputational Risk – Where the practices followed by the Company are not in consonance with industry as well as internally prescribed standards.
• Credit & Concentration Risk – Where the overall industry has considerable exposure to one service provider and hence the NBFC may lack control over the service provider.
• Regulatory & Compliance Risk – Where privacy, consumer and prudential laws are not adequately complied with by the service provider
• Human Resource Risk - Where the employee related factors are not handled cautiously such as safety, security, compensation, etc.

Risk Categorization and Mitigation Factors

The following broad categories of risks have been identified in our risk management framework along with possible mitigation factors:

Strategic Risk

Risk: It is the risk to earnings and capital arising from lack of responsiveness to changes in the business environment and/or adverse business decisions, besides adoption of wrong strategies and choices.

Mitigation: The management is proactive in its approach towards changes in economic/business environment as the business strategies are regularly discussed with the senior officials of the organization so that adequate steps can be taken. Also, important strategic matters are referred to the Board, consisting of members with diversified experience in the respective fields, for intense deliberations, so as to derive the benefit of collective wisdom.

Reputational risk

Risk: Reputational risk is related to adverse perception of the image or the company, on the part of customers, counterparties, shareholders, investors and regulators. It refers to the potential adverse effects, which can arise from the company’s reputation getting tarnished due to factors such as unethical practices, regulatory actions, customer dissatisfaction and complaints leading to negative publicity. Presence in a regulated and socially sensitive industry can result in significant impact on Company’s reputation and brand equity as perceived by multiple entities like the RESERVE BANK, Central/State/Local authorities, banking industry and the customers. The risk can emanate from:

• Non-Compliance with Regulations
• Customer Dissatisfaction
• Misrepresentation of facts and figures in public

Mitigation: Considering the business model the following aspects have been put in place to reduce vulnerability related to reputational risk:

• Compliance with Fair Practices Code: All employees are trained and instructed to follow fair practices as per RESERVE BANK prescribed guidelines in all their dealings with the customers.
• Grievance Redressal Mechanism (GRM): The Company has a defined GRM in place and the same is communicated to all customers at the time of sanction of loan. This is also available on the website of the Company.
• Delinquency Management: The Company does not resort to any coercive recovery practices and all recoveries are made in accordance with the Recovery policy and Fair Practice Code of the Company.
• Stringent Selection Criteria: Vendors, employees and other associates of the Company are selected after confirming to the stringent criteria’s prescribed by the management.
• Reference Check: The management carries out a reference check for all the vendors from the market before having them on Board so as to ensure utmost integrity while carrying out their duties.
• Legal Obligations: All employees, vendors and associates are required to sign legal contracts wherein specific clauses related to non-disclosure are entered so as to ensure the Company from any reputational risks.

Market Risk

• Risk: Risks emanating out of the choices we make on markets, resources and delivery model that can potentially impact our long-term competitive advantage. Risks relating to inherent characteristics of our industry including competitive structure, technological landscape, extent of linkage to economic environment and regulatory structure
• Mitigation: Management regularly reviews its business model including the areas it wants to operate. The management carries out regular competitive analysis of its peers in the industry to remain in competition and change its markets if required.

Operational Risk

Risk: Risks inherent to business operations including those relating to client acquisition, service delivery to clients, business support activities, information security, physical security, human resource and business activity disruptions.

Mitigation:

• Document Storage and Retrieval: NCPL recognizes the need for proper storage of documents as also their retrieval for audit and statutory requirements. The Company is maintaining all the original documents at a dedicated space allocated for specific purpose.
• Scanned Copies: We have also started storing scanned copies of the loan documents for easy retrieval especially for audit purposes where physical documents are not required.
• Whistle Blower/Fraud Prevention Policy - NCPL encourages all its employees to report any non-compliance of stated company processes or policies without fear as we have a clearly stated “no-retaliation” policy. We have a formal policy that details the manner in which such issues are handled – background investigation, holding a hearing by a committee, and ensuring that action as per the committee’s recommendations is carried out. All issues reported are categorized for nature and severity:
• Financial or Non-Financial
• Major or Minor
• Procedural Lapse or Gross Violation
• Breach in Process or Disciplinary Issue

The Compliance Manager maintains a record of all the entire case history which is signed off by senior management on closure.

Technology Infrastructure: The Company has leverage of cloud-based technologies and all its business applications are hosted in secure data centers with mirrored redundancies such that in the event of any system going down, an alternate system is made operational within hours. At the facilities where back- office and financial operations take place, alternate/back-up connectivity has been provisioned such that in the event connectivity is lost with one service provider, the alternate connection can be utilized.

Financial Risk

Interest Risk: Interest rate risk is the risk where changes in market interest rates might adversely affect an NBFC's financial condition. The changes in interest rates affect company in some way. The immediate impact of changes in interest rates is on company’s earnings (i.e. reported profits) by changing its Net Interest Income (NII). As such NCPL is into funding of loans which are always fixed rate loans. The company manages this risk on NII by pricing its loan products to customers at a rate, which covers interest rate risk. The risk from the earnings perspective can be measured as changes in the Net Interest Income (NII) or Net Interest Margin (NIM). Measurement of such risk is done at the time of deciding rates to be offered to customers. Once interest rate risk is measured, lending rates are finalized. Given the interest rate fluctuation, the company has adopted a prudent & conservative risk mitigation strategy to minimize interest risk.

Liquidity Risk: Measuring and managing liquidity needs are vital for effective operations of an NBFC. The importance of liquidity transcends individual institutions, as liquidity shortfall in one institution can have repercussions on the entire system. Board should measure not only the liquidity positions of company on an ongoing basis but also examine how liquidity requirements are likely to evolve under different assumptions. Experience shows that assets commonly considered as liquid, like government securities and other money market instruments, could also become illiquid when the market and players are unidirectional. Therefore, liquidity has to be tracked through maturity or cash flow mismatches. For measuring and managing net funding requirements, the use of a maturity ladder and calculation of cumulative surplus or deficit of funds at selected maturity dates is adopted as a standard tool.

• Maturity Mismatch: Liquidity Risk arises largely due to maturity mismatch associated with assets and liabilities of the company. Liquidity risk stems from the inability of the company to fund increase in assets, manage unplanned changes in funding sources and meet financial commitments when required.
• External Source of funds: Due to the high reliance on external sources of funds, NCPL is exposed to various funding and liquidity risks comprising:
• Funding Concentration Risk — Concentration of a single source of funds exposes the Company to an inability to raise funds in a planned and timely manner and resort to high cost emergency sources of funds. Further, concentration of funding sources can also result in a skewed maturity profile of liabilities and resultant Asset-Liability mismatch.
• Asset-Liability Mismatch — A skewed asset-liability profile can lead to severe liquidity shortfall and result in significantly higher costs of funds; especially so during times of crises.
• Market Perception Risk — Due to inherent industry characteristics, the Company is exposed to perception risks, which can lead to decline in ability of a lender to increase exposure to the Microfinance sector and result lack of adequate and timely inflow of funds.
• Leverage Risk — A high degree of leverage can severely impact the liquidity profile of the company and lead to default in meeting its liabilities.

Mitigation: The key liquidity management policies being followed at NCPL include:

• Lender Exposure Updates: The exposure profile to the lenders is regularly updated to ensure that skewness does not creep in in respect of the sources of external funds.
• Floating Rates: NCPL currently borrows all its loans on a floating basis as against the entire lending on a fixed rate basis. This minimizes the impact of any adverse impact in the event of a credit shock in the system and any continuing effects of the same on overall interest rates in the economy and on NCPL
• Capital Adequacy: NCPL targets to maintain healthy levels of capital adequacy - The Company maintains a strong capital position with the capital ratios well above the thresholds defined by the regulatory authorities through continuous and timely capital infusion.

Credit and Concentration Risk

Credit Risk: Any lending activity by the Company is exposed to credit risk arising from repayment default by borrowers and other counterparties. Despite best efforts, there can be no assurance that repayment default will not occur and, in such circumstances, may have an effect on its results of operations. A failure to recover the expected value of security could expose the Company to a potential loss. Any such losses could adversely affect the Company’s financial condition and results of operations.

Mitigation: A strong credit risk management process helps in containing the portfolio quality of the company. Key elements of the credit risk management include a structured and standardized credit approval process supported by a strong system, effective training programs, legal and technical due diligence, monitoring and robust credit risk management strategy at a senior management level.

Portfolio Concentration Risk: Portfolio Concentration Risk is the risk to the company due to a very high credit exposure to a particular business segment, industry, geography, location, etc though in the context of finance, it pertains predominantly to geographical concentration.

Mitigation: NCPL intends to maintain a diversified exposure in advances across various sectors and geographies but to mitigate the risks that could arise due to political or other factors within a particular state.. Various loan covenants are also established in the documents to secure the loans.

Regulatory and Compliance Risk

Risk: The company is exposed to risk attached to various statutes and regulations. The company is mitigating the risk through regular review of legal compliances carried out through internal as well as external compliance audit. NCPL is present in an industry where the Company has to ensure compliance with regulatory and statutory requirements. Non- Compliance can result in stringent actions and penalties from the Regulator and/or Statutory Authorities and which also poses a risk to Company’s reputation. These risks can be:

• Non-Compliance with RESERVE BANK Regulations
• Non-Compliance with Statutory Regulations
• Non-Compliance with covenants laid down by Co-Lenders

Mitigation:

• The company has implemented, a Compliance Management System with in- built workflows to track, update and monitor compliances.
• Internal Audit also conducts audit of compliance function on a quarterly basis wherein all regulatory compliances are reviewed in detail.
• Quarterly Compliance Certificate certified by the CS is submitted to the Board on quarterly basis.

Human Resource Risk

Risk: NCPL’s Human Resource adds value to the entire company by ensuring that the right person is assigned to the right job and that they grow and contribute towards organizational excellence.

Our growth has been driven by our ability to attract top quality talent and effectively engage them in right jobs. Risk in matters of human resources are sought to be minimized and contained by following a policy of providing equal opportunity to every employee, inculcate in them a sense of belonging and commitment and also effectively train them in spheres other than their own specialization. Employees are encouraged to make suggestions on innovations, cost saving procedures, free exchange of other positive ideas etc.

It is believed that a satisfied and committed employee will give of his best and create an atmosphere that cannot be conducive to risk exposure. Employee- compensation is always subjected to fair appraisal systems with the participation of the employee and is consistent with job content, peer comparison and individual performance.

Mitigation:

Human Resource Policy and initiatives: Various programs and initiatives are carried out by the HR to retain talent and motivate them on a regular basis.

Responsibility

Responsibility for risk management is shared across the organization. Key responsibilities include:

• Controlling the risks through a formal program is necessary for the well-being of the organization and everyone in it. The jobs and services the organization provides the safety of the workplace and other benefits all depend to an extent on our ability to control risk.
• The Board is responsible for satisfying itself annually, or more frequently as required, that management has developed and implemented an effective risk management framework. Detailed work on this task is reviewed by the full Board.
• The Board checks the group’s risk profile and is responsible for overseeing management’s actions in the identification, management and reporting of material business risks.

Reporting Requirements

The Organization is reporting process will evolve as requirements and risk management leading practice evolve. Annual content will include a risk profile setting out the most significant risks faced by the enterprise, and for each risk will:

• Describe the risk;
• Document the key activities and controls to mitigate/manage the risk;
• Identify the residual risk;
• Refer to action plans taken to address any weaknesses; and
• Draft a risk appetite statement for each key strategic risk.

Further, on a quarterly basis, updated information materially affecting the risk profile (e.g. market developments) will be provided which will enable the Board to understand the likely future risk profile of the Enterprise. These will be reported to the Board as soon as practicable and at least quarterly. The risk assessment carried out shall consider all the relevant risk factors before determining the level of overall risk and the appropriate risk level and type of mitigation to be applied. This assessment shall be documented, updated regularly and made available to competent authorities and self-regulating bodies as and when required. In case of the change in perception the risk assessment in case of PEP borrower should be again done to ascertain whether it is prudent to continue with the exposure with such PEP borrower or not. In case it is felt that the funds are not safe, the funds should be recalled immediately.