Governance Policies
back

Risk Management Policy

1. Introduction

Mulamoottil Leasing & Hire Purchase Ltd. was incorporated on 21.02.1994 and was renamed as Mulamoottil Financiers Ltd. (MFL) with effect from 29.07.2013. The promoters of the Company have been in the business of gold loans from the 1984.

The core business of the Company consists of Gold Loans The Board of Directors (“Board”) of Mulamoottil Financiers Limited , has adopted the following policy which encompasses practices relating to identification, assessment, monitoring and mitigation of various risks to the business. Risk Management Policy of the Company seeks to minimize unfavourable impact on the business objectives and develop stakeholder value. Further, the risk management practices seek to sustain and enhance long-term competitive advantage for the Company.

2. Rationale:

The Risk Management Policy of the Company reviewed on 04th April 2023 has taken into consideration the changing business environment, increasing impact of various internal and external risk factors, expectations of the various stake holders & enhanced dependence on outside borrowings. Moreover, rapid business growth, expansion in the branch network, volatility in gold prices, regulatory directives / surveillance and increasing competition have brought an added focus on the risk management practices.

The policy is comprehensive and makes an effort to encompass all the known and perceived risks in the business

3. Purpose and Scope

This Policy has been framed in accordance with the Risk Management framework as issued by Reserve Bank of India (“RBI”) vide Master Direction (“RBI Circular”) and amendments thereon. The purpose of this policy is to address unanticipated and unintended losses to the human resources & financial assets of the Company without unnecessarily limiting the activities that advance its mission and goals. Mulamoottil Financiers LTD has introduced effective risk management systems that address the issues relating to various risks. The effective management of risk is vital to the continued growth of the Company.

The main objective of the policy is to keep the Board of Directors and Top Management appraised of the applicable risks promptly and regularly. This risk management policy aims to protect the reputation of the organization, enable the Company to make consistently profitable and prudent business decisions across all its offices and ensure an acceptable risk-adjusted return on capital or any other equivalent measure. It seeks to ensure growth with profitability within the limits of risk absorption capacity. It is expected to facilitate the Company to acquire and maintain a pre-eminent position amongst NBFCs especially those engaged in the business of loans against gold jewellery.

4. Risk Management Committee:

The implementation of the Risk Management Policy by the Risk Management Department and the various business units will be overseen by the Risk Management Committee (RMC) of the Company. The Chairman and members of the RMC will be approved by the Board of Directors. The constitution of the RMC shall be as under:

  • i) All members of the Audit Committee constituted from time to time.
  • ii) MD
  • iii) CEO
  • RMC shall be chaired by the Chairman of the Audit Committee. Chief Risk Officer (CRO) will be a permanent invitee. Company Secretary shall be Secretary of the RMC.
  • The RMC shall meet at least twice in a year to review the Risk Management Policy, document and improve risk management practices, ensure appropriate / adequate reporting to the Board, review the functioning of the Risk Management Department and any other matter as the Committee may deem fit..

5. Risk Management Department:

The Company has set up a Risk Management Department (RMD) headed and manned by competent personnel for the purpose of managing risk related issues across the organization. The primary responsibility for managing risk on a day to day basis will lie with the respective business units of the Company. The broad responsibilities of the RMD are:

  • i) Implementing the Risk Management Policy as approved by the Board of Directors, reviewing the provisions of the policy periodically and recommending to the Board of Directors appropriate modifications or improvements if required.
  • ii) Championing the cause of risk management and instilling a culture of risk awareness across the length and breadth of the organization.
  • iii) Identifying the various risk points in the organization and assessing or measuring their impact on the business.
  • iv) Devising proactive and reactive strategies for controls and mitigation of risks.
  • v) Designing or assist in the designing of work processes or activities having risk implications, getting them approved, assisting in implementation of the processes and engaging in periodical review of the effectiveness of such processes.
  • vi) Development of ‘models’ for assessment of loss in projected circumstances.
  • vii) Preparing reports to Top Management, Audit Committee and Board of Directors on risk matters.
  • viii) Appraising uncovered / residual risks to the Management / Board.

6. THE MAJOR RISKS:

Like most other financial undertakings / businesses such as Banks, NBFCs the Company too is faced with the same 4 broad categories of risks as listed under.

I) Credit Risk:

Credit risk is perceived to be relatively lower due to the secured nature of loans taken up by the Company viz. loans against gold ornaments.

II) Market Risk – Comprising Price & Liquidity

  • a) Price & Interest Rate:
    Even though the Company does not on its own account take ‘open position’ in gold, market risk is inherent due to the criticality of the value of collateral. The degree of comfort will depend on the Loan to Value (presently at 75% of IBJA rate) at which loan is sanctioned followed by the subsequent price movements. Significant downward movement in the gold prices especially when accompanied by non-servicing of interest can impact the Company’s financials significantly.
    Gold loans are granted for a tenure of a maximum 1 year which is essentially short term. Interest rates to be charged on the gold loans are fixed from time to time based on the overall cost of borrowings / funds from the various funding sources inter alia.
  • b) Liquidity, Maturity Mismatch:
    These are offset to a significant extent by the short-term nature of the loans and the corresponding funding avenues for such assets. It has been observed historically that a bulk of the loans are prepaid within 6-8 months even though the tenure of the loan is 1 year.

III) Operational Risk:

Given the inherent nature of the gold loan business operational risk is perceived to be comparatively higher and calls for implementation, development and continuous review of the existing internal checks and controls.

IV) Residual Risks

Certain special risks relating to Information Technology, Regulatory, Competition, Reputation etc. although forming part of Operational Risk have been dealt with separately in the following paragraphs.

The individual risks under the above broad risk categories and approach & system to deal with the various risks are listed in greater detail in the following paragraphs. In addition, a “Risk Register” listing the various individual risks in granular form will be compiled giving the risk cause, risk impact, risk degree, steps to mitigate the risk and the responsibility points.

6.I.A ) CREDIT RISK

a) General :

Credit risk denotes the risk of loss arising from a default committed by the borrower to repay the principal and interest as per the contractual obligation. The objective of credit risk management is to ensure the overall health of the credit portfolio through an evaluation of the credit process, creditworthiness of each customer, new or existing, assessment of the risks involved and ensuring a measured approach to address the risks. Credit risk in gold loans is managed through a strong dual combination ofcollateral valuation and ‘emotional attachment’. Scope for violations will be restricted through system-based controls wherever feasible and desirable. In the business of gold loans, the security is in the possession of the lender and is also comparatively liquid.

Despite some positive and comforting features there are still some important risks related to ‘Credit’ that need to be recognized, controlled and mitigated as are dealt with in the following paragraphs.

Credit risk management will include a continuous review of the existing controls and monitoring of the systems for identification and mitigation of the various risk factors.

b) Loan / Auction Policies:

Loans will be governed by the Loan Policy approved by the Board. Credit quality may be adversely affected mainly by the diminution in collateral value with or without non-servicing of interest by the borrower. Credit risk management systems and practices will be in line with the approach laid down by the Loan and Auction policies.

The Loan Policy covers inter alia:

  • i) The nature, type and tenor of the loan products.
  • ii) Restrictions on lending.
  • iii) Documentation.
  • iv) Appraisal of Gold
  • v) Loan to value
  • vi) Limits and delegation of loan sanctioning powers including assumption of large exposures.
  • vii) Custodial arrangements for the pledged gold.
  • viii) Monitoring loans, recovery and auction.

c) The ‘Emotional Factor in gold ornaments:

The main business of the Company is granting loans to individuals against the security of Household Used Jewellery (HUJ) made of gold. HUJ forms the basic foundation on which lending against gold jewellery is undertaken by the Company. It would be reasonable in the context of current social values and beliefs to believe that such HUJ would continue to carry the ‘emotional attachment’ of the owner and act as a psychological pressure against defaults. However, as social mores and jewellery fashion undergo changes the Company is alive to the possibility of the ‘emotional attachment’ quotient waning over a period of time for a small segment of the customers.

d) Credit appraisal – need for simplicity & speed:

The loans are highly collateral driven and hence no detailed credit appraisal exercise is undertaken or warranted as may be applicable to other loan products of banks, vehicle loan / housing loan NBFCs, term lending institutions etc. Importantly, the ‘USP’ of the Company is the speedy disbursement of loans to loan applicants so as to cope with competition from the private money lenders and other NBFCs. Banks too have turned aggressive in gold loans and have the capacity to lend at much lower interest rates. Scope for adoption of exhaustive pre- sanction procedures is very limited and could also not be considered as “businessfriendly”. Efforts will be made to introduce a system of credit appraisal to supplement the evaluation of security after fixing a considered threshold limit.

e) Appraisal of gold – procedures and expertise:

Gold ornaments offered by loan applicants for availing loan there against will be correctly appraised for actual gold content i.e. purity. Employees at the branches will be provided regular and effective training from time to time to improve their gold appraisal skills using traditional tests such as nitric acid, color, sound etc.

As unscrupulous persons and racketeers have developed techniques to camouflage the ornaments with a thick coating of pure gold to mislead the less experienced appraisers the Company will also improve upon the existing methodologies of pre- disbursement drills and continuously develop new techniques to prevent potential loss and facilitate early identification of suspicious cases.

The Company will use the services of external experts, if and where required, for appraisal. Simultaneously, the Company will also endeavour to create an in- house cadre of gold appraisal experts and progressively upgrade their skills.

f) Loan Sanction – Intervention of technology:

Procedures, controls, financial powers and deductions before sanction of loans will be clearly laid out at various operational levels keeping in view the credit and business risk. Such processes will be built into the IT system as far as possible to ensure accuracy, on-line data updation, adherence to internal controls and MIS requirements. Every loan sanction will be captured on-line into the central data server / storage system and made available to the concerned departments / officials for appropriate follow up action as may be required. The loan record will capture the names of the employees involved in the appraisal of gold and sanction of loan.

g) Unique Customer Identification number:

A unique customer identification number will be provided to each customer to facilitate tracking exposures of individual customers, studying the nature of transactions and prevent the creation of new customer account for an existing customer. This has also become mandatory as per recent RBI instructions. Similarly, each loan availed by the customer will be given a unique account number which will be captured under the Customer ID number. The system will indicate the overall loan position of each customer with details of individual loans and other important details such as interest accrued, number/ type/ weight of ornaments etc.

i) Assuming and monitoring large individual exposures:

Like all other lending institutions, large exposures to individual borrowers carry relatively higher credit risk. Assumption of large exposures to individual borrowers will be controlled through suitable fixation of exposure limits at branch level, prescription of procedures for appraisal & sanction of limits beyond the stipulated ceiling at branches and effective monitoring of the accounts of borrowers who have been sanctioned large exposures. Sanction of large exposures will be subject to suitable checks, prudent practices and adequate controls for which there will be a structured delegation of sanctioning powers.

In view of the possible absence of ‘emotional attachment’ to the gold amongst some large borrowers (also perceived as ‘high risk’) servicing of interest & prompt repayment of dues shall be closely and individually monitored. Additionally, the collateral coverage of each individual high exposure borrower will also be monitored.

Assumption and monitoring of large exposures on individual borrowers will also keep in view the directives of RBI relating to KYC and Anti-Money Laundering from time to time. Periodical monitoring of large exposures will be ensured at all levels in the Operational hierarchy and supplemented by the Risk Management Dept.

j) Persons / Activities considered inherently ‘High Risk’ and Risk gradation of borrowers:

Loans of relatively large amounts to certain categories of customers such as goldsmiths, jewellers etc. perceived to be risky will be restricted and considered only after proper checks and controls. An effective system for monitoring such loans along with suitable controls will in place to mitigate the consequent risks. Risk gradation of each customers and individual disbursements will be ensured and the parameters periodically reviewed.

k) Blacklisting of defaulters / fraudsters:

Borrowers who have a questionable track record of dealings or who have availed loans which subsequently indicate serious negative features such as spurious / low purity ornaments, stolen gold, fraudulent operation through multiple IDs, hard core defaulters, fictitious persons, collusion with employees etc. will not be entertained for future loans.

The system will be configured to ‘block’ such customers from availing new loans. Expeditious recovery of such loans will be emphasized upon through structured, prompt and intensive tracking of the borrowers.

l) Documentation for Loans:

Even though the loans are secured with acceptable collateral correct and legally valid documentation will be ensured to comply with good practices and legal requirements to protect the Company’s interests in any eventuality and regulatory directives that may be applicable. There shall be a standard loan application form to be submitted by applicants. After compliance with KYC procedures and verification of the gold ornaments sanction of the loan will be conveyed in a standard loan sanction format with all terms and conditions clearly listed therein. The documentation will be reviewed periodically based on the legal / regulatory/ statutory requirements, on-going developments and loopholes or gaps in the existing documentation that come to notice. Loan documentation will also comply with regulatory directives and meet with the Fair Practice Code adopted by the Company. The important terms and conditions of the loan shall be explained to every customer as a measure of customer service and also to remove any doubts or misconceptions in the mind of the customer.

m) Other Documentation :

Other important loan related activities especially those with legal or regulatory implications will be standardized after vetting by the Legal experts. Some common examples of such activities would be delivery of gold to legal heirs, loss of original receipt issued to the borrower for the pledged gold, delivery of gold to third persons authorised by the borrower, recovery notices, auction notices etc. Documentation requirements having non-financial implications arising from customer transaction will also be standardized and meet with legal acceptability.

All documentation will be in accordance with the regulatory directives and Fair Practice Code as may be applicable.

n) Supervision, Follow up, Recovery of Loans including Auction of security:

Loan applicants will be explained the important terms and conditions of the loan before sanction so that there is no cause for misunderstanding and also as a measure of excellence in customer service. Borrowers will be persuaded to service interest periodically as it not only generally ensures the adequacy of collateral coverage during the currency of the loan but also helps establish the creditworthiness and bonafide intentions of the borrowers to fulfil their repayment obligations.

Considering the basic characteristics of gold loans, in which collateral value is critical, an unduly intensive and obtrusive post disbursement supervision of the loan with the borrower will not be considered desirable, in normal circumstances, as it could lead to irritability and dissatisfaction of the borrower with consequent loss of business.

Despite the availability of good security to cover the credit exposure, the Companyrecognizes the importance of a well calibrated approach for recovery. Maintaining a fine balance in the recovery / collection procedure is relevant for 4 important reasons.

  • i) To protect the Company from adverse market fluctuations in gold prices in future.
  • ii) To consider customer sensitivities in such collateral driven loans.
  • iii) To minimize the forced realization of the collateral through auction.
  • iv) To comply with the income recognition and asset classification norms of the RBI.

Auction is recognized only as a last resort to safeguard the Company’s interests.

Auction procedures, where inevitable, will be completed expeditiously and shall comply with Auction Policy and Fair Practice Code of the Company. Deferment of auction, where resorted to, will be based on assessment of various risk factors at the relevant time and also be compliant with the provisions of the Auction Policy.

Debt recovery / collection agents, if deployed, will be subject to strict due diligence checks especially because of the complaint-prone nature of this recovery method and its possible negative impact on the Company’s reputation.

o) Legal Proceedings (Civil or Criminal) for Recovery:

Since loans against gold ornaments are considered to be well secured assets recourse to legal action for recovery would normally arise only when the security furnished is subsequently found to be fake / spurious, inadequate or when there is a dispute over the title thereto or when there has been misappropriation by employees. In such cases filing of legal proceedings, civil or criminal, may be inevitable for recovery of the dues when all other efforts have failed. Since legal proceedings have direct and indirect costs the cost benefit of such recourse will be considered before action is initiated.

In cases of ’fraud’ perpetrated by the customer, with or without collusion of employees, or by the employees directly, police complaint will be lodged as per extant RBI circular instructions dealing with frauds.

p) Intensive Data Analysis, Risk Assessment of Disbursements and Development of Off-site Loan Monitoring Skills:

Sanction of loans & monitoring thereof is done by the branches and verified on-site subsequently by the Auditors. Considering the nature of business, where quick and hassle-free procedure is the USP, pre-disbursement drills cannot be unduly intensive as mentioned elsewhere above. However, as a supplement to the pre-disbursement drills prompt post-disbursement analysis of daily disbursements will be made to identify risk prone accounts based on intelligent and proven parameters. Such accounts will be captured in the “risk reports” and will be verified by an independent functionary within the shortest possible time, normally 5 days. The Company recognizes that early detection of irregularity will facilitate early rectification thereof and also prevent future losses.

Post disbursement monitoring would also include looking for ‘early warning signals’ such as non-servicing of interest and other typical features gained through experience based on which suitable steps to mitigate credit risk will be taken. In addition, there will be regular analyses of historical and current data, based on which logical inferences drawn and thereafter remedial measures initiated to reduce potential loss from loans, both present and future.

q) Concentration of business:

The main and critical business of the Company is gold loans in which it has acquired expertise over the decades. The security of gold ornaments offers 3 main benefits – liquidity, possession and appreciation (generally). However, considering the emerging risks especially on the price front the Company recognizes the need to diversify its asset portfolio into other forms of lending and also take up fee based activities.

However, proper policies (Loan, Interest, Recovery, FPC), systems & procedures, availability of appropriately skilled personnel and controls will be in place before taking up new business lines with the prior approval of the Board of Directors.

As far as concentration of business in a few individuals or groups is concerned the loan policy already provides for restriction of maximum exposure per individual. The Company will carefully monitor transactions and exposures to guard against deviations in the individual exposure limits through devious or ingenuous methods. The focus will be to acquire, develop and maintain a well diversified client base across all the branches of the Company.

r) Credit rating of the Company :

The Company recognizes the importance of satisfactory credit ratings by reputed Credit Rating Agencies from time to time. Credit ratings are critical for mobilization of resources and also serve as an image builder in the market. The Company will endeavor to ensure that the parameters considered, studied and measured by the rating agencies are appropriately and promptly achieved so that the Company’s credit rating is of high order. Accordingly, the Company will strive to attain a strong balance sheet, promptly and factually report all developments, critically study the reports of the rating agencies and take immediate remedial action on negative observations, if any.

s) Responsibility:

The primary responsibility for compliance with the various aspects of credit risks will be lie with the branches, line managers and their controllers. The monitoring of Credit Risk will come under purview of Head- Asset Management, Head- Recovery, Head - Operations, Head- Finance and Head-Risk Management placed in the Head Office.

6.II.B) MARKET RISK: PRICE & INTEREST RATE:

a) General:

Market risk is defined as the risk to the earnings due to adverse movements in the price and / or interest rates. In the Company’s case even though the collateral of gold ornaments is not owned by the Company a substantial fall in gold prices could induce a small segment of borrowers to default if the total dues comprising principal plus accrued interest are more than the realizable value of the security provided. Such borrowers would obviously have only ‘commercial’ attachment to the gold ornaments carrying no ‘emotions’. Similarly, upward movements in the interest rates on borrowings could impinge earnings if the interest rates charged on loans are not correspondingly adjusted. The Company extends only ‘fixed’ rate loans of not more than 1 year tenor.

b) Mitigation

Market risk (price) is addressed through:

  • i) An appropriate LTV which provides adequate cushion to withstand fall in market price.
  • ii) Inculcating a culture of recovery & collection amongst employees and borrowers.
  • ii) System of incentives for employees and rebate for borrowers.
  • iv) Marking to market the collateral and regular monitoring of risk accounts / branches.
  • v) Assessment and early recovery action on accounts and customers faced with depletion of collateral value culminating with acceleration of the auction process as provided in the Auction Policy.

Market risk (interest) is addressed through:

  • i) Fixing / reviewing interest rates on loans based on cost of funds from time to time.
  • ii) Extending only short term loans largely matched with short term borrowings.
  • iii) Charging higher rates on loans of extended period.
  • iv) Adding risk premium for higher LTV loans.

c) Monitoring & Responsibility

Market risk will be periodically monitored by the Head of Finance and Head of RiskManagement for which suitable MIS reports will be available. The system will identify the accounts / customers whose pledges are perceived as high risk based on shortfall in realization value as compared to the total dues of the borrower. The basis taken for the purpose of arriving at realization rate will be 90% of the 30 day moving average of thegold price to even out price fluctuations. The weight of gold ornaments taken for the purpose will be the ‘net weight’ (gross weight of gold less ‘haircuts’ where applicable).

Risk Management Dept will periodically analyze the data of outstanding loans and work out the projections of auction leading to under recoveries of interest or principal loss based on the repayment trends, prospects of recovery and movements in the market price of gold. Appropriate models for studying the impact of changes in interest rates on the earnings of Company will be developed and periodically reviewed.

6.II.C ) MARKET RISK: LIQUIDITY & MATURITY MISMATCH

a) General :

Liquidity risk may be defined as the inability of a business concern to promptly discharge its repayment obligations or is forced to meet its obligations by incurring substantial loss. Liquidity implies that the Company is able to meet its present and future cash flows satisfactorily without any adverse impact on business operations or the overall financial position. Like all financial institutions, liquidity risk assumes critical importance for the Company especially because inability to meet repayment obligations promptly could also signify a serious threat to its market reputation giving rise to a chain reaction which can cascade into further liquidity constraints. Maturity mismatches are avoided as the Company does not engage in sanction of term loans.

b) Mitigation

The broad strategies adopted by the Company to address the risk are as under.

  • i) Loans schemes are of short-term nature with a normal tenure of 1 year.
  • ii) Funding of loans is done through a combination of equity, short term bank borrowings and liability products such as NCDs.
  • iii) Aiming at continuous diversification of borrowings through a number of banks.
  • iv) Implementing a robust collection and recovery mechanism. This would include an efficient auction procedure for expeditious realization of security.
  • v) Efficient cash management system to ensure optimum cash holding and reduce idle cash.
  • vi) Calibrating business growth based on the funding level / options available.
  • vii) Maintaining an adequate level of undrawn borrowing limits from banks for contingencies.
  • viii) Deploying short term surplus, if any, in the form of liquid investments made in approved institutions / schemes.
  • ix) Plough back of a major portion of the net profit into the business.
  • x) Investing in fixed assets only to the bare minimum.
  • xi) Reducing the level of non- performing loans.

It is historically observed that a major portion of the loans is repaid by the borrowers well before the due date (due date being 1 year from disbursement). Collection trends indicate that about 75-80 % of the amounts disbursed are repaid in full by the end of 8- 9 months. This trend is expected to continue going into the future.

c) Monitoring & responsibility:

A major portion of the funding is through NCDs as compared to credit limits sanctioned by Banks. An improved balance between these 2 avenues is considered necessary to broad-based funding.

Cash flow projections for the near and medium terms will be compiled periodically and used as a tool to assess liquidity position and taking remedial action, if required.

The responsibility for monitoring liquidity risk will be with the Head of the Finance and Head of Risk Management. Asset Liability Management Committee will oversee the position periodically.

6.III.D) OPERATIONAL RISK

a) General:

Operational risk has been defined by the Basel Committee on Banking Supervision as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. Thus, operational risk arises from 4 broad causes: people, processes, systems and external factors. Examples of ‘Operational Risk’ are frauds committed by employees, physical damage to assets, failure of IT hardware / software, incorrect data, manipulation of data, misuse of customer information, improper maintenance of records, lack of or breakdown in internal controls, changes in laws / regulations etc. Corporate Governance is also recognized as operational risk. As in the case of all other financial institutions operational risk assumes critical importance in the Company’s business. More so because the Company holds huge quantity of gold ornaments owned by the various borrowers and is contractually obligated to return the gold ornaments in the same condition to the borrower as soon as the loan account is closed.

As the Company operates in a fully computerized accounting environment the health and efficiency of the Information Technology platform and architecture becomes extremely critical. However, the IT related risks are covered under a separate section. The important ‘operational risks’ to which the Company is exposed are listed in the following sections.

b) Storage of gold ornaments, Concept of joint custody:

Gold ornaments will be stored in a safe and secure manner in “burglar-proof” safes of acceptable grade manufactured by reputed companies or in steel almirahs or storage bins kept within the ‘strong’ rooms built as per specifications. The principle of ‘joint custody’ will apply for custody of the valuable as well as for the operations of the safe / strong room. In normal circumstances the ‘joint custodians’ would comprise the Branch Head and the Assistant Branch Head. Gold held elsewhere such as Auction Centres, Regional Offices, Head Office etc. shall also be subject to similar storage and custodial controls. To minimize the scope for pilferage suitable tamper proof packing of thepledged ornaments for each account having distinctive numbers will be in place which will also facilitate verification – both preliminary and detailed.

c) Locking arrangements:

Suitable and standardized locking arrangements for branches and other offices especially where valuables and records are stored will be in place. Such locking arrangements shall clearly state the persons responsible for various activities and the manner in which the locking will be ensured and custody of the keys. A well-defined procedure for handling ‘duplicate’ keys will be in place to quickly and efficiently cope with loss of ‘original’ keys.

d) Verification of gold:

Gold ornaments will be kept segregated account wise and subject to periodical verification by Internal Auditors, Appraisers and other authorized officials at such frequency as may be decided from time to time considering the risk factors. External agencies, such as lending banks or external auditors, may also be permitted access for verification of gold as may be stipulated in the loan agreement or terms of engagement. Clear instructions with suitable controls will be in place while permitting outside agencies access to verification. A history of verification of each pledge will also be maintained in the system.

e) Insurance:

Adequate insurance cover of the collateral (gold ornaments) will be obtained from a reputed Insurance Company encompassing risks such as burglary, fire and transit. As full compensation to the borrowers would have to be made, the gold will be covered at replacement value which would include, apart from the metal value, the making charges of the jewelry. The clauses / covenants of the policy will be scrutinized minutely and fully understood by the concerned officials.

f) Opening and location of branches:

While branches will be located after the business potential is ascertained on the basis of an objective survey the assessment /perception of security threat will be given dueweightage in the selection of premises considering the contractual liability of the Company to return the pledged gold to the borrowers without loss. Title of the lessor or landlord to the property will be confirmed and a legally enforceable ‘lease agreement’ executed by authorized persons before possession of the premises taken. In case of already existing premises with high risk perception or facing other operational problems appropriate mitigatory steps will be taken.

g) System & Procedures / Process improvements / Automation:

Definition of proper system & procedure for the various functions ensures uniformity in work processes, reduces errors, builds internal checks, speeds up work and enhances the overall efficiency. The absence of proper system and procedures for various business / accounting functions can be a fertile ground for commission of irregularities and perpetration of frauds. The Company, therefore, recognizes the importance of appropriate systems and procedures and will put in place structured and well-defined work processes in all risk prone activities with inbuilt internal controls and checks.

Such existing system and procedures will be continuously reviewed to confirm its effectiveness and to plug the gaps, if any, across all offices of the Company.

Some important processes such as the appraisal of gold, sanction of loans, delivery of gold to borrowers with or without production of pawn ticket / to third party / legal heirs, retention of gold after closure of account, seizure of gold by police, verification procedure etc. will be dealt with comprehensively considering the seriousness of risks involved and keeping in view possible future legal complications. Process improvements will include automation of input / output, wherever possible, and will be continuously developed to improve accuracy, reduce labor, allocate more time for customer orientation and eliminate the scope for manipulation of data.

h) Frauds:

Control systems will be defined and developed in a manner to prevent commission of frauds by employees and customers and also facilitate early detection of frauds. Control mechanisms, as far as feasible and desirable, will be system driven so that there is a clear trail to analyze the root cause and identify the culprits. Information regarding commission of frauds will be promptly provided to all concerned functionaries so that steps for recovery of loss, identification and punishment of the fraudsters and plugging of loopholes are immediately taken up. A ‘root-cause’ analysis will be performed by the concerned departments and appropriate steps taken to prevent recurrence of similar mishaps through suitable tightening of the control systems. A repository of information and analysis of major instances of fraud, giving the root causes along with remedial measures taken, will be compiled and periodically updated as a knowledge base as an educative and preventive tool.

i) Cash Holding:

As the gold loan business is highly cash intensive it is important that branches have adequate cash to meet with the day to day disbursement needs. Holding of cash at individual offices / branches will be commensurate with the day-to-day business requirements. Both excessive and deficient cash holding will be monitored and controlled through an effective structure with system based on-line reports. Only cash for the immediate requirements will be held at the counters with the remaining being safely secured in the safe / strong room under joint custody as in the case of gold ornaments. Cash-in-transit will be subject to adequate security, controls and monetary ceilings in line with the insurance policy.

Cash counting machines and fake note detectors will be provided at branches where cash transactions are substantially high. All employees will be trained to distinguish between genuine and forged currency note. In line with the objective to move away from ‘cash’ transactions special loan schemes will be considered to encourage borrowers to opt for payments via electronic transfers into their bank accounts and to reduce cash transactions. Further, efforts will be made to introduce electronic / on-line modes for payment of amounts by customers into their loan accounts after the relevant IT Security issues are addressed.

j) Security Arrangements – Physical & Electronic:

Security arrangements to protect the employees, the assets of the Company and especially the gold pledged by borrowers are critical. Norms for providing SecurityGuards (armed or unarmed) at various offices will be laid down based on the risk perceptions, vulnerability and potential for loss. Security function may be outsourced to competent specialized agencies. The procedure for empanelment of security agencies and norms will be laid down. In this technology driven age the adoption of advanced technology based electronic security systems will supplement the physical security arrangements. The Company will put in place an effective mechanism to monitor the security arrangements including adoption of centrally monitorable security solutions. Guidelines on storage and retention of CCTV video images at the central and local location for retrieval will be in place. To ensure a risk-based approach to security arrangements at critical offices gradation of branches on the basis of risk factors will be ensured.

Appropriate drills to test and review the efficacy of security arrangements will be devised and implemented.

k) Outsourcing of non-core activities:

Non-core functions may be outsourced to reputed and approved agencies which specialize in the activity concerned on the premise that these agencies would perform the tasks more efficiently with or without cost reduction. Some common activities which can be outsourced are security of offices, dispatch of bulk letters, premises cleaning, document storage etc. Due diligence on the agencies will be ensured.

l) Contractual commitment to return the gold ornaments to borrowers:

The Company is bound to return to the borrower the pledged gold ornaments immediately upon payment of full dues in the same condition. Every possible care will be taken to ensure against pilferage, damage or mutilation of the jewelry by employees of the Company. Borrowers will be suitably compensated in all justifiable cases without delay where damage has been caused by the Company’s employees. In case of pilferage, misappropriation or burglary the borrower will be promptly intimated about the brief circumstances leading to the loss supplemented by an undertaking of the Company to pay suitable compensation.

m) Operating instructions, Manuals, Circulars:

Instructions / guidelines will be properly and effectively conveyed to the various functionaries formally in the organization. The medium for ensuring the same shall be circulars, special letters, manual of instructions, job cards, emails etc. Manuals will be compiled for all important functions and will be periodically updated based on the modifications made in the intervening period. Suitable consolidation of instructions through ‘master’ / ‘codified’ circulars on important functions of routine nature will supplement the manual of instructions.

n) Storage, Retrieval of Records, Documents, Vouchers:

As far as possible records shall be maintained in ‘soft’ form in the central storage system, both in the Data Centre and Disaster Recovery Centre. However, since manual records, registers, documents etc. are inevitable in certain situations proper and secure storage of such records shall be ensured either on a localized or centralized basis.

Retention of records will comply with statutory and regulatory requirements such as Anti Money Laundering directives and must be easily retrievable. Records relating to complaint prone areas such as delivery of gold, auction of gold etc. will be given special importance. Appropriate guidelines for storage and destruction of old records will be in place.

o) Business Continuity Plan:

A well drafted and vetted Business Continuity Plan (BCP) will be in place to ensure uninterrupted conduct of critical business operations through a detailed set of instructions and procedures to be observed in the event of any disruption, internal or external. The BCP shall be compiled into the IT System and the Disaster Recovery Plan. The BCP shall cover Head Office, Regional Offices, Branches and other offices, if any.

p) Risk Gradation of Branches:

Every branch will be graded into 3-4 risk tiers based on the various factors prevalent at the particular branch to facilitate focused monitoring. The factors will be financial & non- financial. Illustrative financial factors could include business level, recovery, auction accounts, history of spurious pledges, new customer acquisition, diversified credit risk / customer concentration, operational and appraisal experience of employees, Audit irregularities etc. Non-financial factors could be quantity of gold stored, location of premises, customer footfalls, protective arrangements, number of employees including male female composition, tenure of employees at the branch etc.

q) Critical Fixed Assets / Devices:

Critical fixed assets such as computers & accessories, surveillance cameras, burglar alarms, safes etc. will be provided as per considered needs, effectively monitored and maintained in satisfactory working condition. An effective after sales service capability of vendors / suppliers will be ensured before acquisition or placement of purchase orders. Further, suitable annual maintenance contracts with service level agreement will be in place for the devices both as a preventive and curative measure for complaints.

r) Human Resources:

Every business has an important HR interface with risk management systems of varying degrees. The business of gold loans, as of now, is significantly labor intensive. Consequently, business development is highly dependent on quality and effectiveness of employees at various levels in the organization structure. HR policies will provide a suitable governance structure to enable the Company to grow and proactively meet with the emerging challenges in business. Policies and action plans relating to recruitment, compensation, incentives, posting, training, skill development, specialization, employee mix, promotion, transfers, succession planning, resignations, terminations, outsourcing of work, employee grievances, industrial relations and disciplinary action will be made and reviewed periodically so as to be conducive in implementing risk management systems and improve their effectiveness. Such policies will also comply with statutory requirements. Roles and responsibilities of the various functionaries in the organization will be clearly laid down and will conform with the overall objectives and goals of the business from time to time. Suitable, realistic and challenging benchmarks will be in place for the various business units and the individuals within.

s) ‘Committee’ approach to proposals having significant financial / non-financial implications:

While senior executives in the Company are entrusted with adequate financial / non- financial powers of varying degrees as a matter of good practice, improved controls and to derive the benefit of having more number of considered views the Company will adopt the ‘Committee’ approach for approval of relatively large value proposals having financial or non-financial angles. Examples are sanction of large value loans, purchases of high value, empanelment of vendors / suppliers etc.

t) Know Your Customer & Anti Money Laundering norms:

The Company will adopt a KYC Policy in line with RBI directives duly approved by the Board. Strict compliance with KYC norms as laid down in the policy will be ensured by the Operations Dept. Compliance will be monitored on a day to basis by the Risk Management Dept. Monitoring end use of funds by the borrowers is not mandated by the RBI at present. But the regulatory guidelines pertaining to prevention / identification of transactions having possible money laundering implications or connected with any other prohibited activities will be complied with. Cash Transaction Reports / Suspicious Transactions Report will be submitted to the Financial Intelligence Unit as mandated by RBI instructions.

u) ‘Whistle Blower’ policy:

As a step towards prevention and early identification of irregular and fraudulent acts theCompany will put in place a suitable ‘Whistle Blower’ policy which will encourage and reward employees across the organization who proactively escalate unacceptable and unethical work practices or behavior they observe.

v) Risk Awareness across the Organization:

The Company will ensure that awareness and understanding of the various risks is created at all levels in the organization through appropriate methods.

w) Responsibility:

The responsibility for managing the various operational risks will lie with the CRO, Head Of theOperations, relevant Functional Departmental Heads (such as Security), Line Managers and Head of Risk Management.

6.IV.E) INFORMATION TECHNOLOGY RISK:

a) General :

The Company has been ahead of other similarly placed NBFCs in adoption of a fully computerized environment for conducting its business operations. The IT platform and architecture has been developed by an experienced firm. Considering the emerging challenges and business requirements, the responsibility for managing the IT platform will have to be subcontracted to a specialist company in the near future. The Company will adopt a Comprehensive IT Policy encompassing acceptability of various usages, asset management, applications management, infrastructure management and IT security. Some of the important risk related issues in IT are listed hereunder.

b) Disaster Recovery:

Date Centre (DC) & Disaster Recovery Centre (DRC): The DC is constructed under the guidance of Ganith IT.com and is located in the Company’s Head Office and the DRC is proposed to be located at Microsoft Chennai. The DC and DRC will lie in different seismic zones. The DRC will be fully operational by 3rd quarter FY 2019-20. Data base in the DRC gets updated at regular intervals of 5-10 minutes. The day to day operations of the DC and DRC will be controlled and secured with appropriate access controls –physical & system based. A Standard Operating Procedure (SOP) for switchover from DC to DRC or vice versa in the event of a planned event or unplanned contingency will be formulated and implemented.

c) Switch over to DRC – RTO (Recovery Time Objective) / RPO (Recovery Point Objective):

In order that the switchover from DC to DRC and vice versa is effected quickly and efficiently issues relating to time taken for switchover and consequent data loss in transmission will be addressed and defined.

d) Data Transmission / Communication Lines / Power Supply:

Redundancy of leased lines / broadbands for data transmission is provided at DC, DRC and branches also between DC and DRC. The adequacy of the bandwidth of the leased line / broadband will be reviewed periodically and upgraded as per need. Uninterruptible power supply (UPS) will be ensured at all offices.

e) Data storage and access:

Database server gets updated online. Only authorized personnel will have access to the data base. Scope to tamper or alter the database will be eliminated through controls. HDD backups of the data and software applications will be done daily and stored offsite.

‘In-use’ data base (used by branches for business) will be segregated from the rest of the data base by means of a dedicated IIS server environment.

f) Applications (software):

A separate environment will be in place for applications development life cycle. Application life cycle includes requirement gathering, approval from ‘Change Advisory Board’, design & development, testing and finally release to production. IT Dept will also carry out ‘stress’ test to confirm the ability of the servers to handle volumes beyond normal level. Testing environment and infrastructure will be commensurate with the requirements and desired benchmarks. Documentation for all software developments and modifications will be maintained in line with the best practices.

g) IT Security:

A secured system of access control, both on-site and remote, including password management and secrecy will be in place and reviewed periodically. Password will be linked to the individual user. Access to data / applications will be on a ‘need-to-know’ basis. Transaction rights will be conferred only on those requiring it by virtue of the nature of their duties. Suitable anti- virus software will be loaded in the central server and at all user points and updated regularly. A regular ‘system audit’ will be conducted to cover both hardware and software and the irregularities immediately addressed.

h) Licenses:

Only authorized and licensed software will loaded in to the system – central and at various user points. The licensing position will be reviewed periodically to guard against violations of IT Copyrights / Laws.

i) IT Services Management (Helpdesk):

An efficient system to report and manage IT incidents and problems will be in place across the network of offices.

j) Responsibility:

The overall responsibility for managing and monitoring the IT related risks will lie with the Head of the IT Dept. A suitable ‘service level agreement’ between IT Dept and Business Units will be defined and implemented.

6.V.F) REGULATORY / COMPLIANCE RISK :

a) General:

The Company is an NBFC coming under the regulatory purview of the Reserve Bank of India and Ministry of Corporate Affairs. In addition, the Company is also required to comply with various central, state and commercial laws applicable in the conduct of the various activities of the business. Rising numbers and expectations of stakeholders, robust growth in the business of NBFCs, increasing dependency on non-equity sources of funding and some ‘Corporate’ frauds have increased the regulatory gaze, increased the complexity of the regulations and sometimes necessitate investments / costs.

b) Meeting with compliance requirements:

The Company recognizes that the regulatory landscape is under periodical review and this requires the Company to be proactively prepared, as best as possible, to meet with the challenges posed by the changes. There is also an element of unpredictability over possible future regulatory action. The Company will respond effectively and competitively to regulatory changes, maintain appropriate relationship with theregulators / authorities strengthen the reliance on capital and improve the quality of in- house compliance. All reports, returns and disclosures stemming from regulations will be submitted promptly and accurately to reflect the correct position. Business processes will be defined in a manner to ensure comprehensive regulatory compliance considering the multitude of regulatory agencies the Company has to deal with.

c) Responsibility:

Competent and knowledgeable specialist officers will be recruited to ensure compliance. The responsibility for ensuring compliance with regulatory requirements and directives on a day to day basis will rest with the Business Heads. Such compliance will be overseen and confirmed by the Compliance Officer and the Internal Audit Dept of the Company.

6.VI.G) COMPETITION RISK:

a) General :

Competition risk represents the challenges to business arising from an increasing number and intensity of other existing or new firms engaged in the same business which threaten business growth and could eat away the market share of the Company’s business. The Company faces intense competitive pressures from similarly placed NBFCs and of late from Banks which have taken up to gold loans intensively especially in the light of the phenomenal growth registered by gold loan NBFCs.

b) Coping with competition:

The Company will broadly address the risks of competition by:

  • i) Accepting and recognizing the presence of competitors as a fact of business. Such competition could be universal and area specific.
  • ii) Identifying the major and nearest competitors for benchmarking performance.
  • iii) Assessing the business strategies of competitors and ensuring suitable countervailing mechanisms to meet such threats.
  • iv) Studying and comparing (with) the performances of the competitors with judiciously collected information and data.
  • v) Continuously reviewing existing products and services to ensure that they are in tune with market demand and customer expectations keeping in view the regulatory guidelines.
  • vi) Recognizing the need to reduce unproductive costs and improve the productivity of employees to make the offerings more competitive.
  • vii) Studying or anticipating customer preferences and accordingly developing new products and services with visible value addition to be ahead of other market players.
  • viii) Ensuring transparency and fairness in dealings with customers and adopting/ promoting customer service excellence as an important selling tool.

c) Responsibility:

The Head, Marketing Department will be responsible to initiate measures to meet the threats of competition. The Company will not be induced to adopt any unethical practices to meet with competition even if other market participants do so. Risk Management Dept will study the risk implications of the various products / services or their features periodically or as and when required.

6.VII.H ) REPUTATION RISK :

a) General:

Reputation risk is the loss caused to the Company due to its image or standing being tarnished by certain incidents or actions arising from its business operations. Such incidents or actions may be attributable to the Company or any employee(s) or executive(s) committed either consciously or otherwise. Reputation risk could result in loss of revenues, diminished shareholder value and could even result in bankruptcy in extreme situations. Reputation loss can be caused by mere negative perceptions and could occur even if the Company is actually not at fault. Reputation risk is considered even more threatening to Company value as compared to say credit risk. In fact, good reputation is an intangible asset like goodwill. The Company recognizes that while reputation is built over years it can get blotted in a flash. The Company, therefore, considers protecting its reputation of paramount importance.

b) Causes :

Some common examples of actions resulting in fall in reputation are grossly incorrect financial statements, deliberate dishonest actions of employees especially those in senior management, recruitment of persons without proper screening process, frequent serious and/or large value frauds, window dressing of business position, data security breaches, violation of customer secrecy, dealing with criminals and extending loans for unlawful activities, poor security arrangements, obsolete system / procedures / practices, dealing with vendors having bad reputation, adopting illegal or unethical business practices, evasion of taxes, charging exorbitant interest rates, dishonoring commitments etc.

c) Mitigation:

Risks to the Company’s reputation will be addressed by:

  • i) Instituting a strong risk management system including fraud prevention and creating a culture of risk awareness across the organization.
  • ii) A commitment to transparency, morality and accuracy in operations including the correctness of financial statements for public use.
  • iii) Maintaining a robust and effective communication channel across the organization including all stakeholders such as Directors, Shareholders, Regulators, Lenders, Customers, Employees, Vendors etc.
  • iv) Encouraging and rewarding ethical behavior amongst employees. Ensuring immediate but fair action against employees indulging in unethical action or behavior.
  • v) Ensuring prompt compliance with regulatory directives and other laws both in letter and spirit.
  • vi) Institutionalizing customer service excellence supplemented with an efficient complaint redressal mechanism.
  • vii) Constituting a ‘crisis management team’ to address sudden and unanticipated events.
  • viii) Maintaining effective liaison with media and issuing prompt clarifications or rebuttals to negative reports.

d) Responsibility:

The responsibility for protecting the reputation of the Company and taking steps to enhance the Company’s standing will lie across all functionaries in the organization which will be regularly overseen by the Top Management and the Board of Directors of Mulamoottil Financiers Ltd.