Risk Mitigation Framework

Subject: RISK MITIGATION FRAMEWORK

Dated: 16TH April 2020

Below is the ideal corporate Risk Mitigation framework, taken from our new upcoming book:

“HAPPY CUSTOMERS,

FASTER PAYMENT” #HCFP

 Saudi Arabia Edition

Co-authored with Mr.

@MarcelWiedenbrugge

Risk mitigation is part of credit management, it focuses on the various risks that affect or may have a negative impact on the credit and collection process and overall business results. Risk mitigation should adapt a holistic approach. The main areas of risk mitigation are:

1. Credit and Collection Risks

This is risk vs. reward. It reflects the appetite, capability and ability of the creditor, to balance between the desired reward in return for the acceptable level of credit (and collection) risks, inherent from credit sales, selling on credit, and/or granting credit products and facilities.

It includes (1) identifying your key target market, their acceptance criteria and documentation, (2) effective risk measuring and assessment, (3) installing a comprehensive management approval and entry system, and policies and procedures, (3) measuring, identifying and mitigating risks, (5) ongoing improvement of the credit risk and collection policy and procedures, and (6) having the capability and ability to effectively collect debts (people, system and financial resources).

2. Market Risk

This has to do with the market condition and the variables that may affect risk management and collections. Credit Management should be well aware of changing market conditions and correct their course of action based on the events and changes that take place, preferably pre-empting before it occurs, or immediately as it starts to happen, and analyzing the cause-and-effect, and the impact that it will have on your credit portfolio, and collection ability.

Tip: the incidents that caused freezing of the two major contractors in Saudi Arabia, Saudi Bin Laden Group and Saudi Oger, majorly cascaded and affected the collection of billions of Riyals in syndicated loans extended to these two companies, including all sub-contractors working for/with them.

3. Reputation Risk

This is directly and mostly connected to complaint management,. Customer complaints that are poorly handled, or neglected, will have a negative impact on your business in terms of business continuity, and your business image and reputation. If customer complaints are not professionally handled and resolved, this could lead to legal issues, government and regulatory penalties and fines, and/or even possible negative ‘social’ media publicity.

Tip: the Saudi Arabia Ministry of Commerce sometimes announces fake or poor vehicles, or vehicle parts, leading to recall them from the market. Once such “recalls” happen a few times with a specific vehicle brand / make / model, consumers lose trust and refrain from purchasing these cars, or even returning the vehicles on hand to replace them with another vehicle offered by a competitor.

4. Legal, Regulatory and Documentation Risks 

This is to fully and thoroughly understand the legal system, related and relevant legal aspects of the business, and the regulatory mandates and regulations. And documentation should anticipate and cover potential risks arising from the legal and regulatory, by including clauses that cover the “what if” possible scenarios.

Tip: if a company goes bankrupt in Saudi Arabia, it is only liable to repay creditors up-to the stated capital in their Commercial Registration. Any credit limit or credit facility beyond or larger than the officially stated capital may not be claimed, as per the Saudi Commercial Law. Hence, the documentation requirements from the customer must be fulfilled with complete, clear and firm “fallback terms” for future action - if and when needed.

5. Customer Data Risk

Most regulators mandate that customer data are complete, valid, updated, and well protected. As a best practice, all customer data must be protected and archived in an automated system, accessed by authorized individuals only; while the actual original documents should be highly protected and accessed by certain, limited, authorized managers, supported by a dual protection process.

Tip: if customer data is not properly maintained, protected, and preferably, automatically archived, you may face a situation where the data is either lost, expired, and/or compromised. This may expose your organization to different types of risk, including financial / credit, legal and regulatory risk.

6. System / IT / Cyber-security Risks 

System, IT and/or cyber risks require a systematic maker, checker and verifier for all automated processes. The system should also contain filters, verifiers, flags and alarms. And it should be well protected with firewalls, anti-virus software and the server should be constantly backed up.

Tip: by having a maker, checker and verifier, you will ensure stricter compliance to the documentation review and credit approval process, in line with your credit policy, and to prevent abuse or wrong entries. 

Furthermore, you may want to consider PAR (Post Approval Review) by taking samples of “processed” applications and matching them against your policy, and verifying it with the actual data on the application form and other documentation. In this way you can reliably check whether data is correctly and accurately entered into the system. This will also help you to identify and measure the possible loss of business/sales opportunity due to incorrect data entries. 

7. Political Risk 

This means monitoring the political environment, news and updated, which ultimately may have a negative impact on your business, and/or your customers’ business, which may result in credit losses.

Tip: The newly introduced fees by the Saudi Government on expats living with their families in Saudi Arabia, and the “invoice collected” resulted in many expats opting to leave the country, and has also put pressure on business owners to replace expats with Saudi nationals. This risk exposed banks and financial institutes to the “expat segment”, as many simply returned to their (native) countries without repaying their loans, while others simply left their “leased” vehicles at the airport.

8. Socio-Economic Risk

Social economics focuses on the core relationship between social behavior and economics. It examines how social norms, ethics, emerging popular sentiments, and other social philosophies influence customer behavior and their payments. It uses history, current events, politics, and other social sciences and instruments to predict potential payments resulted from changes to society or the economy. Different socioeconomic classes may have different priorities regarding how they direct their payments.

The socio-economic characters are gender, age, business type/sector, income level (or employment), education level, health level, and the overall social and economic exposure. These risks are not static, they are dynamic over time, and subject to change.

9. Internal Risks 

Internal risk is mainly caused due to the absence of professional and/or updated internal policies and procedures, as well as the absence of Compliance and Audit.

The organization must have professional, effective and updated policies and procedures. These policies and procedures should be drafted by Credit Management or the Chief Risk Officer (CRO), reviewed by the Chief Commercial Officer (CCO), and approved by legal, compliance, audit, and if available, the Credit Committee, and endorsed by the CEO.

Your internal policies, processes and procedures should aim to:

- ensure clear roles and responsibilities, and authority guidelines;

- avoid conflict of interest; and

- support dual monitoring (check & balance).

Incident: a few years back, two major banks in Saudi Arabia terminated their Senior Managers due to non-compliance with their internal outdated policy and procedures, they sincerely worked based on their knowledge of best practices, and the dynamic market change/demand. Their hearts were ‘definitely’ in the right place, but their methodology was incorrect, i.e., not internally reviewed and approved by their legal, compliance, audit and chief risk office (or credit committee), as it should have been.

I hope you have enjoyed, and benefited from, the above information.  There will be more articles from our book Happy Customers Faster Payment, Saudi Arabia edition, so stay tuned to enjoy your learning journey!

In the next educational posting, we will cover The 9 Cs for Credit Assessment and Evaluation, to make sure you have not missed it, constantly check in, or you may simply search using our unique hashtag #HCFP -- i.e., which stands for Happy Customers, Faster Payment. 

Best regards, 

Dr. Abdulrahman Abukhalid,

Mobile: +966-55555-1969

[email protected]

The Giant for Consulting and Training.

#Credit #Credit_Risk #Credit_Management #Risk_Management #Collection #Debt_Collection #Ministry_of_Justice #MOJ #Litigation #Risk #CRO #CEO #CFO #Book #Books #Authors #KSA #Saudi_Arabia #Holland #Netherlands #Vision2030 #Training #Courses #Consulting #Consultancy #Amazon #Collection #Learning #Self_Development #Skills #Legal #Covid19 #CoronaVirus