DHFL Risk Management
Corporate Governance
 
 

Risk Management

Introduction

Dewan Housing Finance Corporation Limited (DHFL) is committed to managing to its risk in a proactive ongoing and positive manner and has also adopted structured and discipline approach to risk management by developing and implementing risk management programmed .This policy outlines DHFL’s approaches to the Risk Management.

DHFL’s Organizational Structure and business strategies have become an integral part for aligning Risk Management.. DHFL has taken number of initiatives in its Housing Finance business and has also taken various initiatives for strengthening the risk management practices. The comprehensive risk management programmed being implanted.

Risk is anything that can impede or enhance an organization’s ability to meet its current or future objectives. The Risk Management is the culture, processes and structure that are directed towards realizing potential opportunities whilst managing adverse effects.

This Risk Management Policy framework has been formulated to ensure that there is a formal process for risk identification, risk assessment and risk mitigation to effectively manage risks associated with the business of the Organization. Risk management in the organization provides a framework to identify, assess and manage potential risks and opportunities. It provides a way for the manager to make informed management decisions. Effective Risk Management affects everyone in the organization. To ensure widespread understanding the Board members and all operational / business unit managers should be familiar with, and all staff aware of, the principles set out in this document. All the employees of the Company shall adhere to this policy.

This Policy has been prepared to safeguard the Company’s assets – employees, finance, property, information and reputation; create an environment where all executives assume responsibility for risk management and critically identify potential risks, measure their potential impact on the Company and formulate risk management strategies to mitigate potential loss from the risks.

Purpose

This Policy set out the organizations Risk Management Policy and includes:

  • (a) Objectives of the Risk Management Policy
  • (b) Risk Management Principles Relative Responsibilities
  • (c) Risk Tolerance Limit
  • (d) Risk Framework
  • (e) Risk Communication

Objectives

The objectives of this organization's Risk Management Policy is to help the manager at all levels make informed decisions which:

  • Improve business performance and improve decision making and planning.
  • Promote a more innovative less risk adverse culture in which the taking of calculated risks in pursuit of opportunities to benefit the organization is encouraged.
  • Provide a sound basis for integrated risk management and internal control as components of good corporate governance.

The managers and staff at all levels will be responsible to identify, evaluate and manage, mitigate and report risks, and will be equipped to do so.

Application

The policy framework shall apply to all divisions, and departments of the organization. All the Divisions / Departments ("Divisions") namely:

  • (a) Credit Department
  • (b) Marketing Department.
  • (c) Corporate Finance and Investment Department
  • (d) Human Resource Department
  • (e) Information Technology Department
  • (f) Audit and Inspection Department
  • (g) Corporate Policy Department
  • (h) Legal Department (i) Operations Department
  • (i) Secretarial Department and
  • (j) All Zonal offices and Branches of the organization

The Policy shall apply appropriate Risk Management practices and techniques within the context of their own activities. All these Departments, Divisions and offices shall take the assistance of Group Risk Officer and / or Respective Head of the Department, as and when required .

General Principles

  • All risk management activities will be aligned to corporate aims, objectives and organizational priorities, and will aim to protect and enhance the reputation and standing of the organization and to promote profitable growth.
  • Risk analysis will form part of organizational strategic planning, business planning and Housing Loan /investment/project appraisal procedures.
  • Risk management will be founded on a risk-based approach to internal controls, which is embedded in day to day operations of the organization.
  • Risk management approach will direct the work to gain an assurance on the reliability of organisational systems and will form the key means by which the Board gains its direct assurance.
  • Managers and staff at all levels will have a responsibility to identify, evaluate and manage or report risks.
  • The Company will foster a culture which provides for spreading best practice, lessons learnt and expertise acquired from our risk management activities across the organization for the benefit of the entire organization.

Risk Management Process
1.Identifying Risks

The first step in the Risk Management Policy is to identify risk. Identifying risk involves first examining the sources of all kinds of risk, particularly from the perspective of internal and external stakeholders. The organization preferred process involves bringing together a representative group to identify 'what may go wrong'. Relating these risks to the strategic and operational objectives of the organization and to the financial statements of the organisation will ensure that the risks are relevant to the future directions of the organization. Once this step has occurred it is important to ensure that the root cause of the risk is identified. This requires discussion with the people in relevant areas. The risk analysis will form part of the organizational strategic planning, business planning and investment / loan appraisal procedure.

The risks categorized under the following heads have to be identified by the respective Divisions :

  • 1. Corporate Risks
  • 2. Credit Risks
  • 3. Market Risks
  • 4. Operational Risks
  • 5. Political Risks
  • 6. Business Risks
  • 7. Financial Risks
  • 8. Liquidity Risks
  • 9. Legal and Regulatory / Statutory Risks.

2. Evaluating, Assessing and Prioritizing Risks
the next step in the Company's risk management process is evaluation. This involves:

  • identifying who has responsibility for managing the risk
  • assessing the probability of the risk occurring
  • assessing the impact of the risk should it occur
  • assessing the types of controls currently in place
  • assessing the adequacy of the controls
  • Identifying future actions to better manage the risk or to de-risk the process.

The table below gives guidance in assessing the probability, impact and control ratings associated with each risk. In the absence of more quantitative data, this approach relies very much on the experience and knowledge of a group of people from the area under consideration:

I Probability Very High High Medium Low Very Low
    Certain to happen sometime in the next 12 months Highly likely to happen sometime in the next 3 years Likely (or possible) to occur at some time in the future Unlikely to occur at any time in the future Highly unlikely to occur
II Impact Rating* Very High High Medium Low Very Low
III Control Rating Excellent Very Good Good Medium Poor Insignificant
    effective and efficient Reasonable, well balanced and effective Reasonable and well balanced Just starting Very few mechanism are in place  

*To be rated depending on the possible consequences and to be measured accordingly.

The process of assessing the probability, impact and adequacy of controls is best done with a group of people who understand the particular area identified from within each Division to be headed by the respective Divisional Heads.

In this context, a Risk taking capacity or Risk appetite of the functions will be defined at all divisiona level. Thereafter, a Risk strategy will be framed to minimize the risk and align it to further the objectives of the Organization.

3. Evaluating Controls

The third step in the Company's risk management process involves evaluating the controls set up to identify and mitigate risks.

Controls can be grouped under the following headings:

  • Preventative controls: qualified staff; position descriptions; training; performance measures; strategic and operational plans; po licies and procedures; codes of conduct; security, manuals and guidelines issued from time to time.
  • detective controls: checks; financial reconciliation; audits; monitoring; fire alarms
  • Reactive controls: contingency plans; backups; recovery plans; insurance.

The Internal Audit Department will prepare an annual audit plan, which is based on the identification of critical risks of the Company. The Audit Department will assess the adequacy of the controls associated with the critical risks and reports its finding to the Audit Committee and to the Board of Directors.

4 .Monitoring

Departmental heads will report to the Board of Directors about the potential risk to the Company in their domain on a continuous basis, along with measures to be taken to manage them in an optimum manner.

5 .Responsibilities:

(a) The Board of Directors will be responsible for monitoring and reviewing the Risk Management programmed.

(b) The Audit Committee will be responsible for advising to the Board of Directors and Chief Executive on risk management and the internal control and also to inform how effectively the risk is managed and reliability of the internal control system.

(c) All the operational / business Managers, Head of the Departments , Zonal Heads and Chief Executive Officer , shall responsible for ensuring the compliance with the prescribed procedures set out in the organizational policies. They are responsible to identify , evaluate and manage operational risks and bring the same to the Boards attention . The Business managers , Heads of the Departments and Respective Zonal Managers are ideally placed to pick up on those early warning indicators which might identify where problems are developing and this is an important responsibility.

(d) Operational managers/ Branch Managers shall ensure that everyone in their unit / Branch understands their risk management responsibilities and must make clear the extent to which the staff are empowered to take the risk.

(e) All the personnel shall responsible for maintaining good internal control and managing risk in order to achieve personal, team and corporate objectives. Collectively staff in business unit need the appropriate knowledge, skills, information and authority to establish, operate and monitor the system of internal control. This requires an understanding of the organization, its objectives, the risks it faces and the people they deal with. Everyone shall be aware of the risk they are empowered to take, the risk which shall be avoided and risk which shall be reported upwards.

Risk Tolerance

Chief Executive and the Board of Directors encourage the taking of controlled risks, the grasping of new opportunities and use of the innovative approaches to further the interests of the organization and achieve its objectives provided the resultant exposures are within the Organization’s tolerance range.

The organization’s Risk Tolerance can be defined by reference to the following components:
(a) Acceptance Risks

All the personnel should be willing and able to take calculated risks to achieve their own and Organization’s objectives which benefit to the organization. The associated risks of the proposed actions and decisions shall properly identify, evaluated and minimized to ensure that exposures are acceptable.

Within the organization particular care is needed in taking any action which could:

  • Impact the reputation of the organization
  • Impact performance
  • Undermine the independent and objective review of the activities
  • Result in censure/ fine by regulatory bodies
  • Result in financial loss

Any threat or opportunity which has sizable potential impact on any of the above shall be examined and their exposure shall be defined and it shall be discussed with the respective Manager/ Departmental Head/ Zonal head. Where there is significant potential impact and high likelihood of occurrence it shall be referred to the Board of Directors as a corporate risk.

(b) Prohibited Risk Areas

Organizational policies and guidance manuals i.e. Credit Manuals, Legal Manuals etc which defines the mandatory processes and procedures has to be followed. Compliance with these processes and procedures is required and confirmation of compliance shall be sought in the annual certificates and non compliance shall be treated as unacceptable risk.

Some risks are acceptable provided the prescribed organizational process is followed e.g. expenditure proposal, staff recruitment etc., and the the designated responsible are adhered to.

Subject to above, Branch Managers /Zonal Managers / Head of Departments may take risk management decisions on the basis of their delegated financial authority and the devolvedresponsibles set out in the Framework Documents.

Risk Framework

The Board of Directors will review the corporate risk profile from time to time. The progress of the risk management programmed shall be regular in the Agenda item of the Board of Directors The improvements and benefits of effective Risk Management are:

(a) An increased likelihood of achieving the organizations aims, objectives and priorities.
(b) Prioritizing the allocation of resources.
(c) Giving an early warning of potential problems.
(d) Providing everyone with the skills to be confident risk takers.

Communication Policy

The risk management policy should be communicated to all employees of DHFL through the Local intranet.
The risk management policy should also be displayed at all strategic administrative locations of the company.
Feedback and suggestion for improvement of the Policy are welcomed.

Top