The Group continuously strengthens its risk management framework to address evolving challenges and risks, ensuring it aligns with the needs of a sustainable financial institution. As a microfinance operator, the Group adopts a prudent and consistent approach to managing risk. Its risk culture is shaped by its core values, beliefs, knowledge, attitude, and risk awareness across its diverse operations. The Group evaluates its risk landscape by identifying and assessing both quantifiable and non-quantifiable risks, which are then embedded into its management and decision-making processes.
At the subsidiary level, the Risk Management Unit is responsible for continuously identifying and assessing both existing and emerging risks. It collaborates with risk owners to implement mitigation measures and actively monitors risk levels. These efforts are documented in risk reports for management review. The subsidiary-level Risk Management Coordination Committee reviews the risk reports, which are then approved by the subsidiary CEO before being presented to the subsidiary Audit and Risk Committee (‘ARC’). The Group Risk Management team consolidates these country risk reports to create a comprehensive Group risk report. This report is discussed at the Executive Committee meeting before being presented to the Group ARC, where it is thoroughly reviewed and recommendations are made to enhance risk management efforts.
Risk appetite, or the amount and type of risk that the Group is willing to accept, tolerate, or expose itself to in pursuit of its business objectives, is set at a level to avoid material loss, fraud and operational inefficiencies. The Group establishes its risk appetite to provide direction and set boundaries for risk management across its microfinance institutions. The Group targets more conservative financial and prudential ratios than required by regulators in the countries of operation whilst ensuring full compliance with all local regulations and laws. The Group also has zero tolerance for any unethical, illegal or unprofessional conduct and maintains a zero appetite for association with any disreputable individuals. The Group reviews its risk appetite on a quarterly basis by preparing a comprehensive risk appetite report based on Key Risk Indicators (KRIs). These KRIs are assigned tolerance levels, which are established based on various factors, including the regulatory landscape, budget constraints, historical trends, and future projections. The tolerance levels are periodically reviewed and adjusted, if necessary, following recommendations from the Executive Committee (‘ExCo’), Asset and Liability Committee (‘ALCO’), or ARC. This dynamic approach ensures that the Group’s risk appetite remains aligned with evolving business conditions and strategic objectives.
ASA International has a moderate risk appetite. We strive for a balanced approach, accepting risks associated with investing in microfinance operations in emerging markets while prioritising prudent risk management to safeguard the interests of our clients, investors, and stakeholders. Our commitment to a high level of compliance, strict adherence to well-defined operational procedures, and a focus on sustainable financial inclusion are the basis of our dedication to achieving social economic impact for our clients and generating sustainable financial returns for the Company.
First line of defence
The first line of defence in a microfinance company comprises operational staff, such as loan officers and branch managers, responsible for managing risks in daily activities. They ensure compliance with policies, conduct client due diligence to prevent fraud and over-indebtedness, and maintain accurate records to minimise errors. Internal controls, like dual approvals, are used to safeguard processes and enhance risk management.
Second line of defence
The second line of defence at the Group’s subsidiaries provides guidance and oversight of the activities performed by the first line of defence. It includes internal oversight functions such as Compliance, Risk Management, and the Fraud and Misappropriation Prevention Unit (‘FMPU’).
Third line of defence
The third line of defence is Internal Audit at both the Group level and the microfinance institution level. In addition to regularly performing internal auditing activities, Internal Audit ensures that all units responsible for managing risk are performing their roles effectively and efficiently.
Details of the Group’s key risk management areas can be found on page 40 of the 2024 Annual Report. This section should not be regarded as a complete and comprehensive statement of all potential risks and uncertainties faced by the Group but rather those which the Group currently believes may have a significant impact on its performance and future prospects.
Emerging risks are potential threats or uncertainties that have recently emerged or developed, often characterised by their unpredictability and potential for significant impact. ASA International conducts quarterly risk assessments at all entities, which are performed by the respective risk officers and reviewed by the entity-level Risk Management Coordination Committee. During these assessments, emerging risks are discussed and if a risk is identified that is not covered by the Group risk taxonomy, it is communicated to the Group. On an annual basis, the Group Risk Management function reviews and, if necessary, updates the risk taxonomy to include any newly identified emerging risks. The senior management discussions during the Group-level ExCo, ALCO or ARC meetings may also serve as a source for identifying emerging risks. In addition, the Group Risk Management function is subject to internal audit, which may result in recommendations to identify certain emerging risks as part of the internal audit review process.