ASSESSING THE IMPACT OF OPERATIONAL RISK MANAGEMENT ON FINANCIAL PERFORMANCE OF SELECTED MAINSTREAM COMMERCIAL BANKS IN CAMEROON

The Basel Committee for Bank Supervision (BCBS) is aimed at enhancing financial stability of banking system by providing quality supervision and regulatory frameworks for global banking operations. The committee provides recommendations on capital risk, market risk, and operational risk; with the objective of ensuring that financial institutions have adequate capital reserved to absorb unpredicted losses. It is on this premise that this study seeks to analysis the impact of operational risk management strategies on financial performance of selected mainstream commercial banks in Cameroon. A quantitative case study design was used and supported with the philosophical underpins of objectivism ontology and positivism epistemology. Data was primarily sourced using structured questionnaires from two hundred and fifty (250) employees purposively sampled from National Financial Credit Bank (NFCB), the United Bank for Africa (UBA) and Eco Bank from the centre and littoral regions of Cameroon. Data was analysed using Structural Equation Modelling (SEM) with the aid of SPSS 23 and Amos 24. The study revealed that internal operational risk management practices, risk monitoring and control, and training and reporting have significant positive impact on financial performance. This study opined that financial performance increases with the implementation of internal operational risk management strategies. Furthermore, risk monitoring and control have significant mediating impact between training and reporting and financial performance. This study therefore recommends that the provisions of operational risk management strategies as prescribed by the Basel I, II, III and IV accords are significant drivers of a stable and resilient financial system in the case of Cameroon.


INTRODUCTION
Risk is inherent to every banking operation. Even the most carefully planned project can run into risk (Bpayne & Watt, 2019). Many definitions of risk have been advanced (Bpayne & Watt, 2019;Šoti & Rajić, 2015;Adams, 2014;Halle, 2015). Nonetheless, the most common characteristic of risk is that; it precipitates the feeling of urgency with negative outcomes (Bpayne & Watt, 2019). Irrespective of its negative feature, risk can be avoided, transfer or accepted (Bpayne & Watt, 2019). It is imperative to underscore that shareholders' wealth is determined by the trade-offs between risk and return. This explains the view that; higher risk usually implies higher returns (Nghiem, 2015). The expected (OHADA) are the laws that regulate the activities of commercial banks in Cameroon (Nico Halle & Co. Firm, 2000). The COBAC text of 17/01/1992 harmonise banking regulations in the six-member states of BEAC; differentiating banks from other financial institutions. It makes provisions for the licensing process of financial institutions, the nomination of its executive members and punishes establishments. It also specifies minimum paid-up capital, capital adequacy, risk coverage sharing and liquidity ratios (Nico Halle & Co. Firm, 2000); whereas, the OHADA Treaty governs conditions for establishing, functioning, and closure of firms in the CFA Zone, (financial & Co. Firm, 2000).

Operation Risk and definitions
According to (Basel II committee, 2017), Operational risks result from failed procedures, systems or policies such as employee errors, systems failures, fraud or other criminal activity and any event that disrupts business processes. This definition includes legal risk, but excludes strategic and reputational risk. For internal purposes, banks are permitted to contextualize the definition of operational risk, but must take into account the minimum elements as prescribed by Basel Committee's definition. Different from credit risk, market risk, and insurance risk; operational risks are usually not freely incurred. Moreover, they are not diversifiable and cannot be laid off. As long as people, systems, and processes remain imperfect; operational risk cannot be completely eliminated. Operational risk is manageable within some level of risk tolerance. It is natural for organizations to acknowledge that people and processes are likely to incur errors and contribute to ineffective operations.

Types of Operational Risk in Commercial banks
Basel II identified seven types (Categories) of operational risks exposed to financial institutions. Category I is fraud committed internally in an organization against its interest such as; misappropriation of assets, forgery, bribes, and theft whereas, external frauds (Category II) are committed by third parties including theft, cheque fraud, hacking and acquiring unauthorized information. Category III relates to employment practices and workplace safety risks such as; noncompliance of terms of employment, health-and-safety laws and regulations, inadequate compensation, unethical termination of employments and workplace discrimination. These could precipitate serious financial and reputational damage. Operational risk regarding clients, products and business practice (Category IV) occurs when organizations unintentionally fail to meet promises made to their clients rising from neglectful practices. This takes the forms of privacy and fiduciary breaches, misuse of confidential information, market manipulation, money laundering, unlicensed activities and product defects which may results to legal proceedings.
Another exposure is damages to physical assets (Category V) caused by natural disasters or events like terrorism and vandalism whereas, exposures due to business and systems failures (Category VI) include; supply-chain, telecommunication, and power supply disruptions. All these constitute operational risk. The last category relates to activities comprising; execution, delivery and process management (Category VII). Disruptions in supply, transaction and process management have the potential to caused loss. Errors in data entry, miscommunication, deadline failures, accounting errors, inaccurate reports, incorrect client records, and negligent loss of client assets can precipitate legal threats to the organization. Operational risks can be mitigated if the core operational vulnerabilities are known. This could be easily resolved if risk assessment is done daily. Triggers of operational risk evolve periodically. It is incumbent for banks to develop innovative strategies to tackle such risks in other to avoid loss resulting from credibility, reputation and finances of the bank.

Bank's Performance Indicators
Profit is the ultimate goal of any business. However, there are variety of performance indicators used such as; Return on Asset (ROA) and Return on Equity (ROE) (Alexandru, 2008). ROE is a financial ratio that refers to how much profit a company earned compared to the total amount of shareholder equity invested. It is equally referred too as shareholders rewards. A business with high return on equity is more likely to generating cash. ROE reflects the effectiveness and efficacy of bank management (Khrawish, 2011). In addition, return on asset (ROA), also indicates the profitability of a bank. It measures the amount of income generated from the utilisation of assets (Khrawish, 2011). It shows how efficiently resources of the company are used to generate income. Higher ROA indicates efficient utilisation of asset by management Wen (2010).

EMPIRICAL EVIDENCE 3.1 Hypothesis Development
A number of studies have been conducted on operational risk management practices. However, (Yussuf, 2005) examined operational risk management by commercial banks in Kenya and revealed that quantification of risks into various categories was widely practiced though, banks do not necessarily make attempt to predict the degree of occurrence of risks. Meanwhile, (Pourquery & DeMulder, 2009) found that operational risk management is yet to gain widespread acceptance as an essential component of the business. The survey covered 60 banks from around the world and revealed that about 70% of 60 banks sampled viewed operational risk as "very important" while, regulatory compliance and fraud are top priorities for operational risk management. Similarly, (Kamau, 2010) in a study on the adaptation of risk management by commercial banks in Kenya, indicated that operational risk is critical and were mainly caused by increase of automated technology, lack of qualified staffs, lack of management supports, and internal and external frauds, whereas, (Macha, 2010), found that 20 out of 56 financial intermediaries have insurance against operational risk in Tanzania. Contrary, Kwasi (2010) revealed evidence of adequate risk management structure supported with strong risk culture in Eco bank Ghana limited. Staffs are conscious about risks and lookout to minimize uncertainty through regular education and training. Koomson (2011) indicates that though operational risk management is new in the Ghanaian banking industry, but their operations are well guided by Basel II directives to cater for operational issues and embrace operational risk management.
Principle 7: An effective internal control system requires that there are adequate internal financial, operational and compliance data, as well as external market information about events and conditions that are relevant to decision making. Information should be reliable, timely and accessible.
Principle 8: An effective internal control system requires that there are reliable information systems that cover all significant activities of the bank.
Principle 9: An effective internal control system requires effective channels of communication to ensure that all staff fully adheres to policies and procedures affecting their duties and that relevant information should reach appropriate personnel.

Monitoring Activities and Correcting Deficiencies
Principle 10: The overall effectiveness of the bank's internal controls should be monitored on an ongoing basis. Monitoring of key risks should be done daily as well as periodically.
Principle 11: There should be an effective and comprehensive internal audit of the internal control system carried out by trained and competent staff. Reports are sent directly to the board of directors, audit committee, and senior management.
Principle 12: Internal control issues should be reported in a timely manner to the appropriate management level and addressed promptly.

Evaluation of Internal Control Systems by Supervisory Authorities
Principle 13: Supervisors should require that all banks, regardless of size, should have an effective system of internal controls that is consistent with the nature, complexity, and risk inherent in their onand off-balance-sheet activities.
Based on the principles of the Basel II accords, the following hypotheses are stated; H1: Internal operational risk management practices has significant effects on financial performance H2: Risk assessment and analysis influences financial performance, H3: Risk monitoring and control significantly effects financial performance H4: Training and reporting strongly impact financial performance H5: Risk Identification and understanding is impact financial performance

METHODOLOGY
A conclusive case study design (Gomm, Hammersley & Foster, 2000;Yin, 2009) was adopted and supported by the philosophical orientations of positivism epistemology objectivism ontology (Younkins, 2012;Smith, 2013), and value-free axiology (Khan & Mubashera, 2012). Data was primarily sourced using structured questionnaires survey (Wiseman-Orr, 2006) and operationalized using five Likert scales (Mogey, 2007). Two hundred and fifty employees were purposively sample from NFC Bank, UBA Bank and Ecobank in the centre and littoral regions of Cameroon. The research approach is deductive (Burneyl, Saleem, & Hussain, 2008) and the sampling strategy was purposive (Tongco, 2007). Data was analysed using Amos24 and SPSS 23 statistical packages. Parametric assumptions for model fitness (Garson, 2012) were conducted and data cleaned using Exploratory Factor Analysis (Williams, Brown, & Onsman, 2010) and Confirmatory Factor Analysis (Prudon, 2013). Constructs were tested for validity using the construct validity test (Strauss & Gregory, 2009). The reliability of the research instrument was completed using alpha Cronbach (Bonett & Thomas, 2014). Structural Equation Modelling was done based on the goodness of fit parameters supporting the analysis (Joop & Timo, 1999).

DATA ANALYSIS AND PRESENTATION OF RESULTS
Data cleaning and management was completed using Exploratory Factor Analysis (EFA). The modalities for analysis were checked. The Kaiser-Meyer-Olkin Measure of Sampling Adequacy (KMO = 0.703 > 0.5) and the Bartlett's Test of Sphericity with Approx. Chi-Square (X2 = 649.683), Degree of Freedom (DF = 120) and P-Value (sig = 0.00< 0.01; 0.05) both revealing adequacy of the sample size and the existence of at least 1 significant correlation in the data set. Based on these premise, the data was fit for factor analysis. Furthermore, four new components were extracted using Principal Component Analysis (PCA) based on fixed factor extraction mode of 4 items. Total Variance Explained (TVE) was 64.6%. Components 1, 2, 3, and 4 has Eigen values of 3.942, 2.579, 1.965 and 1.856 respectively all greater than 1. In addition, they each explained 24.6%, 16.1%, 12.3% and 11.6% of total variance respectively as shown below. Furthermore, four fixed components were rotated using Promax and the pattern matrix below showed evidence of appropriate loading of factors for respective components with no cross loading and factor coefficient being less than 0.5. The extracted and well loaded indicators for each variable then become the retained indicator for the study as shown below.

TR8
.842 Extraction Method: Principal Component Analysis. Rotation Method: Promax with Kaiser Normalization. a. Rotation converged in 5 iterations.

Source: SPSS Outputs
In addition, data obtained from the dependent variable was downsized using Exploratory Factor Analysis (EFA). Results from the analysis indicated Kaiser-Meyer-Olkin Measure of Sampling Adequacy (KMO = 0.792 > 0.5) and the Bartlett's Test of Sphericity with Approx. Chi-Square (X2 =208.756), Degree of Freedom (DF = 15) and P-Value (sig = 0.00< 0.01; 0.05) both revealing adequacy of sample size and significant correlation in the data set. Based on these premise the data was fit for factor analysis. Total Variance Explained (TVE) by the extracted components was 70.2%. Components 1& 2, has Eigen value of 3.171and 1.040 respectively all greater than 1. In addition, they each explained 52.84% and 17.33% of total variance respectively. This is as shown below:

Source: SPSS Outputs
The pattern matrix below represents factor loadings of the retained indicators for the new component created as shown below:

Validity and reliability
All retained indicators and constructs were tested for Construct Validity (CV). The acceptable threshold is when Average Variance Explained (AVE > 0.5) as shown below

Structural Equation Model (SEM) Development and Specifications
The hypotheses were tested using the specifications of Structural Equation Modelling (SEM) as shown below: Source: SPSS Outputs The aforementioned model revealed that internal operational risk management practices, risk monitoring and control, and training and reporting have significant positive statistical impact on banks' financial performance. This implies that enhancing operational risk management strategies will results to positive financial outcomes.

Figure 3: Structural Equation Model
The study was modified to mediate the effects of risk management and control between the training and reporting and financial performance. The study reviewed positive significant evidence that developing capacity on risk management and control during training has significant impact on financial performance in banks as shown below.

Figure 4: Modified Structural Equation Model
ISSN  Hypotheses P-Value @ 95% CI Size of Effects Decision /conclusion Internal operational risk management practices P-V = 0.035 < 0.05 0.15 Reject the null hypothesis Risk monitoring and control P-V = 0.008 < 0.05 0.19 Reject the null hypothesis Training and reporting P-V = 0.01 < 0.05 0.16 Reject the null hypothesis Mediating effect of risk monitoring and control in the relationship between training and reporting and financial performance P-V = 0.0130< 0.05 0.042 Reject the null hypothesis

CONCLUSIONS
Two key objectives were statistically tested using a sample of 250 employees from NFC, UBA, and Ecobank in Cameroon's economic capital city of doula and Yaoundé to predict the impacts of operational risk management strategies on financial performance. Data was analysed at the 95% confidence interval using Structural Equation Model and results revealed that internal operational risk management practices, risk monitoring and control, and training and reporting have significant effects on financial performance. The study was modified to mediate the effects of risk management and control between the training and reporting and financial performance. The study reviewed positive significant evidence to suggest that developing capacity of risk management and control during training has significant impact on financial performance of banks. This study therefore recommends the provision of the Basel accords to be relevant in the context of Cameroon banking industry specifically regarding operational risk management.