(Address by Dr. K. C. Chakrabarty, Deputy Governor, Reserve Bank of India at the Inaugural Session of the Conference of non-Executive directors on the Boards of Commercial Banks, organized by CAFRAL in Mumbai on May 13, 2013)
The learned Non-executive directors on the Boards of various commercial banks; Shri A.K. Garg, CGM, CAFRAL; colleagues from the Reserve Bank of India; ladies and gentlemen. It is a pleasure and privilege for me to be amongst you this morning at the inaugural session of this conference organized by CAFRAL, with the objective of enabling non-executive directors of commercial banks to effectively perform their responsibilities as members of Bank Boards. As non-executive directors, all of you can play important role in ensuring that a sound risk management ethos gets percolated from the top management right up to the line staff in the field and that a healthy compliance culture evolves within your respective organizations. I am happy to note that the conference has brought together directors with expertise in a variety of fields such as finance, accountancy, legal, administration, social service, etc. I hope this conference aids and assists you all in effectively discharging the challenging role of non-executive directors in banks.
2. In the light of the global financial crisis and the recent developments in the Indian financial system, the focus is squarely on the ability of banks and supervisors to understand risks inherent in banking business and to institutionalize an appropriate architecture for effectively managing these risks. The need for a robust supervisory framework for monitoring the risk levels in banks™ operations has been duly recognized by financial sector policy makers across the globe, more so in the wake of the Financial Crisis. Accordingly, measures to strengthen supervisory oversight of banks have been at the core of the reform process that has been since set in motion. In India, one important initiative being taken by the Reserve Bank is the phased migration to a Risk Based Supervision model, which seeks to address several of the present concerns regarding the supervisor™s and banks™ ability to identify and manage the key risks in banks™ operations. Therefore, today I would like to share my thoughts on the Risk Based Supervision (RBS) that we are rolling out for select banks from the current supervisory cycle. I hope that we would be able to count on all of you to work towards ensuring that your respective organizations are fully geared up for the successful launch of this initiative.
3. Let me confess that I have a vested interest in coming here and I will explain why. Some of you may be aware that I chaired a High Level Steering Committee which reviewed the supervisory processes for commercial banks last year. Let me also share that this Committee included an academician, some of the seasoned practicing and retired commercial bankers and the regulator. The Committee, inter alia, unanimously recommended a shift to a risk based approach for supervision of commercial banks in India, so as to ensure that the incipient risks could be proactively identified both at the individual institution level and at the systemic level, and measures could be initiated to address them. The Committee also made several other significant recommendations aimed at improving the supervisory processes in respect of commercial banks.
4. Let me remind you that risk based supervision is nothing new. Several jurisdictions across the globe have adopted variations of the risk based approach in their supervisory practices with different degrees of success. The veterans amongst you would recall that Reserve Bank of India too had attempted to bring in some semblance of a risk based approach to supervision about a decade back. However, we had to rest that attempt. Several reasons may be attributed to why our attempt to usher in risk based supervision had suffered a setback. Though I would not attempt a post mortem of why RBS had failed to take off, let me share that our internal assessments showed that the banking system was not really ready for the introduction of RBS when we first attempted it in 2003-04. The primitive risk management systems at banks, low levels of technology, inadequate human resource capabilities and above all, lack of patronage from the Board and Top Management were amongst the primary reasons that led to stalling of the project in our maiden attempt.
5. Let me also share that before accepting the HLSC™s recommendations, there was a lot of circumspection and internal debate on whether the ground realities had actually improved and whether the time was ripe for attempting a re-introduction of RBS. A lot of positive developments have happened in the Indian banking sector since 2003-04 and improved technology has been the bedrock of these developments. Core banking solution has been implemented across all banks, which has, in turn, facilitated data availability, consistency and improved quality of MIS. The regulatory push in the form of Basel II guidelines and the competitive market forces have also compelled the banks to invest in improving their risk assessment and risk management capabilities. Today, the frontline staff as well as the Top Management is definitely much more conscious about the risks that their banks face and are sanguine about their abilities to manage them. Despite these positive developments, let me admit that a whole lot still needs to be done both at the level of the supervised entities and at our level in the Reserve Bank. It is in the face of these challenges that the Board for Financial Supervision has decided to tread with caution and approved the roll out of RBS in a phased manner. As I mentioned earlier, as the Chairman of the HLSC and a resolute supporter of the risk based approach, I have a vested interest in successful roll out of RBS and that is why I immediately agreed to the invitation from the Director, CAFRAL to address this august group, which, I firmly believe, can act as the catalyst for ensuring the successful roll out of RBS.
6. Having set the context, let me step back and reflect on some of the fundamental issues that need to be understood and appreciated not only by the supervised entities but also the regulatory and supervisory community, for ensuring a vibrant banking sector. I would also share my perspectives on what I consider as essential pre-requisites for the success of risk based supervision and our expectations from the banks.
7. Before I venture any further, let me clarify upfront that no amount of regulation or supervision can save an institution if the Board/Top Management is not sensitive enough about what is good for their bank. The Board and Senior Management are the first line of defense at the banks and we, as supervisors, place a lot of faith in them to identify, manage and mitigate risks in banks™ day-to-day affairs. Therefore, I would emphasize that ensuring readiness of the banks for the success of RBS is a management function. In my remarks today, I would reflect on some of the necessary preconditions that must be met for the successful transition to a risk based approach to supervision.
8. It is important at this stage to understand and clearly appreciate some of the fundamental concepts of supervision like – what is supervision, what it seeks to achieve and what are the attributes of a good supervisor? Unless all of us the bank management, the internal auditors and the supervisors clearly appreciate these basic tenets of supervision and their respective responsibilities, we would not be able to make any meaningful progress in our endeavour to transit to RBS. Banks, as you all know, occupy a pre-eminent place in any financial system by virtue of the role they play in spurring economic growth by undertaking maturity and liquidity transformation and supporting the critical payment systems. The transformation role that the banks play, coupled with the volatility of financial markets, increased competition and diversification, exposes them to a variety of risks. The need to keep a tab on these risks is more exacerbated as the banks not only use public funds, they also receive some protection in the form of depositor guarantees and the possibility of liquidity support. Thus, need for identifying risks and finding ways and means to mitigate them is not only significant from the perspective of safety and soundness of individual institutions but also from a systemic stability perspective. These objectives are sought to be achieved by subjecting banks to some form of regulation and supervision.
9. When I pose a simple question to my supervisory staff on what is supervision, invariably I get a common response monitoring of compliance to regulations by the regulated entities. That brings me to our first fundamental question – what is supervision and how is it different from regulation? As you all would have noticed, Regulation and Supervision are quite interchangeably used in most literature. This is more so because, ideally, they seek to serve the same objective – protecting depositors and promoting financial stability. However, there is a wide difference between the two functions. ˜Regulation™ is synonymous with laying down the rules and norms for doing business by all the market players and, therefore, is uniformly applicable to all market participants. ˜Supervision™, on the other hand, is the process through which the rules and norms are enforced at individual entity level. Thus, on a very broad level, the difference between the two is that while regulation is applicable to the system as a whole, supervision is entity-specific, with the intensity of supervision being proportional to the perceived risk levels. By making this point, I am trying to underline that supervision is more contextual rather than being generic. Here, I would like to emphasize that it is essential to have clarity on the demarcation of the roles and remits of regulation and supervision. In the absence of this, both regulation and supervision are likely to get diluted and weakened, which would have an adverse impact on the strength and resilience of the financial sector.
10. Let me now turn to the second issue of what supervision seeks to achieve?
As I mentioned a little while earlier, the basic function of the supervisor is to enforce the rules and norms laid down by the regulator. There is a marked difference between merely monitoring whether the entities are adhering to the regulations and actually making sure that the regulated entities adhere to them in practice. The job of the supervisor is to ensure that the entities necessarily comply with whatever mitigation plan is given to them. The supervisor should ask questions of the supervised entities even when the going seems good, let alone during bad times. Not only ask questions, but to also effectively intervene. No doubt, this is an arduous task as the supervisors would be seen and treated like party poopers, but that is precisely the role that they ought to play. I believe many of the supervisors, in the lead up to the crisis, simply failed to enforce the regulations and instead, relied too heavily on the merits of the efficient market hypothesis or the bank managements™ inner conscience. All of you, as non-executive directors, have important roles to play. You need to ask questions when the going seems good. You must focus on specific issues and seek precise clarification. You would also need to ensure that there is an appropriate internal mechanism which makes certain that the directions given by the Board are properly implemented down the line.
11. That brings me to the third question – what are the attributes of a good supervisor? When could supervision be considered effective? An IMF Staff Position Note2 has very lucidly explained five attributes of a good supervisor. The note mentions that Good Supervision has to be intrusive. This does not mean being involved with the day to day affairs of the bank or micro-managing things. It, essentially, means knowing the bank, its institutional structure and its risk profile very intrinsically. Listing the other attributes of a Good Supervisor, the Note mentions that supervision has to be sceptical but proactive, implying that the supervisor should not take things for granted. The note also mentions that Good Supervision should be comprehensive- meaning that the supervisors need to look holistically at the entire banking group on a consolidated basis. In fact, many of the supervisory failings have been on account of a lack of understanding of the risks at the periphery in perceptibly low risk subsidiaries or low risk business verticals. The paper further mentions being ˜adaptive™ and ˜conclusive™ as two other attributes of a Good Supervisor. These refer to the need for being alert to the developments, both within the bank as well as on the macroeconomic front, and quickly re-evaluating the risk profile of the institution. By being ˜conclusive™ means that supervisors need to take their findings to logical conclusion through further probing or deliberations and discussions. Let me add that all these attributes of a good supervisor are also relevant and important in your conduct as non-executive directors. Adherence to these principles would mean that you are able to take informed decisions and ensure that these are properly implemented.
12. On top of these attributes, the IMF note also identifies two features that signify good supervision. First, having the ability to act; and second, having the will to act. While the ability to act is judged in terms of the legal authority and the necessary resources, the willingness to act is judged in terms of having a clear and unambiguous mandate, operational independence, accountability, a healthy relationship with the industry, etc.
13. Having seen the key attributes of a good supervisor, it is necessary that our approach focuses on assimilating these virtues into our supervisory practices. The growing convolution in the financial market place is reflected in changes in the structure of banking groups and increasing complexity of products and services that are being offered by the market players. There has been a virtual explosion in the number of market players and the products and services on offer, which has complicated the turf for the supervisors. It is, therefore, pertinent that the supervisors are able to identify the institutions that pose the biggest risk to the supervisory objectives and whose failure would have the maximum impact on financial stability. To achieve the above objective, it is imperative that the supervisor is able to assess and zero in on the real sources of risks facing individual institutions and develop appropriate risk mitigation plans. The ability to conduct a proactive assessment of the major risks and to supervise them based on the probability of the risks crystallizing and the impact the likely failure of the bank might have on the financial system, is the hallmark of a risk based approach to supervision. Post crisis, there has been a shift towards RBS, away from the erstwhile CAMELS approach, which uses a backward looking methodology and transaction testing model. The RBS, on the contrary, is forward looking as it seeks to assess the risk buildup in a more dynamic manner. It focuses on the twin objectives of examining whether the supervised entity follows the regulatory prescriptions and whether its internal risk management practices are in line with regulatory expectations.
Pre-requisites for the success of Risk Based Supervision
Effective Risk Management System
14. At the core of supervisory monitoring under RBS is an assessment of the quality of a bank’s procedures for evaluating, monitoring and managing risk, and of the bank’s internal models for determining economic capital. These models link capital to risk-taking and help banking organizations compare risks and returns across diverse business lines and locations. Since under the RBS supervisors, essentially, rely on the inputs provided by banks™ risk management systems, the RBS can only be as effective as banks™ risk management systems.
15. It is, indeed, true that the risk management challenge for banks has been steadily growing over the last two to three decades. This can be attributed to several developments in the financial sector like deregulation of financial markets, banks™ diversifying into newer business lines such as providing custodial services, securities underwriting and corporate advisory services, growing inter-connectedness of the financial system, emergence and growth of complex financial products, etc. For the success of RBS, it is imperative that, as part of their risk management framework, banks are oriented towards identifying the path and passage of risks and towards pricing such risks appropriately. I would like to add that as non-executive directors you must focus on identifying the specific areas in the bank which pose greater risks and devote more time and energy to those areas.
Need for an effective Management Information System
16. That, however, tempts me to pose some more very basic, but interesting questions. We are talking about identification of risk, their management and mitigation. But how many banks today can tell me the number of products and services they offer at their branches? Also, do they have an idea of the number of customers they have? I am not talking about number of accounts here. The difference between the two is that an account is a ledger page while the customer is a live individual. Can the banks tell me how many products or services each customer of theirs uses? If you don™t have such basic information, what kind of a risk management system can you develop? Unless you have a fair idea of the number of products, number of customers, number of products and services per customer, cost of providing each product/ service, returns from providing each product/ service and risk involved in each product/ service, how do you decide on which activities are remunerative and which are not? How do you decide on your product promotion and pricing strategies unless this information is readily available? Why have certain products when there is no demand for them? After all, there is a cost attached to product promotion. As banks are perceived to be offering identical products and services, how does the Board/ Top Management set about differentiating their bank from others, unless they have such basic granular details?
17. Under RBS, it is essential for the banks to have the capability and infrastructure to support a robust and reliable MIS architecture, with data integrity. A data warehouse wherein data flows from the transactional system without manual intervention and is capable of generating various MIS reports on all major activities of the bank (including activity-wise/segmentwise analysis) is one of the prerequisites for effective risk management. In the absence of a reliable MIS, it would be a near impossible task for the bank management to get a true and fair picture of the quality of assets, earnings, etc.
Risk based pricing of products and services
18. Risk-based pricing means determining loan pricing based on the expected loan risk. Typically, a borrower™s credit risk is used to determine whether a loan application should be accepted or declined. The same risk level could be used to determine the optimal pricing. This, essentially, translates to higher interest rate for a borrower with higher risk and a lower rate for a lower risk borrower. Most large banks with suitable risk management and measurement architecture normally have some form of risk-based pricing strategies based on a measure of probability of default. This is, often, not apparent in small or medium-sized banks due to lack of strategy, process and technology to drive consistent results across various loan portfolios. Banks without a formal risk-based pricing approach, typically, use a flat-rate pricing model. The inherent problem with flat-rate pricing is that the bank will end up having a higher share of lower credit quality loans since the higher credit quality borrowers can obtain better pricing at other banks (i.e. those offering risk-based pricing).
19. Banks are required to maintain capital to cover the risks they assume. As capital always comes at a cost, they need to have a differentiated risk-based framework for pricing of products and services. This involves costing, a quantitative assessment of revenue streams from each segment, activity, product and service, and an efficient Transfer Pricing Mechanism which would determine capital allocation. Each business unit in the enterprise would have to aim at being a profit centre within the overall risk-return framework. In essence, it would mean accountability for profit tempered by the discipline of riskreturn, within a deeply embedded culture of good governance, the tone of which is set by the bank™s Top Management. From a business perspective, pricing of assets should be non-discriminatory and in line with risk rating of the customer. A lower rated customer should not get a better price than a higher rated customer.
20. In the context of risk-return trade off, I want to flag another issue. It is common knowledge that where return is more, risk is more. However, in our anxiety to make quick bucks or what we colloquially call ˜a search for yield™, we very often tend to forget this basic tenet of finance. There can be no defense for the bank management who chose to finance the sub-prime borrowers in the USA. I am not sure why the Boards did not question the strategy of the management while this business was growing manifold and banks were able to make huge profits by repackaging these mortgages as AAA securities through structured deals. I have a very practical suggestion for the distinguished group present here: seek a detailed analysis of the income stream. Banks ought to conduct a thorough assessment of the products, services, activities or business streams that are most profitable as this is where the maximum risk must be lurking. The path and passage of risk can be truly understood only through a scrupulous income analysis.
21. A risk management framework is incomplete without an effective system of internal controls and methodologies. As I mentioned earlier, the bank managements and, especially, the bank Boards form the first line of defense for risk management. Unless the bank™s management is geared to internalize and institutionalize a risk and control culture, any attempts to increase the resilience of banks can meet only limited success. In fact, the recent instance where a media outfit has brought out an expose on alleged irregular practices at bank branches is a clear instance of failure on the part of bank managements and Boards to institutionalize an effective risk control framework and compliance culture across the organization, right up to the level of the front office staff. The management has a critical role to play in getting the right balance between the business units and risk management, both in times of stress and in good times, when there is a tendency for misaligned incentives to emerge.
Role of Auditors and Risk focused Internal Audit
22. The global financial crisis has underscored the need for financial statements to contain information that is absolutely unbiased and reliable so as to provide transparency to all the stakeholders. High quality financial reporting is of critical importance to prudential regulators and this has been emphasized by the Basel Committee on Banking Supervision (BCBS) in the Guiding Principles enunciated by it in August 2009. Transparency in financial statements is a pre-condition for financial stability and it is the lack of transparency that allowed the building up of huge risks in the on and off balance sheet positions of many financial institutions during the global financial crisis. In this context, the role of auditors becomes very crucial in ensuring that the financial statements reflect a true and fair picture of the affairs of the entity and that they declare the appropriate risk profile as required by certain accounting standards. For e.g. IFRS7 on Financial Instruments: Disclosures requires detailed disclosures on credit risk, liquidity risk, market risk, etc.
23. The recent report of the Enhanced Disclosure Task Force of the Financial Stability Board prescribes seven fundamental principles for risk disclosures:
- Disclosures should be clear, balanced and understandable
- Disclosures should be comprehensive and include all of the bank™s key activities and risks
- Disclosures should present relevant information
- Disclosures should reflect how the bank manages its risks
- Disclosures should be consistent over time
- Disclosures should be comparable among banks
- Disclosures should be provided on a timely basis.
24. Going forward, these principles, when implemented, will improve the quality and transparency of banks™ disclosures, especially the risk disclosures. Since RBS will depend on these inputs, the audit profession has a significant role in the smooth migration to RBS. Besides, banks should strive to implement a framework for Risk Based Internal Audit. Yet another pre-requisite for the successful implementation of RBS is greater coordination between banking supervisors and external auditors. Also, the Audit Committee of the Board has a crucial role to play in ensuring that a sound internal control framework and audit system is in place within banks. The formation of a strong Audit Committee would help meet this objective.
Role of the Board
25. In recent times, regulatory changes across the globe have increased the oversight responsibilities of the Boards in many areas, including risk management. Increased shareholder activism is another significant factor forcing the Boards to pay more attention to issues such as governance and risk management. The Board should ensure that the risk management policies, processes and systems are implemented effectively at all levels in the organization. Boards of banks are expected to have greater involvement in the migration to Risk Based Supervisory System by streamlining the Information System at the banks and putting in place a proper risk based internal audit system. The non-executive directors on the Boards of these institutions have a critical role in evolving strategic focus at the Board level for facilitating Risk Based Supervision in their respective institutions.
26. As we understand, unskilled and untrained manpower contributes in a major way to operational risk in the banks. Therefore, identification and training of a set of core officials in the bank assumes greater significance in the launching of RBS and taking it forward. Simultaneously, the top management in the bank should be adequately sensitized, not only to the nuances of RBS, but also to the benefits that may accrue to the bank from proper management of its risks.
Allocation of Supervisory Resources and Capacity Building among supervisors
27. One of the biggest impediments in implementation of RBS is the mindset of not only the bankers but also the supervisors. Regulators / Supervisors, by nature, are orthodox and bringing about a change in their mindset is a precursor to successful implementation of RBS. Under RBS, there is a need to target the energy and expertise of the supervisors to areas where they will make the greatest difference. Targeting entails accepting that not all firms are equal and that all instances of firm failures may not impact the stability of the financial system in similar ways or to the same extent. The risk profiling of the firms based on their size, complexity, interconnectedness, etc will determine the allocation of scarce supervisory resources.
28. The roll out of RBS framework is a huge challenge for all the stakeholders in the banking system. The forward looking element that is normally associated with any RBS framework also brings along with it a good deal of subjectivity into the assessment process. In the ultimate analysis, everything boils down to the supervisor™s judgement how objectively he makes a subjective assessment; how objectively he differentiates between two firms on the basis of risk, etc. On our part, we are taking numerous internal initiatives to ensure that we develop the requisite supervisory skills and resources to migrate to the RBS approach. I hope that with the whole-hearted support and commitment from the banks™ Boards and their Top Management, we would be able to successfully and effectively roll out RBS for Indian banks. As we all know, the failure on the part of supervisors to make judgement calls on issues related to risks in the supervised entities led to the financial crisis. Let us hope that RBS, with its innate linkages to subjectivity and qualitative judgment, will enable the supervisors to interpret and intervene at the right time and prevent another crisis, at least, in the near future.
29. In summary, I must remind you that RBI and the banks are equal-stake partners in this exercise. In order to ensure that our banking system remains healthy and vibrant, we have to collectively work hard and make sure that the RBS process is rolled out smoothly. It is in the banks™ own interests to ensure the success of the risk based supervision process as it not only helps them identify incipient risks in a timely manner and prepare mitigation plans; it also reduces their supervisory and compliance burden. I hope all of you would ruminate on the merits of RBS for your respective institutions and for the financial system and would ensure that your banks are ready to embark on this important journey that we begin now.
I thank CAFRAL for inviting me to share my thoughts today and I wish the Conference all success. Thank you all for your attention.
2 IMF Staff Position Note SPN/ 10/ 08 dated May 18, 2010 on The Making of Good Supervision: Learning to say No