Personal Website of R.Kannan
Indian Banking Today & Tomorrow - Risk
Based Supervision of Banks(RBS)

Home Table of Contents Feedback



Project Map

Risk Based Supervision of Banks(RBS)


Table of Contents - Module: 7
Risk Based Supervision & Risk Based Internal Audit
RBI Guidelines

Risk Based Supervision

  1. Risk Based Supervision of Banks(RBS) - Part: 1

  2. Risk Based Supervision of Banks(RBS) - Part: 2

RBI Guidelines on Risk Based Internal Audit (RBIA)

  1. RBI Guidelines on Risk-based Internal Audit (RBIA) - Part: 1

  2. RBI Guidelines on Risk-based Internal Audit (RBIA) - Part: 2


Other Modules in Risk Management

  1. Module: 1 - Risk assessment & Risk Management - An Introduction (4 articles)

  2. Module: 2 - Risk Management in Commercial Banks (7 articles)

  3. Module: 3 - Asset - Liability Management ( ALM ) System Guidelines of RBI to Commercial Banks (11 articles)

  4. Module: 4 - RBI Guidelines on Credit Risk & Credit Risk Management (10 articles)

  5. Module: 5 - RBI Guidelines on Market Risk (9 articles)

  6. Module: 6 - RBI Guidelines on Counterparty and Country Risks (one article)

RBI has introduced Risk-based Supervision as a system of random and more frequent inspections based on the risk profile of individual banks, replacing the regular annual inspection. The proposal to "Move towards Risk Based Supervision of Banks" was first mentioned by the Governor of RBI Dr.Bimal Jalan, during May 2000, while delivering the statement on 'Monetary and Credit Policy for the year 2000-2001'. Vide paragrah 76 of the report, the Governor spelt out the policy of RBS in the following words.

The recent years have witnessed a gradual shift towards deregulation, reinforced by introduction of prudential norms and adoption of international supervisory best practices. Considering the complexities of banking business and emerging product innovations with complex risk profiles, there is a growing acceptance that a Risk Based Supervision (RBS) approach would be more efficient than the traditional transaction-based approach. The risk based supervision approach entails the monitoring of banks by allocating supervisory resources and focusing supervisory attention according to the risk profile of each institution. The instruments of risk based supervision will be by way of enhancements of the supervisory tools traditionally used, viz., off-site monitoring and on-site examination supplemented by a market intelligence mechanism. In this regard, the Reserve Bank would be engaging services of reputed international consultants to draw on other countries' experiences and to develop an overall plan for moving towards RBS, which would incorporate international best supervisory practices suited for Indian conditions."

Accordingly, PricewaterhouseCoopers (PwC), a firm of consultants based in London, were engaged to undertake a review of the current regulatory and supervisory regime and prepare the blue print for the transition to a more sophisticated system of RBS, a risk based regulation and supervision incorporating international best practices. A discussion paper on the 'Move towards Risk-based Supervision of banks' has been prepared summarizing the recommendations of the consultants and placed on the Websitge of RBI on 13.08.2001. It was also forwarded to all commercial banks under cover of RBI circular No.DBS.CO/ RBS/58/36.01.002/2001-02 dated 13th August 2001.

It may be observed from the discussion paper that the Reserve Bank would focus its supervisory attention on the banks in accordance with the risk each bank poses to itself as well as to the system. The risk profile of each bank would determine the supervisory programme comprising off-site surveillance, targeted on-site inspections, structured meetings with banks, commissioned external audits, specific supervisory directions and new policy notices in conjunction with close monitoring through a Monitorable Action Plan (MAP) followed by enforcement action, as warranted.

The discussion paper further pointed out that The introduction of RBS would require the banks to reorient their organisational set up towards RBS and put in place an efficient risk management architecture, adopt risk focused internal audit, strengthen the management information system, and set up compliance units . The banks would also be required to address HRD issues like manpower planning, selection and deployment of staff and their training in risk management and risk based audit. It is evident that change management is a key element in RBS and the banks should have clearly defined standards of corporate governance, well documented policies and efficient practices in place so as to clearly demarcate the lines of responsibility and accountability so that they align themselves to meet the requirements of RBS.

Need for or Background of Introduction of RBS System

The international banking scene has in recent years witnessed strong trends towards globalization and consolidation of the financial system. Stability of the financial system has become the central challenge to bank regulators and supervisors throughout the world. The multi-lateral initiatives leading to evolution of international standards and codes and evaluation of adherence thereto represent resolute attempts to address this challenge.

The Indian banking scene has witnessed progressive deregulation, institution of prudential norm and an emulation of international supervisory best practices. The supervisory processes have also concomitantly evolved and have acquired a certain level of robustness and sophistication with the adoption of the CAMELS1/CALCS2 approach to supervisory risk assessments and rating. The tightening of exposure and prudential norms and enhancement in disclosure standards in phases over a period of time have more closely aligned the Indian banking system to international best practices. Reserve Bank of India (RBI) has been constantly endeavouring to enhance the sophistication and efficiency levels of its supervisory processes.

Considering the growing diversities and complexities of banking business, the spate of product innovation with complex risk phenomena, the contagion effects that a crisis can spread and the consequential pressures on supervisory resources, the RBS approach, the foundation of which would be based on the CAMELS based approach, would be more appropriate. By optimizing the synergies from the different activities, including the regulatory and supervisory functions, the overall efficiency and effectiveness of the supervisory process can be substantially enhanced.

The RBS will be a regime in which RBI's resources will be directed towards the areas of greater risk to its supervisory objectives. There are two legs to implementing effective risk-based processes: first, explicit supervisory objectives must be set and secondly, the risks posed to these objectives by the activities of commercial banks must be assessed and addressed. The current review represents further stage in the overall development of RBI's approach to regulating and supervising banks in the light of the earlier Padmanabhan Committee and Narasimham Committee reports. Based on the work of the international consultants, RBI intends to move towards a RBS system in stages.

Existing Approach on Supervision & Surveillance of Banks before introduction of RBS

The current supervisory process adopted by the Department of Banking Supervision (DBS) is applied uniformly to all supervised institutions. Though scrutiny of systems and procedures prevailing in supervised institution is an integral part of on-site inspection, there is scope for more focus on the risk profile of the institutions. The current approach is largely on-site inspection driven supplemented by off-site monitoring and the supervisory follow-up commences with the detailed findings of annual financial inspection. The process is based on CAMELS/CALCS approach where capital adequacy, asset quality, management aspects, earnings, liquidity and systems and control are examined keeping in view the requirements of Section 22 of the Banking Regulation Act, 1949. The on-site inspections are conducted, to a large extent with reference to the audited balance sheet dates. The off-site and market intelligence play a supplemental role. While in several external jurisdictions, the supervisory process extensively leverages on the work done by others, such as the internal and external auditors, the use made of these resources in India is rather limited. No legal framework exists for the external auditors to report to the supervisor their adverse findings on issues having supervisory implications.

Objectives of RBS

The RBS approach essentially entails the allocation of supervisory resources and paying supervisory attention in accordance with the risk profile of each institution. The approach is expected to optimize utilisation of supervisory resources and minimize the impact of crisis situation in the financial system. The RBS process essentially involves continuous monitoring and evaluation of the risk profiles of the supervised institutions in relation to their business strategy and exposures. This assessment will be facilitated by the construction of a Risk matrix for each institution.

The instruments of RBS will be by way of enhancement as well as refining of the supervisory tools over those traditionally employed under the CAMELS approach viz. on-site examination and off-site monitoring. The RBS processes and the outcome will be forward looking beyond focusing attention on the rectification of deficiencies with reference to the on-site inspection date. The extent of on-site inspection would be largely determined by the quality and reliability of off-site data, and the reliability of the risk profile built up by banks. The effectiveness of the RBS would clearly depend on banks' preparedness in certain critical areas, such as quality and reliability of data, soundness of systems and technology, appropriateness of risk control mechanism, supporting human resources and organisational back-up.

Bank level preparations

  1. Setting up of risk management architecture: With the progressive deregulation of the financial system as also to address systemic concerns on the safety and soundness of the banking system, RBI advised banks in India in February 1999 to introduce, effective from April 1, 1999, a scientific system of Asset-Liability Management. RBI also issued in October 1999 comprehensive guidelines for putting in place an effective and comprehensive Risk Management System. The guidelines envisaged that banks would set up proper organizational structure, policies, procedures, limits for credit, market and operational risk management. Under the ALM guidelines banks were expected to cover 100% of their assets and liabilities by April 1, 2000. A review undertaken by RBI has revealed that most of the banks are yet to cover 100 per cent of their assets and liabilities for ALM or set up proper risk management systems and policies for managing credit, market, operational and other risks.

    As stated earlier, supervisory resources would be focused on the areas of higher risks to a bank. The risk profile would highlight both the strengths and vulnerabilities of a bank and would provide a foundation from which to determine the procedures to be conducted during an on-site examination.

    Under a risk-focused on-site examination approach, the degree of transaction testing would be reduced when internal risk management processes are determined to be adequate or risks are considered minimal. When, however, risk management processes or internal controls are considered inappropriate, additional transaction testing sufficient to fully assess the degree of risk exposure in a function or activity would be performed. It would be necessary for banks to carry out a fresh review of their current status of risk management architecture by an expert team and initiate measures to bridge the gaps.

  2. Adoption of Risk focused Internal Audit: Internal Audit is an independent activity designed to improve the bank's operations. The internal audit function is a part of the ongoing monitoring of the system of internal control and assists the staff in effective discharge of their responsibilities. The success of internal audit function depends largely on the extent of reliance the bank management would place in guiding the bank's operations. The Internal Audit Department will therefore have to be independent from the internal control process and be given an appropriate standing within the bank to carry out its assignments with objectivity and impartiality. The Internal Audit Department should therefore be provided with appropriate resources and staff to achieve its objectives. Historically, the internal audit system in banks has been concentrating on:

    1. transaction testing, accuracy and reliability of accounting records and financial reports,

    2. testing of integrity, reliability and timeliness of control report, and

    3. adherence to legal and regulatory requirements though transaction testing would remain a reliable and essential examination aspect of internal auditing, in the changing scenario such testing by itself would not be sufficient.

    Over the years, the evolvement of financial instruments and markets have enabled banks to reposition their portfolio risk exposure. It has become clear that periodic assessment based on transaction testing alone cannot keep pace with the rapid changes occurring in financial risk profiles. In this context the widening of the scope of internal auditing assumes significance. The internal audit would have to capture in a larger way the application and effectiveness of risk management procedures and risk assessment methodology and critical evaluation of the adequacy and effectiveness of the internal control systems. The internal audit department should pay special attention to auditing the banking activity in all the places through which the activity is undertaken. The precise scope of work of internal auditing must be determined by each bank but as a minimum, must review and report upon the control environment as a whole, the process by which risks are identified, analysed and managed, the line of controls over key processes, the reliability and integrity of corporate management function, safeguarding of assets and compliance with rules and regulations.

    To achieve these objectives, banks would have to gradually move towards risk focused auditing, in addition to the system of selective transaction based auditing. The implementation of risk based auditing would mean that greater emphasis is placed on the internal auditor's role of mitigating risks. By focussing on effective risk management the internal auditor would not only offer remedies for current trouble areas but also anticipate problems and play an important role in protecting the bank from risk hazards. The risk based auditing would not only cover assessment of risks at the branch level but would also cover, as an independent assessing authority, assessment of risks at the corporate level and the overall process in place to identify, measure, monitor and control the risks. In order to focus attention on areas of greater risk to the bank, a location-wise and activity-wise risk assessment should be performed in advance of on-site risk based auditing. This would allow identification of high risk areas which would enable prioritising the activities and locations for risk based audit. If initial inquiries into the risk management system raise material doubt as to the system's effectiveness, no significant reliance should be placed on the system and a more extensive series of tests need to be undertaken to ensure that the bank's exposure to risk from a given function or activity is accurately captured and monitored. The high-risk areas need to be looked into more frequently than the low risk areas.

    Risk based audit would be an aid to the ongoing risk management by banks, as it would provide checks and balances in the system. The banks could form a small Committee of executives and entrust them with the responsibility to chalk out an action plan, implement and monitor the progress in adoption of risk management systems and risk focused audit and report to the Top Management and Board of Directors periodically.

  3. Strengthening of Management Information System and Information Technology: A principal foundation for RBS is the availability of detailed data. Under RBS the monitoring needs of RBI will differ based on the risk profile of a bank and accordingly RBI may require banks to provide information in addition to the data now being furnished in the OSMOS returns. Consequently, there is a need to devise a policy for backup and storage of various databases on regular intervals. The policy should specify details like frequency of backups, media to be used, off-site storage areas, departments and officials (Data Managers) responsible for these actions. The accuracy, completeness and the timeliness of data are very important and would have to be ensured by banks through up-gradation of their management information and information technology systems. The Data Manager's role should be created in order to ensure that the data has integrity, is stored in correct place, comprehensive and timely. The Data Managers should be made responsible for specific databases. Banks should review the present status of the management information and information technology systems and initiate necessary measures to ensure that RBI data needs as well as supervisory reporting systems are streamlined.

  4. Addressing HRD issues: A major transitional task towards completion of risk management set up and introduction of risk based audit will be the reorientation of the staff to meet the required objectives. The potential primary obstacles will be the skill formation of the staff and placement in appropriate positions. Banks may have to create a dedicated risk management team at head office and reorient the Internal Audit Department to undertake risk-based audit. These objectives could be attained through addressing several HRD issues like manpower planning, selection and deployment of staff and extensive training in risk management including asset liability management and risk based audit. The banks will have to adopt a forward looking training arrangement through appropriate course designing and compilation of training materials keeping in view the best international practices and procedures.

  5. Setting up of Compliance Unit: Banks are required to take corrective action to remedy or mitigate any significant risks which have been identified in the earlier part of the supervisory cycle and which have been incorporated into the current risk profile. RBI will issue bank specific MAP which will include directions to banks on actions to be taken. If the actions and timetable set out in the MAP fail to be met, RBI may issue further directions or impose sanctions or take mandatory and discretionary actions, if deficiencies continue to persist. It is therefore necessary for banks to set up a dedicated compliance unit to coordinate various actions of the bank for compliance and for periodical reporting to RBI, and ensure the completion of compliance action within the time period indicated in the MAP. The compliance unit should be headed by a Chief Compliance Officer of the rank of not less than a General Manager who will be responsible and accountable for timeliness and accuracy of the compliance.


- - - : ( Continued ) : - - -

Top                          Next

[..Page updated last on 10.11.2004..]<>[Chkd-Apvd-ef]
Hosted by www.Geocities.ws

1