The major transitional task would be the reorientation of organizational set up by banks in line with the recommendations for bank level preparation. The main obstacle during the transitional period would be skill formation, attitudinal changes, development and retention of specialist staff, extensive training and redeployment of staff. It is not contemplated to change over to RBS approach in one go. It will be implemented in a gradual manner. However, the shift to RBS approach would not necessarily await the completion of bank level preparation. The concept is intended to be rolled out at the earliest, as the inadequacies in risk management systems in banks will themselves be a supervisory risk. As the CAMELS rating would be an important input in bank risk profiling, the CAMELS approach through on-site inspection would concurrently be followed along with the RBS approach in the shorter term. The procedure would be reviewed at the appropriate time in the light of the quality of Management Information System in banks and the accuracy and completeness of relevant off-site data furnished to the BSD of RBI which would then form the basis for compilation of CAMELS rating. At that stage, the on-site inspection for CAMELS rating would be by way of exception.

It is intended to roll out the RBS process in phases beginning from the last quarter of the financial year 2002-2003. It is, therefore, necessary for banks to initiate immediate measures for completion of the tasks indicated in the previous paragraph by the end of the calendar year 2002. Banks may like to set up an in-house change management team to monitor the progress of implementation and suggest ways and means to overcome the obstacles.

The major elements of RBS approach are set out below:

Risk profiling of banks

The central plank for RBS is an accurate risk profiling for each bank. The risk profile would be a document, which would contain various kinds of financial and non-financial risks faced by a banking institution. The risk assessment would entail the identification of financial activities in which a bank has chosen to engage and the determination of the types and quantities of risks to which these activities expose the banking institution. The type of risk that banking institution face individually or in combination include, but are not limited to, credit, market, liquidity, operational, legal and reputational risks. The quantity of risks associated with a given activity may be assessed by the volume of assets and the off-balance sheet items that the activity represents or the portion of revenue derived from that activity. Activities that are new to an institution or for which exposure is not readily quantifiable may also represent high risk to an institution that would also be evaluated and included in the risk profile document. The risk profile will also be designed to provide a systematic assessment from the supervisor's perspective of the adequacy and effectiveness of the bank's organisation, management and controls. The main risk-profiling device at present is the CAMELS rating based on on-site inspection, which in course of time will be derived from off-site returns and other information. CAMELS rating would continue to be the core of risk profile compilation, but the successive ratings would be used to reflect trends in contrast to being used as a static annual indicator of risk.

The risk profile of each bank will draw upon a wide range of sources of information, besides CAMELS rating, such as, off-site surveillance and monitoring (OSMOS) data, market intelligence reports, ad-hoc data from external and internal auditors, information from other domestic and overseas supervisors, on-site findings, sanctions applied etc. The data inputs would be assessed for its significance and quality before being fed into the risk profile. All outliers i.e. banks which fall outside the normal distribution based on characteristics such as profitability, new business activity, balance sheet growth etc. would be identified on the basis of a two-tailed test (i.e. too good or too bad) and investigated on a regular basis. The risk profile would be constantly updated.

The key components of the risk profile document would be the following:

1. CAMELS rating with trends

2. Narrative description of key risk features captured under each CAMELS component

3. Summary of key business risks including volatility of trends in key business risk factors.

4. Monitorable action plan and bank's progress to date

5. Strength, Weaknesses, Opportunities, Threats (SWOT) analysis

Sensitivity analysis

RBI would undertake a formal assessment of the risk profile of each bank on a regular basis. The period between assessments would vary depending on the materiality of the risk profile of a bank, with an average period of one year. However, more frequent assessments would be resorted to for higher risk banks and less frequent assessment for lower risk banks.

Supervisory cycle

The supervisory process would commence with the preparation of the bank risk profile (based on data furnished by banks to the DBS of RBI, besides data from other sources). The supervision cycle will vary according to risk profile of each bank, the principle being the higher the risk the shorter will be the cycle. The supervision cycle will remain at 12 months in the short-term and will be extended beyond 12 months for low risk banks at a suitable stage. In cases where more frequent application of supervisory process will be necessary, the cycle could even be lesser than 12 months.

Supervisory programme

RBI would prepare a bank specific supervisory programme which will set out the detailed work plan for the bank. The scope and objectives of the inspection programme will derive from analysis of risk profile. The supervisory programme would be tailored to individual banks and would focus on the highest risk areas as well as specify the need for further investigation in identified problem areas. The supervisory programme would be prepared at the beginning of the supervisory cycle and would yet be flexible enough to permit amendments warranted by subsequent major developments. The supervisory programme would also identify the package of supervisory tools to be deployed from a range consisting of:

• greater off-site surveillance

• targeted on-site inspection

• structured meetings with banks

• commissioned external audits

• specific supervisory directions

• new policy notices (i.e. new policy directions to banks emanating from individual bank level concerns which are relevant for the industry)

On-site inspection would be largely targeted to specific areas unless a full scope inspection is warranted as per the bank-specific supervisory progamme. A monitorable action plan (MAP), the details of which are given later, to mitigate risks to supervisory objectives posed by individual banks would be drawn up for follow-up. Variable supervisory cycles and variable frequency of inspections would therefore characterise the supervisory process under RBS.

Inspection process

The risk assessment of individual banks would be performed in advance of on-site supervisory activities. The risk assessment process would highlight both the strengths and vulnerabilities of an institution and would provide a foundation from which to determine the procedures to be conducted during the inspection. The current full-scope on-site inspections, which are carried out annually cover a substantive asset evaluation. The inspections under the new approach would be largely systems based rather than laying emphasis on underlying transactions and asset valuations. The inspection would target identified high-risk areas from the supervisory perspective and would focus on the effectiveness of mechanism in capturing, measuring, monitoring and controlling various risks. The inspection procedure would continue to include transaction testing and evaluation the extent of which will depend on the materiality of an activity and the integrity of the risk management system and the control process.

Review, evaluation and follow-up

An evaluation will be undertaken to ensure that the supervisory programme has indeed been completed and been effective in improving the risk profile of the bank concerned. If need be, further tools will be employed including additional inspection visits. The findings of inspection and other supervisory information on records would be used to produce a comprehensive document of supervisory risks and the bank's assigned ratings for follow-up of supervisory concerns. The risk profile document of the bank will accordingly be updated in the light of new information. This process will support the issue of the supervisory letter to the bank, which would be discussed with the bank's management or the Board of Directors.

Monitorable Action Plan

The aim of supervisory follow-up would be to ensure that banks take corrective action in time to remedy or mitigate any significant risks that have been identified during the supervisory process. The major device in this respect would be the MAP. MAPs are already used by RBI to set out the improvements required in the areas identified during the current on-site and off-site supervisory process. However, MAPs would be made more robust in a number of ways. MAPs will in many cases include directions to banks on actions to be taken. The remedial actions that would be outlined, would be tied explicitly to the areas of high risks identified in the risk profiling as well as the supervisory process and should lead to improvements in the systems and controls environment at the bank. Key individuals at the bank would have to be made accountable for each of the action points. If actions and timetable set out in the MAP are not met, RBI would consider issuing further directions to the defaulting banks and even impose sanctions and penalties.

Supervisory organisation

Within the RBI, the regulatory and supervisory structure function separately at present making it necessary for banks to have more than one contact point with the RBI Regulation (DBOD) and Supervision (DBS) departments for their interaction on supervisory and regulatory issues. As the bank specific issues would be with reference to the broad regulatory framework in place, a Central Point of Contact in RBI would be of convenience to banks. Under the RBS, there would be a focal point for all contacts by banks both at the Central Office of RBI and its ROs, in respect of all matters relating to regulatory/supervisory issues. This focal point would be the main conduit for information and communication between the banks and RBI.

Enforcement process and incentive framework

While the aim of supervisory follow-up is to ensure that banks take corrective action to mitigate significant risks, the persistence of deficiencies would pose a risk to RBI's supervisory objectives. A system of incentives and disincentives has been contemplated under the RBS to better serve attainment of these objectives. Banks with a better compliance record and a good risk management and control system could be entitled to an incentive package which could be in the form of longer supervisory cycle and lesser supervisory intervention. The banks, which fail to show improvement in response to the MAP, would be subjected to a disincentive package such as, more frequent supervisory examination and higher supervisory intervention including directions, sanctions and penalties. The mandatory and discretionary actions as enshrined in the Prompt Corrective Action (PCA) framework would be a part of the supervisory enforcement action. The enforcement function would be carried out through an independent Enforcement Cell to be set up at the BSD to ensure consistency of treatment, maintain objectivity and neutrality of enforcement action.

Role of external auditors in banking supervision

The use of specialist third parties, such as, external auditors can be of significant aid to the bank supervisors. In some countries, external auditors are required to perform an early warning function and inform supervisors without delay of information material to the supervisor. The Basel consultative paper 'Internal audit in banks and the relationship of the supervisory authorities with internal and external auditors' discusses the commonality of focus and concern of external auditors and bank supervisors. The supervisory process instead of duplicating the efforts of the external and internal auditors in some areas should seek to leverage off the work done by these agencies. Towards part achievement of this goal, the LFAR format, which is currently under revision, will have to be brought into use at the earliest. RBI would look forward to make more use of external auditors as a supervisory tool by widening the range of tasks and activities which external auditors perform at present. RBI would enter into dialogue with the Institute of Chartered Accountants of India and the bank management to chalk out an action plan.

Change management implications

Change management is a key element in ensuring that switchover to RBS takes place in an orderly and effective manner. Banks should have clearly defined standards of corporate governance and documented policies and practices in place so as to clearly demarcate the lines of responsibility and accountability. They will have to address several organisational issues to realign themselves to meet the requirements of RBS. The details of actions that need to be taken by banks are enumerated in previous page