Financial Standards and Codes: Report of Advisory Group on Banking Supervision
Core Principles for Effective Banking Supervision

Operational independence of the supervisor

In order to ensure operational independence of the supervisor, it is necessary to provide for in law that the head of the supervisory agency can be removed only for reasons clearly specified. Where the head of the agency is removed, the reasons must be publicly disclosed. In India, as per the provisions of the RBI Act, the Central Government has the powers to remove the Governor of RBI. The relevant provision, however, does not require the reasons for such removal to be specified. The law also does not place any obligation on the government to make the reasons of removal public. In the interest of proper public perception of RBI’s independence, it would be desirable to consider suitable amendments to the relevant provisions of law making it obligatory on the part of the government to make public the reasons for removal of the Governor/Deputy Governors from office.

The regulation of banks in India receives legal support mainly from the provisions contained in the Banking Regulation Act, 1949. The BR Act is now more than 52 years old and at least in regard to some of its provisions appears to be falling short of the current requirements. The changes in the financial sector environment since its enactment have been enormous. Some of the existing provisions, unless reviewed and revised, will not help achievement of the objectives with which these were initially put in place.

While provisions for minimum capital requirement for private sector banks and foreign banks are available in the BR Act and RBI has the powers to prescribe and vary requirements in respect of capital to exercise necessary entry level controls, the Group feels that such powers to decide requirement of capital on case by case basis would need to be clearly defined in law.

The present pre-licensing review of the proposed operational structure of an applicant seeking banking licence is very brief. At a time when complexity of banking products is growing and the delivery is increasingly becoming multi-channel, operational risks are increasing. A stricter review of the proposed arrangements and standards for internal control as well as the management’s philosophy and business objectives at the pre-licensing stage will greatly mitigate possible hazards during the subsequent stages. Banks seeking licence should be asked to state in detail their operational standards and procedures, internal control procedures and arrangements facilitating oversight of banks’ various activities by the supervisor.

At the fundamental level, the risk taking behaviour of banking institutions emanates from the quality of the Board of Directors and the standards of corporate governance supported by them. Hence, RBI should apply stricter norms for the ‘fit and proper’ test while evaluating directors and the quality of the board. Apart from qualification and experience, this should include an assessment of the character, philosophy and value system espoused by the individual.

Considering the rapidity with which changes are taking place in technology and financial markets, greater stress is required on professionalism and expertise of the board members. It needs to be stipulated clearly that at least one of the directors should have sound knowledge in each type of activity the bank intends to pursue. Necessary amendment will have to be made to Section 10 A(2) of the Banking Regulation Act which deals with general qualifications for board members of banking companies.

The definition provided in Section 5(ne) of the Banking Regulation Act determines a low threshold for "substantial interest". This may have to be re-examined. There is no specific provision in law requiring banks to obtain the prior approval of the supervisor for any proposed changes in ownership or exercise of voting rights over a ‘threshold’. It would be desirable to make such a provision. Similar provisions in respect of "significant shareholdings" and changes therein would need to be put in place for foreign banks operating in India.

Though regulations require all banks to calculate and maintain minimum capital adequacy ratios, RBI is constrained and has shown forbearance in its measures against banks that fail to meet these requirements because of their government ownership. Such forbearance cannot be long term and specific measures against banks failing to meet capital adequacy requirement need to be stipulated in the interest of the overall soundness of the system.

As advanced risk management systems are introduced and get stabilised in banks in the next 2/3 years, RBI should gradually move towards setting bank-specific capital ratios based on the risk profile of individual banks. Until advanced risk management systems are introduced, banks will not be in a position to assess minimum capital requirements in line with their individual risk profile. It may, therefore, be necessary for RBI to assist and guide banks in their efforts to stabilise advanced risk management systems. It should encourage the larger and more capable banks to complete the process early so that they can act as leaders and models for the smaller and not so well equipped banks. Only by continuous encouragement and regulatory pressure will the system, as a whole, be able to improve its risk management systems and raise it to international standards.

Currently, capital adequacy is calculated for banks on a solo basis without taking into consideration the risks emanating from their subsidiaries. The current stipulation of deducting the value of any equity investment in a subsidiary from the Tier I capital of the parent does not satisfactorily ensure risk-based capital adequacy on a consolidated basis.

Banks in India are yet to acquire adequate expertise in sophisticated credit risk mitigation techniques. Until banks improve their expertise, properly controlled credit risk environment will not be established. RBI has to guide banks in these regards and enable them to enhance their expertise.

Off-balance sheet items should receive more attention than they do at present. These should also be classified, like funded exposures, and a note to that effect should be provided in banks’ financial statements.

Because of the existence of prescribed norms for loan loss provisioning, banks do not generally undertake an independent exercise for assessment of loan loss provisions and requirement of write-off. Banks have not developed sophisticated models and statistical tools for assessment of provisioning requirement that would reflect realistic repayment expectations. They are, however, moving towards that and once they acquire the expertise, the supervisor will no more be required to give structured provisioning norms.

The supervisor should require banks to have mechanisms in place for continually assessing the strength of guarantees and appraising the worth of collaterals. As of now, in India, there is wide scope for improving the assessment of guarantees and worth of collateral. Banks have to enhance their capabilities in this regard. RBI may consider issuing suitable detailed instructions to banks in this regard.

A comprehensive definition of ‘connected’ or ‘related parties’ and ‘large shareholdings’ needs to be provided by law/regulator. In order to identify concentrations within banks’ portfolios, "closely related groups" need to be explicitly defined and the supervisor should have the discretion, prescribed in law, in interpreting the definition on a case by case basis. Instead of relying on implied powers, as of now, RBI should have powers based on explicit legal provisions. In a globalised market and while dealing with global entities, situations are likely to arise when such explicit legal provisions would be necessary for it to act decisively.

The definition of connected lendings also needs to be made more broad-based to include all types of connected parties irrespective of whether the banks and counterparties are in the public sector. This aspect of banks’ lending has not been in focus largely because of their public sector character. With increasing privatisation these would assume criticality and the supervisor should have adequate mechanism to supervise and regulate this effectively.

While there are guidelines given by RBI in regard to connected lendings, the approach of banks in following the guidelines is not uniform. RBI requires to make its follow-up of this aspect of banks’ lending stricter so that the risks related to such exposures are clearly understood and mitigated. While regulatory stipulations in this regard exist, the legal mandate to RBI to follow up and stipulate prudential limits either on a case by case or general basis is not clear cut.

Banks normally have in place procedures to prevent persons benefiting from loans from being associated with its appraisal or sanction. However, there is no clear cut requirement to this effect stipulated by the supervisor excepting in regard to directors. RBI may consider issuing specific instructions in this regard. In the interest of maintaining discipline, both in respect of credit sanction and capital adequacy, RBI may consider issuing instructions that loans to connected and related parties which are not collateralised fully may be deducted from banks’ capital to the extent that these are not fully collateralised.

RBI should stipulate a stricter control and monitoring over such loans by banks. Banks should be instructed to monitor the total amount of such loans and introduce an independent credit administration process. There are at present no limits on aggregate exposures to connected and related parties by a bank. Such limit needs to be established.

Liquidity, interest rate and operational risk management in banks continue to be at the basic level. Though there is now an appreciation of the existence of these risks, there is lack of expertise for their proper management. MIS, in most cases, continues to be not fully aligned to the requirements of proper risk management with the consequence that advanced practices like stress testing and contingency planning are still not in place.

A risk management oriented approach to supervision has been adopted by RBI in the last two years, i.e., since April 1999. The two years since RBI brought out its detailed guidelines on risk management would have given adequate time to the banks to restructure their MIS to the requirement of risk management systems and stabilise their systems. Banks, however, as yet do not have in place highly developed and sophisticated risk management systems notwithstanding the fact that risk identification, measurement and mitigation is being attempted on a more systematic basis. It is time now that banks are required to move forward to higher levels of sophistication in risk management and adopt the practice of undertaking scenario analysis, stress testing, contingency planning and periodic validation of the systems used to measure market risks. These capabilities must be in place in all banks latest by the end of the financial year 2002-2003. RBI may assist banks in hastening introduction of the more scientific and sophisticated risk management systems.

While Indian banks are moving towards holding capital against credit and market risks, it would be a little premature at this stage to require them to hold capital against risks other than these. RBI may, however, consider setting fixed percentage for exposures to each country until banks are in a position to assess and provide for such risks on objective and scientific basis.

Banks should be required to include a statement on their risk management policies and procedures in their publicly available documents. However, since such a statement presupposes a clear understanding of the risk profile of banks by their top management and boards and a well defined policy and strategies for their management, any meaningful statement can be made only when adequate risk management systems are in place in all banks. RBI may therefore consider giving banks a timeframe within which this goal may be achieved. A timeframe of two years from now, i.e., end of the year 2002-2003, may be considered adequate for any preparation that may be needed to be made in this regard.

While the role of the Audit Committee has evolved well over the past few years and will get defined even better in terms of the new Section 292-A in the proposed Companies Amendment Act, in banks and financial institutions, there needs to be a more specific focus on risk management. It is, therefore, recommended that risk management should be a specifically stipulated item for being covered in the directors’ responsibility statement. The present laws relating to the responsibilities of the Board of Directors are mostly in general terms. These responsibilities should be made more specific with a clearly identified focus. Greater stress could be laid on the responsibility of the board in exercising control over all aspects of risk management.

While, in the course of the on-site inspection of banks, some assessment is made of the boards’ and senior management’s performance, such assessment rarely results in measures being taken by the regulator for improvement/change even where a case for such improvement/change seems strong. The difficulties are more in the case of public sector banks as the constitution of the boards and appointment of top management remain in the hands of the government. It is, therefore, suggested that a more formal and rigorous assessment of the boards’ performance be undertaken by the regulator. It is further suggested that the regulator should rate the boards’ performance with the provision that if the rating falls below a certain level it would trigger specified corrective action.

As RBI itself is moving towards "Risk-Based Supervision", internal audit at individual banks’ level would also now have to be modified suitably so that their systems and MIS match the changing supervisory focus. Only a coordinated effort on the part of banks as well as RBI can result in a quick and smooth transition to "Risk-Based Supervision".

From time to time, RBI has issued guidelines in regard to ‘Know Your Customer’ policies and practices. While, internationally, in recent years, these procedures have been developed mostly to guard against activities relating to money laundering, in India these have been used more as fraud prevention measures. In the context of ever-increasing domestic and cross-border flows of funds, the implementation of these guidelines should be ensured by the supervisor and adherence thereto made more stringent as a part of a conscious anti-money laundering policy. With the passing of the anti-money laundering legislation which appears imminent and which takes into account the recommendations of the Financial Action Task Force, the enforcement of these measures would become easier. The regulatory requirements in these regards must meet the legal provisions and would need to be put in place.

Since the financial condition of individual banks can change drastically depending on their risk profile, which also includes their susceptibility to risks exogenous to the institution emanating from the system, RBI should consider moving over fully to a risk-based approach to supervision as early as possible.

The supervisory framework has been evolving from being transaction oriented to one which is more systems oriented. The condition of banks is reviewed both on the basis of off-site as well as on-site supervision. Since the quality of management can be considered to be the most important determinant of a bank’s financial condition, reputation and standing, this aspect needs to be given greater weightage in supervisory assessments.

At present, the supervisor does not generally meet with the banks’ board of directors or the external auditors. RBI may consider introducing such meetings in the interest of greater involvement of the banks’ boards with supervisory concerns and actions in order to enrich the scope of examination of banks. The practice of RBI meeting with external (statutory) auditors could also be introduced. These changes can be expected to result in considerable advantage to the system of examination of banks’ operations by RBI.

RBI may consider using independent and well qualified external auditors to examine specific aspects of banks’ operations. Such specific reports, besides adding depth and quality to the on-site examination conducted by RBI, will also reduce its burden of having to conduct very extensive on-site inspections. Should RBI adopt this idea, it will have to clearly define its own role and responsibilities as against the external auditors who it will engage for looking into some specific aspects of banks’ operations.

The laws and regulations in India do not establish the principles and norms for consolidated reporting of accounts. The system of drawing up financial and operational results on a consolidated basis has not been introduced. Recently, a number of measures have been introduced by RBI requiring banks to append the balance sheets of their subsidiaries to the balance sheet of the parent bank. The move towards consolidated accounting and supervision needs to be expedited. Steps need to be taken so that necessary legal provisions are introduced and banks are required to prepare consolidated accounts.

A formal framework for coordination between different regulators is essential. RBI may consider taking necessary steps to impress upon the government the need and urgency of achieving and maintaining a high level of coordination among different regulators.