Navigating through the RBI’s Risk Based Supervision Regulation: Challenges and Remedies for Indian banks
- Stuti Singh, Lead Consultant at Fintellix
- 04:00 am risk management , Banking , data , With over 5 years of domain experience in Credit Risk Management covering Risk Component Calculations, Model Development / Validation, ICAAP and Stress Testing, Stuti is involved in providing Fintellix’s Risk Consulting Services with specialization in Basel II & Basel III. Prior to Fintellix, Stuti was the Credit Risk Team Lead with KPMG for IRB implementation at leading private and public sector banks. She was previously with the State Bank of India where she was involved in the Basel II implementation, and was also part of the project team for migration to AIRB.
The current Risk Based Supervision (RBS) wave in India appears to be rapidly gaining momentum. With the scrapping of RBI’s conventional practice of CAMELS (short for Capital adequacy, Asset quality, Management, Earnings, Liquidity, and Systems and control) inspection, 30 large private, foreign and public sector banks were instructed to be RBS-ready.
The sole aim of RBS is to ensure closer monitoring so that banks avoid taking undue risk to maximise profits and growth. The focus of CAMELS inspection was on earnings, which meant a bank could achieve a higher rank by showing high profitability, which could have been achieved at the cost of higher risks in the business. RBS rectifies this anomaly by scrutinising underlying risk levels across business verticals and the prevalent capital levels, in relation to a bank’s business strategy and exposure levels.
The RBS process is an extremely data intensive exercise and banks are expected to report data in a seamless, automated, periodic and time bound manner to RBI – India’s premier regulator. The data to be reported covers both quantitative as well as qualitative data, and is broadly expected to cover categories as capital, credit, market, earnings, liquidity, business strategy, operational risks, internal control, management and compliance risks. The overall risk will now be assessed on levels, i.e. low, moderate, fair or high. The level of risk will determine the frequency of supervisory intervention and the length of the supervisory cycle. Banks therefore are expected to prepare themselves with enhanced compliance and risk management practice, adoption of risk focused internal audits and last but not the least, an enhanced management information system. To make an accurate assessment of the banks’ risk profile, RBI expects them to provide timely and accurate data with minimal manual intervention while extracting data from their source systems.
But here’s the challenge. Around 2003-04, when the RBI first attempted to introduce RBS, the Indian banking sector was not quite prepared for it. In fact even today, there are multiple issues with respect to data resident in source systems and most banks continue to struggle with timely availability of reliable data. There seem to be two extremes - at one end are the banking leaders with state-of-the-art Core Banking, Treasury, Ratings, GLs, Loans, Cards, Payment systems, etc. On the other are the ones struggling with their legacy systems while in the process of migrating as well as implementing new source systems.
There are multiple ways of reporting from RBS data points, such as directly from source systems, spreadsheets, reporting tools and other ways of semi-automatic data collation. Consolidated RBS reporting by a bank’s Compliance department is largely done manually by collating data from various stakeholders, who in turn perform calculations by either using data from any source system or any other reporting tool. It may also happen that certain data may be residing in manual file records. This entails tremendous amounts of time spent every quarter, by Risk, Compliance and other business users at the cost of the bank’s business and profitability. In most banks, there is no automated process for computation from Compliance, Legal, HR, Fraud, CRM, Audit verticals, etc. Hence, Compliance personnel have to invest substantial effort coordinating with each team for timely submission of their respective data points. As the data is distributed across multiple systems and the responsibility of reporting lies with multiple stakeholders, and with formal data validation checks not entirely in place, there are data integrity and accuracy issues while reporting. Very often there’s limited or no reconciliation of data with other regulatory returns such as ADF.
In such a scenario, implementing an automated reporting mechanism that integrates seamlessly with the source systems or other sources like ADF, EDW, etc. might be useful. There should be a flow from various source systems to a single reception/staging area where all data - across analytics, risk and compliance - resides for analysis. This will ensure reutilisation of existing data leading to shorter calculation time and reducing reconciliation issues. It will also result in a single data dictionary that will assist in consistent definitions across different reports. Such a mechanism with related drill downs of each data point, ensures accuracy of computation, derived from preconfigured automated rules. There will be certain data points in any bank that may not be applicable to them due to business reasons, or where rules cannot be defined due to justified business processes. In such a scenario, users should be given the flexibility to input data manually over the reporting screen, so that the RBS reporting can be completed in a timely manner.
Moreover, an automated reporting mechanism will also assist the bank’s Compliance team to schedule workflows with respect to RBS data points’ allocation across respective functional heads and their team members. It is necessary to have a proper audit trail and a ‘maker checker’ device to ensure reporting accuracy. There could be dashboards for key stakeholders showing the status of the completion stage of the work in the role allotted to them. This will help manage the entire RBS submission cycle from a centralised location in a more efficient manner.
Once this is operational, the regulatory focus should then shift towards analysing the inherent risk in the banking system based on the data reported. For now it makes business sense for progressive Indian banks to become RBS-centric by making strategic investments in a process that ensures unified and granular reporting across compliance, risk and analytics. While RBI’s intent is to fortify the Indian banking ecosystem with a superior regulation, it is imperative for banks too to channelize their energies in a direction that will help in making the overall Indian banking ecosystem more robust.