Clipped from: https://www.business-standard.com/article/opinion/a-good-night-s-sleep-both-for-banks-and-reserve-bank-123031200509_1.html
Believe it or not, the regulator is even stretching its arm to identify stressed borrowers and gauge the “distance to default” as a measure of a particular bank’s fragility
Banks have always been adept at hiding bad loans. Even though they had the so-called core banking solutions in place by 2011, they were reluctant to use technology to identify bad loans. They preferred the human touch at different levels, from the branch to the headquarters. A lot depended on “interpretation”.
The Reserve Bank of India (RBI), over the past few years, has goaded them to shift to the system of automated recognition of bad loans in contrast to a manually-driven process. This helped reduce the divergence between the bad loan figures reported by a bank and the RBI’s assessment. Financial reports are more credible now.
Today, a bank can intervene only selectively, and that too under the eyes of the board’s audit committee. It was not easy to convince the banks. The RBI had to slap penalties of hundreds of crores of rupees on a few banks. This “penalty” is not in the public domain as it was handed out in the form of higher provisioning.
There had been rampant evergreening of bad loans by many banks, using what they called “internal accounts”. Many such accounts existed solely for the transfer of funds to make bad loans look good. Many banks had thousands of such accounts, and branches misused them to hide bad loans.
The RBI got banks to follow a board-approved policy to rationalise the opening of such accounts and ensure their use only for a genuine purpose. Here, too, the regulator had to take aggressive disciplinary action against some delinquent banks.
The RBI is now keeping the auditors too on their toes. Its supervisors meet the statutory auditors of banks every quarter.
And, believe it or not, the regulator is even stretching its arm to identify the stressed borrowers and gauge the so-called “distance to default” as a measure of a particular bank’s fragility.
Using the data from the Central Repository of Information on Large Credits (CRILC), the RBI periodically scans the vital statistics of the top 200 borrowers of the banking system — from ratings, interest coverage and debt-equity ratio to leverage, profits and also whether one bank’s bad asset is good on another bank’s books. The idea is proactive identification of risk build-up and to check whether a bank can absorb the risks.
The regulator’s involvement doesn’t end here. It is keeping the senior management of a bank engaged in a continuous dialogue. If the management of a bank does not keep its board posted about the regulator’s concerns, an RBI executive director invites himself to a board meeting of the bank!
It has also made a beginning in tapping market intelligence properly. Until recently, the RBI’s market intelligence was limited to keeping paper clippings and reading the banks’ regulatory filings. Now, it keeps close tabs on social media, news services, and regional media, besides interacting with rating agencies and analysing brokerage reports. It’s a sort of sentiment index designed to ring alarm bells.
The focus is also on technology. The regulator ensures that a bank’s IT architecture is resilient and can handle outages so that customers get uninterrupted services. It checks if a bank can scale up its technology platform to meet customer needs, upgrade obsolete hardware, and integrate the system and business continuity and disaster recovery plans, which has forever been a “work in progress” for some banks.
It runs phishing exercises to check a bank’s firewall, and drills to identify vulnerabilities in public-facing applications to alert a bank if there is any lacuna.
Technology is also used extensively to detect fraud. The banks have been told to put in place early warning systems and alert the authorities without delay when fraud is detected.
How does it work? The regulator is asking banks to classify suspicious accounts as red-flagged accounts (RFA) and decide on their status — fraud or otherwise — within six months. Once a bank pinpoints a fraud, the RBI informs other banks.
The other part of the story is that the RBI itself is changing. It is learning how to use data. Until recently, the offsite monitoring mechanism was using only 20 per cent of the available data. Now, the RBI is going deeper and creating a dashboard.
The regulator assesses every bank quarterly, identifies laggards and puts them on a “heat map” for intense scrutiny. It dissects key business parameters such as capital, bad loans, collection efficiency, net interest margin, return on assets, return on equity, net profit, and cost-to-income ratio, among others.
The Indian central bank is taking a deep dive into artificial intelligence and machine learning to track the banks. Its College of Supervision is educating the supervisors on how to connect the dots and also building capacity, using the e-learning model.
The prime focus of supervision now is onsite, being supplemented by offsite data. The plan seems to be reversing this — offsite analysis combined with onsite validation.
There seems to be nothing wrong with the RBI’s approach. Why, then, do some of the bankers vent their unhappiness in private about the regulator’s “micromanagement”?
The RBI is taking a close look at the business model, strategy and risk appetite of each bank. That’s the cause of the industry’s discomfort. Can the regulator teach a bank how to run its business? That’s not the regulator’s job, they say in private.
The RBI has its own logic. If a bank is moving away from corporate loans to finance retail, agriculture and micro, small and medium enterprises, does it have the credit monitoring and underwriting capability in place? And, if it gets buried under a heap of bad loans, does it have enough capital to come out of the mess?
This is why the RBI is not only keeping close tabs on the banks but also on the health of their borrowers. Risk management, risk pricing, audit and compliance — all are in the regulator’s surveillance parameters.
It is taking the assurance functions in banks seriously — for creating value for a financial institution, strengthening public confidence, preserving and enhancing its reputation, and maintaining the integrity of its business and management.
Here are some examples of what the RBI has done in the recent past.
A commercial bank was following a high-risk, high-return business model disbursing high-priced unsecured loans and supporting the loan book with bulk deposits. The regulator forced it to change the model.
Another bank was experiencing frequent outages in its digital banking and mobile banking service, inconveniencing consumers. The RBI forced it to stop acquiring customers till it fixed the system.
In the case of yet another bank, eight directors and seven senior executives, including the chief executive officer and chief financial officer, resigned over two years. The RBI red-flagged this and got into action.
In the banking industry, the regulator is the fifth in the line of defence — after business, risk and compliance, internal audit and central/statutory audit. But the new RBI doesn’t want to wait till the end to do post-mortems. It will never be the first line of defence, but it wants to be proactive to ensure financial sector stability.
If the “movement” succeeds, investors will be able to take the banks’ balance sheets at face value and the regulator as well as the regulated entities can have a good night’s sleep.(This is the last of a two-part series)The writer, a consulting editor of Business Standard, is an author and senior adviser to Jana Small Finance Bank Ltd
His latest book is Roller Coaster: An Affair with Banking
To read his previous columns, log on to https://bankerstrust.in