S S Mundra: Role of Audit Committees in financial conglomerates
The views expressed in this speech are those of the speaker and not the view of the BIS.
Introduction
1. Ms. Chanda Kochhar, MD & CEO, ICICI Bank; members of the Audit Committee of the Boards of ICICI Bank subsidiaries & other senior officials from ICICI Bank Group! It is, indeed, a pleasure and privilege for me to be here today and to interact with the members of the Audit Committee of the bank as well as those of the subsidiary companies. I understand that this is the fifth such occasion when this kind of a meeting has been organized and I congratulate the management of ICICI Bank for conceptualizing this process.
2. I understand that ICICI Bank has thirty-four subsidiaries/associates. From the perspective of the Top Management of the parent bank, it is important that the subsidiaries are run in a professional manner and the respective Audit Committees have a very significant role in ensuring that.
3. In my address today, I intend to speak on the expectations of the regulators from the Audit Committees and highlight emerging trends in the regulatory/supervisory domain that should engage the minds of the Audit Committees of the Financial Conglomerates in future. However, before doing so, I wish to spend a couple of minutes on the evolution of Audit Committees.
4. Muscovy Company was the first joint stock company dating back to the year 1555 and its Charter provided for four 'Sad, Discreet and Honest' members of the Board. 'Sad' in today's context is seen as being in an unhappy state of mind. Back in the 16th century, sad also meant "Sated" or "Satisfied". Discreet and Honest, of course, don't need any further elaboration.
5. We all know that in addition to the Management, companies also need a governance framework primarily with a view to preserving the shareholder value. There are some major landmarks that defined the role of Audit Committees in augmenting the Governance aspects in companies. The Treadway Commission Report of 1987 in the USA, the Cadbury Committee Report of 1992 in the UK and the Kumarmangalam Birla Committee Report of 2000 in India emphasized on the need for a certain minimum number of independent directors on the Audit Committees, expecting them to be "Sad, Discreet and Honest".
6. Audit Committees, essentially, perform the role of conscience-keepers & prudential accountants and in a way, are expected to guide the management to drive the institution's operations along the desired course. The main responsibility entrusted to them is to ensure adherence to all regulatory guidelines, legal statutes and directions and most importantly, to ensure integrity of accounts so that the balance sheet of the entity presents a true and fair picture of the financial performance of the entity.
7. The importance of Corporate Governance in ensuring sound financial reporting and in deterring frauds has gained growing recognition in recent years and the presence of an efficient and independent Audit Committee is considered a central cog in this wheel. In India, the constitution of an Audit Committee has generally been prescribed as a part of Corporate Governance mechanism to be followed by the "listed" corporations, under clause 49 of the Listing Agreement, and by certain "public" corporations under the Companies Act, 1956. For the banking companies, the requirements date back to April 1994 when the banks were first advised by RBI to constitute an Audit Committee of their Board.
Role of Audit Committees in the banks
8. As you would appreciate, the role of the Audit Committees in banks has been expanding ever since and at the last count, the calendar of reviews required to be put up to the Audit Committee of the Board (ACB) at various periodicity had 25 items. It not only signifies the importance of the ACBs but also highlights the confidence that the banking sector regulator reposes in the committee. Some of these reviews include:
- Review of compliance with observations made in the Annual Financial Inspection conducted by RBI
- Review of Audit Plan
- Review of information on violations by various functionaries in the exercise of discretionary powers
- Review of KYC/AML compliance
- Review of compliance to regulatory requirement of Regulators in Host Countries in respect of overseas branches
- Review of Fraud cases
9. Let me take this opportunity to emphasize a few of these areas for sharper focus by the ACBs in view of their importance- both from a bank-specific as well as from a systemic viewpoint.
(a) KYC/AML: The violations relating to KYC/AML compliance probably constitute a significant share of the regulatory penalties levied on banks in recent times. The host country regulators have been particularly harsh on overseas banks. In December 2012 alone, two London-based banks, HSBC Group and Standard Chartered Bank, agreed to pay financial penalties for violations of U.S. laws related to anti-money-laundering practices and suspicious activity reporting in excess of $2 bn.
Reacting to the growing instances of regulatory penalties levied on financial institutions, Anat Admati, of Stanford University quipped, "The fines can be viewed as a 'cost of doing business'," "They don't get at the heart of the problem and aren't effective to change behaviour, because the strong incentives for individuals within the banks to keep engaging in the same practices remain in place."
In India too, in the recent past we have had similar instances of penalties being levied on banks for KYC/AML violations. I am not sure whether as bankers, we would like to agree with what Admati had to say, but the recurrence of similar incidents tends to support her observations. I believe that the absence of an appropriate punitive mechanism in the banks for lapses has also contributed to their recurrence. Therefore, our expectations from the ACBs would be to closely focus on reasons for such regulatory penalties/sanctions and seek a root-cause analysis for preventing recurrence. Maybe some banks have such a process in place. But unfortunately, the process stops at analysis without the outcome of such analysis being used to fix accountability and for bringing about further improvements in the existing systems and processes.
For groups having sizeable overseas presence, I would like to sound a note of caution. One must not feel too excited with the pace of growth in revenue or bottom line in a particular overseas jurisdiction, rather one needs to exercise greater caution in such situations. The basic tenets of finance "higher the risk, higher the returns" has not yet outlived its relevance and as finance professionals, we must continue to respect it.
(b) RBI Inspections: As you are aware, the approach of the RBI's supervisory process has undergone a change and it now follows a risk-focused approach. The risk-based supervision is based on a model which has various dimensions to it in terms of risk assessment, risk measurement and risk aggregation. The RBS process is quite data intensive and the bank managements need to realize that the supervisory evaluation of the banks' performance is a function of the quality of data/ information. The point I want to make here is whether the ACB should also not have an oversight on this aspect as well rather than confining itself to reviewing the compliance given by the bank to the supervisor's findings. Even in the matters of compliance, some ACBs are found lacking in proper monitoring. Had it not been so, many observations or rather, similar kind of observations would not be appearing in successive supervisory reports. I would like the ACBs to appreciate that RBI findings are based, in many cases, on a sample check. But the banks' compliance should not be limited to the instances highlighted. The objective should be to rectify the systems and processes across the bank so that there is no recurrence. The emphasis should be on the nature of deficiency and not on the rectification of the number of deficiencies identified by the supervisor. A crucial underpinning of the risk-based approach is a focus on systems and processes in banks. It would be important for the Top Management of banks, and more specifically, the ACB members to internalize these aspects quickly and to develop a deeper understanding of the entire RBS process.
(c) Frauds: This is another area which needs increased focus and greater sensitivity from the ACB members. Everyone acknowledges the importance of putting in place appropriate systems and processes as the first and foremost requirement for preventing such incidents. The systems and processes may be in place. But do they really work? We tend not to look at it until and unless something serious happens. How fast is the dissemination of information within the bank? How quickly internal communications reach the staff manning the front office in the branches? An evaluation of this may not shore up a bank's bottom-line but would definitely save it a lot of embarrassment. In our recently concluded scrutiny into fixed deposit related frauds in some banks, it emerged that even the caution advices issued by RBI in respect of certain individuals had not percolated down to the branch officials quickly enough to enable appropriate preventive measures. Does ACB have a role here? I would say that ACBs should take upon themselves to monitor the trend of frauds, assimilate key learnings and ensure that mitigation measures are put in place by the management.
(d) Review of quarterly/annual results: As I mentioned earlier, one of the key expectations of all stakeholders, including the regulators, from the ACB is that they ensure the integrity of accounting system. In respect of banks, the ACBs are expected to take a close look into the asset quality, instances of restructuring of advances, provisioning held, etc. During RBI inspections, our inspectors sometimes report significant divergences with regard to asset classifications and provisions held, which have substantial implications for the financials of banks. The point I am trying to make is that if the RBI inspectors are able to identify these divergences in the limited time-frame that they are on-site, why the banks' auditors are not able to do so. I am not sure how many ACBs actually ask their statutory auditors and internal auditors the reasons for their inability to identify such instances? Is it a question of efficiency of the auditors or is there a much deeper issue - something to do with the transparency of the process itself? For a fair representation of accounts, it is also imperative that adequate provisions for post-retirement benefits like pension, gratuity, leave encashment, etc. (wherever applicable) are held. It is important that the ACB asks the right questions to the management about various underlying assumptions that go into computation of the required provisions such as life expectancy, discount rate, expected return on investments, etc. I urge the ACBs to ask uncomfortable questions. Going forward, under a full-fledged RBS process, RBI's dependence on auditors is only going to increase and a very competent ACB will provide a great deal of supervisory comfort to us.
Role of Audit Committees in Group companies
10. As a financial conglomerate, ICICI Group pursues diverse business interests which subject it to the regulations of various domestic and overseas regulators. Some of the critical roles that the Audit Committee of the Boards are expected to play in terms of SEBI's Corporate Governance guidelines include:
- Reviewing the annual financial statements and Auditor's Reports before submission to the Board for approval, with particular reference to major accounting entries involving estimates based on the exercise of judgment by management (similar to what I had mentioned in the previous point)
- Reviewing the statement of uses / application of funds raised through an issue (public issue, rights issue, preferential issue, etc.)
- Scrutiny of inter-corporate loans and investments
- Reviewing the adequacy of internal audit function
- Reviewing the functioning of the Whistle Blower mechanism;
- Approval of appointment of CFO
- Review of the appointment, removal and terms of remuneration of the Chief Internal Auditor
The Corporate Governance guidelines of IRDA also envisage a similar role for the ACBs of the insurance entities.
11. All Financial Conglomerates (FCs) tend to have complex group structures with significant interconnectedness amongst the group entities. Such complexity generally masks the inherent risks and interconnectedness. The domestic financial system regulators in India have put in place a system of monitoring designated financial conglomerates that focuses on assessment of inter-group and intra-group linkages and evaluation of the systemic risk emanating from the interconnectedness of the FCs. Certain key issues that emanated from the last such meeting with a few FCs, included issues around non-adherence to arm's length relationships amongst group entities; lack of group-wide risk management and group-wide exposure framework; lack of group-wide compliance framework, etc. My own sense is that the Audit Committees must be apprised about the outcome of these meetings and they must seek necessary intervention of the management to mitigate the concerns raised by the regulators. A related thought I had on the subject was whether there should be a system of having a periodical meeting of various audit committees to deliberate specifically on interconnectedness issues.
Emerging regulatory/Supervisory issues
12. Let me now touch upon some of the evolving global regulatory/supervisory issues which Audit Committees would do well to be aware of and seek the management to brief and keep them updated thereon.
a) TLAC
The global standard setting bodies have been conscious of the adverse impact of the failure of Global Systemically Important Banks (G-SIBs) and consequently, in order to improve the loss-absorbing capacity of such entities in resolution, the FSB has proposed a single specific minimum Pillar 1 'total loss-absorbing capacity (TLAC)' requirement to be set within the range of 16-20 per cent of RWAs. The objective of the TLAC requirements is to ensure that G-SIBs have adequate loss absorbing and recapitalisation capacity necessary to ensure that in and immediately following a resolution, critical functions can be continued without tax payers' funds or financial stability being put at risk.
While the TLAC requirements are not applicable to any Indian bank at present, there may be risk of spill over impact on emerging market and developing economies (EMDEs) due to the adverse impact of the TLAC proposal on G-SIBs. Further, the possibility of extending the total loss absorbency requirements to entities designated as D-SIBs in the respective jurisdictions cannot be ruled out and the banking groups which can potentially be designated as a D-SIB in India (based on the framework rolled out by RBI last year) need to prepare themselves for such eventuality. It is contextual to point out that similar framework for G-SIIs (Global-Systemically Important Insurers) and NBNI G-SIFIs (Non-Bank Non-Insurer Global Systemically Important Financial Institutions) are also at advanced stages of discussion at the FSB level and some other entities in India could also be identified as systemically important insurers or systemically important non-bank non-insurance institutions in the domestic context and could be subjected to more stringent solvency and liquidity requirements, going forward. Audit Committees needs to ensure that their respective institutions keep track of global/ domestic developments in this sphere and plan to meet the regulatory expectations, as they evolve.
b) Advanced approaches of Basel Capital Accord
A Working Paper1 published by the Basel Consultative Group recently has cautioned that the banks in EMDEs and small economies could move to the IRB approaches without being ready and respond to higher capital requirements by not revealing and recognising all potential risks associated with their balance sheets. The higher requirements may create an incentive for banks to use the advanced risk measurement techniques under Basel II to achieve lower implicit risk weights with the same balance sheets, and put pressure on supervisors to approve such practices even if a bank is not ready (eg. by citing reputational concerns). This could put somewhat arbitrary/ artificial cushions against expected and unexpected losses and in the process, reduce consistency and comparability across institutions due to excessive variation in risk measurement without better management of the underlying risks. Hence, Audit Committees need to satisfy themselves that such migrations, when they happen, are based on sound principles.
c) D-SIBs
As I alluded to earlier, the possible designation of few banking groups as D-SIBs in India may be viewed by the market as an admission of the bank attaining a "Too-big-to-fail" status. In this context, the regulator is likely to ask the bank to work on a comprehensive recovery and resolution plan. Audit Committees would do well to understand the implications for the banking group in attaining the D-SIB status and oversee the formulation of a robust 'recovery and resolution plan' for the group.
d) Supervisory college
Overtime, some of the Indian banks have substantially expanded their operations in overseas jurisdictions. This growing integration with international financial markets and substantial overseas presence of India incorporated banks has necessitated entering into closer co-operation with the host country supervisors. The overseas supervisors are also focused on the overall bank's financial health, risk management systems and RBI's approach to supervision of the bank. Towards this end and with an underlying objective of improving the effectiveness of our cross-border and cross-sector supervision, RBI has set up supervisory colleges for six banking groups. The ACBs of these banking groups would do well to remain informed on the concerns raised by various overseas supervisors and other sectoral regulators during these supervisory colleges and lead the bank's initiatives in responding to supervisory concerns.
e) Some other important regulatory and supervisory measures introduced/likely to be introduced for bank/banking groups in India include capital and provision requirements for banks' exposures to entities with unhedged foreign currency exposure, capital requirement for bank exposures to Central Counterparties, provision for countercyclical buffer, liquidity coverage ratio and leverage ratio. ACBs should make themselves more conversant with these regulatory requirements and seek to be regularly updated on steps taken by the bank to comply with these requirements. Additionally, the Audit Committees need to oversee the evolution of the institution's audit and control functions in line with changes in the regulatory landscape.
Mutual fund industry
13. An analysis of portfolio holdings in equity of the top ten AMCs in India along with their top ten holdings in equity stocks shows that the portfolio holdings of AMCs comprise quite a few common stocks indicating preference towards a select group of stocks. Although there are regulations limiting the exposure of AMCs/ schemes to particular scrip, a significantly high degree of concentration by the mutual fund sector may have implications for stability of the securities market as well as on the performance of the individual AMCs too. I would urge the concerned Audit Committee to make it a part of their review process.
IFRS implementation challenges
14. Another area which needs close attention from the ACB is the impending implementation of the much delayed migration to IFRS. As you may be aware, Hon'ble Finance Minister in his Budget speech of July 2014, announced the migration to IFRS converged Indian Accounting Standards (Ind AS) for corporate on a voluntarily basis from FY 2015-16 and mandatorily from FY 2016-17. Also, IASB has finalised IFRS 9 and made it mandatory from January 2018. This has paved the way for migration of banks to Ind AS from FY 2018-19 onwards.
15. There are several implementation challenges that are envisaged in this regard. While there is work required to be done for the regulators for aligning the Indian Accounting Standards that the banks follow at present with the IFRS, on their part, the banks would need to surmount several obstacles. The biggest challenge would be around the IT systems used by banks. Proposed impairment calculations under IFRS, accounting for interest income on Effective Interest Rate basis and presence of multiple systems for operations and accounting of different portfolios would mean that IT systems would have to be upgraded/realigned for IFRS migration. There would also be challenges for banks around converging policies for financial accounting and tax accounting for preparation of financial statements.
16. Shortage of skilled accounting staff with proficiency in IFRS is a pronounced deficiency which not only the banks but also the corporate would have to face. The problem is likely to be more acute for the banks as they would also need to have trained staff in various departments like credit, and treasury, etc. For a group like ICICI with sizeable overseas presence, it is essential that you press forward quickly and be ready in the right earnest to meet these challenges. The ACBs would have a very crucial and proactive role to play in this regard.
New Companies Act
17. Section 177 of the New Companies Act makes it mandatory for all listed companies and certain unlisted public companies to have an Audit Committee comprising of minimum three directors with majority being independent directors. I trust the Group has taken note of the requirements and is doing the needful in this regard.
Holding company structure
18. As you are aware, there have been certain discussions around the holding company structure for the banks while considering the license for new banks. In this context, Audit Committees may also like to be sensitive towards the tax or regulatory implications for the bank in moving towards a holding company structure from the present bank-subsidiary model.
Conclusion
19. In sum, I would like to reiterate that the Audit Committees have a very crucial mandate and shoulder high levels of expectations from all stakeholders. As regulators, we repose immense faith in their professionalism and therefore expect that the Audit Committee possess a collective balance of skills and expert knowledge with relevant experience in financial reporting, accounting and auditing and discharges its duties efficiently as per its mandate and scope. The changing regulatory landscape and the emphasis on risk management and control functions makes the role of the Audit Committee all the more important today and in the coming days. I am sure the ICICI group, with its major presence in the Indian banking system, is aware of this and is working towards meeting the expectations that the various stakeholders have from the Audit Committees.
I wish you successful deliberations.
Thank you!
1 Working paper No. 27 (Impact and implementation challenges of the Basel framework for emerging market, developing and small economies).