Mahesh Kumar Jain: Governance and prudential supervision of financial institutions - recent initiatives

Address by Mr Mahesh Kumar Jain, Deputy Governor, of the Reserve Bank of India, at the Business Standard Banking, Financial Sector and Insurance (BFSI) Summit, 2 November 2021.

The views expressed in this speech are those of the speaker and not the view of the BIS.

Central bank speech  | 
05 November 2021

Inputs received from Shri Rohit Jain, Shri Ajay Kumar Choudhary, Dr Pallavi Chavan and Shri Nethaji Bhudevan of the Department of Supervision are gratefully acknowledged

A very good evening to all the distinguished dignitaries and participants at this annual BFSI Summit organised by the Business Standard. The Summit has over the past few days seen excellent discussions on several topical issues related to the Banking and Financial Sector and generated some very useful insights.

2. The topic for today's discussion is 'Bank Privatisation: Undoing 1969', which is one of the most widely debated issues for long. The detailed deliberations on the topic are scheduled separately by a panel comprising of eminent personalities. The Reserve Bank's regulatory and supervisory approach has largely been driven by ownership neutral approach with focus on ensuring financial stability and resilience of its financial entities. Banking practices evolved rapidly post liberalisation. The ever changing financial landscape of the country and advent of Information Technology posed newer challenges for the banks as well as its regulator and supervisor. Banks being the engine of growth for the Indian economy, quickly adopted to this new reality of competitive environment and resorted to various new practices to maintain their bottom line. The adoption of new business models without adequate risk management and weakness in internal controls at times resulted in weak underwriting standards. The adverse developments in a few regulated entities in the past exposed some fault lines, primarily in terms of inadequate governance, inappropriate business model and weak internal assurance functions. RBI, therefore, undertook a review of its approach towards supervision as well as the existing practices in Supervised Entities (SEs) to identify the root causes for these gaps. Accordingly, the supervisory approach was reworked out in recent period to bring more focus on addressing these weaknesses.

3. In my address today, I would therefore like to talk about the changes in our expectations from financial entities along with the changes we brought about in our supervisory approach . Keeping in mind the overall objective of supervision i.e "Ensuring the safety, soundness and resilience of financial entities, thereby protecting the depositor's interest and maintaining financial stability".


4. I would like to begin with the issue of governance. Corporate Governance is the corner stone for any enterprise, but for banks, it assumes a distinctly different undertone and importance. It is well-known that banks are special in terms of services they render and the segments they touch while rendering these functions. By providing financial intermediation and maturity transformation, payment and settlement services, reducing information asymmetries, and engaging in deposit mobilisation, banks act as catalysts in growth of the economy. Most importantly, they enjoy the privilege of mobilizing uncollateralized public deposits and operating with high levels of leverage. The negative externalities of banks and NBFCs are also much higher than those for any non-financial entity due to their inter-connectedness. That's why, globally, banks are regulated and supervised very closely.

5. It is also well-acknowledged that shareholders are driven by maximisation of the returns on their capital. But in banks, this objective is realised largely through the resources raised from depositors. Hence, as repositories of public resources, banks need to design appropriate governance standards and implement internal controls to be worthy of the public trust. Being highly leveraged entities and with their inter-connectedness, there must be separation between ownership and management so that they operate on professional lines.

6. Governance reforms have been an area of continued focus for the Reserve Bank. The various regulatory measures including the mandatory listing of private sector banks, composition of the Board and its Committees, guidance on "fit and proper" criteria and on remuneration, separation of chairperson from managing director / chief executive officer have all been driven to improve the corporate governance and internal controls in banks.

Supervisory Initiatives

7. I shall now highlight the various prudential supervisory initiatives taken by Reserve Bank in recent years. The broad objectives of these can be detailed as follows:

(i) Bringing about a unified and more holistic approach to supervision and improving skill and capacity of supervisory staff.

(ii) Improving the governance practices and internal defenses in supervised entities, including an assessment of business model adopted.

(iii) Identifying early warning signals, increasing the focus on root cause of vulnerabilities and initiating corrective actions, as also refining supervisory processes and communications.

Let me elaborate a little on these areas.

(a) Unification of Supervisory Approach, Building Specialisation, Capacity and Skills in Supervision

8. In order to ensure a unified and systemic approach, a unified Department of Supervision (DoS) was created bringing all SEs, namely, Scheduled Commercial Banks, NBFCs and UCBs under one umbrella. Unifying the supervisory functions shall reduce the supervisory arbitrage and information asymmetries across SEs and address the complexities arising from their inter-connectedness. This will also help in the holistic understanding of systemic risks. Steps have been taken to improve the supervisory function through better capacity building and skilling of supervisors and for this purpose a separate College of Supervisors (CoS) has been set-up which is conducting extensive training programs in different areas. Supervisory specialisation is also being reinforced by way of creating specialised divisions for risk-based supervision of KYC / AML risk, data analytics, cyber security and IT examinations, among others.A Supervisory Action Framework has also been put in place which provides for graded early supervisory action depending on the frequency and severity of breaches identified.

(b) Strengthening Sound Governance and Internal Controls
  1. Emphasis on risk culture

9. As banks are in the business of taking risks, sound risk culture lies at the heart of every decision that they take. In alignment with global developments, Reserve Bank too has made risk culture and business model analysis as part of its supervisory assessment. The focus has been to ensure that entities put in place a well-defined risk appetite framework, and business decision making is broadly in alignment with their risk appetite and risk bearing capacity.

  1. Strengthening the assurance function

10. Reserve Bank attaches a lot of importance to the effective functioning of internal assurance functions in its financial entities and has issued revised guidance for concurrent, internal, as well as external audits in banks. The guidelines are expected to ensure that these audits act as an effective early warning, give greater clarity on supervisory expectations, avoid conflict of interest, provide sufficient authority / resources / independence to these functions, among others.

  1. Compliance function

11. The compliance function in a bank is an integral part of corporate governance, as it can affect the bank's reputation with its shareholders, customers, employees and the markets (BIS, 2005). The recent guidance by the Reserve Bank on compliance function casts responsibility of the compliance culture and management of compliance risk explicitly upon the Board. The guidance advises banks on laying down a Board-approved compliance policy, well-defined selection process for Chief Compliance Officer (CCO), a fixed tenure to CCOs, and requisite authority. Reserve Bank would expect that the standards of regulatory compliance will see considerable improvement going ahead.

(c) Tools for proactive off-site and on-site supervision

(i) Usage of Data and Analytical tools for offsite supervision

12. The offsite supervisory data is currently used in a variety of ways to aid in policy formulation, identify incipient stress, ascertain status of borrowers across lenders and check compliance to regulatory stipulations, among others. In addition to Central Repository of Information on large Credits (CRILC) and Central Fraud Registry (CFR), the data capabilities of RBI are in the process of being further upgraded through the revamped data warehouse, viz. the Centralized Information Management System (CIMS). It will encompass tools and applications for AI-ML, data visualisation and big data analytics.

13. As part of the forward-looking assessment of stress, various supervisory tools have been designed to identify vulnerable borrowers who have less 'distance to default' as well as vulnerable banks based on various parameters. Early Warning Systems and supervisory Stress Testing have been made an integral part of prudential supervision. Many Thematic Assessments are also being regularly carried out to identify system-wide issues and assess 'conduct' practices for taking corrective actions. Data dump analysis is also much more extensively used as part of our transaction testing exercise.

14. For continuous engagement with SEs, a web-based and an end-to-end workflow automation system has been developed. It has various functionalities including inspection, compliance and incident reporting for cyber security, etc. with a built-in remediation workflow, time tracking, notifications and alerts, Management Information System (MIS) reports and dashboards. This is being launched shortly.


15. With the proliferation of digital banking, cyber security has become an extremely important area of supervisory concern. To address this concern, the Reserve Bank has developed a model-based framework for assessing cyber risk in banks using various risk indicators, risk incidents, VA/PT, etc. Cyber drills are conducted based on hypothetical scenarios. Several Advisories and Alerts are issued on various cyber threats. Measures to build better awareness of cyber risks in supervised entities are continuing. The Digital Payment Security Control Guidelines were issued recently by RBI to set up a robust governance structure and implement common minimum standards of security controls. While a lot is being done in the cyber security space, but these risks are continuously evolving in the dynamic environment we operate in, and hence there should be constant vigil and continuous enhancements of IT systems.

(ii) On-site Supervisory Processes

16. Several measures have been taken to improve the rigour and efficacy of on-site processes, including the annual inspection process by adopting a calibrated approach. Focus areas get identified in advance, risk-based scoping is ensured, inspections are completed in time-bound manner, quality review process is strengthened, and supervisory communication is sharper and more focussed with clear outline of time-bound Risk Mitigation Plans (RMPs) to be implemented by the entities, among others. Additionally, direct engagements with the senior management of entities are much more frequent and intense.

Conclusion and the Way Forward

17. Globally, banking is seeing rapid transformations and questions on the traditional bank model are being raised. Technology players are challenging banks with offerings which provide more convenience, better reach and lower cost to customers. Developments in AI/ML, robotics and chat advisory, digitalisation, Distributed Ledger Technology (DLT), quant computing, cloud arrangements, data analytics, new ways of remote working, etc are giving benefits but also generating new risks. Climate change, KYC / AML, cyber security, virtual currencies as well as increasing reliance on outsourcing are some of the other major challenges that will need to be addressed.

18. Agile and creative thinking is going to be essential in staying ahead of the digital curve when it comes to the evolution of financial services. Financial institutions would need to experiment with new technologies and tailor their products and services in alignment with business strategy and competitive considerations as well as in compliance with existing laws and regulations. Leveraging on technology will also require enhanced financial investments, building expertise and capacities, proper resource allocation and further strengthening of the operational capabilities.

19. Lastly, in this ever evolving and challenging environment, ultimately it is the operations of a financial entity in terms of its governance standards, business model, risk culture, and assurance functions that will decide how well it fares in the long run. Reserve Bank would expect all its supervised entities to give due weightage and consideration to these elements.

20. With these words, I conclude my address. I thank the organisers for giving me this opportunity.