Mahesh Kumar Jain: Governance in banks - driving sustainable growth and stability

Speech by Mr Mahesh Kumar Jain, Deputy Governor, of the Reserve Bank of India, at the conference of Directors of Banks, organised by the Reserve Bank of India for Public Sector Banks on 22 May 2023 in New Delhi and Private Sector Banks on 29 May 2023 in Mumbai.

Central bank speech  | 
06 June 2023
PDF full text
 |  5 pages

Governor, Deputy Governor Shri M R Rao, colleagues from the RBI and distinguished directors of banks.

Good morning. It is indeed an honour to be here to discuss a topic of utmost importance: Governance in Banks – Driving Sustainable Growth and Stability. You are seasoned professionals with expertise in your domains. Today, I intend to share some insights from my experience both as a practitioner as well as supervisor.

2. We had three key objectives in mind for holding this conference. These are:

(i) The Governor emphasized the strength, stability, and resilience of the banking system, achieved through collective efforts of the Government, RBI, and the banks. While progress has been made, addressing downside risks is vital for India's journey towards becoming a developed economy. Banks are needed to mobilise savings, promote financial inclusion, facilitate job creation by supporting MSMEs, among others. We would like to highlight the importance of strong governance and leadership which are crucial for long-term health of the sector.

(ii) Secondly, the RBI has taken several initiatives in the recent past for strengthening its supervisory processes. This conference gives an opportunity to provide an overview of these initiatives and share some of the supervisory insights.

(iii) Thirdly, there has been an increasing focus on data analytics as a powerful tool for assessing both idiosyncratic as well as systemic risks in banks. By leveraging large volumes of data and advanced analytics techniques, it is possible to gain deeper insights into risk profiles of banks and identify potential vulnerabilities. The intention is to brief you on these initiatives so that banks can leverage on their own data analytic capabilities to make data-driven risk management decisions, improve risk assessment accuracy, and enhance their ability to anticipate risks.


3. In the past decade, the banking sector has overcome numerous challenges. However, complacency is not an option, as banks now face a dynamic environment arising from technological disruptions, cybersecurity threats, evolving customer expectations, global headwinds, and the need to attract and retain talent. Among these challenges, three areas require particular attention which I shall briefly elaborate.

(a) Firstly, technology risk: The ongoing Fintech revolution in banking is bringing a disruptive paradigm shift in the banking services. Banking services are now being bundled with other financial and non-financial services and giving consumers the convenience of accessing the full spectrum of financial products. Indeed, the pace of technological changes is so rapid that banks will have to transform like technology companies continuously innovating and investing in technological upgradations. The risks of cyber-attacks, data breaches, and operational failures have also increased.

(b) Secondly, business risk. As the recent examples of some international bank failures have demonstrated, banks get into trouble due to fundamentally flawed business models. Sometimes banks follow inherently risky strategies with the confidence that their bank has mitigating controls. However, their assumptions may not hold true either due to internal control failure or due to exogenous factors. The Board plays a vital role in independently assessing the business model and its attendant risks. It is important for banks to carefully assess their own unique circumstances and capabilities, conduct thorough analysis, and tailor their strategies accordingly. While it can be valuable to learn from the experiences of other banks, adopting their strategies without considering the specific context and requirements of the organization may lead to unfavourable outcomes. Therefore, Boards should be cognizant of their business model and its potential downsides, both in near term and in future.

(c) Thirdly, there is operational risk due to various factors such as high attrition, lack of succession planning, skilling of staff, outsourcing, etc.

(i) Attrition and high employee turnover lead to loss of institutional knowledge, disruption in services and increased recruitment costs. Similarly, lack of succession planning, particularly for critical roles, can pose significant operational risks.

(ii) Ensuring that employees have the necessary skills and knowledge is imperative to adapt to new technologies and business practices.

(iii) Risks also emanate from outsourcing, including potential loss of control over critical operations, data security breaches, and increased dependency on third-party providers.

(iiii) Banks also need to be careful about process risks where errors, inefficiencies or breakdowns in operational processes can lead to financial losses, compliance failures or customer dissatisfaction.

Operational risks stemming from ethical issues at the operating level can also have significant repercussions for banks, including reputational damage, legal and regulatory consequences, erosion of customer trust, and adverse financial impacts.

Role of the Board

4. The evolving nature of risks faced by the banking system necessitates the building up of organizational resilience to adapt to the changing landscape and stay prepared for future risks. Good governance is at the core of organisational resilience and effective Boards are the starting point of good governance. While good corporate governance is essential for all institutions, the governance structure and processes of the banks are expected to be even more robust as banks and financial institutions are different from other business entities in many ways.

  1. Firstly, banks are allowed to raise substantial amounts of uncollateralized deposits. Unlike other corporates, shareholders only provide 3 to 4 per cent of the funds in banks and the predominant suppliers of finance are depositors.

  2. Secondly, banks perform the function of liquidity and maturity transformation which makes their business inherently risky.

Such high leverage and maturity mismatch between assets and liabilities cannot be sustained unless banks gain the trust of the depositors. Hence, the governance structures and practices in the banks should prioritise depositors' interest and maintaining their trust.

5. Effective governance requires a competent and independent Board effectively overseeing the management by asking the right questions, formulating appropriate strategies keeping in mind the risk appetite as well as establishing proper policies and procedures.

6. I would urge Boards to actively engage in risk oversight, pursue a robust risk management framework, monitor key risks, challenge management on risk-related matters, and ensure the implementation of appropriate risk mitigation measures to protect the bank's interests and stakeholders.

7. Another aspect that Boards must lay due emphasis on is compliance. Compliance in letter and spirit is critical for banks to maintain the integrity of the financial system and to promote ethical behaviour. Banks must ensure that their actions are compliant with the intended purpose and principles of a law or regulation, and not just the literal or technical interpretation. Compliance with the spirit of the law is essential for banks to maintain their reputation, build trust with customers, and promote ethical behaviour.

8. Finally, it is important for banks to keep sustainability in mind. This means taking a long-term view of the business and considering the impact of decisions on the bank's financial health, reputation, and broader societal and environmental factors in future.

Role of Supervision

9. On its part, the Reserve Bank has initiated a series of steps to enhance the soundness of the financial system by adopting a holistic approach towards addressing the growing complexities and inter-connectedness, and to deal effectively with the potential systemic risks.

10. In the past five years, there has been a significant strengthening of the Reserve Bank's supervisory systems and shifting from an entity-based approach to a more thematic and activity-based approach. Structural changes have been implemented to enhance agility, flexibility, and specialization. A unified and harmonized supervisory approach has been adopted for commercial banks, NBFCs, and urban cooperative banks (UCBs), with a greater focus on identifying the root causes of vulnerabilities.

11. The Reserve Bank has deployed a wide array of tools to enhance the effectiveness of Supervisory frameworks. These include an Early Warning System, Stress Testing models, Vulnerability Assessments, Cyber Key Risk Indicators, conduct of Phishing and Cyber Reconnaissance exercises, targeted evaluation of compliance with KYC/AML norms, Micro-Data Analytics to analyse granular data, among others. We are also in the process of adopting the use of Advanced Analytics, Artificial Intelligence and Machine Learning on Supervisory Data for even better insights into operations of supervised entities.

12. Supervisors often detect serious issues such as non-compliance, divergences from IRACP norms, and gaps in internal controls and IT systems during their limited time at the bank. However, it is reported that these concerns frequently surprise Directors when presented in Risk Assessment and Off-site analytical reports. Boards should reflect on why critical deficiencies go unnoticed despite having access to relevant data and assessments, and work on building internal capabilities to identify and address such issues at an early stage.

13. Sometimes supervision is viewed as intrusive. Let me clarify that supervision is neither designed to be intrusive or punitive nor are supervisors the risk managers of supervised entities. It should be appreciated that supervision is only the fifth line of defence in banking, as it serves as an additional layer of oversight beyond the traditional three lines of defence model (business operations, risk management and compliance, and internal audit) and the fourth line of defence (external audit). Supervision is forced to step in only when these lines fail.

Preparing for the Future

14. Before, I conclude, let me dwell upon the road ahead. The future of banking is expected to be shaped by advancements in technology leading to greater business and process automation, changing customer expectations, and evolving regulatory landscapes.

15. To prepare for the future, Indian banks will need to focus on digital transformation, enhance customer experience, adopt innovative technologies such as AI and blockchain, invest in cybersecurity measures, look for opportunities to derive synergistic benefits through collaboration with other players as well as upskilling their workforce to meet the demands of the digital era. Additionally, they will need to prioritize risk management, regulatory compliance, and sustainability to ensure long-term resilience and competitiveness in the evolving banking landscape.


16. In conclusion, I would like to reiterate that the role of the Board of Directors in ensuring sustainable growth and stability of the banking sector cannot be overstated. As custodians of the interests of various stakeholders, including depositors, shareholders, regulators, and the wider society, Boards must adopt a proactive and strategic approach. Effective risk management, governance, and compliance practices are essential in safeguarding the bank's reputation, financial stability, and long-term viability. Moreover, the Board must ensure that the bank's business model, strategy, and operations are sustainable and create long-term value for all stakeholders. Finally, the Board must remain vigilant, adaptive, and continuously assess the bank's performance, risks, and opportunities, and take timely and informed decisions. I urge all Board members to embrace these principles to drive the bank towards sustainable growth and stability, while safeguarding the interests of depositors and maintaining the stability and integrity of the banking system all the time. Thank you.