Introduction
Delegates from various financial institutions, guest speakers and colleagues from CAFRAL, a very good morning to all. At the outset, let me thank CAFRAL for hosting this learning program. The lingering COVID-19 pandemic and the potential economic disruptions due to the latest geo-political events in Europe have again brought to the fore the reality that the nature and frequency of risks faced by the financial system of today are quite unparallel and unpredictable. Also, the banking sector today is much different from what it was a decade ago and is constantly evolving.
While the Reserve Bank is deploying various tools at its disposal to maintain the stability of the financial system, individual financial institutions, more specifically the banks, need to be watchful of the economic impact of such risk events and take adequate measures to maintain their resilience. In this regard, it is important to recognise the inter-linkages between quality of governance and resilience of financial institutions. Even as high-quality governance enhances resilience, poor corporate governance is a source of risk to the financial institutions as well as to the financial system.
Corporate Governance
While good corporate governance is essential for all institutions, the governance structure and processes of the banks are expected to be even more robust. Banks and financial institutions are different from other business entities in many ways. Their business model is very different from other business entities, enjoy high leverage as they can raise substantial amount of uncollateralised deposits, and perform the function of liquidity and maturity transformation. Hence, the governance structures and practices in the banks should prioritise protection of the interests of their depositors.
Oversight and Assurance Functions
With the growth in size and complexity of the financial institutions, there is an increased focus on adequacy of the governance framework for identifying, addressing and managing risk. Towards this, the ‘three lines of defense’ have pivotal responsibilities: i) ‘the business functions’ which are the risk takers and owners of the risk, (first line of defense) have the responsibility of managing the risk generated by virtue of their day-to-day business activities; ii) the ‘risk management function’ and the ‘compliance function’ (second line of defense) have the responsibility of exercising oversight on the business functions to ensure that their activities are within the risk and compliance policies of the bank; and iii) the ‘internal audit function’ (third line of defense) has the responsibility of identifying gaps from prescribed requirements and reporting to the Board / Audit Committee of the Board. Collectively, these three functions have to provide assurance to the Board / senior management about the adequacy and effectiveness of the governance framework and that the Board approved policies and business strategies are adhered to by the financial entity in conduct of its business.
RBI Initiatives and Measures
Reserve Bank attaches a lot of importance to the strengthening of governance and internal control functions in the banks and financial institutions. Recent guidelines issued by the RBI are intended to provide greater clarity on supervisory expectations, avoid conflict of interest, provide sufficient authority, resources and independence to these functions, among others:
Compliance: In September 2020, RBI has issued revised guidelines for Compliance Function in Banks and role of Chief Compliance Officers (CCOs) to bring uniformity in approach followed by banks, as also to align the supervisory expectations on CCOs with global best practices.
Internal Audit: Earlier in January 2020, RBI has issued guidelines for strengthening governance arrangements with regard to Risk Based Internal Audit (RBIA) in banks, which inter alia included enhancing the authority, stature, and independence of the Internal Audit Function. Similar set of guidelines were issued for select NBFCs and UCBs in February 2021, which were later extended to select Housing Finance Companies (HFCs) as well.
Risk Management: Though RBI has issued guidelines on Risk management systems for banks way back in 1999, to bring uniformity in approach followed by banks, as also to align the risk management system with the best practices. Guidelines on the role of Chief Risk Officer (CRO) in banks were issued in April 2017. Similar guidelines for NBFCs and UCBs have been issued in May 2019 and June 2021 respectively. RBI has also undertaken sensitization sessions with CCOs, CROs and HIAs over the past year to communicate its expectations on oversight and assurance functions.
Governance in Commercial Banks: Through a discussion paper published in June 2020, Reserve Bank has proposed substantial improvements to the governance framework of banks. Major highlights of the discussion paper were:
i) Empower the Board of Directors to
set the culture and values of the organisation;
recognise and manage conflicts of interest;
set the appetite for risk and manage risks within the appetite;
improve the supervisory oversight of senior management;
ii) Empower the oversight and assurance functions through various interventions;
iii) Achieve clear division of responsibilities between the Board and the management; and
iv) Encourage the separation of ownership from management.
Based on the suggestions and feedback on the Discussion Paper, Reserve Bank issued instructions regarding the Chair and meetings of the Board, composition of certain Committees of the Board, age, tenure and remuneration of Directors, and appointment of the whole-time directors (WTDs) in April 2021. With respect to the other proposals contained in the discussion paper, a Master Direction on Governance will be issued by RBI.
Enhanced Supervisory Focus on Oversight and Assurance Framework – RBI’s Assessment and Findings
During recent years, assessment of oversight and assurance functions has been bestowed enhanced focus in view of their importance in addressing the root cause of problems. Some of the common weaknesses that have been observed in these functions are:
a) Compliance Function – Failure / delay in detection and reporting of non-compliances, persisting sub-par compliance, deficiencies in compliance testing with respect to inadequate coverage and limited transaction testing, persisting irregularities due to non-addressing of root-causes and not ensuring sustainability of compliance were observed. Further, compliance setup was not resourced adequately with required number and quality of staff in many cases.
b) Risk Management – Disconnect was observed between the Risk Appetite Framework as approved by the Board and actual Business Strategy and decision making, weak risk culture which was amplified by absence of guidance from the senior management, improper Risk Assessment, repeated exceptions to risk policies, conflict of interest especially in Related Party Transactions and absence or faulty Enterprise-wide Risk Management. Operational risk was seen to be high on account of people risk (high attrition rate, lack of succession planning, involvement of staff in fraudulent practices, etc.), elevated IT and technology risk (lack of adequate investment in technology, lack of technically qualified personnel, business disruptions and weak BCP/DR arrangements, etc.), and high Outsourcing risks (over dependence on vendors, lack of monitoring arrangements, gaps in contractual arrangements, etc.).
c) Internal Audit - Audit process unable to capture irregularities, non-coverage of certain areas under scope of audit, compliance and audit not collaborating with each other, lack of ownership and accountability, inadequate review of practices that require alignment to address interests of all stakeholders, non-compliance/delay in compliance with audit observations were some of the major concerns identified.
Supervisory Expectations on Governance and Assurance Functions
Some of our expectations from the supervised entities in this regard are:
i) Effective Engagement and support from the Top
Oversight and assurance functions have a key role in value creation for a financial institution, strengthening public confidence, preserving and enhancing its reputation, and maintaining the integrity of its business and management. The Board should engage with the oversight and assurance functions and assure them of direct and unfettered access. The “tone from the top” would set the pace for a sound organization culture that values honesty and integrity.
ii) Independence of Oversight and Assurance Functions
Appointment and removal of heads of oversight and assurance functions should have stringent barriers and they must be independent of executive management. Assurance functionaries should not be performing any of the tasks on which they are required to take a view independent of the risk takers.
iii) Close engagement and collaboration
Maintaining independence does not preclude constructive engagement with management and business functions. Indeed, to be effective, heads of oversight and assurance functions must work closely with other functionaries, and also collaborate amongst themselves.
iv) Sustainable Compliance
Several weaknesses and irregularities have been recurring despite the averments made by bank managements of having carried out remediation. My expectation from the banks is that they make serious efforts towards overall improvement and sustainability in their compliance.
v) Risk Governance
Risk appetite and risk tolerance levels must be clearly defined, keeping in view past and forward-looking assessment of likely internal and external risk environment and actual business decision making should align with these limits, as also with the capacities available with the institution. Senior management should communicate the risk management policies, risk appetite statement and risk management expectations to the business units for proper understanding and compliance.
vi) Quality of Board discussions and time given for important matters
The Board members should focus on strategic and important matters. The quality of deliberations, the level of challenge provided to executive management, and the time allocated to important agenda items is often found to be inadequate. Many times, large number of Agenda items are included, including table items, which do not allow for proper evaluation of the proposals. The Board also needs to work in a cohesive manner.
vii) Role of Board and Senior Management in Cybersecurity and Technology
RBI has mandated banks to have awareness training programmes for their Board of Directors and senior leadership team and to familiarise them with IT and relevant cybersecurity concepts. The Board must start looking at cyber risk as an enterprise-wide risk management issue, rather than a pure IT security issue, owing to its firm-wide implications. Adequate and required level of investments in technology should be ensured. In its role of oversight, the Board needs to oversee the overall cybersecurity management, including appropriate risk mitigation strategies, systems, processes, and controls. Whether the institution has the appropriate skills, resources, and approaches in place to minimise the cyber risk and mitigate any damages that may occur also needs to be seen.
viii) Dominance of Individuals
It is important to ensure that financial institutions are Board-driven and do not end up being dominated by individuals. Experience has shown that this leads to undesirable consequences.
ix) Oversight over Related Party Transactions and Connected Lending
While various regulations are in place to check improper RPTs, including their disclosures, etc., it is important that the Board and Audit Committee exercise close oversight over such matters and get satisfactory assurances.
|
|
|
|
|
|
|
|
ウィスパリング同時通訳研究会 更新情報
-
最新のアンケート
-
まだ何もありません
-
ウィスパリング同時通訳研究会のメンバーはこんなコミュニティにも参加しています
人気コミュニティランキング
- 1位
- カラオケ「町田オフ」
- 980人
- 2位
- 暮らしを楽しむ
- 75437人
- 3位
- 酒好き
- 170649人