Resilient banking calls for focus on governance, risk management and toeing the compliance culture
Banks and financial institutions are quite aware of cyber risks and their negative impact
image for illustrative purpose
Data security has become extremely important as any data breach or data loss can adversely impact banks. There is no scope for laxity as regulators can come heavily on banks for any lapses apart from their credibility coming under the scanner
As a regulator and supervisor, the Reserve Bank of India (RBI) has to have proper assessment of factors like risk management, governance, compliance by the regulated entities and preparedness of banks to face the current challenges and future risks. Towards this, the bank holds regular meetings with the Managing Directors and CEOs of public sector banks and select private sector banks.
In the latest meeting RBI Governor Shaktikanta Das took stock of the persisting gap between credit and deposit growth, liquidity risk management and ALM issues, trends in unsecured lending, cyber security, third party risks, digital frauds, and credit flow to MSMEs, among other topics.
It has been noticed that the deposit growth of the banking sector is lagging behind the credit growth and the gap is more than 340 bps gap. While mutual fund industry and direct equity investment are gaining substantial inflow, banks are not able to mop up savings and fixed deposits due to lesser returns compared to other similar investment schemes. The credit growth stood at 16.9% against deposit growth of 12.6%.
There has been request for government to consider additional tax benefits to households to make deposits from banking sector more attractive.
On the issue of ALM mismatches affecting liquidity risks and interest rates risks, banks have to consider the liquidity risks. Maturity mismatches should be within the prudential limits and there is no scope to take too much risk as to liquidity and interest rates mismatches. Infrastructure finance and partly project finance are for the long term whereas banks deposit durations are only for the short term. Banks have to be careful in lending for residential and commercial real estate, particularly if their deposit durations do not support such long lending. Similarly banks while contracting deposits for longer period should be careful about the likely interest rates risks. Banks have to be mindful of bulk deposits taken on short term maturity that are used for long term bulk lending as interest rates may vary due to the inflation rate. Similarly banks Investment portfolio needs constant monitoring, particularly banking and trading portfolio as any adverse movement of interest rates may affect valuation of the portfolio.
The unprecedented growth in unsecured lending in retail sector has drawn the attention of RBI, which has enhanced capital charge on such unsecured lending that has recently shown some moderation. While it is a fact that individuals as well as traders, MSMEs, small businessman and professionals need unsecured borrowings to meet their cash flow mismatch, they should not be disproportionate to their future income. It is necessary to ensure that these are borrowed for meeting the mismatches and are not used for any speculative purposes or for a long term purpose, which may be difficult for borrowers to have liquidity to service their loan accounts. As a result, there could be defaults. Moreover there is risk of valuation volatility in case such funds are used for capital markets or any speculative activities which should be totally avoided. Valued customers are to be supported by unsecured lending in times of emergency as they are the main source of credit growth for banks.
Cyber security has been the biggest source of risks for everybody and banks and financial institutions are quite aware of cyber risks. To address this in earnest, the RBI has been directing banks to take effective steps to mitigate this risk.
In this age of digital transformation and banks embracing new technology like AI, ML, block chain, quantum computing, cloud computing, API, mobile, WhatsApp and social media banking, they have to take extra care to prevent or contain cyber and digital frauds. Data security has become extremely important as any data breach or data loss can adversely impact banks. There is no scope for laxity as regulators can come heavily on banks for any lapses apart from their credibility coming under the scanner.
It is also a fact that banks are outsourcing newer instruments of delivery of customer service as well as back up service from third party outsourcing. Such outsourcing should be strictly in compliance with the regulator and internal guidelines, There should be a constant review and vigil on their cyber security preparedness as any let up may lead to greater risks at the individual bank and systemic level.
Recently RBI officials also had a meeting with CFOs and statutory auditors of banks to drive home the point that it expects both the functionaries to play an important role in giving assurance to all stakeholders as to the true and fair picture of the affairs of the regulated entities along with the material risks being disclosed along with the prescribed disclosures to boost the confidence of the depositors and shareholders. The proper assessment of going concerns challenges pertaining to climate and sustainability and other important areas of technology to assess its robustness, appropriateness and cyber security, third party sourcing risks, are to be assessed.
The overall issues discussed by RBI are of strategic importance and banks have to strengthen their governance standards, risk management practices and compliance culture in banks. Recently there has been a mention that along with profit and profitability, banks focus on current and future resilience and strengthen the key areas to ensure banks are fully prepared to face the future with greater confidence.
When everything is found as comfortable, the time is not for complacency and regulators, policy makers and other stakeholders will have to be alert to future risks. Known and unknown risks could emerge in the future and hence it is imperative to be guarded by such risks and ensure strong resilience and financial strength and robust financial landscape of tomorrow. That is how regulators are continuously guiding and directing the regulated entities to focus more on governance, risk management and compliance culture in banks and prepare the entire organisation towards a strong resilient banking.
(The author is former Chairman & Managing Director of Indian Overseas Bank)