Compliance, Risk Management and Internal Audit Are Common Weaknesses in Banks, FIs: RBI
Moneylife Digital Team 30 March 2022
While emphasising on governance structures and practices for prioritising protection of the interests of depositors in banks, the Reserve Bank of India (RBI) found compliance, risk management and internal audit as common weaknesses among financial institutions (FIs), including banks, in the country. 
While delivering a speech at Centre for Advanced Financial Research and Learning (CAFRAL) earlier this month, MK Jain, deputy governor of RBI says, "An efficient and vibrant financial system is crucial to economic development and social wellbeing of the country. The governance framework surrounding the individual players in the financial system assumes a central role not only in terms of value creation for various stakeholders but also in ensuring the oversight of the Board on risk appetite and risk culture of individual institutions."
According to RBI's deputy governor, during recent years, assessment of oversight and assurance functions has been bestowed enhanced focus in view of their importance in addressing the root cause of problems. The assessment by RBI found common weaknesses in three specific area such as compliance, risk management and internal audit.
"Failure or delay in detection and reporting of non-compliances, persisting sub-par compliance, deficiencies in compliance testing with respect to inadequate coverage and limited transaction testing, persisting irregularities due to non-addressing of root-causes and not ensuring sustainability of compliance were observed. Further, compliance setup was not resourced adequately with required number and quality of staff in many cases," Mr Jain says.
He says, disconnect was observed between the risk appetite framework as approved by the board and actual business strategy and decision-making and weak risk culture which was amplified by absence of guidance from the senior management, improper risk assessment, repeated exceptions to risk policies, conflict of interest especially in related party transactions and absence or faulty enterprise-wide risk management. 
"Operational risk was seen to be high on account of people risk like high attrition rate, lack of succession planning, and involvement of staff in fraudulent practices, elevated information technology (IT) and technology risk, like lack of adequate investment in technology, lack of technically qualified personnel, business disruptions and weak business continuity plan and disaster recovery (BCP/DR) arrangements, and high outsourcing risks, including over dependence on vendors, lack of monitoring arrangements, and gaps in contractual arrangements," the deputy governor explained. 
Mr Jain also pointed out several issues with internal audit of banks and FIs that affect the overall function. He says, "Audit process unable to capture irregularities, non-coverage of certain areas under scope of audit, compliance and audit not collaborating with each other, lack of ownership and accountability, inadequate review of practices that require alignment to address interests of all stakeholders, non-compliance or delay in compliance with audit observations were some of the major concerns identified."
The deputy governor also mentioned RBI's expectations from supervised entities on governance and assurance functions. It includes effective engagement and support from the top, independence of oversight and assurance functions, close engagement and collaboration, sustainable compliance, risk governance, quality of board discussions and time given for important matters, role of board and senior management in cybersecurity and technology, dominance of individuals and oversight over related-party transactions and connected lending.
Mr Jain says, "The board members should focus on strategic and important matters. The quality of deliberations, the level of challenge provided to executive management, and the time allocated to important agenda items is often found to be inadequate. Many times, large number of agenda items are included, including table items, which do not allow for proper evaluation of the proposals. The board also needs to work in a cohesive manner."
"It is important to ensure that financial institutions are board-driven and do not end up being dominated by individuals. Experience has shown that this leads to undesirable consequences," he added.
Commenting on related-party transactions (RPT) and connected lending, the deputy governor says, "While various regulations are in place to check improper RPTs, including their disclosures, it is important that the board and audit committee exercise close oversight over such matters and get satisfactory assurances."
Mr Jain also asked board members of banks to be alert and detect red flags in reports presented to them. 
"Effective internal defenses will help in building organisations that are strong, resilient, disciplined and enjoy the benefits of sustained growth and customer confidence. It will also pre-empt supervisory actions and attendant reputational risks that arise in case transgressions are detected," he concluded.
3 months ago
Based upon whatever has been published in this article, I find it surprising Dy Governor does not make much mention of the woes of the Depositrs due to very regular wilful short changing of these stakeholders by the Bank Managements. RBI keeps receiving these complaints from time to time; yet, Mr. Jain is silent in his report about theses isuues.
I believe, unless RBI takes these complaints seriuosly, inposes heavy penalties on defaulting Banks, the problmes of depoitors will never be resolved. It ia time, the Apex Bank wakes up to the realities, otherwise very easily you get the imression that RBI is shielding these defaulters-may be RBI thinks these Banks are to big to be acted against? If so, will RBI please redefine its role?
Free Helpline
Legal Credit