Critical risk and issues in regulating bank business correspondents

The business correspondent model to financial inclusion can work, but since it transfers various types of risk, responsibility and management compliance to third parties, it requires appropriate regulation and supervision


With the ongoing bidding for the whole of India, the business correspondent (BC) model is surely on its way to become a pan-India effort of huge scale and deep penetration with regard to financial inclusion. While I am certainly not comfortable with the (low) bidding values and have discussed it in a previous article Business correspondent model at near-zero cost may fail with deep negative impact, I do however believe that the BC model can perhaps effectively serve the cause of financial inclusion if it is structured appropriately. That said, in my opinion, there are many risks and serious regulatory and supervisory issues that need to be addressed by the RBI for this to become a reality. The key ones are briefly highlighted hereafter.

Specifically, under the proposed BC model, a regulated entity (bank) is to use a third party (BC and its sub-agents) to perform activities on a continuing basis that would normally be undertaken by the regulated entity (bank)—in other words, it would outsource the activities to various kinds of business correspondents and its sub-agents.

Thus, in the business correspondent model, in effect, there is a transfer of an activity (or a part of that activity) from a regulated entity (bank) to a third party (BC and its sub-agents). There is no doubt that financial service businesses throughout the world are increasingly using third parties to carry out activities that they themselves would normally have undertaken. While industry research and surveys by regulators/others show financial firms outsourcing significant parts of their regulated and unregulated activities, especially because of cost and other considerations, there is no doubt that these outsourcing arrangements are also becoming increasingly complex and, as a result, causing problems on the ground as well.

The fundamental issue here is that such outsourcing by banks, as envisaged in the business correspondent model, has the potential to transfer risk, management and compliance to third parties (BC and their sub-agents) who may not be as well regulated and supervised—especially in line with the financial functions that they may be performing (which certainly calls for an appropriate kind of regulation/supervision).

Several concerns arise in this regard:

a.    In these situations, how can the regulator and/or the regulated financial service businesses (banks, in this case) remain confident that they are indeed in charge of their own business and in control of their business/other risks?

A look at the 2010 microfinance crisis in India suggests that neither the regulator/supervisor nor DFIs/banks were aware of any of the ground-level problems/happenings in Andhra Pradesh and their real causes. The presence of unscrupulous agents, rampant multiple lending, serious corporate governance violations, ghost clients and several other issues including violation of priority sector norms and the like were neither known/anticipated nor dealt with appropriately/nipped in the bud. This is a serious aspect that needs to be recognized by all stakeholders, including regulators/supervisors, and it calls for appropriate supervision arrangements with regard to the proposed business correspondent outsourcing activities as well. I am not sure whether these are in place and hence, my cautionary note with regard to the ongoing bidding which envisages upscaling of the business correspondents model. And let us not forget what happened when regulatory/supervisory arrangements (including the self-regulatory mechanism) with regard to microfinance were almost absent over a five-year period.

b.    How do the regulated financial service businesses (banks, in this case) know they are complying with their extant regulatory responsibilities as per the Banking Regulation Act and other periodic circulars and notifications? How can these regulated financial service businesses demonstrate that they are doing so when regulators/supervisors ask them?

Let us take the microfinance crisis as an example again. There were many serious violations with regard to KYC (know your customer) and, in many cases, the last mile end user clients were just not known. Imagine the consequences of this for the anti- money laundering regulations based on the global Financial Services Task Force (FSTF) recommendations. There have been many cases of lending to non-priority sector clients (including loans to founder directors) and there are no safeguards against these even as on date. Many a time, KYC forms have included people who are no longer alive. There is documentary evidence of several such cases in Andhra Pradesh and other states. Again, I am not sure that banks currently have the capacity and ability to ensure compliance in real time and therefore, I would like to stress that while arrangements like business correspondents (BCs) are upscaled, the banks, on their part, must also demonstrate the willingness and capacity to have appropriate supervisory mechanisms (for example, rigorous internal audits) in line with their regulatory responsibilities. We need commercial banks to be more accountable and transparent with regard to the regulatory responsibilities they are discharging. After all, they mainly intermediate public deposits.

c.    Most importantly, how can the regulated financial service businesses (outsourcing banks) assure themselves that their business correspondents (and sub-agents), who are 3rd parties, are not engaging in practices that could contribute to institutional and other failures including client level abuses?

Again, it was demonstrated during the recent microfinance crisis that banks and DFIs assumed that MFI practices were good on the ground and regulators/supervisors also did do. The consequences are out there for all of you to see and judge.

Therefore, I would really hope that there is serious regulatory and supervisory introspection into issues such as those given above while upscaling the business correspondent model. And before I sign off, I would like to leave you with a list of potential risks (certainly not exhaustive) in the business correspondent model for the benefit of banks and regulators/supervisors and I really hope that the banks and regulators devise appropriate strategies to mitigate these risks…

A)    Strategic Risk

1.    The BC (and/or their sub-agents) may conduct activities which are inconsistent with the overall strategic goals (of the outsourcing banks) with regard to financial inclusion. This is a very critical issue
2.    A second issue relates to the failure of the outsourcing bank to implement appropriate oversight with regard to activities outsourced to the BC and its sub-agents. This could arise also because of the fact that the outsourcing bank has inadequate expertise (for example in internal audits or compliance) to oversee the BC and their sub-agents. Here, one must not forget what the public sector banks have been saying with regard to the BC model and outsourcing in the recent times—“We need to work out a proper model. Public sector banks are poor in managing outsourcing as we don't have experience in outsourcing like our private peers. There are internal challenges as well as our employees did not accept this alternate channel of banking”—A Krishna Kumar, State Bank of India managing director .  

B)    Operational Risk     

1.    Since much of the present BC model hinges on use of technology, technology failure (at the level of the BC and their sub-agents) is a critical issue here. A related issue is the compatibility and integration of technology between BC (and its sub-agents) with that of the outsourcing banks    
2.    The BC and their sub-agents may have inadequate financial and other capacity to fulfil their obligations and/or provide remedies in case of serious frauds or errors. This again needs to be looked into, especially given the scale of operations envisaged and volume of money to be physically intermediated
3.    Further, given the proposed vast outreach of each cluster and the difficult physical terrains, the outsourcing bank and/or BC may find it difficult and costly to undertake rigorous internal audits and inspections. This needs to be evaluated and mitigated appropriately

C)    Compliance Risk     

4.    Processes, procedures, activities and practices at BC (and their sub-agents) are not in accordance with the stipulated processes, procedures, activities and practices of the outsourcing bank (which is a regulated entity and has to comply with prevailing laws as the Banking regulation Act)
5.    The BC and its sub-agents do not comply with confidentiality aspects and related privacy laws
6.    The BC has compliance systems and controls that are inadequate with regard to its sub-agents  
7.    In fact, all non-compliance brings a huge reputation risk as well

D)    Reputation Risk

8.    The BCs and their sub-agents provide poor service to their clients in terms of all features of service quality—level of service, consistency, timeliness, adaptability, etc
9.    Customer interaction and engagement by the BC and their sub-agents do not meet the overall quality levels of the outsourcing bank (which as a regulated entity is supposed to maintain as the BR Act and prevailing voluntary codes of conduct). Apart from quality levels, consistency is a critical issue here

E)    Exit Strategy Risk

10.    The risk that appropriate exit strategies are not in place is another key issue. This could arise from several factors: (a) over-reliance on one firm (like common BC and sub-agents for a cluster; (b) the loss of relevant skills in the outsourcing bank (s) themselves thereby preventing banks from bringing the activity back in-house at a later date; and (c) contractual terms that could make a quick exit prohibitively expensive. These need to be addressed as well

F)    Information and Access Risk

11.    Outsourcing arrangements like in the present BC model greatly affects the ability of the regulated entity (outsourcing bank in this case) to provide accurate, necessary and timely data/information with regard to financial inclusion to regulators/supervisors. The RBI needs to be aware of this critical risk and manage it appropriately
12.    When the BC and its sub-agents operate, there will be several additional layers of difficulty for the regulator/supervisor not only in terms of accessing accurate, necessary and timely information but also understanding the various activities of the BCs (and their sub-agents) in remote locations. That needs to be factored in as well in formulating regulatory/supervisory arrangements

G)    Systemic and Concentration Risk

13.    The financial inclusion industry (all banks together) has significant exposure to one or few BCs. This concentration could result in lack of control of individual banks over the concerned BC(s). Again, this needs to be assessed closely given what some of the public sector banks have been saying.
14.    Additionally, if the BC model were to become unsound, the few BCs together pose a huge systemic risk to financial inclusion and banking industry as a whole. This is especially true given the huge scale of operations and the large volume of money proposed to be intermediated

(Ramesh S Arunachalam has over two decades of strong grass-roots and institutional experience in rural finance, MSME development, agriculture and rural livelihood systems, rural and urban development and urban poverty alleviation across Asia, Africa, North America and Europe. He has worked with national and state governments and multilateral agencies. His book—Indian Microfinance, The Way Forward—is the first authentic compendium on the history of microfinance in India and its possible future.)

Free Helpline
Legal Credit