The Reserve Bank of India (RBI) failed to do any credit analysis of the top-20 borrowers of ICICI Bank, even as their share had grown to 20.30% and had exposed the Bank to increased risk. Research undertaken by Moneylife, on the other hand, indicates that RBI deliberately concealed data that reflects on its own shortcomings in the quality of its annual inspections, its findings and its ability to ensure compliance.
RBI, in its role as banking regulator, conducts annual inspections / reviews of banks to ensure compliance with rules and maintenance of acceptable risk profile.
Risk assessment reports (RAR) evaluate management and organisation risk, credit risk, market risk, liquidity risk, and operational risk in three facets, viz., information technology (IT), non-IT, and other risks.
RAR also identifies the control-gap which causes the inherent risk and computes the aggregate risk as a weighted average of the inherent and control-gap parameters.
The findings on capital and earnings help in the estimation of capital to risk-weighted assets ratio (CRAR), and to identify and correct major areas of financial divergence. Identification of major areas of non-compliance is done to ensure compliance by the bank.
In the third article in this series of annual reports released by the RBI to activist Girish Mittal following his long battle with the regulator, I am examining the inspection reports of ICICI Bank for the years FY12-13, FY13-14 and FY14-15.
At the very first glance, ICICI Bank’s risk profile for the three-year period up to FY14-15 shows continuous deterioration.
The aggregate bank risk score was 2.040 in FY12-13 (which is described as medium risk) which rose to 2.396 in FY14-15 denoting heightened overall risk.
What happened with the Bank in the subsequent period after these reports, as well as the controversies surrounding its managing director and CEO, Chanda Kochhar are all in the public domain. What is clear is that RBI, in its inspections and evaluation of management, had no advance warning of the storm to come.
A worrying fact that emerges is that the credit risk of ICICI Bank is higher than that of Axis Bank in all three years. More about this later.
Do the RBI reports capture critical risk factors adequately? Do they prescribe remedial measures and ensure adoption of such measures? While it is difficult to answer the first question in the absence of more material, the answer to second question is clearly a negative.
Mismatch between Credit Score & Comments
In FY12-13 report, the effectiveness of the board was evaluated on the basis of participation in the meetings of the board and committees of the board, and a survey that captured board members' response to a questionnaire.
It is unclear how such a survey can help evaluate the board’s efficacy. Given that the board members make strategic and operational decisions of the company, their efficacy can be tested only based on an empirical study of the quality of the board decisions. This was not done.
In FY13-14, the board was stated to be providing strategic directions and was described as well-functioning. Calendar year 2015 was the year when asset quality review (AQR) was introduced by RBI.
The FY14-15 report stated that the board and ACB had not examined why the Bank's internal system had not identified the divergences as identified by successive RBI onsite inspections including the AQR exercise. The comments on the board’s performance are not fully consistent with the deteriorating risk score from 1.656 to 2.006.
In the FY12-13 report, RBI came down heavily on the risk governance. The board-approved policy on internal capital adequacy assessment process (ICAAP) was deficient in communicating the actual level of risk and its direction in operationalising the Bank's business strategy.
Further, the report stated that the risk taking did not follow a well-defined strategic path. The FY13-14 report stated that the supervisory engagement under risk-based supervision (RBS) during the off-site risk discovery process had shown significant non-compliances.
The FY14-15 report broadly examined the risk handling by the credit risk management group of the Bank. The risk governance aspects were not consistent and varied in all the three reports.
Credit Risk Assessment
For credit risk assessment, RBI has assessed the credit exposure based on sensitive sector exposure, exposure in restructured advances, unsecured advances, divergence in risk-weighted assets, shortfall in provisioning, recovery from NPAs (non-performing assets), upgradation from NPA, etc.
Looking at the parameters (table below) considered for credit risk, it appears that RBI has followed different algorithms to compute the credit risk score.
Stress test is helpful to set the spread above the risk free rate, aside from assessing the impact of possible loss events. In the FY12-13 report, RBI observed that there was no internal minimum capital to risk-weighted assets ratio (CRAR) or trigger CRAR under internal capital adequacy assessment process. The Bank’s capital planning was based on optimistic projections.
Certain risk factors reckoned by the Bank for stress testing of various risks were found to be very mild. Though the Bank’s approach was seen to be somewhat subjective, RBI concluded that the stress testing scenario chosen by the Bank as 'not severely adverse'.
The FY13-14 report observed that stress testing of market risk factors was not a comprehensive exercise and market driven credit risk stress scenarios were not considered for their impact on the derivatives portfolio.
The FY14-15 report stated that the computation methodology for market risk tolerance limit was flawed as the Bank had not computed all three stress scenarios (mild, moderate, severe), and had used results of only severe stress scenarios.
Among other things, review of value-at-risk (VaR) breaches in the Bank was needed. There was no consistency in the risk parameters, or any reference to the previous year’s findings in any report.
All the risk factors showed deterioration during the three-year period. It is incongruous that despite highlighting major credit and risk management issues, the reports did not make any recommendation, much less specific recommendations for corrective action.
Correspondingly, the subsequent year’s report neither reviewed any corrective action-taken report nor took off seamlessly from the previous year’s report.
Further, there was inconsistency between the risk score and comments.
The empirical models are subject to modelling risk, and validation is considered necessary to test their efficacy before relying on them.
In the reports, RBI accepted the Bank’s exposure to borrowers at the ratings assigned, presumably based on the risk assessment model developed by CRISIL being used by the Bank, and did not do any credit analysis of the top-20 borrowers whose share had grown to 20.30% and had exposed the Bank to increased risk. Had RBI undertaken such credit analysis, it could have identified more Videocons in the Bank’s cupboard!
In short, inconsistency between the risk score and comments, lack of any recommendation to rectify steady deterioration in risk profile, and lack of seamless approach reflected RBI’s hands off and perfunctory approach.
Editor’s Note: RBI has strenuously fought against the attempts to make inspection reports public and has even claimed a fiduciary relationship with regulated entities. All three analyses of the inspection reports done by Moneylife so far indicate that the RBI had a lot to hide with regard to its own shortcomings on the quality of its annual inspections, its findings and its ability to ensure compliance.
Here are the inspection reports of the ICICI Bank as provided by RBI to Girish Mittal under the RTI Act...