Risk Culture in India’s Financial Sector: A Long Way To Go
The pandemic continues to shake up the world, with several countries remaining in lock-down. Even in India, where there is a dramatic fall of the COVID-19 cases tending to zero deaths, we see its ugly head rising in quite a few parts—Kerala, Karnataka, and Maharashtra and thousands of dogs died due to the virus hitting them in West Bengal. No one knows the end of it. The vaccines are moving fast and over 10 million of people received the first dose and half of them, the second dose too. The risks of the pandemic have spread to all sectors and the financial sector is the worst affected. It could have been minimised in the financial sector, had there been a risk culture in the system.
The situation is far different from the post-recession period of 2008. The known unknowns—credit risk, and the unknown unknowns—market risk, are on the increase, despite technology inroads reflected in core banking solutions, centralised processing platforms, video conferencing with clients, improved risk ‘governance’ claims on the part of the banks and financing institutions. It is well known that the financial sector is a haven of risk. Further to the acceptance and introduction of the Basel Committee norms, risk management departments have been set up. The central bank —Reserve Bank of India (RBI)—issued detailed guidelines. General managers and executive directors have been appointed in charge of the risk management departments in head offices. 
Risk management committees are part of the board management. But ask any employee of the branch of a bank about risk management: you will still get a stock reply: “Oh! Risk management is looked after by the head office. We submit whatever returns are required in this regard.” Here and there, some youths are attempting to pursue professional certification courses in risk management from IIBF, PRMIA or GARP. All the globally placed banks have moved to the advanced approach to risk management under Basel II and claim to be ready for Basel III by 2013. Yet, bulging NPAs (non-performing assets), increasing cyber frauds, interest rate risks, forex risks, inflation risks, and retarding economic growth have been causes of great worry since 2011-12. 
Frauds in the financial sector have been on the rise continuously and are tending towards geometric progression. Banks are on the numero uno. Several employees recruited during the last decade are better on key board operation than on banking. Several executives are good salespersons of third-party products like insurance, mutual funds, and pension funds instead of bank deposits and bank credit to the needy, ever since banking in India adopted universal banking. This raises the fundamental question: Is it enough if banks follow with governance prescriptions and comply with guidelines on risk management issued by the central bank?
The answer lies in spreading risk culture across the length and breadth of the institutions. But what is this risk culture that the banks are yet to imbibe? Is it peculiar only to India or elsewhere in the world of finance? 
Banks continue to say that there is adequate capital provisioning; risk measurement as required is in place; data warehousing has improved substantially; exposure at default (EAD) and loss given default (LGD) are better now than before and are able to reach the global standards for all the globally placed banks in India and the regulator also releases QIS data on Basel standards substantiating the claims and affirms effective supervision standards prevailing in the banks. 
The Institute of International Finance, among many others, cited cultural failures, and specifically those of risk culture, as a leading cause of the credit and liquidity crisis of 2008. Switzerland-based UBS, in an October 2010 accounting to shareholders of its crisis-period losses, admitted to “organizational shortcomings and the lack of adequate controls inside the bank.” Indian banks are yet to admit such lapses. 
Many provisions in post-crisis legislation and regulation were intended to tighten governance and risk management principles and standards. Risk management experts, however, believe that risk culture, in the sense of how well organisations are equipped to deal with problems, competition and business pressures on a day-to-day basis, is ripe for further study and analysis.
It is important that every employee in a bank understands that he is working in an institution that is exposed to risk everywhere. He or she has to be conscious that his or her neighbour is also a potential risk to the same degree as a provider of kinetic energy. In several branches of the banks or insurance companies, transfers take place periodically. Even within the branch, staff would keep changing the desks. Such shifts and transfers have the potential to expose the lapses and reduce risks in the organisation. If any employee does not apply for leave for a full year, he needs to be keenly watched for transactions handled by him and his personal accounts. Every employee’s personal accounts would need scrutiny to make sure that there are no abnormal credits or debits in his or her account. All these acts of vigilance contribute to developing risk culture. 
Government of India, the owner of 85% of banking in India chose to amalgamate banks in its fold to create 10 big banks apart from the State Bank of India that took into its fold all the seven associate banks. In effect, banking in India has sovereign risk attached to it. The warning of ‘Too Big to Fail’ did not seem to bother the government in its urge to create mega banks to compete with the global banks. 
The financial stability report released by the RBI once in a quarter, alerts the banks and the government and, yet, its ability to regulate has been subject to criticism with the failure of a few banks like the PMC Bank in the cooperative banking sector, Yes Bank in the private sector, collapse of the biggest NBFC—Infrastructure Leasing & Financial Services (IL&FS), failure of the Franklin Templeton Mutual Funds, not so mature bond market, and the unabated rise of non-performing loans, particularly in the corporate sector.
The RBI formalised a process to review asset quality. Implementation of India's Insolvency and Bankruptcy Code (IBC) in 2016 created a standardised approach for classifying asset quality among lenders, providing greater transparency for sharing of information through a formal consortium and informal banking arrangements. Yet, the operational risks are on the rise due to the absence of domain knowledge among most public sector banks in India. 
Further, the most disappointing factor is that a ruling party member of parliament, Dr Subramanian Swamy, has filed a public interest litigation on the RBI’s declining regulatory standards. All these give rise to the fundamental aspect of risk management—the risk culture and ethics in governance. 
In a white paper of McKinsey’ “Taking control of Organizational Risk Culture”, by Levy and McKinsey, risk management specialists Eric Lamarre and James Twining concluded that flaws in the prevailing culture have led to material financial disasters in the corporate world in the past several years—including Deepwater Hori-zon, the Société Générale rogue trading scandal and the Enron Corporation implosion. More specifically, risk culture, or what McKinsey describes as the norms of behaviour for individuals and groups in an organisation, includes a common set of standards that define its approaches to risk taking. Flaws in a firm’s risk culture can allow various risks to take root and create serious vulnerabilities over time. 
Levy identified four key indicators that would provide the opportunity for inculcating risk culture. Those four groups of indicators are: the transparency of risk at a given organization; the acknowledgement of risk; the responsiveness to risk; and the respect for risk. If risk culture improves in the organisation, there is high probability of minimal operational risk. It is time for the Indian financial system to seriously look at them as imperatives and not options any longer. 
(The writer is an economist and risk management specialist and author of 16 books. He is the author of ‘Roots to Fruits – The Journey of a Development Banker’ 2020).
7 months ago
Instead of Loss Given Default, (LGD), the article carries a computer driven expansion local government directory. This mistake is unintended. Readers will pardon, please. Since I did not expand in the original article sent to ML, the mistake occurred.
7 months ago
I understand all overseas banks have a separate department manned by risk analysts who research each and every applicant seeking large loans. They thoroughly conduct an in-depth feasibility study of the proposal submitted, assess the borrowers credit worthiness, ability to service the debt, borrowers previous performance, scan for past infractions and submit a report to the loan department. Do our banks maintain a risk analyst position or follow this system? If they did we wouldn't be having so many NPA's and loan write offs in each and every bank in India.
Replied to bala.mathur comment 7 months ago
Well said.
Free Helpline
Legal Credit