Indian Banks Need New Measures for Operational Risk : Daily Current Affairs

Relevance: GS-3:Indian Economy and issues relating to planning, mobilization of resources, growth, development and employment.

Key Phrases: Operational risk, risk control, digitalization, bank frauds, external adverse effects, cyber and infotech risks, capital adequacy framework, Basel 3, business indicator, internal loss multiplier, contingency planning.

Why in News?

The banking business in India is going through a rapid transformation phase. They are facing emerging business risks and hence Indian banks need new measures for operational risk.

Key Points:

As digitalization has taken on greater momentum, banks are now facing emerging business risks.
- Hazard is intrinsic in any business undertaking, and danger management is a fundamental part of maintaining a fruitful business.
- Detection of early warning signals or red-flag indicators is crucial for effective management of bank frauds.

Operational risk is the risk of a business loss due to inadequate or failure-ridden internal processes, people and systems, or from external events.
For example, an error or fraud in the credit sanction process can cause credit costs to rise.

Issue in Detail:

Historical evidence suggests that the risk of operational losses rises significantly during economic downturns of the business cycle and due to external adverse effects such as natural calamities and war (like the current conflict in Europe) that result in damage to physical assets.
- In particular, the devastation of lives and livelihoods and damage to property could cause severe business losses.
- Banks exposed to Russia can navigate such losses if they have made contingency plans.
- If such risks are not well contained, it may have an impact on their stock prices.
Operational losses can arise for various reasons traceable to internal or external fraud, errors in fund transfers, inappropriate employment practices, fiduciary breaches, the misuse of confidential customer information and the breakdown of a communication link, apart from cyber and infotech risks, natural calamities and pandemics, as well as vendor mis-performance.
In this context, measuring operational risk is a useful tool for risk-focused management that takes into account the inherent risk of business lines.
- An effective framework for risk management requires a strong risk culture, active internal controls, accurate reporting and contingency planning.
- Operational key risk indicators are important tools in risk management as they predict potential high-risk areas and enable timely preventive action.
- Machine learning algorithms can detect cyber breaches or hacking events.

Steps Taken:

A growing number of high-profile operational loss events worldwide has led banks and regulators to increasingly focus on operational risk management as an integral part of overall risk control.

On 15 December 2021, the Reserve Bank of India (RBI) published its ‘Master Direction on Minimum Capital Requirements for Operational Risk’.
- The new capital adequacy framework under ‘Basel III’ requires banks to hold capital explicitly for operational risks.
- Basel III is an international regulatory accord that introduced a set of reforms designed to mitigate risk within the international banking sector by requiring banks to maintain certain leverage ratios and keep certain levels of reserve capital on hand.
- Begun in 2009, it is still being implemented as of 2022.
As per the new approach, applicable from 1 April 2023, Indian banks with a ‘business indicator’ range above ₹8,000 crore are required to use loss data as a direct input for operational risk capital calculations.
- Banks in the BI bucket must disclose annual loss data for each of the last 10 years or each of the years with available annual loss data.
The revised directions will be applicable to all scheduled commercial banks in India.
- However, banks not meeting the loss data standards will be required to hold capital at 100% of the existing Basic Indicator Approach (BIA).

The operational risk capital requirements involve three core elements: the business indicator (BI), business indicator component (BIC) and internal loss multiplier (ILM).
‘Business indicator’ or BI is a financial statement derived proxy for operational risk)
- It is estimated from profit-and-loss or balance sheet items of the bank.
- It aggregates interest income, interest expenses, dividend income, fee and commission income expenses, other operating income and expenses and net profit-or-loss from its trading book.

Significance:

Interestingly, supervisors may require banks to apply an ILM (internal loss multiplier ) > 1 if they do not have high-quality operational risk annual loss data; this may increase their regulatory capital requirement for operational risk.
Moreover, the exclusion of internal loss data due to non-compliance with regulatory loss data criteria must be made publicly available as part of RBI’s pillar 3 requirements.
In such a case, the operational risk capital will not be linked to their risk management process.
- This may put them at a disadvantage in terms of market competitiveness.
- On the contrary, good loss data management will enable banks to create several scenarios to internally assess the adverse business impacts caused by operational failures.

Thus, banks will have to improve their loss data as well as operational risk management processes and conduct suitable contingency planning.

Way Forward:

Minimum loss data standards have been outlined in the RBI guidelines.
National supervisors should review the quality of banks’ loss data periodically.
Banks must have processes to independently review the comprehensiveness and accuracy of loss data.
Critical loss data fields must include the dates of occurrence, their discovery and accounting, gross loss, recoveries and descriptive information about drivers or causes.
The minimum threshold for including a loss event in the data collection and calculation of average annual losses is set at ₹100,000.
- Loss identification must include gross loss amounts, non-insurance and insurance recoveries.
- Banks should use losses net of recoveries (including insurance recoveries) in the loss data set.
Banks that do not meet the 5-years-loss data standards are required to hold capital at least equal to 100% of the BIC.
Going forward, it is also essential to incorporate possible scenarios to gauge the adverse business impact of external events (economic recession, war, political unrest, etc).
An effective stress-testing framework, external data and Business Environment and Internal Control Factors (BEICF) can enable organizations to align capital for extreme scenarios.

Source: Live-Mint

Mains Question:

Q. The banking business in India is going through a rapid transformation phase especially due to digitalization, due to which banks are now facing emerging business risks. In this light suggest steps to be taken by the government and regulator ensuring long term sustainability. (250 Words).