Banking has traditionally remained a protected industry in many emerging economies. However, a combination of developments has compelled banks to change the old ways of doing business. These include, among others, technological advancements, disintermediation pressures arising from a liberalized marketplace, increased emphasis on shareholders’ value and macroeconomic pressures and banking crises in 1990s. As a consequence of these developments, the dividing line between financial products, types of financial institutions and their geographical locations have become less relevant than in the past. At the same time, the growing size of financial activity relative to the overall economic activity in a closely integrated world has implied that disruptions in the financial markets in any economy can engender contagion, which can spread rapidly and have adverse economic ramifications. Consequently, while traditional banking activity has continued to remain the mainstay of banking business, the greater globalisation of banking operations and expansion of financial activities in an increasingly market-driven environment have made risk management extremely critical and indispensable.

Risk is intrinsic to banking business. Of late, the management of risk has gained prominence. The growing sophistication in banking operations, derivative trading, securities underwriting, corporate advisory business, improvements in information technology, on-line electronic banking, provision of bill presentation and payment services have led to increased diversity and complexity of risks being encountered by banks. The major risks confronting banks and financial institutions are credit risk, interest rate risk, foreign exchange risk and liquidity risk. Of these, credit risk remains predominant for banks. * Address by Shri Vepa Kamesam, Deputy Governor, Reserve Bank of India at BECON 2002 at Bangalore on 27/12/2002 at the Technical Session II : Re-engineering Operations.

The credit risk depends on both internal and external factors. External factors include the state of the economy, commodity and equity prices, exchange rates and interest rates. The internal factors include deficiencies in loan policies and administration of loan portfolio, weaknesses in credit concentration limits, appraisal of borrowers’ financial position, excessive dependence on collateral and inadequate risk pricing, absence of loan review mechanism and post sanction surveillance. Such risks may extend beyond the conventional credit products (loans/letters of credit) and appear in more complicated and less conventional forms (credit derivatives). Interest rate risk arises because banks fix and refix interest rates on their resources and on the assets. Changes in interest rates significantly impact their net interest income. Any mismatches in cash flows (fixed assets/liabilities) or repricing dates (floating assets/liabilities) expose banks’ net margins to variations. The foreign exchange risk arises owing to running open forex positions and adverse movements in exchange rates, which affect the open position in any foreign currency. The liquidity risk arises from the funding of long-term assets by short-term liabilities. Banks that fund domestic assets out of foreign currency deposits are susceptible to such risk, particularly at the time of sharp fluctuation in exchange rates.

Besides these financial risks, banks are exposed to other risks – operating risks, legal risks etc. Irrespective of the nature of risk, the best way for banks to protect themselves is to identify the risk, accurately measure and price it and maintain appropriate levels of reserves and capital. The development of a holistic approach to assessing and managing risks still remains a challenging task for the financial sector and this raises the issue of how to identify the optimal strategies to curtail these risks.

There is unanimity of view that developing sound and healthy financial institutions, especially banks, is indispensable for maintaining overall stability of financial system. Keeping this in view, RBI has issued guidelines for risk management systems in banks as early as October 1999. This has placed the primary responsibility of laying down risk parameters and establishing the risk management and control system on the Board of Directors of the bank. However, the implementation of the integrated risk management could be assigned to a risk management committee or alternatively, a committee of top executives that reports to the Board. The present set of guidelines are purported to serve as a benchmark to banks, which are in the process of establishing an integrated risk management system. The design of risk management framework should be oriented towards the bank’s own requirement dictated by the size and complexity of business, risk philosophy, market perception and the existing level of capital.

As part of the integration of financial services world over, new opportunities have emerged for banks to enter into the area of insurance. Banks’ entry into insurance sector has opened up viable opportunities to enhance their non-interest income and improve their performance. With the passage of the Insurance Regulatory and Development Authority (IRDA) Act, 1999, the Insurance Regulatory and Development Authority has been set up with statutory powers to function as the sector regulator for insurance in India. The Act, while allowing private participation including foreign equity participation up to 26% of the paid-up capital, has come out with regulations on various aspects of insurance business such as, licensing of agents, solvency margin for insurers, accounting norms, investment norms and registration of Indian insurance companies. The Act has also simultaneously stipulated prudential norms for investments and service obligations in the less lucrative rural sector. With the issuance of notification specifying insurance as a permissible form of business under Section 6(1)(o) of the Banking Regulation Act, 1949, RBI has issued guidelines for entry of banks into insurance business. Accordingly, those banks which satisfy the vital parameters set therein - minimum net worth of Rs.500 crore, eligibility criteria in regard to net worth, capital adequacy, profitability, reasonable level of non-performing advances - would be allowed to set up insurance joint ventures on risk participation basis. Banks which are not eligible as joint venture participants, would be allowed to take up strategic investment up to a certain limit for providing infrastructure and services support without taking on any contingent liability provided these banks satisfy some of the criteria specified therein. With a view to providing the banks with another avenue for generating fee based income, any scheduled commercial bank or its subsidiary would be permitted to undertake insurance business as agent of an insurance company and distribute insurance products without any risk participation. Banks are required to maintain an ‘arms length’ relationship with insurance outfit and adopt a risk management framework where the risks of insurance business do not get transferred to the banking business.

An efficient system of credit information is the prerequisite for management of credit risk. The requirement of an adequate, comprehensive and reliable information system on the borrowers through an efficient database system has been keenly felt by RBI/Government as well as credit institutions. Recognising the need for an effective mechanism for exchange of information between banks and financial institutions, the Finance Minister in his Budget proposals of 2000-2001, indicated that the growth of fresh NPAs could be curbed through better institutional mechanism for sharing of credit information on borrowers among banks and FIs. It was therefore decided that Credit Information Bureau would soon be established on the recommendations of the Working Group constituted by the Reserve Bank of India to work out the modalities for setting up a Bureau.

The Working Group explored the possibilities of setting up a Credit Information Bureau and recommended, inter alia, that (a) a CIB be set up under the Companies Act, 1956 with equity participation from commercial banks, FIs and NBFCs (registered with Reserve Bank of India), (b) a foreign technology partner be included as collaborator in setting up of the Bureau; (c) an appropriate legal framework be put in place to provide adequate protection to the Bureau as also the credit institutions sharing information with the Bureau; (d) pending enactment of a master legislation/legal amendments, a beginning could be made for setting up the Bureau which would operate initially by pooling information on suit-filed accounts as also transaction on which the borrower has given consent. The Group also recommended that the master legislation would enable the Bureau to be a repository of both positive and negative information and it would inherit the best international practices with regard to collection of information, processing of data and sharing of information.

On the basis of the Working Group recommendations, SBI has set up a company in the name of Credit Information Bureau (India) Ltd., in January 2001, with an authorized capital of Rs.50 crore and a paid up capital of Rs.25 crore, in collaboration with Housing Development Finance Corporation (HDFC) with equity participation of 40% each and two foreign technology partners - M/s. Dun & Bradstreet Information Services (India) Pvt. Ltd. and Trans Union International Inc. - each contributing 10% of the capital. With a view to strengthening the legal mechanism and facilitating the Bureau to collect, process and share credit information on the borrowers of banks and FIs, a draft legislation covering, inter alia, responsibilities of the Bureau, rights and obligations of the member credit institutions and safeguarding privacy rights was forwarded to Government. Pending enactment of the Credit Information Bureaus Regulation Bill, as a first step towards activating Credit Information Bureau (India) Ltd. (CIBIL), a Working Group was constituted by the Reserve Bank of India to examine the possibility of the CIB performing the role of collecting and disseminating information on the suit-filed accounts and the list of defaulters, including the willful defaulters and supplying such information on-line to members. Based on the recommendations of the Working Group, banks and notified FIs have been advised to submit to CIBIL list of suit-filed accounts of Rs.1 crore and above, as on March 31, 2002 and quarterly updates thereof till December 2002 and suit-filed accounts of willful defaulters of Rs.25 lakh and above as at end-March, June, September and December 2002 to RBI and CIBIL till 31st March 2003, and thereafter to CIBIL only and not to RBI.

In India, credit card operations of banks have been de-regulated. Banks with a minimum net worth of Rs.100 crore need not take prior approval of Reserve Bank for commencing this business, except for setting up of subsidiaries. They can introduce the same with the approval of their Boards. Further, based on a special study undertaken on the systems and controls on issue of credit cards, and recovery of dues thereunder, banks have been advised to adopt certain additional safeguards in the matter of recovery of overdues, sharing of information on credit card holders, fraud control etc. in order to ensure that their credit card operations are run on sound, prudent and profitable lines. Banks are also required to clearly spell out fees/charges involved in the matter of issue and servicing of credit cards to minimize disputes arising in this regard. Banks can introduce smart/on-line debit cards with the approval of the Board, keeping in view the guidelines issued by RBI. While banks need not obtain the prior approval of the Reserve Bank, the details of smart/on-line debit cards introduced are to be advised to RBI together with a copy each of the agenda note put to the Board and the resolution passed thereon. However, only banks with a net worth of Rs.100 crore and above should undertake issue of off-line debit cards and these banks should take RBI’s prior approval. Banks are also allowed to issue smart cards (on-line / off-line) and on-line debit cards to select customers who maintain accounts with the banks for less than six months subject to their ensuring the implementation of "Know Your Customer" guidelines. However, banks introducing off-line mode of operation of debit cards are required to adhere to the minimum period of satisfactory maintenance of accounts for six months. Banks cannot issue smart/debit cards in tie-up with other non-bank entities.

In terms of Section 19(1)(a) of the B.R.Act, 1949, banks can form subsidiaries to undertake activities which banks themselves are allowed to engage in under Section 6(1)(a) to (o) of the Act. Section 6(1)(a) to (n) of the Act cover traditional banking activities. Under Section 6(1)(o) of the B.R.Act, 1949, Govt. of India has notified certain para-banking activities as eligible activities for banks to undertake either departmentally or by setting up subsidiaries. Further, in terms of Section 19(1)(c) of the Act, Reserve Bank may allow a bank to adopt only its subsidiary route for any activity which is considered to be in the interest of banking or in the public interest, with the approval of Govt. of India.

So far, subsidiaries have been formed by banks to undertake activities such as equipment leasing, merchant banking, hire-purchase finance, factoring venture capital, housing finance, mutual funds (asset management companies), stock broking, credit card services, primary dealership in Government securities market [under Section 19(1)(a) of the B.R.Act], assaying and hallmarking of gold, computer related services [under Section 19(1)(c) of the B.R.Act]. With the issuance of notification specifying insurance as a permissible form of business under Section 6(1)(o) of the B.R.Act, 1949, SBI has been allowed to set up a subsidiary for doing insurance business.

As a matter of policy, foreign banks' branches in India are not permitted to set up subsidiaries for undertaking the above-mentioned activities. The Head Offices of foreign banks can, however, form subsidiaries for undertaking certain financial services activities through the FIPB route.

In terms of Section 19(2) of the B.R.Act, 1949, banks can invest as pledgee, mortgagee or absolute owner in other companies not exceeding 30% of the paid up capital of the company or 30% of its own paid up capital, whichever is less. Prior approval of RBI is required for banks including foreign bank branches in India, making investments up to the ceiling prescribed in Section 19(2) of the Act in financial services companies.

Further, investment by banks in a single subsidiary/financial services company is subject to a ceiling of 10% of the bank's paid up capital and reserves, and aggregate investments in all the bank's subsidiaries as well as financial services companies should not exceed 20% of the bank's paid up capital and reserves. In the case of investments in equity shares of companies not engaged in financial services, investments in a year should not exceed 5% of outstanding advances of the previous year. Investments made by a bank in a subsidiary would be deducted from the Tier I capital of the bank for determining its CRAR.

The bank should evolve a suitable system to monitor operations of its subsidiary, such as calling for reports at half-yearly intervals (for other companies where they have equity contribution, reports are called for an annual basis) for placing before the board of the bank. The bank, should, however, take care not to interfere in the day-to-day management of the affairs of the subsidiary. As the subsidiaries are non-banking financial companies, they are subject to on-site inspection by the respective regulatory authorities, viz., SEBI, NHB, DNBS-RBI, IRDA, etc. The on-site inspection reports by RBI of the banks include comments on earning performance of the bank's subsidiaries and joint ventures. Off-site surveillance returns to capture data on performance of subsidiaries of banks, such as capital adequacy, asset quality, provisions held, large exposure of each subsidiary, etc., is being introduced.

Today’s banking is very different from the retail banks of 20 years ago. Consumers are prepared to buy financial services from non-traditional providers including entirely new providers and established retail companies with no history of financial services. Traditional financial service providers are, as a result, facing competition from entirely new sectors in their domestic market as well as from new entrants from overseas markets. In an environment of change, the traditional financial service providers have had difficulties. The large banks, in particular, have been described as the dinosaurs of the New Economy, too slow and inflexible to cope with the e-commerce revolution.

The new providers are certainly achieving remarkable levels of success. However, a recent study by KPMG - Awakening Giants: How European Big Banks Will Win the E-commerce Revolution (2000) – disagrees with the view that the new delivery channels mark the end for established banks. It argues that the large banks have three inherent advantages that will ensure their long-term survival in the retail banking - traffic, trust and multi-channel access. Some products are more suited to e-commerce than others. For instance, car insurance has proved particularly well suited and has become an intensely competitive e-commerce market. Other products, such as retail banking, have been slower to embrace e-commerce. Generally, simpler products and services tend to be better suited to retail delivery, partly because of the regulations often surrounding more complex products. The new delivery channels and the ease with which customers can switch between banks and other financial product providers have forced established providers to concentrate on customer service. The key to success in e-commerce is an understanding of how technology can help to build customer value. For example, the Woolwich has achieved considerable success in this area with its Open Plan Services innovation.

Gaining access to customer data, and the ability to use it, has helped many of the non-traditional financial service providers to enter the retail market. Supermarkets are particularly well placed to collect valuable data on their customers spending habits. Loyalty cards enable the chains to record exact spending habits and to detect changes in circumstances well before the customer bank. The e-commerce revolution has placed new stresses on the infrastructure of financial services organisations and increased their exposure to operational risk such as system failure, electronic frauds and damaged reputation. Security has therefore become the biggest worry for on-line customers and the biggest risk in terms of brand damage to the financial service provider. The key factors influencing the purchase of any personal finance product are trust, security and reliability; whatever may be the delivery medium. Any security breach breaks all three rules but, most significantly, it damages the brand.

Reportedly, new business models are emerging within the financial services industry and beyond that could radically alter operations of all companies in the future. Some of these models are like Vertical Portals (the ultimate access point), Aggregators/Informediaries (sites providing the consumer with large information), Specialty Manufacturers and Company Sites, etc. It is also expected that leading financial services firms of the future will be organised into three different models such as :

• Proprietary integrated companies owning the customer gateway and offering mainly own products.
• Non-proprietary integrated companies owning the customer gateway and offering a mix of home grown and alternative products.
• Others as niche players, specialists and low-cost / high-volume product providers. In this non-integrated model, the customer will be in control of the gateway.

The message from all advisers is that in order to compete in the e-commerce world, financial service providers will need to invest heavily in customer relationship management systems and in brand identity. In the fast-track Internet world, it may be the only way to survive.

Over and above what has been said, the staff in the banks particularly the public sector banks must have an open mind and accept the fundamental changes brought about by the computers for better delivery of customer service and appreciate the more efficient way of accounting transactions and generating an array of MIS reports both for the bank management and the Regulator.

In this regard training and acquiring new skills becomes absolutely essential whatever be the age profile of the staff. I am very confident that in these transitionery times staff of the banks will rise to meet the competition and deliver the type of services demanded by the customer in the present and futuristic IT environment.