Beginning with the Bank of Bombay set up in 1720 to the 12 public sector banks and several private and regional rural banks in 2023, the Indian Banking industry has come a long way. It has seen watershed events, such as Indian Independence, nationalization, liberalization of the Indian economy, multiple global economic crises, and most recently the COVID-19 pandemic, but perhaps the most far-reaching of all of them has been the computerization of core banking.
Computerization and the ensuing digitization have not only improved the coverage of banking services, enhanced financial inclusion, and dramatically improved customer service, but have also drastically improved operational efficiency, reduced costs, and created more avenues for revenue generation.
We have now moved forward rapidly from basic computerization and digitalization of banking to the deployment of cutting-edge technologies such as artificial intelligence, machine learning, robotic process automation, and predictive analytics. All these have ushered in the era of digital banking as we know it today.
From the banks’ point of view, though digitalization has brought many benefits, it has also resulted in enhanced risks that need to be actively managed and mitigated. Let us examine how digitalization has impacted the key three risks that banks face—Credit risk, Market Risk, and Operational Risk – and the steps that banks are taking to mitigate these risks.
Credit Risk: Credit risk for banks is the risk that a borrower will default on a loan or be unable to repay the loan as agreed. This can happen for a variety of reasons, such as a change in economic conditions, a decline in the borrower’s financial health, failure of the underlying project, or fraud. All these came together to cause India’s NPA problem from 2011 onwards.
While banks and financial institutions collapsed in developed markets during the global financial crisis of 2008, the Indian Banking industry was well-capitalized, had adequate liquidity, was financially strong, and could support the rapid growth of the Indian economy by lending for infrastructure development and industrial growth. As per the RBI, from 2006 to 2011, credit growth in India was more than 20% YoY. The government aggressively pushed infrastructure growth and given the rapidly growing economy, Indian banks liberally extended finance for these projects. In the words of former SBI chairperson Ms. Arundhati Bhattacharya, “A lot of emphases was given by the government on funding infrastructure and core sector. Because the banks had liquidity and things were going well, the standards of underwriting which should have been much tighter and should have anticipated many scenarios that subsequently played out were not followed.” This comment speaks to the sense of complacency that had been set into Indian banking due to the fact that India had weathered the global financial crisis quite well.
It comes as no surprise that NPAs rapidly deteriorated from 2011 onwards. In FY 2011-12, net NPAs as a percentage of total assets of Public Sector Banks was 1%. For new Private Banks, this figure was 0.3%. By FY 2017-18, net NPAs as a percentage of total assets had ballooned to 4.5% for Public Sector Banks and 1.5% for New Private Banks. The lesser said about the various frauds that the banking sector witnessed the better.
As a result of this NPA crisis and the various frauds that we witnessed, the RBI cracked the whip and consequently, a culture of credit discipline has emerged. This has been helped by the availability of digital systems and platforms that allow banks to manage their credit risk proactively. For example, in earlier days, banks would do a one-time assessment of credit risk at the time of sanctioning a loan and then conduct an annual credit review. For large companies, the credit review could have been slightly more frequent but was still inadequate to catch emerging risks. Today, most banks are equipped with Automated Risk Management Platforms and Early Warning Systems (EWS) that enable them to monitor the creditworthiness and financial health of their borrowers on a continuous, near-real-time basis. This helps banks manage and mitigate credit risk at an early stage before the borrower’s position becomes dire. As computing power has improved, the field of credit analytics has also grown rapidly. Banks are now able to deploy very complex probability of default models that use multivariate analysis and examine multiple characteristics or variables of the borrower. These models also factor in credit or business cycles by either incorporating current financial data or by making economic adjustments. The result is a much more accurate prediction of default by borrowers.
Know Your Customer (KYC) and Know Your Business (KYB) processes have been around for a while now. To truly understand the credit risks posed by their customers, banks must go to the next level and conduct KYCC or Know Your Customer’s Customer. This will not only help manage credit risk, but also prevent money laundering, fraud, and other financial crimes. Fortunately, it is now easier than ever before to gather KYC, KYB, and KYCC data due to digital banking and the availability of digital data repositories.
Market Risk: Changes in financial market conditions, such as interest rates, currency exchange rates, and commodity or stock prices, can negatively impact the financial health of a bank. This is known as Market Risk. Market risk is a fundamental risk for banks because it can lead to a significant reduction in the bank’s capital and profitability. The market risks that banks face include interest rate risk, currency risk, equity risk, commodity risk, and liquidity risk.
Traditional market risk management tools used by banks had their own limitations due to the reliance on manual processes, inefficient price discovery, and longer response times. By deploying digital risk management tools, banks have been able to automate and streamline their risk management processes and analyze large amounts of data more quickly and accurately. Additionally, the use of Artificial Intelligence and Machine Learning (AI/ML) has enabled banks to create predictive models and simulations that help them identify potential market risks rapidly and make quicker, better-informed risk mitigation decisions.
Operational Risk: Operational risk for a bank refers to the risk of loss resulting from inadequate or failed internal processes, systems, human errors, or external events. It encompasses a wide range of risks that can affect a bank’s operations, including those related to technology, compliance, fraud, and business continuity.
Examples of operational risks include:
- IT system failures or cyber-attacks that result in data breaches or unauthorized transactions
- Human errors such as mishandling of customer data or incorrect data entry
- Fraud, corruption, or embezzlement by employees or external parties
- Compliance risks related to non-compliance with laws, regulations, or industry standards
- Business continuity risks such as natural disasters or pandemics that disrupt the bank’s operations
- Outsourcing risks related to the bank’s reliance on third-party vendors for key functions
- Modeling risks due to inaccurate or unreliable financial models
- Data quality risk that arises due to incorrect or poor-quality data
- Reputation risk due to negative publicity or loss of customer trust
Regular risk assessment helps banks identify potential sources of operational risk. Business continuity planning ensures the bank’s preparedness to respond to, and recover from, operational disruptions. Implementing an incident management process to identify, respond to, and report operational incidents is imperative. Banks also need to meet any compliance requirements of the country’s central bank promptly. All these activities have become much simpler thanks to the technology tools available with banks. In fact, many of these functions can be carried out on cloud-based third-party platforms.
I strongly feel that not developing an Enterprise Risk Management (ERM) culture within banks poses the biggest risk in the banking sector, since this exposes the bank to financial losses, regulatory breaches, reputation damage, lack of trust, and inability to capitalize on opportunities.
ERM is especially crucial against the backdrop of a continually changing, volatile business environment. We need ERM to enable us to reimagine the bank’s risk functions in the future, as tomorrow’s risks are likely to be very different from those that banks face today.
Blog Author: Mohan Tanksale, Ex-CEO, Indian Banks Association