Arpit Gupta & Company || Acts

RBI vide its communication September 14, 2020, informed the banks that in spite of its earlier instructions issued on August 04, 2011, to use IT system in place for identification of Non-Performing Assets (NPA) and generation of related data/returns, both for regulatory reporting and bank’s own MIS requirements, it was observed that the processes for NPA identification, income recognition, provisioning and generation of related returns in many banks were not fully automated and that they were still resorting to manual identification of NPA and also overriding the system generated asset classification by manual intervention in a routine manner thereby clearly violating its instructions.

It further added that In order to ensure the completeness and integrity of the automated Asset Classification (classification of advances/investments as NPA/NPI and their up-gradation), Provisioning calculation, and Income Recognition processes, banks were advised to put in place / upgrade their systems to conform to the prescribed guidelines latest by June 30, 2021.

Coverage

What types of borrower accounts would be covered by these instructions?

It is very clear that all borrower accounts, including temporary overdrafts, irrespective of size, sector, or types of limits, shall be covered in the automated IT-based system (System) for asset classification, up-gradation, and provisioning processes and that asset classification rules would be configured in the system in compliance of the regulatory stipulations. It does not give any options for the banks to interpret in a different way. Further, it included the banks’ investments also in the systems.

The tone of directions reflect its adherence to earlier instructions by banks in respect of the calculation of provisioning requirement for various categories of assets, and assessment of the value of the security as well as follow up of any other regulatory stipulations issued from time to time on provisioning requirements, by system driven way so that manual intervention is totally avoided.

It also noted that system-driven approach was missing in respect of the following areas too:

· Income recognition/derecognition in case of impaired assets (NPAs/NPIs)

· The amount required to be reversed from the income account, and handling both down-grade and upgrade of accounts through Straight Through Process (STP).

· It did not appreciate the continuance of human intervention at every level to bye-pass the system driven methods that would not tolerate improper intervention by human touch to manipulate the final results.

What about the frequency?

I have reproduced the exact words of RBI which specifically states the required guidance.

“The System based asset classification shall be an ongoing exercise for both down-gradation and up-gradation of accounts. Banks should ensure that the asset classification status is updated as part of the day end process. Banks should also be able to generate classification status report at any given point of time with the actual date of classification of assets as NPAs/NPIs’ It clearly negates the notion that banks would manually prepare the statement of NPAs/NPIs at a specific date which allows the manual interference of classification and changes if any, ensuring gross violation of laid down rules and regulations for the banks.”

If still, the banks want manual intervention in extreme cases, and what procedure to adopt to place the facts for further scrutiny at various levels?

With great difficulties, banks over a period of time we’re getting rid of window dressing of its deposits, advances, or under-reporting of NPAs or other manipulations to project a better picture of themselves at year-end reporting of financial statements. Frequent misreporting observed at earlier times too by banks has been frequently brought to the visible level by RBI.

So, RBI has laid down very strict and most stringent conditions, if any, manual intervention is attempted at.

· In an exceptional circumstance where manual intervention is required to override the System classification, it must have at least two-level authorization. Such delegation of powers for authorizing the exceptions should be as per the Board approved policy of the bank (by CEO, in case of unavailability of Board) and preferably should be done from the centralized location and suitably documented. In case the CEO authorizes, his action would be reported to the Board subsequently for information.

· Further, any such intervention shall have appropriate audit trails and subject to audit by concurrent and statutory auditors. I presume that concurrent and statutory auditors get duly instructed to look at such reports with skeptic minds to know the realities.

· Detailed reports of such manual intervention shall be placed before the Audit Committee / Audit Head (banks having no Board) regularly. Unfortunately, even in the report of the balance sheet of the banks, the report on the functioning of audit reports does not contain any more information than the perfunctory details of the date of meetings and those who attended. It is very essential that RBI would look into this aspect while auditing the banks at periodic intervals. All stakeholders should know what is going on in the Banks’ day to day operations and whether it is being subject to scrutiny at various levels.

· Further, RBI has issued instructions to banks to maintain logs for all exceptions i.e. manual interventions / over-rides including, but not limited to, the date and time stamp; purpose/reason; user-IDs, name, and designation of those making such manual intervention and necessary account details. These logs are to be stored for a minimum period of three years and not be tampered with during the storage period. These logs shall be system generated.

· With massive underreporting of NPA details both in the public sector and private sector banks, and excessive over-reporting of profits by camouflage means, RBI had to act in the past and this type of strict monitoring of banks was not unexpected.

What are the system requirements and system audit? (By enforcing strict guidelines in a technical area, it looks as if RBI has seen a violation of even technical inputs in systems by banks. I have attempted to keep the purity of its instructions.

By stating that in case a separate application outside the CBS would be used as the System for NPA/NPI identification and/or classification, the System must have access to the required data from the CBS and/or other relevant applications of the bank and the borrower/investment accounts should be updated back into the CBS automatically, wherever applicable, through STP. One can easily recollect that in massive frauds that took place in many public sector banks running into thousands of crores, particularly in the case of many jeweler accounts, the day to day data was omitted to be included at corporate level. This step would ensure non-repetition of massive frauds.

By updating the system to have all the information related to provisioning, identification, details of investments, etc., there should be periodic system audit, at least once in a year, by Internal / External Auditors duly certified both on system parameters as also from the perspective of compliance to Income Recognition, Asset Classification, and Provisioning guidelines. Very senior auditors with the knowledge of banking as well as system audit would be authorized to undertake these types of audits.

Baseline Requirements for the NPA classification Solution

The letter is of 3 pages followed by 3 pages of system requirements, the procedure to be followed, etc.

Though I tried to incorporate some details of the technical data prescribed by RBI, I request experts, top bankers or IT personnel to read them thoroughly to understand the new instructions so that the data to be stored are system-wise and banking instructions wise proper and no violation is undertaken at any level. All bankers should read these developments for their own security of operations.

Data input

1. The instructions emphasize that Data Input in the system by any means should be fully captured and stored without truncation [For example, timestamp – with date and time, narration field, or any other text data captured].

2. The banks should ensure the presence of necessary validation/verification checks in the solution for the user inputs, wherever applicable, and that such validations, among other things, should check for data type validations, min/max value, exceptions, etc.

3. RBI has explained that such validations done manually with master data (or parameters used in asset classification fed into the system as per the internal policy of the bank) could prevent issues related to incorrect entries generally seen (illustrative but not exhaustive list) in margin setting, moratorium period, security valuation, repayment schedule, products mapped/linked to different categories of account holders (as per applicability), etc.

Use access management

Some commonsensical but also technical instructions have been given.

· To ensure that all “user-ids” in the solution has a unique identification.

· Provide for two-factor or higher level of authentication for the users of the application and restrict the access to the solution on a “need to have/least privilege” basis for all users and to equip for maker checker authorization /control for transactions (an illustrative list of transactions includes updating/modifying the internal accounts, customer accounts, parameters – both financial and non-financial that affect the status of the credit portfolio/loan/asset.) entered in the solution.

· (For example Activities such as create/update/modify user-ids, roles, privileges including access rights to various modules; system related activities including updates to master data, etc. should have at least two individuals to complete the activity). This is a simple audit principle which is generally applied in all-important banking transactions.)

Straight Through Processing (STP)

· To provide for straight-through processing (STP) and support for STP integration with all critical systems/add-on sub-systems/modules etc., in a seamless and secure manner for NPA/NPI classification as per extant guidelines on IRAC.

Back-end Data Access Restriction

· Any changes to the data, parameters from the backend shall be avoided. The solution should provide for changes to the data items only through the front end.

Audit Logs

· Provisions of audit trails/logs to capture details of mandatory fields (that are essential to complete the transaction and essential to identify the transaction for audit/forensic purpose in the future) of all the transactions (financial and non-financial) shall be made and logs should be maintained for changing the master data.

· It has also been instructed that system-generated activity logs of the users with administrative privileges should also be maintained.

· These logs would help at the time of system audits by experts.

System Generated NPAs

It has been prescribed that all parameters required for NPA/NPI identification shall be captured in the CBS or associated sub-system(s)/module(s) meant for NPA/NPI identification/classification of asset codes as per Income Recognition and Asset Classification (IRAC) norms and extant instructions.

It has also stressed that provision for separate MIS report capturing all parameters for NPA/NPI identification will be required and that such parameters could either be configured in the database or application itself as per the architecture of the solution/sub-system.

Conclusion

The tone of the instructions contained in the communication seems to further strengthen the reporting system of NPAs in a seamless manner by the usage of the latest hardware and top-level software to gain proper information without any manual intervention to regain faith in the system of banks. As many banks have merged to face international competition, their MIS should be based on properly laid down procedures to be believed at the international level. This communication must be fully followed by banks and RBI to periodically verify the veracity of its instructions having the desired effects at the field level of banking operations.

Income Tax

Section

RBI ask banks to automate Income recognition & NPA provision

Subscribe Our Newsletter

Social Link