In a highly integrated financial sector, risks tend to exacerbate due to faster diversity of products, innovative features, improved processes and efficient mode of delivery of financial services. Banks and non-banks are exposed to three kinds of major risks. — (i) Credit risk due to lending operations; (ii) Market risk arising due to investments in various kinds of securities and trading them in markets on a day-to-day basis; (iii) the operational risk (OR) that is omnipresent in financial entities (FEs).

The FEs and their regulators have relatively well-established systems to identify the credit and market risk as they reflect in size, dimensions and shades of assets and liabilities on the balance sheet that is subjected to internal, external and regulatory scrutiny. The regulatory norms on how they need to be treated in the balance sheet as per prudential norms keep them under the lens of stakeholders.

But the softer risk is OR that does not normally reflect as assets on the balance sheet and escape scrutiny by FEs, their board or regulators. Its intangible characteristic can easily dodge the attention of stakeholders. Whether by intention or aggressive business ambitions, FEs tend to tolerate higher OR, till it reaches the tipping point . This may be due to lack of enough knowledge at the line management level or inability to institutionalise appropriate controls on OR. The ethical dimensions of OR makes it more complex in reining it.

Nuances of managing risks

FEs can use various well established risk management tools to manage credit and market risk. These include technical project appraisal, relying on credit history, credit rating, assessment of net worth of borrower, coverage of collaterals, mortgages, terms of sanction of loans, levy of risk-based pricing, end use verification of funded assets, site visits, legal and regulatory compliances, surveillance of conduct of the account, obtaining periodical financial information on the state of the borrower and scanning early alert system as part of post sanction scrutiny. Loan policy, exposure norms, risk appetite and regulations also help in mitigating the credit risks.

There are also prescribed norms to manage problem credit with the enactment of the Insolvency and Bankruptcy Code – 2016 and NARCL – and the Bad Bank which is now operational. Provision is also made against the impaired assets as part of credit risk management. Since credit administrative is a familiar function, the compatible skill sets have also been developed over a period of time. Though FEs cannot rule out upside risks in credit management, they are relatively well established.

Similarly, the market risk in FEs is managed based on the investment policy of the institution. The investment portfolio segregated as held for trading (HFT), available for sale (AFS) and held till maturity (HTM) categories enable FEs to better manage the exposures in the market to mitigate the risks to reasonable levels. The challenge is to manage the investment portfolio despite the upside risks.

The live market indices help FEs adjust the exposure and take cue from the market trends. Robust organisational structure is embedded separating front office, back office and mid offices in treasury to manage the risks well. Even if markets dip, FEs will have to follow mark to market (M2M) systems reading the riskiness in time and updating the asset prices in line with the markets. Thus, at any point of time, the value of securities are brought in line with the markets and risks are factored before they reach alarming levels.

Challenges of operational risks

The Basel–II accord articulated by Basel Committee on Banking Supervision (BCBS), Bank for International Settlement (BIS) introduced in June 2004 brought the concept of OR for the first time in financial sector lexicon. OR is defined “as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”.

This definition includes legal risk, but excludes strategic and reputational risk. Compared to credit and market risk, the peculiarity of OR is in its nature of intangibility and covers a wide spectrum of risks arising from failure of people, technology and systems that may be difficult to detect till it reaches a tipping point.

Neither the FEs nor the regulators will be able to grasp the intensity of their misdemeanour and laxity in implementing the governance risk and compliance (GRC) until a strong whistleblower sounds out the regulators.

The FEs are dependent on evolving technology due to interoperability, sensitivity and intricacies that are not fully in the knowledge of people who handle the processing of products and services. The limited number of technology experts and wide network of internal users of technology cannot mingle on regular basis to understand the pain points. Upgrading the skills of people as technology changes becomes complex.

Moreover, the very purpose of integration of technology is to drive efficiency reducing human component to become more cost efficient. The systemic controls of audit may not be as robust as it should be leading to missing gaps. Non-implementation of corporate governance norms in letter and spirit thereby creating weaknesses lead to exacerbation of OR. Inadequate controls to manage the OR cannot be captured by the regulator unless it reflects in its reporting formats and data shared by the regulated entities.

The signs of heightening OR

There have been a few high profile governance failures in the corporate sector in recent times — the NSE colocation scam, BharatPe, PFS governance issues.

Most of these cases came to light only through whistleblowers, mostly after the damage was done. Internal auditors or regulators rarely capture the gaps in skill sets or competency of people, technology or systemic failures. Only whistleblowers bring the perpetrators to books.

Looking to the sensitivity and complexity of OR, there is need for constant informal mentoring of boards and key management people in regulated entities. An effort to institutionalise compliants made orally can help protect FEs before the damage is done.

Charting an agenda by inclusive collaboration of stakeholders to better manage the challenges of OR will be important to protect the buoyancy of the financial sector.

Amid the interconnected financial sector, ignoring OR could be a stumbling block for economic growth.

The writer is Adjunct Professor, Institute of Insurance and Risk Management. Views expressed are personal

comment COMMENT NOW