RBI proposes to bring NBFCs, co-op banks under operational risk norms
Mumbai, May 1, 2024
The 2005 guidance on the issue, which will be repealed, was aimed only at commercial banks
The Reserve Bank of India (RBI) on Tuesday released a guidance note on Operational Risk Management and Operational Resilience in line with the Basel Committee on Banking Supervision (BCBS) for regulated entities, which included non-banking finance companies and primary urban cooperative banks, as well as central cooperative banks.
The 2005 guidance on the issue, which will be repealed, was aimed only at commercial banks.
“BCBS felt that further work was necessary to strengthen banks’ ability to withstand operational risk-related events such as pandemics, cyber incidents, technology failures, and natural disasters, which could cause significant operational failures or widespread disruptions in financial markets,” the note said.
The guidelines charted a three lines of defence model wherein business units form the first line of defence, organisational operational risk management function (including compliance function) forms the second line of defence, and the last is the audit function.
The note said that an operational disruption can threaten the viability of a regulated entity (RE), impact its customers and other market participants, and ultimately have an impact on financial stability.
“It can result from man-made causes, Information Technology (IT) threats (e.g., cyber-attacks, changes in technology, technology failures, etc.), geopolitical conflicts, business disruptions, internal/external frauds, execution/delivery errors, third-party dependencies, or natural causes,” RBI said.
The note suggested that a regulated entity needs to factor in the entire gamut of risks, identify and assess them using appropriate tools, monitor its material operational exposures, and devise appropriate risk mitigation and management strategies using strong internal controls to minimize operational disruptions and continue to deliver critical operations, thus ensuring operational resilience.
The note said that the financial sector’s growing reliance on third-party providers (including technology service providers), exacerbated by the Covid-19 pandemic with greater reliance on virtual working arrangements, has highlighted the increasing importance of Operational Risk Management and Operational Resilience.
The note said emphasising such risk management not only benefits the RE by strengthening its ability to remain a viable going concern but also supports the financial system by ensuring the continuous delivery of critical operations during any disruption.
[The Business Standard]