A ‘What-Not-To-Do’ Guide From RBI’s Risk Assessment Reports

The Reserve Bank of India has finally released risk assessment reports for four banks for three financial years up to FY15.

The reports, secured by Right To Information activist Girish Mittal, were disclosed after a long legal battle in which the RBI argued that the information contained in these reports was obtained in a fiduciary capacity and could not be released. The Supreme Court did not accept this argument. Moneylife first reported on these documents.

The reports, now made public by Mittal, tell the story of how managements of some of these banks loaned aggressively to large corporates, at times, against all prudent banking practices.

BloombergQuint highlights some of the key takeaways on poor lending practices mentioned in these documents, particularly in FY15 when the RBI turned its focus to asset quality. Since these documents pertain to past years, malpractices highlighted in them may have since been corrected. Nevertheless, these practices can act as a ‘what-not-to-do’ guide for bankers as they move into a new lending cycle.

Emails sent to State Bank of India, ICICI Bank Ltd. and Axis Bank Ltd. seeking clarity on actions taken to correct practices flagged off by the RBI were not answered. “We would like to state that we have responded to the queries from the regulator at that point of time,” HDFC Bank said in response to a BloombergQuint query.

State Bank of India

India’s largest lender, State Bank of India, found itself chastened by the regulator for lack of discipline in the credit sanctioning process. The RBI, in the FY15 risk assessment report, pointed to deviations from approved credit norms and overlooking of serious credit observations.

The RBI noted that:

• Deviations from approved credit norms and guidelines were observed without sufficient credit risk mitigating measures in both domestic and overseas offices.
• Pricing below the relevant risk grades, frequent extensions in timelines for charge creation, waiver of stock audit, renewal on the basis of old financials, overlooking serious credit audit observations, borrowers maintaining multiple current accounts with consortium banks, etc. were some of the deviation cases.
• Lack of accurate data led to issues in computation of the drawing power of a borrower. In instances where stock audits pointed out these errors, the bank rejected most such reports and took decisions favouring the borrower.
• The regulator said in some cases of restructuring the bank did not conform to the RBI’s norms with respect to technical evaluation, adhering to joint lender forum guidelines and following mandatory timelines. In certain cases the accounts did not perform according to the technical evaluation study after restructuring.
• In its assessment, the RBI noted that the bank’s head office, strategic business units and branches had designated compliance officials who did not report to the chief compliance officer. Moreover, these individual compliance officials were assigned other functions, which led to a dilution of focus on the compliance function.
• The bank also relied too much on SBI Capital Markets on matters of credit advice, which was something that needed mitigation, according to the RBI. SBI Capital Markets’ advice on restructuring deals was found to have glossed over the financial weakness and viability of borrowers as well as strategic investors. The RBI pointed out Jyoti Structures Ltd. as an example of such cases.

ICICI Bank

ICICI Bank’s risk assessment report for 2015, the year the asset quality review was initiated, pointed to a variety of inadequacies in the credit appraisal processes, which, in hindsight, would have led to the build-up of bad loans in the bank’s corporate credit portfolio.

The RBI, in its report, pointed to the following:

• Appetite for concentration risk appeared to be high considering the bank employed “liberal lending standards” to large single/group borrowers.
• The concentration risk was heightened due to large borrowers having complex inter-connected over-leveraged group structure, inter-mingling of business and financial transactions, common collaterals, etc. resulting in integration and compounding of risks across the companies/SPVs.
• The bank had not considered group-level aggregation of collateral as a dimension of concentration risk control.
• The bank had a system of post-sanction amendments of the sanction terms loans. Such amendments allowed deviations in important aspects like security conditions, financial covenants, etc. without having any linkage to the risk rating of the borrowers. As a result, certain low-rated borrowers were extended a number of relaxations.
• The bank had adopted a method of financing the net cash gap, which took into account a company’s total fund requirement for the next year factoring all the cash flows including debt. This allowed borrowers to make repayments on existing loans out of fresh term loan disbursals.
• There was no defined and documented process for fixation of moratorium limits.
• The RBI, in the report, also flagged off some specific cases. It noted that in the case of Essar Global Fund Ltd., an Essar Group holding company based in Cayman Island, and GVK Coal Developers, breached the RBI’s single exposure limits. In two other Essar group companies, non-disposal undertaking of the guarantor, non-disposal of assets of the borrower/guarantor were waived. “Such deviations and concessions significantly weakened the security position of the bank.”

The RBI also pointed to the bank’s board was not proactive in managing bad loan risks. The chief risk officer of the bank had an internal target of containing provisions, which the RBI saw as a conflict of interest.

Axis Bank

In the case of Axis Bank, the RBI risk assessment report pointed to deficiencies in practices surrounding collateral obtained against loans.

Some of the RBI’s observations included:

• Of the total exposure of the bank, one-fifth was unsecured. Further, the quality of security may pose challenge to the bank during recovery process as the proportion of financial collaterals covering the exposure was less, the RBI said.
• As per the bank’s policy, the security creation in most of the cases was to be completed within six months of the loan disbursement, but it was observed that bank was frequently extending the deadline for security creation.
• The bank needed to strengthen the mechanism to ensure end use of funds, the RBI said. The bank was allowing the borrower to make use of short-term funds for the long term, the regulator observed.
• The bank did not monitor the movement of funds between the group companies. In a couple of cases, the borrower had diverted the funds for making payment due to other group companies.
• Though the external rating of the borrower was part of each and every review proposal, the bank was not considering the external rating in decision-making process. In spite of wide variations in the internal and external ratings, decisions were taken on the basis of internal risk ratings.
• There were multiple instances of limit breaches under various categories of market risk limits. There were several instances when dealers took positions beyond the permissible limits without prior approvals. Higher number of breaches were reflective of higher inherent risk and/or weaker controls, the RBI said.

HDFC Bank

In the case of HDFC Bank, which stayed away from large project financing, the observations made by the RBI in the FY15 risk assessment report were linked to know-your-customer norms and an increase in frauds.

Some of the regulator’s observations included:

• The large number of KYC/AML exceptions detected (32,134 cases) by the bank reflected noticeable non-adherence to laid down KYC/AML processes.
• The large number of violations of KYC/AML instructions detected by internal audits reflected room for improvement of compliance.
• External risk manifested through 2,334 frauds committed by non-customers amounting to Rs 15.2 crore.
• Rise in consumer court cases (1,792) filed against the bank by the customers for customer service related matters posed a significant external risk to bank’s reputation.
• In addition to these customer related issues, the RBI’s risk assessment report pointed out that the bank had been reporting incorrect exposure data to Central Repository of Information on Large Credits as interests charged in respect of NPA accounts were included as part of the outstanding data.
• The RBI also pointed out that the bank buys loan portfolios from its parent firm HDFC Ltd. “Although the bank made due diligence and disclosures of related party transactions, there was no comprehensive board approved conflicts of interest policy.”