["50 The Whistle-Blower Policy should clearly state that: i.\t Anonymity of the informant will be maintained. ii.\t The authenticity of the information will be confirmed and there will be no reprisal for reporting the information. iii.\t Appropriate and disciplinary action will be taken after investigation and on confirmation of the information. 3.7 LET US SUM UP Enterprises to pursue a broad range of governance, risk and compliance initiatives across the organization. Taking an integrated GRC process approach and deploying a single system to manage the multiple governance, risk and compliance initiatives across the organization, yields several benefits. The broad structure followed for GRC is based on the concept of \u2018Three Lines of Defence\u2019. Compliance function may be structured in different ways depending on the organization\u2019s size volume of business, etc. Compliance starts at the top. The Board of Directors and the Senior Management have the ultimate responsibility for compliance. The Compliance Department at the Corporate Office has the overall responsibility for coordinating identification of Compliance issues and management of the bank\u2019s compliance risk. The Functional Departments at Corporate Office shall have a senior functionary to act as Compliance Officers for managing compliance risk. His role is to ensure implementation of all regulatory\/statutory guidelines by the Functional Department. Compliance responsibility is to be assigned to functionaries at each branch, and each zonal\/ regional office. Effective internal controls enhance the safeguards against system malfunctions, errors in judgment and fraud. Whistle blower mechanism is required in each company. It can be an important measure for early detection of deviant behavior. 3.8 KEY WORDS Governance; Risk management; Integrated GRC; Three Lines of Defence; First Line of Defence, Second Line of Defence, Third Line of Defence, Compliance failures; Internal controls; Information Systems; Whistle Blower Policy; unethical. 3.9 CHECK YOUR PROGRESS: (1)\t In the compliance hierarchy the audit committee is placed (a)\t Before the CMD (b)\t After the CMD and before the board (c)\t After the board (d)\t Not important to be rigid","51 (2)\t At the branch level the most important hurdle in being compliant is (a)\t Conflict of interest. (b)\t Lack of awareness of regulations. (c)\t Laid back attitude. (d)\t Lack of coordination amongst staff. 3.10 KEY TO \u2018CHECK YOUR PROGRESS\u2019 1 (b); \t 2 (a) References: 1.\t RBI Circular DBS. CO.PP.BC 6\/11.01.005\/2006-07 dated April 20, 2007 - Compliance function in banks (https:\/\/rbi.org.in\/scripts\/NotificationUser.aspx?Mode=0&Id=3433) 2.\t RBI Circular DBS.CO.PPD.10946\/11.01.005\/2014-15 dated March 04, 2015 - Compliance function in banks (https:\/\/rbi.org.in\/scripts\/NotificationUser. aspx?Mode=0&Id=9598) 3.\t RBI Circular DoS.CO.PPG.\/SEC.02\/11.01.005\/2020-21 dated September 11, 2020 - Compliance functions in banks and Role of Chief Compliance Officer (CCO) (https:\/\/ rbi.org.in\/scripts\/NotificationUser.aspx?Mode=0&Id=11962) 4.\t BCBS Guidelines, 29th April 2005, \u2018Compliance and the compliance function in banks\u2019 (https:\/\/www.bis.org\/publ\/bcbs113.htm)","52 CHAPTER 4 FRAMEWORK FOR IDENTIFICATION OF COMPLIANCE ISSUES AND COMPLIANCE RISKS STRUCTURE 4.1\t Compliance Culture 4.2\t Compliances Issues 4.3\t Compliance Risk 4.4\t Inherent Risk, Control Risk and Residual Risk 4.5\t Compliance Testing 4.6\t Reasons for Compliance Failures 4.7\t Let us Sum up 4.8\t Key Words 4.9\t Check Your Progress 4.10\tKey to \u2018Check your Progress\u2019","53 OBJECTIVES In this Chapter the learner will \u2013 \uf0ae\t Understand compliance culture \uf0ae\t Learn about compliance issues \uf0ae\t Understand the compliance risk \uf0ae\t Know the reasons for compliance failures 4.1 COMPLIANCE CULTURE Global Financial Crisis 2008 \u2013 Observation \u201cSerious deficiencies in prudential oversight and financial regulation in the period before the crisis were accompanied by major governance failure within Banks\u201d The Corporate culture evolves and settles within working environment. The compliance function, a paramount for any financial institution, is needed to be engrafted with corporate culture effectively. Such macro and micro level implementation in Banks must pave way for evolution of compliance culture to deliver regulatory objectives suitably and sustainably. Culture can be understood explicitly as culmination of \u2013 \u25cf\t Ethics and Values which define character, scale of ownership, a system of principles governing morality and conduct thereon, \u25cf\t Attitudes, Habits & Mind-sets etc. of the staff at all levels which are imbibed over a period involving beliefs and feelings towards disposition, \u25cf\t Assumptions & heritage in respect various business products & models, \u25cf\t Expectations and Aspirations in terms of regulatory standards All these above said parameters shape day to day functioning of banks while dealing with different kind of clients. 4.1.1 General Drivers of the culture 1)\t From the top: \t Creating a culture where each one realises the ownership and perform with due responsibility, such values should be set in normal working. These standards should be demonstrated by the top management vide their actions and provide directions to the employees down the line.","54 2)\t Adopting Best Practices and mend behaviour: \t These translates into business practices i.e. how delegations are used at different levels, how schemes are implemented and customers are responded to their needs. Therefore, translating culture into practices is essential. 3)\t Skill Development, Trainings and Motivation through Reward: \t The compliance department must be duty bound to develop needed skills among their employees through trainings and reward and these should be on-going tools and methods to ensure needful performance and influence at appropriate level. The leadership with adequate oversight, strategy at various levels in the Institution as per hierarchy, delegations duly defined with approved policies, embedding of control measures, skill development through trainings and rewards are the key ingredients. The evolution of compliance culture in PSBs is essential with increasing concerns about Governance, Risk & Compliance (GRC) pertaining to various regulations from Banking and Market regulators as well as Investigating Agencies. The pace in the path of needful compliance should be effective and in tune with regulatory aspirations. RBI in the matter have given concrete prescriptions in the recent past clearly and substantially stating about- \ufffd\t Need for Effective Compliance culture \ufffd\t Independent Corporate Compliance Function \ufffd\t Strong Compliance Risk Management Programme Over and above, RBI has issued the detailed directions with serious outset tone i.e. \u201cRobust Compliance System along with prescription based ingredients.\u201d The PSBs\u2019 endeavours need more attention, skill and regular oversight by their senior management. The information dissemination pertaining to regulatory directions \/ concerns at various level from Top management to functionaries in field is extremely helpful in evolving Compliance Culture. A culture of compliance in an organization, especially a bank, is crucial. Compliance must be visibly embraced by senior management and built into the hiring and training process. Right metrics can make the culture of compliance concrete. It is important to address such questions as: Who delivers the compliance message - line or staff? How senior are the messengers? How often do they address compliance issues? Culture, like other aspects of compliance processes, can be managed and measured over time. This report shows how banks around the world are building more effective compliance programmes. It describes the current state of compliance and how banks are struggling to understand and improve the effectiveness of their programmes in order to meet the challenges which may come in the way or in future. The Indian financial regulators always emphasize the importance of an","55 organization\u2019s \u201cculture of compliance,\u201d. Having a \u201crobust\u201d culture of compliance can help firms avoid severe financial consequences. 4.1.2 What is a \u201crobust culture of compliance?\u201d It is an overall environment that fosters ethical behaviour and decision-making. Even the most clearly written, comprehensive compliance program is destined for failure without such an environment. Here are 10 typical attributes that regulators look for to gauge \u2018compliance culture\u2019. i.\t Tone at the top: This is the most important hallmark of a culture of compliance. Regulators are increasingly meeting with senior management during examinations to get a sense of their engagement in compliance. Tone at the top is often evidenced by the processes for making critical decisions. ii.\t Integration across the enterprise is key: Risks in banking are both complex and often inter-related. To ensure that risk is managed thoughtfully across the enterprise, compliance must work closely and communicate well with all risk areas and businesses. iii.\t Silos: The compliance department should not be walled off from the rest of the organisation. Is compliance staff present when business decisions are made? Does the firm seek their input? Firms with a strong culture of compliance would answer \u201cyes\u201d to both. iv.\t Power: Regulators also look at who holds power in the firm. Is the chief compliance officer (CCO) part of senior management? Is the compliance department independent? Is it respected? Or does the CCO sit in a back office, neither seen nor heard? When discussing an issue, who wins - business or compliance? v.\t Cowboys: Does the organisation reward risk-taking without limits? Are rewards based solely on financial performance? In a strong culture of compliance, risks are taken within the organization\u2019s tolerance for risk. vi.\t Resources: Compliance costs money. Is the compliance program appropriately structured and sufficiently funded? vii.\t Employee Buy-In: Once the compliance infrastructure is established, it is the employees who carry out the mandate. The firm\u2019s culture of compliance must be embedded in the culture of the employees. To facilitate employee buy-in, organisations should have a zero tolerance policy for employee misconduct. viii.\t Living Compliance Program: The compliance program must be tailored to the organisation\u2019s business and risks; it must be tested and modified; and it must be enforced.","56 ix.\t Technology: Does the organisation look for ways to automate compliance and limit human error, as it does with portfolio and risk management? How are workflows and documents managed? x.\t Documentation: Regulators love documentation and so should organisations to establish their commitment to compliance. Good record keeping reflects a strong compliance culture. 4.2 COMPLIANCE ISSUES The responsibilities are carried out under a Compliance Programme that sets out its planned activities such as the review of compliance risk assessment in specific products\/processes to which the Regulator attaches importance, compliance testing, and educating staff on compliance matters\/ activities. The Compliance Programme should cover the following: a)\t Identify major compliance issues to be addressed on priority basis b)\t Coordinate with Internal Audit department for simultaneous identification of key compliance issues based on their findings. c)\t Develop testing and monitoring procedures for assessing extent of compliance in various activities. d)\t Review policies by the functional departments based on the experience gained during implementation of the policy. e)\t Create awareness and educate staff on Compliance function. f)\t The Bank shall carry out at least annual compliance risk assessment in order to identify and assess major compliance risks faced by the bank and prepare a plan to manage the same. The compliance function should consider ways to measure compliance risk (e.g. by using performance indicators) and use such measurements to enhance compliance risk assessment. The basis for identification of compliances in any product\/process is: (i)\t Regulatory guidelines (ii)\t Laws and statutes (iii)\t System and information security (iv)\t Internal controls Based on RBS cycles in all Banks, RBI has analysed the position \/ status of compliance and identified following areas which require greater oversight by the Board \/Top \/ Senior Management in Banks:","57 a)\t Risk Based Supervision (RBS) \u2013 Specific template \u2013 CCO is responsible for ensuring total compliance with all guidelines specified; b)\t Compliance Function & Audit should necessarily be kept separate; c)\t Board\/ACB\/Board level committees\/ Internal Audits should regularly review compliance functions; d)\t Staffing of Compliance Department and succession planning is a matter of concern and recent guidelines should be adhered e)\t Compliance with RAR observations, Monitorable Action Plans \/ RMPs f)\t Evaluate the compliance risk in each business line at periodic intervals g)\t Copies of compliance furnished to RBI Inspection Reports to be sent to CCO h)\t Staff accountability and policies for non-compliance i)\t Compliance should not be seen as an activity of the compliance department alone but as a culture that should pervade across the banks. 4.2.1 Un-authorized Operation of Internal \/ Office accounts The RBI observations in the matter are as under: a)\t Banks in general, do not have policy for opening, operating, reviewing, monitoring, reconciliation and provisioning of internal \/ office accounts. SOP document remains missing in this regard. Common mapping to link GL\/PL heads remain missing. b)\t Entry is Sundry \/ Suspense accounts are not made on POINTING basis. c)\t Large cash deposits of customer accounts are routed through internal \/ office accounts to bypass CTR \/ STR rules. d)\t System level changes are effected for operation in the accounts without SOP \/ authority. The compliance function must identify the risk factors and embed necessary changes to control these gaps. 4.3 COMPLIANCE RISK The Basel Committee on Compliance Function defines Compliance risk as \u201cthe risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self- regulatory organization standards, and codes of conduct applicable to its banking activities\u201d (together, \u201ccompliance laws, rules and standards\u201d). Another aspect of compliance is the area of operational risk control. Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and","58 systems or from external events. The definition includes legal risk but excludes strategic and reputational risk. Operational risk can arise from a wide range of external events like power failures, floods or earthquakes, or terrorist attacks. Operational risk can arise also from internal events such as the potential for failures or inadequacies in any of the Bank\u2019s processes and systems or those of its outsourced service providers. Historically the compliance function did not understand and model processes for risk management. Compliance documented and met requirements, and found and resolved issues. Most often compliance was reactive, putting out fires instead of actively interpreting and predicting compliance and ethics risk issues, and developing plans to mitigate or avoid damage to the organization. The present day approach is risk based. The level of Compliance Risk in each business line, products and processes may be identified based on following factors: \ufffd\t Regulatory Focus: Customer Service aspect; Control aspects \ufffd\t Nature of activity: Whether of high inherent risk in nature \ufffd\t Bank\u2019s exposure to it: Materiality \ufffd\t Any major breaches reported in the past: History \ufffd\t Penalty implications 4.4 INHERENT RISK, CONTROL RISK AND RESIDUAL RISK Organisations take several measures to mitigate risks so that the occurrence of an event of risk can be avoided to the extent possible, and the damage on occurrence of the risk event is minimized, if not avoided totally. Thus, from the perspective of assessing the risk level one has to consider \u2013 Inherent Risk, Residual Risk and Control Risk. Inherent risk refers to the risk in the absence of any controls or actions to alter, mitigate, or reduce either the likelihood or impact of the risk event. In other words, the inherent risk of a system is the level of risk in any activity in the absence of any control measures. It is a function of threats and vulnerability. Presence and operation of control measures have the effect of reducing either or both - the likelihood and the impact of the risk event thereby decreasing the potential impact of the risk event. However, there is also a risk associated with the effect of the controls. This is known as the Controls Risk. The controls risk includes both the risk of the controls failing to function as also its effect on the impact of a risk event. Residual risk therefore is a function of inherent and control risk and refers to the risk that can still occur due to certain risk event after the control measures have been put in place.","59 A simple example to illustrate the difference between inherent risk and residual risk is walking across the street. One of the inherent risks with high probability and severe impact is getting hit by a vehicle. The control measure to mitigate this risk is the practice of \u201clooking left and right to check for oncoming traffic before crossing.\u201d But this does not eliminate altogether the possibility of being hit by a vehicle, though it certainly reduces the probability of this to a large extent. Thus the residual risk is reduced significantly. 4.5 COMPLIANCE TESTING Compliance units in banks may evaluate the compliance risk in each business line at periodical intervals and put up the results to the Board\/Management Committee. For this purpose, the Compliance Department must have a Compliance Testing Programme covering all the activities of the bank. The components of an effective testing programme are: i.\t To have proper scoping including all business activities and products ii.\t To cover all applicable regulations and guidance iii.\t To conduct adequate sample size for transaction testing iv.\t To design a well-organized testing process including its documentation v.\t To establish clear document trails vi.\t To identify violations vii.\t To recommend appropriate mitigation measures viii.\t To track for action taken on recommendations ix.\t To communicate the results to the Board \/Audit Committee and senior management Compliance Testing is not a one-time exercise. It should be a regular activity and for every business activity it needs to be repeated periodically. This is important because the compliance risk is dynamic and it changes on account of changes occurring in the business of a bank due to following factors \u2013 i.\t Changes in the customer base and its composition ii.\t Changes in the product suite iii.\t Changes in the transaction volumes iv.\t Changes in the business lines v.\t Changes in the systems, processes and procedures vi.\t Changes in the regulatory norms, directions and guidelines vii.\t Changes in the applicable legal provisions","60 The compliance testing across the business units should be divided in two parts. The first part relates to regulatory prescriptions i.e. all the regulations, directions and guidelines for each product should be tested on suitable frequency to provide an oversight to the senior and top management. The Compliance Rules (CR) for all products and services undertaken by the Bank be prepared in coordination with functional departments at Corporate office level keeping the regulatory guidelines and prescriptions in view. These CRs should be framed \/ grouped for the products as under: Compliance Rules (CR) for \uf0ae\t Adherence to \u25cf\t A Set of Laws \u25cf\t Regulation \u25cf\t Rules \u25cf\t Practices \u25cf\t Self-Regulatory Organisation Standards \u25cf\t Code of Conduct \uf0ae\t CRs should be Grouped into \u25cf\t Internal Compliance \u25cf\t Regulatory Compliance \u25cf\t Legal Compliance \uf0ae\t CRs should Promote \u25cf\t Orderly Behaviour \u25cf\t Systemic Strength These CRs are for compliance and reporting purpose and the same must be covered for the testing with a suitable sample size i.e. number and type of branches on a quarterly basis, Indicative Banking business activities within those the related product and services should be covered. The frequency for testing should be decided by Bank\u2019s Senior Management and should be incorporated in Compliance Policy. Major heads for all Banking Products & Services are indicated hereunder, for meaningful monitoring and controls. (a)\t Deposit related products & services \t\t (frequency: Half Yearly\/ Quarterly) (b)\t Advance related products & services \t\t ( -----------------do--------------------) (c)\t Administration & Miscellaneous services \t (------------------------do--------------)","61 (d)\t Forex related products & services \t\t (------------------------do--------------) (e)\t KYC AML Compliance \t\t\t\t ( frequency: Quarterly \/ Monthly)* *This is an area which needs more stringent controls (Note: Indicative list of Compliance Rules (CRs) for Advances is given vide Appendix 10 to this chapter. The list of CRs in meant for functionaries at field level (branches) and may be submitted by the branches on a frequency as decided by the Bank. CRs need to be reviewed from time to time. CRs may be prepared for other segments on similar lines.) The Second part should cover the regulatory observations vide RARs (Risk Assessment Report) and Risk Mitigation Plans as per previous RBS cycles. The Banks are mandated to submit conclusive compliance to these points to RBI within given timelines after the approval of the ACB. Therefore, compliance testing for these points at defined frequency ensures the sustainability of those compliances. Compliance policy should address and formulate this aspect and compliance function should put a framework across business lines to ensure effective implementation. Banks should select a sample size for the testing and follow the frequency for the above testing. The reports of these compliance testing should be examined by Compliance Department at Corporate Office level and Chief Compliance Officer presents the consolidated position to ACB for their observation, noting and requisite comments. 4.6 REASONS FOR COMPLIANCE FAILURES The major factors causing non-compliance are as discussed below. i.\t Lack of understanding of law: This could occur due to lack of requisite skills in the employees or the legal provisions being too complex or ambiguous. People cannot comply with regulations if they do not understand what specifically is required. ii.\t Collapse of belief in law: Compliance is costly. Voluntary compliance is likely to be low when costs (in terms of time, money, or effort) of complying with a rule are considered to be high. If a rule seems unreasonable, instead of complying, businesses may spend more time and money in lobbying with the regulators to change it or asking for special treatment rather than on compliance efforts. iii.\t Overly legalistic regulation: People lose confidence in regulators and governments if they are required to comply with technical rules that do not appear to relate to any substantive purpose. iv.\t Regulation is at odds with market or cultural practices: Degree of compliance is lower when regulation does not fit well with existing market practices or is not in consonance with cultural norms. Sometimes the basic purpose of a rule is to counter an existing market or cultural practice. For example, consumer protection provisions were","62 necessary to outlaw over- selling in insurance industry precisely because it became common practice. v.\t Failure to monitor: A rule that is on the books, but not monitored is unlikely to elicit compliance. Random inspections among the target group have the effect of making people and enterprises that are normally law-abiding constantly aware of the existence of enforcement activities and tend to reduce the likelihood of future non-compliance. vi.\t Procedural injustice: Researchers have found that if people feel they are treated unfairly by the government or a regulatory agency, then they will often respond by refusing to comply with regulatory requirements. vii.\t Deterrence failure: Regulators can face a failure of deterrence when business rule breaking may have high reward and low probability of detection. viii.\t Failures of administrative capacity: Voluntary compliance levels are compromised if the organisations do not have necessary information and other support or mechanism for compliance with multitude of requirements. 4.7 LET US SUM UP A culture of compliance in an organization, especially a bank, is crucial. Tone at the top is the most important hallmark of a culture of compliance. Compliance Programme should identify major compliance issues. The Bank shall carry out at least annual compliance risk assessment.Another aspect of compliance is the area of operational risk control. Organisations take several measures to mitigate risks. Thus, from the perspective of assessing the risk level one has to consider \u2013 Inherent Risk, Residual Risk and Control Risk. Compliance units in banks may evaluate the compliance risk in each business line at periodical intervals. Non-compliance occurs due to several reasons like lack of understanding of law, failure to monitor, deterrence failure, etc. 4.8 KEY WORDS Compliance culture; Tone at the Top; Silos; Cowboys; Compliance testing; Inherent risk; Residual risk; Controls Risk; Deterrence failure; Procedural injustice, RAR \u2013 Risk Assessment Report, RMP \u2013 Risk Mitigation Plan, Risk Based \u2013 Risk Based Supervision; SPARC- Supervisory Programme for Assessment of Risk and Capital. ISE- Inspection for Supervisory Evaluation","63 4.9 CHECK YOUR PROGRESS 1)\t Which one of the following is not compliance risk? a)\t Violation of regulatory guidelines b)\t Non-compliance of a legal provision c)\t Overdues in credit portfolio d)\t Non-adherence to the bank\u2019s internal policy\t 2)\t \u2018The probability of loss that remains to systems that store, process, or transmit information after security measures or controls have been implemented is called __ risk. a)\tResidual b)\tControl c)\tInherent d)\t Operational\t 4.10 KEY TO \u2018CHECK YOUR PROGRESS\u2019 1 (c), 2 (a) References: 1)\t RBI Circular DBS. CO.PP.BC 6\/11.01.005\/2006-07 dated April 20, 2007 - Compliance function in banks (https:\/\/rbi.org.in\/scripts\/NotificationUser.aspx?Mode=0&Id=3433) 2)\t RBI Circular DBS.CO.PPD.10946\/11.01.005\/2014-15 dated March 04, 2015 - Compliance function in banks (https:\/\/rbi.org.in\/scripts\/NotificationUser. aspx?Mode=0&Id=9598) 3)\t RBI Circular DoS.CO.PPG.\/SEC.02\/11.01.005\/2020-21 dated September 11, 2020 - Compliance functions in banks and Role of Chief Compliance Officer (CCO) (https:\/\/ rbi.org.in\/scripts\/NotificationUser.aspx?Mode=0&Id=11962) 4)\t BCBS Guidelines, 29th April 2005, \u2018Compliance and the compliance function in banks\u2019 (https:\/\/www.bis.org\/publ\/bcbs113.htm)","64 CHAPTER 5 RISK BASED SUPERVISION STRUCTURE 5.1\t Introduction & Background 5.2\t Reserve Bank of India initiatives 5.3\t Bank Supervision Process in India 5.4\t Supervisory Approach 5.5\t Features of an effective Bank Supervisory Framework 5.6\t Benefits of Risk Based Supervision 5.7\t Supervisory Methods\/Tools 5.8 \t Stress Testing 5.9\t Let us Sum up 5.10\tKey Words 5.11\tCheck Your Progress 5.12\tKey to \u2018Check your Progress\u2019","65 OBJECTIVES In this Chapter the learner will \u2013 \uf0ae\t Know about various initiatives taken by RBI \uf0ae\t Know about banking supervision process in India \uf0ae\t Understand risk based approach to bank supervision \uf0ae\t Understand the purpose of stress testing \uf0ae\t Know the fundamentals of stress testing 5.1 INTRODUCTION AND BACKGROUND Banks occupy a pre-eminent place in the financial system and spur economic activity by undertaking maturity and liquidity transformation and supporting the critical payment systems. However, the business of banking has several attributes (leverage, asset-liability mismatch, etc.), which have the potential to generate instability. Supervision is the enforcement of rules and regulations that are formulated by the regulator to govern the behaviour of regulated institutions and at the same time spot loopholes or grey areas where regulatory reinforcement may be due. RBI undertakes supervision of the commercial banks located in India as well as branches of Indian banks located outside India under various provisions of the Banking Regulation Act, 1949, (BR Act). Regulation Vs. Supervision A fundamental question is how supervision differs from regulation. \u2018Regulation\u2019 is - laying down the rules and norms for doing business by all the market players and, therefore, is uniformly applicable to all of them. \u2018Supervision\u2019 is - the process through which the rules and norms are enforced at individual entity level. Thus, regulation is applicable to the system as a whole, and supervision is entity specific. 5.1.1 Objectives of Supervision The substantive objectives of supervision are two-fold: (i) Ensuring safety and soundness of the individual banks thus protecting the interest of depositors; and (ii) Safeguarding the stability of the financial system. Derived from these following objectives can be enunciated for bank supervision: (i) Protection of depositors\u2019 interests; (ii) Ensuring financial health of individual banks\/ FIs; (iii) Ensure financial stability; (iv) Ensure customer protection; (v) Ensure fulfilment of licencing conditions; (vi) Ensure adherence to regulatory norms; and (vii) Ensure operational viability. Effective supervision of banks is essential to ensure that banks adhere to the rules and regulations both in letter and spirit, and their risk culture and risk governance do not pose threat to its solvency.","66 5.1.2 What is a \u201crobust culture of compliance?\u201d It is an overall environment that fosters ethical behaviour and decision-making. Even the most clearly written, comprehensive compliance program is destined for failure without such an 5.2 RESERVE BANK OF INDIA INITIATIVES 5.2.1 Banking Liberalisation After the economic liberalisation RBI steadily and cautiously pursued the process of banking liberalisation granting operational autonomy to banks and financial institutions. Various reforms during the early 1990s included: (a) shift in supervision from intrusive microlevel intervention towards prudential regulation and supervision (b) interest rate and entry deregulation (c) adoption of prudential norms (d) establishment of the Board of Financial Supervision (BFS) in the RBI (e) diversification of activities by banks and (f) private sector ownership of Indian banks. 5.2.2 BFS Impetus Keeping in view the directions of the Board for Financial Supervision (BFS), various initiatives were taken to strengthen the risk-based supervisory framework for banks. Thematic studies were conducted on areas like levy of commissions and charges by banks and trends in superannuation at senior level in public sector banks. Best practices relating to IT infrastructure, CRILC reporting and core banking solutions were shared with commercial banks. Some of the major issues deliberated upon by the BFS include the turnaround of banks with weak financial positions, compliance culture, the need for enhanced disclosures, norms for appointing of statutory auditors, review of the prompt corrective action (PCA) and enforcement frameworks. 5.2.3 Approach to Supervision Until the early 1990s, the focus of RBI\u2019s regulation of commercial banks in India was mainly on (i) licensing, (ii) minimum capital requirements, (iii) pricing of services including administration of interest rates on deposits as well as credit, (iv) reserves and liquid asset requirements. Under such regulatory regime, banking supervision had to focus essentially on solvency issues. Since 1988 Basel-I Accord, however, RBI took several steps to realign its supervisory and regulatory standards with international best practices in a phased manner taking into consideration the economic conditions of the country. Supervisory processes (systems and procedures relating to the statutory inspections) were reviewed by several expert groups during the nineties and the following decade: \uf0ae\t Working Group to Review the System of On-site Supervision over Banks (Chairman: S. Padmanabhan, 1995) \u25cf\t Recommended:","67 \ufffd\t Strategy of periodical full-scope \u2018on-site examinations\u2019 supplemented by an in-house \u2018off-site monitoring system\u2019 in between two statutory examinations. \ufffd\t Orienting supervision for enforcement of correction of deviations. \u25cf\t Decided: \ufffd\t The periodic and full scope statutory examinations should concentrate on core areas of assessment, viz., (a) financial condition and performance (b) management and operating condition (c) compliance and (d) summary assessment in line with the internationally adopted capital adequacy, asset quality, management, earnings, liquidity and systems (CAMELS), including a CAMEL based rating model with systems and controls added to it for Indian banks and a CACS model (capital adequacy, asset quality, compliance, systems and controls) for foreign banks, to which subsequently examination of \u2018liquidity\u2019 was added (CALCS). \ufffd\t The periodic statutory examinations were to be supplemented by four types of regular and cyclical on-site assessments, viz., targeted appraisals, targeted appraisals at control sites, commissioned audits and monitoring visits. \uf0ae\t Working Group on Consolidated Accounting and Other Quantitative Methods to Facilitate Consolidated Supervision (Chairman: Vipin Malik, 2001) \u25cf\t Recommended: \ufffd\t A framework for Consolidated Supervision which included preparation of Consolidated Financial Statements (CFS) for improving public disclosure, \ufffd\t Consolidated Prudential Reports (CPR) for supervisory assessment of risks which may be transmitted to banks (or other supervised entities) by other group members. \ufffd\t Application of certain prudential regulations like capital adequacy and large exposures \/ risk concentration on a group-wide basis. \uf0ae\t Working Group on Monitoring of Systemically Important Financial Intermediaries (Financial Conglomerates) (Convener: Smt. Shyamala Gopinath, 2004) \u25cf\t Recommended: \ufffd\t Establishment of a monitoring system for Financial Conglomerates (FCs). \ufffd\t Norms for identification of a SIFI and its group entities. \ufffd\t A format for capturing financials, Intra-group transactions and exposures amongst group entities, collective exposures on a group-wide basis and","68 \ufffd\t A mechanism for inter-regulatory co-operation on issues related to the identified FCs. \ufffd\t Supervision shifted from intrusive micro-level intervention to a more broad- based approach that reflected the prudential nature of regulation, deregulation of interest rates, and private ownership of banks. During the latter half of the previous century, the international banking scene witnessed strong trends towards globalization and consolidation of the financial system. Stability of the financial system became the central challenge to bank regulators and supervisors throughout the world. Indian banking scene also witnessed progressive deregulation, institution of prudential norm and emulation of international supervisory best practices. With the adoption of CAMELS\/ CALCS approaches to supervisory risk assessments and rating a certain level of robustness and sophistication was acquired. In 2001, RBI initiated move towards introduction of risk-based regulation and supervision in India. Earlier supervisory process was applied uniformly to all supervised institutions. Supervision was largely on-site inspection driven supplemented by off-site monitoring and the supervisory follow-up commenced with the detailed findings of annual financial inspection (AFI). Use of the work done by the internal and external auditors was limited. External auditors were not required to report to the supervisor their adverse findings on issues having supervisory implications. There was scope for more focus on the risk profile of the institutions. The risk-based supervision (RBS) approach essentially entails allocation of supervisory resources and paying supervisory attention in accordance with the risk profile of each institution. 5.3 BANK SUPERVISION PROCESS IN INDIA 5.3.1 Legal Framework for Supervision The BR Act provides the legal framework for regulation and supervision of banks in India. This statute, together with few other laws empowers the RBI to prescribe standards and monitor liquidity, solvency, and soundness of banks, so as to ensure that depositors\u2019 interests are protected at all times. An annual on-site financial inspection of banks under Sec. 35 of the BR Act has been the main instrument of supervision employed by RBI. Other provisions of the BR Act also empowers the RBI to carry out inspection of banks for specific purposes : (i) Determining eligibility for a license to carry on banking business (Sec. 22(3)]; (ii) Certifying inability to pay debts preceding winding up (Sec. 38(4) and 44(1)); (iii) Determining the intrinsic or realistic value of shares preceding amalgamation and verifying whether the arrangement is detrimental to the interests of depositors or to the affairs of the bank and conduct of directors (Sec. 44A and 44 B).","69 The supervisor also conducts an off-site monitoring of the banks through the Offsite Monitoring System (OSMOS) and various other returns prescribed (under Sec. 27).. 5.3.2 Developments Affecting Supervision Modality Last two decades have seen increased integration of global financial markets and cross- border banking activities, diversification of banks into other financial segments, increased complexity of products, processes and group structures. But supervisory approaches and processes remained stagnant resulting in a mismatch between supervisory responsibilities and available resources. The supervisory framework prevailing in India fared rather well over the years and drew praise from peer supervisory agencies, standard setters and the Financial Sector Assessment Programme assessors for the tightly controlled regulatory and supervisory regime. However, in view of the growing complexities in the banking business and lessons from the financial crisis that spurred a thorough overhaul of the global regulatory and supervisory benchmarks viz. revised prescriptions for more resilient banks and banking systems (Basel III), revised Core Principles for Effective Bank Supervision, Principles for Supervision of Financial Conglomerates and planning for Recovery and Resolution of global systemically important banks, need was felt for a relook at RBI\u2019s supervisory processes and mechanism in order to make it more robust and capable of addressing emerging challenges. RBI is required to prescribe standards and monitor liquidity, solvency and soundness of banks, so as to ensure that depositors\u2019 interests are protected at all times. RBI, in its role as a banking supervisor is also responsible for promotion of financial stability and protection of consumers. RBI\u2019s success in effectively discharging these additional responsibilities are closely intertwined with the safety and soundness of the banking system and therefore do not result in any conflict with its primary objective of depositors\u2019 protection and promoting safety and soundness of the banks\/ banking system. 5.3.3 Supervisory Set up Banking supervision function enagages several organs of RBI and is being steered by the apex body at RBI. Last two decades have seen increased integration of global financial markets and cross- border banking activities, diversification of banks into other financial segments, increased (a) Board for Financial Supervision (BFS): It was established in November 1994 and is the apex body responsible for Consolidated Supervision of the financial sector under the jurisdiction of RBI (commercial banks, financial institutions and non-banking finance companies). Its composition is: Chairman - Governor, RBI; Vice-Chairman: Dy. Governor, RBI (in charge banking regulation and supervision); Ex-officio Members: Other Dy. Governors, RBI; and Co-opted Members: Four directors from the Central Board, RBI (term","70 of two years). DoS acts as the secretariat of the BFS. It normally meets once every month to deliberate various supervisory issues and approve the rating of banks. (b) Department of Supervision (DoS): Prior to 1993, the Department of Banking Operations & Development (DBOD) looked after the supervision and regulation of commercial banks. In December 1993, the Department of Supervision (DoS) was carved out of the DBOD with the objective of segregating the supervisory role from the regulatory functions of RBI. It was later split into Department of Banking Supervision (DBS), Department of Non- Banking Supervision (DNBS) and Department of Co-operative Bank Supervision (DCBS). In November 2019, with a view to having a holistic approach to supervision and regulation of the regulated entities to address growing complexities, size and inter-connectedness as also to deal more effectively with potential systemic risk that could arise due to possible supervisory arbitrage and information asymmetry, it was decided to integrate the supervision function into a unified Department of Supervision (DoS). This aimed at adopting a graded supervisory approach to all the RBI supervised entities linked to their size and complexity; to facilitate more effective consolidated supervision of financial conglomerates among the RBI supervised entities; and to help build experienced and skilled human resources that also results in its efficient allocation. DoS carries out the mandate of supervising all scheduled commercial banks (excluding Regional Rural Banks) and various other financial sector players regulated by RBI, except the Housing Finance Companies (HFCs) and various Rural Cooperative Banks. The legal framework for RBI supervision comprises the Reserve Bank of India Act, 1934, and in case of banks the BR Act, 1949, and for other players their respective statutes. Core functions of DoS are: (i)\t Oversight on the safety and soundness (including solvency and regulatory compliance) (ii)\t Undertaking various supervisory processes and procedures, including inspection (iii)\t Off-site monitoring through returns, data etc. and preparing reviews, analysis of balance sheet; Managing Central Repository of Information on Large Credit (CRILC) database; Analyses on the banking system reviews; (iv)\t Formulating Supervisory policy; Implementing revised Prompt Corrective Action (PCA) framework; (v)\t Maintaining a centralised registry of financial sector frauds, and attending to the complaints (with supervisory implications) against supervised entities received from public, banks, Government, etc. (vi)\t Determining criteria for the appointment of statutory auditors and special auditors and assessing audit performance and disclosure practices;","71 (vii)\tFraming Policy and supervising the cyber-security infrastructure and operations; analysing reports on cyber security incidents; taking follow-up action including issue of advisories\/ alerts\/ circulars; (viii)\tServing as the secretariat for the Board for Financial Supervision (BFS) and its Sub- Committee; (ix)\t Serving as the Secretariat to the Inter-Regulatory Forum (IRF); (x)\t Co-ordinating inter-agency forums such as State Level Coordination Committee (SLCC), Task Force on Urban Co-operative Banks (TAFCUB), etc.; and (xi)\t Strengthening cross-border co-operation for sharing of supervisory information among supervisors by engaging with supervisors of other jurisdictions through Memorandum of Understanding (MoU)\/ Letter of Co-operation (LoC). (c) Enforcement Department: RBI is empowered to impose penalties under various statutes applicable to the banking and financial sector. The enforcement process was spread across various supervisory\/regulatory departments. In line with the international best practices of separating enforcement action from the regulatory\/supervisory process, the Enforcement Department was set up in April 2017 with a view to put in place a structured, rule based approach to identify and process the violations by the regulated entities and enforce the same consistently across entities. The core function of the Department is to undertake enforcement action against the entities regulated by RBI based on supervisory reports and regulatory references in an objective and consistent manner, to ensure compliance with regulations within the overarching principle of financial system stability, greater public interest and consumer protection. A policy for enforcement containing, inter alia, the factors to be considered for determining the materiality of the violations and for determining the amount of penalty has been framed with the approval of the BFS. Initially, the Department was tasked with the responsibility of imposing monetary penalties for violations by the Scheduled Commercial Banks (SCBs) under Sec. 47A of the BR Act and rules, and directions\/regulations issued thereunder and violations of RBI directions issued under the PMLA. Subsequently, enforcement work pertaining to Co-op. banks, under the BR Act and NBFCs under Sec. 58G of the RBI Act was also brought under its purview with effect from October 3, 2018. RBI is also empowered to initiate penal action against regulated entities under: (i) Sec. 30 of the Payment & Settlement Systems Act, 2007, (ii) Sec. 22 of Factoring Regulation Act, 2011, (iii) Sec 25 of Credit Information Companies (Regulation) Act, 2005 and (iv) Sec. 30A of SARFAESI Act, 2002. It can take enforcement action under the said acts for violations committed by SCBs, Co-operative Banks and NBFCs. Actions in respect of violations of the provisions of FEMA continue to be taken by the respective regulatory\/supervisory departments.","72 The process of enforcement action entails issuance of show cause notice to the regulated entity and providing it with a reasonable opportunity of being heard in line with the principle of natural justice involving \u2018due process\u2019. Presently, a three-member Committee of Executive Directors adjudicates the matter and passes a speaking order. The details of the enforcement action are provided through Press Releases and in various publications of RBI. RBI is empowered to take enforcement action only on the regulated entities and not on the individuals in-charge of the entities or responsible for the violations. The enforcement process is not a mechanism for customer grievance redressal. However, complaints involving violations of regulations are examined for possible enforcement action based on scrutiny findings by the concerned supervisory department. The Department has six Regional Offices located at Ahmedabad, Chennai, Kolkata, Mumbai, Nagpur and New Delhi. (d) Senior Supervisory Manager (SSM): The supervision of all the entities under the jurisdiction of RBI belonging to the same group was brought under a single supervisory department. This facilitates effective Consolidated Supervision and provides a single point interface for the bank within RBI. A single point contact in the form of a \u2018Senior Supervisory Manager\u2019 has been created within the DoS to ensure efficient and effective communication between the supervisor and the supervised entities. The creation of (SSM is one of the key features of SPARC, primarily aimed at having a single point of supervisory contact for banks within RBI. This is expected to improve the efficiency and effectiveness of the supervisory processes by removing multiple points of contact for the banks within the DoS and more broadly within RBI, which at times could undermine an effective and continuous supervision. The SSM for a bank is supported by a dedicated team of officers. The SSM is expected to develop a strong understanding of the bank and its operations through off-site and on-site examination and continuous monitoring. (e) Inter Regulatory Forum (IRF) of Domestic Regulators: IRF was set up in 2012 under the aegis of Sub Committee of Financial Stability and Development Council (FSDC-SC). It functions as college of domestic supervisors viz. RBI, SEBI, IRDA and PFRDA to oversee the coordinated supervision of financial conglomerates (FCs). IRF has representation from other financial sector regulators \/ supervisors. A MoU was signed between regulatory authorities to facilitate the process of cooperation and exchange of information among peer regulators for strengthening the supervision of FCs and assessing risks to systemic stability. For each FC group that has a significant presence in at least two financial market segments, a designated entity (DE) is identified by the IRF as the nodal entity to act on behalf of FC for facilitating communication and compliance with the principal regulator (PR), under whose jurisdiction the designated entity falls. The PR is solely responsible for consolidated supervision under the FC monitoring framework. The IRF coordinated oversight comprises","73 of: i) periodic discussion meeting of all regulators with the designated entity of the FC and key group entities; and ii) submission of quarterly off-site returns (FINCON returns) to the principal regulator of the FC. Currently, the IRF has identified a set of 11 FCs in the Indian financial sector based on their significant presence in two or more segments of the financial sector. They include five bank- led FCs, four insurance company-led FCs and two securities company-led FCs. 5.4 SUPERVISORY APPROACH 5.4.1 Compliance Based Approach and New Challenges The most common approach in supervising banks has been transaction testing and compliance checking. An excessive focus on detecting non-compliance, however, could undermine the efforts required for understanding the key risk drivers and the flaws in risk management practices of banks. It worked well when the banking business remained more traditional \u2013 taking deposits and making loans. The spectacular change witnessed on account of financial innovation, increased globalisation and the growing use of modern technology as service delivery channels - has undermined its relevance. New products and services embedding technological innovations, exponential growth of the off-balance sheet items, and introduction of complex products such as derivatives and securitization have complicated the turf for the supervisors and banks alike. Emergence of financial conglomerates with considerable cross-border and cross-sector activities has added to the complexity. 5.4.2 Risk based Approach: Response to Challenges The supervisory response to these growing challenges has been to develop a risk-focused approach that enables them to assess and track changes in a bank\u2019s risk profile on an ongoing basis and to generate early warning signals for enabling timely supervisory intervention. This response has been supplemented by underscoring the need for developing effective risk-management systems and structures in banks for management and oversight of risks. Primary factors determining the approach for supervising the banks are: (i) the stage of development of the financial system, (ii) number and size of banks, (iii) complexity of the banking system. Other influencing factors are: (i) the ownership pattern of banks, (ii) reliability of the public disclosures made by banks, (iii) the availability of technological and human resources for conducting supervision. The supervisors should assess the risk profile of banks in terms of: (i) the risks they run, (ii) the efficacy of their risk management, and (iii) the risks they pose to the banking and financial systems. Risk-based process targets supervisory resources where they can be utilised to the best effect, focusing on outcomes as well as processes moving beyond passive assessment of compliance with rules.","74 Ongoing banking supervision consists of a differentiated mix of off-site surveillance and onsite examinations. In aggregate, it culminates in assessment of risks and suggestion of a risk mitigation plan. 5.4.3 Typology of Supervisory Approaches Considering the differentiated approach to supervision and the proportionality paradigm, variant RBS models are developed in addition to the main model for regular banks and the others for small or niche banks, based on certain benchmarks. To achieve the right balance between onsite and off-site supervisory processes, the following classification is adopted in the supervision of different categories of banks. (i)\t Full Scope Supervision (FS): Involves the most detailed and intrusive supervisory approach, both on-site and off-site, covering all the material risks of a bank (ii)\t Select Scope Supervision (SS): Off-site supervision plays the major role in this approach, with on-site examination being a function of concerns emerging from off- site analysis. the on-site examination is centred around operations that are critical to the functioning of the bank, such as IT\/Cyber risks in respect of private banks, compliance in the case of small finance banks, etc. (iii)\t Thematic Assessment (TA): This approach is aimed at assessing topical themes, such as asset quality, cyber risk, etc., with the assessment covering a group of banks or all banks. (iv)\t Targeted Scrutiny (TS): Under this approach, scrutiny is undertaken to examine specific aspects of a bank based on supervisory or market intelligence inputs. 5.4.4 Grouping of Banks for Differentiated Supervisory Approach The proportionality paradigm demands differentiated approach to supervision. Accordingly, banks are classified into groups\/ sub- groups for deciding the appropriate supervisory approach. The principal criteria used to categorise banks is market share of their reported assets. The supervisory intrusion is linked to the category of the bank under normal circumstances though the same can be reviewed based on risks emanating in case of any entity. 5.5 FEATURES OF AN EFFECTIVE BANK SUPERVISORY FRAMEWORK 5.5.1 Attributes of Supervisory Framework An IMF Staff Position note identified five key attributes essential for a good supervisory framework: (i) It is intrusive, i.e., aimed at thorough understanding of the supervised entity\u2019s business model, its risk culture and governance structure. (ii) It is sceptical but proactive. (iii) It is comprehensive. (iv) It is adaptive. (v) It is conclusive. For these, two supporting pillars are necessary: (a) the ability to act and (b) the will to act.","75 An implicit framework for the regulation and supervision of banks is contained in \u201cCore Principles for Effective Banking Supervision\u201d issued by the Basel Committee on Banking Supervision (BCBS). It postulates that supervisory objectives could be achieved through a greater focus on effective risk-based supervision, early intervention, and timely supervisory actions. The essential features of an effective bank supervisory regime are: (a)\t Assesses compliance with rules and regulations and adherence to safe and sound banking practices; (b)\t Sensitive to evolving macro-economic and regulatory changes; (c)\t Responsive to the emerging risks at individual banks; (d)\t Clearly diagnoses the risk profile of each bank and ensure that banks have appropriate risk management systems with a strong internal control and external audit mechanism; (e)\t Conducts supervision on a consolidated basis \u2013 Appropriately assessing the risksposed by all significant lines of business, including those subject to the primary supervision of another regulator and maintain effective coordination with the other sectoral regulators; (f)\t Efficient use of available supervisory resources by allocating the greatest resources to the areas of highest risk; and (g)\t Maintains an adequate pool of trained supervisory personnel with appropriate skill- sets. The underlying philosophy of the risk-focused, risk-based, or risk-oriented approach to supervision is to make a rigorous assessment of risks in the banks\u2019 books and as far as practicable assign supervisory resources to the entities and part of their businesses which pose the biggest risks. 5.5.2 Consolidated Supervision To effectively identify and measure the risks emerging from cross border and cross-sector operations of the banks, the supervisors have embarked on a consolidated supervision approach, the efficacy of which, however, came under serious questioning during the recent global financial crisis. To improve the effectiveness of Consolidated Supervision of banking groups, it is essential to ascertain and focus on the potential risks arising from the material group entities to the parent bank. In line with the risk-based approach to supervision of banks, the consolidated supervision of large and complex banking groups may be conducted by focusing on key risk areas within the group. 5.5.3 Corporate Governance To bring in more transparency and for making the Board \/Top Management of the bank more accountable, specific measures including recording of \u201cTalking Minutes\u201d of Board","76 deliberations or video\/audio recording of the proceedings of Board and its various Committee meetings may be introduced. 5.5.4 Systemically Important Banks An important dimension that many supervisory agencies have incorporated into their risk- based system is determining the systemic importance of each firm. Systemically important firms, all other things being equal, attract greater supervisory attention (and resources) than non-systemically important firms. (a) Globally Systemically Important Banks (G-SIBs): The Basel Committee on Banking Supervision (BCBS) issued the rules on the assessment methodology for G-SIBs and their additional loss absorbency requirements in November 2011. The objective of the Global systemically important banks - revised assessment framework is to identify \u201cglobal systemically important banks\u201d by assessing their contribution to systemic risk and to mitigate the impact of a G-SIB\u2019s distress or failure. The two main components of the framework are: (i) a methodology to identify G-SIBs based on their systemic impact; and (ii) the imposition of higher capital requirements on G-SIBs to reduce their probability of failure. (b) Domestic Systemically Important Banks (D-SIBs): In October 2012, BCBS published the framework for D-SIBs. It is based on the assessment conducted by the local authorities, who are best placed to evaluate the impact of failure on the local financial system and the local economy. This point has two implications. The first is that to accommodate the structural characteristics of individual jurisdictions, the assessment and application of policy tools should allow for an appropriate degree of national discretion. This contrasts with the prescriptive approach in the G-SIB framework. The second implication is that because a D-SIB framework is still relevant for reducing cross-border externalities due to spillovers at regional or bilateral level, the effectiveness of local authorities in addressing risks posed by individual banks is of interest to a wider group of countries. The principles focus on the higher loss absorbency (HLA) requirement for D-SIBs. Other policy tools, particularly more intensive supervision, can also play an important role in dealing with DSIBs. 5.5.5 Supervisory College Internationally active banks can be a source of risk both for the jurisdiction in which it operates as well as for the home country where its major operations are carried out. Therefore, it is important for countries to cooperate in supervising these entities. Since regulation and supervision of banks is mostly at national level rather than supranational level, such cooperation among the authorities is vital in preserving financial stability across borders. RBI periodically conducts onsite examination of Indian bank branches located abroad to ensure that they adhere to both home and host country regulations as well as to understand the risks posed by branch balance sheets to the bank balance sheet.","77 RBI has made significant progress on supervisory information sharing and cooperation with banking supervisory authorities of overseas jurisdictions, entering into bilateral agreements (MoUs \/ Exchange of Letters on Supervisory Co-operation (EoLs) \/ Statement of Co- operation (SoC)) with overseas supervisors to strengthen supervisory cooperation. Till June 2023, the RBI executed such agreements with 43 overseas supervisors. A framework for periodical sharing of supervisory information with respect to foreign banks operating in India with home supervisory authorities has also been put in place. Supervisory colleges have evolved the world over as an important component of effective supervisory oversight of an international banking group. This mechanism was developed with the aim of reducing supervisory overlap and filling in supervisory gaps for better supervisory co-operation enunciated in Basel II Framework. The concept was enunciated in the Basel Committee for Banking Supervision (BCBS) October 2010 Document, \u201cGood Practice Principles on Supervisory Colleges\u201d. Though India does not have any Global Systemically Important Banks (SIBs), with a view to benchmarking India with the best practices across the globe and in its capacity as the home country supervisor, RBI decided to set up supervisory colleges for larger Indian banks. Supervisory colleges have been established for six Indian banks, viz. State Bank of India, ICICI Bank Ltd., Bank of India, Bank of Baroda, Axis Bank Ltd., and Punjab National Bank, given their significant international presence. The main objectives of supervisory colleges are enhancing information exchange and cooperation among home and host supervisors and improving an understanding of the risk profile of the banking group thereby facilitating more effective supervision of internationally active banks. The meetings of the supervisory colleges are held once in two years. 5.6 BENEFITS OF RISK BASED SUPERVISION 5.6.1 Risk Based Supervision RBS may be defined as \u201can ongoing process wherein risks of a bank are assessed and appropriate supervisory plans designed and implemented by the supervisor\u201d. RBS can thus be seen as a structured process, which identifies material and critical risks that a bank may potentially face, and through a focused supervisory review process, assesses the bank\u2019s ability to manage the potential risks along with its financial vulnerability to adverse outcomes Given the inherent weaknesses in the CAMELS model a move towards a risk-based or risk-focused approach to supervision gained momentum, primarily for two reasons: (i) a growing recognition that banking in the traditional sense was no longer in vogue and was becoming complex; and (ii) realisation that supervisory resources are scarce and need to be optimally deployed to meet the goals. Thus, there was a need for a robust supervisory framework, which proactively identifies incipient risks and takes measures to address them. High-Level Steering Committee under the Chairmanship of former Deputy Governor,","78 Shri K C Chakrabarty, in August 2011 recommended a shift to a risk-based approach to supervision from then existing compliance-based approach. This approach to supervision was implemented from 2013 onwards in a phased manner. All scheduled commercial banks are now under the Risk Based Supervisory (RBS) framework and the erstwhile CAMELS framework is no longer in vogue. The RBS framework adopted by RBI is called SPARC (Supervisory Program for Assessment of Risk and Capital). The approach under CAMELS is performance based, reactive and is a point-in-time assessment, SPARC is risk-based, forward-looking, proactive, and dynamic in identifying incipient risks and prompting early response. The three key objectives of SPARC are: (i) to apply differentiated supervision based on risk profile of the bank; (ii) focus on areas deemed as higher risk for the bank; and (iii) to help banks in improving their risk management systems, oversight, and controls. The focus of SPARC is on the unexpected losses (say, exposure as opposed to outstanding) for which more capital may be required. RBS requires a robust offsite surveillance system, any manual intervention in the flow of supervisory data from the banks to RBI needs to be eliminated to ensure quality\/ integrity of data. Under RBS, the approach to on-site supervision changes whereby probability of failure and the likely impact of failure of a bank rather than the volume of business determines the periodicity\/intensity of on-site inspection process. Thus, the banks assessed as having a low risk\/impact profile would be inspected only once in a 2-to-3-year cycle. Over the years, the RBI has been working for enhancing the efficacy and robustness of supervisory processes and improving supervisory communication. It has also undertaken several capacity building initiatives to sensitise banks on the importance of the risk-based approach and the SPARC framework. A variant model for small foreign banks having one\/ two branch operations in India was developed and implemented successfully over two years driven by the proportionality principle. The development of a suitable framework for supervising SFBs and PBs has also been undertaken. 5.6.2 Benefits of RBS Risk Based Supervision (RBS) focuses on: (i) Evaluating both present and future risks, and (ii) Identifying incipient problems. Thus, it facilitates prompt intervention\/ early corrective action. This approach for bank supervision is preferred to then existing compliance-based and transaction testing approach (CAMELS), a point in time assessment. But it continues to assess the level of compliance to gauge the compliance culture and attendant risks. Risk-based supervisory system on an ongoing and dynamic basis, assesses the safety and soundness of banks. It seeks to: (i) achieve an accurate assessment of a bank\u2019s risks to ascertain the extent of capital commensurate to the level of risks a bank is exposed to; and","79 (ii) early identification and timely response to emerging risks. Moreover, unlike CAMELS model where individual risks are examined in isolation, in a risk-based framework, interaction between risks is examined. Thus, improving proportionality and economic efficiency of supervision through the optimal use of supervisory resources and developing specialised expertise is the cornerstone of RBS. It also helps the regulated entities in improving their risk management systems, oversight and controls. Both approaches involve a combination of on-site examination and off-site data analysis. Under risk-based approach a more organised structure is in place to identify and quantify those activities of a bank that carry greater risk and assess the risk management practices and controls in place to mitigate the risk. Irrespective of the supervisory stance\/approach determined in respect of a particular bank, a comprehensive report highlighting the financials, level\/direction of material risks, risk mitigants and a risk mitigation plan, wherever applicable, would need to be prepared and put up to the Board of Financial Supervision on an annual basis. A risk-based supervisory framework has two dimensions: (i) Risk of failure, which is based on the assessment of the inherent risks, the controls in place at the entity level, the governance & oversight at the bank and available capital. t determines the overall supervisory rating and the extent of supervisory capital (ii) Impact of failure, which considers the relative significance of the entity or the group in the overall financial system. In arriving at supervisory stance (i.e. intensity of supervision) the SPARC framework considers both the risk of failure and the impact of failure, through a proprietary risk scoring and aggregation model called \u201cIntegrated Risk and Impact Scoring (IRISc)\u201d model. To summarise, the key benefits of a risk-based framework for supervision are: (i) optimal use of scarce supervisory resources, which in turn results in better use of organisation\u2019s resources (ii) a dynamic and ongoing assessment of risks faced by regulated entities; (iii) early identification and recognition of emerging risks; (iv) a structured and consistent framework for evaluating risks based on separate assessment of both inherent risks and risk management controls. This also enables in a system-wide assessment of banking sector risks as all the entities are evaluated under the same model with less subjectivity; and (v) a better understanding of a bank\u2019s business, systems, processes, human resource, etc. 5.7 SUPERVISORY METHODS\/TOOLS 5.7.1 Off-site supervision To assess the risk of failure, both onsite and offsite risk discovery is carried out. The offsite surveillance is a key component of the supervisory framework, even more so in RBS. It","80 enables RBI to monitor continuously the health of the banks, which act as input for remedial actions, if required. One basic tenet of the risk-based approach is to have a greater focus on institutions that are assessed more risky\/ vulnerable. The supervisory program in respect of more \u2018risky\u2019 banks includes a mix of on-site supervision as well as off-site surveillance comprising monitoring of vulnerabilities, compliance to risk mitigation plan etc. Banks which are considered potentially less risky\/ vulnerable are subjected to an ongoing off-site supervision commensurate with the level of assessed risk. The offsite supervisory process is a key supervisory tool used by authorities. It includes preliminary risk assessment of the banks based on captured data flows pertaining to their business plan\/ strategies, group structure, financial statements, periodic financial and other information relating to banks\u2019 activities, information on capital and liquidity levels, asset quality and loan loss provisions, profitability etc., compliance and internal audit\/ plans and reports, observations of external auditors etc. This together with macro-economic factors and market intelligence inputs (received from rating agencies, industry groups, consultants etc.) are key inputs to determine the areas requiring further clarity and need for an onsite visit. It also leads to decide on the scope, focus, resources, and time for the onsite supervisory visits. It provides information about the key risk areas (credit risk, market risk, operational risk, liquidity risk, etc.) pertaining to a bank Considerable time is spent to analyse offsite data gainfully before embarking on an on- site examination exercise. To enable the banks to be sufficiently prepared for the onsite supervisory visit and facilitate an efficient on-site examination, the supervisors may share the scope and focus of the supervisory visit to the banks in advance. The offsite risk discovery process involves collection of data, documents, etc., as well as discussions with the management personnel of the banks. The ability of the supervisors to conduct a meaningful supervision on a \u2018close and continuous\u2019 basis with a risk-focus depends upon capturing and analysing detailed information about the banks, their profile, culture, risk tolerance, operations and environment on a dynamic basis. The off-site supervision is substantially strengthened to provide inputs for the onsite visits. The quality and integrity of the data submitted by the banks was found to be unreliable\/ inconsistent, therefore initiatives were taken to eliminate manual intervention involved in the flow of data from the banks to RBI. Banks have been sensitised on the pressing need for discipline in the banks to ensure data integrity. OSMOS - Tool for Offsite Supervision: As a part of the supervisory strategy, an off-site monitoring system for surveillance over banks was operationalized in RBI in March 1996. As a tool for \u201cearly warning signals\u201d the Offsite Surveillance and Monitoring System (OSMOS) plays a key role in identification of risks and monitoring banks on a continuous","81 basis. OSMOS consists of a set of structured returns that capture prudential and statistical information of banks at periodical intervals. The information gathered is populated into the OSMOS database, enabling the offsite supervisor to undertake prudential analysis of bank\u2019s Capital, Assets, Earnings, Liquidity, etc. on both solo and consolidated basis. Issues of concern arising out of such analyses are flagged for consideration of Top Management and placed before the BFS. Along with bank specific analysis, certain macro-level analysis of the banking sector is also undertaken periodically to assess and identify the risks and potential concerns. Various statistical tools are deployed to extract and analyse data for use in various RBI publications and for policy inputs. 5.7.2 On-site examination Prior to the global financial crisis, on-site supervision of banks was a key process in the overall supervisory framework. The on-site supervision involved an Annual Financial Inspection (AFI) of banks that was modelled around the CAMELS\/ CALCS. This was a transaction-based examination with a matrix used for arriving at a rating of each of the CAMELS components to give a final adjusted supervisory rating for each bank. The on- site inspections traditionally involved examinations by specialized supervisory staff for a hands-on assessment of qualitative factors such as management capabilities and internal control procedures that cannot be adequately captured in regulatory returns. Under RBS model, based on the supervisory plan of a bank, the on-site inspection focuses on specific areas of concern in a bank and includes a thorough review of the bank\u2019s internal risk management systems, governance in that area and an appropriate level of transaction testing commensurate with the severity of assessed risk. The onsite risk discovery process involves further investigation into identified risk areas including obtaining additional information. The severity of risk and the volume of business determine periodicity, length and intrusiveness of on-site examination. In this step, a dedicated team of supervisors conduct onsite inspection of the identified areas\/ aspects at the premises of the banking entity. A major part of the on-site examination involves: (i) discussion with the key functionaries of the bank regarding processes, products, policies, procedures, etc., (ii) verification of the accuracy of information submitted by the bank as part of regulatory reporting, including any additional data\/ information received, (iii) review of the effectiveness of the controls in place to deal with the material risks the bank is exposed to, (iv) review of overall board and management oversight and the role played by risk management and internal audit function in the bank, and (v) review of compliance with regulatory guidelines and accounting standards including testing of transactions based on a pre-determined sample size to ascertain if they are in compliance with the guidelines. Thus, the RBS framework incorporates both elements of leading indicators that is aimed at risk discovery and lagging indicators such as capital and compliance review.","82 Onsite examination complements off-site surveillance by focusing on conducting validation checks of data gathered under off-site surveillance, assessing the risk areas identified, including capital assessment, and following-up on issues identified from previous assessments. It demands not just high levels of technical skills but also interpersonal skills to both understand and assess the risk as well as draw information that may be material to a bank\u2019s ability to continue as a going concern. The on-site inspection procedure is tailored based on the supervisory action plan. The focus of the supervisors is on adequately assessing management\u2019s ability to identify, measure, monitor, and mitigate risks. The inspecting officers may use advanced business intelligence tools, vulnerability and configuration assessment software etc. to achieve the supervisory objectives. The outcome of the on-site inspection is a report: (i) indicating supervisory issues or concerns related to the bank; (ii) having appropriate comments regarding deficiencies noted in the institution\u2019s risk management systems; and (iii) recommending concise, specific, time bound and monitorable risk mitigation measures. 5.7.3 Thematic Reviews Thematic reviews should be increasingly used as a tool of supervision whereby review of a particular product, market or practice using a specialized team would be made to assess risks brewing within the sector or at system levels for enabling prompt actions\/measures. While general deficiencies are identified in the AFI process, certain observations having a bearing on the efficiency of the banking system need to be studied separately in a focused manner either through a thematic review or through special audits. Thematic supervision is a way of risk-based supervision, where thematic methods are applied to perform risk identification, detection, assessment and management that occur at several banks and have a material impact on banking sector. The objective of these reviews is to evaluate the systems followed by the select banks and to gain deeper insight into the risk faced practices followed by different banks, with a view to assessing regulatory\/ supervisory concerns and systemic risk if any. It is necessary that supervisor undertakes thematic review of a particular product, market or practice using a specialised team to assess whether any risks are brewing within the sector or at system levels. Such thematic reviews help in discerning the quantum and nature of risks over a cross-section of banks and enable taking prompt actions to address them. Thematic review may be conducted in any area where inherent risk may be perceived to have potential for contagion. Some indicative areas for such focused reviews may include Liquidity risk management, Asset quality, trade financing activities, mortgage lending, treasury activities, Risk disclosures (Pillar 3), management of money laundering risks, KYC compliance, approaches for management of interest rate, exposure to sensitive sectors, investment, NPA, pension liability, compensation practices etc.","83 Risks to be identified for thematic study may be picked from several sources, like the following: \u25cf\t Supervisory findings of individual banks; \u25cf\t Nature and trend of customer complaints; \u25cf\t Trends observed from Consumer protection angle which may include new products being offered, feedback from consumer protection organizations etc \u25cf\t Market data and market intelligence; \u25cf\t Emerging trends from macroeconomic and banking sector analysis; \u25cf\t Information gathered from meetings with banks management especially with those having below average rating; \u25cf\t Information received from law enforcement agencies, peer international and domestic supervisors; etc. Thematic approach to supervision is not intended to assess and handle risk at individual banks. However, if prominent risks and problems are noticed during thematic inspection at one or more banks, such risks would have to be considered under bank specific procedure which may lead to targeted inspection at the bank. The thematic work is planned in a way that would harmonize the work with bank specific supervision. The sample of banks for thematic review should have a fair distribution across banks with high risk to identified thematic risk. Thematic Review is carried out either through a short on-site inspection, data request through templates, theme discussions with banks etc. Thematic reviews are consistent with the risk based supervisory framework as such reviews help the supervisors in being proactive in assessing specific issues across the banking sector. Thematic review has been integrated into the risk based supervisory framework for enhancing efficiency and effectiveness of supervision of commercial banks. 5.7.4 Supervisory process (a) Framework: RBS is an ongoing process in which risks of a bank are assessed and appropriate supervisory plans designed and implemented by the supervisor. The framework consists of six key steps shown below: Steps Risk Based Tools 1 Understanding the bank Bank Profile 2 Assessing risks faced by the bank for Risk Assessment \/ Matrix supervisory purpose 3 Scheduling and Planning Supervisory Planning for supervisory actions \/ Activities interventions","84 Steps Risk Based Tools 4 Defining Examination Activities, on-site Onsite Inspection \u2013 objective, scope, etc reviews and ongoing monitoring 5 Inspection Procedure Onsite Inspection, conduct of SREP, offsite continuous supervision. 6 Reporting findings and recommendations Inspection Reports, Updating of the and follow-up bank Profile. (b) Process Cycle: A schematic presentation of the Supervisory Process is shown in the figure below: (Source: Review of Supervisory Processes for Commercial Banks \u2013 Report of High Level Steering Committee, RBI, June 2012, page 23) (c) Bank Profile: A profile containing comprehensive yet concise information about the bank is prepared and kept updated using inputs from various sources including reports of previous inspections \/risk assessments, off-site surveillance, management reports to board committees, internal and external audits findings, periodic discussions with bank\u2019s management etc. The contents broadly are: (i) corporate structure, (ii) most recent financials","85 including capital structure material business lines and their contributions, (iii) key risks\/risk mitigants, (iv) key management personnel, (v) major findings of the most recent supervisory assessment. (d) Risk Assessment: The risk assessment process involves updating bank related information collected from various sources including onsite supervision and comprehensively analyzing the material risk and other concerns arising out of banks\u2019 operations. The relevant risks from the supervisor\u2019s viewpoint need to be mitigated through adequate procedural and institutional mechanism. Risk assessment covers: \ufffd\t Determining the activities that may create potential hazards to the detriment of the supervisory objectives and goals; \ufffd\t Determining the severity and impact of the risks and the effectiveness of risk management which would need supervisory action; \ufffd\t Proposing corrective action, including risk management system, capital and reserves for mitigating the severity of risk and their impact; \ufffd\t Devising supervisory programs and monitor the implementation of measures. The SSM undertakes an extensive and holistic assessment of various material risks (mainly credit, market, operational, liquidity and other pillar 2 risks) the bank faces. To ensure that the risk assessment is done in a comprehensive, structured and comparable manner a common risk assessment template is used across banks. (e) Inputs & Validation: The major inputs for the risk assessment are drawn from the Risk Profile Templates (RPTs), certain other inputs viz. regulatory reports submitted under OSMOS, ICAAPs, deliberations with the Management, statutory\/internal audit findings and market intelligence, etc are also factored in. In view of extensive supervisory judgement involved, the risk assessment produced by the SSM is subjected to internal validation by a committee of senior supervisors for quality assurance\/consistency purposes. (f) Integrated Risk and Impact Scoring (IRISc): The Integrated Risk and Impact Scoring (IRISc) model supports the assessment of risks in a bank adjusted for the capital available. It is used to estimate a bank\u2019s risk of failure, the capital add-on required for a given Risk of Failure Score (RoFS) and the impact of its failure on the banking system. The Aggregate Risk and Capital Available together determine the RoFS for a bank. Based on a bank\u2019s RoFS, a supervisory rating is awarded to the bank. Also a combination of impact and RoFS determines the Supervisory Stance towards a bank. Probability of failure is assessed for the five risk areas viz. Credit Risk, Market Risk, Operational Risk, Liquidity Risk and Pillar 2 Risk superimposed by the Governance & Oversight Risk. The composite Risk Score which is a determinant of the probability of failure of the bank is used to produce a Risk Index. The impact of failure is determined on","86 the basis of cross-jurisdictional activity (claims and liabilities), size (on and off-balance sheet), interconnectedness with the other market players, lack of substitutability (eg. level of dominance in the payment system)\/ financial institution infrastructure, complexity (OTC derivatives, Securities) etc. This is used to arrive at the Impact Index. As both the risk and impact behave non-linearly, the scores derived from the exercise are typically raised to their 4th power to suitably discriminate between a low risk\/ impact and a relatively higher risk\/ impact bank. (g) Supervisory Stance: A Supervisory Stance is the general level of intensity of supervision and the nature of supervisory tools to be deployed and interventions required in a bank. The supervisory stance is determined from a matrix arising from the probability of failure of the bank and the impact such a failure may have on the financial system. Thus, risk to twin supervisory objectives (preventing failure of banks and stability of the banking system) is be determined as follows: Risk to Supervisory Objective = Probability of Failure x Impact of Failure Supervisory stance \/approach is determined based on the Risk Index and the Impact Index together, using the matrix shown below. (Source: Review of Supervisory Processes for Commercial Banks \u2013 Report of High Level Steering Committee, RBI, June 2012, page 26) The areas of specific concerns requiring focused monitoring during the supervisory cycle, nature, intensity and coverage of the onsite examination, targeted appraisals, supervisory resource\/ expertise requirement etc are determined.","87 The supervisory stance\/ intervention of RBI could be one of the four: (i) \u201cBaseline Monitoring\u201d, (ii) \u201cClose Monitoring\u201d, (iii) \u201cActive Oversight\u201d, and (iv) \u201cCorrective Action\u201d. Each of these is associated with specific supervisory actions to be initiated by the supervisor. The objective of the intervention process is to enable the Supervisor to identify areas of concern at an early stage and intervene effectively to minimize losses. The risk profile is periodically updated in the light of new business activities and modifications to products, processes and systems carried out by the bank. (h) Risk Assessment Reports (RAR): A comprehensive report highlighting the financials, level\/ direction of material risks, risk mitigants and a risk mitigation plan, wherever applicable, would have to be prepared and put up to the Board of Financial Supervision on an annual basis. With experience gained and in order to have a modular approach to the components of comprehensive supervisory processes, the supervisory outcomes are broken down to (i) Risk Assessment Reports (RAR) taking care of unexpected losses of the banks; (ii) Inspection Report (IR) covering the expected losses of the banks through (a) Assessment of Regulatory Operations i.e compliance review and (b) Capital Review involving assessment of available capital; and (iii) Assessment of Conduct of Business covering issues relating to bank\u2019s customer and market conduct. Risk Assessment Report also includes the IRISc along with its component scores. The major areas of non-compliance are highlighted separately in RAR. Of these, for critical areas a Risk Mitigation Plan is also included containing the measures to be taken by banks and the deadlines for those. (i) RBS Related Data: The data for risk assessment of banks are called through \u2018fixed\u2019 returns and ad hoc returns. The \u2018fixed\u2019 returns are as follows: (i) Quarterly unaudited returns (Unaudited - Tranche 1 and 1A): Risk and selected financial parameters - Data as per unaudited financials of the bank for the financial year up to the end of the relevant quarter -To be submitted within three weeks from the end of the relevant quarter. (ii) Annual audited returns (Audited - Tranche 1 and 1A): Data as per audited financials of the bank for the relevant financial year \u2013 Tranche 1To be submitted within three weeks from the finalisation of the bank\u2019s financial accounts for the year. Timeline for Tranche 1A and the data points would be communicated separately every year. (iii) Annual returns on Systems (Tranche) - Control and Governance Oversight Information - To be submitted by the date advised by RBI along with the datapoints, every year. (iv) Annual returns on Compliance (Tranche 3) - Compliance Information\u2013 To be submitted by the date advised by RBI along with the datapoints, every year. (v) Bank Profile (Summary) \u2013 Financial information and Non-financial information.","88 Format and data points under Tranche 1 (unaudited and audited) are not changed in the medium term. The data points under Tranche 1 A, tranche 2 and tranche 3 may undergo periodic changes to incorporate the relevant data\/information in line with the changes in the system, new developments in the industry or revised supervisory expectations. (j) Assessment Based on Data: Based on the data collected through these returns and other sources of information the aspects shown in the Table below are assessed. Assessments Data Sources Inherent Risk Tranche I & IA data, Bank profile, DSB returns Risk from Gap in Controls Tranche II information, Standard List of documents, Discussions with bank management Risk from Gap in Governance Tranche II information, Standard List of documents, & Oversight Discussions with bank management Compliance Tranche III information, Standard List of documents (k) Institutional Mechanisms in Banks for Data Accuracy: It is essential that banks put in place robust systems and clearly defined processes for collection, collation and submission of accurate data and information in a timely manner to the supervisor. Banks need to ensure following issues are considered while putting in place their systems for ensuring integrity and accuracy of data and information. \u25cf\t A comprehensive strategy for ensuring adequacy of MIS systems. \u25cf\t A robust process and accountability structure for ensuring the accuracy. \u25cf\t Effective dissemination to the grassroots level the understanding of relevance\/ use of data\/information, implications of erroneous data and criticality of accuracy. \u25cf\t A system of centralized ownership of data. This would ensure timely submission. Any delay may attract penal action. \u25cf\t Mapping data to its source system\/department, and pre-submission basic validation checks. \u25cf\t Review by a committee of senior officers. The following expectations should be met by the banks: (i)\t Timely submission of data and information. (ii)\t Accuracy of data and information submitted. (iii)\t Consistency with the (same) data\/ information submitted through other channels (e.g. OSMOS, standard list of documents etc.). (iv)\t Availability of evidence to substantiate\/ validate the data\/ information submitted.","89 (v)\t Ability to provide a further drill down\/ break-up of the data as and when requested. 5.7.5 Planned supervisory activities Based on the supervisory stance determined from the risk assessment exercise the regulator carries out specific intervention activities. The SSM prepares a comprehensive supervisory action plan for the bank and discusses it with the management of the bank. The supervisory action plan should be adequate and appropriate to the assessed risk profile and should be able to address the assessed deficiencies \/concerns in a demonstrable manner. (a) Baseline Monitoring: The banks in this zone pose little risk to the supervisory objectives and their failures would have limited impact on the financial system. They are likely to have stable financial condition and strong internal controls and governance systems. Hence the supervisor may limit its supervisory work to a baseline offsite monitoring and take up such banks for onsite supervision only once in three years. As part of the annual supervisory cycle, short-duration visits may be made by one\/two officers for verification of the accuracy of the regulatory returns and to study specific issues in one or more risk areas\/controls. (b) Close Monitoring: The banks in this zone pose relatively higher risk to the supervisory objectives and their failures would have greater implication for financial stability. They are likely to have modest financial condition and risk management systems and controls. Hence need greater supervisory focus. The supervisory actions in such banks comprise: (i) enhanced off-site monitoring; (ii) increased frequency\/ granularity of reporting requirements; (iii) periodicity of on-site inspections once in two years; (iv) management, Board of directors and external auditor of the bank apprised about the potential risks and the corrective actions required; (v) one or more short duration on-site visits by SSM Team to look at specific risk areas\/ control; and (vi) interactions with the bank management on these issues. (c) Active Oversight: The banks in this zone pose significant risk to supervisory objectives and their failures would have significantly higher impact on the financial stability.They are likely to be vulnerable to adverse business and economic conditions and may have \u2018material\u2019 safety and soundness concerns. Hence need active oversight by the supervisor. The supervisory actions comprise: (i) yearly on-site inspections covering the risk areas judged as high\/medium in the risk assessment exercise; (ii) a mandate to the external auditor to enlarge the scope of the review of the financial statements and\/ or to perform other procedures and submit a report thereon; (iii) RBI\u2019s examinations will have extensive transaction testing; (iv) risk mitigation plan (RMP) is closely monitored by the SSM; (v) additional short-duration targeted appraisals\/ scrutinies for assessing progress; and (vi) interactions with management. (d) Corrective Actions: The banks in this zone pose grave risks to supervisory objectives and their failures would severely impact the financial stability. Hence these need to be put under continuous watch. This would include: (i) commissioning external specialists","90 or professionals to thoroughly assess the quality of loan portfolio, security, asset values, sufficiency of reserves, etc.; (ii) requiring the management and the board of directors to consider resolution options such as restructuring the bank or seeking a prospective partner for merger, amalgamation or takeover; (iii) on-site inspections would be on an annual basis with wide coverage of the material risk areas coupled with elaborate transaction testing; (iv) the reports from external specialists could be used to direct the management to consider corrective actions; and (v) these would be continuously monitored for compliance. 5.7.6 Prompt Corrective Actions The BCBS paper on \u2018Core Principles for Effective Banking Supervision\u2019 stressed upon the necessity of supervisors having at their disposal adequate supervisory measures, backed by legal sanctions, to bring about timely corrective action when banks fail to meet prudential requirements (such as minimum capital adequacy ratios), when there are regulatory violations or the depositors\u2019 interest is threatened in any other way. In 2002, RBI had introduced a scheme for Prompt Corrective Action (PCA) finalised with the approval of the Board for Financial Supervision. It provided for RBI initiating certain Structured Actions for the banks which hit the Trigger Points on certain select Parameters. Further, RBI would resort, if required, to additional actions (Discretionary Actions). As per the directions of the Sub-Committee of the Financial Stability and Development Council (FSDC-SC) the RBI reviewed and upgraded the PCA scheme, with effect from January 1, 2022. It is applicable to all banks. PCA serves following purposes: (i)\t Enables supervisory intervention at appropriate time. (ii)\t Requires supervised entity to initiate and implement remedial measures in a timely manner. (iii)\t Serves as a tool for effective market discipline. The key areas monitored, indicators to be tracked and the risk thresholds triggers are shown in the matrix below that are applicable to all banks in India, including foreign banks. Parameter Indicator Risk Risk Threshold Risk Threshold 3 (1) Threshold 1 2 Capital (5) (Breach of (2) (3) (4) either CRAR In excess or CET 1 (i) CRAR - Minimum Upto 250 More than 250 of 400 bps ratio) below the regulatory prescription bps below bps but not Indicator for Capital to Risk Assets the Indicator exceeding 400 Ratio + applicable Capital bps below the Conservation Buffer Indicator (CCB) and\/or","91 Parameter Indicator Risk Risk Threshold Risk (1) Threshold 1 2 Threshold 3 Asset Quality (2) (3) (4) (5) Leverage (ii) Regulatory Pre- Upto 162.50 More than In excess of Specified Trigger of Common Equity Tier bps below 162.50 bps below 312.50 bps 1 Ratio (CET 1 PST) + applicable Capital the Indicator but not exceeding below the Conservation Buffer (CCB) 312.50 bps below Indicator the Indicator Net Non-Performing >=6.0% but >=9.0% but < >=12.0% Advances (NNPA) ratio <9.0% 12.0% Regulatory minimum Tier Upto 50 bps More than 50 bps More than 1 Leverage Ratio below the but not exceeding 100 bps regulatory 100 bps below below the minimum the regulatory regulatory minimum minimum The mandatory and discretionary corrective actions that RBI may take under the three thresholds are shown below. Specifications Mandatory actions Discretionary actions Risk Threshold (i)\t Restriction on dividend Common menu 1 distribution\/remittance of profits. (i)\t Special Supervisory Actions (ii)\t Promoters\/Owners\/Parent (in the (ii)\t Strategy related case of foreign banks) to bring in (iii)\t Governance related capital Risk Threshold In addition to mandatory actions of (iv)\t Capital related 2 Threshold 1, (v)\t Credit risk related (i)\t Restriction on branch expansion; (vi)\t Market risk related domestic and\/or overseas Risk Threshold In addition to mandatory actions of (vii)\tHR related 3 Threshold 1 & 2, (viii)\tProfitability related (i)\t Appropriate restrictions on (ix)\t Operations\/Business related capital expenditure, other than (x)\t Any other for technological upgradation within Board approved limits","92 The discretionary corrective actions that may be taken under each category are shown below: 1.\t Special Supervisory Actions -\t Special Supervisory Monitoring Meetings (SSMMs) at quarterly or other identified frequency -\t Special inspections\/targeted scrutiny of the bank -\t Cause a special audit of the bank by the extant Supervisory mechanism and\/or through external auditors -\t Resolution of the bank by Amalgamation or Reconstruction (Ref. Section 45 of Banking Regulation Act 1949) 2.\t Strategy related Actions -\t RBI to advise the bank\u2019s Board to: -\t Activate the Recovery Plan that has been duly approved by the Supervisor -\t Undertake a detailed review of business model in terms of sustainability of the business model, profitability of business lines and activities, medium and long-term viability, etc. -\t Review short term strategy focusing on addressing immediate concerns -\t Review medium term business plans, identify achievable targets and set concrete milestones for progress and achievement -\t Undertake business process reengineering as appropriate -\t Undertake restructuring of operations as appropriate 3.\t Governance related Actions -\t RBI to actively engage with the bank\u2019s Board on various aspects as considered appropriate -\t RBI to recommend to Owners (Government\/ Promoters\/ Parent of foreign bank branch) to bring in new Management\/ Board -\t RBI to remove managerial persons under Section 36AA of the BR Act, 1949 as applicable -\t RBI to supersede the Board under Section 36ACA of the BR Act, 1949\/ recommend supersession of the Board as applicable -\t RBI to require bank to invoke claw back and malus clauses and other actions as available in regulatory guidelines, and impose other restrictions or conditions permissible under the BR Act, 1949 -\t Impose restrictions on directors\u2019 or management compensation, as applicable.","93 4.\t Capital related Actions -\t Detailed Board level review of capital planning -\t Submission of plans and proposals for raising additional capital -\t Requiring the bank to bolster reserves through retained profits -\t Restriction on investment in subsidiaries\/associates -\t Restriction in expansion of high risk-weighted assets to conserve capital -\t Reduction in exposure to high risk sectors to conserve capital -\t Restrictions on increasing stake in subsidiaries and other group companies 5.\t Credit Risk related Actions -\t Preparation of time bound plan and commitment for reduction of stock of NPAs -\t Preparation of and commitment to plan for containing generation of fresh NPAs -\t Higher provisions for NPAs\/NPIs and as part of the coverage regime -\t Strengthening of loan review mechanism -\t Restrictions\/reduction in total credit risk weight density (example: restriction\/ reduction in credit for borrowers below certain rating grades, restriction\/reduction in unsecured exposures, etc.) -\t Reduction in loan concentrations; in identified sectors, industries or borrowers -\t Sale of assets -\t Action plan for recovery of assets through identification of areas (geography wise, industry segment-wise, borrower-wise, etc.) and setting up of dedicated Recovery Task Forces, Adalats, etc. -\t Prohibition on expansion of credit\/ investment portfolios other than investment in government securities \/ other High-Quality Liquid Investments 6.\t Market Risk related Actions -\t Restrictions on\/reduction in borrowings from the inter-bank market -\t Restrictions on accessing\/ renewing wholesale deposits\/ costly deposits\/ certificates of deposits -\t Restrictions on derivative activities, derivatives that permit collateral substitution -\t Restriction on excess maintenance of collateral held that could contractually be called any time by the counterparty","94 7.\t HR related Actions -\t Restriction on staff expansion -\t Review of specialized training needs of existing staff 8.\t Profitability related Actions -\t Restrictions on capital expenditure, other than for technological upgradation within Board approved limits -\t Restrictions\/reduction in variable operating costs 9.\t Operations related Actions -\t Restrictions on branch expansion plans; domestic or overseas -\t Reduction in business at overseas branches\/ subsidiaries\/ in other entities -\t Restrictions on entering into new lines of business -\t Reduction in leverage through reduction in non-fund based business -\t Reduction in risky assets -\t Restrictions on non-credit asset creation -\t Restrictions on undertaking businesses as specified. -\t Restriction\/reduction of outsourcing activities -\t Restrictions on new borrowings 10. Other Discretionary Actions Any other action RBI may deem neccssary. The basis for applying PCA norms to a bank are: (a)\t The Audited Annual Financial Results, and (b)\t The ongoing Supervisory Assessment by RBI. If the circumstances warrant, RBI may place a bank under PCA or move to another threshold during the year. Taking the bank out of PCA Framework and\/or withdrawal of restrictions is considered: a)\t If no breaches are observed as per four continuous quarterly financial statements, one should be Audited Annual Financial Statement (subject to assessment by RBI); and b)\t Supervisory comfort of RBI, including an assessment on sustainability of profitability.","95 5.7.7 Supervisory Rating Generally, supervisors use the information gathered through various sources to arrive at a composite measure of overall health of the bank. This composite score is often termed as \u2018Supervisory Rating\u2019and is exclusively used for supervisory purposes including intervention. Bank Supervisory ratings are supervisory opinions about the \u2018soundness\u2019 of a bank. Soundness may be commonly understood in terms of risk of bank failure. The supervisory ratings reflect both quantitative assessment of risks to bank failure and expert supervisory judgment on relative and absolute strength of the bank. Thus, rating cannot unequivocally be explained by a particular set of data and criteria. The \u2018CAMEL\u2019 system of supervisory rating has been one such internationally recognized and popular supervisory rating system. The banks received a score of \u20181\u2019 through \u20185\u2019 for each component of CAMEL and a final CAMEL rating representing the composite total of the component CAMEL scores as a measure of the bank\u2019s overall condition. In 1996, \u2018CAMELS\u2019 was used by adding \u201csensitivity to market risk\u201d. Some of the notable limitations of the CAMELS framework observed by a Technical Committee (of High-Level Standing Committee) include the following: (i)\t Was largely focused on a \u201cpoint in time\u201d assessment of the performance and the risk elements were not receiving adequate focus, hence was neither forward looking nor dynamic in nature. (ii)\t Various risk mitigants part of System and Control were not being adequately factored. (iii)\t Had considerable subjectivity in analysing parameters like Management and Systems & Control causing lack of consistency both within and across the banks. (iv)\t Primarily based on the comprehensive on-site assessment during AFI and was not adequately leveraging upon inputs from off-site surveillance of banks through monitoring tools like ICAAP, RPTs, internal and external audits of the banks. (v)\t The rating scale was too granular (10 point scale) hence difficult to assign appropriate supervisory responses to each rating. Banks were receiving a better rating due to high weightage given to capital adequacy level, by maintaining mandatory level. (vi)\t Earning of the bank was also being accorded higher marks though higher earnings could be both a source of strength and a source of risk. Under the risk-based approach to supervision, the supervisory rating is a reflection on the risk elements (inherent risk and control) and not an exercise in performance evaluation as is the case under the CAMELS rating Framework. The supervisory rating exercise aims at determining the overall probability of failure of the bank considering risks to which the bank is exposed, strength of control\/ governance and oversight framework in place and","96 available capital. It would convey a sense about the \u2018riskiness\u2019 of the bank as perceived by the supervisor. All the risks which a bank is exposed to are captured under pillar 1 or pillar 2 the exact measurement and their quantification, is an arduous task considering the need for qualitative interpretation. Considering these limitations, Supervisors have tried to indirectly measure and assess some of the nonquantifiable risks through expert supervisory judgement. Supervisory judgement is not an exact science. Explanatory parameters contributing to risk can either be measured statistically or by expert judgement. Due to the range of information and their diversity, many explanatory parameters can only be estimated through qualitative expert judgement, however, wherever possible, such expert judgement will be based on statistical estimates and other quantitative indicators. For rating under RBS, a Scorecard approach has been adopted. Respective explanatory parameter is assessed by adding up a set of component scores of key factors. In a scorecard based supervisory model, the factors and respective weights assigned are determined using statistical tools and supervisory judgment. In the context of application of weights to risk rating, following rules are followed: \u25cf\t Higher risk to get a higher weight than smaller risks. \u25cf\t A risk should get a higher weight than its control. \u25cf\t Weaker controls should get higher weight than stronger ones. Five inherent risk groups are considered for determining the risk of unexpected losses: \u25cf\t Credit Risk \u25cf\t Market Risk \u25cf\t Operational Risk \u25cf\t Liquidity Risk \u25cf\t Pillar 2 Risk (other than those covered above) The net risk arising from each of the respective risk groups is computed by netting\/adjusting the respective Risk control against the inherent risks. Governance and Oversight by the management which are high level controls and cannot be attributed to any single identified risk groups and are captured using a separate template. A lower Risk score for Control corresponds to a better control and governance framework for the respective risk groups. An illustrative risk matrix is shown in the figure below.","97 (Source: Review of Supervisory Processes for Commercial Banks \u2013 Report of High Level Steering Committee, RBI, June 2012, page 37) Under the risk-based approach to supervision, the supervisor needs some measure of the absolute\/ relative probability of failure of bank in order to be able to exercise differentiated supervision. In practice, it is impossible to achieve an exact estimation of default probability as the default event, in the form of bank failure suffers from lack of adequate historical data. The supervisor is more interested in identifying problem banks rather than in accurately measuring the exact default probability. Hence it suffices if the supervisor using a reasonable model is able to obtain a rough estimate of likelihood of the bank failure. The supervisor should be able to construct a relative scale of default probability so as to judge and rank the banks on the relative scale. The supervisory rating assigned to banks is essentially a measure of relative probability of failure in comparison to other banks. Indicatively supervisory ratings used are: Good (A): Probability of failure is well below the supervisory risk appetite. These banks are perceived to be healthy and would require very limited supervisory intervention. Satisfactory (B): Probability of failure is within the acceptable supervisory risk appetite. These banks have a few risks which are of concern. These could be addressed by improving the risk controls. The management, Board of directors and external auditor would be apprised by the supervisor about the potential risks and the specific actions required to correct these deficiencies. Unsatisfactory (C): The bank would have a probability of failure marginally higher than the supervisory comfort. Along with improving \/tightening risk management and controls, the","98 banks would also need additional capital to bring down the probability of failure within the supervisory comfort zone. The risk mitigation plan would need to be closely monitored for compliance by the bank. Poor (D): The bank has a high probability of failure. It would need to not only raise additional capital but also restructure its business to bring down the inherent risks in the business. These banks are placed under the PCA framework and their compliance with the mandated supervisory action plan is monitored on a monthly basis. The intervention could be in the form of instructions\/ directions to the management and the board of directors to consider options such as restructuring the bank or seeking a prospective partner for merger, amalgamation or takeover. The risk mitigation plans in such banks are continuously monitored for compliance. Very Poor (E): The bank with this rating is no longer a viable entity and would need to be wound up or merged\/amalgamated with another bank. The supervisory action would entail taking over management control of the bank and finding a suitable merger proposal or putting the bank under an orderly resolution process. All supervisory information including the supervisory rating is highly confidential. A bank\u2019s supervisory rating is to be known only to the bank\u2019s senior management and the concerned supervisory officials. It is not disclosed to the public even on lagged basis. Based on the rating, the bank would be apprised of the direction\/ trend of key risk groups along with overall risk faced by it and a risk mitigation plan, comprising of need for improving controls, augmenting capital and\/or restructuring business. 5.8 STRESS TESTING 5.8.1 Need for and Purpose of Stress Testing The role of stress testing has rapidly evolved and grown in importance since the Global Financial Crisis of 2007-09. Many jurisdictions are using stress testing to decide the appropriate level of \u2018supervisory capital\u2019. In June 2007, RBI issued guidelines stipulating that banks should put in place appropriate stress test policies and the relevant stress test framework for the various risk factors by September 30, 2007, and make their formal stress testing frameworks operational from March 31, 2008. A well designed and implemented stress testing framework would supplement banks\u2019 risk management systems and help in making these systems more robust. It also helps banks to be better equipped to meet the stress situations as and when they arise and overcome them such that they do not become a serious threat to themselves or to the banking systems in which they operate. The depth and duration of the Global Financial Crisis raised a question whether then existing stress testing practices were sufficient and robust to cope with rapidly changing circumstances. In particular, the crisis was far more severe in many respects than was","99 assumed by banks for their stress testing and consequently the weaknesses in stress testing practices impaired their resilience. Against this backdrop, BCBS issued the Principles for Sound Stress Testing Practices and Supervision in May 2009, based on which, in December 2013, RBI updated its Stress Testing Guidelines. A stress testing framework has dual role: (a) Being a diagnostic tool improving a bank\u2019s understanding of its risk profile, for supplementing the internal capital models, and (b) Introducing a forward-looking element in the capital assessment process. 5.8.2 Guidelines for Stress Testing For implementation of updated guidelines following two broad norms have been stipulated: (a) All banks are required to carry out the stress tests involving at the minimum shocks prescribed by RBI. Banks are required to assess resilience to withstand shocks of all levels of severity indicated by RBI, and should be able to survive, at least the baseline shocks. (b) The degree of sophistication adopted by banks in their stress testing programmes should be commensurate with the nature, scope, scale and the degree of complexity in the bank\u2019s business operations and the risks associated with those operations. Stress testing is an integral part of the internal capital adequacy assessment process (ICAAP) and should be conducted at least at half-yearly intervals. It should be rigorous, forward looking that identifies severe events or changes in market conditions that could adversely impact the bank. It is also a central tool in identifying, measuring, and controlling funding liquidity risks, for assessing the bank\u2019s liquidity profile and the adequacy of liquidity buffers in case of both bank specific and market-wide stress events. Stress tests are required to be used in management of various risk categories viz. market risks, credit risks, operational risks and liquidity funding risks. The guidelines are, applicable both at solo as well as group level. These are considered by RBI to review the suitability of stress testing programmes and resultant actions including the requirement of additional capital and liquidity buffers as part of Supervisory Review and Evaluation Process (SREP) under the Basel II framework. The framework for stress testing comprises following: (a) Objectives: The main objectives of stress testing are: (a) assisting in risk identification and control, (b) complementing other risk management tools, (c) improving capital and liquidity planning, and (d) facilitating business decision-making. It should provide a complementary and independent risk perspective to other risk management tools such as value-at-risk (VaR) and economic capital. It should complement risk management approaches that are based on complex, quantitative models using backward looking data and estimated statistical relationships. (b) Board Responsibility: The ultimate responsibility for overall stress testing programme in a bank rests with the board of directors of the bank and with the Chief Executive Officer"]
Search
Read the Text Version
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
- 337
- 338
- 339
- 340
- 341
- 342
- 343
- 344
- 345
- 346
- 347
- 348
- 349
- 350
- 351
- 352
- 353
- 354
- 355
- 356
- 357
- 358
- 359
- 360
- 361
- 362
- 363
- 364
- 365
- 366
- 367
- 368
- 369
- 370
- 371
- 372
- 373
- 374
- 375
- 376
- 377
- 378
- 379
- 380
- 381
- 382
- 383
- 384
- 385
- 386
- 387
- 388
- 389
- 390
- 391
- 392
- 393
- 394
- 395
- 396
- 397
- 398
- 399
- 400
- 401
- 402
- 403
- 404
- 405
- 406
- 407
- 408
- 409
- 410
- 411
- 412
- 413
- 414
- 415
- 416
- 417
- 418
- 419
- 420
- 421
- 422
- 423
- 424
- 425
- 426
- 427
- 428
- 429
- 430
- 431
- 432
- 433
- 434
- 435
- 436
- 437
- 438
- 439
- 440
- 441
- 442
- 443
- 444
- 445
- 446
- 447
- 448
- 449
- 450
- 451
- 452
- 453
- 454
- 455
- 456
- 457
- 458
- 459
- 460
- 461
- 462
- 463
- 464
- 465
- 466
- 467
- 468
- 469
- 470
- 471
- 472
- 473
- 474
- 475
- 476
- 477
- 478
- 479
- 480
- 481
- 482
- 483
- 484
- 485
- 486
- 487
- 488
- 489
- 490
- 491
- 492
- 493
- 494
- 495
- 496
- 497
- 498
- 499
- 500
- 501
- 502
- 503
- 504
- 505
- 506
- 507
- 508
- 509
- 510
- 511
- 512
- 513
- 514
- 515
- 516
- 517
- 518
- 519
- 520
- 521
- 522
- 523
- 524
- 525
- 526
- 527
- 528
- 529
- 530
- 531
- 532
- 533
- 534
- 535
- 536
- 537
- 538
- 539
- 540
- 541
- 542
- 543
- 544
- 545
- 546
- 547
- 548
- 549
- 550
- 551
- 552
- 553
- 554
- 555
- 556
- 557
- 558
- 559
- 560
- 561
- 562
- 563
- 564
- 565
- 566
- 567
- 568
- 569
- 570
- 571
- 572
- 573
- 574
- 575
- 576
- 577
- 578
- 579
- 580
- 581
- 582
- 583
- 584
- 585
