Chief Risk Officer: Strengthening Risk Management Practices

[Kanakprabha Jethani is with Vinod Kothari Consultants Private Limited]

The Reserve Bank of India (RBI) issued a notification on 16 May 2019  requiring non-banking finance companies (NBFCs) having an asset-size exceeding the prescribed threshold to appoint a Chief Risk Officer (CRO) with clear roles and responsibilities to oversee their risk management practices. The CRO shall be required to function independent of the structure of the organisation. Observing the increasing role of NBFCs in direct credit intermediation and the risks it poses to the market as well as banks which lend money to these NBFCS, this was a vital step to be taken by the Reserve Bank of India (RBI) in a timely manner. This post sheds light on need for this notification, the role of a CRO, and other regulatory provisions relating to appointment of the CRO.

Need for this Notification

NBFCs serve credit requirements of entities that are not served by banks. They are considered as crucial sources to the growth of the economy due to their expanded credit reach in the market. This is because they have lesser compliance requirements to abide by, and their operations are not limited by credit constraints as that of banks. Since decades, NBFCs have experienced light regulation considering their “need to grow”. This legacy of light regulation has built up a risk intersection between banks and NBFCs, where the credit risk of NBFCs is shared by banks through lending to NBFCs and the business risk is created by banks on NBFCs by denying them lending. This intersection has fatal effects on the economy and there is a need to separate these risks, at least to some extent. The RBI has achieved the balance between growth and risk by taking this crucial move in direction of toning down the risk exposure of NBFCs.

Applicability of the Notification

The above notification has been issued in line with circular for appointment of a CRO by banks named Risk Management Systems – Role of the Chief Risk Officer (CRO). This notification shall be applicable to NBFCs having an asset-size of more than Rs. 50 billion, functioning in following categories:

• Investment and Credit Companies;
• Infrastructure Finance Companies;
• Micro Finance Institutions;
• Factors; and
• Infrastructure Debt Funds.

Here, two kinds of companies will fall under purview of this notification:

• Category one –which already have an asset size of more than Rs. 50 billion at the time of issue of this Notification; and
• Category two – NBFCs which cross the prescribed threshold after the date of this notification.

It is noticeable that the RBI has not yet prescribed any time limit for the appointment of a CRO. However, it is advisable for category one companies to take up this matter in the forthcoming board meeting and pass resolution for the same. Category two companies should appoint the CRO in the board meeting immediately after the threshold is crossed.

Actions to be Taken Pursuant to this Notification

Appointment of CRO

• Appoint a senior official of the company, having adequate professional qualification and experience in risk management area, as CRO.
• Clearly specify roles and responsibilities of the CRO.
• Evaluate the official’s capabilities, educational background, experience in the area.
• Ensure that there is no dual-roles, i.e. the CRO is not burdened with any other responsibility.

Putting Matters in Place

• Formulate a policy for safeguarding independence of CRO. The roles and responsibilities of the CRO may also be included in this policy.
• Fix the tenure of the CRO and determine situations and ways in which the CRO can be removed before expiry of tenure.
• Establish a reporting relationship between the CRO and the managing director (MD), CEO or Risk Management Committee (RMC) of the company.
• If the company has a committee for credit sanction process, it is advisable to make the CRO a part of it and provide her with voting powers in the committee.
• Ensure no reporting relationship is established in business verticals of NBFC.

Role of the CRO

• If direct reporting lines with MD or CEO have been established, the RMC or the board of directors of the company shall also meet the CRO on a quarterly basis in the absence of the MD or CEO.
• The CRO must be an active participant in the process of identification, measurement and mitigation of risk.
• The CRO shall also vet the credit policies of the company.
• The CRO shall be an advisor in deciding credit proposals.

Reporting

• If the CRO is to be removed before expiry of tenure with board’s approval, such premature removal shall be reported to Department of Non-Banking Supervision of the regional office of the RBI under whose jurisdiction the NBFC is registered.
• If the NBFC is listed, any change in incumbency of the CRO shall also be reported to the stock exchanges.
• Reporting in regard to initial appointment of CRO is not prescribed in the notification. Therefore, no reporting is to be made, as of now. However, further details on the course of monitoring may be expected from the RBI.

Conclusion

This initiative by the RBI is likely to trim the extent of vulnerability of NBFCs in the credit market. This move is expected to freeze the ongoing rating downgrades of NBFCs and prune the fears of liquidity crisis in the market. This notification has been just the right mechanism for the current scenario. Compliance of this requirement in letter and spirit will put NBFCs in a better standing of its credit operations. This is in line with the guidelines for risk management for banks issued by the RBI in 2017.

– Kanakprabha Jethani