Hitesh Asrani, the founder and director of Mumbai-based CRP Risk Management is an expert in risk mitigation. He had established the company in the year 2000 when risk checks were not considered very important in India. Now, his company has been successful in creating awareness and in inculcating a culture in India Inc towards higher control in vulnerable areas such as people, process and technology. Asrani spoke to THE WEEK about the growing importance of risk management in India, especially among the banking and the financial industry in lieu of the increasing frauds in the banking and the financial sector.
What are your views on the trends in the risk management sector in India?
The banking and finance industry is going through major reforms currently. In recent months, through additional regulations by the government and precautions by the industry itself, risk management has seen a spike among companies. Some of the recent trends that I have observed is the rising Non-Performing Assets (NPAs) among Indian public sector banks and their image has been tainted for their NPAs and bad debts. It has been estimated that the gross value of NPAs in Indian PSUs is Rs 8,40,958 crore, which is over $122 billion. The recent Punjab National Bank (PNB) scam prompted the government to announce the approval of the Fugitive Economic Offenders Bill and the Reserve Bank of India (RBI) to unveil a Prompt Corrective Action (PCA) framework to preserve the financial health of certain PSBs.
Additionally in a stern warning to bankers, the finance ministry has announced that chief executives of (PSBs) need to check all NPA accounts exceeding Rs 50 crore for frauds or they could face criminal conspiracy charges. More recently, rising defaults have forced banks to go slow in disbursing education loans. Banks have reported a flat growth of 0.02 per cent, or just Rs 21 crore, at Rs 72,839 crore in outstanding education loan growth for the year ended March 2018 as against Rs 72,818 crore in March 2017 as per the RBI data.
Besides, this, of late, the insurance industry continues to be plagued with fraudulent claims, with the non-reporting of prior illnesses and intermediaries risk when purchasing a medical insurance policy. Also the proliferation of smart phones and adoption of digital transactions have been a boon to start-ups, especially, the e-commerce industry. The year 2018 has seen some high-profile data leaks plaguing many of the major industry players that have shaken consumer confidence to a substantial degree, especially those which compromised customer's private information.
Why is it important for banks and financial institutions to adopt risk management practices?
It is not surprising that banks have been practising risk management ever since there have been banks as the industry could not have survived without it. The real change is the degree of sophistication now required to reflect the more complex and fast-paced environment. Post the Nirav Modi scam, banks and financial institutions have started putting action plans to strengthen the controls in the areas of trade finance, SWIFT, credit risk, operational risk besides cyber and IT risk. Adopting risk management practices will help institutions to improve awareness, prevent monitoring and surveillance of transactions; strengthen Know Your Employee (KYE) through technological intervention, etc.
As a part of CRP records, we have observed that in the year 2017-18, evidence-based fraudulent claims range between 13-15 per cent and Assam, Bihar, Odisha, Gujarat and Haryana continue to be the major pain area for the entire insurance industry. Besides this, more than 40 per cent of negative claims are on account of undisclosed pre-existing illness related to the cause of death. Additionally dead man policy is a rising trend in the negative cases as these are the policies that are taken post the death of an individual. In the insurance sector investor policies are also becoming a huge racket especially in Assam, Haryana and Gujarat and this is where investors invest in a life insurance policy of critically ill patients. It has been observed that more than 9 per cent death certificates verified were fake.
As per my observation, the trend of empowering the first line of defense in risk management began in the non-banking world because companies were dealing with multiple operational issues on the ground, and didn’t have a formal risk management function. But today, increasingly in financial services, we are seeing enterprises push more risk management responsibilities down to the front lines. That is where the action is in terms of actual risk assessments, control testing, issue management, policy attestations and compliance.
How will risk management benefit the BFSI sector?
A sound and robust risk management framework requires the board and management to be responsible and accountable for managing and controlling technology risks. This responsibility calls for banks to perform risk analysis by identifying information systems assets, determining security threats and vulnerabilities, estimating the likelihood of exploitation or attacks, assessing potential losses associated with these risk events and taking appropriate security measures and controls for asset protection. In the current scenario, most of the decisions are on credit or NPA resolution, which are being taken based on data that is not validated. This is the crux of the current failures within the system. It is important to strengthen the risk mitigation layer in every function so that the quality of the portfolio is continuously assessed and corrective actions taken before the risk achieves critical mass. Global best practices like customer diligence have been the purview of internal bank employees, especially in the PSB segment. An on-ground, tech savvy third-party perspective is urgently required to turn around the current trends in bad loans.
How will risk management help in preventing financial frauds?
Risk management has become an increasingly inalienable consideration for an enterprise. Hence the need to back strategic decisions with a thorough risk evaluation, is being felt more strongly today in corporate board rooms, than at any time in the past. CROs (Chief Risk Officers), traditionally, have been entrusted with managing the downside of risk, but nowadays, are being included in strategic business decisions to help management evaluate the upside of risks. To keep pace with the changing risk environment, boards are now focusing first and foremost on the quality of risk information they are receiving. At the same time they are embedding risk culture in the DNA of the organisation. Besides this, the advent of cloud-based technologies offering on demand risk management tools such as SAAS platform are proving to be cost effective alternatives.