RBI
updates guidance note on operational risk management, extends it to NBFCs
The Reserve Bank of India on Tuesday updated its "guidance
note" on operational risk management for the financial sector, and also
extended it to the NBFCs, including housing finance companies. The 2005
'Guidance Note on Management of Operational Risk' covered only commercial
banks. The Reserve Bank of India (RBI) said an operational disruption can
threaten the viability of a regulated entity (RE), impact its customers and
other market participants, and ultimately have an impact on financial
stability.
It can result from man-made causes, Information Technology (IT)
threats, geopolitical conflicts, business disruptions, internal/external
frauds, execution/delivery errors, third-party dependencies, or natural causes.
The latest 'Guidance Note on Operational Risk Management and
Operational Resilience' aligns with the RBI's regulatory guidance with the
Basel Committee on Banking Supervision (BCBS) Principles, the central bank
said.
The guidance note intends to promote and further improve the
effectiveness of operational risk management of the REs, and enhance their
operational resilience given the interconnections and interdependencies, within
the financial system, that result from the complex and dynamic environment in
which the REs operate.
One of the key changes carried out in the updated guidance note is
that its applicability has been extended to all non-banking financial companies
(NBFCs) -- including housing finance companies -- co-operative banks, and
financial institutions, in addition to commercial banks.
The 2005 guidance note, which has now been repealed, was
applicable to only scheduled commercial banks.
The new note explicates the "three lines of defence
model" wherein business unit forms the first line of defence,
organisational operational risk management function forms the second line, and
audit function forms the third line of defence.
It has separate principles for mapping of internal and external
interconnections and interdependencies, incident management, ICT, and
disclosures.
The note also introduces separate principles on "lessons
learned exercise" and continuous feedback mechanism.
Until recently, the predominant operational risks that REs faced emanated from
vulnerabilities related to increasing dependence and rapid adoption of technology
for provision of financial services and intermediation.
However, the financial sector's growing reliance on third-party
providers exacerbated by the Covid-19 pandemic with greater reliance on virtual
working arrangements, has highlighted the increasing importance of operational
risk management and operational resilience.
www.economictimes.indiatimes.com dt.
01.05.2024