ADVERTISEMENT

RBI Updates Guidance Note On Operational Risk Management For NBFCs

The Reserve Bank of India updates guidance note on operational risk management for NBFCs, aligning with Basel Committee on Banking Supervision Principles.

<div class="paragraphs"><p>Tilt up of RBI building. (Photo: Vijay Sartape/NDTV Profit)</p></div>
Tilt up of RBI building. (Photo: Vijay Sartape/NDTV Profit)

The Reserve Bank on Tuesday updated its 'guidance note' on operational risk management for the financial sector, and also extended it to the NBFCs, including housing finance companies.

The 2005 'Guidance Note on Management of Operational Risk' covered only commercial banks.

The Reserve Bank of India said an operational disruption can threaten the viability of a regulated entity, impact its customers and other market participants, and ultimately have an impact on financial stability.

It can result from man-made causes, Information Technology threats, geopolitical conflicts, business disruptions, internal/external frauds, execution/delivery errors, third-party dependencies, or natural causes.

The latest 'Guidance Note on Operational Risk Management and Operational Resilience' aligns with the RBI's regulatory guidance with the Basel Committee on Banking Supervision Principles, the central bank said.

The guidance note intends to promote and further improve the effectiveness of operational risk management of the REs, and enhance their operational resilience given the interconnections and interdependencies, within the financial system, that result from the complex and dynamic environment in which the REs operate.

One of the key changes carried out in the updated guidance note is that its applicability has been extended to all non-banking financial companies -- including housing finance companies -- co-operative banks, and financial institutions, in addition to commercial banks.

The 2005 guidance note, which has now been repealed, was applicable to only scheduled commercial banks.

The new note explicates the 'three lines of defence model' wherein business unit forms the first line of defence, organisational operational risk management function forms the second line, and audit function forms the third line of defence.

It has separate principles for mapping of internal and external interconnections and interdependencies, incident management, ICT, and disclosures.

The note also introduces separate principles on 'lessons learned exercise' and continuous feedback mechanism.

Until recently, the predominant operational risks that REs faced emanated from vulnerabilities related to increasing dependence and rapid adoption of technology for provision of financial services and intermediation.

However, the financial sector's growing reliance on third-party providers exacerbated by the Covid-19 pandemic with greater reliance on virtual working arrangements, has highlighted the increasing importance of operational risk management and operational resilience.