Mint Road's enforcement framework shifts focus to governance premium

Penalties imposed by the Reserve Bank of India (RBI) in FY24 more than doubled to ₹86.1 crore in 281 instances (it was ₹40.4 crore and 211 in FY23). Its annual report has it that fiduciary censure was up across bank groups — except foreign banks and small finance banks — and such attention was more on state-run and private banks. Compared to what’s slapped by global financial regulators which run into millions of dollars, the sums on our turf are paltry; it carries the risk of being taken as part of operating expenses. The highest till date is ₹58.9 crore on ICICI Bank in March 2018 for failure to adhere to directives regarding the sale of securities from its held-to-maturity bucket. 

What should be the price regulated entities (REs) and their top brass have to foot on slip-ups, especially in repeat cases? 

New approach 

The woes at IndusInd Bank have put the spotlight back on a key initiative the banking regulator’s Enforcement Department set rolling in FY24: scale-based approach to enforcement based on a RE’s size, complexity, inter-connectedness, range of activities, and also the seriousness of violations. (This was a follow-through on then RBI governor Shaktikanta Das’s meeting with the boards of state-run and private banks on May 22 and 29, 2023 to discuss issues related to governance, ethics, the role of the boards, and supervisory expectations). And on its circular on the ‘Compensation of whole-time directors, CEOs, material risk-takers and control function staff in banks’ (issued on November 4, 2019). While Mint Road said this will kick in only for pay-cycles beginning from or after April 1, 2020, it can apply to prior slip-ups by way of clawback (as it basically fine tuned a circular of January 13, 2012 which held so). This was tested during the Yes Bank fiasco, but these matters can be litigated and can run into years before settlement. 

The RBI, under section 46 and 47A of the Banking Regulation Act (1949), has wide powers to impose penalties for identified contraventions, but as Divyanshu Pandey, partner (Finance Practice) at law firm JSA, has it: “While the RBI has imposed penalties on financial institutions (FIs), however, to my knowledge, it has not imposed penalties on individuals working with them.” He feels the RBI should consider exercising its powers against individuals’ actions, including the compensation payable, and strictly enforce its directions on clawbacks in line with the recommendations of the FSB (Financial Stability Board) and Basel committee even as it penalises FIs. Incidentally, the objective of the RBI’s November 2019 circular was to better align with the FSB’s March 2018 'Principles and Implementation Standards for Sound Compensation Practices and the Supplementary Guidance’ on the use of compensation tools to address misconduct risk. 

As Ravi Duvvuru, member-advisory group to the second Regulatory Review Authority and partner at Duvvuru & Reddy LLP, views it, “for penalties to act as an effective deterrent, they must be proportionate to the revenue earned and directly linked to individual accountability, particularly at the senior management level”. He is for a regime akin to the United Kingdom's senior managers and certification regime to ensure personal responsibility for lapses in governance and compliance. While the RBI introduced clawback provisions in 2019, there’s no publicly available data specifying the actual amounts recovered or identifying the individuals involved. Current disclosures are aggregated and lack the necessary detail to promote transparency and accountability. Duvvuru feels the RBI should mandate annual disclosures of individuals and the amounts recovered under clawback provisions. He adds: “In recent years, the RBI has increasingly used supervisory actions as a deterrent — an approach that, in my view, has had more impact than monetary penalties alone”. 

M Damodaran, former chief of Securities and Exchange Board of India (Sebi) and now chairman of Excellence Enablers, a corporate governance advisory firm, says that “the penal amount may not seem much. What is important is disclosure to the exchanges and in the annual reports. That will impact reputation." And “there should be no discrimination between a state-run and a private bank. Violations must merit similar penalties." 

In general, the key reasons for the imposition of penalties were contravention of Section 26A of the Banking Regulation Act, 1949, cybersecurity, non-compliance with exposure and IRAC (income recognition and asset classification) norms; know-your customer directions (2016); fraud classification; submission of information to the Central Repository of Information on Large Credits, and to credit information companies; customer protection (limiting the liability of customers in the cases of unauthorised electronic transactions); director-related loans; monitoring the end-use of funds; and violation of Housing Finance Companies Directions (2010). 

 

Penalised after a lag 

There’s also a technical aspect: penalties are imposed with a lag; in the sense, it is for a past supervisory cycle. By the time a penalty is imposed, the management of an RE may have changed. This problem was faced by US and European FIs and insurance companies during the global financial crisis of 2012. This led to the change of remuneration mechanisms for CXOs worldwide; their pay was partially linked to the performance of the institution, and clawback clauses were imposed for misconduct detected later. Kritika Krishnamurthy, founding partner at legal firm AK & Partners, says: “Although we have this system for insurance companies, it’s not in place for all RBI REs.” She explains: as compliance becomes one of the most important items for REs, such commercial arrangements need to be put in place by FIs, not just to protect themselves, but also to show their bona fides to the RBI. 

Another element is fraud. The Report on Trend and Progress of Banking India (T&P FY24) tells you during the year, based on date of reporting by banks, the amount involved in frauds was the lowest in a decade. The average value was the lowest in 16 years (₹2,623 crore in 14,480 cases), but what is interesting is that in FY25, this was sharply higher — at ₹21,367 crore and 18,461. Worrisome is the commentary in the RBI Annual report (FY24). An analysis of the vintage of frauds reported during FY23 and FY24 shows a significant time-lag between the date of occurrence of a fraud and its detection. The amounts involved in previous financial years formed 94 per cent of the frauds reported in FY23 in terms of value: it was 89.2 per cent for FY24. 

  Similarly, 89.2 per cent of the frauds reported in FY24 by value occurred in previous financial years. The RBI’s Annual Report (FY21) was more detailed. It noted that the average time lag between the date of occurrence of a fraud and its detection was 23 months; for large frauds (₹100 crore and above), it stood at 57 months. A two-decadal analysis in the Financial Stability Report of June 2019 observed that between FY01 and FY18, fraud constituted 90.6 per cent of what was reported in FY19, by value. 

What explains this lag?“The lag in fraud detection exists primarily because technology is reactive by nature. Most fraud detection systems identify patterns based on known fraud types, leading to delays in recognising new fraud methods,” explains Jaya Vaidhyanathan, chief executive officer, BCT Digital which is into fintech and regtech solutions. Real-time surveillance and adaptive systems that learn quickly from emerging fraud cases can shorten reaction time. And eliminate delay through proactive technologies. Artificial intelligence and machine learning can help move the model from detection to prevention—flagging and blocking transactions that deviate from established patterns even before a fraud is fully understood. 

In September 2019, then RBI deputy governor M K Jain, said: “It will not be an exaggeration to say that some of the big losses suffered by banks on account of frauds could have been avoided if a good compliance culture was ingrained in the respective banks." Frauds are a drain on capital which is increasingly quoting at a premium; going ahead this will get captured in the governance premium as well. 

Mint Road’s enforcement plot is set for change. 

Enforcing the law 

*  Global financial regulators impose penalties that can run into millions of dollars but in India the sums are paltry

  *  The highest RBI penalty ever was of ₹58.9 crore on ICICI Bank in March 2018 for failure to adhere to certain directives

  *  RBI imposes penalties on financial institutions but it is rare for it to act similarly against individuals

  *  It could be that by the time a penalty is imposed, the management of a regulated entity may have changed

  *  A key RBI initiative is a scale-based enforcement based on a regulated entity’s size, complexity, violations