Disclosure Risks Hang Over RBI’s Bank Inspection Reports

The Supreme Court has given the Reserve Bank of India a short window to change its disclosure policy, which so far prevented the public from accessing bank inspection reports among other things.

A brief history of the case first.

On April 26, the Supreme Court asked the RBI to comply with its 2015 judgment to make the annual inspection report of banks public. A bench of Justice L Nageswara Rao and Justice MR Shah rejected the argument of the central bank that it has a fiduciary relationship with the lenders and therefore the information sought was exempted under the Right to Information Act.

The RBI was given one last opportunity to withdraw its disclosure policy and release the inspection reports of ICICI Bank Ltd., HDFC Bank Ltd. and State Bank of India that were sought.

Banks, bankers and sector watchers are eagerly waiting to see what the RBI does next.

On April 30, the RBI posted a new disclosure policy document on its website, which still excluded bank inspection reports. The April 30 document, however, was not the final word and it appears that a more comprehensive review is underway.

Understanding Bank Inspection Reports

It’s important to first understand what bank inspection reports now look like.

A few years ago, the RBI moved to risk-based supervision from the earlier transaction-centric approach. The new framework focuses on current and future risks inherent in the bank’s functioning, its process and its products.

While an annual inspection report may differ from bank to bank, it will typically include at least a few crucial elements. This includes:

• Compliance with regulations,
• The quality of the credit portfolio,
• Policies on managing stressed assets,
• Approach towards customers and products with a focus on the fair practices code,
• Know Your Customer processes,
• IT systems and vulnerabilities there,
• Functioning of the board and board committees,
• Insider trading policies.

The communication process between the bank and the regulator is an ongoing one. The regulator may raise some concerns, the bank may explain its position, it may make some changes in its processes and so on and so forth.

At the end of the year, there is an annual inspection report submitted but even then, the financial institution has the opportunity to send back its views within a period of time, typically 30 days. So in some ways, the inspection report is never really ‘final.’

You may chose to ignore that and say that the annual inspection report should be opened up to the public. Where’s the harm in that?

Once again, before we answer that question, it may be illustrative to know how these reports are structured.

Some comments in these reports may be generic and innocuous. Hypothetically, the RBI may say “Bank XYZ needs to strengthen its credit appraisal processes” or “Bank ABC’s IT systems are not adequately protected against cyber fraud.” But in other cases, the RBI may choose to point out a specific instance where the bank may have violated a regulation or approached a certain loan in a way that the regulator feels is incorrect.

Trouble will arise if that information is published selectively and without much context.

It’s not tough to imagine a headline screaming “RBI finds ABC Bank Susceptible To IT fraud” or “XYZ Bank Found Guilty Of Evergreening”. Some publications will make the effort to put that information in context, for instance, by explaining that evergreening was detected in a certain number of accounts, which make by a certain percent of the bank’s loan book. Or that certain specific IT processes were not adequately protected from fraud risk. But some others may not.

In the worst possible scenario, you’d have more than enough ammunition to create a scare around a deposit-taking institution and risk a run on the bank. Anyone who believes that is hyperbole may want to think back to 2003 when ICICI faced a run on its branches in Gujarat on mere speculation that the bank was running short on liquidity. Such runs are self-fulfilling. Even if the bank wasn’t facing a liquidity shortage, it will find itself in the midst of one when customers rush to withdraw money.

So what should the RBI do?

Taking The Middle Road

Ideally, the diktat to release bank inspection reports should be implemented prospectively. That will allow the regulator to ensure that its reports are drafted in a manner that scope for misinterpretation is limited. Banks, aware that these reports could be made public, would also (hopefully) make an extra effort to ensure processes are as sound as possible.

But the RBI may not have that option since the case on which the Supreme Court ruled was related to bank inspection reports of previous years. Should reports of previous years be made public, the regulator may choose to sever certain portions of the report using Section 8 (1) (a) and (e) -- which allow non-disclosure of information that can hurt economic interests of the state or are available to a person in a fiduciary responsibility. This is not a suggestion but an expectation based on recent RTI responses from the RBI.

Beyond bank inspection reports, the disclosure of which must be approached cautiously, the regulator needs to review its policy around investigation reports.

The RBI’s enforcement division has been strengthened and the number of fines imposed post investigations has risen. The fines, however, are minuscule and unlikely to act as much of a deterrent. While the RBI discloses the imposition of a fine, it gives minimal information about the transgression and the investigation. In contrast, market regulator SEBI puts out a detailed investigation report, which is often instructive on the loopholes that have been exploited. The RBI needs to do the same.

Meanwhile, banks may want to shed their ‘no comment’ approach and be prepared to respond to any information that may become public. A failure to do so will only make matters worse.

Ira Dugal is Editor - Banking, Finance & Economy at BloombergQuint.