In an update to its "guidance note" on lenders' operational risk management framework, the Reserve Bank of India (RBI) on Tuesday included new lenders to its jurisdiction, including co-ops and non-banking financial firms (NBFCs). All banking and financial goods, services, operations, procedures, and systems have some level of operational risk.
A key component of the risk management framework of regulated firms is the efficient management of operational risk, according to the RBI, which also stated that the new note complies with the Basel Committee on Banking Supervision's (BCBS) guidelines. Lenders must implement three lines of defense in their operational risk management system, according to the central bank.
The first is business unit management, which is in charge of determining and controlling the risks connected to the lending company's goods, services, operations, procedures, and systems.
The second is a separate organizational risk management role that formulates an impartial opinion about the operational risk of business units, the layout and efficiency of important controls, and other risk threshold. The audit function, which shouldn't be engaged in the creation or execution of the operational risk management procedures, must be the third line of defense.In order to manage risk, the board of directors of the lender should also create a code of conduct.
It should clearly define appropriate corporate practices, forbid conflicts of interest, and set clear expectations for "integrity and ethical values of the highest standard."RBI stated that lenders need to have a robust control environment that includes effective communication between the various lines of defense, proper resource allocation, and a complete change management approach.
Following the identification of its key activities, a lender should, in line with its operational resilience strategy, map the internal and external linkages and interdependencies required for the performance of those operations. In the event of a negative business interruption incident, they must also have a business continuity strategy.
Finally, lenders need to make sure that their reliance on partnerships with non-related businesses and third parties does not interfere with the provision of essential operations, especially with the introduction of third-party tie-ups for extra fees.
