The Reserve Bank of India recently updated its guidance note on operational risk management and extended its scope to include NBFCs like housing finance companies. Earlier, operational risks mainly arose from increasing IT dependence. However, the pandemic has highlighted the importance of managing risks from third party reliance as financial institutions increasingly adopt virtual working models. The new note aims to promote better risk management practices among regulated entities and enhance their operational resilience given complex interconnections. It explicates the three lines of defence model and has separate principles for risk mapping, incident management, ICT risks, lessons learned, etc.
The Reserve Bank of India (RBI) recently updated its guidance note on operational risk management for financial institutions. It has now extended the scope of the note to include non-banking financial companies (NBFCs) like housing finance companies, in addition to commercial banks.
Previously in 2005, the 'Guidance Note on Management of Operational Risk' only applied to scheduled commercial banks. The new 'Guidance Note on Operational Risk Management and Operational Resilience' aligns RBI's regulatory guidance with the principles set by the Basel Committee on Banking Supervision (BCBS).
The RBI noted that operational disruptions can threaten the viability of regulated entities, impact customers and market participants, and ultimately affect financial stability. Such disruptions can arise from factors like IT issues, geopolitical conflicts, frauds, errors, third party dependencies or natural causes.
The updated guidance note aims to promote better operational risk management among regulated entities and enhance their operational resilience given the complex interconnections within the financial system. One of the key changes carried out in the updated guidance note is that its applicability has been extended to all non-banking financial companies (NBFCs) -- including housing finance companies -- cooperative banks, and financial institutions, in addition to commercial banks.
The new note explicates the "three lines of defence model" wherein the business unit forms the first line of defence, the organisational operational risk management function forms the second line, and audit function forms the third line of defence.
The note has separate principles for mapping internal and external interdependencies, incident management, ICT, disclosures, lessons learned exercises and feedback mechanisms.
Earlier, operational risks mainly arose from increasing IT dependence. However, the pandemic has highlighted the importance of managing risks from third party reliance as financial institutions increasingly adopt virtual working models. The RBI wants to strengthen operational risk practices and resilience across the broader financial sector.
The RBI's updated guidance note provides a comprehensive framework to help regulated entities strengthen their risk governance practices. If implemented diligently, it can help reduce disruptions and maintain financial sector stability in the face of challenges like cyber threats, business disruptions and health emergencies.
Advertisement
Facebook
Whatsapp
