The Indian banking system and non-banking financial companies (NBFCs) remain sound and resilient, backed by high capital ratios, improved asset quality and robust earnings growth. This is supporting a double digit credit growth and domestic economic activity. Sustaining this improvement requires further strengthening of governance and risk management practices and building up of additional buffers.

Introduction

I.1 Looking ahead in 2024, major central banks have indicated that monetary policy would remain watchful as inflation, despite easing, rules above target. In this environment, banks need to guard against credit losses although higher capital buffers and provision coverage ratio (PCR) provide cushions. In addition to regulatory capital and liquidity requirements, qualitative metrics such as enhanced disclosures, strong code of conduct and clear governance structures would contribute towards financial stability.

I.2 While the outlook for the global environment remains highly uncertain, the prospects for domestic economic activity appear bright. The Indian banking system is well positioned to improve further, with better asset quality, high capital adequacy and robust profitability. The financial indicators of NBFCs are also set to strengthen further, underpinned by adequate capital, increased provisions and improved asset quality. Financial stability is being underpinned by corporates’ stronger financials and deleveraging of their balance sheets. Against this backdrop, this chapter outlines a broad-brush view of the challenges facing banking and non-banking sectors, and the way forward.

Unsecured Lending in Banks and Non-Banks

I.3 In the recent period, the rate of growth of the unsecured retail segment has outpaced total bank credit growth. The asset quality of the unsecured retail loans has not shown any deterioration so far. The calibrated and targeted macroprudential measures announced in November 2023 in respect of select categories of consumer credit loans and bank lending to NBFCs are pre-emptive in nature and in the interest of financial stability.

Review of Income Recognition, Asset Classification and Provisioning (IRACP) Norms

I.4 To keep pace with the dynamic developments in the financial system, the Reserve Bank has been striving to transform its regulatory approach to activity-based from entity-based. With this aim, a comprehensive review of the extant IRACP norms is underway to harmonise instructions across all regulated entities (REs) of the Reserve Bank.

Review of Prudential Framework for Resolution of Stressed Assets

I.5 The prudential framework for resolution of stressed assets operationalised since June 7, 2019, provides a principle-based steady-state approach to a majority of lending institutions. Based on the experience gained and to rationalise and harmonise the instructions across all REs, a comprehensive review of the framework is underway. This will provide further impetus to the resolution of stressed assets.

Review of Guidelines on Interest Rate on Advances and Export Credit

I.6 The extant regulations on interest rates on advances vary across REs. To harmonise the regulatory framework for banks and other REs, a comprehensive review of the extant regulatory instructions has been undertaken. Further, a review of the instructions on export credit is also currently underway, keeping in view the evolving requirements of stakeholders.

Migration to Expected Credit Loss (ECL) Based Framework.

I.7 A discussion paper (DP) on introduction of ECL framework for provisioning by banks was issued on January 16, 2023, soliciting inputs from stakeholders. While the inputs on the DP are being examined, an external working group – comprising of domain experts from academia, industry and select major banks – has been constituted to holistically examine and provide independent inputs on some of the technical aspects. The recommendations of the working group would be duly factored in while framing the draft guidelines.

Non-Fund Based Facilities

I.8 Non-fund based (NFB) facilities like guarantees, letters of credit, and co-acceptances play a significant role in facilitating domestic and international trade. There is a need to lay down a comprehensive and self-contained set of regulatory guidelines governing the NFB facilities applicable to all REs to ensure an orderly and sustainable growth of this segment. Accordingly, a review of guidelines on NFB facilities is underway.

Securitisation of Stressed Assets

I.9 In January 2023, the Reserve Bank had released a discussion paper on securitisation of stressed assets to seek comments from market participants. Given the novelty and complexity of the structure, detailed examination of various stakeholders’ comments is currently underway with a view to issue the final guidelines shortly.

Framework for Connected Lending

I.10 Connected lending or lending to persons who are in a position to control or influence the decision of a lender can be a concern, as it involves moral hazard issues leading to compromise in pricing and credit management. The extant guidelines on the issue are limited in scope and are not applicable uniformly to all REs. To address this issue, a draft circular proposing a unified regulatory framework on connected lending will be issued shortly for public comments.

Regulatory Framework for Web-Aggregation of Loan Products

I.11 A web-aggregator of loan products (WALPs) entails aggregation of loan offers from multiple lenders on an electronic platform which enables borrowers to compare and choose the best available option to avail a loan. Accepting the recommendation of the Working Group on Digital Lending (WGDL), it has been decided to bring loan aggregation services offered by the Lending Service Providers (LSPs) under a comprehensive regulatory framework. The framework will focus on enhancing the transparency in the operations of WALPs, increase customer centricity and enable the borrowers to make informed choices.

Urban Co-operative Banks (UCBs)

I.12 The amendments to the Banking Regulation (BR) Act, 1949 as applicable to co-operative societies empowered the Reserve Bank to improve the regulation and supervision of UCBs. The Reserve Bank has undertaken several initiatives to bolster sound governance practices in UCBs, including the appointment of Chief Compliance Officer, Chief Risk Officer, and Head of Internal Audit. To have better functioning of UCBs where governance issues were observed, the Reserve Bank has appointed additional directors on the Boards.

I.13 Harmonisation of guidelines on presentation and disclosures in financial statements issued in October 2022 has, to some extent, addressed the problem of divergence in audited financial statements and assessment made by the Reserve Bank. Guidelines on transfer to/appropriation from reserve funds and disclosures on concentration of deposits, advances, exposures and non-performing assets (NPAs) has brought transparency in financial statements published by UCBs. The aim of the Reserve Bank’s regulatory actions is to quickly nurse back weak UCBs to health, and if such efforts do not yield the desired outcomes, then resolve them in a manner as non-disruptive as possible. These actions will instil and deepen public confidence in UCBs as efficient and dependable financial intermediaries.

I.14 Guidelines on issue and regulation of share capital and securities were issued for UCBs in March 2022. Subsequently, a working group (WG), comprising officials of the Reserve Bank and representative from the Securities and Exchange Board of India (SEBI), was constituted to examine the issuance of the second leg of guidelines on raising capital funds for co-operative banks. The WG has submitted its report, and its recommendations are under examination.

I.15 Notwithstanding the progress made so far, the co-operative sector continues to face certain inherent challenges. UCBs need to discourage very long and continuous tenures of their directors, in accordance with the provisions of the BR Act, to avoid vested interests exercising undue influence over the functioning of the board and to facilitate infusion of fresh ideas and perspectives in the Board by induction of new directors. The absence of a comprehensive risk management policy makes certain UCBs vulnerable to external and internal risks. Deficient compliance culture is prevalent among certain UCBs and is reflected in persisting irregularities in some areas of their functions. Availability of skilled personnel to manage the core banking solution (CBS) and other critical information technology (IT) and database functions is usually constrained in UCBs. As a result, these crucial functions are often outsourced, exposing them to outsourcing risk. These banks are less prepared to prevent, detect, respond to and recover from cyber-attacks. Non-integration of various modules, like treasury, letter of credit, forex and anti-money laundering solutions, with CBS has been a source of supervisory concern and needs a comprehensive review.

Non-Banking Financial Companies (NBFCs)

I.16 The performance of the NBFC sector witnessed significant revival in the post-pandemic period. Notwithstanding the overall robust health of the sector, certain concerns remain.

Interconnectedness of Banks and NBFCs.

I.17 Given the strategic importance of NBFCs in the financial system, the high level of interconnectedness between banks and non-banks merits close attention. NBFCs are large net borrowers of funds from the financial system, with the highest exposure to banks. Several NBFCs maintain borrowing relationships with multiple banks simultaneously. Banks are also key subscribers to their debentures and commercial papers. Such concentrated linkages may create contagion risk. Although banks are well-capitalised, they need to constantly evaluate their exposure to NBFCs as well as the exposure of individual NBFCs to multiple banks. NBFCs on their part should focus on broad-basing their funding sources and reduce over-dependence on bank funding.

Government-owned NBFCs (G-NBFCs)

I.18 Owing to their increasing size and funding to large infrastructure projects of the government, G-NBFCs form an important part of the sector. Top 50 exposures of G-NBFCs, amounting to ₹7.8 lakh crore, constituted about 40 per cent of total corporate credit of the NBFC sector, pointing towards concentration risk. Also, all these 50 exposures were to the power sector, which faces multiple inherent issues.

I.19 Given their growing systemic significance, the prompt corrective action (PCA) framework for NBFCs has been extended to G-NBFCs (except those in the base layer). The framework will be effective October 1, 2024, based on audited financials as on March 31, 2024, or thereafter. This is expected to strengthen supervision of these entities and ensure timely course correction by them.

Microfinance NBFCs (NBFCs-MFIs)

I.20 As microfinance institutions (MFIs) cater to marginalised clientele, the repayment capacity of borrowers needs to be considered while extending loans. With the deregulation of interest rates, certain NBFCs-MFIs appear to be enjoying relatively higher net interest margins. Microfinance lenders, therefore, need to ensure that the flexibility provided to them is used judiciously through transparent interest rate setting processes.

Small Finance Banks (SFBs)

I.21 SFBs serve a critical role in delivering credit to under-banked segments. However, many SFBs have low current account and savings account (CASA) deposits and a greater reliance on bulk term deposits, often acquired at higher rates, especially from co-operative banks. This suggests a high degree of interconnectedness of SFBs with co-operative banks, with the possibility of any shock to the latter sector spilling over to the former.

I.22 Some entities, which were NBFC-MFIs earlier and subsequently converted to SFBs, retained their earlier business models. Consequently, the share of unsecured lending in their portfolios, especially to microfinance and joint liability group (JLG) borrowers, is high. This lack of asset diversification is also often coupled with geographical concentration, implying significant concentration risk.

I.23 A capital adequacy framework, that properly accounts for the various risks that SFBs are exposed to, is essential to ensure their financial soundness and continuation of the role played by them in the real economy. The capital adequacy framework specified in the operating guidelines for SFBs, issued in October 2016, stated that the prudential frameworks for market risk and operational risk were being examined and related instructions would be issued separately. Against this background, a comprehensive review of the regulatory capital framework for SFBs is under consideration.

Customer Service

I.24 A key element of protecting customers is to provide them an efficient, prompt and cost-effective grievance redressal mechanism. However, the efforts of banks to provide timely solutions to customer grievances have not kept pace with the explosion in technology and products. Bank Boards and top executives need to focus on quality of grievance redressal instead of just monitoring turnaround time (TAT) and management information systems (MIS) on complaints. REs need to bring in greater empathy into their services, products and operations. There is a need for greater effort to provide safe and friendly tech-banking to senior citizens, people with special needs and those who are technologically challenged. Banks must ensure that their access points – branches, websites, and apps – are user-friendly and convenient for customers with special needs.

Payment and Settlement Systems

I.25 In line with the Payments Vision 2025, necessary stakeholder consultations are ongoing on various aspects of payment systems, including alternate authentication mechanisms, facilitating framework for internet of things (IoT) and context-based payments, and creating a payment system for processing online merchant payments using internet/mobile banking. Separately, instructions to regulate offline payment aggregators are planned to be issued.

Offline Transaction using Near Field Communication (NFC) Technology

I.26 The Reserve Bank had issued instructions permitting small value digital payments in offline mode in January 2022. Based on this framework, the National Common Mobility Card (NCMC) and Unified Payment Interface (UPI) Lite were developed. Further, UPI Lite X has also been launched which uses NFC technology for transfer of funds through the UPI system. This feature will enable retail digital payments in situations where internet/telecom connectivity is weak or not available. It will also ensure speed, with minimal transaction declines. Further, NCMC, which also utilises the NFC technology, is being used by various transit operators.

Conversational Payments

I.27 As conversational instructions hold immense potential for enhancing ease of use and reach of the UPI system, the Reserve Bank, in September 2023 permitted the National Payments Corporation of India (NPCI) to introduce them. Conversational payments in UPI will enable users to engage in a conversation with an artificial intelligence (AI) powered system to initiate and complete transactions in a safe and secure environment. This channel will be made available in both smartphones and feature phones-based UPI channels. The facility will initially be available in Hindi and English and will subsequently be made available in more Indian languages.

Processing Mandates with Single-Block-and-Multiple-Debits

I.28 The capabilities in UPI have been enhanced to enable customers to create payment mandates against merchants by blocking funds in their bank accounts for specific purposes which can be debited, whenever needed. This would be helpful for purchase of securities in the secondary capital market as also purchase of government securities using the Reserve Bank’s Retail Direct Scheme and various e-commerce transactions. This will build a higher degree of trust in transactions as merchants will be assured of timely payments, while the funds remain in the customer’s account till actual delivery of goods or services.

Opportunities and Challenges of New Technology Adoption

I.29 New technology adoption helps banks and non-banks generate additional revenue, reduce expenses, and manage risk exposure better. It enables banks to offer more convenient and personalised services to their customers. Further, new technologies enhance the efficiency and effectiveness of banking operations. With this, however, the risks of fraud and data breaches have also increased. Concerted efforts by all stakeholders including regulators, banks and customers are required to protect the system from these threats. On its part, the Reserve Bank has been striving to update the regulations to protect customers while ensuring that innovations are not stifled.

Cyber Resilience and Digital Payment Security Controls

I.30 Given their systemic importance, it is imperative to keep the payment systems resilient against existing as well as upcoming threats. Towards this end, the Reserve Bank in June 2023 invited comments on the draft master directions on cyber resilience and digital payment security controls for payment system operators. The draft directions cover governance mechanisms for identification, assessment, monitoring, and management of cybersecurity risks, and specify baseline security measures.

Model-based Lending

I.31 The increased collaboration of banks and NBFCs with FinTechs has facilitated introduction of model-based lending. However, banks and NBFCs need to be careful in relying solely on pre-set algorithms on which the models operate. These models should be robust and their resilience should be tested periodically. It is necessary to be watchful of any undue risk build-up in the system due to information gaps, which may cause dilution of underwriting standards.

Artificial Intelligence and Machine Learning (AI/ML)

I.32 Rapid deployment of AI/ML in finance is promoting efficiency gains, redefining client interfaces, augmenting forecasting accuracy, and improving risk management and compliance.

These advances, however, carry potential risks arising out of embedded biases in AI/ ML systems and the lack of transparency in their outcomes. Furthermore, the technology potentially embodies new sources and transmission channels of systemic risks capable of undermining financial stability. It is, therefore, imperative to strike a balance between benefits and risks by strengthening the capacity of REs and surveillance by oversight authorities, formulating/updating relevant legal and regulatory frameworks, proactively engaging stakeholders to identify possible risks, and expanding consumer education.

I.33 The Reserve Bank has emphasised that the algorithm used for underwriting should be based on extensive, accurate and diverse data to rule out any prejudices. Algorithm should be auditable to point out minimum underwriting standards and potential discrimination factors. Further, lenders should adopt ethical AI which focuses on protecting customer interest, promotes transparency, inclusion, impartiality, responsibility, reliability, security and privacy.

Setting up of Fintech Repository

I.34 To ensure a resilient FinTech sector and to promote best practices, regulators and stakeholders need to have relevant and timely information on FinTech entities, including the nature of their activities. It is therefore proposed to set-up a repository capturing essential information about FinTechs, including range of their activities, products, technology stack, and financial information. FinTechs would be encouraged to provide relevant information voluntarily to the repository which will aid in designing appropriate policy approaches. The repository will be operationalised by the Reserve Bank Innovation Hub in April 2024 or earlier.

Planned Supervisory Policies

I.35 In view of the evolving technology and cyber risks, supervisory policies are being proactively designed to fortify the financial sector.

I.36 The extant guidelines require all scheduled commercial banks (SCBs) as well as UCBs with digital depth of level IV to set-up Cyber Security Operations Centre (C-SOC) to ensure continuous surveillance of cyber risks. However, being organisation specific, they may overlook sector-wide common threats. A Sectoral SOC (SSOC) is envisaged to address these potential sector-specific risks. Through correlation of events/logs/incidents sourced from multiple SOCs of supervised entities, the SSOC will provide actionable intelligence for better accuracy and consistency in the overall ecosystem. By centralising the monitoring and analysis of cyber threats, the sector can swiftly adapt to evolving attack vectors.

I.37 Systemic risks may arise when various REs rely on a small number of third parties to provide services. In order to assess the concentration risk, a comprehensive exercise was undertaken to map the IT service providers with SCBs. Based on this exercise, joint audits of IT service providers by banks are being proposed under the aegis of the Indian Banks’ Association (IBA). These audits will ensure a comprehensive and standardised evaluation of the vendors.

I.38 A large number of small UCBs have faced increasingly sophisticated cyber-attacks targeting their payment channels. An exercise was conducted to assess the gap in implementation of supervisory instructions in select UCBs through empanelled auditors of Indian Computer Emergency Response Team (CERT-In). The exercise will be extended to all UCBs with payment system interfaces in a phased manner. Identifying and rectifying gaps in the cybersecurity preparedness ensures that UCBs maintain robust security measures in handling payment systems.

Overall Assessment

I.39 The Indian banking system and NBFCs remain sound and resilient, backed by high capital ratios, strengthening asset quality and robust earnings growth. Looking ahead, given the increasing interconnectedness between banks and NBFCs, the latter should focus on broad-basing their funding sources and reduce over-dependence on bank funding. Banks and non-banks both, need to bring in greater empathy in their customer services. Concerted efforts by all stakeholders are required to protect the banking system and the payments system from the risks of fraud and data breaches emanating from cyber threats. Overall, banks and NBFCs need to further strengthen their balance sheets through robust governance and risk management practices to meet the growing aspirations of the Indian economy.