The Covid-19 pandemic has impacted most economies and banking systems globally, including India. The nation-wide lockdown in April-May 2020 substantially impacted economic activity. The easing of lockdown measures subsequently led to gradual improvement in economic activity and progress towards normalcy. For the banking sector, these developments resulted in lower demand for loans and fee-based services and regulatory measures like moratorium on payment of dues and standstill in asset classification to mitigate the economic consequences on borrowers. It also resulted in increase in provisioning reflecting higher actual and expected additions to non-performing loans following the cessation of moratorium and asset classification standstill. The second wave of Covid-19 pandemic since March 2021, where the number of new cases has increased significantly in India, has resulted in re-imposition of localised/regional lockdown measures in various parts of the country.
The impact of the Covid-19 pandemic on us is uncertain and will depend on the spread of Covid-19, the effectiveness of current and future steps taken by the governments and central bank to mitigate the economic impact, steps taken by the Bank and the time it takes for economic activities to return to pre-pandemic levels. Our capital and liquidity position is strong and would continue to be a focus area for the Bank during this period.
Crises in the nature of economic events, financial risks, geo-political tensions, natural calamities, climate change and health epidemics could affect the Indian economy or the economy of countries where we operate. The global financial crisis in 2008 and the global outbreak of the Covid-19 pandemic are events that have significantly impacted the Indian economy and businesses and have created new challenges for banks. Further, this could lead to changes in laws, regulations and policies subsequently, which could affect our business in general, our operations, our products and services and could reduce profitability.
The Bank focusses on building capabilities on an ongoing basis to respond to such events, including natural calamities and epidemics. The response could be through various channels including strengthening our financial position by maintaining a strong balance sheet and ensuring adequate buffers in capital and liquidity, continuously enhancing risk management practices in credit and operations, business continuity planning, skilling employees, alternate infrastructure facilities and other such responses. In fiscal 2021, we made additional Covid-19 related provisions to mitigate any stress that could emerge due to the pandemic. We also raised equity capital of ₹150.00 billion and further strengthened our capital position with capital adequacy ratios significantly above regulatory requirements as of March 31, 2021.
Developments in the Indian economy could have a material impact on growth and value creation in the Bank’s business. Our presence in international markets also exposes us to risks from global developments. Uncertainties exist due to India’s high dependence on global crude oil, capital requirements, evolving policies and sustainable job creation. These risks are heightened in view of the coronavirus pandemic and the second wave where the number of new cases has increased significantly in India.
The Bank closely monitors developments in the global and Indian economy. We have a dedicated team for monitoring and evaluating the impact of macroeconomic trends. We have an established Country Risk Management Policy which addresses the identification, measurement, monitoring and reporting of country risk. The Risk Management Group continuously monitors all sectors as well as corporates within the sectors and country risks.
Our core business is lending which exposes us to various types of credit risks, especially failure in repayments and increase in non-performing loans. Our loan portfolio includes retail loans and corporate loans which are vulnerable to economic risks. These risks are heightened in view of the Covid-19 pandemic. Banks in India are subject to directed lending requirements that may create additional risks. Further, legal and regulatory changes and increasingly stringent requirements regarding non-performing loans and provisioning for such loans could also be a risk.
The credit-related aspects in the Bank are primarily governed by the Credit and Recovery Policy approved by the Board of Directors. The Bank measures, monitors and manages credit risks at an individual borrower level and at the portfolio level. In the last few years, we have refined and strengthened our framework for managing concentration risk, including limits/thresholds with respect to single borrower and group exposure. Limits have been set up for borrower group based on turnover and track record and on lower rated borrowers. Further, we have pursued a strategy of building a granular and diversified portfolio and lending to better-rated corporates. At March 31, 2021, around 73% of our total loan book was to borrowers internally rated A- and above, and there has been a meaningful change in the profile of exposures to top borrowers and groups. In view of the outbreak of the Covid-19 pandemic, we made the provisioning policy more conservative during fiscal 2021.
Movements in interest rates, foreign exchange rates, credit spreads and equity prices could impact our Net Interest Margin, the value of the trading portfolio, income from treasury operations and the quality of the loan portfolio. These risks are heightened in view of the coronavirus pandemic. Banks in India are subject to statutory liquidity ratio requirement, capital and liquidity requirements that structurally exposes them to interest rate risks and liquidity risks. Further, deposits are an important source of funding which are primarily short-term in nature and banks face the risk of asset-liability mismatches if not rolled over by depositors.
The Investment Policy, Asset Liability Management Policy and Derivatives Policy, approved by the Board of Directors, govern the treasury activities and the associated risks and contain the limits structure. The Asset Liability Management Committee which includes the MD & CEO, wholetime directors and senior executives periodically reviews the Bank’s business profile and its impact on asset liability management. Periodic monitoring is done by the Market Risk Management Group which recommends changes in policies, processes and methodologies. Building a strong liability franchise is a core strategic focus for the Bank.
During fiscal 2021, we maintained strong capital and liquidity positions, which were significantly above regulatory requirements. Further, we participated in creating the financial infrastructure for the transition from LIBOR. We executed our first interbank money market transaction linked with Secured Overnight Funding Rate (SOFR). This was part of the Bank’s Benchmark Transition Management plan to assess the preparedness towards a smooth transition to the new Alternative Reference Rate replacing the USD LIBOR.
There is a risk of loss resulting from inadequate or failed internal processes, people or systems or from external events. This could include fraud or other misconduct by employees or outsiders, unauthorised transactions by employees and third parties, mis-reporting or non-reporting with respect to statutory, legal or regulatory reporting and disclosure obligations, operational errors including clerical and recordkeeping, and system failures.
In light of the Covid-19 pandemic, operational and business continuity risks could arise related to, among other things, the impact on employee health, maintaining the service levels for customers, work place management, the remote work environment and ensuring availability of critical functions and IT systems.
The Bank has put in place a comprehensive system of internal controls, systems and procedures to monitor transactions, key back-up procedures and undertaking regular contingency planning. The governance and framework for managing operational risks is defined in the Operational Risk Management Policy approved by the Board of Directors.
In response to the Covid-19 pandemic, various measures have been taken by the Bank to continue our service without interruption and to ensure safety of employees. Our IT and digital infrastructure was leveraged extensively.
Rapid technological developments and the increasing dependence on technology, combined with the continuous digitisation in banking activities have exposed banks to a host of new risks like obsolescence of IT systems, IT resiliency and business continuity, technology vendor/third party risk, incorrect/inadequate data backups, inadequate change management practices, ineffective identity and access management leading to unauthorised access to IT systems, budget overruns in IT projects, regulatory non-compliance and other relevant matters. The growing customer dependence on digital transactions and increasing volumes of such transactions requires banks, including us, to focus on the availability and scalability of our systems. Misalignment between business and IT strategies is also a formidable risk.
The Bank’s Information Technology Strategy Committee, which is a Board-level Committee, ensures that the information technology strategy is aligned with the business strategy. The Committee meets periodically to review ongoing IT projects and their schedules, major IT incidents, technology risk indicators and status of regulatory compliance. We have established policies and control frameworks on change management, logical access management, IT outsourcing and Data Centre processes to ensure that the risks are identified and appropriate mitigating controls are put in place. In addition to this, independent assessments of IT processes are carried out by the Internal Audit Group periodically to provide assurance on the effectiveness and efficiency of IT systems and processes. We have adopted an approach under the #2025 technology strategy to be able to respond to the changing dynamics in an agile and responsive manner.
Increasing reliance on technology and digitisation increases the risks of cyberattacks including computer viruses, malicious or destructive code, phishing attacks, denial of service or information, ransomware, unauthorised data access, attacks on personal emails of employees, application vulnerability and other security breaches. This could negatively impact the confidentiality, integrity or availability of data pertaining to the Bank and its customers. Given the nature of the new digital economy, the Bank also has business and operational relationships with third parties and these could also be sources of information security risk.
The Board-level Information Technology (IT) Strategy Committee oversees the cyber security-related threat landscape and the Bank’s preparedness to address these from a prevention, detection and response perspective. The Bank’s Chief Information Security Officer (CISO) is responsible for tracking the risks. Confidentiality, Integrity and Availability (CIA) form part of a comprehensive information security framework that the Bank has put in place. The Bank also lays emphasis on customer and has invested in the areas of phishing protection, adaptive authentication, awareness initiatives and has also taken industry leading initiative in providing customers easy and immediate ability to configure their risks and limits.
The environment for financial institutions is seeing unprecedented changes in laws, regulations and regulatory policies. This could increase the risks of compliance and regulatory action in the form of fines, restrictions or other sanctions for instances of regulatory failures. The failure to comply with applicable regulations by employees, representatives, agents, third-party service providers either in or outside the course of their services, may result in inquiries or investigations by regulatory and enforcement authorities either against the Bank, or such employees, its representatives, agents and third-party service providers.
The Bank has a dedicated compliance team that continuously monitors new developments and updates the Bank’s senior management on their implications. All relevant groups in the Bank build capabilities on an ongoing basis to be able to respond to regulatory changes in a time-bound manner. The Bank also actively participates in forums and advisory groups for the development of policies in the financial sector. The Bank seeks to have a strong compliance culture driven by the organisation’s leadership. There are well-articulated policies with regard to code of conduct, whistleblower complaints, redressal mechanism for complaints and engagement with agents and third-party vendors. The Bank also benchmarks and seeks to adopt industry-best practices.
Any negative publicity arising from actual or alleged conduct including lending practices and credit exposures, the level of non-performing loans, corporate governance, regulatory compliance, sharing or inadequate protection of customer information and actions taken by the government, regulatory bodies and investigative agencies could impact the Bank’s reputation. It can also impact the Bank’s ability to attract or retain customers and expose it to litigation and regulatory action.
The Bank has a Reputation Risk Management Group which identifies, assesses and monitors the risk in accordance with defined policies and procedures. Further, the Bank has well-articulated policies on various aspects including business conduct, employee conduct, compliance, IT and other relevant identified areas that could potentially create reputation risks for the Bank
The ability to attract, motivate and retain talented professionals and the availability of skilled management is critical to successfully implement the Bank’s strategy and compete effectively. The loss of key senior executives or qualified young professionals and failure to replace them in a time-bound manner could impact the business.
Our human resource function is aligned to the strategic objectives of the Bank. We have made a strategic shift in our way of working. One such initiative was removing the organisation's grade-based hierarchy for the Bank's senior management. We have moved away from centrally driven authority structures to empowering the frontline business heads to consider suitable structures, resourcing, product models and driving market-specific service innovations. Training is an integral part of building talent and ensuring that relevant skills are available in the Bank. We have a strong bench for all key positions and continuously measure the depth of succession for all critical leadership roles.
Ensuring safety and well-being of our employees during the Covid-19 pandemic was of utmost importance. We ensured all steps were taken to provide a safe and healthy work environment, and also extended emotional, medical and physical support to employees on a real-time basis. We tied up with healthcare providers to deliver specialised medical care and virtual consultations for our employees as well as institutional quarantine facilities. A programme to vaccinate our employees is underway.
The Bank has a presence in multiple overseas jurisdictions, through its branches and subsidiaries, which can expose it to a variety of regulatory, legal and business challenges and increase the complexity of risks. Enhanced regulations in these countries could lead to additional scrutiny. There could also be risks arising from political changes in these jurisdictions.
The Bank’s strategy for international business is largely focussed on India-linked opportunities. There is a dedicated team overseeing the risks associated with its branches within the Risk Management Group. Further, specific teams have been set up at local jurisdictions to get a ground-level understanding of country-specific regulatory and business requirements. The Bank’s Compliance Group oversees regulatory compliance at the overseas branches, IFSC and overseas banking units.