Money & Finance

Strengthening risk-management capabilities in the financial sector

  • Blog Post Date 07 June, 2021
  • Perspectives
  • Print Page
Author Image

K. Srinivasa Rao

Institute of Insurance and Risk Management

Non-banking financial companies are rapidly inundating the financial intermediation space. While this trend has enabled greater autonomy in operations and business diversification, it has also accentuated risks. In this post, Srinivasa Rao examines the regulatory framework, and emphasises the need for financial entities to build risk-management capabilities.

Amid the fast-transforming financial sector and rising interconnectedness, the spillover risks among financial intermediaries may exacerbate – unless robust risk-management practices are adopted. In the rapidly diversifying financial landscape, non-banking financial companies (NBFCs) including fintech companies are inundating the financial intermediation space, creating intense competition and accentuating business risks. While providing more autonomy in operations and diversification of lines of business, the regulatory glare is yet to be well-aligned to balance risks from a sustainability perspective.  

The Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Insurance and Regulatory Development Authority of India (IRDAI), Pension Fund Regulatory and Development Authority (PFRDA), and Insolvency and Bankruptcy Board of India (IBBI), are working in their respective capacities to shield the financial sector from risks. However, it is crucial for financial intermediaries to enhance risk-management standards.  

The experience of the IL&FS (Infrastructure Leasing and Financial Services) and DHFL (Dewan Housing Finance Corporation) fiascos continues to haunt the NBFC sector as reminders of the missing links in risk governance and their consequences. NBFCs handling additional activities must be mindful about the associated risks and their potential impact on the sustainability of this business model. With the divide between the functions of banks and NBFCs beginning to shrink, the standard of their risk sensitivity and nuances of managing these risks need careful scrutiny. The commercial interests of the new-found activities of NBFCs should not be allowed to dilute prevailing risk-management practices. Whenever, outsourcing agencies are used, there competency and knowledge levels have to be ensured for protecting risk management. 

Shifting trends 

Between 31 March 2009 and 31 March 2019, total assets of NBFCs grew at a compounded annual growth rate (CAGR) of 18.6%, while the balance sheets of scheduled commercial banks (SCBs) grew at a CAGR of 10.7% (Rao 2020). Consequently, the aggregate balance sheet size of NBFCs increased from 9.3% to 18.6% of the aggregate balance sheet size of SCBs during this period. The asset size of NBFCs, measured as percentage of the total balance sheet value of all banks, has almost doubled during the decade and now stands at 28%. In absolute terms, the asset size of the NBFC sector (including HFCs (housing finance companies)), as on 31 March 2020, is Rs. 51.47 trillion as against the asset size of Scheduled Commercial Banks standing at Rs.180 trillion. The number of NBFCs currently regulated by the RBI is close to 10,000 and their scope of activities and last-mile connect with the hinterland is clearly on rise, thus contributing to taking financial inclusion to the next level.

NBFCs, including about 2,174 fintech companies, are set to expand their operations with innovative products. The RBI had set up a framework for a regulatory sandboxin August 2019 that allows fintech companies to test their products without any regulatory requirements before they are commercially rolled out (RBI, 2019). This will help existing and upcoming fintech companies to pre-test efficacy and build solid products that can enable them to occupy a bigger space in financial intermediation. 

The recent incidents of excesses used by digital lenders against borrowers in recovering loans attracted the ire of the regulators leading to the issue of fair practices guidelines. Fintech companies engaged in digital lending may assume an aggressive tone in lending once they have to adopt RBI regulations on fair practices for digital lenders issued in June 2020. 

Expanding the role of NBFCs

From September 2018, as the RBI began allowing the co-origination of loans by banks and NBFCs under priority-sector lending, the role of NBFCs has enhanced. As per the RBI, the co-origination model should involve sharing of risks and rewards between banks and NBFCs. The arrangement of working together, on a mutually decided agreement, will help banks and NBFCs realise their business objectives while providing more choices to customers. The model will enable NBFCs to depend largely on funding by banks that have greater access to low-cost deposit resources, for funding their rapid credit growth and hence, exploit synergies.

However, risk-management systems and procedures of banks are known to be more methodical and system-driven as they are better regulated entities. Hence, to work with banks, NBFCs may have to improve their internal risk-management systems to handle larger volumes of credit and diversified products. 

In a bid to further widen the scope and diversity of the financial sector, the RBI has been shifting its reform gear to involve non-banks in a broader framework. In its 2021-22 monetary policy (RBI, 2021c), the RBI: (i) Opened up remittance facilities through  real time gross settlement system (RTGS)/national electronic funds transfer (NEFT) to entities other than banks, (ii) While making the interoperability among prepaid payment instruments (PPIs) mandatory for KYC(know your customer) accounts, the limit of outstanding balance in such PPIs has been raised from Rs. 100,000 to Rs. 200,000, (iii) Inducing greater interoperability and full-KYC, cash withdrawal, subject to a limit, will be allowed against PPIs through ATMs/point of sale terminals. The digital thrust brought about by these measures will not only fine-tune the quality and efficiency of financial services but will also result in increased competition for banks to float funds and engage in cross-selling of products. 

On the other hand, NBFCs entering into more permitted activities, for example, the use of NEFT, RTGS – previously permitted only to banks, will result in increased interconnectedness in the financial sector. Hence, financial entities must understand and address the vulnerabilities and risks, and constantly assess the impact of shocks to or from the sector to secure themselves. 

Global trends

The role of NBFCs in India is beginning to rise, and it is poised to occupy a formidable share in financial intermediation in the coming decades. However, there is a need for a sustained focus on building integrated organisational competency. A global cue for the impending shift in the roles of banks and non-banks can be perceived. The global data trends of banks and non-banking financial institutions (NBFIs) provided by Bank for International Settlement (BIS) corroborate these emerging trends (Aldasoro et al. 2020). During 2008-2018, the combined assets of NBFIs were an estimated US$ 184 trillion, as against US$ 148 trillion of banks.

While non-banks could provide additional sources of finance to trade and industry, these can also contribute to systemic risks through links and interconnectedness with the banking system. BIS observes that in the wake of the Global Financial Crisis in 2008, G20 leaders urged the Financial Stability Board to strengthen oversight and regulation of ‘shadow banking’3. While regulators will be doing their bit, it is incumbent on financial intermediaries to act fast and brace themselves for shifting roles. 

Enhancing regulation

With the increasing role of NBFCs in direct credit intermediation, the RBI has been reiterating that NBFCs should augment risk-management practices at the board level to imbibe best practices in risk management (RBI, 2021a). In May 2019, RBI directed NBFCs having an asset size of over Rs. 50 billion to appoint a chief risk officer (CRO) with clearly specified roles and responsibilities. The CRO should function independently so as to ensure highest standards of risk management.

The RBI also introduced a risk-based internal audit (RBIA) in February 2021, with the aim of institutionalising “an independent and effective internal audit function in a financial entity to provide vital assurance to the Board and its senior management regarding the quality and effectiveness of the entity’s internal control, risk management and governance framework. The essential requirements for a robust internal audit function include, inter alia, sufficient authority, proper stature, independence, adequate resources and professional competence” (RBI, 2021b). All deposit-taking NBFCs, non-deposit-taking NBFCs with asset size of Rs. 50 billion and above, and urban cooperative banks having asset size of Rs. 5 billion and above, are covered under the RBIA of the RBI.

There is a possibility of regulatory arbitrage in the functioning of NBFCs compared to banks, and this should be navigated with caution. Although, there has been an addition of activities to the scope of NBFCs, many of them may not be well-versed in managing associated risks. Therefore, the RBI has issued a discussion paper on “Revised regulatory framework for NBFCs on a scale-based approach” in January 2021 that is still in a consultative process (RBI, 2021a). 

Peer-to-peer lenders4 and the NBFC segment, were brought under RBI regulations in October 2017 and HFCs were brought within the regulations of RBI in February 2021.


Based upon the recommendations of RBI Committee on Capacity Building (July 2014) under the Chairmanship of former Executive Director, Shri G Gopalakrishna, banks should identify specialised areas for skill development and certification of the staff manning key responsibilities.

As per the report, as part of capacity-building activities, banks should make acquiring of a certificate course mandatory in critical areas such as: (i) Treasury operations – dealers, mid-office operations; (ii) Risk management – credit risk, market risk, operational risk, enterprise-wide risk, information security, and liquidity risk; (iii) Accounting – Preparation of financial results, audit function; and (iv) Credit management – credit appraisal, rating, monitoring, credit administration (RBI, 2016).

It should be made mandatory for NBFCs to undertake skill upgradation in specific areas for their human resources, including line management. Such professional certification will ensure sustained capacity-building to equip them to protect the interest of consumers better and manage risks more efficiently. At the same time, financial entities should create proper infrastructure to disseminate financial and digital knowledge among existing and potential customers, to support the efforts of the RBI in this regard. Digital infrastructure should be put to a vulnerability test from time to time to protect it against cyber threats – the biggest operational risks. Financial entities should look beyond the commercial angle of increasing scope of activities in the long-term interest of the sustainability of their business model and build a step-by-step metrics for enhancing comprehensive risk-management capabilities. 

I4I is now on Telegram. Please click here (@Ideas4India) to subscribe to our channel for quick updates on our content.


  1. The RBI defines a regulatory sandbox as “live testing of new products or services in a controlled/test regulatory environment for which regulators may (or may not) permit certain regulatory relaxations for the limited purpose of the testing”.
  2. KYC refers to the process of verifying a client’s identity using valid official documents, or the verifying proof of possession of Aadhaar.
  3. Shadow banking refers to financial sector activity that occurs outside the regulatory perimeter, including microfinance institutions that cater to those otherwise unbanked, and specialised infrastructure finance companies.
  4. Peer-to-peer lending refers to the practice of lending money to businesses or individuals using online services that match lenders with borrowers.

Further Reading 

1 Comment:

By: Shyamadas Banerji

It is good that NBFCs are expanding in India as Indian commercial banks are slow to respond to customer needs and transactions costs are high. Fintech companies which are stepping into the financial sector will provide more competition to both banks and conventional NBFCs. A robust regulatory framework is essential covering both these new groups. It is important for institutions to strengthen risk management going beyond RBI guidelines. RBI should provide strict oversight and perhaps there is a need for a new regulatory institution to supervise NBFCs and Fintechs. In the USA, a bank's primary federal regulator could be the Federal Deposit Insurance Corporation (FDIC), the Federal Reserve Board, or the Office of the Comptroller of the Currency. Within the Federal Reserve System are 12 districts centered around 12 regional Federal Reserve Banks, each of which carries out the Federal Reserve Board's regulatory responsibilities in its respective district. Credit unions are subject to most bank regulations and are supervised by the National Credit Union Administration. The Financial Institutions Regulatory and Interest Rate Control Act of 1978 established the Federal Financial Institutions Examination Council (FFIEC) with uniform principles, standards, and report forms for the other agencies.[2] State regulation of state-chartered banks and certain non-bank affiliates of federally chartered banks applies in addition to federal regulation. State-chartered banks are subject to the regulation of the state regulatory agency of the state in which they were chartered. For example, a California state bank that is not a member of the Federal Reserve System would be regulated by both the California Department of Financial Institutions and the FDIC. Likewise, a Nevada state bank that is a member of the Federal Reserve System would be jointly regulated by the Nevada Division of Financial Institutions and the Federal Reserve. In addition there is the Consumer Finance Protection Agency which provides regulatory oversight. The bank examiners in USA are highly trained professionals who track their wards ie. banks and other financial institutions and can put an institution on a watch list. I think India needs to strengthen its financial institution examiners and develop their capacity to monitor institutions and the quality of management. With Fintechs proliferating, what are the minimum qualifications of promoters and managers ? Are there any RBI guidelines on these matters? What is to prevent fraudsters from setting up fin techs or credit card or housing finance companies out to cheat customers ? What about external audits of financial institutions by professional audit companies? Are there sufficient qualified banking or NBFC auditors? Are there external audit guidelines issued by the RBI in general and for NBFCs and Fintechs? Indian banks have a poor reputation with high levels of non-performing loans which can be evergreen using a variety of methods. Given the complexity of financial products and the risks associated with them, discipline and technology is essential to keep up with the exchanging landscape.

Show more comments
Join the conversation
Captcha Captcha Reload

Comments will be held for moderation. Your contact information will not be made public.

Related content

Sign up to our newsletter