RBI Notification

RBI Notification: Steps to Ensure Automation for NPA, Income Recognition

RBI Notification

In the latest RBI notification, RBI has mandated banks to fully automate NPA classification and provisioning calculation process. Under the new regime, all borrower accounts will be covered, and lenders will have time until 30th June 2021 to complete this process. 

Why has the RBI asked banks to automate?

RBI observed that in spite of its instructions issued on 4th of August 2011 to use IT systems in place for identification for NPA that is Non-Performing Assets and generation of related data/returns for regulatory reporting and for bank’s own MIS requirements, the processes for NPA identification, income recognition, provisioning and generation of the related returns in many banks were not fully automated. 

It observed that they were still sticking to manual identification of NPA and were also overriding the system generated asset classification by manual intervention in a routine way, which was a clear violation of its instructions.

RBI further stated in the RBI notification that to ensure the completeness and integrity of automated asset classification, provisioning classification, and income recognition processes, banks were advised to upgrade their system in order to conform to the prescribed guidelines latest by 30th June 2021. 

What kind of borrower accounts would be covered as per the RBI notification?

The RBI has stated that all borrower accounts, including the temporary overdrafts, regardless of size, sector, or types of limits, will be covered in the automated IT-based system for asset classification, up-gradation, and provisioning processes.

Further asset classification rules would be configured in the system in compliance with the regulatory stipulations. RBI noted that a system-driven approach was not there in respect of income recognition/de-recognition in case of impaired assets (NPAs and NPIs), the amount needed to be reversed form the income account and handling downgrade and upgrade of accounts through Straight Through Process. It did not like the continuance of human intervention at every level to bypass the system driven methods.

READ  Statement on Developmental and Regulatory Policies (RBI Press Release)

What does the RBI notification state on frequency?

The RBI notification states that the system based asset classification will be an ongoing exercise for down gradation and up-gradation of accounts. It said that banks must ensure that the asset classification status is updated as part of the day end process.

It further stated that banks should be able to generate a classification status report at any time with the actual date of classification of assets as Non-Performing Assets/Non-Performing Investments.

Exceptions provided by the RBI:

  • In an exceptional circumstance where a manual intervention is needed to override the system classification, it is required to have two-level authorization. Such delegation of powers for authorization of exceptions should be according to the board-approved policy of the bank and should be done, preferably from a centralized location and suitably documented. If the CEO authorizes, his action will be reported to the board for information.
  • Any such intervention will have appropriate audit trails and subject to the audit by concurrent and statutory auditors.
  • The detailed reports of such manual intervention shall be placed before the Audit Committee/Audit head regularly.
  • Further, the Reserve Bank has asked banks to maintain logs for all exceptions that is manual interventions/ overrides, including but not limited to the date and time stamp, purpose/reason, user Ids name, and designation of those making such a manual intervention and necessary account details.  These logs should be stored for a minimum period of three years and not be tampered with during the storage period. These logs would be system generated.

What are system requirements and system audit?

The RBI notification stated that in case a separate application outside the CBS system is used as the system for the identification and or classification of NPA/NPI, the system should have access to the required data from CBS and or other relevant applications of the bank and the borrower/investment accounts has to be updated back into the CBS automatically, wherever applicable through Straight Through Process.

READ  Reserve Bank of India (Government Securities Lending) Directions, 2023

Further, there should be a periodic system audit at least once in a year by internal/ external auditors duly certified on system parameters as also from the perspective of compliance to income recognition, asset classification, and provisioning guidelines.

Baseline requirements for the NPA classification solution

RBI Notification

Data Input

The RBI notification states that data input in the system by any means should be fully captured and stored without truncation. For e.g., Timestamp- with date and time, narration field, or any other text data captured.

The banks are required to ensure the presence of necessary validation/verification checks in the solution for the user inputs, wherever applicable, and such validations, among other things, must check for data type validations, minimum/ maximum value, exceptions, etc.

The RBI has stated that such manual validations done with master data (or parameters used in asset classification fed into the system according to the internal policy of the bank) can prevent issues relating to the incorrect entries seen in margin setting, moratorium period, security valuation, repayment schedule, products mapped or linked to different categories of account holders (as per applicability), etc. The data input shall be effected only after authentication and authorization.

User Access Management

The Reserve Bank has provided some technical instructions in the RBI notification. These include:

  • To ensure that all user ids in the solution have a unique identification. In the case of generic ids, it should be used only under exceptional circumstances, and such ids should be mapped mandatorily to the employee id of the user to fix accountability of the activities carried out under generic id.
  • Provide for two factors or higher level of authentication for the users of the application. Restrict the access to the solution on need to have/least privilege basis for all the users. 
  • Provide for maker checker authorization/control for transactions (an illustrative list of transactions includes updating/modifying the internal accounts, customer accounts, parameters- both financial and non-financial that affect the status of the credit portfolio/ loan/ asset.) entered in the solution. For e.g., activities like create/ update/ modify user ids, roles, privileges including access to various modules, updates to master data, etc. should have at least two individuals to complete the activity.
READ  Operationalisation of Payments Infrastructure Development Fund (PIDF) Scheme

Straight Through Processing

To provide for straight-through processing and support for straight-through processing integration with all critical systems/add on sub-systems/modules etc. in a seamless and secure way for NPA/NPI classification as per existing guidelines on Income Recognition and Asset Classification[1] (IRAC).

Back end data access restriction

Any changes to data, parameters from the backend will be avoided. The solution should provide for changes to data only through front end. Audit trails/logs of access, changes to any data, parameters should be captured with specific user details in the system.

Audit Logs

Provisions of audit trails/logs to capture the details of the mandatory fields (that are important to complete the transaction and to identify the transaction for audit/forensic purpose in the future) of all the transactions (financial and non-financial) should be made, and logs shall be maintained for changing the master data.

In the RBI notification, it has also been instructed that system-generated activity logs of the users and administrative privileges should also be maintained.  Secure storage and retention of logs encrypted format with access control in an archival solution.

System Generated NPAs

It is prescribed that all parameters needed for NPA/NPI identification will be captured in the CBS or associated sub/systems/modules meant for NPA/NPI identification/classification of asset codes according to the Income Recognition and Asset Classification norms and extant guidelines.

It has also stated that provision for MIS report capturing all parameters for NPA/NPI identification would be required, and such parameters could either be configured in the database or application itself according to the architecture of the solution/Sub-system.

Test Environment

The existing test environment in the bank with the dummy data and the functional logic similar to the product environment of the solution is required to be made available to the supervisors during their onsite supervisory visits as per the requirements.

Conclusion


The RBI notification on automation for NPA is expected to strengthen the reporting system of NPAs in a seamless manner to gain information without any manual intervention. Banks must sincerely follow the instructions of RBI, and any non-adherence shall lead to supervisory or enforcement action against the concerned bank.

NT372E157BAAD1114EFCA3055B5EC99ECB18

Read our article:RBI Notification: Opening of Current Accounts by Banks

Trending Posted