RESERVE BANK OF INDIA

HDFC Bank Ltd.

Assessment as on March 31, 2013

Risk Assessment Report

Findings on Capital and Earnings
Major Areas of Non Compliance
Table of Contents

I. RISK ASSESSMENT REPORT .............................................................................................. 2

II. FINDINGS ON CAPITAL AND EARNINGS ...........................................................................19
III. MAJOR AREAS OF NON-COMPLIANCE (REGULATORY GUIDELINES) ..........................24

Confidential Page 1 of 33
 RISK ASSESSMENT REPORT

INTRODUCTION
The Risk Assessment of HDFC Bank for 2012-13 under the Supervisory Program for
Assessment of Risk and Capital (SPARC) was completed with March 31, 2013 as
the reference date. The assessment has been made based on the off-site analysis of
the data and information furnished by the bank as well as the findings of the on-site
Inspection for Supervisory Evaluation (ISE) which was undertaken from September
16, 2013 to October 4, 2013. Based on the off-site and on-site evaluation,
Preliminary Risk Assessment Report was issued to the bank on November 19, 2013
and the issues therein were discussed with the bank’s top management on
November 22, 2013. (The bank’s submissions were taken into account and the
Revised RAR was issued on November 26, 2013). Deputy Governor discussed the
major supervisory issues with the MD & CEO on November 28, 2013.
Part I of this Risk Assessment Report highlights the quality of governance and
oversight at the bank level; risks inherent to the operations of the bank in different
business areas and the gaps observed in various controls put in place to manage
those risks. Part II of the report details the findings on Capital and Earnings. Part III
of the report captures the Major Areas of Non-Compliance.

Confidential Page 2 of 33
 PART I

A. SUMMARY OF AGGREGATE RISK

Inherent Risk Control Gap Aggregate Risk

Risk Category
A (1-4) B (1-4) 0.7*A +0.3*B
Board 1.656
Senior Management 1.817
Risk Governance 2.498
Internal Audit 2.286

Credit Risk 2.298 1.733 2.129

Market Risk 2.285 1.495 2.049
Liquidity Risk 2.021 1.307 1.807
Operational (non-IT) Risk 2.029 2.320 2.116
Operational (IT) Risk 2.545 1.800 2.322
Other Pillar II Risk 1.299 1.860 1.467

2.04
BANK LEVEL AGGREGATE RISK
Medium Risk

The bank level aggregate risk was assessed at 2.04, indicative of ‘Medium Risk’.
The supervisory stance pointed to ‘Active Oversight’.

Confidential Page 3 of 33
B. FINDINGS AND CONCLUSIONS

1. Governance and Oversight (Aggregate Score : 2.04)

Major findings/ observations

1.1 Board Score: 1.656

1.1.1 There was no system of written communication to directors informing the

terms of appointment, responsibilities or expectation from him/her. Board had
been reviewing its pending decisions in each and every meeting. However,
board minutes were signed only in the next meeting which generally
happened once in two to three months. On account of this, decisions taken by
board technically used to remain pending till the next board meeting. Critical
areas like implementation of KYC / AML guidelines need enhanced
monitoring as non-adherence to extant guidelines led to imposition of penalty
by RBI. There was no effective succession planning for Directors/Top
Management.
1.2 Senior Management Score: 1.817

1.2.1 It was observed that Head of Internal Audit was in-charge of Vigilance
Department also. In view of the size and scale of operations of the bank,
there was a need of exclusive officials to Head internal audit as well as
Vigilance Department with different reporting line.
1.3 Risk Governance Score: 2.498

1.3.1 Chief Risk Officer: The senior management personnel who exercised
oversight over credit risk and market risk function did not have any oversight
of operational risk management. The head of operational risk, not a senior
management functionary, also performed the role of various credit/loan
administration functions. Further, the head of operational risk management
function also reported to the head of operations which was in direct conflict
with the fact that the risk management function had to be independent of
operations and business. The risk management function of the bank was not
aggregated to a designated Chief Risk Officer.
1.3.2 Credit appetite: The incremental credit appetite of HDFC Bank to the extent
not communicated / not committed to customers was 2,524,000 mn as on
March 31, 2013. Considering that the Risk Weighted Assets due to credit risk

Confidential Page 4 of 33
 was 2,660,049 mn, and the loans and advances was 2,397,206 mn this
incremental credit appetite was disproportionate as it was not linked to the
available capital.
1.3.3 Conflict of Interest: The bank had 44 Compliance Liaison Officers who had
only dotted line reporting to the Chief Compliance Officer. These officers were
rather primarily responsible for ‘operations’ which was in direct conflict with
the role of compliance.
1.4 Internal Audit Score: 2.286
1.4.1 Scale and Scope: 2,007 out of the 3,060 individual branches were covered
under the Risk-based internal audit during 2012-13 with a compliment of 280
staff members. However, the expansion in audit function was not
commensurate with the high level of customer complaint and frauds that the
bank was exposed to during the year not to mention the recent pace of
opening of new branches. In multiple cases, audit of branches was completed
on the same day or on the next day and the same auditor was assigned to
audit more than one branch simultaneously. The process of auditing of insider
trading controls was instituted 15 years back and was not reviewed since
then. Further, the audit was limited to oversight of share dealings in HDFC
bank’s shares during the shut period, and that too for those employees who
were maintaining DP account with the bank. The internal audit function does
not audit to detect for any breaches in the "Chinese walls" that are supposed
to be in place between the investment banking and commercial banking
function of the bank.
1.4.2 Reporting to ACB: Though there was a well-defined policy to report
objectively and impartially, critical exceptions in few branches were not placed
before the ACB as the overall rating of the branch was ‘satisfactory’. In case
of forex audit, the internal auditor had rated the branch as 'Satisfactory'
despite serious operational errors. The auditors were also not capturing or
certifying the near miss data to arrive at operational loss figure for the branch.
On many occasions, the reports lacked critical comments by the auditors.
Even where critical exceptions were observed by internal auditors, branches
were rated as ‘satisfactory’. Some of these critical exceptions were: (i) Two
instances of operational errors in RTGS transfers ( 7.20 lakhs) were rectified
only on receipt of customer complaint (Khar branch, Mumbai); (ii) Delays up

Confidential Page 5 of 33
 to 44 days were observed in the reversal of amounts parked in the deferred
credit account to the customer accounts; (iii) nineteen instances of
transactions above 50,000 in one branch without PAN details; (iv) ineligible
rupee fund transfer credited was processed in NRE accounts totaling 9.5
lakhs; (v)many customer accounts were not credited in time where
correspondent bank had rejected the transaction for want of details. Delays of
8 to 24 days were observed; (vi) there were instances of holding of amount in
suspense account beyond 7 days, and permission from Regional Head had
not been obtained for debiting the suspense account in many cases.

2. Credit Risk: Aggregate Score (2.129)

2.1 Inherent Risk Score:2.298

Major findings/ observations

2.1.1 Portfolio Quality: There was a significant increase in the amount of fresh
NPAs. However, the amount of upgradation/ recovery had stagnated. Bank
followed a very aggressive write off policy (including principal sacrifice and
interest waivers). The loans sanctioned around hurdle rate during the year
were on the higher side and had shown an increasing trend. Un-reckoned
intra-day exposure had shown significant increase during the year. The bank
had arrived at the probability of default (PD) for each rating grade and each
retail portfolio product program based on the historical default data of the
individual exposures within the particular rating portfolio or retail product
portfolio. The weighted average PD for the total advances portfolio was
2.05%. The weighted average PD for the retail advances portfolio was 2.02%.
These weighted average PDs were worse than the PD of 2.00% that was
applicable to its HDB 8 internal rating which was mapped to an external rating
equivalent to non-investment grade.
2.1.2 Probability of Default vs Realised Default: In case of wholesale portfolio,
the realised/actual default at 0.82% in the HDB 4 rating was more than the
PD of 0.73% attributable to the loan origination and underwriting process of
the bank not being able to discover fraudulent behavior of the borrower. As
for the retail portfolio, a total of 17 of the 37 retail product programs had
realised defaults higher than the PD. These were observed in Commercial

Confidential Page 6 of 33
 Vehicle Loans, Construction Equipment Loans, Two wheeler loans, Gold
Loans and Loan against shares/securities. Further, these segments also had
a high level of quick mortality.
2.1.3 Rating - Pricing: In the wholesale portfolio, the weighted average interest
rates of loans extended to relatively better credit rating grade was higher than
the rates extended to lower credit rating grades. In the retail products
category, borrowers of product programs with lower expected loss were being
charged a relatively higher rate of interest vis-à-vis borrowers of product
programs with higher expected loss. An analysis of the loans sanctioned
during the month of September 2013 across 37 retail product programs
revealed a wide variation with rate of interest ranging from 9.80% to
27.39%.Further, of the 37 product programs, 28 had interest rate variation
within each program of more than 3%. This despite the fact that the previous
AFI had reported that the range of interest charged from the customer of retail
advances was high and it ranged from 9.25% to 29.98% and in response to
which a committee set up by the bank had decided to cap the rate of interest
at 24%. The bank had significant pricing power in the retail portfolio due to
which it was in a position to price these loans at a rate much above the rate
that would be warranted based on expected loss history. These revenue
streams allowed the bank to have an aggressive write off and provisioning
policy. This ensured it to have a relatively stable net profit in the past but
relatively volatile net provisioning and write off as the bank made provisions
over and above the minimum regulatory prescriptions.
2.1.4 Appraisal and Post disbursement monitoring: Inadequacies were
observed in the Gold loans portfolio. Comprehensive credit appraisal and
approval process were carried out in the case of gold loans above ` 1 mn
only. Post disbursal supervision and monitoring of end use were not strictly
carried out in the case of gold loans. As per Board's approval in March, 2013,
the bank had written off gold loan amount of 31.4 mn in respect of 168 gold
loan accounts as the gold pledged was found to be spurious. Enquiry
revealed that the appraiser had colluded with the customers in defrauding the
bank. Subsequently the bank introduced the concept of second appraiser and
scrutiny by appraisers in RIC (Risk Intelligence and Control Unit) team. In
April 2013, the bank conducted review of gold loans greater than 2 mn and

Confidential Page 7 of 33
 started taking corrective steps including recall of loans where deficiencies
found.
2.1.5 Opening of Current Account: It was observed that the bank had opened
current accounts of entities which had no credit facilities from the bank. The
bank had not followed the due diligence properly while opening the accounts
e.g. ascertaining whether the account holder had any account with any other
bank, having any other credit facility from any other banks, etc. This aspect
was brought to the notice of HDFC Bank through correspondence by other
banks but no prompt, effective action was initiated. It was observed that as on
March 31, 2013 out of 14,85,066 current accounts maintained by the bank
there were 11,01,185 current accounts where the customers was not availing
any credit products. Further, it was observed that as on March 31, 2013 the
bank was having 14,522 borrowers who enjoyed only non-fund based
facilities. Such practice in the bank could lead to higher credit risk for the
banking system as a whole.
2.1.6 Un-hedged forex exposure: It was observed that the bank does not have a
robust process of getting the information regarding the un-hedged foreign
currency exposure of its borrowers. Though the bank was able to get the
information regarding the un-hedged portion of the forex facility provided by it
but could not gather the said information regarding the overall un-hedged
forex exposure of the borrowers. The bank submitted that in spite of repeated
requests, other banks had not provided the said information to them. As the
bank was not in a position to know the total unhedged forex exposure of its
borrowers the default risk could be higher.
2.2 Control Gap Score:1.733

Major findings/ observations

2.2.1 Geographical concentration – The bank had not evaluated the geographical
concentration of its credit portfolio. As the bank was in the process of
expanding its branch network, recognition of geographical concentration will
help the bank to mitigate credit risks.
2.2.2 Intra-day exposure – There were breaches in the intra-day exposure and the
controls were found to be inadequate.
2.2.3 Restructured accounts – The system was not capable of flagging the

Confidential Page 8 of 33
 restructured accounts which dilutes monitoring of it.

3. Market Risk: Aggregate Score (2.049)

3.1 Inherent Risk Score: 2.285

Major findings/ observations

3.1.1 Trading Book: Interest rate risk in the trading portfolio was predominantly in
the ‘upto one year’ and ‘above five year’ maturity bucket. The average
aggregate gap utilisation was 53.98% of the limit of $5000 mn .

3.1.2 Banking Book: Present Value of liabilities across maturity buckets was more
than the Present Value of assets across maturity buckets. Bank has
experienced pre-payments in its loan portfolio and low level of rollover in its
deposits portfolio.

3.2 Control Gap Score: 1.495

Major findings/ observations

3.2.1 VaR calculation and Back Testing Methodology: There could be
underreporting of breaches since the bank was fixing the VaR Limit on a 10
day rolling period basis while the MTM of the exposure was being computed
on a daily basis. Further, the Market Risk policy of the bank provided for
consecutive breaches on account of similar factors to be considered as one
breach. The extant guidelines on back testing do not provide such leeway.
3.2.2 Stress testing framework: The regular stress tests – both scenario and
sensitivity based - were limited to periods of stress in the observation
period/historical stress scenarios. As, the bank relied only on historical stress
scenarios, it ran the risk of not adequately capturing all probable stress
scenarios.

3.2.3 Conflict of interest: The Head of private banking continued to have

oversight over the proprietary equity trading of the bank which gave rise to a
conflict of interest between the two functions performed by the bank.
3.2.4 Embedded Optionality and Basis Risk: Despite clauses in the loan

Confidential Page 9 of 33
 agreements which prevented the customers from making pre-payments for
certain period after disbursements and despite levying foreclosure charges,
there were instances of prepayments which needed to be captured by way of
embedded optionality. The risk of underestimation of interest rate risk due to
pre-payments and pre-mature withdrawals was not captured in the IRRBB.
Basis risk was not being considered while evaluating IRRBB.

4. Liquidity Risk: Aggregate Score (1.807)

4.1 Inherent Risk Score: 2.021

Major findings/ observations

4.1.1 Source and use of funds: As on March 31, 2013 CASA was 35% of total
liabilities and 47% of the total deposits. On a Y-O-Y basis, average increase
in balance sheet of the bank was 22%, an increase of 626,698 mn. While
internal capital generation was funding the average balance sheet expansion
to the extent of 11%, 52% of this increase was funded by term deposits and
8% through borrowings. Only 21% was funded by CASA deposits. 44% of
the term deposits mobilised by the bank was of amount 10 mn and above.
The incremental CD ratio of the bank based on average increase during the
year was 98.95% leading to increased reliance borrowing.
4.1.2 Level of excess SLR: The bank was posting collateral in the form of
Government Securities to Central Counterparties and clearing house of
various stock and commodity exchanges which were having varying level of
encumbrances on an intraday basis. Apart from this the bank was availing
intraday day liquidity to the extent of 256,300 mn (average of 104,890 mn).
While the bank was never in breach of the requirement of maintaining SLR,
the level of excess SLR which was less limited to the extent of 68140 mn
(average of 51,916 mn) was less than the extent of IDL availment during
the course of the day.
4.1.3 Intraday exposure: Unlike RBI's intraday exposure to counterparties which
were secured through IDL against Government Securities, the bank assumed
intraday exposure to counterparties on an unsecured basis. Moreover, the
bank was assuming intraday exposure over and above the limit sanctioned to
the customer, without the bank reckoning the same for the capital calculation

Confidential Page 10 of 33
 and capital market exposure calculations as these additional limits were not
unconditionally cancellable. This practice of taking on exposure, albeit
intraday, even beyond the sanctioned limits to the counterparties, allowed the
bank to avoid earmarking capital. Further, in the case of exposure to mutual
funds, the intraday exposure was being secured by the bank with a line on the
underlying units of the mutual funds. That this interest was having a priority
over the interest of the unit holder’s was not communicated to SEBI.

4.2 Control Gap Score: 1.307

Major findings/ observations

4.2.1 The bank still relied on human intervention in collating the information and
generating various reports. The bank did not have committed lines of credit
from other counterparties for raising rupee resources. The bank was yet to
comply with the MAP points and was yet to fully put in place a system to
measure the intraday exposure that it was running across counterparties at
any point in time during the course of the day. As on date it was only in a
position to generate on a T+1 basis the peak intraday exposure of
counterparty on the previous day.

5. Operational (Non- IT) Risk: Aggregate Score (2.116)

5.1 Inherent Risk Score: 2.029

Major findings/ observations

5.1.1 People: As on March 31, 2013, the bank had a total of 48,520 permanent
employees and 20,881 contract employees The bank had a vacancy of 1775
across 15 positions/designations as on March 31, 2013. The cost incurred on
outsourced services during 2012-13 was at 14935 mn. As on March 31,
2013, the bank had 1456 material vendors and 6820 non-material vendors.
The bank utilized only 47% of the total training expenses budgeted for the
year 2012-13 which showed its lack of interest in developing skilled
manpower to handle specialized jobs. This assumed greater importance in
the context of the attrition rate during 2012-13 among sales and/or front office
employees which was high at 28% and that among the senior management/

Confidential Page 11 of 33
 key employees at 3%. During 2012-13, only 30% of the eligible employees
had availed of the mandatory leave leading to situations which could facilitate
operations / transactions which are not in the interests of the bank. The bank
had no mechanism to determine the level of People Risk as per business
verticals.
5.1.2 Frauds: A total of 1,234 fraud cases involving 230 mn were reported during
2012-13, an increase of 142% in number and 7% in amount over 2011-12.
5.1.3 Customer Service: The total number of pending customer complaints as on
March 31, 2013 had also gone up to 2304 vis-à-vis 1436 as on March 31,
2012. In total, 65099 complaints had been received during the period April
2013 to august 2013, and the number of complaints displayed an increasing
trend.

5.1.4 Parabanking: The following issues were observed with respect to the third
party and / or private banking business:(i) Despite the sensitive nature of the
business, the Investment Advisor (IA), who apart from performing the
advisory role for recommending various third party products, was also the
exclusive point of contact with the customers for critical functions such as
responding to transaction alerts generated by the AML system. (ii) IAs were
not subjected to job rotations and could have the same clients forever.
5.2 Control Gap Score: 2.320

Major findings/ observations

5.2.1 KYC/AML: The following deficiencies were observed :-
(a) There was no system of verifying customer details against the UNSCR
sanctions/other negative list before opening/activating the account.
(b) The KYC/AML/CFT policy does not consider the results of monitoring of
'wire transactions' for six monthly review of risk categorisation.
(c) No separate scenarios for monitoring domestic wire transactions
exclusively.
(d) There was no evidence of any historic behavioural analysis of the
customer’s pattern of transactions, risk categorisation, peer groups, account
type, vintage of customers (existing/new accounts), resident/non-resident
status etc carried out by the bank when the initial threshold limits were fixed
or whenever the threshold limits for new scenarios were introduced. The

Confidential Page 12 of 33
 officers involved in closing the alerts were able to view the threshold limits
fixed for each and every scenario. Compromise of such limits with the
businesses could not be ruled out. Further, there was no audit trail to prove
that analysis of transactions was not just limited to transactions which had
breached the threshold limit.
(e) The Officers who were disposing the alerts did not have access to the
system which contained data on cross border inward and outward remittance.
(f) On an average the AML Officer had to dispose of around 125 alerts
generated in a day. Each alert was being closed on an average of four
minutes which was too short a period in order to understand the transactions
which have triggered the alert, verify KYC profile, peruse pattern of
transactions in the previous months, etc. In majority of the closed alerts a one
line comment had been made which did not specify the kind of
perusal/investigation made by the officer for alerts disposed off as false
positive.
(g) The AML application lacked audit trail of the number of reviews done or
carried out by the reviewer. It also lacked the audit trail of cases escalated to
AML Head or PMLRO.
(h) The AML application did not have the capability of flagging cases where
STR was already reported.
(j) There was no audit trail in the system to show that the decision to file an
STR with FIU-IND was actually taken by PMLRO. The PMLRO had neither
accessed the AML application for the past six months as on October 4, 2013
nor tracked the relevant MIS that could be generated by the system.
(k) Apart from the alerts being generated by the AML application, the bank
had been generating exception reports for 48 scenarios by running query
directly in various IT systems. A group of 6 to 8 AML team members ran
through the exception reports & selected certain cases "manually". Hence, a
lot of subjectivity existed in such cases for identifying transactions before
sending the same to branches for their responses or disposing the same by
the AML team. In some cases STRs were directly filed without any analysis at
all.
(l) The quality of closure of alerts generated through exception report was a
matter of concern because there was no audit trail as to who examined the

Confidential Page 13 of 33
 alerts for which STRs were filed. Further, threshold limits for generating
exception report were disclosed to everybody.
(m) Counterfeit Currency Report was being filed by the bank on a monthly
basis instead of filing the same within seven days from the date of occurrence
of transaction. However since August 2013, the bank was required to report
on monthly basis.
5.2.2 Regulatory Reporting: There was a menu in the Automatic Data Flow (ADF)
where any General Ledger Adjustments Entries could be modified without
changing the figures in the bank's core system.
5.2.3 Business Continuity and Disaster Recovery: The hardware for seven
critical applications having (high availability) at DR site had lesser
configuration vis-a-vis Production site. The CBS for Bahrain had no DR
location. Further, it also did not have a network back-up.
5.2.4 Compliance to RBI circulars: There was no process in place for obtaining
confirmation received from Groups/ business/ function heads on compliance
status of RBI circulars.
5.2.5 Preparedness towards Advance Measurement Approach Operational
Risk:- The bank had submitted to RBI a letter of intent for migration to
Advanced Measurement Approach (AMA) on September 26, 2012. With
regard to the preparedness for AMA, the following deficiencies were observed
:-

(a) As per Operational Risk Policy the following were not a key function of the
Risk Policy and Monitoring Committee (Board level Committee): (i) Approval
of operational risk capital methodology and resulting attribution; (ii) Setting off
and approval of expressions of risk appetite within overall parameters set by
the Board.

(b) Operational Risk Management Committee (ORMC) meetings were being

held half-yearly rather than quarterly.

(c) All units were not having access to bank’s Operational Risk Management
System for reporting internal loss data. Further, Internal Auditors were not
reviewing the adequacy & correctness of the reported loss data.

(d) The risk of wrong reporting/under reporting to RBI was not considered as

Confidential Page 14 of 33
 one of the risk in The Risk Control and Self Assessment (RCSA) and no
controls were mentioned in the RCSA document. There was no RCSA
validation/test checking of any of the RCSAs by the Operational Risk
Management Department (ORMD) and hence control effectiveness had not
been judged by ORMD. This had been completely left to the
businesses/operations team. The RCSA policy mentioned that units for RCSA
exercise were identified and selected on the basis of materiality of the
process of the bank, significance of unit to the overall process and volume of
business or number of products covered by the units. There were 15 units
which had incurred losses but were not covered under RCSA.

(e) In one of the Key Risk Indicators (KRIs) i.e. ‘Staff Mandatory Leaves not
availed’ which was being monitored annually, and scored high at 9.97 was
not considered for reporting to ORMC or Senior Management thus violating
their own internal guidelines.

6. Operational (IT) Risk: Aggregate Score (2.322)

6.1 Inherent Risk Score: 2.545

Major findings/ observations

6.1.1 There was a high downtime for CBS on any single spell (740 min) and
corresponding effect on internet banking (435 min). This was a result of
spillage of scheduled downtime not being adhered to. Further, total downtime
for CBS on all occasions (1639 min) during the period was also high which
affected internet banking (2004 min). There were high number of bugs (1283)
detected in the critical IT systems during the period because of the vintage of
certain systems. The IT bugs also necessitated back-end changes to be
carried out in majority of the cases. Manual intervention existed while
uploading files in 41 critical systems highlighting lack of Straight Through
Processing interfaces with regard to critical systems

Confidential Page 15 of 33
6.2 Control Gap Score: 1.800

Major findings/ observations

6.2.1 IT Strategy Committee: IT Strategy Committee member constitution,
frequency of meetings, members experience etc was not part of the IT policy
document. Out of 198 applications, the bank had 88 applications as critical.
However, only around 55 were considered for reporting to IT strategic
committee. The system uptime of critical applications like SWIFT, SFMS,
RTGS etc were not considered for reporting to IT Strategic Committee. The
system availability Service Level Agreements (SLA) signed with businesses
ranged from 97% to 99% with some of the critical applications like E-treasury,
Bancs treasury, FCC Bahrain, FCC Hong Kong etc having agreed standalone
uptime of 98%. One of the IT Long term plan framed in 2011-12 was to have
99.99% Uptime of production systems. This was still in the analysis stage and
no progress had been made so far despite two years, as not even single SLA
was signed with businesses or operations for giving 99.99% uptime. Further,
the bank lacked a road map for achieving the long term plans.

6.2.2 Critical Applications: The bank had multiple applications to interact with five
different CBS systems. Due to this manual uploads and downloads were
required in the absence of STP before getting converged in the database.
Even the new CBS which the bank had implemented was limited to retail
liability customers. A new CBS for corporate customers was still under
testing. CBS systems for corporate customers (Asset & Liability) and CBS
system for retail asset customers had been kept separate and this
mechanism was likely to continue for another three years. The main purpose
of Unique Customer Identification Code was getting defeated because of
multiple applications interacting with multiple CBS and the bank lacked a front
end system which could establish all the asset/liability relations which the
customer had with the bank. The bank had no source code for 75 critical
applications and the agreements entered with vendors did not contain penalty
clause for 34 critical applications.
6.2.3 Downtime: Net Banking customers were getting impacted because of
downtime of CBS. The bank was unable to demonstrate the Operational loss
or the Business Opportunity lost by the bank because of High System

Confidential Page 16 of 33
 downtime for all critical applications. For 35 critical applications downtime was
not being monitored at all which raises doubts about effective monitoring of
compliance to Service Level Agreements (SLAs) with the vendors.

7. Pillar II Risk: Aggregate Score (1.467)

7.1 Inherent Risk Score: 1.299

Major findings/ observations

7.1.1 High level of complaints against the bank was leading to reputation risk. The
total number of complaints received in the year 2012-13 was 135145.

7.2 Control Gap Score:1.860

Major findings/ observations

7.2.1 Reputation Risk: Legal and fraud cases are not taken into accounts while
assessing the reputation risk. Despite the recent strategy of opening
branches in semi urban and rural areas where cash dependencies are
relatively high the bank was not having an MIS on cash shortage/delays
experienced at branches. This was observed during the course of an incident
in branch located in a metro.
7.2.2 Group Risk: The limits for intra-group transactions were as per the bank's
credit policy on regular borrowers. There was no separate intra-group
exposure limit.
7.2.3 Strategy Risk: The long term business strategy of the bank was not
approved by the Board.
7.2.4 Credit Disclosure: As on March 31, 2013, the retail exposure was 67% of
the total advances portfolio. The individual borrower wise rating was therefore
applicable to only 33% of the advances and the remaining exposures were
subjected to a portfolio wise rating – pricing matrix. This was not explicitly
disclosed in the annual report in terms of the business mix of its retail and
wholesale exposure. Therefore, it had led to an underreporting of the retail
exposure in the disclosure made by the bank in the segment wise reporting.

Confidential Page 17 of 33
 PART II

FINDINGS ON CAPITAL AND EARNINGS

1. Capital & CRAR – Basel II

Capital (in Billion)

Particulars Reported Assessed

Tier I 339 339

Tier II 175 175

CRAR (in %)
Particulars Reported Assessed
Tier I 11.08 10.97
Tier II 5.72 5.67

2. Major Areas of financial divergence

( in mn)
Area/ Description Position as per bank Assessed position
Credit Risk – RWA 2660409.00 2688885.50
Market Risk – RWA 151861.00 151861.00
Operational Risk – RWA 246518.00 246518.00
Total RWA 3058788.00 3087264.50

Priority Sector Classification ( in mn)

Sl. Parameters Amount reported by bank Misclassifi Actual Shortfall Reasons

No cation Achievement for
identified as assessed declassifi
by SSM by SSM cation

Target Achieved

1 Total Priority 727990.32 772573.80 308.50 772265.30 0

Sector

2 Direct 245696.73 228859.40 221.70 228637.70 17059.03 End

Agriculture use not
ensured

3 Indirect 81898.91 62829.80 4.00 62825.80 19073.11 -do-

Agriculture

Confidential Page 18 of 33
 4 Total 327595.64 291689.20 225.70 291463.50 36132.14 -do-
Agriculture

5 Weaker 181997.58 109656.57 0 109656.57 72341.01 -do-

sections

6 Diff Rate of 0 0.074 0 0.074 0

Interest

7 Micro MSME 149098.68 140640.10 10.60 140629.50 8469.18 -do-

8 Small MSME 155372.30 3.70 155368.60 -do-

9 Housing 179130.60 46.10 179084.50 -do-

10 Micro Credit 0

11 PSL Others 4206.7 22.4 4184.3 -do-

@Column 11 added to get the Priority Sector Advances misclassification identified

3. Major Observations, on the Assessment of Capital Management and

Planning
(a) The bank had adequate capital in terms of the regulatory capital standards.
The Tier I contributed 65.9% (March 31, 2012-70.23%) of total capital. Tier I
capital ratio at 10.97% (March 31, 2012- 11.60%) indicated strong capital
quality, with a low level of hybrids (IPDI at only 0.59% of core Tier I capital).

(b) The consolidated CRAR and core CRAR for the group (Bank considered its
two subsidiaries HDFC Securities Limited and HDB Financial Services Ltd as
part of group) as a whole was reported at 16.90% and 11.01% as on March
31, 2013.

(c) Divergence of 28476.5 mn was observed in credit risk RWA calculation of

the bank.

(d) No inaccuracy in arriving at the RWA of market risk is observed. However,

the bank is yet to develop capability to measure the same on an “end of the
day” basis, daily. Further, the present system of computation is not
automated and involves manual intervention.
(a) Bank’s capital planning, Internal Capital Ratio (ICR), Quality of ICAAP
and user test:
i. Capital planning in the Internal Capital Adequacy Assessment Process
(ICAAP) was conducted over a three year horizon. Business targets were

Confidential Page 19 of 33
 fixed at the bank level. Last three years projected and actual figures did
not have any major divergence. For the period 2014-2016, the Bank had
modified its minimum capital levels to align with the phase-in of the Basel
III capital framework. As a part of strategic risk assessment in the ICAAP,
the Bank evaluated the key strategies that the Bank is currently pursuing
and made an assessment of the level of risk posed by each of these to
Bank during that period. The key strategies adopted by the Bank as part
of its ICAAP version 2013 are Financial Inclusion plans, Branch expansion
into rural and semi urban geographies, Technology up gradation and
International operations. However there was no assessment of the
investment banking function.

ii. In the current year, Pillar I capital charge was 275,291 mn and Pillar II
capital charge was 58,337 mn and capital buffer was 180,375 mn.
Strategic Risk, Reputation Risk, Compliance Risk, Technology Risk,
Residual Risk-securitization, Residual Risk-credit collections, intraday risk,
Group Risk and Model Risk were taken as material risk in Pillar II (non
quantifiable). While in its capital planning, capital infusion in subsidiaries
had been accounted in the capital plans and had been duly deducted from
Tier I (50%) and Tier II (50%) capital, ICAAP was not prepared on a
consolidated basis (taking into account two subsidiaries HDFC Securities
Limited and HDB Financial Services Ltd). Internal Audit department of the
Bank carries out an independent review of the ICAAP document which
includes qualitative as well as quantitative aspects. Bank had calculated
internal capital ratio as 13.87% for the current year.

iii. ICAAP was approved by Board and Risk Policy & Monitoring Committee
(RPMC).As per compensation policy bank had taken into consideration the
quantifiable risk identified under its ICAAP process, while deciding the
bonus payout for the year, which shows the centrality of the ICAAP
document in business decisions.

(b) Scope and ability to raise additional capital

i. The price to book value per share was 4.11 times. Further, the bank had
low level of hybrids (IPDI at only 0.59% of core Tier I capital) in its capital

Confidential Page 20 of 33
 structure. Hence it had scope for raising additional Tier I capital through
hybrid instruments in Basel III regime, apart from the ability to raise equity
as and when necessary.

(c) Leverage ratio and Stress Testing

i. The leverage ratio with 6.10% for the bank was well above the minimum
4.5% requirement to be maintained during the parallel run period as per the
MC on Basel III.

ii. The scenarios considered by the bank in its stress test framework were
Global recession, Political uncertainty, adverse monsoon, Euro zone debt
crisis, Subprime and excessive INR appreciation/depreciation. The results
from these stress tests carried out as on June 2013 indicated that under the
worst scenario, the capital adequacy ratio could drop by 229 bps from the
base capital adequacy of 16.00%. Additional stress tests carried out based
on scenarios suggested by the SSM – such as slackening of consumption
demand in the economy, crystallisation of credit risk emanating from the
bank’s exposure to clients with foreign currency exposure and intraday
exposures resulted in a drop of additional 106 bps. Therefore, the bank was
having a CRAR above the minimum prescribed.

Internal Generation of Capital

The total income of the bank was 419,175 mn in 2012-13. 83.65% of this was
contributed by interest income. Further, after excluding volatile sources of income
(such as income from trading, realised gains on derivatives, gains on sale of assets,
recovery from written off accounts various non stable miscellaneous income), the
income from stable sources was 96% of the total income. The balance sheet of the
bank increased by 18% during 2012-13. Its market share in deposits and advances
had increased to 4.10% (3.91% last year) and 4.70% (4.29% last year) respectively.
The assessed pre-tax ROA of the bank increased to 2.76% during 2012-13
from 2.58% during the previous period. The assessed Gross NPA and Net NPA were
0.95% and 0.20% respectively as on March 31, 2013. The assessed CRAR and
Core CRAR was 16.65 % and 10.97 % respectively as on March 31, 2013 as per
Basel II. However, the Internal Capital Adequacy Assessment Plan (ICAAP) was

Confidential Page 21 of 33
undertaken on a solo basis. The dividend payout ratio of the bank was 22.77%,
22.70% and 22.72% for the year 2012-13, 2011-12 and 2010-11 respectively. The
ratio of actual vs budgeted earning was 1.0521 for the year 2012-13 which shows
bank’s ability to meet its projections. The bank had adequate ability to generate
internal capital.

PART III

MAJOR AREAS OF NON-COMPLIANCE (REGULATORY GUIDELINES)

Action to
Regulation
Current state of be taken
Reference (Para & Regulation area/ focus
compliance by the
circular no.)
bank

RBI/2012 -13/95 Capital Adequacy – RWA Non-compliant The bank to

DBOD.No.BP.BC.16 Inadequacies observed in the application comply with
/21.06.001 /2012-13 of Risk weights had resulted in additional the extant
dated July 2, 2012 RWA of 28476.5 mn. Accordingly, the guidelines.
(Master Circular - RWAs were revised to 3087264.5 mn as
Prudential Guidelines on March 31, 2013.
on Capital Adequacy a. In case of India Infoline finance Ltd.
and Market (NBFC-NDSI) bank had applied 30%
Discipline- New Risk weight on the total exposure of `
Capital Adequacy 500 mn. Hence an additional RW of
Framework) 70% was applied on the bank’s
exposure.
b. Bank has communicated a limit of
11000 mn to the CCIL. Out of this,
RWA for 7500 mn was calculated.
Hence additional RW @20% with 20%
CCF is applied.
c. In case of the few undrawn Capital
Market Exposure, bank has applied
100% RW. Hence an additional RW of
25% is applied on these exposures.
d. Specifically in the case of intraday
exposure, the bank had a practice of
taking exposure beyond the limits

Confidential Page 22 of 33
 communicated to the customers
without earmarking any capital. These
intraday exposures on segments were
as follows:
i. Mutual Funds - 130750 mn
ii. Corporate - 91280 mn
iii. Capital Markets - 17610 mn

Additional RW is applied with a CCF of

20%.RW is applied on the basis of type of
counterparty.

Para 8.3.2 of No inaccuracy in arriving at the RWA of Non-compliant The bank to

RBI/2012 -13/95 market risk is observed. However, the comply with
DBOD.No.BP.BC.16 bank is yet to develop capability to the extant
/21.06.001 /2012-13 measure the same on an “end of the day” guidelines.
dated July 2, 2012 basis, daily. Further, the present system of
computation is not automated and involves
manual intervention.

IRAC Norms Non-compliant The bank to

Para 4.2.7 (ii) of While no divergence in asset classification comply with
IRAC circular of July was reckoned, it was observed that the the extant
2, 2012 bank had a practice of creating separate guidelines.
head of account in case of invocation of
guarantee rather than debiting the working
capital operative account of the borrower
which had resulted in delayed recognition
of NPA in a particular case.

Para 11 (c) (23) of System level identification of NPA – Non-compliant The bank to
chapter 2-information There was no system level NPA comply with
security guidelines identification process in place - for the extant
issued vide our letter wholesale portfolio in the bank. The guidelines.
DBS.CO .ITC.BC. Unique Customer Identification Code was
No.6 /31.02.008/ also not robust enough to take into
2010-11 dated April consideration multiple facilities of a

Confidential Page 23 of 33
29, 2011 on particular customer. In one case it was
DBS.CO.ITC.BC.No. observed that the bank had calculated
6/31.02.008/2010- DPD for paid Invoked Guarantee
11 dated April 29, separately for a customer thereby delaying
2011 (Working Group the NPA classification and provisioning by
on Information a quarter This was in violation of IRAC
Security, Electronic norms.
Banking, Technology
Risk Management
and Cyber Frauds -
Implementation of
Recommendations)

RPCD.CO.Plan.BC.1 Priority Sector Classification Non-compliant The bank to

2/04.09.01/2012-13
dated July 2, 2012 –
Section I
It was observed during inspection and also comply with
through special scrutiny that a portion of the extant
the gold loan portfolio, which had been guidelines.
earlier classified as PSL, did not fulfil the
criteria of PSL. Accordingly, an amount of
308.50 mn was declassified from PSL.
Considering that the bank had failed to
achieve targets related to direct
agriculture, indirect agriculture, lending to
weaker section etc.

Part 1 B .4 (i) of Bank had given the GR waiver in case of Non-compliant The bank to
RBI/2012-13/14 exports for exhibition purposes. In 12 comply with
Master Circular No. cases bank had not received the proof of the extant
14 /2012-13 import but bank had been following up. guidelines.

(Export of Goods and

Services (Updated
as on October 18,
2012) )

Para 9.1.1 of MC on As per extant guidelines, Banks are Non-compliant The bank to
Rupee/Foreign required to reach a level of outstanding comply with
Currency export export credit equivalent of 12% of each the extant
Credit & customer bank's Adjusted Net Bank Credit (ANBC) guidelines.

Confidential Page 24 of 33
service to Exporters, whereas bank had an export credit of
48980 mn as on March 31, 2013 which
formed only 2.7% of ANBC of the previous
year and upto August 31, 2013 bank had
achieved 3.8% of ANBC (March 31, 2013)

Para 3.(vii) of RPCD vide their letter RPCD.CO.FID no. . Non-compliant The bank to
DBOD.No.BL.BC.26/ 490/12.01.011/2013-14 dated July 10, comply with
22.01.001/2012- 2013 advised the bank to clear the the RPCD
13 dated July 2, 2012 backlog pertaining to last two years by vide their
opening 178 branches in unbanked rural letter
centre’s (Tier 5 & Tier 6) before opening RPCD.CO.
any new branch in other centre’s and to FID no.
ensure adherence to the regulatory target 490/12.01.0
in future also. Despite this the bank 11/2013-14
continued opening 189 branches in rural dated July
and semi-urban areas post March 2013 10, 2013
and upto September 2013. It had opened
92 branches during 2012-13 and 113
branches in the first half of 2012-14.

Para 4.3 – section iv It was observed that the bank was taking Non-compliant The bank to
– RPCD MC on collaterals for loans sanctioned upto . complete
Lending to Micro, One mn. This was in violation of Para 4.3 this
Small & Medium – section iv – RPCD MC on Lending to exercise by
Enterprises (MSME) Micro, Small & Medium Enterprises December
Sector dated July 2, (MSME) Sector dated July 2, 2012. As 31, 2013.
2012 directed, the bank had undertaken an
exercise to check all the loans which are
having limit of One mn or below to
ascertain whether extant instructions had
been followed or not.

Para B (ii) and Para Concurrent Audit: Rather than hiring an Non-compliant The bank
D of Annex-I of external audit firm or deploying the internal should
DOS.No.BC.16/08.91 staff for concurrent audit, as required initiate
.021/96 dated August under extant guidelines, the bank had steps to
14, 1996 engaged staff from ADFC, the bank’s comply with

Confidential Page 25 of 33
 associate for this function who could not the extant
be considered either bank’s internal staff guidelines.
or an external audit firm with required
qualification or experience. Special
branches handling Foreign Exchange
business and Wholesale Banking business
and “exceptionally large” and “very large”
branches were not under concurrent audit.
During the year 2012-13, 365 Snap / spot
audits were conducted. Considering the
branch network of the bank vis-à-vis the
limited number of auditors engaged
simultaneously in auditing more than one
branch, the effectiveness of the same was
not beyond doubt. As on March 31, 2013,
the bank had three franchisees under
Foreign Exchange Money Changers’
Scheme. However, neither any spot audit
of these franchisees was conducted nor
any incognito visit/mystery shopping made
as required under the extant regulations.

Para 2.11(b) of the Subvention scheme: As per extant The bank

MC dated July 2, guidelines, the bank cannot adjust should
2012 on Interest Rate subvention amount with the interest rates initiate
on Advances, read it charges to its customer. However, it was steps to
with Para 2.26 of the observed that the bank was doing the comply with
MC dated July 2, same during the period 2012-13. During the extant
2012 on Loans and the onsite inspection the bank had guidelines
Advances – Statutory submitted that in the following categories by
and other restrictions of loans the subvention scheme were December
operational - a) Auto loans b) Commercial 1, 2013 for
equipment loans c) Commercial vehicle completing
loans d) Healthcare equipment loans e) the process.
Tractor loans f) Two wheeler loans g)
Credit cards. The bank in its submission
stated that it was in the process of

Confidential Page 26 of 33
 negotiating with the manufacturers/
dealers regarding the adjustment of the
principal amount and also was in the
process of modifying its software so that
there was no impact of the subvention
amount on the interest rate charged to the
customers.

Part II (b) of Master Buyers’ credit: As per extant regulations, Non-compliant The bank
Circular on Trade Buyers Credit can be extended by a bank should
Credit dated July 2, upto an amount of USD 20 mn per import initiate
2012. transactions without taking prior steps to
permission from RBI. However, it has comply with
been observed that in some cases the the extant
bank had split the invoice having an guidelines.
amount more than USD 20 mn into several
transactions, each of which was below
USD 20 mn. In all these cases, the bank
had extended buyers credit without taking
RBI permission. It was observed that the
bank had issued LOU to foreign banks
wherein it was stated that even though the
credit was for 179 days, the interest rate
would be fixed on a monthly basis. The
rate would be LIBOR (one month) plus
spread and the payment of interest portion
would be made on a monthly basis. Thus,
the bank had not fixed the interest rate for
the full term of Buyer’s Credit ab initio
when the LOU was issued. Hence bank
was technically not aware of all-in-cost
ceiling at the time of extending Buyer’s
Credit to Indian Importers for a fixed tenor.

Paragraph A 1) vi) of Regulatory Violation- Derivatives: Non-compliant The bank

Section – I, Part – A Although not part of the trading book, the should
of the Master Circular bank had sold an “interest rate cap initiate
on Risk Management spread” (a product not specifically steps to

Confidential Page 27 of 33
and Inter-Bank permitted as per extant guidelines) to comply with
Dealings dated July counterparty (a public sector entity). As the extant
1, 2011 Paragraph 6 per extant guidelines a structured product guidelines.
of Comprehensive cannot have a derivative which is not
Guidelines on allowed on a standalone basis. In this
Derivatives modified instant case the combination involved sale
on November 2, 2011 of an interest rate cap by the user to the
market maker which is not allowed on a
standalone basis. Further, this 10 year
tenor structured contract entered into in
April 2012 included a sale of interest rate
cap by the counterparty, which while
reducing the premium paid by 20% on the
notional amount of USD 25 mn contract
exposed it to interest rate risk as and
when USD 3 month LIBOR fixing were to
be at more than 6%.

Para 4.6 of Subsidarisation of ADFC: The only The bank has The bank to
DBOD.No.BP.40/21.0 vendors who work exclusively for the Bank received further ensure
4.158/2006-07 dated are its associates, viz., ADFC Pvt. Ltd. and communication compliance
November 3, 2006 HBL Global Pvt. Ltd., though, their from the RBI at the
agreements with the bank also provide for vide their letter earliest.
the non-exclusivity clause. While ADFC DBOD .CO.
was a back office processing company, FSD.
HBL was providing DSA support for 2640/24.01.002/
certain retail asset products. The bank had 2013-14 dated
29% stake in ADFC and was yet to August 20, 2013
convert it into subsidiary. advising the
bank to submit
additional
information. The
bank has
collected all the
information and
is in discussion
with DBOD, on

Confidential Page 28 of 33
 this subject.

Para 6 of Customer Service: For many of the retail Non-compliant The bank to
DBOD.No.Leg.BC.21 loans there was foreclosure holiday during comply with
/09.07.006/2012-13 which time a borrower cannot repay the the extant
dated July 2, 2012 loan even if he/she seeks to quit, which guidelines.
was not reasonable. Further, the
foreclosure charges starting from 6
months onwards are also high. The bank
had decided to close 2,150 of their 11,165
ATMs in the night between 11 pm -- 7 am
due to security reasons on the basis of
less number of customer transactions.
However, Board approval was not taken
for the decision. The bank continued to
levy a penal charge of 100 (plus taxes)
for each third party cash transaction at
home/non-home branches which was not
reasonable vis-à-vis the services offered,
and was not a practice among other
banks. The bank was also imposing a
penal charge for non-maintenance of
average monthly balance (previously
average quarterly balance) on dormant
accounts. The bank had earned total
413 mn during the year from such

Confidential Page 29 of 33
 charges, out of which 49 mn was from
dormant accounts. The bank was having a
common account opening form for regular
SB accounts as well as Basic Savings
Bank Deposit Account (BSBDA). The
schedule of charges pertaining to BSBDA
were also similar on line with normal SB
Para 2.1 of our accounts, and were misleading inasmuch
Master Circular on as there was no communication to the
Customer Service customers that offering of value-added
dated July 2, 2013 services at extra cost would render such
an account non-BSBDA.

As per extant guidelines, banks are

required to constitute a Customer Service
Committee of the Board and include
experts and representatives of customers
as invitees”. As per minutes of customer
Service committee of the Board meeting
dated January 17, 2013, customer
representatives were not invited in the
meeting.

DBS.CO.ITC.BC.No. The bank was yet to address the issues Non-compliant The bank to
6/31.02.008/2010- pertaining to 72 gaps identified by an comply with
11 dated April 29, external consultant with regard to the extant
2011 recommendations of the Working Group guidelines.
on Information Security, Electronic
Banking, Technology Risk Management
and Cyber Frauds.

Para 4 (b) of FEMA Inflow was accepted with purpose for Non-compliant The bank to
Notification investment in real estate without seeking comply with
No.1/2000 dated May clarification from customers at the time of the extant
3, 2000. inflow. guidelines.

Confidential Page 30 of 33
Para 9 (1) (A) and (B) In many cases of FDI, FIRC with KYC and Non-compliant The bank to
of Schedule I to FCGPR were not filed by the bank even comply with
FEMA Notification after a lapse of two years. Bank had the extant
No. 20/2000 dated reported the matter to Reserve Bank. guidelines.
May 3, 2000 and as
amended from time
to time

Para 15 (iii) of FEMA In many cases of ODI, APR had not been Non-compliant The bank to
Notification No. filed by the bank. comply with
120/July 7, 2004 as the extant
amended from time guidelines.
to time.

As per bank’s internal
guidelines
In many cases, it was observed by banks Non-compliant The bank to
internal auditors that Vostro Account of comply with
exchange houses were not credited within the extant
reasonable time ( three days) as per their guidelines.
internal guidelines and fund was lying in
NOSTRO account ranging from 4 days to
60 days on this pretext that rates were not
given by Treasury.

Para C.1.1 (b) of In terms of Master Circular on Imports, Non-compliant The bank to
Master Circular on advance remittance against import can be comply with
Imports dated July 2, sent up to 5 million dollar subject to bank’s the extant
2012 board guidelines in absence of any bank guidelines.
guarantee. In one case it was observed
that the branch has remitted more than
USD 8 million dollar against imports within
a week for same import transaction
without any bank guarantee in place and
appropriate due diligence. The remittance
was made against the bank’s own Board
decision dated July 6, 2011. The import
order has also been cancelled but money
had not been repatriated despite the lapse
of almost one year. The remittance of an

Confidential Page 31 of 33
 amount exceeding USD 5 Million without
bank guarantee was in violation of extant
guidelines.

Para 2.1 The bank was using an in-house utility for Non-compliant The bank to
DBOD.No.Dir.BC.3/1 generating the list of large credits to comply with
3.03.00/2012-13 July single/group borrower. A simulation the extant
2, 2012 exercise was carried out for generating the guidelines.
list of top 20 borrowers as on March 31,
2013. It was found that through a manual
intervention, the utility was able to mask
the name & exposure of one borrower to
another borrower in the same group by
allotting the same code to both the
borrowers. Use of such manual
intervention by the bank to misreport any
breach of single borrower exposure limits
within the overall group exposure limit
could not be ruled out.

Para 24.2 (ix) of The unclaimed deposit accounts with Non-compliant The bank to
DBOD.No.Leg.BC.21 balance of less than INR 10,000 were comply with
/09.07.006/2012- activated with the authorisation of the the extant
13 July 2, 2012 branch officials if there was any incoming guidelines.
MC on Customer credit in the form of non cash transactions
Service in banks without taking any authorisation or
documents from the account holder.

DBS.CO.FrMC.BC.N It was observed that Head of Internal Audit Non-compliant The bank to
o.9/23.04.001/2010- was in-charge of Vigilance Department comply with
11 dated May 26, also. the extant
2011 (Para 3 of guidelines.
Annex)

Master Circular - Credit Disclosure: As on March 31, 2013, Non-compliant The bank to
Disclosure the retail exposure was 67% of the total comply with
in Financial advances portfolio. The individual the extant
Statements - Notes to borrower wise rating was therefore guidelines.

Confidential Page 32 of 33
Accounts applicable to only 33% of the advances
DBOD.BP.BC.No.14/ and the remaining exposures were
21.04.018/2012- subjected to a portfolio wise rating –
13 July 2, 2012 pricing matrix. This was not explicitly
disclosed in the Notes to accounts in
terms of the business mix of its retail and
wholesale exposure.

Confidential Page 33 of 33