Professional Documents
Culture Documents
Confidential Page 1 of 33
RISK ASSESSMENT REPORT
INTRODUCTION
The Risk Assessment of HDFC Bank for 2012-13 under the Supervisory Program for
Assessment of Risk and Capital (SPARC) was completed with March 31, 2013 as
the reference date. The assessment has been made based on the off-site analysis of
the data and information furnished by the bank as well as the findings of the on-site
Inspection for Supervisory Evaluation (ISE) which was undertaken from September
16, 2013 to October 4, 2013. Based on the off-site and on-site evaluation,
Preliminary Risk Assessment Report was issued to the bank on November 19, 2013
and the issues therein were discussed with the bank’s top management on
November 22, 2013. (The bank’s submissions were taken into account and the
Revised RAR was issued on November 26, 2013). Deputy Governor discussed the
major supervisory issues with the MD & CEO on November 28, 2013.
Part I of this Risk Assessment Report highlights the quality of governance and
oversight at the bank level; risks inherent to the operations of the bank in different
business areas and the gaps observed in various controls put in place to manage
those risks. Part II of the report details the findings on Capital and Earnings. Part III
of the report captures the Major Areas of Non-Compliance.
Confidential Page 2 of 33
PART I
2.04
BANK LEVEL AGGREGATE RISK
Medium Risk
The bank level aggregate risk was assessed at 2.04, indicative of ‘Medium Risk’.
The supervisory stance pointed to ‘Active Oversight’.
Confidential Page 3 of 33
B. FINDINGS AND CONCLUSIONS
1.2.1 It was observed that Head of Internal Audit was in-charge of Vigilance
Department also. In view of the size and scale of operations of the bank,
there was a need of exclusive officials to Head internal audit as well as
Vigilance Department with different reporting line.
1.3 Risk Governance Score: 2.498
1.3.1 Chief Risk Officer: The senior management personnel who exercised
oversight over credit risk and market risk function did not have any oversight
of operational risk management. The head of operational risk, not a senior
management functionary, also performed the role of various credit/loan
administration functions. Further, the head of operational risk management
function also reported to the head of operations which was in direct conflict
with the fact that the risk management function had to be independent of
operations and business. The risk management function of the bank was not
aggregated to a designated Chief Risk Officer.
1.3.2 Credit appetite: The incremental credit appetite of HDFC Bank to the extent
not communicated / not committed to customers was 2,524,000 mn as on
March 31, 2013. Considering that the Risk Weighted Assets due to credit risk
Confidential Page 4 of 33
was 2,660,049 mn, and the loans and advances was 2,397,206 mn this
incremental credit appetite was disproportionate as it was not linked to the
available capital.
1.3.3 Conflict of Interest: The bank had 44 Compliance Liaison Officers who had
only dotted line reporting to the Chief Compliance Officer. These officers were
rather primarily responsible for ‘operations’ which was in direct conflict with
the role of compliance.
1.4 Internal Audit Score: 2.286
1.4.1 Scale and Scope: 2,007 out of the 3,060 individual branches were covered
under the Risk-based internal audit during 2012-13 with a compliment of 280
staff members. However, the expansion in audit function was not
commensurate with the high level of customer complaint and frauds that the
bank was exposed to during the year not to mention the recent pace of
opening of new branches. In multiple cases, audit of branches was completed
on the same day or on the next day and the same auditor was assigned to
audit more than one branch simultaneously. The process of auditing of insider
trading controls was instituted 15 years back and was not reviewed since
then. Further, the audit was limited to oversight of share dealings in HDFC
bank’s shares during the shut period, and that too for those employees who
were maintaining DP account with the bank. The internal audit function does
not audit to detect for any breaches in the "Chinese walls" that are supposed
to be in place between the investment banking and commercial banking
function of the bank.
1.4.2 Reporting to ACB: Though there was a well-defined policy to report
objectively and impartially, critical exceptions in few branches were not placed
before the ACB as the overall rating of the branch was ‘satisfactory’. In case
of forex audit, the internal auditor had rated the branch as 'Satisfactory'
despite serious operational errors. The auditors were also not capturing or
certifying the near miss data to arrive at operational loss figure for the branch.
On many occasions, the reports lacked critical comments by the auditors.
Even where critical exceptions were observed by internal auditors, branches
were rated as ‘satisfactory’. Some of these critical exceptions were: (i) Two
instances of operational errors in RTGS transfers ( 7.20 lakhs) were rectified
only on receipt of customer complaint (Khar branch, Mumbai); (ii) Delays up
Confidential Page 5 of 33
to 44 days were observed in the reversal of amounts parked in the deferred
credit account to the customer accounts; (iii) nineteen instances of
transactions above 50,000 in one branch without PAN details; (iv) ineligible
rupee fund transfer credited was processed in NRE accounts totaling 9.5
lakhs; (v)many customer accounts were not credited in time where
correspondent bank had rejected the transaction for want of details. Delays of
8 to 24 days were observed; (vi) there were instances of holding of amount in
suspense account beyond 7 days, and permission from Regional Head had
not been obtained for debiting the suspense account in many cases.
Confidential Page 6 of 33
Vehicle Loans, Construction Equipment Loans, Two wheeler loans, Gold
Loans and Loan against shares/securities. Further, these segments also had
a high level of quick mortality.
2.1.3 Rating - Pricing: In the wholesale portfolio, the weighted average interest
rates of loans extended to relatively better credit rating grade was higher than
the rates extended to lower credit rating grades. In the retail products
category, borrowers of product programs with lower expected loss were being
charged a relatively higher rate of interest vis-à-vis borrowers of product
programs with higher expected loss. An analysis of the loans sanctioned
during the month of September 2013 across 37 retail product programs
revealed a wide variation with rate of interest ranging from 9.80% to
27.39%.Further, of the 37 product programs, 28 had interest rate variation
within each program of more than 3%. This despite the fact that the previous
AFI had reported that the range of interest charged from the customer of retail
advances was high and it ranged from 9.25% to 29.98% and in response to
which a committee set up by the bank had decided to cap the rate of interest
at 24%. The bank had significant pricing power in the retail portfolio due to
which it was in a position to price these loans at a rate much above the rate
that would be warranted based on expected loss history. These revenue
streams allowed the bank to have an aggressive write off and provisioning
policy. This ensured it to have a relatively stable net profit in the past but
relatively volatile net provisioning and write off as the bank made provisions
over and above the minimum regulatory prescriptions.
2.1.4 Appraisal and Post disbursement monitoring: Inadequacies were
observed in the Gold loans portfolio. Comprehensive credit appraisal and
approval process were carried out in the case of gold loans above ` 1 mn
only. Post disbursal supervision and monitoring of end use were not strictly
carried out in the case of gold loans. As per Board's approval in March, 2013,
the bank had written off gold loan amount of 31.4 mn in respect of 168 gold
loan accounts as the gold pledged was found to be spurious. Enquiry
revealed that the appraiser had colluded with the customers in defrauding the
bank. Subsequently the bank introduced the concept of second appraiser and
scrutiny by appraisers in RIC (Risk Intelligence and Control Unit) team. In
April 2013, the bank conducted review of gold loans greater than 2 mn and
Confidential Page 7 of 33
started taking corrective steps including recall of loans where deficiencies
found.
2.1.5 Opening of Current Account: It was observed that the bank had opened
current accounts of entities which had no credit facilities from the bank. The
bank had not followed the due diligence properly while opening the accounts
e.g. ascertaining whether the account holder had any account with any other
bank, having any other credit facility from any other banks, etc. This aspect
was brought to the notice of HDFC Bank through correspondence by other
banks but no prompt, effective action was initiated. It was observed that as on
March 31, 2013 out of 14,85,066 current accounts maintained by the bank
there were 11,01,185 current accounts where the customers was not availing
any credit products. Further, it was observed that as on March 31, 2013 the
bank was having 14,522 borrowers who enjoyed only non-fund based
facilities. Such practice in the bank could lead to higher credit risk for the
banking system as a whole.
2.1.6 Un-hedged forex exposure: It was observed that the bank does not have a
robust process of getting the information regarding the un-hedged foreign
currency exposure of its borrowers. Though the bank was able to get the
information regarding the un-hedged portion of the forex facility provided by it
but could not gather the said information regarding the overall un-hedged
forex exposure of the borrowers. The bank submitted that in spite of repeated
requests, other banks had not provided the said information to them. As the
bank was not in a position to know the total unhedged forex exposure of its
borrowers the default risk could be higher.
2.2 Control Gap Score:1.733
2.2.1 Geographical concentration – The bank had not evaluated the geographical
concentration of its credit portfolio. As the bank was in the process of
expanding its branch network, recognition of geographical concentration will
help the bank to mitigate credit risks.
2.2.2 Intra-day exposure – There were breaches in the intra-day exposure and the
controls were found to be inadequate.
2.2.3 Restructured accounts – The system was not capable of flagging the
Confidential Page 8 of 33
restructured accounts which dilutes monitoring of it.
3.1.2 Banking Book: Present Value of liabilities across maturity buckets was more
than the Present Value of assets across maturity buckets. Bank has
experienced pre-payments in its loan portfolio and low level of rollover in its
deposits portfolio.
Confidential Page 9 of 33
agreements which prevented the customers from making pre-payments for
certain period after disbursements and despite levying foreclosure charges,
there were instances of prepayments which needed to be captured by way of
embedded optionality. The risk of underestimation of interest rate risk due to
pre-payments and pre-mature withdrawals was not captured in the IRRBB.
Basis risk was not being considered while evaluating IRRBB.
Confidential Page 10 of 33
and capital market exposure calculations as these additional limits were not
unconditionally cancellable. This practice of taking on exposure, albeit
intraday, even beyond the sanctioned limits to the counterparties, allowed the
bank to avoid earmarking capital. Further, in the case of exposure to mutual
funds, the intraday exposure was being secured by the bank with a line on the
underlying units of the mutual funds. That this interest was having a priority
over the interest of the unit holder’s was not communicated to SEBI.
Confidential Page 11 of 33
key employees at 3%. During 2012-13, only 30% of the eligible employees
had availed of the mandatory leave leading to situations which could facilitate
operations / transactions which are not in the interests of the bank. The bank
had no mechanism to determine the level of People Risk as per business
verticals.
5.1.2 Frauds: A total of 1,234 fraud cases involving 230 mn were reported during
2012-13, an increase of 142% in number and 7% in amount over 2011-12.
5.1.3 Customer Service: The total number of pending customer complaints as on
March 31, 2013 had also gone up to 2304 vis-à-vis 1436 as on March 31,
2012. In total, 65099 complaints had been received during the period April
2013 to august 2013, and the number of complaints displayed an increasing
trend.
5.1.4 Parabanking: The following issues were observed with respect to the third
party and / or private banking business:(i) Despite the sensitive nature of the
business, the Investment Advisor (IA), who apart from performing the
advisory role for recommending various third party products, was also the
exclusive point of contact with the customers for critical functions such as
responding to transaction alerts generated by the AML system. (ii) IAs were
not subjected to job rotations and could have the same clients forever.
5.2 Control Gap Score: 2.320
Confidential Page 12 of 33
officers involved in closing the alerts were able to view the threshold limits
fixed for each and every scenario. Compromise of such limits with the
businesses could not be ruled out. Further, there was no audit trail to prove
that analysis of transactions was not just limited to transactions which had
breached the threshold limit.
(e) The Officers who were disposing the alerts did not have access to the
system which contained data on cross border inward and outward remittance.
(f) On an average the AML Officer had to dispose of around 125 alerts
generated in a day. Each alert was being closed on an average of four
minutes which was too short a period in order to understand the transactions
which have triggered the alert, verify KYC profile, peruse pattern of
transactions in the previous months, etc. In majority of the closed alerts a one
line comment had been made which did not specify the kind of
perusal/investigation made by the officer for alerts disposed off as false
positive.
(g) The AML application lacked audit trail of the number of reviews done or
carried out by the reviewer. It also lacked the audit trail of cases escalated to
AML Head or PMLRO.
(h) The AML application did not have the capability of flagging cases where
STR was already reported.
(j) There was no audit trail in the system to show that the decision to file an
STR with FIU-IND was actually taken by PMLRO. The PMLRO had neither
accessed the AML application for the past six months as on October 4, 2013
nor tracked the relevant MIS that could be generated by the system.
(k) Apart from the alerts being generated by the AML application, the bank
had been generating exception reports for 48 scenarios by running query
directly in various IT systems. A group of 6 to 8 AML team members ran
through the exception reports & selected certain cases "manually". Hence, a
lot of subjectivity existed in such cases for identifying transactions before
sending the same to branches for their responses or disposing the same by
the AML team. In some cases STRs were directly filed without any analysis at
all.
(l) The quality of closure of alerts generated through exception report was a
matter of concern because there was no audit trail as to who examined the
Confidential Page 13 of 33
alerts for which STRs were filed. Further, threshold limits for generating
exception report were disclosed to everybody.
(m) Counterfeit Currency Report was being filed by the bank on a monthly
basis instead of filing the same within seven days from the date of occurrence
of transaction. However since August 2013, the bank was required to report
on monthly basis.
5.2.2 Regulatory Reporting: There was a menu in the Automatic Data Flow (ADF)
where any General Ledger Adjustments Entries could be modified without
changing the figures in the bank's core system.
5.2.3 Business Continuity and Disaster Recovery: The hardware for seven
critical applications having (high availability) at DR site had lesser
configuration vis-a-vis Production site. The CBS for Bahrain had no DR
location. Further, it also did not have a network back-up.
5.2.4 Compliance to RBI circulars: There was no process in place for obtaining
confirmation received from Groups/ business/ function heads on compliance
status of RBI circulars.
5.2.5 Preparedness towards Advance Measurement Approach Operational
Risk:- The bank had submitted to RBI a letter of intent for migration to
Advanced Measurement Approach (AMA) on September 26, 2012. With
regard to the preparedness for AMA, the following deficiencies were observed
:-
(a) As per Operational Risk Policy the following were not a key function of the
Risk Policy and Monitoring Committee (Board level Committee): (i) Approval
of operational risk capital methodology and resulting attribution; (ii) Setting off
and approval of expressions of risk appetite within overall parameters set by
the Board.
(c) All units were not having access to bank’s Operational Risk Management
System for reporting internal loss data. Further, Internal Auditors were not
reviewing the adequacy & correctness of the reported loss data.
(d) The risk of wrong reporting/under reporting to RBI was not considered as
Confidential Page 14 of 33
one of the risk in The Risk Control and Self Assessment (RCSA) and no
controls were mentioned in the RCSA document. There was no RCSA
validation/test checking of any of the RCSAs by the Operational Risk
Management Department (ORMD) and hence control effectiveness had not
been judged by ORMD. This had been completely left to the
businesses/operations team. The RCSA policy mentioned that units for RCSA
exercise were identified and selected on the basis of materiality of the
process of the bank, significance of unit to the overall process and volume of
business or number of products covered by the units. There were 15 units
which had incurred losses but were not covered under RCSA.
(e) In one of the Key Risk Indicators (KRIs) i.e. ‘Staff Mandatory Leaves not
availed’ which was being monitored annually, and scored high at 9.97 was
not considered for reporting to ORMC or Senior Management thus violating
their own internal guidelines.
Confidential Page 15 of 33
6.2 Control Gap Score: 1.800
6.2.2 Critical Applications: The bank had multiple applications to interact with five
different CBS systems. Due to this manual uploads and downloads were
required in the absence of STP before getting converged in the database.
Even the new CBS which the bank had implemented was limited to retail
liability customers. A new CBS for corporate customers was still under
testing. CBS systems for corporate customers (Asset & Liability) and CBS
system for retail asset customers had been kept separate and this
mechanism was likely to continue for another three years. The main purpose
of Unique Customer Identification Code was getting defeated because of
multiple applications interacting with multiple CBS and the bank lacked a front
end system which could establish all the asset/liability relations which the
customer had with the bank. The bank had no source code for 75 critical
applications and the agreements entered with vendors did not contain penalty
clause for 34 critical applications.
6.2.3 Downtime: Net Banking customers were getting impacted because of
downtime of CBS. The bank was unable to demonstrate the Operational loss
or the Business Opportunity lost by the bank because of High System
Confidential Page 16 of 33
downtime for all critical applications. For 35 critical applications downtime was
not being monitored at all which raises doubts about effective monitoring of
compliance to Service Level Agreements (SLAs) with the vendors.
Confidential Page 17 of 33
PART II
CRAR (in %)
Particulars Reported Assessed
Tier I 11.08 10.97
Tier II 5.72 5.67
Target Achieved
Confidential Page 18 of 33
4 Total 327595.64 291689.20 225.70 291463.50 36132.14 -do-
Agriculture
10 Micro Credit 0
(b) The consolidated CRAR and core CRAR for the group (Bank considered its
two subsidiaries HDFC Securities Limited and HDB Financial Services Ltd as
part of group) as a whole was reported at 16.90% and 11.01% as on March
31, 2013.
Confidential Page 19 of 33
fixed at the bank level. Last three years projected and actual figures did
not have any major divergence. For the period 2014-2016, the Bank had
modified its minimum capital levels to align with the phase-in of the Basel
III capital framework. As a part of strategic risk assessment in the ICAAP,
the Bank evaluated the key strategies that the Bank is currently pursuing
and made an assessment of the level of risk posed by each of these to
Bank during that period. The key strategies adopted by the Bank as part
of its ICAAP version 2013 are Financial Inclusion plans, Branch expansion
into rural and semi urban geographies, Technology up gradation and
International operations. However there was no assessment of the
investment banking function.
ii. In the current year, Pillar I capital charge was 275,291 mn and Pillar II
capital charge was 58,337 mn and capital buffer was 180,375 mn.
Strategic Risk, Reputation Risk, Compliance Risk, Technology Risk,
Residual Risk-securitization, Residual Risk-credit collections, intraday risk,
Group Risk and Model Risk were taken as material risk in Pillar II (non
quantifiable). While in its capital planning, capital infusion in subsidiaries
had been accounted in the capital plans and had been duly deducted from
Tier I (50%) and Tier II (50%) capital, ICAAP was not prepared on a
consolidated basis (taking into account two subsidiaries HDFC Securities
Limited and HDB Financial Services Ltd). Internal Audit department of the
Bank carries out an independent review of the ICAAP document which
includes qualitative as well as quantitative aspects. Bank had calculated
internal capital ratio as 13.87% for the current year.
iii. ICAAP was approved by Board and Risk Policy & Monitoring Committee
(RPMC).As per compensation policy bank had taken into consideration the
quantifiable risk identified under its ICAAP process, while deciding the
bonus payout for the year, which shows the centrality of the ICAAP
document in business decisions.
Confidential Page 20 of 33
structure. Hence it had scope for raising additional Tier I capital through
hybrid instruments in Basel III regime, apart from the ability to raise equity
as and when necessary.
ii. The scenarios considered by the bank in its stress test framework were
Global recession, Political uncertainty, adverse monsoon, Euro zone debt
crisis, Subprime and excessive INR appreciation/depreciation. The results
from these stress tests carried out as on June 2013 indicated that under the
worst scenario, the capital adequacy ratio could drop by 229 bps from the
base capital adequacy of 16.00%. Additional stress tests carried out based
on scenarios suggested by the SSM – such as slackening of consumption
demand in the economy, crystallisation of credit risk emanating from the
bank’s exposure to clients with foreign currency exposure and intraday
exposures resulted in a drop of additional 106 bps. Therefore, the bank was
having a CRAR above the minimum prescribed.
The total income of the bank was 419,175 mn in 2012-13. 83.65% of this was
contributed by interest income. Further, after excluding volatile sources of income
(such as income from trading, realised gains on derivatives, gains on sale of assets,
recovery from written off accounts various non stable miscellaneous income), the
income from stable sources was 96% of the total income. The balance sheet of the
bank increased by 18% during 2012-13. Its market share in deposits and advances
had increased to 4.10% (3.91% last year) and 4.70% (4.29% last year) respectively.
The assessed pre-tax ROA of the bank increased to 2.76% during 2012-13
from 2.58% during the previous period. The assessed Gross NPA and Net NPA were
0.95% and 0.20% respectively as on March 31, 2013. The assessed CRAR and
Core CRAR was 16.65 % and 10.97 % respectively as on March 31, 2013 as per
Basel II. However, the Internal Capital Adequacy Assessment Plan (ICAAP) was
Confidential Page 21 of 33
undertaken on a solo basis. The dividend payout ratio of the bank was 22.77%,
22.70% and 22.72% for the year 2012-13, 2011-12 and 2010-11 respectively. The
ratio of actual vs budgeted earning was 1.0521 for the year 2012-13 which shows
bank’s ability to meet its projections. The bank had adequate ability to generate
internal capital.
PART III
Action to
Regulation
Current state of be taken
Reference (Para & Regulation area/ focus
compliance by the
circular no.)
bank
Confidential Page 22 of 33
communicated to the customers
without earmarking any capital. These
intraday exposures on segments were
as follows:
i. Mutual Funds - 130750 mn
ii. Corporate - 91280 mn
iii. Capital Markets - 17610 mn
Para 11 (c) (23) of System level identification of NPA – Non-compliant The bank to
chapter 2-information There was no system level NPA comply with
security guidelines identification process in place - for the extant
issued vide our letter wholesale portfolio in the bank. The guidelines.
DBS.CO .ITC.BC. Unique Customer Identification Code was
No.6 /31.02.008/ also not robust enough to take into
2010-11 dated April consideration multiple facilities of a
Confidential Page 23 of 33
29, 2011 on particular customer. In one case it was
DBS.CO.ITC.BC.No. observed that the bank had calculated
6/31.02.008/2010- DPD for paid Invoked Guarantee
11 dated April 29, separately for a customer thereby delaying
2011 (Working Group the NPA classification and provisioning by
on Information a quarter This was in violation of IRAC
Security, Electronic norms.
Banking, Technology
Risk Management
and Cyber Frauds -
Implementation of
Recommendations)
Part 1 B .4 (i) of Bank had given the GR waiver in case of Non-compliant The bank to
RBI/2012-13/14 exports for exhibition purposes. In 12 comply with
Master Circular No. cases bank had not received the proof of the extant
14 /2012-13 import but bank had been following up. guidelines.
Para 9.1.1 of MC on As per extant guidelines, Banks are Non-compliant The bank to
Rupee/Foreign required to reach a level of outstanding comply with
Currency export export credit equivalent of 12% of each the extant
Credit & customer bank's Adjusted Net Bank Credit (ANBC) guidelines.
Confidential Page 24 of 33
service to Exporters, whereas bank had an export credit of
48980 mn as on March 31, 2013 which
formed only 2.7% of ANBC of the previous
year and upto August 31, 2013 bank had
achieved 3.8% of ANBC (March 31, 2013)
Para 3.(vii) of RPCD vide their letter RPCD.CO.FID no. . Non-compliant The bank to
DBOD.No.BL.BC.26/ 490/12.01.011/2013-14 dated July 10, comply with
22.01.001/2012- 2013 advised the bank to clear the the RPCD
13 dated July 2, 2012 backlog pertaining to last two years by vide their
opening 178 branches in unbanked rural letter
centre’s (Tier 5 & Tier 6) before opening RPCD.CO.
any new branch in other centre’s and to FID no.
ensure adherence to the regulatory target 490/12.01.0
in future also. Despite this the bank 11/2013-14
continued opening 189 branches in rural dated July
and semi-urban areas post March 2013 10, 2013
and upto September 2013. It had opened
92 branches during 2012-13 and 113
branches in the first half of 2012-14.
Para 4.3 – section iv It was observed that the bank was taking Non-compliant The bank to
– RPCD MC on collaterals for loans sanctioned upto . complete
Lending to Micro, One mn. This was in violation of Para 4.3 this
Small & Medium – section iv – RPCD MC on Lending to exercise by
Enterprises (MSME) Micro, Small & Medium Enterprises December
Sector dated July 2, (MSME) Sector dated July 2, 2012. As 31, 2013.
2012 directed, the bank had undertaken an
exercise to check all the loans which are
having limit of One mn or below to
ascertain whether extant instructions had
been followed or not.
Para B (ii) and Para Concurrent Audit: Rather than hiring an Non-compliant The bank
D of Annex-I of external audit firm or deploying the internal should
DOS.No.BC.16/08.91 staff for concurrent audit, as required initiate
.021/96 dated August under extant guidelines, the bank had steps to
14, 1996 engaged staff from ADFC, the bank’s comply with
Confidential Page 25 of 33
associate for this function who could not the extant
be considered either bank’s internal staff guidelines.
or an external audit firm with required
qualification or experience. Special
branches handling Foreign Exchange
business and Wholesale Banking business
and “exceptionally large” and “very large”
branches were not under concurrent audit.
During the year 2012-13, 365 Snap / spot
audits were conducted. Considering the
branch network of the bank vis-à-vis the
limited number of auditors engaged
simultaneously in auditing more than one
branch, the effectiveness of the same was
not beyond doubt. As on March 31, 2013,
the bank had three franchisees under
Foreign Exchange Money Changers’
Scheme. However, neither any spot audit
of these franchisees was conducted nor
any incognito visit/mystery shopping made
as required under the extant regulations.
Confidential Page 26 of 33
negotiating with the manufacturers/
dealers regarding the adjustment of the
principal amount and also was in the
process of modifying its software so that
there was no impact of the subvention
amount on the interest rate charged to the
customers.
Part II (b) of Master Buyers’ credit: As per extant regulations, Non-compliant The bank
Circular on Trade Buyers Credit can be extended by a bank should
Credit dated July 2, upto an amount of USD 20 mn per import initiate
2012. transactions without taking prior steps to
permission from RBI. However, it has comply with
been observed that in some cases the the extant
bank had split the invoice having an guidelines.
amount more than USD 20 mn into several
transactions, each of which was below
USD 20 mn. In all these cases, the bank
had extended buyers credit without taking
RBI permission. It was observed that the
bank had issued LOU to foreign banks
wherein it was stated that even though the
credit was for 179 days, the interest rate
would be fixed on a monthly basis. The
rate would be LIBOR (one month) plus
spread and the payment of interest portion
would be made on a monthly basis. Thus,
the bank had not fixed the interest rate for
the full term of Buyer’s Credit ab initio
when the LOU was issued. Hence bank
was technically not aware of all-in-cost
ceiling at the time of extending Buyer’s
Credit to Indian Importers for a fixed tenor.
Confidential Page 27 of 33
and Inter-Bank permitted as per extant guidelines) to comply with
Dealings dated July counterparty (a public sector entity). As the extant
1, 2011 Paragraph 6 per extant guidelines a structured product guidelines.
of Comprehensive cannot have a derivative which is not
Guidelines on allowed on a standalone basis. In this
Derivatives modified instant case the combination involved sale
on November 2, 2011 of an interest rate cap by the user to the
market maker which is not allowed on a
standalone basis. Further, this 10 year
tenor structured contract entered into in
April 2012 included a sale of interest rate
cap by the counterparty, which while
reducing the premium paid by 20% on the
notional amount of USD 25 mn contract
exposed it to interest rate risk as and
when USD 3 month LIBOR fixing were to
be at more than 6%.
Para 4.6 of Subsidarisation of ADFC: The only The bank has The bank to
DBOD.No.BP.40/21.0 vendors who work exclusively for the Bank received further ensure
4.158/2006-07 dated are its associates, viz., ADFC Pvt. Ltd. and communication compliance
November 3, 2006 HBL Global Pvt. Ltd., though, their from the RBI at the
agreements with the bank also provide for vide their letter earliest.
the non-exclusivity clause. While ADFC DBOD .CO.
was a back office processing company, FSD.
HBL was providing DSA support for 2640/24.01.002/
certain retail asset products. The bank had 2013-14 dated
29% stake in ADFC and was yet to August 20, 2013
convert it into subsidiary. advising the
bank to submit
additional
information. The
bank has
collected all the
information and
is in discussion
with DBOD, on
Confidential Page 28 of 33
this subject.
Para 6 of Customer Service: For many of the retail Non-compliant The bank to
DBOD.No.Leg.BC.21 loans there was foreclosure holiday during comply with
/09.07.006/2012-13 which time a borrower cannot repay the the extant
dated July 2, 2012 loan even if he/she seeks to quit, which guidelines.
was not reasonable. Further, the
foreclosure charges starting from 6
months onwards are also high. The bank
had decided to close 2,150 of their 11,165
ATMs in the night between 11 pm -- 7 am
due to security reasons on the basis of
less number of customer transactions.
However, Board approval was not taken
for the decision. The bank continued to
levy a penal charge of 100 (plus taxes)
for each third party cash transaction at
home/non-home branches which was not
reasonable vis-à-vis the services offered,
and was not a practice among other
banks. The bank was also imposing a
penal charge for non-maintenance of
average monthly balance (previously
average quarterly balance) on dormant
accounts. The bank had earned total
413 mn during the year from such
Confidential Page 29 of 33
charges, out of which 49 mn was from
dormant accounts. The bank was having a
common account opening form for regular
SB accounts as well as Basic Savings
Bank Deposit Account (BSBDA). The
schedule of charges pertaining to BSBDA
were also similar on line with normal SB
Para 2.1 of our accounts, and were misleading inasmuch
Master Circular on as there was no communication to the
Customer Service customers that offering of value-added
dated July 2, 2013 services at extra cost would render such
an account non-BSBDA.
DBS.CO.ITC.BC.No. The bank was yet to address the issues Non-compliant The bank to
6/31.02.008/2010- pertaining to 72 gaps identified by an comply with
11 dated April 29, external consultant with regard to the extant
2011 recommendations of the Working Group guidelines.
on Information Security, Electronic
Banking, Technology Risk Management
and Cyber Frauds.
Para 4 (b) of FEMA Inflow was accepted with purpose for Non-compliant The bank to
Notification investment in real estate without seeking comply with
No.1/2000 dated May clarification from customers at the time of the extant
3, 2000. inflow. guidelines.
Confidential Page 30 of 33
Para 9 (1) (A) and (B) In many cases of FDI, FIRC with KYC and Non-compliant The bank to
of Schedule I to FCGPR were not filed by the bank even comply with
FEMA Notification after a lapse of two years. Bank had the extant
No. 20/2000 dated reported the matter to Reserve Bank. guidelines.
May 3, 2000 and as
amended from time
to time
Para 15 (iii) of FEMA In many cases of ODI, APR had not been Non-compliant The bank to
Notification No. filed by the bank. comply with
120/July 7, 2004 as the extant
amended from time guidelines.
to time.
As per bank’s internal In many cases, it was observed by banks Non-compliant The bank to
guidelines internal auditors that Vostro Account of comply with
exchange houses were not credited within the extant
reasonable time ( three days) as per their guidelines.
internal guidelines and fund was lying in
NOSTRO account ranging from 4 days to
60 days on this pretext that rates were not
given by Treasury.
Para C.1.1 (b) of In terms of Master Circular on Imports, Non-compliant The bank to
Master Circular on advance remittance against import can be comply with
Imports dated July 2, sent up to 5 million dollar subject to bank’s the extant
2012 board guidelines in absence of any bank guidelines.
guarantee. In one case it was observed
that the branch has remitted more than
USD 8 million dollar against imports within
a week for same import transaction
without any bank guarantee in place and
appropriate due diligence. The remittance
was made against the bank’s own Board
decision dated July 6, 2011. The import
order has also been cancelled but money
had not been repatriated despite the lapse
of almost one year. The remittance of an
Confidential Page 31 of 33
amount exceeding USD 5 Million without
bank guarantee was in violation of extant
guidelines.
Para 2.1 The bank was using an in-house utility for Non-compliant The bank to
DBOD.No.Dir.BC.3/1 generating the list of large credits to comply with
3.03.00/2012-13 July single/group borrower. A simulation the extant
2, 2012 exercise was carried out for generating the guidelines.
list of top 20 borrowers as on March 31,
2013. It was found that through a manual
intervention, the utility was able to mask
the name & exposure of one borrower to
another borrower in the same group by
allotting the same code to both the
borrowers. Use of such manual
intervention by the bank to misreport any
breach of single borrower exposure limits
within the overall group exposure limit
could not be ruled out.
Para 24.2 (ix) of The unclaimed deposit accounts with Non-compliant The bank to
DBOD.No.Leg.BC.21 balance of less than INR 10,000 were comply with
/09.07.006/2012- activated with the authorisation of the the extant
13 July 2, 2012 branch officials if there was any incoming guidelines.
MC on Customer credit in the form of non cash transactions
Service in banks without taking any authorisation or
documents from the account holder.
DBS.CO.FrMC.BC.N It was observed that Head of Internal Audit Non-compliant The bank to
o.9/23.04.001/2010- was in-charge of Vigilance Department comply with
11 dated May 26, also. the extant
2011 (Para 3 of guidelines.
Annex)
Master Circular - Credit Disclosure: As on March 31, 2013, Non-compliant The bank to
Disclosure the retail exposure was 67% of the total comply with
in Financial advances portfolio. The individual the extant
Statements - Notes to borrower wise rating was therefore guidelines.
Confidential Page 32 of 33
Accounts applicable to only 33% of the advances
DBOD.BP.BC.No.14/ and the remaining exposures were
21.04.018/2012- subjected to a portfolio wise rating –
13 July 2, 2012 pricing matrix. This was not explicitly
disclosed in the Notes to accounts in
terms of the business mix of its retail and
wholesale exposure.
Confidential Page 33 of 33