RESERVE BANK OF INDIA

HDFC Bank Ltd.

Assessment as on March 31, 2014

Risk Assessment Report (RAR)

Major Areas of Financial Divergence
Findings on Capital and Earnings
Major Areas of Non Compliance
Table of Contents

Introduction……………………………………………………………………… 2
Part I: Risk Assessment Report……………………………… 2
Summary of Aggregate Risk at Bank Level………………………….. 2
Findings on Risks and Control Gaps Assessed……………………... 3
Governance & Oversight………………………………………………. 3
Credit Risk………………………………………………………………. 6
Market Risk……………………………………………………………… 11
Liquidity Risk……………………………………………………………. 13
Operational (Non-IT) Risk …………………………………………….. 14
Operational (IT) Risk …………………………………………………... 17
Other Pillar II Risks…………………………………………………….. 19
Part II: Major Areas of Financial Divergence……………………………… 21
Part III: Findings on Capital and Earnings………………………………… 22
Pillar I Capital & CRAR………………………………………………… 22
Capital Management, ICAAP and Stress Tests (including SREP)… 23

Assessment of Internal Generation of Capital………………………. 26

Scope & ability to infuse capital………………………………………. 27

Assessment of Leverage Ratio………………………………………... 27

Part IV: Major Areas of Non-Compliance…………………………………… 28
Part V: Annex……………………………………………………………………. 1-18
Annex-1: Major Areas of Financial Divergence……………………… 1
Annex-2: Computation of Outside Liabilities…………………………. 4
Annex-3: Assessed Net Worth………………………………………… 5
Annex-4: Computation of Assessed Capital…………………………. 6
Annex-5: Assessment of Internal Generation of Capital……………. 8
Annex-6: Leverage Ratio………………………………………………. 11
Annex-7:Details of observations for Operational Non-IT………………12

Confidential Page 1 of 31
 INTRODUCTION

The Risk Assessment of HDFC Bank Ltd. for 2013-14 under the Supervisory Program
for Assessment of Risk and Capital (SPARC) was completed with March 31, 2014 as
the reference date. The assessment has been made based on the off-site analysis of
the data and information furnished by the bank as well as the findings of the on-site
Inspection for Supervisory Evaluation (ISE) undertaken from November 11, 2014 to
January 02, 2015 and various explanations offered by the bank in course of inspection.
As per the SPARC process, the aggregate Risk Score of the bank is arrived at 2.141,
which is indicative of Medium Risk. On applying the assessed CRAR (16.058%) to the
aggregate risk score, the Risk of Failure score of the bank is arrived at 1.902.

PART I: RISK ASSESSMENT REPORT

Summary of Aggregate Risk at Bank Level

Inherent Risk Control Gap Aggregate Risk

Risk Category
A (1-4) B (1-4) A+B

Board 1.797

Senior Management 1.968

Risk Governance 2.048

Internal Audit 2.407

Credit Risk 2.272 2.213 2.254

Market Risk 1.876 1.927 1.891

Liquidity Risk 2.047 1.932 2.012

Operational (non-IT) Risk 2.560 2.243 2.465

Operational (IT) Risk 2.672 1.759 2.398

Other Pillar II Risk 1.684 1.740 1.701

Bank Level Business Risk 2.157

BANK LEVEL AGGREGATE RISK 2.141

Confidential Page 2 of 31
 FINDINGS ON RISKS AND CONTROL GAPS ASSESSED

1. Governance & Oversight: Aggregate Score (2.055)

Major findings/ observations

1.1 Board Score: 1.797
1.1.1 The compliance policy of the bank stated that the compliance with laws,
regulations etc in relation to pure credit, market or operational risk were
primary terrain of risk management function and not compliance. Such an
approach is not appropriate since ensuring adherence to regulatory
guidelines pertaining to these areas is a compliance function.
1.1.2 The bank’s SmartBuy website, where it had tied up with merchants or
merchant websites to sell their products to bank’s cardholders or net-banking
customers was in effect a virtual storefront managed by the bank. This
activity falls under the prohibited activity of “indirect selling of goods” in terms
of Section 8 of the Banking Regulation Act, 1949. The legal issues involved
had not been examined by the bank before launching the website. This
reflected poorly on the due diligence processes in place for new
product/activity rollouts. The risk mitigation process in place for regulatory
risk/reputation risk arising out of the bank’s strategy of leveraging technology
to reach out to its customers thus needed to be made adequate.
1.1.3 The bank had not framed any policy approved by the Board on money
changing activities.
1.1.4 The Board had not specified the authority/levels at which the exception
reports are to be submitted/perused and the manner in which the authority
will deal with the exception reports. The bank needed to enhance its fraud
risk management/detection capabilities and should be able to identify/detect
cases of frauds on its own from the exception reports generated, audit
controls in place, AML software etc.
1.2 Senior Management Score: 1.968
1.2.1 The bank had raised USD 3.3 billion during FY 2013-14 under the RBI
special dollar Swap window. Out of this, USD 2.0 billion were raised out of
loans given by overseas branches of HDFC Bank, USD 0.4 billion were
raised out of loans given by other banks against SBLC issued by HDFC Bank
in favour of lending bank and USD 0.19 billion were raised out of loans given
by other banks against lien marking confirmation given by HDFC Bank to the

Confidential Page 3 of 31
 lending bank. This process of raising deposits out of loans given by other
banks against SBLC was not as per para 2.4.2.3 (a) of
DBOD.No.Dir.BC.12/13.03.00/2013-14 dated July 1, 2013 and FEMA 8/2000-
RB dated May 3, 2000.
1.2.2 The bank had reversed contingent provisions which were in the nature of
floating provision, of 842.3 mn held against derivatives portfolio and 418
mn held against MFI exposures and taken it to Profit and Loss account during
the year. This was not in line with Para 5.6.3 of RBI’s Master Circular on
Income Recognition and Asset Classification dated July 1, 2013 and was
required to be reversed from P & L.
1.2.3 During March 2014, the bank had sanctioned a loan against deposit of
1000 mn to a RRB for on-lending, at squared rate of 0% spread over the
deposit rate. The sanctioning of loan against FD at zero mark-up over the FD
had resulted in increase of deposits and advances, as well as priority sector
advances of the bank near the balance sheet date. The utilization of the loan
had come down drastically by April 17, 2014.
1.2.4 The process of improving upon certain aspects of KYC/AML such as uniform
customer identification code (UCIC), risk categorization, filing of CTR,
complaints regarding mis-selling of third party products etc. needed active
attention of senior management of the bank.
1.2.5 The bank had neither formulated an annual compliance testing plan nor
monitored and tested compliance during 2013-14 by performing sufficient and
representative compliance testing with the results of such compliance testing
being reported to the top management.
1.2.6 The function of the compliance liaison officers at various locations designated
amongst functional employees in operations, including cluster heads, was
vague and undefined and appeared to engender conflict of interest. Though
the compliance function and the audit function of the bank were required to
be kept necessarily separate, certain e-mails, records, audit reports and
Board note had indicated that these two areas were not separate.
1.3 Risk Governance Score: 2.048
1.3.1 The non reckoning of intra-day and corporate card credit lines for exposure
calculation, high exposure under ‘Negative Financing’, deficiencies in system
driven NPA identification, lack of transparency in retail product pricing and
upfront recognition of unrealized income on account of processing fee

Confidential Page 4 of 31
 indicated deficiencies in credit risk management.
1.3.2 Deficiencies were noticed in market and liquidity risk management as there
was inadequate framework for identifying off-market trades in Fx and
derivatives, errors due to manual calculations in case of capital charge on
market risk, IRRBB, netting of positions across products without
disallowances for capital charge on market risk, unrealistic limits in structured
liquidity and deficiencies in bucketing for Structured Liquidity Statements
(SLS).
1.3.3 Operational risk management lacked robustness as there was no annual
compliance testing plan, non-separation between audit and compliance,
deficiencies in adherence to KYC guidelines, such as non adherence to
UCIC, rules for risk categorization, account opening process, parameters for
generating CTR and AML alerts, non escalation of complaints to higher
authorities, high dependence on outsourced employees and inadequate
monitoring of outsourced activities, mis-selling of third party insurance
products and violation of IRDA guidelines, no Board approved IT Strategy
Document and inadequate testing of critical processes under business
continuity planning and disaster recovery.
1.4 Internal Audit Score: 2.407
1.4.1 Though in terms of the ‘audit scoring module’ the scores were required to be
allotted as per the error rate in the sample taken for verification, neither the
sample nor the error rate was indicated anywhere in the audit report, to arrive
at the correctness of the score awarded in quantified areas. Similarly, the
scores awarded in non quantified areas were not strictly in terms of
guidelines pertaining to the adherence or otherwise to critical/non-critical
points of the process. Assignment of risk scores to various auditable entities
in terms of quantifiable and qualitative parameters was thus not
transparent/objective in nature. Further, there was no mapping between the
scores assigned under ‘area of review’ and observations under ‘audit by
observations’ for independent validation of the scores awarded.
1.4.2 While CASA/ term deposit and volume of transaction was given weightage for
arriving at business risk of retail branches, the intrinsic risk inherent in nature
of transactions /area of activity such as SEZ etc. was not assigned any
weightage for the purpose.
1.4.3 As required under the audit policy, the audit reports did not contain auditor’s

Confidential Page 5 of 31
 comments regarding correction/ improvement of weaknesses and corrective
action taken during the audit. Similarly, though the audit reports were
required to be subjected to independent review by a higher authority, the
same was not being carried out.
1.4.4 The annual audit plan (AAP) submitted to the ACB for approval did not
include the direction of risks. Further the performance review did not include
an evaluation of the effectiveness of RBIA in mitigating identified risks. In
certain cases, the reasons for migration of branches to a higher risk category
and corrective measures required were not indicated.
1.4.5 Periodical reviews by internal audit department had not evaluated the
effectiveness of RBIA and suggested various corrective measures and follow
up, if any.
1.4.6 The concurrent audit system of the bank needed strengthening to be
concurrent in nature. The concurrent audit reports were being submitted at
half yearly or more intervals which defeated the very purpose of concurrent
audit.

2. Credit Risk: Aggregate Score (2.254)

2.1 Inherent Risk Score: 2.272
Major findings/ observations
2.1.1 The Gross NPAs increased by a significant 28 % during 2013-14, the highest
increase in the last five years. However, it was masked by an equally
significant increase of 26% in gross advances which kept the Gross NPA ratio
at 0.91%. But for a significant reduction contributed in equal measure by
upgrades, write-offs and actual recoveries, the closing NPA position would
have been much worse. Upgrades, in particular, were the big booster as the
year 2013-14 alone accounted for much more recoveries than the previous four
years combined.
2.1.2 Further, most of the NPAs pertained to pre-March 2013 period. Most of the
fresh accretions were either upgraded, written-off or had some recovery. More
than 80% of recoveries were on account of fresh accretions. With regard to
write offs, almost two-thirds were on account of fresh accretions.
2.1.3 More than 10% of the total exposure of the bank as on March 31, 2014 was
denominated in foreign currency. Around 90% of the outstanding foreign
currency exposure to corporates was unhedged.

Confidential Page 6 of 31
2.1.4 Almost a third of total exposures of the bank were unsecured. Excluding the
credit card portfolio, which accounted for more than 42% of such funded
exposures, and retail loans, it was the short term loans to corporates which
contributed to the largest proportion of such exposures. Coupled with the fact
that these STLs were largely kept as appetite (uncommunicated) limits and not
reckoned for exposures, this represented an unrecognized risk in the balance
sheet. Of the secured exposures, only about 30% were secured by financial
collateral or readily redeemable securities.

2.2 Control Gap Score: 2.213

Major findings/ observations
2.2.1 On the wholesale side, the bank used a threshold-based structure for
controlling concentration on various dimensions. However, stipulation of limits
for various exposures, which has been delegated to the Board, did not appear
to be based on a reasoned justification. Further, various limits did not seem
consistent in terms of the base figure - while industry exposure limits and
aggregate rating-wise limits were in terms of percentage of total exposure, limit
for unsecured exposures was in terms of total outstanding, real estate
exposure was in terms of total advances, aggregate NBFC exposure was in
terms of credit exposure. For holistic monitoring, these limits may need to be
consistent in terms of the base figure.
2.2.2 For the purpose of measuring concentration risk, the bank mainly relied on the
HHI. Concentrations in some dimensions such as collateral type, currency,
tenor etc. are not assessed.
2.2.3 The bank constructs an industry correlation matrix based on stock price
movements of companies which indicates that correlation for more than 80
industry pairs to which bank has exposure is greater than 0.7, which is
significant. Further, joint exposure to these industry pairs is higher as
compared to lower correlation pairs. The banks needed to factor in the
correlations correctly in assessing the portfolio risk.
2.2.4 The bank has classified "Facilities over 500 million with a tenor longer than 7
years" under Negative Financing but its exposure as on March 31, 2014 to this
segment was 44,560 million. Such high exposure does not seem consistent
with the policy.
2.2.5 Exposures on account of corporate cards were taken as exposures on the
individual borrowers and not on the corporates, even though they were issued

Confidential Page 7 of 31
 solely based on the guarantee of the corporates. Credit assessment was done
only of the corporate and not of the individuals. Only a request letter from the
employees and a letter from the company confirming their employment status
was taken. Similarly, Forex Plus Cards were issued to employees of corporates
for meeting their foreign travel related expenses. Though supposedly offered
by the bank on a prepaid platform, these were considered as memo exposure
on the corporate implying that such cards were not exactly on a prepaid basis
and involved some exposure. In one particular instance, such exposure was
even treated as a funded exposure in the credit approval memo (CAM). Such
exposure was similar to corporate cards and should be captured as exposure
to the corporates.
2.2.6 The bank provided intra-day credit facilities to a large number of corporates
and mutual funds for transactional purposes on a regular basis. However, such
exposures were not reckoned as an exposure of the bank to these entities on
the ground that these were not in the nature of limits which were committed
/communicated to the customer and were extended at the sole discretion of the
bank. Average intra-day utilization of such limits during 2013-14 was 72886
million for mutual funds and 56392 million for corporates with peak utilization
being several times of the average exposure. Such exposures needed to be
reckoned for the purpose of calculating exposures to the borrowers and need
to be within the prudential SBL/GBL.
2.2.7 The bank had started getting data on unhedged exposures for the purpose of
provisioning in terms of RBI guidelines. However, these were yet to be
incorporated in the CAM assessment, where the figure for unhedged
exposures continued to be on the basis of latest annual report.
2.2.8 The bank was approving buyers credit for its constituents without aligning the
period of such trade credits with the working capital cycle of the borrower, with
the result that the same borrowers were allowed to avail buyers credit with
periods ranging from 40 to 180 days.
2.2.9 The rating of borrowers is supposed to be independent of the credit function.
Though the bank had a group of functionaries classified as Rating Approvers,
they were also from the Credit & Market Risk Group like the Credit Approvers
and the same set of people could wear both hats. Independence was sought to
be maintained by ensuring that for any particular credit proposal, there was no
commonality between the two. However, such a structure could potentially

Confidential Page 8 of 31
 militate against the independence of the rating process. Though there was a
large pool of credit approvers, the delegation structure was such that more than
70% of all CAM approvals in value terms required approvals from a few top
functionaries.
2.2.10 The bank had multiple systems for different types of exposures and within
these systems, the NPA identification process had been automated. However,
even though an account was classified as NPA, yet certain facilities may still be
shown as standard in different subsystems.
2.2.11 The bank allowed multiple current accounts to be opened in the name of same
borrowers with each of them being sanctioned separate OD limits. While each
of these facilities was monitored separately for out of order status, there was no
mechanism for monitoring transfers between the accounts of the same
borrower. In effect, this could make it possible for credits in one account to be
coming from debit to another account.
2.2.12 There was no process note for the system driven NPA identification procedure
detailing the logics/rules used in the system, manual intervention or overrides
to the system output etc
2.2.13 The NPA identification process in case of Investments was not system driven.
2.2.14 (i) There was no formal process for portfolio rebalancing based on rating
migrations.
(ii) While the bank was carrying out an exercise to map its internal ratings to
external ratings, the objective was not to calibrate and/or validate internal
ratings. Only broad mapping of ratings was noted between the two based on
rating migrations and there was no mechanism to examine the need for
consequent review of internal ratings based on the comparative findings.
(iii) For calculation of PDs, the bank used a margin of conservatism (MOC)
based on the CRISIL modified credit ratio (MCR). Bank's own PD estimate was
scaled up by a factor reflecting the difference between long term industry
default rate and short term industry default rate, as assessed from MCR.
However, this methodology would give conservative estimates only if the long-
run MCR was higher than short-run MCR. In the reverse case, it may even give
a less conservative PD estimate. Moreover, the above approach would fail to
capture the impact of worse periods within the long industry cycle. The policy
needs to specifically account for such possibilities and take the more
conservative estimates.

Confidential Page 9 of 31
2.2.15 One of the key shocks considered for stressing the wholesale credit portfolio
was higher level of rating migration. For this purpose, the bank subjected its
own portfolio to an additional shock impact based on the difference between
’Stressed rating transition matrix (Stressed TM) ’ and “Normal rating transition
matrix’, basis data from external rating agencies. However, the stressed TM
had been defined on the basis of discussion with ‘a leading rating agency’ and
is not available in public domain. Veracity of non-publicly available data would
be an issue, particularly for validation of stress testing results.
2.2.16 The retail asset product pricing framework gave a leeway to business to
operate within a band of (+)/( -) 3% from product rack rates which enabled the
business to lend below the base rate in auto loans, rental discounting, gold
loan and loan against securities/shares which was not permissible under the
extant guidelines. In the same pricing framework, the tenor premia for loan
against property (LAP), drop line overdraft (DOD), gold loan, Emerging
Enterprise Group (EEG), loan against shares (LAS) etc. was considered
negative which did not stand to reason. Further, the PD considered for pricing
was taken at various percentiles from 50% to 97% for various loan products,
without articulating any justification for the percentiles so considered as the
percentile adopted for a particular loan product impacted the risk premia for
that product.
2.2.17 The bank was charging interest on certain retail loan products such as
construction equipment, commercial vehicle etc. at the rate below base rate
under the plea that the incentive received from the manufacturer was being
passed on to the customer. The bank did not have any agreement with the
manufacturers on the quantum of incentive on record and the relief on the
interest rate provided to customers was non uniform across different customer
classes/categories and appeared to be arbitrary. There was no computation of
the interest rate applicable, the discount passed on to the customers on
account of incentive /moratorium relief and the final rate payable by the
customer on the CAM or elsewhere. Such practice by the bank lacked
transparency, distorted pricing mechanism and did not give a clear picture to
customer regarding applicable interest rate.
2.2.18 In retail loans the bank was charging processing fee in the range of 1% to
2.5%, the entire amount of which was recognized as income immediately, even
though this was paid by the borrower by way of EMIs during the entire tenor of

Confidential Page 10 of 31
 the loan. Such processing fees were deducted from the sanctioned amount at
the time of disbursement. This practice of recognizing the interest income in the
form of processing fees would adversely affect the earnings parameters in the
subsequent years. Incidentally during the year, the bank had recognized such
accrued but unrealized income of 12860 mn.
2.2.19 The Board had approved some retail product programmes like transport
finance, construction equipment, credit cards etc. without laying down certain
critical underwriting standards such as loan to value (LTV), fixed obligation
income ratio (FOIR), credit multiplier etc.
2.2.20 In an apparent inconsistency in the delegated authority structure, in the case of
auto premier loan though a higher authority could sanction the maximum
amount under the scheme, as per the deviation grid it needed to take approval
from a lower authority for allowing any deviation.

3. Market Risk: Aggregate Score (1.891)

3.1 Inherent Risk Score: 1.876
Major findings/ observations
3.1.1 The interest rate sensitivity and embedded optionality (premature withdrawal of
deposits) of the banking book indicated vulnerability of net interest income of
the bank.
3.1.2 Volatility of Forex VaR exhibited Forex risk in the bank.
3.2 Control Gap Score: 1.927
Major findings/ observations
3.2.1 The bank had not laid down any requirement for cutting of positions or any
specific corrective action in case of breaches in various limits as per the policy.
For all limit breaches, ratification was required to be taken at the appropriate
level.
3.2.2 The illiquidity charge for March 31, 2014 was calculated as an incremental
capital charge on account of the valuation adjustment on account of illiquidity
instead of adjusting the market value and applying the haircut on the same.
The valuation adjustment as of March 31, 2014 was 450 mn.
3.2.3 The bank was relying entirely on controls inbuilt in NDS-OM for adhering to the
regulatory limits on short sale transactions on intraday basis. This was not in
line with RBI guidelines which required internal controls in the bank for
adhering to the limits on intraday basis. As per the bank’s investment policy,

Confidential Page 11 of 31
 intraday reports were required to be sent by mid office to Dealing room
regarding the outstanding short sale positions during the day which were not
sent.
3.2.4 There were no thresholds/limits defined for various scenarios under Market
Risk Stress Testing.
3.2.5 For OIS and MIFOR trades, there was no straight through processing between
Reuters Dealing System and the Summit system which was used for
computing the risk positions and accounting and deals were required to be
input manually in these systems.
3.2.6 User Access Controls for different treasury systems were not strictly defined.
As per the bank’s IS Audit report, Summit application used for derivative deals
did not capture the IP address of user terminals even when multiple sessions
were opened from different systems. Similarly, some users were having
administrator rights in Numerix Risk Application.
3.2.7 Rate scan limits were fixed with 1% mark-up/mark-down over the hourly
high/low traded prices which was very high for stable market conditions. This
made the process of monitoring off-market deals in case of FX transactions
ineffective during stable market conditions. For OTC structured derivative
transactions such as CCIRS, IRS etc where rates were not readily available in
market, the bank used Day 1 P&L for identifying off market trades. The Day 1
P&L limit for derivatives included the MTM impact due to intra-day volatility in
the market rates over last 500 days at 99% VaR level instead of intra-day
movements during stable market conditions. This shall not give true picture of
off-market deals in stable market conditions. There was no documented
procedure to ensure that some clients were not unduly favored at expense of
others since there was no negative Day 1 P&L limit.
3.2.8 The TGA, DGA calculations for IRRBB were manual. There were errors in
MIBOR rates used for discounting (higher rates were used). However, the
impact due to the same was minimal. Yield used for Advances was taken at
aggregate level and not at bucket level due to system constraint. For Buy/Sell
Swaps, contract level Modified Duration was not calculated.
3.2.9 The bank had set Cumulative IRR Gap limit for overseas at 0.75 months of
budgeted net interest income. The limit of 0.75 months of budgeted net interest
income for overseas operations was very high and unrealistic as it translated to
around 18500 mn while the bank's overseas book had very small positions.

Confidential Page 12 of 31
3.2.10 Capital Charge calculation for Market Risk was being done manually which had
led to some errors such as incorrect bucketing of positions in time buckers for
some products such as MIFOR swaps, CCIRS etc. Capital Charge during the
period was being calculated based on risk factor approach. For example,
MIFOR linked products positions including Fx forwards, swaps, CCIRS were
being netted off without disallowances. Such netting of positions was not
allowed as per the RBI guidelines.

4. Liquidity Risk: Aggregate Score (2.012)

4.1 Inherent Risk Score: 2.047
Major findings/ observations
4.1.1 Structural liquidity risk emanated from high proportion of undrawn commitments
and cash flow mismatches in SLS.
4.1.2 Stress Liquidity risk was exhibited through low LCR.
4.1.3 Market Liquidity risk was on account of high amount of illiquid investments and
the bank being a net borrower in the market on most trading days.
4.2 Control Gap Score: 1.932
Major findings/ observations
4.2.1 There were cumulative cash flow gap limits for individual buckets in Structured
Liquidity Statement for INR, India, Overseas and Consolidated and Global FCY.
The limits after the first 4 buckets went upto 50% cumulative negative mismatch
gap in the last bucket which were very high and unrealistic.
4.2.2 The behavioural analysis and bucketing in Structural Liquidity Statement had
following observations:
a) The bank had done behavioural study for core computation for all deposits
less than 5 crore (considered as retail deposits). The deposits above 5
crore were bucketed as per residual maturity. This was done as the bank found
clear difference in stickyness of deposits between less than 5 crore and
greater than 5 crore. Hence, bank considered deposits less than 5 crore as
sticky. As per RBI guidelines, wholesale deposits are to be bucketed as per
residual maturity and retail according to behavioural study. Effectively, the bank
did not consider deposits below 5 crore as wholesale deposits.
b) Excess SLR was bucketed in 1-day bucket even for AFS portfolio which
required bucketing as per residual maturity. The rationale given was that entire
excess SLR can be repoed (repo or MSF) with RBI

Confidential Page 13 of 31
 c) Defeasance of HFT portfolio took into consideration holding period of the
securities in the six month period and is not linked to market volume or the
holding period required to sell the securities in the market depending on market
volume and bank’s trading volume.
d) Accrued interest on working capital/demand loans was taken as inflow in 1
day bucket which was required to be taken in respective maturity buckets as
per guidelines.
e) Volatile portion for Bills Payable was required to be taken as outflow in first
three buckets as per guidelines while bank had taken it till 1 year bucket.
4.2.3 The methodology used for Transfer Pricing of Treasury investments in
mandatory SLR, excess SLR, Derivatives etc needed to be detailed in the
Transfer Pricing Policy.
4.2.4 In the Contingency Funding Plan (CFP), no specific indicators or triggers were
defined for contingency. The bank had in new ALM policy (March 2014) defined
2 early warning indicators (share price movement and rating downgrade).
Adverse Share price movement (10% and 15% in excess of BANKEX
movement) were taken to identify Medium and High Risk scenarios. In the
medium risk scenario, no immediate action/meeting was required and action
point was discussion in next ALCO which defeated the purpose of early
warning indicator.
4.2.5 There was no backtesting of Dynamic Liquidity Statement during FY 2013-14.

5. Operational (Non- IT) Risk: Aggregate Score (2.465)

5.1 Inherent Risk Score: 2.560
Major findings/ observations
5.1.1 The bank was levied a penalty of 45 mn for violation of KYC/AML guidelines
in FY 2014.
5.1.2 People Risk was highlighted by high reliance on outsourced or contracted
employees as 48% employees were outsourced/ contracted and contributed to
38% of total employee cost. Also, the bank had a large shortfall of staff as
compared to the assessed requirement. The attrition rate of Sales/Front Office
employees was also very high.
5.1.3 The large number of consumer and legal cases filed against the bank during
the year and significant provision made on account of these cases highlighted
legal risk.

Confidential Page 14 of 31
5.1.4 Large number of customer complaints and KYC non-compliance issues
internally identified by the bank indicated process risk.
5.2 Control Gap Score: 2.243
Major findings/ observations
5.2.1 There were deficiencies in the KYC/AML framework such as non-adherence to
UCIC requirements, inadequate documentation in opening of corporate salary
accounts, proprietorship accounts, accounts operated on the basis of power of
attorney and correspondent banking relationship accounts. Re-KYC was due
for a large number of accounts and non adherence was observed towards
internal guidelines on Contact Point Verification (CPV). In case of co-operative
banks, the bank had no internal guidelines regarding cash payment to third
party against “self” or bearer cheques, as any amount from any branch of the
bank could be withdrawn. Rules for risk categorisation of customers in terms of
turnover of company and cash transactions, scenarios for monitoring domestic
wire transactions and parameters for generating CTR and STR in terms of
monitoring of cash transactions of walk-in customers were inadequate. Amount
aggregating more than 10 lakh in all the accounts of the same persons was
not being reported in CTR and no system existed for generating AML alerts for
accounts opened and closed during very short durations. There was no system
in place for monitoring of FEMA violations in prepaid cards as the loading /
reloading was on the basis of customers’ self declaration and monitoring of
Vostro accounts needed improvement. There was no audit trail in the system to
show that the decision to file an STR with FIU-IND was actually taken by
Principal Officer (PO). Detailed observations for compliance are furnished in
Annex 7.
5.2.2 The bank did not analyze the occurrence of frauds in terms of “system failure”
or “human failure”, borrowal/non-borrowal accounts, state wise concentration
etc, nor had it fixed a benchmark tolerance level for operational risks arising
from trend of frauds. Insurance related complaints received by the bank on
account of forgery (signature done by someone else/ records changed without
intimation etc) were not investigated by the vigilance department and were
closed at branch end. The bank had not taken action against the erring
employees and declared the cases as frauds, where mis-selling was proved as
per the internal investigation and the entire amount of policies was ordered to
be refunded to the customer. Detailed observations for compliance are

Confidential Page 15 of 31
 furnished in Annex 7.
5.2.3 More than 50% (1456 out of 2809 complaints) of the complaints received at
branches were not addressed within the stipulated turnaround time and in 23%
of cases the bank had not issued acknowledgement to the complainant. The
single largest category of complaints at the branches pertained to mis-selling of
insurance products including debit of premium from the account without the
consent of customer or cases where insurance product was sold to customers
even though a fixed deposit had been requested. The complaints pertaining to
sale of insurance products were being closed at the branch level without
escalating them to head office level. These were also not being forwarded to
fraud/vigilance for investigation. Though complaints regarding corruption,
malpractices, misconduct etc on the part of employees were being dealt with
directly by the vigilance department for investigation, they were not recorded as
complaints. The disclosure of the bank regarding complaints was incorrect to
that extent. The bank needed to step up its efforts to identify and address the
causes which lead to complaints that were recurring in nature e.g. staff related
complaints, mis-selling etc. Detailed observations for compliance are furnished
in Annex 7.
5.2.4 The bank needed to enhance customer service in terms of sending positive
confirmation to remittance originator for NEFT transactions to walk-in-
customers, allotting separate product code for accounts opened under various
Central /State Govt. schemes for crediting cheques/ direct benefit transfer/
electronic benefit transfer and auto credit of penal interest in case of delayed
NEFT. Detailed observations for compliance are furnished in Annex 7.
5.2.5 There was high dependence on outsourced employees and consequent
concentration risk, as about 50% of the employees involved in operations and
processes were outsourced and contract employees. Periodical review of the
effectiveness of outsourcing policies and procedures was not done by the
senior management and the regional quarterly audit reports on Cash in Transit
companies were not reviewed by the centralized team for effective monitoring.
Detailed observations for compliance are furnished in Annex 7.
5.2.6 There were instances of mis-selling of third party insurance products, where the
amount of premium paid was not in synchronization with the income of the
customer. At least 12 STRs had been filed to FIU-IND in the matter. The bank
was not adhering to its code of commitment by not providing post sale services

Confidential Page 16 of 31
 to customers of third party products, non specified employees of the bank were
engaged in lead generation/ solicitation of third party life insurance products in
contravention of IRDA guidelines and there were delays of more than one
month in the issue of policy after payment of premium. The bank had altered
the minimum eligible amount of single one time premium in some of the HDFC
life insurance policies from 25,000.00 to 2, 50,000.00, as compared to that
offered by HDFC SLI. E-mail documents indicated that HDFC SLIC was
offering incentives for enhanced target achievement in the form of training at
Port Blair for employees of the bank, through mails to the respective clusters
which were then forwarded by the clusters to every employee within the cluster.
Such incentive was prohibited in terms of IRDA guidelines. Detailed
observations for compliance are furnished in Annex 7.
5.2.7 The bank’s MIS was incapable of generating details of all accounts such as
deposits, borrowings, credit cards etc. of the same customer as there were
several systems in which the data was stored. Similarly, disaggregation of
details regarding alerts generated by AML software, audit alerts, exception
reports etc. for the purpose of filing of STRs was also not possible. Detailed
observations for compliance are furnished in Annex 7.
5.2.8 Certain areas/activities such as Vostro accounts, loan against gold jewellery
and financial securities, Trade finance CPUs, gold banking/ metal loans,
currency chest operations etc. were not covered under concurrent audit and the
bank may review the areas required to be covered under concurrent audit.
Though the branches were required to respond promptly regarding bonafides of
transactions on the 1 crore portal’, the same was not being covered by the
concurrent auditors as they have not been provided access rights. Detailed
observations for compliance are furnished in Annex 7.

6. Operational (IT) Risk: Aggregate Score (2.398)

6.1 Inherent Risk Score: 2.672
Major findings/ observations
6.1.1 System Integration Tests and User Acceptance Tests were not conducted
stringently. There were high number of bugs detected in the IT systems during
the period which necessitated back-end changes to be carried out. Large
number of data patches were executed in critical applications as identified by
the bank during 2013-14, of which majority pertained to application bugs.

Confidential Page 17 of 31
6.1.2 There was a high unscheduled downtime for CBS and internet banking.
6.1.3 Manual intervention existed while uploading files in 23 critical systems
highlighting lack of Straight Through Processing between critical and subsidiary
systems.
6.2 Control Gap Score: 1.759
Major findings/observations
6.2.1 It was observed that Capacity Review had not been done at the required
interval/frequency/manner in the case of certain applications, viz., Finnone-
LMS, Dealpro, Summit, FCIS, etc.
6.2.2 Out of 20 sample desktops, it was observed that there was unauthorised
software on 17 of them. The same observation had been made by the previous
audit where 20 out of the 20 desktops sampled had unauthorised software.
While the samples had been rectified, the repeat observation showed that there
was no effective way to prohibit or detect unauthorised software.
6.2.3 Verification of data pre and post implementation was not done after installation
of patches, compromising the verification of data integrity. Issue was closed
with 'noted for future compliance', but it was a lapse of control function,
nevertheless.
6.2.4 The 'Application Migration Process' did not entail that the earlier application
upon completion of data migration should be frozen or all the users should be
disabled.
6.2.5 The agreement signed between HDFC and Reliance for Dhirubhai Ambani
Knowledge Centre (DAKC), Mumbai did not have the clauses which would
allow either the bank or RBI to carry out an audit, enforce Reliance to have an
AMC with respective OEMs to ensure preventive maintenance and
‘background verification clause’ for vendor staff.
6.2.6 In the case of New Core Banking Application, it was observed that User Access
Management (UAM) administrator could execute modifications without any
authorization. Resultantly, user ID may be unlocked or password reset in an
unauthorized manner, and misused for carrying out unauthorized
transactions.
6.2.7 It was observed that though readability/restoration tests were scheduled and
carried out periodically, the reports/results were not put up to the IT Strategy
Committee/Board.
6.2.8 The uptime guaranteed by the SLA Management Team to the service

Confidential Page 18 of 31
 beneficiaries was not backed by counter guarantees from vendors for software
and applications. The process of evaluating and committing an uptime did not
have any approval from any of the management level committees.
6.2.9 Business Continuity Management Procedure requires the bank to conduct tests
at least twice every year. However, as per the recommendations of the
‘Gopalakrishna Working Group’, testing for highly critical processes should be
done at quarterly intervals.
The current BCP planning for branches to direct customers at the disaster
affected branch to the nearest branch, is inadequate inasmuch as it is not
feasible for branches in remote locations. Review of branch link as on June
2014 revealed that secondary link was not present for 478 branches.
6.2.10 Some of the critical applications interacting with multiple CBS systems / other
critical applications required manual intervention. Out of 45 applications having
interface with New Core Banking Application, there was manual interface with
11 applications, five wholesale banking applications and two Oracle
applications. In the absence of STP, files transferred between the applications
are susceptible to tampering and modification.
6.2.11 The bank was yet to address the issues pertaining to 72 gaps identified by an
external consultant with regard to recommendations of the Working Group on
Information Security, Electronic Banking, Technology Risk Management and
Cyber Frauds.

7. Pillar II Risk: Aggregate Score (1.701)

7.1 Inherent Risk Score: 1.684
Major findings/ observations
7.1.1 High level of customer litigations highlighted reputation risk to the bank.
7.1.2 During the year bank had increased its stake in its two subsidiaries and
exposure to the subsidiaries had also gone up. There was increase in stressed
assets (Gross NPA at 0.81% as on March 31, 2014 as against 0.44% as on
March 31, 2013) along with sharp increase in advances (63.2%) of one of the
subsidiary HDBFS which was a NBFC had resulted in increased group risk. The
group risk could further increase with phased implementation of revised
regulatory framework for NBFCs with respect to asset classification.

7.2 Control Gap Score: 1.740

Confidential Page 19 of 31
 Major findings/ observations
7.2.1 The reputation risk management was limited to the bank and its subsidiaries.
The reputation risk arising out of the HDFC Ltd and its group companies was not
taken into account by way of a risk register or otherwise. Perception of
employees was not considered for assessing reputation risk.
7.2.2 During the period under review the limits for intra-group transactions continued
as per the bank’s credit policy on regular borrowers. One of the subsidiaries of
the bank, HDBFS, was in the same line of business extending similar products,
and competing with the bank.
7.2.3 The bank had not conducted any inspection of its subsidiaries and associates of
the bank during the year. The bank was yet to subsidiaries its associates ADFC
and HBL and continued to outsource services which were not in conformity with
the outsourcing guidelines.
7.2.4 The bank did not have a Board approved long term business strategy in place
other than the ICAAP document covering three years business projections.
7.2.5 The model validation of credit risk models was an annual exercise and not
validated internally on a monthly basis. The external validation of IRB model had
reported deficiencies in the area of inadequate documentation which was yet to
be addressed. In respect of other deficiencies like rating horizon in retail model,
an overriding framework for models with low discriminating power for whole sale
model etc., bank had started putting in place remedial measures.

Confidential Page 20 of 31
 Part II: MAJOR AREAS OF FINANCIAL DIVERGENCE

The summary of major areas of financial divergence, including assessed risk weighted
assets, which determined assessed capital of the bank, is given below. Details are in
Annex-1.

1. Divergences (shortfall) in Provisioning

Areas/ Description @ Shortfall

(In mn)
Reclassification of Standard Loan Assets as NPAs Nil
Reclassification of Existing Loan related NPAs Nil
Reclassification of Standard Investments as NPIs Nil
Shortfall in Standard Asset Provisioning 3
Other Assets Nil
Understatement of Expenditures / Liabilities Nil
Unamortised Expenses Adjusted to Tier I capital Nil
Provision for Diminution in fair value of Restructured
2
Accounts
Total Additional Provisions 5

2. Divergence in Risk Weighted Assets (RWAs)

RWAs (In mn)

Risks
Reported Assessed
Credit Risk 3,034,265 3,037,973

Market Risk 113,673 113,673

Operational Risk 305,070 305,070

Total RWAs 3,453,008 3,456,716

• Additional RWAs of 3708 mn was added on account of inclusion of corporate in

RRP in one instance ( 16.36 mn), wrong application of external rating in one
instance ( 486.00 mn) , application on 50% CCF in financial guarantee in two
instances ( 405.15 mn ) and non-application of 150% risk weight to unrated long
term exposure of corporates where the short term unrated exposure were attracting
150% risk weight due to application issue specific short term rating one notch
below the available rating ( 2800.36 mn).

Confidential Page 21 of 31
 Part III: FINDINGS ON CAPITAL AND EARNINGS

1. Pillar I Capital & CRAR

The summary of reported and assessed capital position of the bank is given below.
Details are in Annex-4.
A. Basel III Capital as relevant for current year (2013-14)
Admissible Capital under Basel III (In mn)

Particulars Reported Assessed

Total capital (TC) 555,101 555,096

Common Equity Tier 1 (CET1) capital 406,545 406,540

Tier 1 (T1) capital 406,545 406,540

Tier 2 (T2) capital 148,556 148,556

Admissible CRAR under Basel III (in %)

Particulars Reported Assessed

Total capital (TC) 16.07 16.06

Common Equity Tier 1 (CET1) capital 11.77 11.76

Tier 1 (T1) capital 11.77 11.76

Tier 2 (T2) capital 4.30 4.30

B. Basel III Capital as relevant for next year (2014-15)*

Available Capital under Basel III (In mn)

Particulars Reported Assessed

Total capital (TC) 555,101 555,096

Common Equity Tier 1 (CET1) capital 406,545 406,540

Tier 1 (T1) capital 406,545 406,540

Tier 2 (T2) capital 148,556 148,556

Confidential Page 22 of 31
 Available CRAR under Basel III (in %)

Reported Assessed

Total capital (TC) 16.07 16.06

Common Equity Tier 1 (CET1) capital 11.77 11.76

Tier 1 (T1) capital 11.77 11.76

Tier 2 (T2) capital 4.30 4.30

2. Capital Management, ICR, ICAAP and Stress Tests

(a) Bank’s Capital Planning and Business Projections

2.1 Capital planning in the Internal Capital Adequacy Assessment Process (ICAAP)
was conducted over a three year horizon. The bank assessed itself to be moderately
complex in respect to the Principle of Proportionality for the ICAAP. For the period
2015-2017, the bank had modified its minimum capital levels to align with the phase-in
of the Basel III capital framework and taken into account consequent phasing out of
ineligible capital instruments.

2.2 The bank’s stand alone total advances were projected to increase by 24.4%,
26.2%, and 27.5% between March 31, 2015 and March 31, 2017 and growth in
investment was projected at 27.7%, 20.0% and 17.9% in the same period. Total
deposits of the bank were projected to grow by 22.1%, 25.4% and 25.4% between
March 31, 2015 and March 31, 2017. The bank’s stand alone RWAs were projected to
increase by 25.95 %, 25.00% and 26.03% during the period 2015-2017. The bank had
a documented business plan for the period 2014-15. Business plan beyond one year
was arrived through discussion and deliberations. Sufficient documentation regarding
formulation of a long term strategic plan for a time horizon of beyond one year was
absent. The bank was optimistic about achieving the projected business level on
account of its ability to maintain the steady growth rates in past. There was no major
variance in last three years projected and actual figures..

2.3 Capital of the bank at solo level was projected to increase by 32.38% to
734853.25 mn during 2014-15 on account of capital raising of 100000 mn, increase in
reserve and surplus by 83628 mn and ESOP allotment of 10000 mn. The addition

Confidential Page 23 of 31
to capital during 2015-16 and 2016-17 had been projected mainly on account of the
internal generation of capital and ESOP allotment of 10000 mn each during 2015-16
and 2016-17 and it would be sufficient to fund the projected business growth. The
reserves and surplus of the bank was projected to increase by 19.46%, 20.59%, and
21.38% during March, 2015 to March, 2017 due to projected growth in profit by 27.27%,
26.43% and 25.21%. The stand alone CRAR was projected at 16.90%, 15.44% and
14.31% for the same period.

(b) Assessment of Pillar I & II Capital and Internal Capital Ratio

2.4 Assessment of Pillar I and II Capital

The bank followed Standardised Approach for Credit Risk, Standardised Duration
Approach for Market Risk and Basic Indicator Approach for Operational Risk. The bank
had adequate capital in terms of the regulatory capital standards. The reported stand
alone CRAR and core CRAR were 16.07% (PY: 16.80%) and 11.77% (PY: 11.08%)
and consolidated CRAR and core CRAR for the group (Bank considered its two
subsidiaries HDFC Securities Limited and HDB Financial Services Ltd as part of group)
were 16.00% (PY: 16.90%) and 11.72% (PY: 11.01%) as on March 31, 2014. The
stand alone total Pillar I capital charge as on March 31, 2014 was 310770 mn. Under
Pillar 2, 58180 mn was allocated to stressed capital charge on account of credit and
market risk and 8250 mn was assigned to other quantified risks viz., liquidity risk,
credit concentration risk and business risk. No additional capital was allocated in
respect of other two quantifiable risks i.e IRRBB risk and Counterparty Credit Risk. No
Pillar II capital charge was considered for subsidiaries. For non-quantified material
risks, viz. Strategic Risk, Reputation Risk, Residual Credit Risk from Securitization,
Residual Credit Risk from Collections, Technology Risk, Intra-day Risk, Group Risk,
Compliance Risk etc, no additional capital was set aside. There was a monitoring
framework in place to monitor these risks and there was a capital buffer of 177900 mn
after accounting for Pillar 1 and Pillar 2 capital charges.
Some deficiencies observed in the assessment of capital are highlighted below

The capital adequacy computation was not entirely system driven. There were manual
interventions due to system deficiencies. Overseas branch credit risk capital,
memorandum of interest, loan against gold, bills discounted against own LCs,
repo/reverse repo transactions, cash with other banks etc. were calculated/reversed
manually outside the system for credit risk capital computation. The market risk capital
(MRC) computation was entirely manual during the period under review and was

Confidential Page 24 of 31
computed on a monthly basis and not on a daily basis. The bank had put in place
system to compute MRC from October 2014 which also enabled daily computation. The
definition put in place to calculate the exposure in Regulatory Retail Portfolio (RRP)
was not error free.

Additional RWAs of 3708 mn were identified on account of inclusion of corporate in

RRP in one instance, wrong application of external rating in one instance, application
on 50% CCF in financial guarantee in two instances and non-application of 150% risk
weight to unrated long term exposure of corporate where the short term unrated
exposure were attracting 150% risk weight due to one notch downgrade to available
short term rating.

2.5 Internal Capital Ratio:

Bank had put in a minimum total internal capital threshold of 9.5%, 10.63% and 11.75%
as on March 31, 2015, March 31, 2016 and March 31, 2017 respectively considering
phase in of capital conservation buffer, countercyclical buffer and DSIB buffer.
(c) ICAAP
The ICAAP was reviewed and endorsed by the Risk Policy & Monitoring Committee
and approved by the Board before submission to Reserve Bank of India. The ICAAP
was also validated by the Internal Audit Department of the bank. However, no external
validation was carried out.
The quarterly review of the ICAAP by the ICAAP Review Committee (IRC) acting as a
forum focused assessment of the identified material risks by bank enabled the
management of the bank to have a view of the level and outlook of the risks,
benchmark the level of risk with the appetite as well as the comfort of the adequacy of
capital held to meet the risks. Capital consumption by various business lines was
monitored at half yearly interval. The bank had put in a framework for internal allocation
of capital to the various businesses and even at a borrower level in the case of
wholesale banking, however for its retail businesses the framework was in nascent
stage.
The Attrition Rate of sales/front office employees of the bank was significantly higher at
53.66%. The bank was also dependent on its two associates Atlas Documentary
Facilitators Company Private Limited (ADFC) and HBL Global Private Limited (HBL)
and one subsidiary HDB Financial Services Ltd. (HDBFS) for data entry, marketing and
collection services respectively. The levels of attrition in these subsidiaries/associates
were considerably high. The attrition rate of ADFC, HBL and HDBFS was 39%, 65%
and 73% respectively. Risk arising out of such high attrition was not factored in the

Confidential Page 25 of 31
ICAAP document. Banks had not considered people/talent management risk as a
separate risk.
The bank had not considered setting aside additional capital on account of the risk that
may arise out of intraday limits to MF which were unconditionally cancellable and limits
against pipe line transactions/short term loans sanctioned but not communicated to
customers.
(d) Stress Testing
The scenarios considered by the bank in its stress test framework were Global
recession, political uncertainty, adverse monsoon, Euro zone debt crisis, Subprime and
excessive INR appreciation/depreciation. The results from these stress tests carried out
as on March 2014 indicated that under the worst scenario, the capital adequacy ratio
would drop by 260 bps to 13.44% from the base capital adequacy of 16.07%. As per
the stress testing conducted on provisional figures as on September 30, 2014, the
CRAR of the bank had come down to 14.69% and under stress scenario it would come
down to 12.60%. The new Stress Testing Policy following revised RBI guidelines on
Stress Testing was approved by Board on March 24, 2014. The bank had started
Stress Testing under the revised framework from June, 2014 onwards.
One of the key shocks considered for stressing the wholesale credit portfolio was
higher level of rating migration. For this purpose, the bank subjected its own portfolio to
an additional shock based on the difference between ’Stressed rating transition matrix
(Stressed TM) ’ and “Normal rating transition matrix’, based on data from external rating
agencies. However, the stressed TM had been defined based on discussion with ‘a
leading rating agency’ and is not available in public domain. Veracity of non-publicly
available data would be an issue, particularly for validation of stress testing results.
3. Assessment of Internal Generation of Capital
The total income of the bank was 490551.75 mn in 2013-14 of which 83.86 % was
contributed by interest income. The income from stable sources was 96% of the total
income. The balance sheet of the bank increased by 22.8 % (PY: 18%) during 2013-14
on the strength of growth in deposit by 24% and advance growth of 26.4%. After
adjusting for the one time increase in FCNR deposits swapped with RBI under special
window and related foreign currency loans sanctioned against such deposits the growth
in deposit and advance during the year were 16.9% and 21.8% respectively. The banks
market share in deposits had increased to 4.40 % (PY: 4.10%) and market share in
advances remained static at 4.70%. The net interest margin marginally decreased to
4.4% as on March 31, 2014 as against 4.5% as on March 31, 2013. The pre-tax ROA
of the bank increased to 3.02% during 2013-14 from 2.76 % during the previous period.

Confidential Page 26 of 31
The reported Gross NPA and Net NPA has increased marginally from last year to
0.98% (0.97%) and 0.27 (0.20%) respectively as on March 31, 2014.
The dividend payout ratio of the bank was 22.68%, 22.77% and 22.70% for the year
2013-14, 2012-13 and 2011-12. There was no large variation in actual and budgeted
earnings and profit. The actual income and profit were 98% and 103% of budgeted
income and profit during 2013-14. Total provision and contingency including provision
for tax increased by 25.12 % due to 41.97% increase in income tax provision. Despite
an increase in provision for NPA by 32.28%, the total provisioning and contingency
requirement, excluding provision for tax decreased by 5.31% mainly on account of
utilization of floating provision of 300 mn and contribution to floating provision of 300
mn as against last year’s contribution of 4000 mn. Reduction in the compensated
absence there by reducing the eligible carry forward leave per employee (was reduced
from 90 days to 60 days) also resulted in less provision towards compensated leave
expenses. During the year contingent provision of 842 mn on derivatives and 418
mn against MFI exposure had been reversed and taken into income. The bank had also
recorded an exchange gain of 490 mn on profits repatriated from Bahrain branch.

4. Scope & ability to infuse capital

The paid up capital of the bank was 4798 mn against authorized capital of 5500 mn.
The bank had enough scope for raising common equity, as the bank’s share price was
quoting at a premium and the price to book value per share was around 4.13 times as
on March 31, 2014.
The bank had envisaged raising capital of 100000 mn during 2014-15 and taken
approval in the AGM. On January 09, 2015 the FIPB had recommended the bank's
proposal for consideration of the CCEA. If HDFC Ltd were to be considered as indirect
foreign share holding, the foreign share holding as of March 2014 would have been
marginally above the 74% sectoral cap. As of December 31, 2014, the foreign share
holding of the bank under the same scenario would be 73.39%. If the capital raising of
100000 mn during 2014-15 did not materialize before March 31, 2015 the CRAR of
the bank would come down to 14.60%, CET1 and Tier 1 Ratio would be at 11.32% as
on March 31, 2015.

5. Assessment of Leverage Ratio

The leverage ratio had improved to 6.52% (PY: 6.10%) and was well above the
minimum requirement of 4.5%.

Confidential Page 27 of 31
 PART IV: MAJOR AREAS OF NON-COMPLIANCE (REGULATORY GUIDELINES)
Regulation Reference Area / Subject Nature & Description of Non-
(Para & Circular no.) of Non- Compliance
Compliance
Master Circular KYC/AML KYC/AML related issues such as non
Para 2.4(d) of related issues
adherence to UCIC, AML checking with
DBOD.AML.BC.No.24/1
4.01.001/2013-14 dated respect to UNSCR list, opening of salary
July 01, 2013 on Know
accounts with only employer certificate
Your Customer (KYC)
Norms / Anti-Money etc.
Laundering (AML)
Standards / Combating
of Financing of
Terrorism (CFT) /
Obligation of banks
under PMLA, 2002 and
Para 2 of
DBOD.AML.BC.NO.124
/14/01/001/2013-14
dated June 26, 2014
Para C.1.1 (i)(b) of Advance against In terms of Master Circular on Imports,
Master Circular on import
advance remittance against import can
Import of Goods and
Services dated July 01, be sent up to USD 5 million subject to
2013:
bank’s board guidelines in absence of
any bank guarantee. In one case it was
observed that the branch has remitted
more than USD 8 million against imports
within a week for same import transaction
without any bank guarantee in place and
appropriate due diligence. The remittance
was made against the bank’s own Board
decision dated July 6, 2011. The import
order has also been cancelled but money
had not been repatriated despite the
lapse of almost one year. The remittance
of an amount exceeding USD 5 Million
without bank guarantee was in violation
of extant guidelines.

Master Circular Automation The bank was using an in-house utility for
Para 2.1 of
generating the list of large credits to
DBOD.No.Dir.BC.13/13.
03.00/2013-14 dated

Confidential Page 28 of 31
Regulation Reference Area / Subject Nature & Description of Non-
(Para & Circular no.) of Non- Compliance
Compliance
July 01, 2013 single/group borrower. A simulation
Master Circular-
exercise was carried out for generating
Exposure Norms
the list of top 20 borrowers as on March
31, 2013. It was found that through a
manual intervention, the utility was able
to mask the name & exposure of one
borrower to another borrower in the same
group by allotting the same code to both
the borrowers. Use of such manual
intervention by the bank to misreport any
breach of single borrower exposure limits
within the overall group exposure limit
could not be ruled out.

Master Circular Floating The bank had reversed a contingent

Para 5.6.3 read with Provision
provision which was in the nature of
Para 5.9.12 of
DBOD.No.BP.BC.1/21. floating provision, of 842.3 mn held
04.048/2013-14 dated
against derivatives portfolio and 418
July 01, 2013
Master Circular on mn held against MFI exposures and
Income Recognition
taken to Profit and Loss account during
and Asset Classification
and Provisioning the year. This was not in line with Para
pertaining to Advances
5.6.3 read with Para 5.9.12 of RBI’s
Master Circular on Income Recognition
and Asset Classification dated July 1,
2013 and required to be reversed from P
& L.

Master Circular System driven The bank should strictly follow system
Para 2 of NPA
driven NPA identification process
DBOD.No.BP.BC.1/21. identification
04.048/2013-14 dated
July 01, 2013
Master Circular on
Income Recognition
and Asset Classification
and Provisioning
pertaining to Advances
Master Circular Complaint Complaints regarding corruption and
DBOD.No.Leg.BC.22/0

Confidential Page 29 of 31
Regulation Reference Area / Subject Nature & Description of Non-
(Para & Circular no.) of Non- Compliance
Compliance
9.07.006/2013-14 dated malpractices, misconduct on the part of
July 01, 2013 Master
employees etc were not recorded as
Circular on Customer
Service in Banks complaints, though they were being dealt
with directly by the vigilance department
for investigation. The disclosure of the
bank regarding complaints was incorrect
to that extant.

Master Circular Guarantees and This process of raising deposits out of

Para 2.4.2.3 (a) of Co-acceptances
loans given by other banks against SBLC
DBOD.No.Dir.BC.12/13.
03.00/2013-14 dated or lien marking in favor of lending bank
July 1, 2013 on Master
which was not as per para 2.4.2.3 (a) of
Circular on Guarantees
and co-acceptances DBOD.No.Dir.BC.12/13.03.00/2013-14
and FEMA 8/2000-RB
dated July 1, 2013.
dated May 3, 2000
Annex-II of Structured Excess SLR was bucketed in 1-day
DBOD.No.BP.BC.38/21 Liquidity
bucket even for AFS portfolio which
.04.098/2007-08 dated Statement
October 24, 2007 required bucketing as per residual
Guidelines on Asset-
maturity
Liability Management
(ALM) System -
Amendments
Master Circular Priority Sector The bank did not achieve the priority
RPCD.CO.Plan.BC.9/0 Targets and
sector sub-targets under direct
4.09.01/2013-14 dated Classification
July 1, 2013 agriculture, weaker sections and micro
Master Circular-Priority
MSME. Also, there was misclassification
Sector Lending-Targets
and Classification of accounts under direct agriculture.

Master Circular Calculation of Additional RWAs of 3707.87 mn was

Para 5 of Risk Weighted
added on account of inclusion of
DBOD.No.BP.BC.2/21. Assets (RWAs)
06.201/2013-14 dated corporate in Regulatory Retail in one
July 1, 2013
instance ( 16.36 mn), wrong application
Master Circular-Basel III
Capital Regulations of external rating in one instance
( 486.00 mn) , application on 50% CCF
in financial guarantee in two instances
( 405.15 mn ) and non-application of
150% risk weight to unrated long term

Confidential Page 30 of 31
Regulation Reference Area / Subject Nature & Description of Non-
(Para & Circular no.) of Non- Compliance
Compliance
exposure of corporates where the short
term unrated exposure were attracting
150% risk weight due to application
issue specific short term rating one notch
below the available rating ( 2800.36
mn).

Confidential Page 31 of 31