Will RBI disclose “Sanction Mechanism” to enforce sanctity of Banking license conditions?

Posted on July 6, 2013 by Vijayashankar Na

The opening up of a licensing window for Private Banks in India which has attracted 26 applications has also raised a debate on whether the new licenses are beneficial to the economy. RBI intends to impose “Financial Inclusion” and “Priority Sector Obligations” in addition to “Minimum Capital”, “Majority Public Holding” and “Avoidance of Conflict of Business” as norms to ensure that the new licenses will actually benefit the society.

The undersigned  has been fighting for a “Safe E Banking” environment in India and has been pointing out that RBI has not succeeded in imposing its own regulatory prescriptions for safe banking with the current Bankers. Many of the Bankers simply ignore RBI guidelines and RBI is forced to remain silent. Non notification of Damodaran Committee recommendation on customer service and the recent postponement of security mitigation guidelines for cards and e banking scheduled for June 30, 2013 are glaring examples of how RBI’s good intentions are remaining only on paper.

Naavi has pointed out several instances where some Banks have failed to follow RBI guidelines and flouted licensing norms causing loss to the public. At least in two instances, Naavi has demanded that licenses of two branches of two Banks should be suspended as a matter of punishment. Naavi has also demanded that the penalty for KYC failures should be increased and the funds generated should be used for providing “E Banking Fraud Guarantee Scheme”. RBI has not been able to take any action on these demands.

Additionally several sting operations have recently exposed the malpractices in prominent Banks indulging in money laundering.

Most Banks including public sector Banks have gone on record with illegal and anti consumer terms in the Internet Banking guidelines and RBI has not even taken notice of the same.

Many of these violations are sufficient to cancel the license of the entire Bank if not the erring branch. But considering that Naavi’s demand for cancellation of licenses of one branch of PNB and one branch of ICICI Bank for flouting RBI guidelines has not evoked proper response from RBI, it is unlikely that RBI will ever consider “Non Compliance of Regulations” as sufficient cause for cancellation of license. RBI may consider strict action only when there is a “Managerial Fraud” and “Imminent failure possiblity” in the Bank.

RBI has therefore shown its inability to take any strict penal action against erring Banks who continue to flout regulatory norms and are ready to pay the financial penalty if caught. Absence of any other stricter penalty has diluted the perceived power of RBI.

Had RBI initiated criminal action against some of the Chairpersons of the erring Banks who are proved to be involved in money laundering and other illegal activities, the regulatory compliance situation would have been better. Even if the licenses of the erring branches had been cancelled, it would have had a significant impact in preventing future violations of similar kind. But RBI did not have the guts to impose such strict penalty on the erring Banks.

As things stand today, RBI is therefore becoming less and less effective in regulating the industry. Some of the individual Banks and the IBA are gaining too much indulgence to dictate the regulatory aspects of the industry.

The “Strict Norms” for licensing which are now being discussed need to be seen in this perspective.

For example, even now, RBI has not been able to achieve its Financial Inclusion and Priority Sector lending objectives and there is an admitted large scale rigging of figures by Banks to report non existing compliance. Failure of RBI in “Selective Credit Control” and “Over Liberalization without adequate monitoring and control” is part of the reason why inflation is going unchecked in the country. “Commercial objectives superseding social welfare” has slowly converted “Banks” into “Money shops” with no social obligations.

In this background, the so called “Strict Norms for Licensing” appear amusing. These norms could finally  end up only as an eye wash to let influential corporates get the coveted Bank licenses.

I am sure that some corporates may more than satisfy the minimum captial criteria prescribed by RBI for the New banks to profess that they have “Deep Pockets” to ensure success of the venture. The “holding structure” also would be met with suitable restructuring. They may also provide all assurances on “Financial Inclusion” and “Priority Sector Lending”.

But it is more or less certain that many of the new Banks will finally end up with only “Elite Banking”. They have no capability nor will have the willingness to take up “Financial Inclusion” obligations or “Priority Sector lending”. They will also openly flout “Safe E Banking Principles”. Even though the players will provide assurances and guarantees for obtaining the licenses, they will conveniently ignore in times to come.

From the past one can infer that RBI  does not have the capability to cancel the license even if the Banks turn out to be “In House ATMs” for large corporate houses.

This raises the question that if RBI is not capable of taking strict deterrent action against flouting of Banking norms as has been exhibited in the past, then what is the sanctity of the “Strict Licensing Norms”?

In this background, it appears that just as the applicants need to prove their credentials, it is time for RBI to prove its own credentials as a regulatory agency capable of enforcing its own regulations. For this purpose, RBI should disclose a “Sanctions Mechanism” by which it intends to enforce license obligations in the years to come and the possibility of suspension or cancellation of licenses in cases of repeated failures to meet regulatory guidelines. Such a mechanism should clearly identify “Non Compliance Incident identification and reporting structure”, “Gradation of non compliance incidents”,”Mandatory penalties for different grades of non compliance”, “Inclusion of criminal penalty against erring officials” and also “Cancellation of License”.

May be it can be considered as  an opportunity for RBI to develop an effective regulatory mechanism for the new Banks with which it can also set right the regulatory short falls that have crept into the system at present.

I therefore urge RBI to take some of the steps that have been indicated in this and earlier articles such as

a) Undertaking a Socio-Economic Cost benefit analysis of the business plans submitted by the applicants and placing the reports in public domain along with the proposed business plans

b) Making Cyber Crime insurance mandatory

c) Imposing strict sanctions for non compliance including mandatory loss of license and disclosing the sanction policy as a public document.

Naavi

Posted in Bank, RBI | Tagged , , , , , | Leave a comment

Not all Eligible applicants to get Bank License

Posted on July 5, 2013 by Vijayashankar Na

Governor of RBI has clarified that out of the 26 applications received by RBI for new Banking license, not all otherwise eligible applicants will be granted the license.  RBI has also clarified that it would take about 3-4 months for scrutiny of the applicants before handing the short listed applications to an external consultant. It is preferable that the licenses are not taken up for issue before the next Parliamentary elections as otherwise there would be political pressure to grant licenses to preferred groups.

In a hard hitting article in Economic Times in the form of an open letter to the RBI Governor, Mr Jaithirth Rao a veteran Banker himself and a leading Software professional at present has cautioned the RBI about the possibility of large business houses misusing the Banking license and later forcing the Government to bail out not only the Banks promoted by them but also the group companies that might have acquired large stake in the Bank.

Continue reading

Posted in Bank, RBI | Leave a comment

Android Vulnerability Exposed

Posted on July 5, 2013 by Vijayashankar Na

A research firm in UK has found a vulnerability in the Android mobile software which can be used as a “Master Key” where by an intruder can take complete control of the phone. The bug could be exploited to let an attacker do what they want to a phone including stealing data, eavesdropping or using it to send junk messages. It is reported that the loophole has been present in every version of the Android operating system released since 2009.

See Details here

It is unfortunate that Google has not been able to fix the bug for such a long time and is playing with the security of the users.

It is these same phones which RBI and the Banks in India are relying on for critical Banking operations.

I hope RBI realizes its folly in promoting Mobile Banking without properly taking control of the security aspects and takes immediate corrective steps.

Naavi

Posted in Cyber Crime, ITA 2008, RBI | Leave a comment

New Bank Licences-Make Cyber Crime Insurance Mandatory

Posted on July 4, 2013 by Vijayashankar Na

The applications received by RBI for new Bank licenses and the possible political push for issue of licenses before the next elections have raised a serious concern in the market that undeserving companies with political connections may some how make it to the next grade. There will be extreme pressure on RBI to grant the license on a provisional basis so that the aspirants can prove their credentials later.  RBI is likely to be assured that they can anyway refuse the license at the next stage. However, even if some of the applicants may later withdraw from the fray, the interim benefit they gain from the stock markets or for inviting investments is good enough to make them use all their clout to get the tag of “Licensed to Open a Bank”. (Report) 

Presence of Gold Financiers, Real Estate Companies, Stock Brokers, Authorized Dealers indicate that if RBI is not careful, there is the real danger of the licensing scheme being misused.  Even some of the public sector applicants may be used as a tool of the ruling political interests to create a “Bank for the Ruling Political Party”. The loyalty of the public sector bosses to the ruling class is too well known to ignore the prospects of the pubic sector license aspirants such as the Tourism Finance corporation who have no strong reason to be in Banking business.

Continue reading

Posted in Bank, Cyber Crime, RBI | Leave a comment

Data Breach Report within 60 minutes

Posted on July 4, 2013 by Vijayashankar Na

Reporting of Data Breach incidents has been one of the most contentious aspects of the HITECH Act provisions. The initial provisions on the data breach notifications were kept in abeyance for nearly 2 years predictably because the industry did not want to expose its failures to the public. Hence the mandatory disclosures to be made on the website of the Company, on the website of the regulator, and the news papers were all resented. However, the US regulators have been firm on the data breach notification norm.

In the recently proposed rule on health insurance exchange released in US it is stated that the data breach should be reported to the HHS within one hour of its identification and this has raised lot of eye brows on the feasibility of such reporting. (Report)

This proposed rule sets forth financial integrity and oversight standards with respect to Affordable Insurance Exchanges; Qualified Health Plan (QHP) issuers in Federally facilitated Exchanges (FFEs); and States with regard to the operation of risk adjustment and reinsurance programs. Comments from the public have been invited until July 19, 2013.

Data Breach Reporting is an essential part of information security management at the industry level but the concerns of the industry need to be understood in the proper perspective. Quick reporting of data breach has its advantages at the industry level since similar breaches in other organizations can some times be prevented by timely action by the regulator. For this purpose the “One Hour Rule” must be considered as good.

However it is necessary to understand that the dissemination of a “Potential/Suspected Breach information” needs to be kept within the regulator until the exact nature and extent of the breach is ascertained. The regulator may initiate corrective action if necessary but without the disclosure of the victim. Once the regulator confirms on his own through preliminary examination of evidence that the “Potential/Suspected Breach” as a “Real Breach”, then the formal disclosure measures may be initiated.

It is therefore necessary for HHS to introduce a simple “Potential/Suspected Data Breach Notification Scheme” to implement the One hour rule. It is possible that there may be many false alarms in the process but the industry should be given the confidence that “False Alarms” will be properly identified and killed without a reputation damage being caused to the organization.

Let’s hope that HHS will take this industry demand into consideration and issue the necessary modified guidelines.

Naavi

Posted in HIPAA, Privacy | Leave a comment

“Deep Pockets” need not be the sole criteria for Bank licenses

Posted on July 3, 2013 by Vijayashankar Na

A day after the announcements of the 2013 Banking license aspirants, debate has started on whether RBI will dilute its norms to favour any of the licencees either before or after the granting of the license. The statement of the Finance Minister about the number of licensees is an indication of the high level of political interest in the licensing game.

Knowing the trends in political developments in the country and the approaching elections, the licensing decision will come under heavy political pressure. Hence responsibility lies on RBI to ensure that the licenses will not be issued in consideration of the political or financial clout of the applicants. RBI should recognize that Banking industry is a sensitive industry which can make or mar the country’s economy and if bad decisions are taken it will be the common people who will suffer.  Already many of the decisions taken by RBI in the technology banking areas are “Anti-Consumer” and some of the Banks are able to challenge the RBI on various regulatory aspects. Though some of the senior executives of RBI are trying to stand firm, the presence of continuing pressure on them to support vested interests is evident. These forces are likely to come to the fore once again when RBI starts  evaluation of the banking applications.

One of the criteria that will influence RBI in its decision is the “Deep Pockets” of the promoters. Many analysts seem to think that “Corporates with deep pockets need to be preferred by RBI”.

Some corporates seem to have already started lobbying as this statement in a prominent website reflects

 “…very serious players with deep-pockets like corporates are the likely beneficiaries while non-banking financial corporations are the likely losers as they will have to comply with stringent norms such as the cash reserve ratio (CRR), statutory liquidity ratio (SLR) requirements on day one and will need to transfer their entire lending book to the bank itself.”

(Refer this article in FirstPost)

In line with this thought, discussions are rallying around the “Deep Pockets” of Corporates as the main criteria for selection.

One of the arguments that analysts have put out to support large Corporates is that they may be in a better position to meet the  CRR/SLR than others. It is as if they are expected to meet the CRR/SLR from their “Deep Pockets” rather than the new demand and time liabilities they raise as part of their Banking business.

There is no doubt that “Adequate Capital” is an important criteria for success and should be considered for granting of license. It is for this reason that RBI is stipulating a minimum capital criteria of Rs 500 crores. Many analysts are speaking with the assumption that the licenses should be granted with the consideration of how much more capital the promoters may bring in case they fail to manage the business properly with this capital limit. It is as if we are presuming that groups will start the business with a serious prospect of failure in the first few years and have to be bailed out of the “Deep Pockets”.

It must be recognized that “Banking” is not “Money Lending”. It is not expected that these Banks will be doing business with their own capital. The role of the Bank is to “Mobilize public savings” and “Channelize them to meet proper requirements of the society”. RBI has therefore rightly indicated “Financial Inclusion” and “Priority Sector Lending” as also the principle considerations for licensing. The stability to a Bank comes from their ability to build a large base of small investors and to successfully recover from the borrowers with or without the power of the notorious and mafia driven recovery mechanisms.

I request the analysts who are advocating that Big Corporates are to be favoured for licensing to think if these companies have the wherewithal to manage numerous branches and undertake the responsibility for “Financial Inclusion” and “Priority Sector Lending”. I am sure that they are looking to “Manage RBI” when a situation arises where they need to meet these requirements.

I seriously suspect if many of the new generation Banks which are already in business have fulfilled these obligations. These Banks simply ignore RBI guidelines and play on RBI’s inability to force compliance. It would be better if RBI clarifies on whether the current new generation Banks are fulfilling their social obligations and if not how RBI will ensure that the new licensees will fall in line.

When some analysts feel that the norms are likely to be diluted in due course (Refer this article in Economic Times) perhaps what they mean is the dilution of these Banking norms more than the equity holding norms.

If RBI is loyal to the Banking industry, it should give good weightage to the ability of the licensees to meet the social obligation of Banking. Looking at some of the names in the license aspirants, it appears that there is a grave danger of many undeserving promoters getting the nod. 

Some of the large Corporates who are in the fray are likely to be those who are looking at this opportunity to manage their own Banks with which they can carry on their havala and money laundering operations under the official banner of a “Bank”. They are likely to channelize the funds to their own sister concerns and speculative real estate opportunities besides political funding. These corporates are adept in showing large investments in one account and withdrawing them through other channels. Hence their financial strengths may be only illusory. Their “Deep Pockets” may be only in Swiss Banks and will be used only for their personal welfare and not that of the welfare of Bank they promote and less so thewelfare of the  public at large whose interest is at stake in the process of these licenses. Such corporates will only chase profits from the business and donot hesitate exploiting the public for their personal gains. These “Money Chasers” will corrupt the industry and convert the Indian Banks into “Money Sharks”.

It is a financial truth that “Equity” is the most expensive form of capital and those who finance the business with their “Deep Pockets” will extract the most returns from the business. Hence the mantra for success in Banking is “low cost deposit  mobilization” and “Efficient Recovery”. Only those companies who have these abilities will succeed and it is this strength that needs to be spotted amongst the applicants by RBI when it takes the final decision.

I therefore urge RBI to ring fence itself from political influences and ensure that licenses are granted only to the deserving candidates who while meeting the capital needs prescribed have a “Social Objective” to serve the community and have the ability to mobilize savings and deploy funds at the grassroots level. If not, the new licensees will become one more problem in the Indian society. (Also refer this article “..is it a threat ? or Opportunity?”)

Naavi

Posted in Bank, RBI | Leave a comment