Tech-driven compliance monitoring and validation of internal models

/0 Comments/in , , /by

– Anita Baid, finserv@vinodkothari.com 

Streamlining internal compliance monitoring function

The recent RBI directive on streamlining the internal compliance monitoring function by leveraging technology has raised concerns regarding actionable on the part of regulated entities covered thereunder. The notification on Streamlining of Internal Compliance monitoring function – leveraging use of technology dated January 31, 2024 is based on RBI’s review of of the prevailing system in place for internal monitoring of compliance with regulatory instructions and the extent of usage of technological solutions to support this function.

Who all are covered?

  • Scheduled Commercial Banks (excluding Regional Rural Banks);
  • Small Finance Banks; 
  • Payments Banks;
  • Primary (Urban) Co-operative Banks (Tier III and IV);
  • Upper and Middle-Layer Non-Banking Financial Companies (including Housing Finance Companies);
  • Credit Information Companies and
  • All India Financial Institutions (EXIM Bank, NABARD, NaBFID, NHB and SIDBI)

What is the timeline prescribed?

Applicable REs are advised to carry out a comprehensive review of the existing internal compliance tracking and monitoring processes and institute necessary changes to existing systems or implement new systems latest by June 30, 2024

What are the actionable?

  1. Conduct a thorough review of the existing internal compliance tracking and monitoring processes:
  • Identify gaps and manual interventions
  • Identify areas where there are significant manual interventions in the compliance monitoring process.
  • Recognize gaps in the current system that hinder effective compliance tracking.

2. Carry out technology assessment:

  • Evaluate the existing technology solutions being used for compliance monitoring (e.g., macro-enabled spreadsheets, workflow-based software).
  • Assess the extent of automation and identify shortcomings in the current technological infrastructure.
  • Develop a system that requires recording approval from competent authority for deviations or delays in compliance submission.

3. Selection of integrated solutions:

  • Explore and select comprehensive, integrated, enterprise-wide, and workflow-based solutions or tools that can enhance the effectiveness of compliance monitoring.
  • Consider solutions that facilitate communication and collaboration among all stakeholders, including business, compliance, IT teams, and senior management.
  • Implement processes within the selected solution for identifying, assessing, monitoring, and managing compliance requirements.
  • Establish clear protocols for escalating issues of non-compliance within the organization.
  • Design and implement a unified dashboard providing a comprehensive view of compliance positions for the entire Regulated Entity (RE).
  • Tailor the dashboard based on the size and complexity of the RE’s operations.

4. Ensuring communication and collaboration processes:

  • Ensure that the chosen solution facilitates effective communication and collaboration among all stakeholders.
  • Implement processes that bring business, compliance, and IT teams, as well as senior management, onto a unified platform.

5. Implementing effective monitoring mechanism:

  • Establish a monitoring mechanism to regularly review the progress of implementation.
  • Ensure that milestones are met and address any challenges that may arise during the implementation process.
  • Provide training to relevant staff on the new technology and processes.
  • Implement change management strategies to ensure a smooth transition to the new compliance monitoring system.

By addressing these action items, the organization can enhance its internal compliance monitoring function and leverage technology for more efficient and effective processes.

Validation of Credit Underwriting Models

The RBI has vide specific email communications sought details from NBFCs regarding the models used for credit underwriting and lending. Further, the regulator has emphasised to put in place a Board-approved framework for externally validating the internal models at specified periodicity to ensure that the models are robust enough to assess risks. 

What is the purpose of a board approved framework?

The purpose of this framework would be to establish a systematic and transparent process for the external validation of internal models for credit underwriting within the NBFC.

In our understanding, what is expected is as follows: 

  • The Company has credit underwriting models for its different lending products. By “model” is meant not necessarily a technological tool but an objective approach to assimilating relevant credit information which forms the basis of a credit underwriting decision.
  • These models are the very basis of credit underwriting; therefore, these models need to be validated periodically. By validation is meant the backtesting, improvisation by using the feedback from experience, etc.
  • The regulator is expecting such validation to be done externally, given the fact that the model is internal. External validation imparts a degree of independence to the models. 
  • The framework for such validation should be discussed and settled at Board level. 

Coverage of the Framework?

This framework should cover the process for external validation of all internal models used for assessing the effectiveness of the credit underwriting model implemented. The primary objective of the external validation process would be to confirm the accuracy and reliability of internal models as well as ensure compliance with regulatory requirements.

What is the frequency of external validation?

Internal models are subjected to external validation at specified periodic intervals, with the frequency determined based on the complexity and materiality of the models. In our view, the validation process should be conducted at least annually.

How will the external validators be selected?

External validators may be selected based on their expertise, independence, and reputation in the field of risk management and model validation. The selection process should be overseen by the Board or its designated committee.

How will the validation process be carried out?

The external validation process will include, but is not limited to, the following steps:

  • Review of model documentation, assumptions, and methodologies
  • Independent testing of model outputs and results. In this regard, the external validator shall assess the design of the credit underwriting models of the Company, viz.,
    1. the models/ methodologies used in assessing the risk of borrowers in specific lending products
    2. data points or financial/ non financial parameters  collected by model
    3. internal rating or scoring of customers and the basis of sanction
  • Assessment of model performance against historical data and validate efficacy of the underwriting models –
    1. Provide tests to ascertain efficacy of credit underwriting models
    2. Run tests against historical data to assess performance of models
    3. Recommend improvements based on result of the tests
  • Assessment of model performance against historical data
  • Evaluation of model governance and control frameworks

Upon completion of the external validation, a detailed report should be submitted to the Board and relevant committees. The report may include findings, recommendations, and any actions required to address identified issues.

Any issues identified during the external validation process should be addressed promptly. The lessons learned from the validation process must be used to improve internal models and associated processes continually.

Other resources:

  1. Enhanced Corporate Governance and Compliance Function for larger NBFCs
  2. RBI refines the role of the Compliance-Man of a Bank
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *