Tag Archives: governance

governance structure in banks

RBI circular dated 26th April, 2021 laying down the governance structure in private sector banks including small finance banks.

Corporate Governance in Banks –
Appointment of Directors and Constitution of Committees of the Board

A Discussion Paper on ‘Governance in Commercial Banks in India’ was issued by the Reserve Bank on June 11, 2020 to review the framework for governance in the commercial banks. Based on the feedback received, a comprehensive review of the framework has been done, and a Master Direction on Governance will be issued in due course. In order to address a few operative aspects received through such feedback, it has been decided to issue instructions with regard to the Chair and meetings of the board, composition of certain committees of the board, age, tenure and remuneration of directors, and appointment of the whole-time directors (WTDs).


2. The revised instructions would be applicable to all the Private Sector Banks including Small Finance Banks (SFBs) and wholly owned subsidiaries of Foreign Banks. In respect of State Bank of India and Nationalised Banks, these guidelines would apply to the extent the stipulations are not inconsistent with provisions of specific statutes applicable to these banks or instructions issued under the statutes. The contents of this circular must be read along with other relevant governing statutes and shall be applicable notwithstanding anything to the contrary contained in the licensing conditions, notifications, directions, regulations, guidelines, instructions, etc., issued by the Reserve Bank before the issue of this circular. The circular will not be applicable in the case of foreign banks operating as branches in India. The applicability to other commercial banks viz., Local Area Banks, Payments Banks and Regional Rural Banks will be notified separately.

Chair and meetings of the Board

3. The Chair of the board shall be an independent director. In the absence of the Chair of the board, the meetings of the board shall be chaired by an independent director. The quorum for the board meetings shall be one-third of the total strength of the board or three directors, whichever is higher. At least half of the directors attending the meetings of the board shall be independent directors.

Committees of the Board

(a) Audit Committee of the Board (ACB)

4. The ACB shall be constituted with only non-executive directors (NEDs). The Chair of the board shall not be a member of the ACB. The ACB shall meet with a quorum of three members. At least two-thirds of the members attending the meeting of the ACB shall be independent directors1. The ACB shall meet at least once in a quarter. The meetings of the ACB shall be chaired by an independent director who shall not chair any other committee of the Board. The Chair of the ACB shall not be a member of any committee of the board which has a mandate of sanctioning credit exposures. All members should have the ability to understand all financial statements as well as the notes/ reports attached thereto and at least one member shall have requisite professional expertise/ qualification in financial accounting or financial management [e.g., experience in application of accounting standards and practices, including internal controls around it].

(b) Risk Management Committee of the Board (RMCB)

5. The board shall constitute an RMCB with a majority of NEDs. The RMCB shall meet with a quorum of three members. At least half of the members attending the meeting of the RMCB shall be independent directors of which at least one member shall have professional expertise/ qualification in risk management2. Meetings of RMCB shall be chaired by an independent director who shall not be a Chair of the board or any other committee of the board. The Chair of the board may be a member of the RMCB only if he/she has the requisite risk management expertise. The RMCB shall meet at least once in each quarter.

(c) Nomination and Remuneration Committee (NRC)

6. The board shall constitute an NRC made up of only NEDs. The NRC shall meet with a quorum of three members. At least half of the members attending the meeting of the NRC shall be independent directors, of which one shall be a member of the RMCB. The meetings of the NRC shall be chaired by an independent director. The Chair of the board shall not chair the NRC. The meeting of NRC may be held as and when required3.

Age and tenure of NEDs

7. The upper age limit for NEDs, including the Chair of the board, shall be 75 years and after attaining the age of 75 years no person can continue in these positions4.

8. The total tenure of an NED, continuously or otherwise, on the board of a bank, shall not exceed eight years. After completing eight years on the board of a bank the person may be considered for re-appointment only after a minimum gap of three years.5 This will not preclude him/her from being appointed as a director in another bank subject to meeting the requirements.

Remuneration of NEDs

9. In addition to sitting fees and expenses related to attending meetings of the board and its committees as per extant statutory norms/ practices, the bank may provide for payment of compensation to NEDs in the form of a fixed remuneration commensurate with an individual director’s responsibilities and demands on time and which are considered sufficient to attract qualified competent individuals. However, such fixed remuneration for an NED, other than the Chair of the board, shall not exceed ₹20 lakh per annum6.

Tenure of MD&CEO and WTDs

10. Subject to the statutory approvals required from time to time, the post of the MD&CEO or WTD cannot be held by the same incumbent for more than 15 years. Thereafter, the individual will be eligible for re-appointment as MD&CEO or WTD in the same bank, if considered necessary and desirable by the board, after a minimum gap of three years, subject to meeting other conditions. During this three-year cooling period, the individual shall not be appointed or associated with the bank or its group entities in any capacity, either directly or indirectly.

11. It is clarified that the extant instructions on upper age limit for MD&CEO and WTDs in the private sector banks would continue and no person can continue as MD&CEO or WTD beyond the age of 70 years. Within the overall limit of 70 years, as part of their internal policy, individual bank’s Boards are free to prescribe a lower retirement age for the WTDs, including the MD&CEO.

12. MD&CEO or WTD who is also a promoter/ major shareholder, cannot hold these posts for more than 12 years. However, in extraordinary circumstances, at the sole discretion of the Reserve Bank such MD&CEO or WTDs may be allowed to continue up to 15 years. While examining the matter of re-appointment of such MD&CEOs or WTDs within the 12/15 years period, the level of progress and adherence to the milestones for dilution of promoters’ shareholding in the bank shall also be factored in by the Reserve Bank.

Transition Arrangement

13. While the instructions shall come into effect from the date of issue of this circular, in order to enable smooth transition to the revised requirements, banks are permitted to comply with these instructions latest by October 01, 2021. Specifically:

(i) The Chair of board who is not an independent director on the date of issue of this circular shall be allowed to complete the current term as Chair as already approved by the Reserve Bank.

(ii) Banks with MD&CEOs or WTDs who have already completed 12/15 years as MD&CEO or WTD, on the date these instructions coming to effect, shall be allowed to complete their current term as already approved by the Reserve Bank.

Leave a comment

Filed under banking laws

internal audit in banks

Risk Based Internal Audit (RBIA) Framework – Strengthening Governance arrangements

In terms of the Guidance Note on Risk-Based Internal Audit issued by RBI vide circular DBS.CO.PP.BC.10/11.01.005/2002-03 dated December 27, 2002, banks, inter alia, are required to put in place a risk based internal audit (RBIA) system as part of their internal control framework that relies on a well-defined policy for internal audit, functional independence with sufficient standing and authority within the bank, effective channels of communication, adequate audit resources with sufficient professional competence, among others.

2. While the aforesaid Guidance Note lays out the basic approach for risk based internal audit functions, banks are expected to re-orient their approach, in line with the evolving best practices, as a part of their overall Governance and Internal Control framework. Banks are encouraged to adopt the International Internal Audit standards, like those issued by the Basel Committee on Banking Supervision (BCBS) and the Institute of Internal Auditors (IIA).

3. To bring uniformity in approach followed by the banks, as also to align the expectations on Internal Audit Function with the best practices, banks are advised as under:

  1. Authority, Stature and Independence – The internal audit function must have sufficient authority, stature, independence and resources within the bank, thereby enabling internal auditors to carry out their assignments with objectivity. Accordingly, the Head of Internal Audit (HIA) shall be a senior executive of the bank who shall have the ability to exercise independent judgement. The HIA as well as the internal audit function shall have the authority to communicate with any staff member and have access to all records or files that are necessary to carry out the entrusted responsibilities.
  2. Competence – Requisite professional competence, knowledge and experience of each internal auditor is essential for the effectiveness of the bank’s internal audit function. The desired areas of knowledge and experience may include banking operations, accounting, information technology, data analytics and forensic investigation, among others. Banks should ensure that internal audit function has the requisite skills to audit all areas of the bank.
  3. Staff Rotation – Except for the entities where the internal audit function is a specialised function and managed by career internal auditors, the Board should prescribe a minimum period of service for staff in the Internal Audit function. The Board may also examine the feasibility of prescribing at least one stint of service in the internal audit function for those staff possessing specialized knowledge useful for the audit function, but who are posted in other departments, so as to have adequate skills for the staff in the Internal Audit function.
  4. Tenor for appointment of Head of Internal Audit – Except for the entities where the internal audit function is a specialised function and managed by career internal auditors, the HIA shall be appointed for a reasonably long period, preferably for a minimum of three years.
  5. Reporting Line – The HIA shall directly report to either the Audit Committee of the Board (ACB) / MD & CEO or Whole Time Director (WTD). Should the Board of Directors decide to allow the MD & CEO or a WTD to be the ‘reporting authority’ of the HIA, then the ‘reviewing authority’ shall be with the ACB and the ‘accepting authority’ shall be with the Board in matters of performance appraisal of the HIA. Further, in such cases, the ACB shall meet the HIA at least once in a quarter, without the presence of the senior management, including the MD & CEO/WTD. The HIA shall not have any reporting relationship with the business verticals of the bank and shall not be given any business targets. In foreign banks operating in India as branches, the HIA shall report to the internal audit function in the controlling office / head office.
  6. Remuneration – The independence and objectivity of the internal audit function could be undermined if the remuneration of internal audit staff is linked to the financial performance of the business lines for which they exercise audit responsibilities. Thus, the remuneration policies should be structured in a way that it avoids creating conflict of interest and compromising audit’s independence and objectivity.

4. The internal audit function shall not be outsourced. However, where required, experts, including former employees, could be hired on contractual basis subject to the ACB being assured that such expertise does not exist within the audit function of the bank. Any conflict of interest in such matters shall be recognised and effectively addressed. Ownership of audit reports in all cases shall rest with regular functionaries of the internal audit function.

5. Banks must ensure and demonstrate through proper documentation that their risk-based internal audit framework captures all the significant criteria / principles suited for their organisational structure, the business model and the risks.

6. The instructions contained in this circular shall come into effect immediately from the date of this circular.

7. This circular supplement the guidelines issued by Reserve Bank of India on December 27, 2002 on Risk-based internal audit along with other circulars/instruction on the subject issued from time-to time and for any common areas of guidance, the prescription of this circular shall be followed.

Leave a comment

Filed under banking laws

SaaS for GRC functions

SEBI advisory dated 3rd November, 2020 regarding advisory for financial sector organisations in respect of software as a solutions (SaaS) for their Governance, Risk & Compliance (GRC) functions especially from the point of view of cyber security. Gist of guidance given below.


  1. Ministry of Electronics & Information Technology, Govt. of India (MoE&IT), has informed SEBI that the financial sector institutions are availing or thinking of availing Software as a Service (SaaS) based solution for managing their Governance, Risk & Compliance (GRC) functions so as to improve their cyber Security Posture. As observed by MoE&IT, though SaaS may provide ease of doing business and quick turnaround, but it may bring significant risk to health of
    financial sector as many a time risk and compliance data of the institution moves beyond the legal and jurisdictional boundary of India due to nature of shared cloud SaaS, thereby posing risk to the data safety and security.
  2. In this regard, Indian Computer Emergency Response Team (CERT-in) has issued an advisory for Financial Sector organizations. The advisory has been forwarded to SEBI for bringing the same to the notice of financial sector organization. The advisory is enclosed at Annexure A of this circular.
  3. It is advised to ensure complete protection and seamless control over the critical systems at your organizations by continuous monitoring through direct control and supervision protocol mechanisms while keeping the critical data within the legal boundary of India.
  4. The compliance of the advisory shall be reported in the half yearly report by stock brokers and DP to stock exchanges and depositories respectively and by direct intermediaries to SEBI with an undertaking, “Compliance of the SEBI circular for Advisory for Financial Sector Organizations regarding Software as a Service (SaaS) based solutions has been made.”
  5. The advisory annexed with this circular shall be effective with immediate effect.

Leave a comment

Filed under securities laws

digital lending platforms

RBI has issued circular dated 24th June, 2020 to ensure that all digital lending platforms and their backing banks/ NBFCs/ financial institutions observe proper governance in view of the increasing level of frauds noticed in these platforms and the customer dissatisfaction with the same.

The gist of RBI circular is given below:

It has been observed that many digital platforms have emerged in the financial sector claiming to offer hassle free loans to retail individuals, small traders, and other borrowers. Banks and NBFCs are also seen to be engaging digital platforms to provide loans to their customers. In addition, some NBFCs have been registered with Reserve Bank as ‘digital-only’ lending entities while some NBFCs are registered to work both on digital and brick-mortar channels of credit delivery. Thus banks and NBFCs are observed to lend either directly through their own digital platforms or through a digital lending platform under an outsourcing arrangement.

2. It has further been observed that the lending platforms tend to portray themselves as lenders without disclosing the name of the bank/ NBFC at the backend, as a consequence of which, customers are not able to access grievance redressal avenues available under the regulatory framework. Of late, there are several complaints against the lending platforms which primarily relate to exorbitant interest rates, non-transparent methods to calculate interest, harsh recovery measures, unauthorised use of personal data and bad behavior.

3. Although digital delivery in credit intermediation is a welcome development, concerns emanate from non-transparency of transactions and violation of extant guidelines on outsourcing of financial services and Fair Practices Code, etc. issued to banks and NBFCs, a reference to which is drawn in the Annex. It is, therefore, reiterated that banks and NBFCs, irrespective of whether they lend through their own digital lending platform or through an outsourced lending platform, must adhere to the Fair Practices Code guidelines in letter and spirit. They must also meticulously follow regulatory instructions on outsourcing of financial services and IT services.

4. It must be noted that outsourcing of any activity by banks/ NBFCs does not diminish their obligations, as the onus of compliance with regulatory instructions rests solely with them. Wherever banks and NBFCs engage digital lending platforms as their agents to source borrowers and/ or to recover dues, they must follow the following instructions:

a) Names of digital lending platforms engaged as agents shall be disclosed on the website of banks/ NBFCs.

b) Digital lending platforms engaged as agents shall be directed to disclose upfront to the customer, the name of the bank/ NBFC on whose behalf they are interacting with him.

c) Immediately after sanction but before execution of the loan agreement, the sanction letter shall be issued to the borrower on the letter head of the bank/ NBFC concerned.

d) A copy of the loan agreement along with a copy each of all enclosures quoted in the loan agreement shall be furnished to all borrowers at the time of sanction/ disbursement of loans.

e) Effective oversight and monitoring shall be ensured over the digital lending platforms engaged by the banks/ NBFCs.

f) Adequate efforts shall be made towards creation of awareness about the grievance redressal mechanism.

5. Any violation in this regard by banks and NBFCs (including NBFCs registered to operate on ‘digital-only’ or on digital and brick-mortar channels of delivery of credit) will be viewed seriously.

Copy of RBI circular can be found here

Leave a comment

Filed under banking laws

credit ratings

SEBI circular dated 3rd January, 2020 in respect of strengthening the rating process in respect of “INC” – “Issuer Not Co-operating” rating process.


Leave a comment

Filed under Uncategorized