Das urges bank boards to take proactive measures against risks
Reserve Bank of India governor Shaktikanta Das on Monday flagged concerns over mis-selling of products by banks and said there is a need to structure incentives to avoid such practices.
“Unethical practices, such as mis-selling of products or the opening of accounts without proper KYC verification need to be curbed. Staff incentives should be carefully structured to avoid encouraging mis-selling or unethical practices,” Das said while speaking at the Conference of Directors of Private Sector Banks in Mumbai.
He also urged boards of banks to be cognizant of build-up of concentrations in their business model. “Excessive reliance on specific sectors, markets, or customer segments can expose the bank to amplified risks, particularly in times of economic stress or industry shifts. For instance, as you would be aware, seeing a build-up of concentration across certain loan segments, the Reserve Bank took a few counter-cyclical measures last year. Similarly, Boards can play a proactive role by regularly monitoring the bank’s portfolios, identifying potential areas of over-concentration, and taking pre-emptive steps to maintain a balanced approach,” he said.
Das said Boards must also remain vigilant to operational risks, particularly those arising from IT outsourcing and reliance on third-party vendors. As banks increasingly depend on external service providers for key operations, the potential for disruption grows, especially when coupled with vulnerabilities, if any, in cybersecurity. The CrowdStrike incident earlier this year demonstrated how a faulty patch update could cause millions of computers across countries to crash and create disruptions across several industries. “Therefore, it is necessary to ensure that third-party relationships are thoroughly assessed, monitored, and governed with a focus on security and resilience. This includes implementing strong cybersecurity protocols, conducting regular risk assessments, and ensuring that third parties adhere to the same high standards of security expected within the organisation,” he said.
Das said there is a need to balance innovation with security and stability. “The key questions Boards should ask the managements include: (i) Does the bank understand the potential negative externalities of technological solutions (e.g., bias in AI models), and are there adequate mitigants in place? (ii) Are current governance structures, policies, and processes sufficient to manage risks related to third-party dependencies, consumer protection, cybersecurity, and data privacy? (iii) Are these innovations compliant with regulations in letter and in spirit? (iv) Is the bank investing adequately in scalable solutions to ensure that downtime is minimised?,” he said