Issues and Challenges of Enterprise Risk Management Implementation in India Market
by S. Varadarajan, CSQA
The environment, in which an Enterprise operates, is described and analyzed in terms of the opportunities, threats in the external environment. This is apart from the strength and weakness existing in the internal environment. Understanding the external and internal environments is critical for the Survival, growth, stability of any Enterprise. Overall an Enterprise should understand and manage risk that may impact the Enterprise’s objectives.
Risk is defined as the uncertainty of an event occurring that could have an impact on the achievement of objectives. Enterprise Risk Management calls for a change in the way the risk is perceived and managed. As it is, risk is a dynamic factor. Based on the business, proper alignment to an Enterprise’s objective is essential.
India Inc has traveled many miles from a controlled economy, a decade and a half ago to most reckoned and favored economy. This has been possible because of Indian Government’s initiated actions and readiness to bring about drastic changes, so that it can attract the attention of the world as an investment hub. India has been sustaining in this competition and growth challenges through its Technology and knowledge capabilities in various industrial sectors, such as Banking & Finance, Insurance, Information technology, Energy, power, infrastructure, Healthcare, Gem & Jewelry. India has patented many of its researches in the Pharmaceutical sector.
All these go to show the high maturity level and respectability attained by the India Inc. But this does not absolve them from being legally, statutorily, regulatory compliant. Industry is optimistic over the 6.7 % growth in 2008-09, despite the global recessionary trends. It must be noted that during the last 3 years a 9% growth was sustained by India. Indian banking and financial system has been leveraging for this growth through its facilitation and services. So, it is essential to look into this sector when we talk about risk and risk management as a whole.
Banking and financial Industry is the one which is associated with the economy and common public, interacting with them on a day to day basis. The operations are complex. Business situations are very dynamic and data driven for any evidence. One can derive enough justification of risk management. So, it is ideal to take this as a case to analyze the ‘Issues and Challenges of Enterprise Risk Management implementation in Indian context’. Since the subject Enterprise Risk Management is very vast in its application, for the current context, banking industry is taken as an illustration. It can be extended to any space and domain. Issues are always related to People, Processes, and Technology. Take the case of Internet banking. It has become the order of the day. The use of plastic cards either debit or credit has become a pride as a member of the society.
In one of the public sector Banks, which was operating on Sundays, we had a known contact. It was very convenient to us to complete our bank related work. We used to generally withdraw cash, deposit little money or update the passbook. This person used to oblige us and get the whole act done in no time. For some people he used to say, why they came on a Sunday. We were feeling privileged until he was shifted to another branch. We were like any commoner.
This is where I felt the need for the introduction of technology based services say an automatic teller machine (ATM) and connected peripherals to dispense cash and update passbook. All of us have readily accepted this 24/7 service levels. This is a major processes change and hi technology deployment, with high set up and maintenance cost. Here the risk is very high for the end user and the bank itself. This has brought in a risk of different dimension say siphoning of money and exposure of transactions. Human related risk to technology related risk.
Cashier, the sweet smile through his lips, a nod of the head for any assertion for your queries, head down on the ledger and well focused. A thorough professional at work with human touch is the causality. Nowadays, electronic transfer of money has become a technology marvel and most of them prefer this mode for its sheer speed from any corner of the globe. Time is the essence. This has opened up a multidimensional risk globally.
Essentially, our banking system, is trying to be ‘business like’ while servicing its customers. Slowly, the profile has been changing from the obligation to ensure employment to the society to, urge to do business and stay competitive with its foreign counter parts.
I’m very sure that in the past, economic advancement was unknown. Consequently, the use of money was very much restricted. With the development of communications, commerce, economic progress the use of money expanded. Along with the use of money, the use of credit instruments also developed.
The origin of the modern financial institutions can be traced to antiquity, where the individual used to accept money in the form of deposit and lend it to people who needed for meeting their requirements. As times advanced the characteristics of economic transactions also changed. Older order of borrowing and lending underwent metamorphic changes. Finance becomes a powerful instrument for any changes. In fact, innovations, developments in any business sector resulted in innovations in the sphere of banking. Along with this the banking environment risk profile also changed.
A good number of business functions such as discounting , buying and selling, collecting & dealing with business instruments like bills of exchange, hundies, promissory notes, drafts, bills of lading, warrants, debentures & securities etc. Banks can also undertake buying and selling of foreign exchange. They can also acquire, hold, issue, and underwrite shares, debentures of business. Thus our deposits to bank are further used to lend & invest. So it is vast and complex to a commoner. Currently all these services can be had sitting at home and turning our PCs on and linking to the internet.
E-commerce has grown to become the buzzword in corporate circle. It is exciting to transact on the net, pay through your cards. There arises the issue of where exactly a person who has a cause of action, based upon a web transaction, may sue. The prospect that placing a page on the internet can subject the web publisher to a law suit anywhere on earth, can have a chilling effect on the most powerful medium of communication, internet.
The benefits brought about by the Information technology (IT) as an enabler, in handling large & complex information processing volumes, in providing for quick, reliable transaction processing, affordable scale and in expanding the reach and coverage of industries is commendable. This is a great advantage to the banking. At the same time the Internet has spawned novel and interesting methods to defraud individuals and companies. “Phishing”, is a form of internet fraud. A person pretending to be legitimate association such as a bank or an insurance company in order to extract personal data from a user, such as access code, password etc, which are then used to his own advantage, misrepresentation etc.
For instance, Phishing scams involve persons pretending to represent on-line banks and siphon cash and e-banking account after conning customer into handing over confidential banking details. The E-mails that form the basis of phishing attacks pose as security check. All these go to say when there is an advantage using a system, there are also abuses of the usage of the system to make people lose confidence on the system and heighten the risk of operation.
So, one cannot accept the convenience of the internet which everybody seem to be enjoying without also accepting the burden of being held accountable wherever one does business. Such is the complex situation in today’s context.
A common misconception about technology is that technology provides solutions for all business problem situations. This may be true to some degree, it is very often the case that there are technological solutions for every business issues, but business constraints cannot come to the aid of technological problems. In other words, problems and issues relating to the technology have to be sorted by means of changes in the technological solution itself. For example, access card, codes for viewing transactions in a bank. Here the technology looks straight forward but the implementation and maintenance issues are too complex.
Perhaps the most concerning issue relating to change pertains to the relationship between security and reliability of information. If a change process has to be successful, there has to be a harmonious balance between the intended levels of security and reliability by the stake holders in the change management process.
Regulatory and statutory requirements are becoming stringent. Monitoring guidelines have been set to guard against enterprise violating the rules. It is required in the current situation and scale of operation extending trans-global.
Security breaches and the consequent perpetuation of frauds are also taking place. The next challenge for the banks relates to the level of security in the usage of IT based systems counter these issues. Electronic transfer of money has opened up a multidimensional risk globally. And raises the following issues
- Identification of the sender
- Source and legitimacy of the fund being transferred.
- Purpose of it is being transferred
- In case of a law to be enforced, under which law and geographical location.
From a process and technology risk it has transformed to a social responsibility. To mitigate this risk banks are now following with stringent measures of scrutiny. Ultimately the more you know your customer the risk can be managed well and proactively. Following set of 3 letters would form part for background check before dealing with them.
- KYC – Know your customer
- KYE – Know your employee
- KYN – Know your neighbor
- KYS – Know your service provider
Next, the Indian banking industry will have stood to the stiff competition from the foreign banks. In fact their magnitude of operations and decision making flexibilities are part of their policies. Our banking is over dependent on the governmental and political obligations. One can cite frequent loan melas and waivers. Whereas in a competitive environment, capital is so precious one cannot afford to squander. One of today’s banking norms is that of capital adequacy. There could be a possibility of merger of Public Sector Banks in India. This is a positive way forward if it happens, in order to comply with Basel-II norms for capital adequacy. My observation here is, public sector Banks will otherwise not be in a position to raise funds from the public. These Banks should no more have the socialistic tag. The business is too complex, competitive and one will lose out very soon. Capital infusion should not be the approach to make a Bank survive, rather, they should find ways to generate and retain the adequate capital. We do not need too many Public sector Banks. We can bring all under one roof and work efficiently. I do agree, with trend showing growth in credit portfolio of Banks, the Government may find it difficult to keep on infusing capital into Banks.
There should be change in mind set, the way the public sector the Banks function and must accept the reality. Banks must look forward to the scenario ‘ all the public sector Banks are consolidated entity’ to mitigated the risk due to lack of capital adequacy. Capital adequacy is the stipulated norms as per Basel-II accord.
In the Indian context and in my view, it is necessary to consolidate at least the operations and assets of all the public sector banks to make their operations viable, if not in competing terms with their foreign counterparts. Mergers and acquisition (M&A) are proper due diligence and risk assessment to cite an example Global Trust Bank (GTC) merging with Oriental Bank of Commerce. It should be noted here that pre-merger GTC had unconvincing performance rating and fund management.
On July 24, 2004, the Government of India imposed a moratorium on Global Trust Bank (GTB), a leading private sector bank, on the grounds of ‘wrong financial disclosures.’
All operations of GTB were frozen and it was ordered not to give loans without RBI permission. It was allowed only to make payments for day-to-day operations or for meeting obligations entered into before the order.
‘It is a big relief that GTB is to be merged with Oriental Bank of Commerce. I have decided never to park any money with a private sector entity’- A depositor’s reaction
‘GTB had been sliding for several months now. Perhaps enough vigilance was not maintained in the past’- Then Finance minister’s reaction.
There is no doubt that since 1991 the entire Indian banking scenario is evolving in this direction. But they should move faster on par with the global players. Mind you India is one of the fastest growing economies in the world. Are we not obligated to retain this status by improving our productivity and efficiency through proper implementation of Enterprise Risk Management? Definitely, Enterprise Risk Management has a major role in Enterprise governance.
Stake holders and society have suffered enormous loss as a result of numerous and catastrophic corporate failures. As a means of reducing the potential loss, improved Enterprise Governance has become mandatory for businesses all over the globe.
Attending to Corporate fraud cases is top priority of this new government and investigation agencies have been asked to put the prosecution on fast track to punish the guilty. The government focus will be on protection of interest of average investors, particularly small investors and ensure that monitoring process on to track the frauds. This will in turn pave way for transparency for boosting the public confidence.
Another agenda for this Government will be to examine the issues related to Governance framework for the Corporate, including the role of Auditors, independent Directors. The Government is keen on monitoring and Controlling Corporate failure and its effect in the society.