The Reserve Bank of India has asked non-banking finance companies (NBFCs) with asset size of more than ₹5,000 crore to appoint a chief risk officer (CRO) with clearly specified role and responsibilities, in view of the increasing role in direct credit intermediation of these companies. The RBI directive comes in the backdrop of the IL&FS imbroglio and its ripple impact on NBFCs.
Emphasising that there is a need for NBFCs to augment risk-management practices, the central bank said the CRO is required to function independently to ensure highest standards of risk management.
In its directive to NBFCs – Investment and Credit Companies, Infrastructure Finance Companies, Micro Finance Institutions, Factors and Infrastructure Debt Funds – the RBI said the CRO should be a senior official in the hierarchy of an NBFC. The CRO should possess adequate professional qualification/ experience in the area of risk management.
Fixed tenure
The CRO can be appointed for a fixed tenure with the approval of the board. The officer can be transferred/removed from his post before completion of tenure only with the approval of the board, and such premature transfer/removal should be reported to the Department of Non-Banking Supervision of the RBI’s regional office, under whose jurisdiction the NBFC is registered. In case the NBFC is listed, any change in incumbency of the CRO should also be reported to the stock exchanges. The RBI said NBFCs should put in place policies to safeguard the independence of the CRO. In this regard, the CRO should have direct reporting lines to the MD and CEO/ Risk Management Committee (RMC) of the board.
In case the CRO reports to the MD and CEO, the RMC/board should meet the CRO without the presence of the MD and CEO, at least on a quarterly basis.
No ‘dual hatting’
The CRO should not have any reporting relationship with the business verticals of the NBFC, and should not be given any business targets. Further, there should not be any ‘dual hatting’ – the CRO should not be given any other responsibility.
The CRO will be involved in the process of identification, measurement and mitigation of risks. All credit products (retail or wholesale) will be vetted by the CRO from the angle of inherent and control risks. The CRO’s role in deciding credit proposals will be limited to being an advisor.