• Fri. Nov 22nd, 2024

Automation of Income Recognition, Asset Classification and Provisioning processes in banks

Byadmin

Sep 19, 2020

RBI/2020-21/37 

Ref. No. DoS.CO.PPG./SEC.03/11.01.005/2020-21 September 14, 2020 

The Chairman / Managing Director / Chief Executive Officer 

All Scheduled Commercial Banks (Excluding RRBs) and 

All Small Finance Banks  

Madam / Dear Sir, 

Automation of Income Recognition, Asset Classification and Provisioning processes in  banks 

We invite a reference to our circular DBS.CO.PPD.No.1950/11.01.005/2011-12 dated August  04, 2011, in terms of which banks were advised, inter alia, to have appropriate IT system in  place for identification of Non-Performing Assets (NPA) and generation of related data/returns, both for regulatory reporting and bank’s own MIS requirements. It is, however, observed that  the processes for NPA identification, income recognition, provisioning and generation of related  returns in many banks are not yet fully automated. Banks are still found to be resorting to  manual identification of NPA and also over-riding the system generated asset classification by  manual intervention in a routine manner. 

2. In order to ensure the completeness and integrity of the automated Asset Classification  (classification of advances/investments as NPA/NPI and their upgradation), Provisioning  calculation and Income Recognition processes, banks are advised to put in place / upgrade their  systems to conform to the following guidelines latest by June 30, 2021. 

Coverage: 

2.1 All borrowal accounts, including temporary overdrafts, irrespective of size, sector or types of  limits, shall be covered in the automated IT based system (System) for asset classification,  upgradation, and provisioning processes. Banks’ investments shall also be covered under the  System. 

2.2 Asset classification rules shall be configured in the System, in compliance with the  regulatory stipulations.

2.3 Calculation of provisioning requirement shall also be System based as per pre-set rules for  various categories of assets, value of security as captured in the System and any other  regulatory stipulations issued from time to time on provisioning requirements. 

2.4 In addition, income recognition/derecognition in case of impaired assets (NPAs/NPIs) shall be system driven and amount required to be reversed from the income account should be  obtained from the System without any manual intervention. 

2.5 The System shall handle both down-grade and upgrade of accounts through Straight  Through Process (STP) without manual intervention. 

Frequency: 

2.6 The System based asset classification shall be an ongoing exercise for both down-gradation  and up-gradation of accounts. Banks should ensure that the asset classification status is  updated as part of day end process. Banks should also be able to generate classification  status report at any given point of time with actual date of classification of assets as  NPAs/NPIs. 

Exceptions: 

2.7 Exceptions may be granted from System driven classification in certain circumstances,  which are expected to be minimum and temporary. It may be emphasised that these  exceptions are from automated classification and not from IRAC norms and shall be subject  to the conditions as explained below. 

2.8 Banks shall not resort to manual intervention / over-ride in the System based asset  classification process. In any exceptional circumstance where manual intervention is  required to override the System classification, it must have at least two level authorisation.  Such delegation of powers for authorising the exceptions should be as per the Board  approved policy of the bank (by CEO, in case of unavailability of Board) and preferably  should be done from the centralised location and suitably documented. Further, any such  intervention shall have appropriate audit trails and subjected to audit by concurrent and  statutory auditors. Detail reports of such manual intervention shall be placed before the  Audit Committee / Audit Head (banks having no Board) regularly. 

2.9 Banks shall maintain logs for all exceptions i.e. manual interventions / over-rides including,  but not limited to, the date and time stamp; purpose/reason; user-IDs, name and designation  of those making such manual intervention and necessary account details. These logs shall also be stored for a minimum period of three years and not be tampered with during the  storage period. These logs shall be system generated. 

System Requirements and System Audit: 

2.10 In case a separate application outside the CBS is used as the System for NPA/NPI identification and/or classification, the System must have access to the required data from  the CBS and/or other relevant applications of the bank and the borrower/investment accounts  shall be updated back into the CBS automatically, wherever applicable, through STP. 

2.11 Banks shall keep the business logic and other parameters/configurations of the System  updated to ensure that the System based identification, classification, provisioning and  income recognition are strictly in compliance with the regulatory guidelines on an ongoing  basis. There should be periodic system audit, at least once in a year, by Internal / External  Auditors who are well versed with the system audit both on system parameters as also from  the perspective of compliance to Income Recognition, Asset Classification and Provisioning  guidelines. 

General: 

2.12 Banks may draw up their standard operating procedure (SOP) for System based NPA  classification for usage by the operating staff. 

2.13 Baseline requirements for the NPA classification have been provided in the Annex.  Banks are required to adhere to these instructions while designing and maintaining the  System. 

3. The adherence to these instructions will be examined as part of supervisory assessment  of the banks and in case of non-compliance, suitable supervisory / enforcement action shall be  initiated against the concerned bank. 

Yours faithfully, 

(Ajay Kumar Choudhary) 

Chief General Manager 

Encl: As above (Annex)

Annex 

Baseline Requirements for the NPA classification Solution 

I. Data Input 

1. Data Input in the system by any means should be fully captured and stored without  truncation [For example, time stamp – with date and time, narration field, or any other text  data captured]. 

2. Ensure presence of necessary validation/verification checks in the solution for the user  inputs, wherever applicable. Such validations, among other things should check for data type  validations, min/max value, exceptions, etc. 

3. Ensure necessary data validation/checks in the system for the data keyed in manually,  wherever applicable. For example, such validations with master data (or parameters used in  asset classification fed into the system as per the internal policy of the bank) could prevent  issues related to incorrect entries generally seen (illustrative but not exhaustive list) in  margin setting, moratorium period, security valuation, repayment schedule, products  mapped/linked to different categories of account holders (as per applicability) etc. 

4. Data input shall be effected only after authentication and authorisation. 

II. User Access Management 

5. Ensure that all “user-ids” in the solution have unique identification. If there are any generic  user-ids used, it should only be used under exceptional circumstances and such ids should be  mandatorily mapped to the employee ID of the user to fix accountability of the activities  carried-out under the generic ID. 

6. Provide for two-factor or higher level of authentication for the users of the application. 7. Restrict the access to the solution on “need to have/least privilege” basis for all users. 8. Provide for maker checker authorisation /control for transactions (an illustrative list of  

transactions includes updating/modifying the internal accounts, customer accounts,  parameters – both financial and non-financial that affect the status of the credit  portfolio/loan/asset.) entered in the solution. This shall also include transactions/activities  carried out by administrator accounts in the application. (For example: Activities such as  create/update/modify user-ids, roles, privileges including access rights to various modules; 

system related activities including updates to master data, etc. should have at least two  individuals to complete the activity).

III. Straight Through Processing (STP) 

9. Provide for straight-through processing (STP) and support for STP integration with all  critical systems/add-on sub-systems/modules etc., in a seamless and secure manner for  NPA/NPI classification as per extant guidelines on IRAC. Such STP mechanism shall  seamlessly take into account all the facilities availed by a given customer (in case of  advances) and all the instruments of an entity (where bank has made investments in an  entity), maintained across multiple systems of the bank without any manual intervention.  Further, banks shall also ensure that the updated account status, including asset classification  of the customer accounts, flow to the CBS automatically, if NPA classification process is  performed outside CBS.  

IV. Back-end Data Access Restriction 

10. Any changes to the data, parameters from backend shall be avoided. The solution should  provide for changes to the data items only through front end (from the application (Ex: CBS)  itself and not through the backend database update) after requisite authorisation. Audit  trails/logs of access, changes to any data, parameters, if any, should be captured with  specific user details in the system. 

11. In case of exceptions in rare circumstances, such changes should be duly approved at an  appropriate level and documented. Provision for MIS report should be available to auditors  to generate complete list of back-end access and changes made.  

V. Audit Logs  

12. Provisions of audit trails/logs to capture details of mandatory fields (that are essential to  complete the transaction and essential to identify the transaction for audit/forensic purpose in  the future) of all the transactions (financial and non-financial) shall be made. 

13. Logs should be maintained for changing the master data. System generated activity logs of  the users with administrative privileges should also be maintained. 

14. Secure storage and retention of logs in encrypted format with access controls in an archival  solution.

VI. System Generated NPAs  

15. All parameters required for NPA/NPI identification shall be captured in the CBS or  associated sub-system(s)/module(s) meant for NPA/NPI identification/classification of asset  codes as per Income Recognition and Asset Classification (IRAC) norms and extant  instructions. It should provide for separate MIS report capturing all parameters for NPA/NPI 

identification. Such parameters could either be configured in database or application itself as  per the architecture of the solution/sub-system.  

VII. Test Environment  

16. The existing test environment in the bank with dummy data and functional logic similar to  that of the product environment of the solution shall be made available to the supervisors  during their onsite supervisory visit(s) as per the requirements. This shall be required, inter  alia, to perform sample transactions review to assess whether the solution adheres in  complying with regulatory prescriptions in the extant environment for NPA/NPI 

identification as per applicability. 

*************************

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *