EC No. 49 / DoS - 04 / 2021
Ref. No. NB. DoS / POL / 19 /J-1/2021-22
20 May 2021
All Regional Rural Banks
Dear Sir / Madam
Automation of Income Recognition, Asset Classification and Provisioning processes in Regional Rural Banks
It is observed that the processes for NPA identification, income recognition, provisioning and generation of related returns in many RRBs are not yet fully automated. Many RRBs are still found to be resorting to manual identification of NPA and also over-riding the system generated asset classification by manual intervention in a routine manner.
2. In order to ensure the completeness and integrity of the automated Asset Classification (classification of advances/investments as NPA/NPI and their upgradation), Provisioning calculation and Income Recognition processes, RRBs are advised to put in place / upgrade their systems to conform to the following guidelines latest by 30 September 2021.
a.All borrowal accounts, including temporary overdrafts, irrespective of size, sector or types of limits, shall be covered in the automated IT based system for asset classification, upgradation, and provisioning processes. RRBs’ investments shall also be covered under the System.
b. Asset classification rules shall be configured in the System, in compliance with the regulatory stipulations.
c.Calculation of provisioning requirement shall also be System based as per pre-set rules for various categories of assets, value of security as captured in the System and any other regulatory stipulations issued from time to time on provisioning requirements.
d.In addition, income recognition/derecognition in case of impaired assets (NPAs/NPIs) shall be system driven and amount required to be reversed from the income account should be obtained from the System without any manual intervention.
e. The System shall handle both downgrade and upgrade of accounts through Straight Through Process (STP) without manual intervention.
The System based asset classification shall be an ongoing exercise for both downgradation and upgradation of accounts. RRBs should ensure that the asset classification status is updated as part of day end process. RRBs should also be able to generate classification status report at any given point of time with actual date of classification of assets as NPAs/NPIs.
Exceptions may be granted from System driven classification in certain circumstances, which are expected to be minimum and temporary. It may be emphasised that these exceptions are from automated classification and not from IRAC norms and shall be subject to the conditions as explained below:
a.RRBs shall not resort to manual intervention / over-ride in the System based asset classification process. In any exceptional circumstance where manual intervention is required to override the System classification, it must have at least two level authorisation. Such delegation of powers for authorising the exceptions should be as per the Board approved policy of the bank (by CEO, in case of unavailability of Board) and preferably should be done from the centralised location and suitably documented. Further, any such intervention shall have appropriate audit trails and subjected to audit by concurrent and statutory auditors. Detailed reports of such manual intervention shall be placed before the Audit Committee / Audit Head (banks having no Board) regularly.
b. RRBs shall maintain logs for all exceptions i.e. manual interventions / over-rides including, but not limited to, the date and time stamp; purpose/reason; user-IDs, name and designation of those making such manual intervention and necessary account details. These logs shall also be stored for a minimum period of three years and not be tampered with during the storage period. These logs shall be system generated.
iv.System requirements and System Audit
a.In case a separate application outside the CBS is used as the System for NPA/NPI identification and/or classification, the System must have access to the required data from the CBS and/or other relevant applications of the bank and the borrower/investment accounts shall be updated back into the CBS automatically, wherever applicable, through STP.
b.RRBs shall keep the business logic and other parameters/ configurations of the System updated to ensure that the System based identification, classification, provisioning and income recognition are strictly in compliance with the regulatory guidelines on an ongoing basis. There should be periodic system audit, at least once in a year, by Internal / External Auditors who are well versed with the system audit both on system parameters as also from the perspective of compliance to Income Recognition, Asset Classification and Provisioning guidelines.
a.RRBs may draw up their standard operating procedure (SOP) for System based NPA classification for usage by the operating staff.
b.Baseline requirements for the NPA classification have been provided in Annexure. Banks are required to adhere to these instructions while designing and maintaining the System.
3 The adherence to these instructions will be examined as part of supervisory assessment of the RRBs and in case of non-compliance, suitable supervisory action shall be initiated against the concerned bank.
4. This circular may be placed before your Board of Directors with timelines for implementation. The Board of Directors may periodically review the implementation of Automation of Income Recognition, Asset Classification and Provisioning processes.
5. Please acknowledge the receipt of this circular to our Regional Office in your State/UT immediately. Thereafter, the Bank’s top management are requested to bestow their personal attention in the matter and advise our concerned Regional Office of the compliance immediately on implementation.
6. This has been issued with the concurrence of Department of Regulation, Reserve Bank of India.
(K S Raghupathi)
Chief General Manager
Encl. : As above
Baseline Requirements for the NPA classification Solution
1. Data Input
i.Data Input in the system by any means should be fully captured and stored without truncation (For example, time stamp - with date and time, narration field, or any other text data captured).
ii.Ensure presence of necessary validation/verification checks in the solution for the user inputs, wherever applicable. Such validations, among other things should check for data type validations, minimum / maximum value, exceptions, etc.
iii. Ensure necessary data validation/checks in the system for the data keyed in manually, wherever applicable. For example, such validations with master data (or parameters used in asset classification fed into the system as per the internal policy of the bank) could prevent issues related to incorrect entries generally seen (illustrative but not exhaustive list) in margin setting, moratorium period, security valuation, repayment schedule, products mapped/linked to different categories of account holders (as per applicability) etc.
iv.Data input shall be effected only after authentication and authorisation.
2. User Access Management
i.Ensure that all “user-ids” in the solution have unique identification. If there are any generic user-ids used, it should only be used under exceptional circumstances and such ids should be mandatorily mapped to the employee ID of the user to fix accountability of the activities carried-out under the generic ID.
ii.Provide for two-factor or higher level of authentication for the users of the application.
iii. Restrict the access to the solution on “need to have/least privilege” basis for all users.
iv.Provide for maker checker authorisation /control for transactions (an illustrative list of transactions includes updating/modifying the internal accounts, customer accounts, parameters — both financial and non-financial that affect the status of the credit portfolio/loan/asset.) entered in the solution. This shall also include transactions/activities carried out by administrator accounts in the application. (For example: Activities such as create/update/modify user-ids, roles, privileges including access rights to various modules; system related activities including updates to master data, etc. should have at least two individuals to complete the activity).
3. Straight Through Processing
Provide for straight-through processing (STP) and support for STP integration with all critical systems/add-on sub-systems/modules etc., in a seamless and secure manner for NPA/NPI classification as per extant guidelines on IRAC. Such STP mechanism shall seamlessly take into account all the facilities availed by a given customer (in case of advances) and all the instruments of an entity (where bank has made investments in an entity), maintained across multiple systems of the bank without any manual intervention. Further, banks shall also ensure that the updated account status, including asset classification of the customer accounts, flow to the CBS automatically, if NPA classification process is performed outside CBS.
4. Back-end Data Restriction
i.Any changes to the data, parameters from backend shall be avoided. The solution should provide for changes to the data items only through front end (from the application (Ex: CBS) itself and not through the backend database update) after requisite authorisation. Audit trails/logs of access, changes to any data, parameters, if any, should be captured with specific user details in the system.
ii.In case of exceptions in rare circumstances, such changes should be duly approved at an appropriate level and documented. Provision for MIS report should be available to auditors to generate complete list of back-end access and changes made.
5. Audit logs
i.Provisions of audit trails/logs to capture details of mandatory fields (that are essential to complete the transaction and essential to identify the transaction for audit/forensic purpose in the future) of all the transactions (financial and non-financial) shall be made.
ii.Logs should be maintained for changing the master data. System generated activity logs of the users with administrative privileges should also be maintained.
iii.Secure storage and retention of logs in encrypted format with access controls in an archival solution.
6. System Generated NPAs
All parameters required for NPA/NPI identification shall be captured in the CBS or associated sub-system(s) / module(s) meant for NPA/NPI identification / classification of asset codes as per Income Recognition and Asset Classification (IRAC) norms and extant instructions. It should provide for separate MIS report capturing all parameters for NPA/NPI identification. Such parameters could either be configured in database or application itself as per the architecture of the solution/sub-system.
7. Test Environment
The existing test environment in the bank with dummy data and functional logic similar to that of the product environment of the solution shall be made available to the supervisors during their onsite supervisory visit(s) as per the requirements. This shall be required, inter alia, to perform sample transactions review to assess whether the solution adheres in complying with regulatory prescriptions in the extant environment for NPA/NPI identification as per applicability.