Audit & Risk Committee Pack - RBI Regulatory Developments – Bank Board Governance brief

Regulator: Reserve Bank of India (RBI)

Audience: Audit Committee & Risk Management Committee

Purpose: To summarise recent RBI regulatory expectations and highlight priority oversight actions for committees.

Time Horizon: Ongoing / FY 2025–26 planning

WHAT HAS CHANGED & WHY IT MATTERS

1. Regulatory Context

RBI’s regulatory stance has evolved toward outcomes-based supervision, with increasing emphasis on:

·       Board and committee effectiveness

·       Early identification of stress

·       Quality of governance, not mere rule compliance

Supervisory assessments now routinely examine committee minutes, challenge raised, and follow-through actions.

2. Core RBI Focus Areas Relevant to Committees

A. Governance & Board Accountability

·       Boards are viewed as the first line of prudential defence.

·       Audit and Risk Committees are expected to demonstrate independent judgment and effective challenge.

·       Reliance on management representations without validation is a supervisory red flag.

Reference: RBI – Master Direction on Corporate Governance in Banks

B. Asset Quality & Financial Reporting

·       Zero tolerance for:

o   Delayed NPA recognition

o   Evergreening and restructuring misuse

o   Divergence between bank and RBI asset classification

Audit Committees are expected to engage actively with:

·       Statutory auditors

·       Internal audit and risk teams

·       Supervisory observations

Reference: RBI – IRACP Master Circular

C. Risk Appetite, Capital & Stress Testing

·       ICAAP must be credible and decision-relevant, not a compliance document.

·       Stress tests should directly inform:

o   Capital planning

o   Growth strategies

o   Sectoral exposure limits

Risk Committees are expected to assess forward-looking vulnerabilities, not only historical data.

Reference: RBI – Basel III Capital Regulations & ICAAP Guidance

D. Liquidity & ALM Oversight

·       Heightened RBI sensitivity to:

o   Deposit concentration

o   Funding volatility

o   Structural liquidity mismatches

Committees must ensure:

·       Adequate HQLA buffers

·       Stress testing under severe but plausible scenarios

Reference: RBI – Liquidity Risk Management Framework

E. Technology, Cyber & Operational Risk

·       Cyber and IT failures are treated as systemic risks.

·       RBI expects board-level oversight of:

o   Cyber resilience

o   Incident response readiness

o   Independent IT audits

Reference: RBI – IT Governance & Digital Payment Security Directions

KEY RISKS, QUESTIONS & ACTIONS

3. Key Regulatory Risks for Committees

4. Questions Committees Should Regularly Ask

Audit Committee

·       What are the top three areas of judgment in asset classification this quarter?

·       Where do internal audit and statutory audit views diverge from management?

·       Are disclosures aligned with the spirit of RBI guidance?

Risk Committee

·       Which stress scenarios could realistically breach our risk appetite?

·       How quickly could liquidity tighten under adverse conditions?

·       Are group entities creating hidden balance-sheet or reputational risk?

5. Expected Evidence RBI Looks For in the Banks board governance

·       Minutes reflecting active discussion and challenge

·       Clear articulation of rationale behind approvals (especially RPTs, capital, provisioning)

·       Documented follow-up on supervisory observations

·       Independent assurance reports (audit, IT, risk)

6. Immediate Committee Action Checklist

✔ Review Audit & Risk Committee charters against RBI expectations

✔ Ensure ICAAP, stress tests, and ALM reports are decision-oriented

✔ Strengthen engagement with auditors beyond formal presentations

✔ Demand periodic regulatory compliance dashboards

✔ Record dissent and challenge explicitly in minutes

✔ Schedule annual independent regulatory briefing (without management)

7. Key Takeaway for Directors in Banks Board

RBI’s supervisory approach makes one expectation unmistakably clear:

Independent directors and committee members are expected to act as active fiduciaries, not procedural approvers.

Banks and Institutions that can demonstrate informed oversight (Bank Board Governance), independent judgment, and strong documentation will be best positioned to withstand supervisory scrutiny and systemic stress.

Regulatory References

·       RBI – Master Direction on Corporate Governance in Banks

·       RBI – IRACP Master Circular

·       RBI – Basel III Capital Regulations & ICAAP Framework

·       RBI – Liquidity Risk Management Framework

·       RBI – IT Governance, Risk & Digital Payment Security Directions