EXECUTIVE SUMMARY. On January 7, 2021 the Reserve Bank of India (RBI) issued instructions to commercial banks to safeguard the independence and competence of the internal audit function, and laid down norms for the functioning of the department and the appointment of the head of internal audit. While it is a positive development that the RBI has laid down a policy which banks have to follow for this vital function, a critical omission, as compared with the proposal in its own discussion paper on governance, was that the head of internal audit needed to be one level below executive directors or the Chief Executive Officer (CEO).
As the heads of business verticals are normally executive directors or one level below executive directors, it is imperative that the heads of control functions such as risk, audit, compliance and vigilance are at the same seniority, or even senior to the business heads. This was specifically mentioned in RBI’s discussion paper on governance, but for some inexplicable reason it was omitted in this important circular.
In all formal, hierarchical organisations, staff grades play a vital role in commanding respect and authority. When a control-head is a rank lower than the business head vertical which has to be monitored, the former is inherently in a disadvantageous position and can be rendered ineffective in that role. This is despite the control head reporting to the sub-committee of the board or reporting to the CEO or executive director, but with the reviewing authority being the Board. The reason is that the sub-committees of the board that deal with control functions are staffed with independent directors who are mandated to meet at least once a quarter, while the control heads are meeting their business heads far more regularly, and hence, when the business head is senior, that individual can exert his authority over the control head. In addition, it is always a healthy practice for staff, especially seniors, to be rotated between business and control functions, so that they get the necessary exposure to both sides of the business. When the control head is junior to the business head, there remains a possibility that in the future the former maybe posted to a business vertical where the business head is the individual’s boss, and hence the control head would be reluctant to go against a business head if he was junior to him.
In all organisations where the chain of command is hierarchical, it is necessary that control function heads are always at par and preferably senior to business vertical heads, so that the desired control functions can be effectively implemented. In banks, which deal with unsecured public funds and are highly leveraged, it was imperative for the RBI to have formalised such an arrangement. Having control heads report to sub-committees of the board may on paper assure the control function of independence, but it needs to be made more effective in practice by having control heads to be, at the minimum, the same seniority as the business heads.
I, Hemindra Hazari, am a Securities and Exchange Board of India (SEBI) registered independent research analyst (Regd. No. INH000000594). Views expressed in this Insight accurately reflect my personal opinion about the referenced securities and issuers and/or other subject matter as appropriate. This Insight does not contain and is not based on any non-public, material information. To the best of my knowledge, the views expressed in this Insight comply with Indian law as well as applicable law in the country from which it is posted. I have not been commissioned to write this Insight or hold any specific opinion on the securities referenced therein. This Insight is for informational purposes only and is not intended to provide financial, investment or other professional advice. It should not be construed as an offer to sell, a solicitation of an offer to buy, or a recommendation for any security.