Substack

Monday, October 26, 2020

Limits of digitisation and data analytics - banking sector supervision edition

Tamal Bandopadhyay has a good article explaining the RBI's supervisory framework, which assumes significance in light of the series of recent high-profile financial sector frauds. He discusses the consequences of the change in 2013 away from compliance-based to a more risk-based, data-driven, and off-site approach. 

Earlier, onsite supervision was the mainstay of RBI supervision; it has been reduced and replaced by reliance on offsite inspection, which essentially consists of tracking data — daily, weekly, fortnightly, monthly. Onsite supervision must be done across India and not restricted to bank headquarters alone. The assumption that everything is centralised in all banks (because they have a centralised processing system) may not be correct. The regional offices and select branches must also be put under the scanner. Earlier, onsite supervision was theme-based, across banks — with a focus on treasury, priority sector lending, and so on. That must be restored along with city-specific and geography-specific scrutiny of bank practices. The RBI used to carry out transaction testing, but stopped after it set up a new supervisory framework — Supervisory Programme for Assessment of Risk and Capital — based on the recommendations of a high-level steering committee for the supervision of commercial banks. Following this, the RBI shifted to the so-called risk-based supervision (RBS) — a rather complex model...

Historically, the RBI has been an onsite, inspection-heavy and offsite, supervision-light regulator. The RBS has reversed the trend. Along with this, the focus has shifted from onsite inspection to offsite supervision and the transaction testing samples have shrunk. The inspections have been made mostly headquarter-oriented and all designated foreign exchange and treasury branches, administrative offices and sensitive branches, which were under the scanner of onsite inspection, have been excluded. The upgrade of the offsite surveillance system is welcome, but it should not have coincided with the dilution of the rigour of onsite examination. The challenge is how to create capacity, with continuity and convergence between offsite supervision and onsite inspection. Only data analytics and transaction testing can red-flag impending dangers. Closer coordination with the capital market regulator to track the flow of funds across the financial system will also help.

This is a teachable exhibit on multiple grounds. It highlights the limitations of modern management techniques and the importance of old-style physical inspections. 

The application of management techniques to public bureaucracies harp on the importance of non-invasive and impersonal monitoring approaches that focus on the use of technology and data analytics to exercise oversight. Accordingly, it has become fashionable (among management gurus, consultants, academic researchers, and general commentators) to advocate the shift away from old-style invasive approaches toward technology and data-based approaches on regulation and supervision. 

They point to the promise of harnessing modern digital and telemetry technologies to capture data, process work-flows, analyse the digital exhaust, and present reports as decision-support. This is a logically irresistible combination. 

It is now common practice, an article of faith, to advocate doing away with all forms of traditional supervision and oversight mechanisms. They range from dispensing with traditional physical inspections and meetings of various kinds to default/deemed digital approvals and reconciliations of accounts to junking all physical records and maintaining only raw digital trails which can be queried as required. This, supporters contend, can transform governance everywhere, from labour to financial market monitoring and regulation. These are all great ideas and they all have a role in any future design of supervision and regulation. 

The only problem is that of reality and its practical challenges. In systems where trust is low, the intent and commission of deviations high, civil society oversight weak, state capability constrained, resources chronically deficient, with massive volume of transactions, and too many types of transactions, the weak links with such technology and data-based off-site approaches are too many. No matter however robust the technology, work-flow, and data analytics, there will always remain too many areas of weakness which will get exploited by those interested in doing so. It is therefore important to be realistic about the expectations from them. 

So, even today, or at least for now, field inspections, physical documentation, and face-to-face meetings remain very relevant and have an important role in complex public systems. They remain important, at least, as back-ups. Therefore, prudence dictates that, given our contexts, it is important to have a balanced mix of modern and old-style techniques in any supervisory and regulatory system. The specific details and shares of the two approaches would depend on the nature of the activities sought to be monitored and regulated. Further, this balance will vary with changes in the context, and maturity and stability of the processes. 

Like all else, the design of supervisory systems must be done keeping in mind the prevailing contexts. There may be sophisticated and promising technologies. And they should necessarily be harnessed. But only in a manner that accounts for the implementation prospects and failure possibilities in the particular context. Prudence and not digital ideology should dictate such operational designs.

This also draws attention to the problem of excessive pursuit of efficiency. It, as I have blogged earlier here and here, comes at the cost of resilience. Even in the most hospitable environments, it may not be a good idea to digitise and automate everything and have no physical back-ups. As the constantly emerging examples from the tech world demonstrates, this comes at the cost of resilience and effectiveness. In systems whose mandate is public service delivery, resilience assumes even greater importance. 

Update 1 (28.10.2020)

The Labour Secretary of Government of India says,

We are working towards single randomised inspection so that for both Employees’ Provident Fund Organisation (EPFO) and Employees' State Insurance (ESIC) related inspections, the officer can go at once, rather than making a separate visit on office premises. Our first target would be to achieve faceless inspection by examining of records. Physical visits (for inspection) should be avoided as much as possible. If it is to happen then there should be a common inspection. We also want to emulate the provisions in the income tax law to ensure that only authorised inspections take place, a model that works well. Even though we have moved towards randomised inspection system, there are no checks on inspectors making visits to a factory without really being assigned to do so. The inspector will go only if he is authorised to go through a portal and the establishment to which the inspector makes a visit gets intimation, maybe on the day of visit or at the time inspector reaches the premises.

To wait and watch how this plays itself out. I'll wager that a fully digitised approach which junks all human discretion (at the level of both the inspector and, equally important, at the level of their managers) will get gamed repeatedly and fail. 

No comments: