President and CRO
Axis Bank Limited
Axis Bank of India uses SAS to Measure and Mitigate Risk
Expanding service offerings and a changing regulatory environment encouraged Axis Bank Limited’s President and Chief Risk Officer Bapi Munshi to take a fresh look at the bank’s risk management strategy. He found that an investment in people, processes and technology would give the bank a significant improvement in its data quality, reporting and compliance.
Today, Axis Bank is India’s third-largest private sector bank. The organization has more than 2,402 domestic branches (including extension counters) and nearly 13,000 ATMs across the country, with overseas offices in Asia and the Middle East, to reach a large cross-section of customers with an array of products and services.
Axis Bank is using SAS to improve Risk Management throughout the organization and make the best possible business decisions. In this short question and answer session, he talks through his challenges, discoveries and successes.
What was the impetus to build a better risk management framework?
Basel II compliance was one of the big drivers. To comply with the regulation, we had to move to a standardized, advanced internal ratings-based approach (A-IRB). There was also a big internal push. A risk management committee had been created at the board level, and it lobbied for an advanced risk management framework and more sophisticated modeling techniques.
So what led you to look for an advanced analytics solution?
When we started doing retail lending, we were using judgmental scorecards. We trusted our experience to define the parameters that might determine an individual’s propensity to default. But when we tested those scorecards, we found that there was very little discrimination. So we investigated analytics vendors. We specifically wanted to understand the requirements on the data sets. And on the operation risk side, we needed a framework to capture lost data. We needed to know how to classify the data, create a data repository, and then use that data to make better risk decisions. That research took quite some time. In the end, we chose SAS®.
Were there unexpected snags?
Our main challenge was data quality and data capture. When we started, we had very little data to create statistical models on. Over time, we began capturing the right kind of data and started building up our model library. It took a long time and significant investment in the right people and technology. But we’re now in a place where we’re confident in our data and statistical modeling capabilities.
SAS provides a good audit trail. Now the regulators are more comfortable with what we’re doing. And there’s a lot of comfort at the senior management level, too. SAS help us derive meaningful information from huge sets of data … which helps you make better risk decisions.
Why wasn’t your existing technology adequate?
When we began our retail lending program, we needed to build a credit risk management system and establish our own best practices and processes. We also had to adopt the standardized approach for calculating capital requirements. That meant we would need an advanced system for data collection at the individual exposure level.
That magnitude of data would be too much for Excel. So we needed to move away from Excel; it’s error-prone and there was no audit trail. So the auditors and regulators had little confidence in the data. SAS provides a good audit trail. Now the regulators are more comfortable with what we’re doing. And there’s a lot of comfort at the senior management level, too.
SAS can help you derive meaningful information from huge sets of data … which helps you make better risk decisions.
In terms of being able to make good decisions about risk, what results have you seen from the work you’ve done?
We can now see the early signs of trouble much earlier than before. One good example is from the retail side of the business. Whenever there is an uptick in delinquencies, we can go back and modify the filters that we’re using at loan origination. We can see that we need to make those parameters more stringent so that portfolio behavior is again within our risk appetite strategy.
Tell me about the benefits you’ve seen on the operational risk side.
We are looking at governance from a couple of angles. On the compliance side, we are looking at how each process is linked to compliance requirements and whether we have the right kind of controls in place. And secondly, how are we exposed to operational risk – and for each of those risks, do we have the right control functions?
And then our assumptions are tested. One test is done by the compliance or operational risk group, and another is done by the internal audit team. That feedback is captured in the SAS Enterprise Governance, Risk and Compliance (SAS Enterprise GRC) system.
When we started moving our risk data into the SAS platform, we realized it was a big job to record all of the bank’s processes. We’ve recorded nearly 5,500 processes in the SAS Enterprise GRC system. That is a big storehouse of information for new users. And for each of the processes we’ve identified the compliance parameters. This also gives us a view into the processes where we have weak controls so that we can revisit those and plug the gaps.
What kind of successes have you seen that let you know you’re on the right track?
We are more confident in our decisions. For instance, we can see whether or not we are compliant and the gaps we still need to close. Are we less vulnerable to external threats in terms of our guys complying with regulation or in terms of fraudsters penetrating our system? These are the areas where the system will provide us with the most benefit.
- Provide higher quality, more reliable regulatory compliance reporting.
- Collect and automate processes for governance and risk management.
- More reliable data.
- An audit trail for data collection and analysis.
- Early-warning system about potential problems.
- A vast collection of the bank’s processes to keep current users compliant and to educate new ones.