Risk management is the control and nerve centre of a bank. The independence of control and vigilance functions like risk management and audit has to be fiercely protected by the board of directors and the banking regulator. So when a major bank starts downgrading its chief risk officer (CRO), not only depositors, but the banking regulator (the Reserve Bank of India) and the general public, ought to sit up and take notice. The question arises: what’s behind such a move?

Axis Bank has quietly clipped the powers of its CRO, Cyril Anand, who was appointed on May 1, 2016. His predecessor, Bapi Munshi, reported directly to Shikha Sharma, the Chief Executive Officer, but when the new CRO took charge the reporting structure was altered. Now he also has to report to Jairam Sridharan, the bank’s chief financial officer (CFO). The change in the reporting was not disclosed to the public and the stock exchanges, on the ground that the CRO is not considered “key management personnel” by the bank. But this is an extremely relevant development for depositors and investors at a time when the Indian government is planning to sell its remaining 11.5% stake in Axis Bank (valued at Rs. 14,645 crores) in late October or early November 2016.

Axis Bank confirmed to The Wire that the new CRO had also to report to the CFO, but the bank declined to specify his date of appointment on the grounds that it was “not public information.” An email sent to the bank stating that the new CRO was appointed on May 1, 2016 and that his new reporting was concurrent from that date has not been contradicted.

Surprisingly, less than 3 months later after the new CRO’s appointment, Axis claimed: “The Chief Risk Officer reports to the Managing Director and CEO and the Risk Management Committee of the Board oversees the functioning of the Department.” Why Axis Bank, in its June quarter results announcement, failed to disclose the factual position on the CRO’s reporting remains a mystery.

Indeed, Axis Bank’s latest annual report for the year ended March 31, 2016 acknowledges the role of risk management when it states, “The independent [emphasis ours] risk management structure within the Bank is responsible for managing the credit risk, market risk, liquidity risk, operational risk, and other [Basle] Pillar 3 risks like reputational risk and strategic risk and exercising oversight on risks associated with subsidiaries.” The Basel Committee on Banking Supervision Guidelines for Corporate Governance, unequivocally state that the CRO should not wear dual hats: “..(chief operating officer, CFO, chief auditor or other senior manager should in principle not also serve as the CRO). While formal reporting lines may vary across banks, the CRO should report and have direct access to the board or its risk committee without impediment.”

By creating a dotted hierarchal line between the CRO and the CFO, Axis Bank has deliberately entered a grey area and devalued the importance of the highly sensitive post of CRO and has subordinated it to financial management.

Role of the CEO and the board

One of the critical functions of a bank CEO is to directly monitor risk and credit quality as it is weakness in these critical areas which normally adversely impacts banks. In Axis Bank, Shikha Sharma has changed this time tested tradition by incorporating a dual reporting system for the CRO, effectively passing on the responsibility of risk management from her to the CFO.

Corporate governance structures for banks encourage direct access to the board by the CRO and the post’s independent direct reporting to the board is to ensure that the board is independently informed of risk management. As Axis Bank has confirmed to us that the dotted line reporting by the CRO to the CFO had the support of the board, it indicates that the board has quietly endorsed the CEO’s decision for the dual reporting structure. This at a time when Axis Bank is facing asset quality stress, high retail credit growth and issues of timely disclosure. These issues require the strengthening of independence of risk management and not its dilution.

CRO instrumental in formation of “watch list”

The change in the reporting hierarchy follows the pivotal role played by risk management in convincing Axis Bank to disclose its. Rs 22,628 crore-strong “watch list” of poor quality corporate loans. These loans constitute around 45% of its equity in the fourth quarter of fiscal year (FY) 2016. In an unusual development, the bank disclosed in its “watch list” presentation that “the process of creating the list was driven by the Bank’s Risk Management team, led by CRO,” thereby admitting the important role of risk management. Until the 4QFY2016, and despite deterioration in corporate loans in government banks and analyst concerns on asset quality, Axis Bank and its CFO was assuring investors that the bank had no significant asset quality issue. It appears that while assurances were being generously given, risk management was sounding the alarm bells, which finally led to the public disclosure of the “watch list.” By the bank’s own admission, 60% of the “watch list” loans would become non-performing in a short period requiring the bank to provide 70% for these loans. This highlights the abysmally poor quality of these corporate loans, the state of corporate credit expertise and timely disclosure at the bank.

In Axis Bank’s organisational structure there is no individual directly responsible for credit, and credit responsibilities are split in different verticals. The head of corporate credit and the head of small and medium enterprise credit report to the deputy managing director, while the head of retail credit reports to the executive director in-charge of retail. The reporting structure of the credit heads remained unchanged and, it appears that to enhance the role of a rising star in the bank, the CRO’s position was diluted and he was also made to report to the CFO.

CFO – Whiz kid or blue eyed boy?

The 41-year old, Jairam Sridharan, credited with the bank’s successful retail foray, has had a meteoric rise since joining Axis Bank in June 2010 (Shikha Sharma was appointed as CEO a year earlier in June 2009). He has the unique distinction in the bank’s history of skipping a grade (executive vice-president) in 2013 when he was promoted from senior vice-president directly to president and head, consumer lending and payments. Thereafter, and within two years, he was appointed CFO in October 2015. He has a background in retail banking with Capital One and in ICICI Bank, where he worked with Shikha Sharma. However, he has limited exposure to corporate credit and risk management. According to an Economic Times article, the best advice he received in his life, has been from Shikha Sharma, “finish what you start”. Given his phenomenal rise within the bank the admiration appears to be mutual.

In the age of capital markets and the global dominance of financial capital, investor relations has emerged as a larger-than life function. This division, which nestles within a CFO’s responsibilities, is to facilitate and educate institutional investor access, but its main role is to present the bank in the best possible light, deflect criticism, manage analysts’ expectations and improve banks’ stock market valuation. There is a direct and dangerous conflict of interest when the CRO is made to report to the CFO as the latter is instrumental in preparing internal budgets and forecasts and also providing a favourable impression of the bank to the capital markets. Typically the Axis Bank CFO on analyst calls has provided future guidance on critical parameters as fresh slippages of non-performing loans, credit costs (bad debt provisions as a percentage of loans), net interest margins, credit growth et al. If post such budgets and forward guidance given by the CFO, the CRO assesses that conditions have deteriorated necessitating a downward revision in the CFO’s projections, will the CFO readily agree to the downgrade and a loss to his personal reputation if the CRO were to report to him?

Such conflicts of interest are normally understood by the senior management of banks and hence the CRO normally reports directly and only to the CEO or a senior executive director (not responsible for any business function) so as to not dilute the authority of risk management. Risk management is the edifice of a bank and it is shocking that the board of directors at Axis Bank consisting of supposedly independent and eminent individuals have rubber-stamped this dilution at a time when the bank is facing grave issues of timely disclosure, corporate asset quality and high retail credit growth. It is even more alarming that the Reserve Bank of India, the banking regulator is a mute spectator to this spectacle.