opeRationaL RiSk
     Area
   Mitigation measures
   Product and Process Reviews
User Acceptance Testing
Risk and Control Self-Assessment
Key Risk Indicators
Loss Data Management
Operational Risk Scorecards
Outsourcing Risk
Internal Financial Control (IFC) Testing
All new products and processes (including enhancements) are subject to a mandatory comprehensive review. The Bank continuously reviews and enhances its key processes to adapt to industry best practices.
The Bank performs the User Acceptance Testing (UAT) to identify gaps in the actual deliverable versus what was proposed in the Business Requirement Document (BRD). these gaps are further addressed and closed during the Functional Specification Document (FSD) stage before moving to production.
During the year, RCSA was undertaken for eight processes. There is a time bound plan to close the open issues as observed during RCSA and an update is provided to Operational Risk Management Committee (ORMC) and RMCB at regular intervals.
the Bank has defined 19 KRIs at an organisation level as part of the operational Risk Management Framework. These KRIs are analysed on monthly basis and a comprehensive report is submitted to the oRMC and Board at quarterly intervals with action plan for closure of open issues.
Loss Data Management is in place to record material incidents, learn from errors and strengthen existing controls. Incidents are recorded as operational loss and near miss events. This is followed by a Root Cause Analysis (RCA) for critical incidents. The Bank records instances along the Basel defined lines of operational Risk events and process enhancements are tabled at various committees for further action.
An internal scoring mechanism is in place to capture all risk parameters at a granular level within the Bank i.e. branch level. The scorecard includes all facets of branch operations: MicroBanking, Housing and MSE loans, liabilities and other branch related parameters. Branches are categorised as High, Medium or Low risk based on these assessments on a monthly basis.
Progressive risk assessment of most material outsourced vendors (including legacy vendors) was completed during the year, to ensure that these vendors comply with the minimum requirements prescribed by the RBI. Detailed notes were recorded on the risk assessment done for each vendor through visits and were placed at various forums and committees for further action.
This is an annual exercise and done by the Operational Risk team. The team, along with the stakeholders concerned, prepares and enhances Risk & Control Matrices (RCMs). the financial and operational controls in these RCMs are next put to test by collecting samples from across the review period and from different regions, and are then evaluated for success or failure of the control effectiveness. the critical gaps observed during such testing are discussed with the functions concerned for upgrading controls which may include automation of the controls.
                  62 | AnnuAl RepoRt 2019-20