The Reserve Bank has asked banks to lay down a policy defining responsibilites and fixed tenure of the chief risk officer as it seeks to bring uniformity in risk management system of lenders.
As part of effective risk management, banks are required to have a system of separation of credit risk management function from the credit sanction process.
"However, it is observed that the banks follow diverse practices in this regard," an RBI notification said.
To bring uniformity in approach followed by banks, as also, to align the risk management system with the best practices, the RBI asked banks to lay down a board-approved policy clearly defining the role and responsibilities of the CRO.
Further, "appointment of the CRO shall be for a fixed tenure with the approval of the board of Directors of the banks".
The CRO could be transferred/removed before completion of the tenure only with the approval of the board and such premature transfer/removal have to be reported to the RBI.
Listed banks will have to report to the stock exchanges also.
Also, there "shall not be any 'dual hatting", meaning the CRO should not be given the responsibility of Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Chief of the internal audit function or any other function.
The CRO should have direct reporting lines to the MD and CEO/Risk Management Committee (RMC). The officer should not have any reporting relationship with the business verticals of the bank and should not be given any business targets, the RBI said.
"The CRO in his role as an adviser shall be an invitee to the credit sanction/approval committee without any voting rights in the proceedings of the committee," the notification added.