As part of effective risk management, banks are required to have a system of separation of credit risk management function from the credit sanction process.
"However, it is observed that the banks follow diverse practices in this regard," an RBI notification said.
To bring uniformity in approach followed by banks, as also, to align the risk management system with the best practices, the RBI asked banks to lay down a board-approved policy clearly defining the role and responsibilities of the CRO.
The CRO could be transferred/removed before completion of the tenure only with the approval of the board and such premature transfer/removal have to be reported to the RBI. Listed banks will have to report to the stock exchanges also.
More From This Section
Also, there "shall not be any 'dual hatting", meaning the CRO should not be given the responsibility of Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Chief of the internal audit function or any other function.
The CRO should have direct reporting lines to the MD and CEO/Risk Management Committee (RMC). The officer should not have any reporting relationship with the business verticals of the bank and should not be given any business targets, the RBI said.