For more updates follow Grant Thornton Bharat WhatsApp channel
In India, global in-house centres (GICs) were initially established in the banking industry as offshore centres for cost saving and operational support functions. However, with significant growth and transformation, they have developed into global capability centers (GCCs). These GCCs serve as strategic partners and hubs for innovation, technology, and high-value services. In addition, they have played a crucial role in supporting risk management functions for international banks. Over the years, these banks have evolved significantly, adapting to changing market dynamics, regulatory requirements and technological progress. Initially, risk management was primarily focussed on compliance and basic operational risk functions. Therefore, these centres functioned as extensions of global banks, providing support for data processing, documentation and reporting. As global banking regulations became more stringent, the scope of risk management within these centres also expanded. They began to manage complex risk analytics, credit risk assessment and fraud detection, which in turn, led to a growing need for skilled risk professionals as well as hiring and training. As a result, these global centres evolved from being purely operational support centres to strategic partners in risk management. This also required close collaboration with onshore risk teams for sharing best practices, aligning risk frameworks, and ensuring compliance with global standards.
The global banks in India need to comply with both local and global regulatory frameworks. These regulations encompass a wide range of areas, such as capital adequacy, liquidity, anti-money laundering, data privacy and cybersecurity. Ensuring compliance with these multiple regulatory regimes can be a complex and demanding task for risk management teams and require a deep understanding of various legal and regulatory requirements. Adherence to regulatory frameworks such as Basel III, Dodd-Frank, and International Financial Reporting Standards (IFRS) require continuous monitoring. In India too, the banks face several core risks that can affect their operations and financial stability. These core risks include market risks, credit risks, operational risks, cybersecurity risks and regulatory compliance. We have discussed them in detail here.
Managing market and credit risks require robust risk management frameworks, sophisticated risk measurement and monitoring systems, effective governance structures, and skilled risk management professionals. GCCs need to stay updated with market developments, regulatory requirements, and industry best practices to proactively identify and manage these risks effectively. The market risks, such as interest rate fluctuations, foreign exchange rate volatility and market uncertainties can impact the profitability, net interest income and the value of assets and liabilities of global banks. Implementing effective asset-liability management, risk-hedging strategies and market risk monitoring is necessary to mitigate market risks. Credit risks arise from counterparties including banks, financial institutions and borrowers. Non-performing loans, defaults, or credit rating downgrades can result in financial losses. Robust credit risk assessment, continuous monitoring and risk mitigation measures, such as credit limits and collateral requirements, are essential for managing credit risks.
Global banks also face operational risks arising from internal processes, systems and human errors. Inefficient operational processes, technology failures, cyber threats and disruptions can impact the smooth functioning of GCCs. Establishing robust internal controls, disaster recovery plans, and investing in reliable infrastructure are crucial for mitigating operational risks. These global banks typically operate in multiple countries and are exposed to country-specific risks. Political instability, economic downturns, regulatory changes, and legal uncertainties in the countries where such banks conduct business can impact their operations and financial performance. The banks need to assess and monitor country-specific risks to make informed decisions regarding geographic expansion, investment strategies, and risk mitigation measures.
The reliance on technology exposes these global banks and GCCs to cybersecurity threats. Data breaches, hacking attempts, and unauthorised access to sensitive information pose significant risks. Implementing robust cybersecurity measures, conducting regular security audits, and educating employees on cybersecurity best practices are essential to mitigate cybersecurity risks.
Global banks need to navigate a complex regulatory environment, ensuring compliance with banking and financial regulations, capital adequacy requirements, data protection laws, and anti-money laundering (AML) guidelines. Failure to comply with these regulations can lead to penalties, reputational damage, and legal issues.
Another key risk is business continuity risk that arises due to disruptions caused by natural disasters, power outages, or system failures. This can hamper operations and impact business continuity. Global banks need to have robust business continuity plans and disaster recovery mechanisms to ensure uninterrupted services and data integrity.
To address these risks, banks need to establish comprehensive risk management frameworks, including risk assessment, monitoring and mitigation strategies. The three lines of defense work in a collaborative manner to ensure a robust risk management framework within the bank. The first line of defense includes front-line business units which are responsible for executing day-to-day activities and directly manage risks associated with their operations. They identify, assess, and control risks within their respective areas and implement risk management practices and controls in line with established policies and procedures. The second and third lines of defense play crucial roles in the risk management framework. The second line, consisting of risk management, compliance, and governance functions, provides an independent oversight, guidance, and support to the first line of defense (business units). They establish risk management frameworks, assess and monitor risks, ensure compliance with regulations and promote effective governance. The third line, which is primarily represented by internal audit, operates independently and provides objective evaluations of risk management, controls and governance. They conduct audits, assess control effectiveness and provide assurance to the senior management and board. The combined efforts of the second and third lines of defense enhance risk management, promote transparency, and strengthen the overall risk culture within the bank.
The banks should also strategically invest in talent and technology, comply with regulatory requirements and foster a culture of risk awareness and compliance. Collaboration with regulatory authorities, staying updated with emerging risks and adopting best practices in risk management are crucial for their successful operation.
The outlook for GICs and GCCs in the Indian banking industry is promising and poised for growth. The banking sector is the largest employer of GCCs in India, followed by other sectors such as IT and telecom. There are currently more than 1,000 banking GCCs in India, employing more than 500,000 people. The banking GCC segment in India is growing rapidly, with revenue expected to almost double by 2026. These centres have become integral parts of the banking landscape, providing strategic support, operational excellence, and driving innovation for their parent organisations. As the industry evolves, GICs and GCCs are likely to face new opportunities and challenges. These centers will continue to drive innovation, embrace digital transformation, and prioritise risk management and compliance. GICs and GCCs are expected to continue to be vital contributors to the banking sector, enabling sustainable growth and competitive advantage for their parent organisations, by investing in talent development, adopting a customer-centric approach, fostering collaborative ecosystems and exploring geographical expansion.