RESERVE BANK OF INDIA

HDFC Bank Ltd.

Risk Assessment Report

(Financial position as on March 31, 2015)
 Table of Contents

Introduction………………………………………………………………… 3
Part I: Risk Assessment Report………………………… 3
Summary of Aggregate Risk at Bank Level………………………….. 3
Supervisory Evaluation of Risks and Control Gaps.......................... 4
Governance & Oversight………………………………………………. 4
Credit Risk………………………………………………………………. 9
Market Risk……………………………………………………………… 13
Liquidity Risk……………………………………………………………. 15
Operational (Non-IT) Risk ……………………………………………... 16
Operational (IT) Risk …………………………………………………... 23
Other Pillar II Risks…………………………………………………….. 24
Part II: Major Areas of Financial Divergence……………………… 27
Part III: Assessment of Capital and Earnings……………………… 27
Pillar I Capital & CRAR………………………………………………… 27
Capital Management, ICAAP and Stress Tests ............................… 27

Assessment of Internal Generation of Capital………………………. 29

Scope & Ability to Infuse Capital……………………………………….. 30

Assessment of Leverage Ratio………………………………………... 30

Part IV: Major Areas of Non-Compliance……………………………... 31
Part V: Annex………………………………………………………………. 1-8
Annex-1: Major Areas of Financial Divergence……………………… 1
Annex-2: Computation of Outside Liabilities…………………………. 1
Annex-3: Assessed Net Worth…………………………………………. 2
Annex-4: Computation of Assessed Capital…………………………. 3
Annex-5: Assessment of Internal Generation of Capital……………. 5
Annex-6: Leverage Ratio……………………………………………….. 8

Confidential Page 2 of 32
 INTRODUCTION
The Risk Assessment of HDFC Bank Ltd for 2014-15 under the Supervisory Program for
Assessment of Risk and Capital (SPARC) was completed with March 31, 2015 as the
reference date. The assessment has been made based on the off-site analysis of the
data and information furnished by the bank as well as the results of the on-site Inspection
for Supervisory Evaluation (ISE) undertaken from August 07, 2015 to September 30,
2015 and various explanations offered by the bank in course of inspection.
As per the SPARC process, the aggregate Risk Score of the bank is arrived at 2.167
which is indicative of medium risk. On applying the assessed CRAR (16.79%) to the
aggregate risk score, the Risk of Failure score of the bank is arrived at 1.853. Accordingly,
no capital add-on is prescribed.

PART I: RISK ASSESSMENT REPORT

Summary of Aggregate Risk at Bank Level

Inherent Risk Control Gap Aggregate Risk

Risk Category
A (1-4) B (1-4) [A + B] (1-4)

Board 2.306

Senior Management 2.390

Risk Governance 2.361

Internal Audit 2.427

Governance & Oversight Risk 2.371

Credit Risk 2.321 2.088 2.251

Market Risk 1.732 1.659 1.710

Liquidity Risk 1.961 1.702 1.883

Operational (non-IT) Risk 2.516 2.859 2.619

Operational (IT) Risk 2.573 1.766 2.331

Other Pillar II Risks 2.004 1.693 1.911

Business Risk 2.131

BANK LEVEL AGGREGATE RISK 2.167

Confidential Page 3 of 32
 SUPERVISORY EVALUATION OF RISKS AND CONTROL GAPS
1. Governance & Oversight -Aggregate Score: 2.371
Assessment and Major observations
1.1 Board Score: 2.306
1.1.1 Board Composition
The bank has focused on digital banking for retaining as well as expanding its
business and customer reach. As at end March 2015, 63% of the bank’s total
transactions were conducted through net and mobile platforms. Digital
banking has exposed the bank's internal systems and infrastructure to the
wider ecosystem and resultant risks of system failures, data losses, cyber-
attacks and reputational risk. During 2014-15, 86 instances of phishing
attacks were recorded which caused financial loss to customers. As at end
March 2015, there was no member in the Board with IT background and
expertise. Considering the new frontier of risks associated with digital
banking, an IT professional / expert could aid to in aligning Board's
understanding on emerging digital banking issues with that of the senior
management.
1.1.2 Board Oversight of Risk Functions
1.1.2.1 There was bunching of agenda items in many of the Board meetings leading
to deferment of agenda items in some cases.
1.1.2.2 The findings of the internal audit reports highlighting large number of frauds
and non-adherence to KYC/AML guidelines were placed periodically before
the Audit Committee and Compliance (ACC). However, there were no specific
directions / instructions from the ACC for improving adherence to KYC/AML
norms / guidelines which led to unintended developments such as penalty by
RBI, penalty by FIU-IND, deficiencies in customer identification and
acceptance before commencing business relationship, deficiencies in
transaction monitoring / AML alert generation and examination / risk
categorization / updating due diligence of customer accounts, etc. These
consequences resulted, inter-alia, in adverse impact on bank’s reputation.
1.1.2.3 Shortages / excesses of currency notes were frequently detected in the
remittances of soiled / mutilated notes sent by the bank to the Currency
Verification Processing System (CVPS) in RBI. It was observed that the
instances of shortages / excesses of notes were spread across different
CVPS centers. The Board did not give any direction or instruction to ascertain

Confidential Page 4 of 32
 the real reasons for the anomalies in remittance of soiled / mutilated sent to
RBI.
1.2 Senior Management Score: 2.390
1.2.1 Effectiveness of Senior Management
1.2.1.1 The bank had been reporting incorrect exposure data to Central Repository
of Information on Large Credits (CRILC) as interests charged in respect of
NPA accounts were included as part of the outstanding data.
1.2.1.2 The bank did not take steps to integrate the CRILC data in the credit risk
management framework. Though information on SMA-2 data was placed
before the Board, the SMA-2 data not made part of the standard templates of
credit appraisal / review / renewal.
1.2.1.3 During 2014-15, the bank participated in 27 Joint Lenders Forums (JLF)
formed by concerned banks consequent on reporting of the relevant
borrowers as SMA-2 to CRILC by HDFC Bank or other banks having exposure
to the borrowers. However, the bank did not build an information system to
track progress/ developments of the cases under JLFs. In the absence of the
information system, the bank could not monitor adherence to time limits for
formation of JLFs, finalization of CAPs, implementation of CAPs, etc.
1.2.1.4 The Board was informed that around 95% of fraud cases recorded during
2014-15 pertained to skimming of debit / credits over which the bank had no
control. In order to mitigate the risk of skimming, the bank had initiated several
measures which included converting existing MagStrip cards to PIN enabled
EMV chip cards. The bank had initiated the process of issuing PIN enabled
EMV cards to those customers who had transacted internationally. As at end
March 2015, 24% cards still had MagStrip and hence remained vulnerable to
skimming frauds. The review did not provide a timeline for migrating all the
existing MagStrip cards to PIN enabled EMV chip cards.
1.2.1.5 The bank had a Board approved policy to monitor submission of BOE as
evidence of imports for values less than and equal to 1 lakh USD by creating
a database and quarterly review by operations. Besides, the policy prescribed
an approval matrix for allowing transactions by concerned entities depending
on number of times BOE had not been submitted. There was no centralised
MIS of such approved cases and approvals were stored on individual
computers. The senior management did not set up the necessary control

Confidential Page 5 of 32
 environment for effective implementation of Board approved policy.
1.2.1.6 There were many outstanding term deposits less than 1 crore with differential
rate of interest for same value date and maturity date. The differential rates
were observed in many customer categories such as Senior Citizens,
Individuals, and Corporate etc. For example, in many instances, Senior
Citizens were not offered the higher interest rate applicable for them and were
given the normal rate applicable for individuals. There were many outstanding
deposits with tenor greater than 10 years (upto 20 years) which was not
consistent with the bank’s internal policy on Deposits which allowed deposits
upto 10 years only.
1.2.1.7 The bank’s current account with RBI was debited / credited for shortage /
excess of currency notes detected in the remittances of soiled / mutilated
notes sent to various CVPS in RBI. In this connection, the Board was given
unsubstantiated reasons for the shortage / excess of notes detected at the
CVPS viz. the bank's representatives were not allowed to be present at the
CVPS when notes were processed, the configuration of the machine used by
RBI might be different from the bank, the CVPS might not be checking any
dusted notes or other unknown reasons. The bank needed to analyze the
efficacy of note sorting / counting operations at its currency chests and also
engage with the concerned Issue Departments of RBI to take corrective
actions.
1.2.2 Performance Evaluation & Controls
1.2.2.1 The internal audit detected a large number of violations of KYC/ AML
instructions by the branches which reflected room for improvement of
compliance by the line people and also oversight functionaries especially by
the Compliance Liaison Officer (CLO) posted at various units.
1.2.2.2 Customer complaints had shown a continuous decline over the last few years.
One of the factors contributing to the decline related to not treating query as
complaint - introduced from September 2007. The grievance redressal policy
and customer complaint processing note did not define the term ‘complaints’.
Both the documents especially complaint processing note used the term
query and complaint interchangeably. The bank received customer service
related references from multiple channels which were to be logged as query
or complaint in the system (CRM-next). A perusal of the query details revealed
that a large number of ‘complaints’ were logged as ‘queries’.
Confidential Page 6 of 32
 1.2.3 Succession Planning
The overall staff attrition rate at 32.75% was very high and exposed the bank
to people risk. Even in critical areas such as treasury and risk management,
the attrition rate stood over 17%.The succession policy of the bank addressed
the requirements of senior management including MD and DMD. The HR
review for 2014-15 did not analyze the impact on large scale attrition rate on
succession planning at other levels and strategies to tackle the issue.
1.3 Risk Governance Score: 2.361
1.3.1 Risk Governance Framework
1.3.1.1 The bank was part of a financial conglomerate with significant parent (HDFC
Ltd) shareholdings (21.7% as at end March 2015). The bank had entered into
an agreement with HDFC Ltd in terms of which, the bank sourced home loans
for HDFC Ltd and for which it earned sourcing fee from the parent. As per the
agreement, the bank also had a right (not an obligation) to buy home loans
from HDFC Ltd upto 70% of fully disbursed loans sourced under the
arrangement. Although the bank had discretion to buy such home loans from
the parent, it had regularly bought such home loans within the limits approved
by its Board. While buying such home loans, the bank did not compare the
prevailing market rates to ascertain the competitiveness of rates offered by
the parent.
Although the bank made due diligence and disclosures of related party
transactions, there was no comprehensive Board approved conflicts of
interest policy.
1.3.1.2 The bank followed an active write off policy to manage impaired assets. The
bank placed a very short periodic report to the Board showing cumulative
amount recovered from written off accounts irrespective of the year of write
off. The report did not reveal year wise recovery compared with written off
amounts for the relevant years, strategies and measures initiated to boost
recovery from written off accounts etc.
1.3.1.3 The balance sheet of the bank had been growing significantly higher than the
peer group and industry averages. As part of the growth strategy, the bank
had embraced digital banking in a big way. However, the ICAAP had
assessed the level of majority of the quantifiable as well as non-quantifiable
risks especially credit risk, technology risk, reputation risk, etc. as ‘low’ and
their directions as ‘stable’ after factoring the risk events / environment. The
Confidential Page 7 of 32
 adequacy of policies / processes / procedures / audit/ compliance etc. needed
more critical examination in the light of increasing operational risks faced by
the bank.
1.3.2 Adequacy & Effectiveness of Risk Management Functions
The bank has been growing steadily in terms of balance sheet size,
geographical reach and complexity of delivery channels. During 2014-15,
there had been an increase in number of fraud cases, customers approaching
consumer courts, unscheduled down time of critical IT systems, incidence of
violations of KYC / AML instructions resulting in imposition of penalties by
regulators etc. which left scope for improvements in risk control mechanism.
Continued use of spreadsheets in certain important operational areas
exposed the bank to potential errors.
1.4 Internal Audit Score: 2.427
1.4.1 Quality of Internal Audit
1.4.1.1 The internal audit detected substantial number of violations of KYC/ AML
instructions by the branches. However, these violations were not truly getting
captured in the branch rating system as more than 96% of branches had
'satisfactory' rating even though instances of violations of KYC / AML
instructions were found in these branches.
1.4.1.2 Most of the action points emanating from internal audit reports were closed
without delays. However, similar types of observations surfaced in
subsequent audit reports such as non-adherence to KYC/AML guidelines,
non-monitoring of large cash transactions, compliance needing improvement,
lack of supervisory review etc. This indicated room for improvement in the
quality of compliance by the auditee units and closure of reports by the internal
audit.
1.4.1.3 The bank has started to provide direction of branch risk rating based on the
movement of the final score compared to the previous audit score. The system
lacked granularity since the direction of risk would change only if the score
moved either way by 3 or more points without giving any importance to critical
parameters such as adherence to KYC etc. The bank may consider to
introduce more granularity in the determination of direction of risk by zeroing
on a few critical risk parameters.

Confidential Page 8 of 32
 1.4.2 Review of Internal Audit Function
1.4.2.1 During 2014-15, the internal audit department planned 6000 audit
assignments and the target was achieved barring one. There were 409 people
including 340 core auditors in the internal audit department. Considering 4014
branches with pan India presence, the resources of the internal audit
department appeared to have stretched compared to the number of audit
assignments undertaken.
1.4.2.2 A large number of newly opened current accounts recorded huge high value
transfers of funds through RTGS as well as fund transfers within the bank
followed by high value advance remittances against imports. Transactions in
most of the newly opened current accounts had no correlation with the
business profile and declared annual turnover of the entities. The audit did not
inform such sudden spurts in transactions in newly opened current accounts
to Board/Board level committee for guidance and directions.

2. Credit Risk - Aggregate Score: 2.251

Assessment and Major observations
2.1 Inherent Risk Score: 2.321
2.1.1 Default Risk
2.1.1.1 The credit portfolio of the bank increased by 20.3% (y-o-y) as at end March
2015 substantially higher than 9.7% credit growth recorded at the system
level. Increase in retail credit largely contributed to the incremental credit. The
default risk as reflected by the gross and net NPA ratios (0.93% and 0.26%)
appeared low. However, if NPAs written off during the year was taken into
consideration, the gross NPA ratio would move to 1.43%. Total NPAs written
off during 2014-15 increased by 24.9% compared to last financial year and
formed 42.65% of total reductions of NPAs, up from 37.35% a year ago
reflecting an uptick in default risk. During 2014-15, fresh accretion to NPAs
amounted to 47901.20 million compared to 46217.90 million in the last
year.
2.1.1.2 The probability of default in retail credit revealed higher level of stress in two
wheeler loans, business loans, construction equipment loans, used car loans,
agricultural loans, and credit cards. During 2014-15, the slippage ratios in
agriculture (2.47%), small services sector (2.49%), other retail (1.84%) and

Confidential Page 9 of 32
 personal loans (1.80%) were significantly more than the overall gross NPA
ratio of the bank.
2.1.1.3 The rating transition matrix showed downward migration of rated wholesale
borrowers perched in HDB 4 to 6 rating grades indicating strain on borrowers’
financials. The average rating wise distribution of the portfolio observed a
downward trend during 2014-15 with maximum concentration in HDB 5 rating
grade and an increase of exposure in HDB 6 to 8 rating grades. In fact,
internal rating grades HDB 6 to 8 accounted for 18.73% of total outstanding
rated wholesale borrowers as at end March 2015 as compared to 15.73%
previous year.
Further, the accounts labelled as “X” (bank’s internal watch category loans
where there is evidence of weakness) amounted to 3430 mn as compared
to 2705.55 mn a year ago indicating rise, albeit gentle, of incipient risk in the
loan portfolio.
2.1.1.4 Asset quality has shown some deterioration from April 2015 to September
2015. Gross NPAs have increased by 11% from 34383 mn as on March 31,
2015 to 38277 mn as on September 30, 2015. The fresh accretions have
been highest in Agriculture and Retail (and within Retail - Vehicle loans). The
credit portfolio has grown by 14.5% during the same period.
2.1.2 Recovery Risk
More than one third of the bank’s exposure especially retail portfolio was
unsecured which heightened the recovery risk in the event of defaults. The
recovery rate from the point of default in respect of personal loans and credit
card receivables, which accounted for major portion of unsecured retail loans,
was estimated at 34% and 59% respectively reflecting the extent of recovery
risk embedded in the products. As regards auto loans, where the vehicles
were hypothecated to the bank, the one year recovery rate from the point of
default, stood at 62%. The share of financial collaterals in total exposure
constituted a small portion which also enhanced the recovery risk due to
possible erosion in values of collaterals.

Confidential Page 10 of 32
 2.2 Control Gaps Score: 2.088
2.2.1 Policy Environment
2.2.1.1 The bank had six overseas offices – three branches and three representative
offices as at end March 2015. Total overseas exposure (advances and
investments) constituted 8.55% of bank’s global advances and investments,
up from 8.44% a year ago. The bank did not have an internal framework for
assessment of country risk and followed the country risk grading of ECGC
and international rating agencies (Moody’s and S&P). The bank did not factor
indirect exposure for country risk assessment.
2.2.2 Risk Identification & Assessment
2.2.2.1 The CRILC information and SMA-2 data were not incorporated in the standard
formats for Credit Approval Memorandum (CAM) appraisal / review and
renewal. Besides, information on deviations from the credit policy and
adherence to single borrower / group borrower exposure limits were not
incorporated in the CAM.
2.2.2.2 The bank did not factor asset type concentration such as collateral, unsecured
loans, unrated loans, off balance sheet exposure etc. in its concentration
measurement. Concentrations arising due to second order effects such as
borrowers dependent on few suppliers or specific industries for sale etc was
also not factored in the analysis.
2.2.2.3 The bank had built an industry co-relation matrix based on movements of daily
stock prices of the largest companies in each industry. Based on the
computed 'r' value, the bank concluded exposure to correlated industries as
not significant. However, the correlation matrix was not realistically
constructed since it was not ensured that the pairs of industries were really
correlated or not as each industry was compared with the others in the group.
The bank should identify groups of industries which are correlated and
attempt to construct the correlation matrix based on its actual exposures to
these industries.
2.2.2.4 The NPA identification for Investments was not automated. The bank has
sought two years’ time for the automation as it was evaluating implementation
of a new treasury system. With regard to implementation of the new treasury
system, the bank may provide a PERT chart showing definite timeline for
completing each milestone.

Confidential Page 11 of 32
 2.2.3 Controls
2.2.3.1 During 2014-15, the bank participated in 27 cases where Joint Lenders Forum
(JLF) were set up consequent upon reporting of the borrowers as SMA-2 to
CRILC by one of the concerned banks. However, the bank did not build any
organized information / database of cases under JLFs. Consequently, the
bank was not able to monitor progress of the JLF cases especially adherence
to timeliness for formation of JLFs, finalisation of corrective action plans
(CAPs), implementation of CAPs, etc.
2.2.3.2 There were 3.03 million customers maintaining current accounts with the bank
as on March 31, 2015. Out of these, 90.63% customers were not having any
borrower relationship with the bank. It was also observed that 179,725
customers were maintaining more than one current accounts with the bank
out of which 65.43% did not have any borrower relationship with the bank.
The bank had a policy on opening current account for entities which provided
for obtaining NOC from other banks based on entities declaration. In several
cases, neither the bank obtained NOC from the other bank, where the entities
declared that they did not enjoy credit facility from any other bank but
deposited initial amount with cheque drawn on current account maintained
with other bank nor referred to the CRILC database for due diligence.
2.2.4 Monitoring & Review
2.2.4.1 The Credit Policy and Procedures listed an array of restricted financing such
as term loans greater than 500 mn and tenor more than 7 years, Solar and
wind energy related activities, production distribution of films, cinema
theatres, venture capital etc. where exposure could be taken only with the
approval of the designated credit approving authorities. Aggregate exposure
to the restricted areas of financing stood at 118174.15 mn (majority in term
loans greater than 500 mn and tenor more than 7 years) as at end March
2015, constituting 3.23% of advances. Exposure to restricted line of financing
was judgmental and not linked to any special minimum rating requirement
other than the normal hurdle rating requirement. There was no policy of
placing a periodic review of the restricted areas of financing to the Board or
sub-committee of the Board.
2.2.4.2 The Relationship Managers (RMs) acted as the focal point both in pre and
post credit supervision mechanism. The RMs were required to submit a
quarterly call report covering performance of the concerned borrowers, key
Confidential Page 12 of 32
 developments etc. There was no fixed format of call report though the Credit
Policy & Procedures indicated broad coverage of the report. Monitoring of end
use of funds was the responsibility of the RMs. However, the call reports
generally did not dwell on end use of funds. There was high attrition rate of
RMs. During 2014-15, 175 RMs or 16.80% of total number of RMs as at end
March 2015 resigned from the bank. Such high attrition rate of RMs posed
risk in carrying out effective pre and post credit supervision.
2.2.5 Reporting
The Board approved retail product programme permitted discretionary
powers to senior management to deviate from the credit policy and make
minor / major changes in the product programme. During 2014-15, designated
authorities approved 1,40,209 deviations totaling 64764.50 mn and of
which, exceptions approved by Level 4/5 approvers (major deviations) were
7603 cases involving 20358.80 mn. Granular reports / reviews on each
product including deviations were put up to the CRO. However, the Board
was not apprised on the general trend of deviations or even the major
deviations approved at the senior management level.

3. Market Risk -Aggregate Score: 1.710

Assessment and Major observations
3.1 Inherent Risk Score: 1.732
3.1.1 Banking Book
3.1.1.1 As per the Traditional Gap Analysis, the average impact on earnings upto 1

year during FY 2014-15 for a 200 bps shock in the interest rates was ` 17,910

mn which was 32% of the average quarterly Net Interest Income of the bank.
The bank had a positive gap (RSA >RSL) upto 1 year horizon primarily
because of 50% of the deposits bucketed beyond 1 year (due to CASA core
at around 88%) while only around 20% of the advances were bucketed
beyond 1 year. Also, the fresh capital raising of around 100,000 mn in
February, 2015 which is non-sensitive but deployed in short term assets
further widened the gap.
3.1.1.2 There were large amount of premature withdrawal of deposits (around 39%
for non-institutional and 37% for all customer deposits) during the year. As per
the bank analysis for premature withdrawal of deposits for a 200 bps upward

Confidential Page 13 of 32
 shock in interest rates, the impact on NII would have been 6,610 mn
assuming that the customer would opt for premature withdrawal and
rebooking at higher rate if he gains at least 1% (for retail) and 0.50% (for
wholesale).
3.2 Control Gap Score: 1.659
3.2.1 Policy Environment
3.2.1.1 Value at Risk (VaR) was the main risk measure used by the bank to control
market risk. The bank changed the methodology to calculate VaR from using
510 days historical simulation to 260 days historical simulation which resulted
in significant changes in the VaR generated by the model as well as VaR limits
set by the bank for the trading portfolio. However, the bank did not provide
justification/rationale to the Board nor highlight this significant change in the
revised Market Risk Policy.
3.2.1.2 The rate scan breaches were required to be ratified by Treasurer or his front
office designates. The validation of justification by Mid Office/Market Risk was
not documented. As per the Rate Scan policy, the ratification from Treasurer
was required to be taken on quarterly basis and not on immediate basis. Also,
the policy did not detail the methodology to arrive at the rate scan ranges and
Day 1 P&L factors in terms of the historic data used, VaR calculations etc.
3.2.2 Risk Identification & Assessment
The illiquidity adjustment was carried out based on adjustment to mid-market
price, close out cost, early termination, investing and funding costs, future
administrative costs, model risk and Incurred CVA. The portfolios considered
for the valuation adjustment were Investments (excluding accrual positions),
Forex positions and derivative positions. The spreads considered for
adjustment to mid-market price and close out costs were based on inputs from
Front Office and there was no validation of the same by Market Risk for certain
products such as derivatives citing lack of information. For instance, the mid-
market and close out spreads for inherently illiquid instruments such as
Corporate Bonds were 5 bps & 3/7 bps, PTCs were 10bps & 15bps etc.
Government securities were largely considered completely liquid with mid-
market spread at 1 bps and close out spread at 0. SDL also had mid-market
spread and close out spread as 3 bps. These spreads were taken as interest
rate shocks applied on PV01 of the individual positions and not as %
adjustment to the market price. For example, the percentage adjustment to
Confidential Page 14 of 32
 Market Price for the Corporate Bonds portfolio was 0.14% which was less as
compared to RBI draft guidelines for Treatment of Illiquid Positions which
envisaged a valuation adjustment of 3-12% of pre adjustment valuation in
case of instruments traded in other than active markets. Similar variations
would arise for other instruments too such as G-sec, PTCs, Forex Positions
etc.
3.2.3 Controls
Certain part of Investment Valuation was not automated viz Corporate Bonds,
Overseas Investments etc. Also, the compilation of category wise P&L and
provisioning for the financial reporting was done manually.

4. Liquidity Risk - Aggregate Score: 1.883

Assessment and Major observations
4.1 Inherent Risk Score: 1.961
4.1.1 Structural Liquidity
There were undrawn fund based commitments at around 27% of total fund
based commitments which may potentially impact liquidity to some extent.
The undrawn commitments included Credit Card ( 660,710 mn), Wholesale
commitments ( 459,130 mn), and Retail commitments ( 100,750 mn).
4.1.2 Market Liquidity
There was significant illiquidity in the Investment portfolio with total illiquid
investments at 459,140 mn i.e. 28% of total investments. This was primarily
due to investments in Commercial Paper ( 178,220 mn), Deposits with
SIDBI, NHB, NABARD ( 148,180 mn), Certificate of Deposits ( 56,030 mn),
PTCs ( 23,950 mn), Strategic equity investments and investments in

subsidiaries (`28,000mn) etc.

4.2 Control Gap Score: 1.702

4.2.1 Policy Environment
In the Base Rate computation, the bank was not taking into account the CASA
deposits to calculate the cost of funds which were a significant part of the
bank's deposits (around 40-45% on average). Only the marginal cost of term
deposits in 5 buckets with maximum concentration along with Repo were
being taken to calculate the Cost of Funds component in the Base Rate

Confidential Page 15 of 32
 computation. The cost of servicing CASA was also not included in the un-
allocable costs. As per the RBI guidelines and illustrative calculations, the
Base Rate computation is to be done by taking all deployable deposits into
consideration.
4.2.2 Controls
4.2.2.1 The Liquidity Coverage Ratio (LCR) computation was being done by Finance
department taking inputs from various departments/verticals like BIU, Mid
Office, and Back Office etc. and using various assumptions such as treatment
of Operational deposits, relationship based deposits etc. for slotting the Cash
Inflows and outflows into different buckets. There was no approved process
note documenting these roles and responsibilities of different departments in
providing the data in specific formats for LCR computation, nor the
assumptions used in the calculation documented and approved by the ALCO
or a Board level committee.
4.2.2.2 The assumptions used by the bank for internal Liquidity stress testing were in
wide variance to RBI prescribed assumptions. The haircut assumptions used
by the bank in internal stress testing scenarios were significantly lesser as
compared to RBI prescribed haircuts while the run-off assumptions were
stricter than RBI prescribed run-offs.

5. Operational (Non- IT) Risk - Aggregate Score: 2.619

Assessment and Major observations
5.1 Inherent Risk Score: 2.516
5.1.1 People Risk
People risk emanated from high dependency on outsourced/contract
employees and a very high staff attrition rate (32.75%). Significantly high
attrition rate among staff posted in critical areas such as Treasury (17.7%)
and Risk Management (17.84%) further, exacerbated people risk in the bank.
There were a large number of complaints against outsourced employees/
service providers. Complaints against outsourced services assumed
significance from reputational risk angle as the bank had outsourced activities
to around 9430 agencies including loan sourcing (document collection)
(2774), sourcing of business (2530), collection services (1180), cash handling
(698), and direct sales agents (509). Due to alleged irregularities in advance

Confidential Page 16 of 32
 remittances against imports of USD 1 lakh and below and subsequent arrest
of an employee of the bank further enhanced people risk of the bank.
5.1.2 Process Risk
(i)The large number of KYC / AML exceptions detected (32134 cases) by the
bank reflected noticeable non-adherence to laid down KYC/AML processes
by the line people. (ii) There were 2124 instances (which included 29 of
Bahrain and 22 of Hong Kong) of treasury deals that were modified/cancelled
during the period due to errors which included those that had been ratified by
the higher authorities, added to the process risk of the bank.
5.1.3 External Risk
(i)External risk manifested through 2334 frauds committed by non-customers
amounting to 152 million. (ii) Rise in consumer court cases (1792) filed
against the bank by the customers for customer service related matters posed
a significant external risk to bank’s reputation. (iii) External risk also
manifested through 43 incidents causing damages to bank’s physical assets
which included 17 fire incidents, 6 burglary attempts, 5 ATM robberies
attempts, and 3 attempts of thefts.
5.1.4 Compliance Risk
During 2014-15, RBI imposed one penalty and issued one caution advice.
Besides, the FIU-IND imposed a penalty of 2.6 million for violation of AML
instructions following the cobrapost revelations. The bank had filed an appeal
against the FIU-IND award and the appeal was pending as on date.
5.2 Control Gap Score: 2.859
5.2.1 Policy Environment
The total number of customer complaints (165947) received during 2014-15
showed a 37% reduction compared to last fiscal. Through an internal
communication to all branches/regions in September 2007, users were
advised to segregate customer complaints and customer queries and
accordingly log the same in the CRM (Customer Redressal Mechanism). This
was included in a Board Note in January 2008, however, the Board approved
customer grievance redressal policy and customer complaint processing note
did not define the term ‘customer complaints’. Both the documents especially
complaint processing note used the term ‘query’ and ‘complaints’
interchangeably. This bank’s website for lodging online complaint was titled

Confidential Page 17 of 32
 as ‘query’. The term query and customer complaints were used
interchangeably in the Board approved customer grievance redressal policy
and customer complaint processing note. However, customer references had
to be logged separately either as a complaint or a query in the system. During
2014-15 total no of queries logged in to the CRM system stood at 369383. A
perusal of 11993 sample queries revealed that they were in nature of
complaints. There was no system to cross verify to ensure whether the query
logged was a query or a complaint in nature.

5.2.2 Risk Identification and Assessment

5.2.2.1 The bank had opened 14.83 lakh deposit accounts (BSBD) and mobilised an
amount of 4296 mn under Pradhan Mantri Jandhan Yojana (PMJDY) since
August 2014. It was observed that there were 11,237 accounts with balances
of more than 50,000/- and credit summations in 350 accounts ranged
between 10 million to 633 million. Substantial number, and amount, of
cash transactions were observed in majority of the accounts. Cash
transactions in round amounts were also observed in many accounts. The
large scale cash transactions in the accounts, low risk categorisation, and
huge credit summations indicated that the bank had not exercised due
diligence in monitoring transactions in the accounts opened under PMJDY.
All the accounts were categorised as ‘low’ risk except for the accounts (six
accounts) where STRs were subsequently filed.

5.2.2.2 Out of 19.26 lakh accounts which were due for re-KYC as on March 31, 2014,
re-KYC exercise was yet to be completed for 12.43 lakh accounts i.e. 64.50%
as at end October, 2015. In large number of accounts opened during 2014-
15, the balances and amounts of transactions had surpassed all possible
thresholds for the category/transaction/income range/annual turnover
declared in the account opening forms. The risk categorisation status of these
accounts was still shown as low or medium which would lead to incorrect re-
KYC dates. Delays were observed in updation of risk categorization of
accounts in the core system from the AML tracking system (SAS). A sample
of 184 Politically Exposed Persons’ accounts, 246 Trust accounts and 3071
Jeweller accounts showed that the risk categorisation were marked as ‘low’
risk in the core system at the time of account opening while a large number
of such accounts were having no risk categorisation in the system. When a

Confidential Page 18 of 32
 STR was filed, the risk categorisation in the Core system was made ‘high’ but
the same did not get reflected in the SAS AML system resulting in mismatch
in risk categorisation between the Core and the SAS. The risk categorisation
in SAS was updated once in six months, and hence the mismatch between
SAS and Core would continue in the interregnum. Meanwhile the enhanced
due diligence required for monitoring transactions of such accounts where
STRs had been filed were managed in SAS with manual markings. This could
have impacted the efficacy of transaction monitoring and exposed the bank
to operational risk including reputation risk.

5.2.2.3 Out of fresh accounts opened during 2014-15, excluding accounts opened
under PMJDY/BSBD/no frill accounts, 12060 current accounts and 159803
saving deposit accounts were not updated with PAN number or Form 60/61
in the core system for retail (Flexcube) column for PAN number/Form 60 was
kept blank in the core system (UBS) for wholesale banking in respect of 69
corporate accounts, 4 marketing accounts and 24 trust accounts.

5.2.2.4 The bank had implemented 22 AML/CFT alert scenarios in the SAS system
as suggested by IBA in October 2014. The SAS system was used only to
monitor retail and wholesale transaction data. The monitoring of credit card
transactions was done under a separate software AML Alert System which
was developed in-house. The AML Alert System was not integrated with the
SAS system. The total number of daily AML alerts generated by the system
was around 2500 constituting 0.04% of the total number of transactions
monitored through the system. Out of this, only 1.3% of the alerts were taken
up for detailed investigation. During April 2014-December 2014, advance
remittances against imports for less than and equal to 1 lakh USD from the
AD category branch in Delhi recorded a quantum jump. During January 15-
June 15, RTGS credits from the bank to Ashok Vihar branch of Bank of
Baroda increased substantially. Transactions originated mostly from newly
opened current accounts which had no correlation with the business profile
and declared annual turnover of the entities. In several cases, the current
accounts were closed within a short period of time. However, either the bank
did not file STRs or filed STRs after considerable delay reflecting problems

Confidential Page 19 of 32
 with transaction monitoring or alert generation or alert examination or
combination of all these factors.

The alert generation and monitoring of transactions needed improvement as

it had not captured several suspicious transactions related to fictitious offers,
ponzi type of activities etc. STRs were filed in respect of most of these
accounts after the bank had received complaints.

5.2.2.5 Delays ranging from 10 days up to 70 days were observed in filing STRs (38
cases) to FIU-IND from the dates when the bank (Principal Officer approval
dates) decided that the transactions were of suspicious nature. There was no
system to cross check whether STR has been filed for the alerts which have
been approved by the Principal Officer.

5.2.3 Controls

5.2.3.1 As on March 31, 2015 97.4% of 4014 branches had “Satisfactory” risk rating
followed by 2.3% “Adequate” and 0.3% branches were risk rated as
“Unsatisfactory”. One of the main reasons for categorization of branches as
“Unsatisfactory” were non-adherence of KYC verification and AML monitoring
procedures. A perusal of risk rating of branches for the quarter ended
December 2014 placed before the ACC showed that 12 branches were rated
as “Satisfactory” despite observed violations of KYC/AML instructions.
Branch rating scoring model requires review.

During 2014-15 a spurt was observed in Advance imp remittances as well as

RTGS credits in several branches in Delhi. As explained in detail in para
5.2.2.4 above a perusal of Audit Rating of the branches in Delhi showed that
96% of total branches including branches from where the spurt were noticed
had been rated satisfactory.

Confidential Page 20 of 32
 5.2.3.2 As at end March 2015, the bank had 295646 inoperative accounts with
balance of 11268 million. As a follow up measure, the bank was sending
sms and emails to the inoperative account holders and tele-calling, contact
point verification in respect of dormant accounts. The bank had transferred
944 million in respect of unclaimed deposit accounts to the DEAF account on
March 2015 as per extant instructions. The bank had claimed 23.1 million
as refunds from the DEAF, most of which were within the next three months
(including one claim on the immediate next day) after transferring the amounts
to the Fund.

5.2.4 Monitoring and Review

5.2.4.1 (i) There was no list of officers’ satisfying ‘fit and proper’ criteria for posting in
sensitive areas. No database was prepared for officers/staff identified for
having aptitude for fraud investigations, data analysis, forensic analysis etc.
as instructed vide RBI guidelines on fraud risk management. (ii) There were
only five staff members posted to handle frauds, vigilance and whistle blower
cases for the entire bank.
5.2.4.2 (i) As evident from the number of customer complaints (205 complaints on
staff attitudinal problems) received against employees as also through whistle
blower complaints on use of foul/abusive language by Branch
Managers/Circle Heads with staff at branches, it appeared that the coverage
of training towards behavioural aspects needed improvement.(ii) The bank
had a system of obtaining feedback from the supervisors of the trainees after
a gap of 45 to 60 days from the date of completion of the training of the
employee. Out of 8493 employees trained during 2014-15, feedback in
respect of 8074 employees was not obtained from their supervisors to
ascertain the effectiveness of training.
5.2.4.3 During 2014-15, charges levied for non-maintenance of average minimum
balances formed 5% ( 4487 mn) of the total non-interest income of the bank
during 2014-15. It was observed that during 2014-15, the account balances
were reaching the next slab automatically on account of recovery of such
charges. Further, on application of penal charges for the subsequent slabs,
the balances were reaching zero. There were customer complaints for not
being informed about debit of such charges and also non-receipt of welcome
kit which informed about such charges linked to the account. There were few

Confidential Page 21 of 32
 complaints where the customers had received messages for their account
balance turning into negative because of not maintaining minimum balance.
The bank had made amendments to the penal charges levied on non-
maintenance of average minimum balance in proportion to the shortfall
observed in savings bank account in terms of RBI circular dated November
20, 2014 with effect from April 1, 2015.
5.2.4.4 The bank had a system of sending certain value added sms messages (insta
alert) viz. debit or credit in the account beyond thresholds, weekly balance
alerts, utility payment due alerts, etc. The customers had to specifically opt
for receiving such insta alert messages at the time of account opening. There
were customer complaints related to levying of charges for sending insta alert
messages by the bank.
5.2.4.5 During 2014-15, the bank received 11300 complaints related to cash not
dispensed/less cash dispensed from customers who had used bank’s own
ATMs. Perusal of such complaints showed that 293 (2.6%) of the complaints
were closed beyond the prescribed turnaround time (TAT) of 7 days with
delays up to 88 days.
5.2.4.6 Customer complaints revealed that they had been charged towards premium
for payment of insurance policies of HDFC Ergo, HDFC Life without their
consent. The bank reversed the charges only after receipt of such complaints.
5.2.5 Reporting

5.2.5.1 Fraud cases detected during the year had increased by 183% from 836 cases
amounting 168 mn as on March 31, 2014 to 2371 amounting 219 mn
cases as on March 31, 2015. Of these, 2265 fraud cases (95.53% of total
number of frauds) amounting 71 million (32% of the total amount of frauds)
related to skimming of credit and debit cards. The annual review of frauds
placed before the Board stated that bulk of the frauds were related to card
skimming cases over which the bank had little or no control.
5.2.5.2 During 2014-15, 218 fraud cases of 1 lakh and above were detected which
were to be reported to RBI. It was observed that 9 cases were reported to RBI
with delays ranging from 13 days to 99 days.

Confidential Page 22 of 32
6. Operational (IT) Risk - Aggregate Score: 2.331
Assessment and Major observations
6.1 Inherent Risk Score: 2.573
6.1.1 IT Operational Risk
6.1.1.1 Operational (IT) risk in the bank was accentuated during 2014-15 as
evidenced by the high unscheduled downtime in CBS for 1356 minutes with
longest single CBS downtime of 250 minutes. Out of total CBS downtime,
391 minutes including the longest downtime of 130 minutes occurred during
normal business hours. The top three applications contributing to the total
CBS downtime were UBS-FCR (554 minutes), NCB-FC (308 minutes) and
Vision Plus (235 minutes). The total unscheduled/ unplanned downtime
when the bank’s internet banking services were down aggregated to 497
minutes with a single longest downtime of 402 minutes.
6.1.1.2 There were 13 critical products/ subsidiary IT systems where straight
through processing, were not established.
6.1.1.3 During 2014-15, there were 86 incidents of phishing (net banking, third party
transfer plus electronic payment interface) which exposed the banks’
customers to financial loss.
6.2 Control Gap Score: 1.766
6.2.1 Controls
6.2.1.1 The bank had high dependence on Information Technology (IT) for its
operations. The IT environment comprised of several information systems to
support critical business processes for internal as well as external
customers. The bank used several technology enabled delivery channels
and mobile banking services. The bank had 197 IT applications as at end of
March 31, 2015 out of which 29 applications were critical applications.
Although the bank had automated most of its applications, usage of
spreadsheets in certain critical areas such as valuation of corporate bonds,
overseas investments, NPI identification in investment, flagging of
secondary NPAs in other core system, etc. were observed. Integrity and
confidentiality of data could be impacted due to such manual interventions.
6.2.1.2 There were two points pending for implementation in respect of the
recommendations of the Working group on Information Technology; 1)
Implementation of data dictionary in IT Governance Chapter for which the

Confidential Page 23 of 32
 bank had written a letter to DBR on May 21, 2013, reply was awaited as on
date, 2) Implementation of 2-factor authentication in Information Security
Chapter - for which the target date for implementation was December 31,
2015.
6.2.1.3 The permission letter/Memo given to the vendors for conduct of the
Vulnerability Assessment and Penetration Testing (VAPT) did not include
the clauses as per Sections 43 and 66 of Information Technology Act
regarding penalty and compensation for damage to computer systems and
punishment for sending offensive messages through the banks
communication services etc.

7. Other Pillar II Risks - Aggregate Score: 1.911

Assessment and Major observations
7.1 Inherent Risk Score: 2.004
7.1.1 Reputation Risk
7.1.1.1 There was some potential risk to reputation of the bank due to increasing
number of customer litigations (1792 new customer litigations during the year
as compared to 1672 in the previous year), imposition of penalty by FIU
stating that there was a failure in bank’s internal mechanism for detecting and
reporting suspicious transactions in 26 cases reported by Cobrapost, and
complaints on levying of charges on value added services.
7.1.1.2 There was adverse media coverage in the light of the recent alleged
irregularities in various account of the bank (large amount of advance
remittances against imports of less than and equal to 1 lakh USD without BOE
and RTGS transfers to accounts under investigation) and also arrest of an
employee of the bank for alleged involvement in the same. This affected the
reputation of the bank.
7.1.2 Residual Risk
There was some risk emanating from foreign currency exposure as around
1701 mn of foreign currency guarantees were invoked during the period which
was 23% of the total foreign currency guarantees extended by the bank.
7.2 Control Gap Score: 1.693
7.2.1 Risk Identification & Assessment
7.2.1.1 The bank has assessed the level and direction of technology risk based on
weighted score of three parameters viz. information technology (60%),

Confidential Page 24 of 32
 information security (25%) and business continuity (15%). Using the
methodology, the technology risk has been assessed as ‘low’ and direction
as ‘stable’. The risk level of each indicator under the respective parameter has
been assessed as ‘low’ ‘medium’ and ‘high’ based on quantified thresholds. It
is observed that very high thresholds have been used for risk assessment of
various indicators under the information technology risk parameter. For
example, unscheduled single longest period of CBS downtime for <=360
minutes, total unscheduled period of CBS downtime during a quarter for
<=842 minutes, unscheduled single longest period of internet banking
downtime for <=360 minutes, and total unscheduled period of internet banking
downtime during a period for <=1314 minutes have been considered as ‘low’
risk events. As regards information security parameter, number of phishing
incidents (net banking EPI) have shown an increasing trend and was
assessed as ‘medium’ risk during December 2014 and March 2015 quarters.
Number of data leakage incidents was in the ‘medium’ risk zone in December
2014 quarter. However, the level of information security risk has been
assessed as ‘low’. Considering the bank’s big push to digital banking for
business expansion and customer retention, the thresholds and weights set
for risk assessment of various indicators under technology risk and
information security risk need to be revisited on account of potential
operational risks including reputation risk involved in digital banking.
7.2.1.2 In the stress testing for Credit Risk and subsequent impact on Capital
Adequacy, the bank had considered only incremental stress in the credit
portfolio i.e. additional stress over and above the future normal
deterioration/stress/losses in the outstanding portfolio. For instance, in the
wholesale credit portfolio, the bank considered a stressed transition matrix to
arrive at the percentages of rating deterioration in times of stress which it
compared with the normal transition matrix and the additional deterioration
over and above the normal deterioration was taken to calculate the
incremental defaults and additional RWAs. The bank assumed that the capital
held at any point in time already captured the normal transition or
deterioration. However, there was no comparison or validation done between
the capital impact on account of taking the entire stress and only incremental
stress to determine whether the existing Pillar 1 capital was adequate to cover
the normal stress. In the retail portfolio, the bank used its own historic data to

Confidential Page 25 of 32
 arrive at the peak loss ratios and normal loss ratios and applied the
incremental shocks only on the current outstanding portfolio again assuming
that the normal loss ratios are already captured by the capital already held.
Since, the Pillar 1 RWAs and capital calculations are based on standard Basel
template and not linked to bank specific past experience of losses, it was not
certain that considering only the incremental stress would give the correct
assessment of Capital Adequacy under different stress scenarios.

Confidential Page 26 of 32
Part II: MAJOR AREAS OF FINANCIAL DIVERGENCE
1. Divergences (shortfall) in provisioning : Nil
2. Divergence in Risk Weighted Assets (RWAs) : Nil
3. Divergence in Capital instruments : Nil

Part III: ASSESSMENT OF CAPITAL AND EARNINGS

1. Pillar I Capital & CRAR
The summary of reported and assessed capital position of the bank as on March 31,
2015 is given below. Details are in Annex4.
Basel III Capital under Basel III (In mn)

Particulars Reported Assessed Divergence Reasons for

divergence
Total capital (TC) 709,662 709,662 -

Common Equity Tier 577,220 577,220 -

1 (CET1)capital
Tier 1(T1) capital 577,220 577,220 -

Tier 2 (T2) capital 132,442 132,442 -

Basel III CRAR under Basel III (Figures in %)

Particulars Reported Assessed Divergence Reasons for

divergence$
Total capital (TC) 16.79% 16.79% -

Common Equity Tier 13.66% 13.66% -

1 (CET1)capital
Tier 1(T1) capital 13.66% 13.66% -

Tier 2 (T2) capital 3.13% 3.13% -

2. Capital Management, ICR, ICAAP and Stress Tests

(a) Bank’s Capital Planning and Business Projections

2.1 Capital planning in the Internal Capital Adequacy Assessment Process (ICAAP) was
conducted over a three year horizon. The bank assessed itself to be moderately complex
in respect to the Principle of Proportionality for the ICAAP. For the period 2016-2018, the
bank had modified its minimum capital levels to align with the phase-in of the Basel III
capital framework and taken into account consequent phasing out of ineligible capital
instruments.

Confidential Page 27 of 32
2.2 The bank’s standalone total advances were projected to increase by 23.2%, 24.5%,
and 25% between March 31, 2016 and March 31, 2018 and growth in investments was
projected at 14%, 14.4% and 14% in the same period. Total deposits of the bank were
projected to grow by 21.3%, 22.1% and 22.7% between March 31, 2016 and March 31,
2018. The bank’s standalone RWAs were projected to increase by 21.9%, 22% and
20.7% during the period 2016-2018. The business strategy for the next 3 years was
presented to and approved by the Board of members via Board meeting held on 27th
August 2015. There was no rationale provided for the financial projections. For instance,
while the advances, deposits, profits, reserves and surplus were all projected to show an
increasing growth rate, the RWAs were projected to have a decreasing growth rate for
2016-18.

2.3 Capital of the bank at solo level was projected to increase by 13.24% to 803,656

mn during 2015-16 on account of increase in reserve and surplus by ` 94,818 mn and

ESOP allotment of 11,000 mn. The addition to capital during 2016-17 and 2017-18 had
been projected mainly on account of the internal generation of capital and ESOP
allotment of 11,000 mn each during 2016-17 and 2017-18. The reserves and surplus
of the bank was projected to increase by 15.43%, 16.63%, and 17.92% during March,
2016 to March, 2018 due to projected growth in profit by 20.38%, 24.41% and
25.66%.The stand alone CRAR was projected at 15.6%, 15.17% and 15.17% for the
same period.

(b) Assessment of Pillar I & II Capital and Internal Capital Ratio

The bank followed Standardised Approach for Credit Risk, Standardised Duration
Approach for Market Risk and Basic Indicator Approach for Operational Risk. The bank
had adequate capital in terms of the regulatory capital standards. The reported
standalone CRAR and core CRAR were 16.79% (PY: 16.07%) and 13.66% (PY: 11.77%)
and consolidated CRAR and core CRAR for the group (Bank considered its two
subsidiaries HDFC Securities Limited and HDB Financial Services Ltd as part of group)
were 16.80% (PY: 16.00%) and 13.67% (PY: 11.72%) as on March 31, 2015. The
standalone total Pillar I capital charge as on March 31, 2015 was 380403 mn. Under
Pillar 2, 79045 mn was allocated to stressed capital charge on account of credit and
market risk and 19499 mn was assigned to other quantified risks viz., liquidity risk, credit
concentration risk, business risk and unhedged foreign currency exposure risk. No
additional capital was allocated in respect of IRRBB risk. For non-quantified material
risks, viz. Strategic Risk, Reputation Risk, Residual Credit Risk from Securitization,
Confidential Page 28 of 32
Residual Credit Risk from Collections, Technology Risk, Intra-day Risk, Group Risk,
Compliance Risk etc., no additional capital was set aside. There was a monitoring
framework in place to monitor these risks and there was a capital buffer of 230716 mn
after accounting for Pillar 1 and Pillar 2 capital charges.

2.6 Internal Capital Ratio:

Bank had put in a minimum total internal capital threshold of 9.83%, 10.95% and 11.98%
as on March 31, 2016, March 31, 2017 and March 31, 2018 respectively considering
phase in of capital conservation buffer, countercyclical buffer and DSIB buffer. The
standalone CRAR was projected at 15.6%, 15.17% and 15.17% for the same period.
(c) ICAAP
The ICAAP was reviewed and endorsed by the Risk Policy & Monitoring Committee and
approved by the Board before submission to Reserve Bank of India. The ICAAP was also
validated by the Internal Audit Department of the bank. However, no external validation
was carried out.
The quarterly review of the ICAAP by the ICAAP Review Committee (IRC) acting as a
forum focused assessment of the identified material risks by bank enabled the
management of the bank to have a view of the level and outlook of the risks, benchmark
the level of risk with the appetite as well as the comfort of the adequacy of capital held to
meet the risks. The bank had put in a framework for internal allocation of capital to the
various businesses and even at a borrower level in the case of wholesale banking,
however for its retail businesses the framework was in nascent stage.
(d) Stress Testing
The scenarios considered by the bank in its stress test framework were Global recession,
political uncertainty, adverse monsoon, Euro zone debt crisis, Subprime and excessive
INR appreciation/depreciation. The results from these stress tests carried out at a
consolidated level, as on March 2015, indicated that under the worst scenario, the capital
adequacy ratio would drop by 235 bps to 14.45% from the base capital adequacy of
16.80%.

3. Assessment of Internal Generation of Capital

The total income of the bank was 574663 mn in 2014-15 of which 84.3 % was
contributed by interest income. The income from stable sources was 96% of the total
income. The balance sheet of the bank increased by 20.1% (PY: 22.8%) during 2014-15
on the strength of growth in deposit by 22.7% and advance growth of 20.6%. The banks
market share in deposits had increased to 4.9% (PY: 4.4%) and market share in
advances increased to 5.0% (PY 4.7%). The net interest margin remained stable at 4.4%
Confidential Page 29 of 32
for the year ended March 31, 2015 and March 31, 2014. The pre-tax ROA of the bank
marginally increased to 3.03% during 2014-15 from 3.02 % during the previous period.
The reported Gross NPA and Net NPA has decreased from last year to 0.93% (0.98%)
and 0.25% (0.27%) respectively as on March 31, 2015.

The dividend payout ratio of the bank was 23.62%, 22.68% and 22.77% for the year
2014-15, 2013-14 and 2012-13. There was no large variation in actual and budgeted
earnings and profit. The actual income and profit were 100% and 98% of budgeted
income and profit during 2014-15. Total provision and contingency including provision for
tax increased by 22.2%, wherein provision for tax increased by 19.1% and provision for
standard assets increased by 33.9%.

4. Scope & ability to infuse capital

The bank had good reputation and market standing and had adequate ability to raise
fresh capital as and when required. HDFC Bank stock price has grown at a CAGR of
23% as compared to CAGR of 16% for Bankex over the past 5 years. The stock has
traded at an average P/E multiple of 25.83 and average P/B of 4.25 over the last 5 years
which were the highest in the industry. The volatility observed in the stock price
movement has been amongst the least in the industry. Also, the HDFC Bank ADR listed
on New York Stock Exchange has grown at CAGR of 15% over the past 5 years.

The ability of the bank to raise fresh capital was evidenced as the bank on February 10,
2015, concluded a Qualified Institutions Placement (QIP) of 1,87,44,142 equity shares at
a price of 1,067 per equity share aggregating 2,000 crore and an American
Depository Receipt (ADR) offering of 2,20,00,000 ADRs (representing 6,60,00,000 equity
shares) at a price of USD 57.76 per ADR, aggregating USD 1,271 million. Pursuant to
these issuances, the Bank allotted 8,47,44,142 additional equity shares. Accordingly,
share capital increased by 16.95 crore and share premium increased by 9,705.84
crore, net of share issue expenses of 151.03 crore. Hence, the bank could raise around
10,000 crore of fresh capital from the market by issuing shares at prevailing market
price.

5. Assessment of Leverage Ratio

The leverage ratio had improved to 8.49% (PY: 6.52%) and was well above the minimum
requirement of 4.5%.

Confidential Page 30 of 32
 PART IV: MAJOR AREAS OF NON-COMPLIANCE (REGULATORY GUIDELINES)
Regulation Reference (Para & Area / Subject Nature & Description of Non-
Circular no.) of Non- Compliance
Compliance
Master Circular System driven The NPA identification for
Para 2 of NPA Investments was not automated.
DBOD.No.BP.BC.9/21.04.048/2 identification
014-15 dated July 01, 2014
Master Circular on Income
Recognition and Asset
Classification and Provisioning
pertaining to Advances
Master Circular Para II of Priority Sector The bank did not achieve the
RPCD.CO.Plan.BC.10/04.09.01 Targets and priority sector sub-targets under
/2014-15 dated July 1, 2014 Classification direct agriculture and weaker
Master Circular-Priority Sector sections
Lending-Targets and
Classification
Master Circular Para 2.26 of Interest Rate on There were many outstanding
DBOD.No.DIR.BC Deposits less term deposits less than 1 crore
15/13.03.00/2014-15 dated July than 1 crore with differential rate of interest for
01, 2014 same value date and maturity
Master Circular on Interest Rate date which was in violation of RBI
on Rupee Deposits held in guidelines on interest rate on
Domestic, Ordinary Non- deposits. The differential rates
Resident (NRO) and Non- were observed in many customer
Resident (External) (NRE) categories such as Senior
Accounts Citizens, Individuals, Corporate
etc. For example, in many
instances, Senior Citizens were
not offered the higher interest
rate applicable for them and are
given the normal rate applicable
for individuals.
Master Circular para 2.4 (j) KYC/AML related Out of 19.26 lakh accounts which
DBOD.AML.BC.No.22/14.01.00 issues were due for re-KYC as on March
1/2014-15 dated July 01, 2014 31, 2014, re-KYC exercise was
on Know Your Customer (KYC) yet to be completed for 12.43
Norms / Anti-Money Laundering lakh accounts i.e. 64.50% as at
(AML) Standards / Combating of end October 2015.
Financing of Terrorism (CFT) /

Confidential Page 31 of 32
 Regulation Reference (Para & Area / Subject Nature & Description of Non-
Circular no.) of Non- Compliance
Compliance
Obligation of banks under
PMLA, 2002.
Master Circular para 2.13 of KYC/AML issues Delays ranging from 10 days up
DBOD.AML.BC.No.22/14.01.00 to 70 days were observed in filing
1/2014-15 dated July 01, 2014 STRs (38 cases) to FIU-IND from
on Know Your Customer (KYC) the dates when the bank
Norms / Anti-Money Laundering (Principal Officer approval dates)
(AML) Standards / Combating of decided that the transactions
Financing of Terrorism (CFT) / were of suspicious nature.
Obligation of banks under
PMLA, 2002 and
Para 2 of DBOD.AML.BC. NO.
124/14/01/001/2013-14 dated
June 26, 2014
Master Circular para 3.1.4 of Reporting of There was delay in reporting of
DBS.CO.CFMC.BC.No. Frauds frauds to RBI for 9 cases ranging
1/23.04.001/2014-15 dated July from 13 days to 99 days
01, 2014
Master Circular on Frauds –
Classification and Reporting

****

Confidential Page 32 of 32