As businesses grow in size, scale, and complexity in a buoyant economy, certain known and unknown interconnected risks from incidental activities could exacerbate risks for regulated entities (REs). Contagion risks from other business activities could affect core banking businesses. Transfers of risk from other business activities may go unnoticed, escaping scrutiny and the risk-mitigation lens. 

For example, banks’ asset size has grown at a CAGR of 11-12 percent over the past five years. The data further indicate a “nearly tripling” of deposits/credit over 2015–25, implying an increase in the volume of business and its associated risks. At the same time, RBI and KPMG noted that the total balance sheet size of NBFCs grew by 13–15% between FY23 and FY25. As businesses grow, the customer base increases, and risks from other incidental business activities may rise, often disproportionately. 

Over the last decade, the range of financial services has diversified as interoperable technology has enabled extensive digital outreach and deepened financial markets. As a result, the traditional Core Banking Activities (CBAs) and Non-Core Activities (NCAs) began to integrate into the banking business, creating growth opportunities and posing add-on risks.  

Among others, the CBAs broadly include deposit mobilization, the collection and remittance of funds, borrowing and lending, handling bills, issuing guarantees and letters of credit, foreign exchange management as authorized dealers, safe custody, safe deposit vaults, and any other activities permitted under section 6(1) of the Banking Regulation Act 1949. 

NCAs of banks are specialized and include selling mutual fund products, insurance, pension funds, portfolio management services, investment advisory, stock broking/trading, credit cards, factoring, leasing, and any other activity permitted by the RBI from time to time. While tools are emerging to assess the risks of CBAs, adequate tools to measure the risks of NCAs and scale up their mitigation strategies have not yet been developed. This could lead to unknown risks that could pose systemic risks. 

Moreover, as competition intensified, the risk of a reduction in net interest margin (NIM) prompted banks to aggressively pursue NCAs to offset and supplement revenue and profitability, while exploring their distribution networks. In the process, NCAs began to receive priority due to the immense cross-selling opportunities and, in some cases, even incentive offers. 

Given the attractiveness, some employees are specializing in wealth management as a distinct profession and aggressively cross-selling products, which may be undermining the risks that NCAs could pose to the distributing entity. 

The proportionality of CBAs and NCAs within banks’ business mix, and the associated risks, should be reviewed to enhance and align the rigor of risk management systems to address them. 

Given the rising risks associated with NCAs, the RBI insists that CBAs remain with the bank for depositor safety, while risks from NCAs are ring-fenced in subsidiaries to prevent contagion. 

Accordingly, in December 2025, the RBI directed banks to mandate the ring-fencing of NCAs and to prescribe stricter governance and exposure limits to better manage its risks, many of which are difficult to discern. 

Banks are now required to segregate CBAs from riskier NCAs to prevent contagion and balance risks, ensuring risk-adjusted growth and financial stability. Banks must submit detailed ring-fencing plans to the RBI by 31 March 2026, along with a specific board policy justifying any group entity engaging in bank-permissible business (e.g., lending); otherwise, such activity is prohibited. 

The ringfencing plans should clearly outline structural segregation, corporate structure, data protocols, and inter-entity contracts to complete the ringfencing of CBAs from NCAs spill-over risks by March 31, 2028. 

The 24-month transition period should be used for restructuring and business process reengineering to align the risk profiles of CBAs and NCAs, ensuring that bank customers remain protected from risks rising. 

Going beyond compliance by providing policies and execution plans, banks should use this opportunity to separate risks originating from NCAs and identify ways to maintain risk proportionality and implement effective mitigation strategies. 

Critical thinking should be applied to suggest separate risk appetite statements for CBAs and NCAs and to disseminate them to the first line of defense in risk management, which originates risks. 

Generating data by mapping NCAs’ transactions to corresponding granular data on non-interest income will help design dashboards to measure, monitor, and mitigate risks.  

Under the Basic Indicator Approach (BIA) of Basel II/III, the capital charge for operational risk is set at 15% of the average positive annual gross income over the previous three years.  

An internal policy debate could arise if the portion of fee income from NCAs were to attract, say, a higher internal prudential norm of 18 Percent as a ring-fence against any elevated risks from NCAs that go unnoticed. 

It may be important to treat income from NCAs differently to assign the appropriate risk factor, ensuring the first line of defence is sensitive to the provision of these services at the unit level. 

If the purpose of ring-fencing is to be realized in letter and spirit, the risk management policy of NCAs must be articulated separately, and systemic controls calibrated on a realistic basis, with a forward view. 

The most important step in ring-fencing CBAs from NCAs is to embed appropriate data-mapping and measurement systems to assess risks, allocate capital aligned with risks, and integrate mitigation strategies. 

In the process, the performance management system must be redesigned to account for NCAs’ contributions while protecting the interests of those involved in CBAs. The proportionality of the incentive and reward systems also needs to be ring-fenced against potential bias. 

Recently, the RBI issued guidelines for banks, effective July 1, 2026, to prevent the mis-selling of non-core products to customers during core banking operations. These guidelines will further ring-fence banks’ core businesses from the risks of non-core businesses, where both are tagged. Banks should avoid thrusting non-core business targets onto the core business. Companies whose products are sold should not pass on direct incentives to the bank staff who sell them. 

END OF ARTICLE