Traditionally, to sanction a loan, banks conduct due diligence on the borrower, verify the relevant documents like KYC and balance sheets, perform pre-sanction inspection, and assess the loan eligibility through different methods.
Finally, the loan is sanctioned by an appropriate authority. All these steps must be followed as per the laid down structure, as approved by the Board of the concerned bank, within regulatory norms.
Over a period of time, banks have transitioned from manual assessment to spreadsheet-based calculations as part of their analysis.
They then came up with Loan Management Systems to manage the entire life cycle of the loan, from application to sanction and disbursement. After disbursement, many banks use Core Banking Solutions to handle the accounting, follow up and recovery.
With the increase in loan numbers both qualitatively and quantitatively, there came a need to deploy more staff to handle these volumes.
While the rules remain the same under a scheme or product, due to the discretion exercised by individuals handling the appraisal of the loan, the results may differ not only on account of knowledge and skills but also due to the inherent bias based on his/her previous experiences. This may create an undesirable loss of business in some cases.
Business Rule Engines
To avoid such situations, banks have started using Business Rule Engines (BRE) recently, aided by Fintechs who are using these BREs on a large scale.
These BREs can be used not only for credit decisions but also for different processes like fraud detection, customer relationship management, and compliance. However, for this article, we have restricted our discussion to loans only.
A Business Rule Engine in the banking area can be defi ned as a software system that defi nes, manages and executes business rules that govern various banking decisions.
As far as banking is concerned, the business rules are often complex and subject to periodic changes due to regulatory guidelines, market conditions and business strategies.
Audit of Loan accounts
For a long time, auditors have been well-versed in conducting audits of loans sanctioned by individuals and credit committees. These audits may include concurrent audits, credit audits, stock audits, etc.
With the changing times, when banks are moving to wards sanctioning loans based on BREs, it is inevitable for the auditors to move in the new direction.
Since their primary role is mainly to ensure proper implementation of the regulatory guidelines by the banks in the sanction, conduct and follow-up of loans, the auditors have to understand the nuances of new requirements and conduct audits in the changed circumstances.
Until now, the key areas of audit have included pre-sanction, assessment, appraisal, sanction, documentation, disbursement and post-sanction follow-up. When the introduction of BRE, some of the activities are no longer handled by human beings.
Then, who will take responsibility in these areas? The system has to be verified for this purpose, whether the parameters have been set properly or not. For all other activities which are not handled by BRE, the existing system of audit will continue.
Compliance
Any loan decision in a bank/FI is subject to strict regulatory checks; as such, the BRE must also comply with laws like AML, CFT guidelines, KYC norms, Fair lending practices code, and Data privacy regulations.
Therefore, the auditor must verify that the BRE incorporates all these guidelines and that the logs reflect compliance with the same. It is always to be ensured that Personally Identifiable Information (PII) is in an encrypted form.
The audit process needs to verify whether the final decision is consistent with both the internal policies and external regulatory guidelines.
It is also to be checked whether the disbursement process is automated or not, or whether it complies with the loan terms, regulatory guidelines and internal financial controls.
Conclusion: Future of BRE Audits
The future of auditing Business Rule Engines in banking will be shaped by technology, regulatory demands, and a stronger focus on transparency.
As BREs become more complex and integrated with AI, blockchain, and real-time monitoring tools, audits will need to be more automated, continuous, and adaptive.
By staying ahead of technological advances and regulatory requirements, auditors can ensure that BREs support not only efficient business decisions, but also remain ethical, fair, and compliant.