The document titled “Bank Branch Frauds – Reference Guide for Statutory Auditors” is a professional reference prepared for statutory, concurrent, and internal auditors of bank branches. It is based on the RBI Master Direction on Fraud Risk Management, the ICAI Guidance Note on Audit of Banks (2022), and Standard on Auditing (SA) 240 relating to the auditor’s responsibility for fraud detection. It outlines different types of bank frauds, their modus operandi, red flags, regulatory references, and audit procedures, along with reporting obligations for auditors.
Legal and Regulatory Framework
The document explains that under the RBI framework, fraud is defined as a deliberate act of omission or commission during a banking transaction or within bank records that results in wrongful gain to any person, with or without loss to the bank. Fraud cases must be reported to the Reserve Bank of India under prescribed reporting formats such as FMR-1 (new fraud cases), FMR-2 (progress reports), FMR-3 (recovery reports), and FMR-4 (frauds involving ₹1 crore or more). Frauds of ₹1 lakh and above must be reported to RBI, while cases involving ₹5 crore or more may require reporting to investigative agencies such as the CBI. Reporting timelines generally require notification within three weeks of detection, and within seven days for large-value frauds above ₹1 crore.
The guide also identifies several legal provisions applicable to bank frauds, including provisions of the Indian Penal Code relating to cheating, forgery, criminal breach of trust, and falsification of accounts, as well as provisions under the Prevention of Money Laundering Act, Negotiable Instruments Act, Information Technology Act, and the Banking Regulation Act.
RBI Fraud Classification
Frauds are categorised by RBI into multiple types such as misappropriation, manipulation of accounts, unauthorized credit facilities, cash shortages, cheating and forgery, foreign exchange frauds, negligence-related shortages, and computer or cyber frauds. These categories provide a structured basis for classification and reporting of fraud cases by banks and auditors.
Credit and Advances Frauds
The guide identifies credit and advances frauds as the most significant category affecting bank branches. Common examples include kite flying or accommodation bills, diversion of loan funds to unrelated entities, inflated stock or receivable statements to increase drawing power, forged financial statements submitted to banks, and property valuation frauds used to secure larger loans. Additional frauds include multiple financing using the same collateral, fictitious borrowers created through fabricated identity documents, evergreening of loans to avoid NPA classification, manipulation of project finance costs, and deliberate concealment of NPAs through artificial entries.
LC, BG, and Guarantee Frauds
Frauds involving trade finance instruments include fake letters of credit issued for non-existent transactions, counterfeit bank guarantees issued outside the core banking system, fraudulent bill discounting where goods were never delivered, and misappropriation of cash margins collected for letters of credit or guarantees. These frauds often involve collusion between insiders and external parties.
Property and Security Frauds
Fraudulent use of collateral is another common risk area. Examples include forged property title deeds used to obtain loans, failure to register charges with CERSAI allowing multiple pledging of the same property, vehicle or machinery hypothecation fraud where assets are sold despite being pledged, and gold loan fraud involving spurious or adulterated gold pledged as security.
Deposit and Liability-Side Frauds
Frauds on the liability side include unauthorized opening of accounts using forged KYC documents, manipulation of fixed deposit records, misappropriation from deceased account holders, misuse of dormant accounts, and encashment of unclaimed deposits using forged signatures. The document also notes cases where deposit interest rates are manipulated to provide off-book benefits to selected customers.
Employee and Insider Frauds
The guide highlights several frauds committed by bank staff. These include cashier misappropriation of deposits, currency chest shortages, ATM cash discrepancies, manipulation of accounting vouchers, payroll fraud involving ghost employees, and misuse of suspense or sundry accounts to conceal unauthorized transactions. Insider frauds may also involve manipulation of the core banking system, such as back-dating entries to avoid NPA classification, bypassing maker-checker controls, modifying loan data in CBS systems, sharing passwords with outsiders, or facilitating phishing attacks.
Payment Instrument Frauds
Frauds involving payment instruments include cheque forgery or alteration, forged drawer signatures, stolen cheque books used for unauthorized withdrawals, fraudulent demand drafts or pay orders, and fraudulent RTGS or NEFT transfer instructions submitted through spoofed communications. Another example is cheque kiting, where funds are artificially inflated through circular cheque deposits across banks.
Foreign Exchange and Trade Finance Frauds
The guide identifies several trade-related frauds such as export over-invoicing for hawala transactions, import under-invoicing with excess remittance abroad, round-tripping of funds through foreign investment structures, misuse of packing credit against fake export orders, and unauthorized SWIFT messages used to transfer funds abroad without proper authorization.
Cyber and Digital Banking Frauds
Cyber-related frauds include internet banking account takeover through phishing or SIM swap attacks, ATM card skimming, QR code or UPI frauds, ransomware attacks on banking systems, malware affecting core banking or SWIFT systems, and business email compromise leading to fraudulent payment instructions.
KYC, AML, and Money Laundering Risks
The document highlights misuse of banking channels for money laundering activities. Examples include money mule accounts used to route fraud proceeds, structuring of deposits below reporting thresholds, shell company accounts used to layer funds, trade-based money laundering through manipulated trade invoices, hawala transactions routed through bank accounts, and opening accounts using fake PAN or Aadhaar details.
Other Fraud Categories
Additional fraud risks include Ponzi schemes linked to bank accounts, mis-selling of third-party financial products, parallel systems of unauthorized fixed deposits maintained outside CBS records, procurement fraud through fake vendor invoices, theft of secure stationery, and misappropriation of branch assets. Fraud can also occur in agricultural and government-scheme lending, such as Kisan Credit Card fraud, interest subvention claims on non-eligible loans, misuse of government subsidy schemes, and siphoning of direct benefit transfer funds.
Audit Procedures and Reporting Obligations
The guide outlines audit procedures to detect fraud, including recomputation of interest income, reconciliation of NPA movements, scrutiny of dormant account activations, review of suspense accounts and journal vouchers, analysis of CBS login logs, verification of vendor payments, and payroll audits to detect ghost employees. If an auditor detects a fraud that has not been reported by bank management, the auditor must independently report it to the RBI within 30 days under the RBI fraud reporting framework. Fraud find
Author Bio
