DBS. CO.FrMC.BC.No. 10/23.04.001/2010-11
May 31, 2011
The Chairmen & Chief Executive Officers of
All Scheduled Commercial Banks (excluding RRBs) and
All India Select Financial Institutions
Findings of Forensic Scrutiny- Guidelines for prevention of frauds
In the recent past, we had conducted forensic scrutinies at certain identified banks due to occurrence of large value frauds or sharp increase in number of frauds at such banks. The scrutinies were undertaken to primarily identify the policy gaps, if any, and adequacy of controls. During the scrutinies, systemic factors were also sought to be identified.
2. Based on the findings of the scrutinies, further study has been made across banks to ascertain the policy and operating framework in place for detection, reporting and monitoring of frauds as also the surveillance/ oversight process in operation so as to prevent the perpetration of frauds. The study has shown that while the banks do have certain policies and processes in this regard, they are not well structured and systematic to ensure proper focus on typical fraud events. Besides, there is lack of consistency in treatment of such transactions having characteristics of fraud as also in their reporting to the “Competent Authority”. The banks are, therefore, advised to suitably modify their policy and streamline the operating framework in the matter keeping in view certain indicative guidelines set out below :
3. The reported frauds show recurrence or rising trend in the following areas :-
The above list is only illustrative and not exhaustive.
The banks need to introduce closer monitoring and tighter controls in the above areas, as also in other such areas where there is typically certain degree of concentration of occurrence. In this connection, select list of circulars issued by RBI in the past in respect of frauds in the above areas is enclosed as Annex.
4. The operating framework for tracking frauds and dealing with them should be structured along the following three tracks:
(i) Detection and reporting of frauds
(ii) Corrective action and
(iii) Preventive and punitive action
Detection and reporting : The banks should have a set of prescribed procedures and criteria with which the events or transactions having serious irregularities are analysed and assessed to establish occurrence of fraud.
For this purpose, the banks may define a ‘fraud’ based on the guidelines issued by RBI. While doing so, they may clearly demarcate/ distinguish the occurrence of an event on account of negligence ‘in conduct of duty’ from ‘collusion’ by the bank staff (with the borrowers and with an intention to cheat the bank). Further, care may be exercised while dealing with instances of ‘willful default’. In this connection, a willful default would be deemed to have occurred if any of the following events is noted:
(a) The unit has defaulted in meeting its payment / repayment obligations to the lender even when it has the capacity to honour the said obligations.
(b) The unit has defaulted in meeting its payment / repayment obligations tothe lender and has not utilised the finance from the lender for the specific purposes for which finance was availed of but has diverted the funds for other purposes.
(c) The unit has defaulted in meeting its payment / repayment obligations to the lender and has siphoned off the funds so that the funds have not been utilised for the specific purpose for which finance was availed of, nor are the funds available with the unit in the form of other assets.
(d) The unit has defaulted in meeting its payment / repayment obligations to the lender and has also disposed off or removed the movable fixed assets or immovable property given by him or it for the purpose of securing a term loan without the knowledge of the bank / lender.
Further, the banks may also examine the ‘intent’ to defraud, irrespective of whether or not actual loss takes place. Keeping these key factors in mind, any action taken in collusion to derive undue/ unjust benefit or advantage should be termed as fraud.
Following such a protocol of identification, once a fraud is detected, a report must be prepared and submitted to the “Competent Authority”. As a part of their overall policy and operating framework, the banks should identify and designate the Competent Authority to whom such reports should be submitted. The fraud report should be a diagnostic assessment, clearly bringing out the causes of the fraud and identify whether the fraud occurred due to ‘system failure’ or ‘human failure’.
Corrective Action : An important corrective step in a fraud is recovery of the amount siphoned off through the fraud. Often, during course of investigation and enquiry into the events/ transactions, the need to track the flow of defrauded amount does not get due priority or the exercise undertaken in that direction does not lead to material results. This may be primarily attributable to the following : –
A structured scrutiny/ examination of events or transactions would lead to quick conclusion whether a fraud has occurred and the bank’s funds have been siphoned off. Therefore, this exercise is the first critical step towards corrective action in the sense that it would lead to expeditious filing of police complaints, blocking/ freezing of accounts and salvaging funds from the blocked/ frozen accounts in due course. Besides, once a set of transactions is explicitly identified as fraudulent, the mandate for seizing and taking possession of related documents, issuance of suspension order/ order to proceed on leave to identified/ suspected employees would be easier thereby preventing them from destroying/ manipulating evidences or obstruction of investigations. In this connection, attention is invited to our circular DBS.CO. FrMC.BC.No. 7/23.04.001/2009-10 dated September 16, 2009 wherein it has been advised that they should provide singular focus on the “Fraud Prevention and Management Function” to enable among others, effective investigation in fraud cases and prompt as well as accurate reporting of fraud cases to appropriate regulatory and law enforcement agencies.
Preventive and Punitive Action : As per the diagnostic analysis, preventive action as deemed necessary to address the ‘system failure’ and/ or punitive action as prescribed internally for ‘human failure’ should be initiated immediately and completed expeditiously.
Generally, in the current system driven environment in banks, wherever transactions occur in breach of/ overriding “Controls”, they get reflected in the “end of day exception report”. Accordingly, all such exception reports should be perused by the designated officials and a post facto authorization for the transactions accorded. However, it has been observed in certain cases that the process often does not get duly implemented reflecting the poor internal control mechanisms. Therefore, banks should ensure that they bring in the needed refinement in this process and also specify the levels/ authority to whom the exception reports will be invariably submitted and the manner in which the authority will deal with the exception reports. The entire gamut of the manner in which the exception reports are generated, transactions contained in the reports are examined/ scrutinised, and the reports submitted to higher authorities for necessary authorizations for breaches should be periodically subjected to review and oversight by the bank’s management/ Board of Directors.
5. In addition to the above, banks should immediately take steps to put in place following controls and disincentives in their HR processes and internal inspection/ audit processes as part of their fraud risk management framework :
1. For key and sensitive posts such as those in dealing rooms, treasury, relationship managers for high value customers, heads of specialized branches, etc. the banks should select only such officers who satisfy the “Fit and Proper” criteria. For the purpose, the banks should draw up a list of critical as well as sensitive positions or areas of operation and evolve well defined “Fit and Proper” criteria for applying them to determine the suitability of the staff/ officers to those posts/ areas of operations. The appropriateness of such postings should be subjected to periodical review.
2. The banks should immediately put in place “staff rotation” policy and policy for “mandatory leave” for staff. The internal auditors as also the concurrent auditors must be specifically required to examine the implementation of these policies and point out instances of breaches irrespective of apparent justifications for non-compliance, if any. The decisions taken / transactions effected by officers and staff not rotated/ availing leave as per policy should be subjected to comprehensive examination by the internal auditors/ inspectors including concurrent auditors. The findings thereon should be documented in a separate section of the audit/ inspection reports.
3. The banks should build up a database of officers/ staff identified as those having aptitude for investigation, data analysis, forensic analysis, etc. and expose them to appropriate training in investigations and forensic audit. For investigation of frauds, only such officers/ staff should be deployed through the “fraud investigation unit/ outfit”.
6. Please acknowledge receipt.
Chief General Manager
|April 29,2011||DBS.CO.ITC.BC.No.6/31.02.008/2010-11||Working Group on Information Security, Electronic Banking, Technology Risk management and Cyber Frauds|
|April 05, 2011||DBS.FrMC.BC.No.14119/23.04.001/2010-11||Fraud in Retail Loans-Sanction of Bulk proposals|
|January 11, 2010||DBS.CO.FrMC.No 9331/23.04.001/2009-10||Factors/Loopholes responsible for occurrence of cyber crime and suggestions to plug them|
|April 01,2010||DBS.CO.FrMC.13442/23.02.012/2009-10||Attempted fraud-Fabricated” Funds Release Order” purportedly issued by RBI|
|September 16, 2009||DBS.CO.FrMC.BC.No.7/23.04.001/2009-10||Fraud Risk management System in banks-Role of Chariman/Chief Executive Officers|
|June 05, 2009||DBS.CO.FrMC.BC.No.7/23.04.001/2008-09||Closure of fraud cases-relaxation in the existing norms|
|June 24, 2009||DBS.CO.FrMC.Bc.No.8 /23.04.001/2008-09||Frauds in borrowal accounts having multiple banking arrangements|
|March 16,2009||DBS.CO.FrMC.Bc.No.3/23.08.001/2008-09||Circulation of the names of third parties involved in frauds|