Over the past weeks, the nation has been shocked by the PNB fraud, not only the way it was perpetrated, massive amounts involved (1.8 billion USD) but also the years (since 2011) over which it remained undetected. The fraud has done severe damage to the credibility of the banking system in the country and shaken the confidence of the public.
At a time when banking system is struggling with problem of ballooning non-performing assets, this fraud may raise a big question mark on success of Government efforts to recapitalise Public sector banks by infusing massive amount of Rs`2.11 lakh crore.
Questions arising from fraud
1. Could the fraud had been prevented or detected early?
2. Can it happen again and how vulnerable is the banking system?
The answer to the first question is yes. Banks are subject to multi-layers of checks, balances, and supervision (internal, external and regulatory) which should normally at least ensure early detection and limitation of damages. As reported, post-heist at the Central Bank of Bangladesh in February 16, involving the transfer of huge funds (81 million USD) by hackers through Swift system, RBI has issued in August 2016, an advisory to banks to ensure that its computer systems are properly integrated with Swift which is a global platform for transmitting payment instructions between banks.
It appears that the matter was not taken up with required seriousness and speed and turned out to be a major instrument of this mammoth fraud.
RBI had also advised daily manual reconciliation process of SWIFT messages with internal records till the time such integrations are completed. PNB could have detected the fraud earlier, if it had acted on RBI advice and limited the damage (as per reports even discovery a year early would have lowered the fraud amount by 800 million USD).
Currently, we do not have knowledge of steps taken by other banks after advisory was issued by RBI. As per follow up circular issued in RBI in November 2016, all banks were required to complete the reconciliation process by February 28, 2017 and report back by March 31(status of compliance the same and actions taken is not known).Hence, it is tough to assess the extent of vulnerability of the whole banking system and whether there are other such frauds lying undetected or amounts discovered so far by PNB represents the complete amounts.
This brings us to the answer to the second question also. Banking systems may be prone to such and other types of frauds if the underlying reasons for the fraud including inadequate risk management framework, weak credit assessment and recovery follow up practices, failure of internal controls and multiple oversight/supervisory mechanism are not addressed on the war footing. Two frauds (Rotomac and Delhi based Jeweller) subsequently coming to notice of public have only raised discomfort level on this account.
Probable factors contributing to the fraud
Based on information available from press reports, (within the overarching factors of inadequate risk management framework etc as mentioned above) absence/non-adherence of following controls, either individually or in combination, were some of contributing factors:
Need for Fraud Risk Assessment study
Above reasons indicate inadequate risk management framework and assessment of fraud risks (and its potential impact on the bank) in the critical processes. In my view, to avoid recurrence of such frauds, RBI should strengthen overall risk, Governance and oversight mechanisms. Also, PNB must on war footing basis revisit current risk assessment framework with specific focus on a comprehensive fraud risk assessment study by hiring experts in the field.
The scope of this study would broadly include:
The study would recommend:
The Expert agency should also
a) bench mark its recommendations to international best practices
b) carry out implementation review of its recommendations after an agreed period over and above regular internal monitoring to be done by internal teams consisting of senior management and checks by internal/concurrent auditors.
In my view, RBI should make such studies mandatory to every bank, financial institutions, systematically important NBFCs which are rapidly growing in size as a proactive measure to prevent and detect frauds.
Now that fraud had already occurred all that can be done is to:
Going forward, the experiences from this incident should act as a wakeup call and used as an opportunity to reform the banking system to tighten Governance structure, risk management processes, internal controls and supervisory/oversight mechanisms to avoid recurrences.
RBI has already constituted an expert panel to explore factors leading to rising incidence of frauds in the banking system and recommend measures needed to curb and prevent it. One can hope that recommendations made by the Committee are implemented in time( many recommendations of past committees are still pending implementation) to avoid future shocks and helps in restoring the public’s confidence in the banking system which is most critical for the nation.