CA Naresh Kumar Kataria

Over the past weeks, the nation has been shocked by the PNB fraud, not only the way it was perpetrated, massive amounts involved (1.8 billion USD) but also the years (since 2011) over which it remained undetected. The fraud has done severe damage to the credibility of the banking system in the country and shaken the confidence of the public.

At a time when banking system is struggling with problem of ballooning non-performing assets, this fraud may raise a big question mark on success of Government efforts to recapitalise Public sector banks by infusing massive amount of Rs`2.11 lakh crore.

Questions arising from fraud

1. Could the fraud had been prevented or detected early?

2. Can it happen again and how vulnerable is the banking system?

The answer to the first question is yes. Banks are subject to multi-layers of checks, balances, and supervision (internal, external and regulatory) which should normally at least ensure early detection and limitation of damages. As reported, post-heist at the Central Bank of Bangladesh in February 16, involving the transfer of huge funds (81 million USD) by hackers through Swift system, RBI has issued in August 2016, an advisory to banks to ensure that its computer systems are properly integrated with Swift which is a global platform for transmitting payment instructions between banks.

It appears that the matter was not taken up with required seriousness and speed and turned out to be a major instrument of this mammoth fraud.

RBI had also advised daily manual reconciliation process of SWIFT messages with internal records till the time such integrations are completed. PNB could have detected the fraud earlier, if it had acted on RBI advice and limited the damage (as per reports even discovery a year early would have lowered the fraud amount by 800 million USD).

Currently, we do not have knowledge of steps taken by other banks after advisory was issued by RBI. As per follow up circular issued in RBI in November 2016, all banks were required to complete the reconciliation process by February 28, 2017 and report back by March 31(status of compliance the same and actions taken is not known).Hence, it is tough to assess the extent of vulnerability of the whole banking system and whether there are other such frauds lying undetected or amounts discovered so far by PNB represents the complete amounts.

This brings us to the answer to the second question also. Banking systems may be prone to such and other types of frauds if the underlying reasons for the fraud including inadequate risk management framework, weak credit assessment and recovery follow up practices, failure of internal controls and multiple oversight/supervisory mechanism are not addressed on the war footing. Two frauds (Rotomac and Delhi based Jeweller) subsequently coming to notice of public have only raised discomfort level on this account.

Probable factors contributing to the fraud

Based on information available from press reports, (within the overarching factors of inadequate risk management framework etc as mentioned above) absence/non-adherence of following controls, either individually or in combination, were some of contributing factors:

  • Lack of integration and reconciliation of transactions through SWIFT system with Core Banking Software
  • Non-rotation of employees in core functions as required by the policy
  • Connivance of these officials with borrowers
  • Unauthorised sharing of passwords (RBI follow up circular of November 2016 warned banks of risk of misuse of Swift users IDs due to existence high numbers)
  • Lack of segregation of duties/standard maker checker procedure not followed
  • LOUs issued without sanctioned credit limits many of these beyond prescribed period of 90 days
  • Issuance of LOUs without insisting on any margins/security
  • No linkage or reconciliation of LOUs issued with the end transactions and underlying documents for movement of goods
  • Inadequacy in Inter-branch/banks (overseas particularly) reconciliations and confirmation process
  • Non-confirmation by overseas lending banks/branches with LOUs issuing branch of the genuineness of LOUs particularly when abnormally large amounts were involved
  • Not obtaining balance confirmations of period end balances of loans given by overseas lending banks against LOUs issued by Indian branch of PNB
  • Inadequate or absence of review, monitoring and reconciliation of Nostro accounts

Need for Fraud Risk Assessment study

Above reasons indicate inadequate risk management framework and assessment of fraud risks (and its potential impact on the bank) in the critical processes. In my view, to avoid recurrence of such frauds, RBI should strengthen overall risk, Governance and oversight mechanisms. Also, PNB must on war footing basis revisit current risk assessment framework with specific focus on a comprehensive fraud risk assessment study by hiring experts in the field.

The scope of this study would broadly include:

  • Review of all critical system and processes at the bank and existing controls (including IT)
  • Identify potential fraud risks to which each process is exposed (including cyberthreats)
  • Whether there are adequate systems and controls to address the identified risks and are the same are being followed

The study would recommend:

  • System, controls and processes to plug the gaps
  • Areas of technology upgradation to improve efficiency of processes, monitoring of controls, prevention and early detection of frauds
  • Regular review, monitoring and oversight mechanisms (both external and internal) and prompt reporting thereof
  • Fraud incident management/response system
  • Disclosures to regulators (RBI, SEBI etc), Board of Directors, Audit Committee and other stake holders including timing, manner, extent etc.
  • Regular updating of systems to address issues based on experience of any fraud noticed
  • Staff training mechanism to create awareness and upgradation of skills to effectively use technology and analytics to identify aberrations

The Expert agency should also

a) bench mark its recommendations to international best practices

b) carry out implementation review of its recommendations after an agreed period over and above regular internal monitoring to be done by internal teams consisting of senior management and checks by internal/concurrent auditors.

In my view, RBI should make such studies mandatory to every bank, financial institutions, systematically important NBFCs which are rapidly growing in size as a proactive measure to prevent and detect frauds.

Conclusion

Now that fraud had already occurred all that can be done is to:

  • Ensure that frauds amounts are determined, and no similar frauds are lying unearthed in PNB or other banks. Towards this end, Finance Ministry has already directed all banks to reconcile Swift accounts with core banking software and complete interbank reconciliations with overseas branches of other banks with in stipulated time frame
  • Take rigorous efforts to recover the amounts involved and punish the guilty

Going forward, the experiences from this incident should act as a wakeup call and used as an opportunity to reform the banking system to tighten Governance structure, risk management processes, internal controls and supervisory/oversight mechanisms to avoid recurrences.

RBI has already constituted an expert panel to explore factors leading to rising incidence of frauds in the banking system and recommend measures needed to curb and prevent it. One can hope that recommendations made by the Committee are implemented in time( many recommendations of past committees are still pending implementation) to avoid future shocks and helps in restoring the public’s confidence in the banking system which is most critical for the nation.

GST Course Join

More Under Fema / RBI

Posted Under

Category : Fema / RBI (3506)
Type : Articles (17611)
Tags : frauds (104)

16 responses to “Some thoughts on PNB Fraud”

  1. Ajay says:

    We should restrict every one’s limit (subject to all guidelines by various govt and any other agencies) for approval a loan.
    01. no approval should be provided to any company or person-when he has taken a loan which is difficult to be get back by govt or else.
    02. All approvals should be online -and stepwise-why loan is being approved.
    03. no relaxation or approval if previous any loan not paid due to any reason.
    04. A passbook on the basis of aadhar card /pan card given to loan taker- and every entry of loan should be furnished there manually by loan giver. then loan provider eligable to take his loan back.

  2. GANDHI MOHAN BHSRSTI says:

    After all, let us face it. Those who sit in Boards or are responsible for sanction and follow up are also responsible. Instead of chasing only the loanee, first freeze the accounts and assets of those who sanctioned loans and let them prove that they inspected the premises and there were genuine losses and no defrauding; then release their assets. This will bring about accountabilty

  3. Umesh says:

    Well written

  4. Shailesh says:

    Was LOU amount shown as Contingent Liability of Branch/Bank Balance Sheet.

  5. Ashish says:

    Well written article Sir. You have raised some very relevant points. The authorities have to focus on restoring the public’s faith in the public banks through long term actions and not just some band-aid solutions

  6. Rajendran Arunachalam says:

    A Well written and lucid article clearly bringing out things that went wrong, actions required to correct situation by PNB, regulator and actions that can be taken by whole banking industry.
    The only doubtful action that we may wait with pessimism to happen based on past track record would be rigorous steps to recover and punish !

  7. naresh k gupta says:

    to best of my knowledge, the transactions are not recorded in books of bank and other precautions suggested are not likely to yield much result and only a chance notice of some transaction might have helped the fraud being detected early except for 3 lapses i mentioned.

    prima facie there appears to gross negligence on the part of senior/ top management on all 3 counts though direct connivance appears remote as it was to be detected sooner or later unless none of LOUs were devolved which appears highly unlikely

  8. naresh k gupta says:

    i feel major lapse is non integration and non rotation of staff and sharing of passwords

    other areas are wisdom in hindsight and are not universal bank practices

  9. Amitabh says:

    All the write-ups on current Banking situation is missing the larger issue which is that Banks operate on the basis of one norm only-The higher up instructs and the instructions are followed-up down the line,,,no one says NO,,and the one who says remains a NO-NO in his entire career…Higher authorities first decide whether a loan is to be done or not…they do the initial SETTING…then only the papers are gathered by the lower-end staff and appraisals and other processes are initiated with a mind-set that it has to be done because such and such Boss has said “KARNA HAI” and come what the loan is done,,,,,clearing or by-passing all the obstacles which may come down the line…This is the scenario under which not only Banks but the entire India operates….

    Now when subsequently something goes wrong…e.g. the loan goes bad…the higher-authorities wash-off their hands saying the loan was not appraised properly by lower staff …and if there is enough hue and cry..the lower-most is made the scapegoat

    The current scams have to be viewed in the light of the above mentioned Indian System of working..and all those who were at the helm of affairs should be taken into CBI remand for interrogation…a lower-end officer cannot take such actions until he was instructed or protected by TOP….the GM(HR) who kept him at one place and the CVO who should have objected to such postings should all be held responsible alongwith the Branch Managers and SWIFT/FOREX incharge at Branch, Zonal Office and Head Office.

  10. Ram says:

    You mean the LCs/LOUs are being honored outright while making the payment.. Still I am not clear about the monetary loss caused to bank. At the time of such honoring banks do due diligence. How can there be a big gap between banks when such safe mode SWIFT is operational..

  11. Ashok Kumar Kanunga says:

    TERM DEPOSIT AND CURRENT ACCOUNTS WITH PNB AT BANGALORE ARE SAFE OR WITHDRAW THE MONEY. AS DUE TO FRAUD N.P.A IS MORE

  12. K V Krishna Rao says:

    The norms for finance should be based on standardised pricing structure and the borrower should at least 40% of the cost. Norms should be fixed/adopted to reduce over invoicing vale of the articles for which finance is being made. If the land is on mortgage, the Govt value should be considered for financing for minimising the losses.

  13. Meena Kataria says:

    Well written

  14. Sunil says:

    Interesting article Naresh

  15. R P Shah says:

    One thing which is not yet clear at least to me is whether PNB booked the income by way of commission for issuing such LOCs and LCs which they claim being issued fraudulently? if they have recognised the income and received also then how they can claim that lim it was not sanctioned?

  16. Gopalakrishna Murthy D says:

    Just want to know whether income/commission/ charges considered under income on this LOUs. Then income and LOUs matched ??

Leave a Reply

Your email address will not be published. Required fields are marked *

Featured Posts