Fraud in the Citibank's Gurgaon branch amounting to Rs 316 crore or more may remain a mystery. It may offer interesting lessons for the regulators as it has happened in a bank awarded for excellence in almost every sphere of banking activity, including best Internet banking and brand equity.

It was reported that the relations manager had got a forged circular in the name of the Securities and Exchange Board of India (SEBI) which claimed that the high return scheme was available only at Citibank's Gurgaon branch. He managed to open 18 fraudulent accounts and succeeded in swindling the investors' money . The top notch bank is expected to have robust computerised information system, enterprise risk management, application of BASEL norms. The foreign-listed bank is regulated by Sarbanes Oxley Act of 2002 in the US and its Indian counterpart is required to comply with the corresponding SEBI Clause 49 Listing Agreement. The bank is regulated by SEBI and the Reserve Bank of India (RBI) and is to be inspected and audited by senior management, internal audit and I-T audit teams, accredited information system auditors as well as external statutory auditors.

One of the objectives of SOX and Clause 49 compliance is to build adequate internal controls by testing, validating and overseeing their effectiveness to help the organisation prevent occurrence of fraud and material misstatements in the financial statements. It may be possible that controls may be there to prevent misstatements of financial statements, but controls restricting user access to sensitive functions, information and data and segregation of duties may be lacking.

OCCUPATIONAL FRAUD

The Association of Certified Fraud Examiners (ACFE), after conducting a global study based on 1843 frauds from 106 countries, estimates that a typical organisation loses 5 per cent of its annual revenue to fraud in its 2010 “Report to the Nations on occupational fraud and abuse”. The association worked out that the potential total fraud loss to the estimated Gross World Product in 2009 would be more than $2.9 trillion, giving the global perspective of the viral epidemic of occupational fraud.

Occupational fraud is committed by the employees of the organisation by misusing one's position for misappropriating its resources and assets. Basically, occupational frauds fall into three broad categories.

The first category is corruption that manifests in manipulation of purchase and sales, involving bribery, kickbacks, bid-rigging, illegal gratuities and economic extortion. The second type is cash or non-cash asset misappropriation. Cash misappropriation can be larceny, skimming and fraudulent disbursements. Non-cash misuse includes asset requisitions and transfers, false sales and shipping, purchasing and receiving. The third group is falsification of financial statements, exhibiting asset and liability overstatements,under-statements; revenue and expenditure understatements or overstatements; and manoeuvring of non-financial statements such as employment credentials, internal documents and external documents.

Most critical factor in any entity is the tone at the top – a zero tolerance to fraud by the top management by creating a control environment and style of leadership; and the way the organisation is run strictly adhering to integrity and honesty. It is important for any entity to have a well laid-out anti-fraud policy, formal code of ethics and code of conduct in place, known to all employees and administered in the organisation.

Inadequacy of internal controls and laxity in the existing control environment which permits overriding the existing controls lead to majority of frauds. The entity may not have positioned effective, competent personnel with inevitable oversight responsibilities. There should be employees support programmes, specific fraud training for the staff and executives, job rotation, mandatory vacation and employee-support programmes

(The author is a Director General, CAG Office)

Related Topics
comment COMMENT NOW