A multi-dimensional bank fraud

M Sitarama Murty | Updated on February 22, 2018 Published on February 22, 2018

It is quite baffling how various systems and offices tasked to detect risk have gone steadily dysfunctional at PNB

The PNB scam has jolted the Government, regulators, investigating agencies, financial and stock markets and the banking industry alike. And much like the proverbial eight blind men, everyone has come up with their own interpretations and diagnosis of the multi-dimensional fraud.

The RBI, for one, blames the bank management saying the fraud was born out of operational risk and reflects the way risk management and internal control mechanisms have failed at PNB. One can’t disagree with the central bank on this. Operational risk is the most complex and difficult risk that all entities face, which means to recognise, identify manage and mitigate such problems.

Suffice to put it simply as risk of failure to comply with standard operating systems and procedures. But was the RBI too a victim of operational risk given that foreign exchange transactions are being closely monitored by the Reserve Bank?

Non-compliance occurs out of sheer ignorance or the failure to recognise its importance, or negligence bordering on indifference, or a deliberate act of commission or omission, an act of sabotage or fraud, by individual functionaries. It is very early to conclude whether at every stage these acts of commission or omission facilitated the perpetuation of the crime.

That said, the fact that this went on for seven years in PNB and surfaced not because of any extraordinary act of brilliance but a causal enquiry by one of the operating functionaries in the normal course of business, is baffling.

The board and its committees

Instead of jumping the gun and blaming any individual or team, it is essential to know the ingredients of various stages at which the fraud could have been prevented or detected early. The Board’s main function is to lay down sound policies and frame guidelines for risk management and control functions. Its duty is also to seek and review implementation of the policies and their efficacy in meeting the objectives, in tune with changing business practices, customer behaviour, market developments, technological innovations, the regulatory climate, etc.

It is a moot question if the boards play their role efficiently and effectively in a limited time of a few hours. The meetings may be reduced to rituals, with the numerous reviews, reports and a bulky agenda. The composition of the boards, their understanding of the nuances of risk management and their importance needs a close look.

The audit committees are required to focus more on the systems and procedures, their efficacy, their implementation and more importantly, their compliance, as brought out by various audit reports, ranging from concurrent, internal, statutory audits to inspections by the Regulator.

At least some members should have thorough knowledge of special areas such as risk management and foreign exchange and international banking.

An incisive analysis of any irregular practices or non-compliance can bring out real and and potential threats.

The same is applicable in the case of the risk management committees as well, who have to play a crucial role in shaping and recommending sound policies and test the practices vis-à-vis laid-down procedures.

The chief compliance officer religiously gives a certificate that all policies, procedures, regulatory prescriptions and statutory requirements are faithfully and fully complied with, based in turn on the certificates from various operational centers.

The management and various executives are responsible for day-to-day operations and their control.

The transactions

To appreciate the sanctity of standard procedures and how their strict compliance possibly could have averted the events that followed, an analysis of the transactions is necessary.

i) Two officials, the initiator and the confirmatory, authenticate the SWIFT messages, which are at the center of the fraud. Both of them should satisfy themselves that the transactions underlying the messages are genuine and carry necessary authority.If the initiator logs in a fraudulent message, the confirming officer could detect it since the correctness of the contents like the dates, amounts and namesare checked with the original vouchers or notes.

ii) A credit officer vested with necessary powers authorises messages pertaining to letters of credit or undertaking, unless the initiating official himself has the responsibility for credit function also, which is not the case here. Thus the onus on the confirming official is no less.

iii) A branch level concurrent auditor normally verifies all or random transactions depending on the volume, including SWIFT generated messages on a regular basis. The SWIFT system stores all the data. This verification is crucial since SWIFT is not interfaced with the core banking system.

iv) On the basis of the LoCs and LoUs, the overseas banks that negotiate the documents or extend buyers credit, make claims on the issuing bank. Or they can place the funds at the disposal of the customer’s bank. An International Division of the bank funds the Nostro (foreign exchange) accounts, after checking the references. They even contact the issuing branch for confirmation, if the amount is large.

v) For the debits raised in the Nostroaccounts, the LoU issuing branches respond either by recovering the amount from the customer or in case of his inability, by debiting a special account at the branch. In these cases, the department or division responsible for reconciliation, the branch officials, the auditors and the Zonal/HO level credit functionaries keep a track and follow up for reimbursement from the customer.

Long outstanding entries are reported for review by the administrative heads and even the Audit Committee periodically. How regularly and seriously this is done is again remains a question.

vi) An important hint is that several queries, advices or reminders criss-cross various levels of control in the bank and not all these communications will reach or are handled by a single or the same functionary. Amongst so many executives receiving the messages or letters at least some one would be alerted, if some thing is amiss, unless, in the unlikely event of every one sleeping, negligent or being involved in perpetuation of a fraud.

So, it is pertinent to note that regular banking functions have taken a back seat in the recent years, many senior executives at various levels, including the branch heads, being pre-occupied with non-core banking functions such as managing demonetisation exercise or focusing on marketing of fee earning insurance and mutual fund products. And the individual incentives offered by insurance companies to bank executives proved detrimental to banks’ interests.

Ultimately it boils down to every one in banks performing their duties meticulously and regularly.

The writer was MD of State Bank of Mysore

Published on February 22, 2018
This article is closed for comments.
Please Email the Editor