Whither Indian Banking Scams?

It is said that "Experience is the best teacher, and the worst experiences teach the best lessons." The banks and financial institutions have been facing their worst experiences for the last few years in their management of NPAs such as in the case of Vijay Mallya, Nirav Modi, and Mehul Choksi etc. Did they learn their best lessons so far? Let them throw away the bad experience but did they save their lessons learned? I don't think so because yet another bank scam, perhaps the biggest ever, has been unearthed recently relating to ABG Shipyard Limited to the extent of nearly Rs.23000/- crores involving of a consortium of 28 banks led by State Bank of India.

It is reported that the company is alleged to have diverted loan funds through subsidiaries in Singapore and other means between 2012 and 2017. "There are 28 banks… different nature of bank loans including CC Loan, Term Loan, Letter of Credit, Bank Guarantee etc. that were given as advance by the banks. After analysis of basic facts of the case, scrutiny, discreet verification, and the issues mentioned in the complaint and verification of the addresses of the accused persons, an FIR was registered," the CBI statement said.

It is surprising and shocking to note that perpetrators have been indulging in their nefarious activities since 2012 and none of the banks could find anything suspicious or high rotting in the conduct of the said borrower company and the promoters and the key responsible officials of the company which only proves that something is fundamentally wrong with the credit monitoring systems and procedures prevailing in the banks and financial institutions. It is evident that these frauds and failures are not isolated incidents propagated by a few misguided offenders but well planned, prepared and well-executed crimes deliberately committed for personal gains affecting the banks and economy of the nation. Can the banks play the innocent victims card for a crime of this magnitude?

It is often pleaded that such frauds have been taking place on account of systems and procedures failures of the banks and finding loopholes in the law, rules and practice of banking which is nothing but escapism to save the bank officials from the charges of dereliction of duties and responsibilities. Systems and procedures will not fail by themselves but it is made to fail by the people manning the systems and procedures. It has been proved many times that such crimes are committed with the connivance of some bank officials also. Even after years of experience in the banking laws and rules, are the law makers not able to bridge the loopholes in the laws? In any bank fraud or embezzlement case, history is being repeated.

RBI as Regulatory Authority

Considering the importance of risk management in banks Reserve Bank of India (RBI) being the regulator of banking operations in India, has the power to determine policy and issue directions under RBI Act, 1934. They appointed The Consultative Group of Directors of banks and FIs (Dr. Ganguly Group) to review the supervisory role of Boards and they submitted its report in April 2002 for the implementation of their recommendations which included Responsibilities of the Board of Directors and Role and responsibility of independent and non-executive directors.

Risk Management Systems in Banks states, "Banks in the process of financial intermediation are confronted with various kinds of financial and non-financial risks viz., credit, interest rate, foreign exchange rate, liquidity, equity price, commodity price, legal, regulatory, reputational, operational, etc. These risks are highly interdependent and events that affect one area of risk can have ramifications for a range of other risk categories. Thus, top management of banks should attach considerable importance to improve the ability to identify, measure, monitor and control the overall level of risks undertaken."

"The broad parameters of risk management function should encompass:

1. organisational structure;
2. comprehensive risk measurement approach;
3. risk management policies approved by the Board which should be consistent with the broader business strategies, capital strength, management expertise and overall willingness to assume risk;
4. guidelines and other parameters used to govern risk taking including detailed structure of prudential limits;
5. strong MIS for reporting, monitoring and controlling risks;
6. well laid out procedures, effective control and comprehensive risk reporting framework;
7. separate risk management framework independent of operational Departments and with clear delineation of levels of responsibility for management of risk; and
8. Periodical review and evaluation."

RBI issued an important notification DBS.CO.PP.BC. 14 /11.01.005/2003-04 dated June 26, 2004 Risk Based Supervision- Follow up of Risk Management Systems in Banks wherein Revised format for reporting progress in implementation of Risk Management System / ALM, Risk Based Supervision and Risk Based Internal Audit were incorporated through which vital information regarding risk based supervision were to be given consisting of the following information.

• Part I - Risk management system/ALM- Progress made during the quarter ended
• Part II- Preparedness for Risk Based Supervision (RBS) –Progress Report for the quarter ended
• Part III- Risk Based Internal Audit –Progress Report for the quarter ended

Subsequently, RBI issued their Note on Management of Operational Risk vide their circular DBOD.No.BP.1365/21.04.118/2004-05 dated March 11, 2005 in which the Executive Summery states, "Growing number of high-profile operational loss events worldwide have led banks and supervisors to increasingly view operational risk management as an inclusive discipline. Management of specific operational risks is not a new practice; it has always been important for banks to try to prevent fraud, maintain the integrity of internal controls, reduce errors in transaction processing, and so on. However, what is relatively new is the view of operational risk management as a comprehensive practice comparable to the management of credit and market risk. 'Management' of operational risk is taken to mean the 'identification, assessment, monitoring and control / mitigation' of this risk."

Among the various aspects, the following are some of the very important features included.

1. A typical organization chart for supporting operational risk management is given by way of a chart.
2. Responsibilities of the Board.
3. Senior Management Responsibilities.
4. Policy requirements and strategic approach.
5. Identification and Assessment of Operational Risk
6. Monitoring of Operational Risk
7. Controls / Mitigation of Operational Risk.
8. Independent Evaluation of Operational Risk Management Function.

If only the banks had followed the risk management system diligently, they could have prevented number of fraudulent and embezzlement cases to a great extent.

In order to fortify the risk assessment programme and to take preventive actions, RBI notified yet another circular DBOD. No. BP.BC. 88 /21.06.014/2010-11 dated April 27, 2011 on Implementation of the Advanced Measurement Approach (AMA) for Calculation of Capital Charge for Operational Risk based on The Basel II Framework presenting three methods for calculating operational risk capital charge in a continuum of increasing sophistication and risk sensitivity:

(i) the Basic Indicator Approach (BIA);

(ii) the Standardized Approach (TSA)/ Alternative Standardized Approach (ASA); and

(iii) Advanced Measurement Approaches (AMA).

Apart from the aforesaid measures to be undertaken by the banks, financial institutions and NBFCs, the RBI issued many circulars concerning frauds from time to time.

As the core authority to supervise the banking operations in India, RBI is responsible to assure monetary stability in India and ‘generally to operate the currency and credit system of the country to its advantage'. Besides it has power to determine policy and issue directions and any direction issued by RBI is mandatory for the banks and financial institutions to comply with such directions failing which they are liable to be punished.

Audit and inspection

RBI has been vested with the power to conduct inspection of banks, financial institutions and non-banking financial institutions at regular intervals and if necessary, special inspection as per the need under Banking Regulation Act and RBI Act. Besides, RBI has the power to control over management of banks, financial institutions and non-banking financial institutions. RBI also has got powers to conduct audit depending on the need and the situation.

Apart from RBI banks, banks and other financial institutions are also required to undertake internal audit and inspection from time to time as per statute and as per the need. One of the most important systems that the RBI introduced and insists on is the concurrent audit system since this "system is regarded as part of a bank's early warning system to ensure timely detection of irregularities and lapses, which also helps in preventing fraudulent transactions at branches, the bank's management may continue to bestow serious attention to the implementation of various aspects of the system such as selection of branches/coverage of business operations, appointment of auditors, appropriate reporting procedures, follow-up/rectification processes and utilization of the feedback from the system for appropriate and quick management decisions."

The irony and the pathetic thing is that neither RBI or the banks in spite of having a robust supervisory system in place could not detect the ongoing fraudulent and despicable acts by specifically keeping an eye on the high value accounts and continuously taking effective monitoring steps to prevent the aforesaid massive fraud and diversion of funds right under the noses of bank officials for such a long time leading to the biggest scam that has taken so far in the banking history involving a gigantic number of banks. Are RBI and banks not responsible and accountable for such massive swindling of public fund?

The basic question is how to minimize the incidents of fraud if not eliminating it and some of the important steps are:

• First and foremost is to study the psychological disposition of the fraudsters and willful defaulters and the motive behind their unbecoming acts of criminality. "Criminal psychology is the study of the intentions, actions, reactions, views, and thoughts of the criminals and the ones who partake in criminal behaviour. Criminal psychology is related to the field of criminal anthropology."
• A detailed study on the modus operandi of each past case of fraud to find ways and means to bridge the loopholes in the systems and procedures and the ambiguity or inadequacy in the law or a set of rules to be implemented without any let up.
• To initiate a research programme to innovate and create a robust preventive system based on the criminal psychology and modus operandi of fraud cases of the past through strong technological inventions of systems and procedures to thwart any criminal activity of the fraudsters.
• An intensive and extensive training programme to be undertaken by the management to educate the employees and executives to equip them with practical knowledge to inculcate a logical thinking, analytical ability and decision making capacity to initiate timely action to prevent frauds.
• Complacency, lethargy, negligence, misplaced trust, etc. are some of the human weaknesses that give an opportunity to fraudsters to commit their crime. Hence, special care to be taken to prevent such weakness and to educate the employees and executives to be alert constantly and to be vigilant always. Educating the general public particularly the bank customers about banking rules, regulations, laws etc. to be vigilant about their bank transactions.

In the final analysis if the bank employees are vigilant and alert to take deterrent actions without any let up on the first sign of fraud itself, the incidents of fraud can be minimized to a great extent.