Spike in bank frauds: Lag in reporting or weak internal controls?

Illustration: Ajay Mohanty
Are internal controls in banks so weak as to lead to a doubling in frauds (of Rs 100,000 and above) by value to Rs 1.85 trillion in FY20, with an uptick in the number of cases by 28 per cent, compared to FY19? The Reserve Bank of India’s (RBI’s) latest Annual Report indicates that the sum locked up in frauds is nearly equal to the recapitalisation amount injected into state-run banks during the financial year gone by.

This is surprising, as the Report on the Trend and Progress of Banking (2016-17) had said the process of migration to a web-based reporting architecture from the batch-processed fraud database was largely complete, with “live reporting” of fraud monitoring returns from April 1, 2017. But frauds continue to plague the system. Could it be that the reporting architecture is such that it inflates fraud figures?

Wrong perception

“The spike (in frauds) is more technical than an actual reflection of it in FY20. They have predominantly been in advances, and a few accounts make up for almost three-fourths of the value,” says Tarun Bhatia, managing director (MD) and head of business intelligence and investigations (South Asia) at Kroll, a global leader in forensics. He points to a common feature in India — the lag between the occurrence of frauds and the time they are actually reported.

“In our experience, it takes five to seven years for large accounts (more than Rs 100 crore) to be classified as frauds. This is mainly because the impact on the books (of provisioning) is sizeable, and banks would like to try all recovery options before classifying it as a fraud.” The Indian Banks Association’s stand is almost similar.

Says Rajeev Dewal, senior advisor (legal), for the bankers lobby: “It would be appropriate to consider the amount at risk as the fraud and not the total outstanding — the exposure on the borrower. The amount at risk may be arrived at by the bank by its own assessment of the quantum and probability of risk materialising; and it may be validated by an independent assessor, like, say, a statutory or reputed forensic auditor. In the current RBI prescription, the fraud amount — as it gets reported — becomes inappropriately high, portraying an incorrect picture, creating undue panic and wrong perception.”

It’s his way of saying that in a consortium of, say, Rs 5,000 crore, you can’t classify the entire amount as a fraud because of a transgression within a bank of, say, Rs 100 crore.

Catch me if you can

Over the past decade, local banks have invested a few billion dollars in technology. There is no single source of its capture, though. Nor have these investments led to a noticeably early detection of frauds.

K V Karthik, partner, forensic (financial advisory), at Deloitte Touche Tohmatsu (India), notes that “while banks have embarked on a digital transformation journey towards getting a single view of the customer, the back-end integration of various customer data along with the operational data is still at a nascent stage. A significant effort is spent in collating data and then analysing it for fraud risks, thereby making an early warning system somewhat underutilised.”

Despite the systemic risks due to frauds, the RBI’s Financial Stability Report (FSR, June 2020) does not mention the word even once, though its previous editions detail the concerns involved. It finds only passing reference in the central bank’s latest Annual Report. As for the vintage, the FSR of December 2019 observes that frauds that occurred between 2000-01 and 2017-18 accounted for 90.6 per cent of what was reported in 2018-19 in terms of value, and 97.3 per cent in H1:2019-20. What explains this time-lag?

“Assessment of frauds has taken a shorter time because banks have the systems in place,” says Rajesh Mirjankar, MD and chief executive officer at InfrasoftTech, who adds: “If you have frozen an account, getting the proceeds from it to whoever is the creditor is difficult, because it has to go to the courts. You need to have the witnesses and all the people involved within that. But from my perspective, I think the response to frauds has been pretty quick.”

With capital quoting at a premium, the system can ill-afford vast sums getting locked up in frauds (and provisioning for them) at the expense of shareholders and depositors. At its meeting on September 27, 2019, the subcommittee of the Financial Stability and Development Council, chaired by RBI Governor Shaktikanta Das, discussed measures to strengthen the system against frauds and revisit the framework for early warning signals. The banking regulator can be expected to step up the pace on this front, and perhaps even increase the penalties on banks.

The laggards

A system is as strong as its weakest link. The latest systemic data (FSR, December 2019) tells us that in HI: FY19, state-run banks accounted for 89.8 per cent of frauds by value, with private banks at 9.2 per cent and foreign banks at 0.4 per cent. This says a lot about the internal controls in state-run banks. Remember, that despite the Rs 20,000-crore hit that Punjab National Bank took due to diamantaires Nirav Modi and Mehul Choksi, no heads rolled at the bank. (edited) 

Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel