Recent PNB Fraud case has started the discussion among Tech experts whether or not Blockchain Technology could help prevents future bank frauds
Banking sector is the engine of economic growth and any malfunction in this engine sends shivers down the entire economy. In the recent years, banks have achieved phenomenal growth which has predominantly been enabled by technology. But human intervention can lead to situation where one can not imagine. PNB fraud case is also a case of technology v/s human intervention. If seeing it from a technology aspect, the case could be considered as a hack in the system however it is indeed more of a bank break-in rather than considering as a cyber crime.
In the wake of PNB SWIFT-related fraud involving significant amount, RBI also reiterated its confidential instructions and mandated the banks to implement, within the stipulated deadlines, the prescribed measures for strengthening the SWIFT operating environment in banks.
SWIFT or Society For Worldwide Interbank Financial Telecommunication is the tool used for international money transfer.
Dr. Preeti Goyal a professor of Finance & Accounting at Great Lakes Institute of Management in Gurgaon says, “In the coming years this sector is expected to witness explosive changes and growth with the use of newer technologies such as NFC, block chains, robotic process automation etc. Unfortunately, the fraudsters have also started using innovative methods to misuse the banking system. At the same time tools and techniques such as real time neural network based behavior models and forensic accounting are already changing the face of fraud detection and prevention. This is like a cat and mouse game between the banks and fraudsters and technology remains both a root cause as well as the solution to this.”
While the Nirav Modi fraud has been highlighted as a technology fraud, the focus should actually be on the lack of internal controls, checks and balances that led to this situation. It is not that bank frauds did not happen prior to the use of technology. Many of us will recall how Harshad Mehta duped the banking system of crores of rupees in late 1980s – at that time it was said if banks were automated, it may have been possible to prevent the fraud.
“There is no nirvana to prevent bank fraud. The solution lies in strengthening the internal controls, checks and balances and at the same time investing in latest technology and training people to use it.” She adds.
While this fraud has occurred at one of the branches of PNB, it would eventually affect other Banks in India and outside India due to nature of such contracts. If PNB backs out of its obligations to pay and takes legal route, other banks will also a take a hot.
“As we have seen in past, such frauds are not limited to one branch and we may see other Banks unearthing similar frauds in near future in one of their branches. Considering that Public sector Banks in India are Government backed, there is no immediate threat on existence of any of banks. However, such news weakens the faith of Indian Public and International investors in the Banking system. This is not a good news and will have long term repercussions for Indian banking system as a whole. This is also a final wake up call for banks to put their house in order.” Says Rajeev Mahajan, Co-Founder, CEO and Director at Antworks Money, also the Ex-Senior President – MNC Infrastructure, Yes Bank.
Whom to Trust
“Technology can protect you from invasion or hacking, but technology cannot protect you from human tendency to perpetrate fraud. It is important to minimize human interference and maximize technology-based transactions.” Says Prasad Ajgaonkar, CEO, iRealities Pvt. Ltd (The company specializes in offering technological innovation, digital services.)
Gokulnath Shetty, retired deputy branch manager with another junior employee misused the Society For Worldwide Interbank Financial Telecommunication or SWIFT codes; as he had passwords to them. He has worked in the bank for a long time and he managed to cover up the whole mess for years. While, there are also other people who have been arrested from authorized signatory of the accused firms.
A big question arises here is whom to trust as modern day banking necessitates working in hand with partners, agents and vendors, etc. besides outsourcing, peripheral and several operational activities involve deploying and trusting outside agency's employees.
In the mist of the PNB Fraud case, there is need to have vigilant backgrounds checks for the employees working in financial institutions. CEO of SecUR Credentials, a background screening company Rahul Belwalkar says, “Currently, the numbers of PSU’s that opt for Background screening are low because of HR Practices that have been ingrained through the years and their resistance to change these practices. We also suspect that there are push backs from unions as well because of which HR policies haven’t changed in a while. There has been a rise in number of private sector banks and NBFCs that are not only conducting background screening but are also doing regular credit checks on their employees who at the end of the day handle large amounts of clients’ money. In this case too, right from general manager level and other 18 employees have been accused of the fraud; having proper and systematic employee background verification is the need of the hour.”
What should be Done
As the risks arising from the potential malicious use of the SWIFT infrastructure, created by banks for their genuine business needs, has always been a component of their operational risk profile. RBI had, therefore, confidentially cautioned and alerted banks of such possible misuse, at least on three occasions since August 2016, advising them to implement the safeguards detailed in the RBI's communications, for pre-empting such occurrences. Banks have, however, been at varying levels in implementation of such measures. Even Finance Minister Arun Jaitley has also said that it is incumbent upon the state to chase those who cheat the banking system.
In the light of this case; leaders in the industry have suggested some of the measures that should not be avoid. Prasad Ajgaonkar CEO of iRealities suggests that it is extremely important to educate all stakeholders in the banking ecosystem on information security, as banking frauds are not technology frauds but process frauds.
“Making information security training compulsory for all bank employees is an important step in significantly reducing bank frauds. For one of the largest private sector banks, we have created and deployed a comprehensive information security training module, which they are successfully running for the last 3 years.” He says.
There should be a system or mechanism to immediately make the changes in the patches in the system, and it can be made secure. For this, the systems should be open systems. Banks should also have a crises management system in place, for immediate external and internal communication.
Blockchain Can Help
The long term solution that banks can look at for prompt detection and prevention of fraudulent transaction is by deploying a blockchain based system. Blockchain consensus is dependent on the entire ecosystem and not an individual. Hence, it would reject such a transaction immediately, since in normal circumstances, it is only one/few individuals who are responsible for the fraud and not the entire network of the bank. It also provides effective protection against fake LoUs.
“Blockchain technology can successfully prevent process frauds in banks, because no one single authority has full control over the movement of assets. If the core banking system is integrated with blockchain, any breach of limits can be immediately tracked and stopped. In the PNB fraud, only one officer had authority to execute the transaction end-to-end, so the fraud was not detected as it bypassed the core banking system.” Says Ajgaonkar.
Advocating the Blockchain usage, CEO & Co-Founder of Razorpay, Harshil Mathur
says, “A blockchain based system also provides high traceability with the records of transaction being made available in the transaction history, throughout the lifetime. This makes the system transparent and auditable, hence more immune to frauds.”
Software Companies should work with the relevant business function team to understand and identify the dependencies. Most of the conventional systems have maker, checker and authorizer concepts embedded, however, analytics based audit hooks and rule based cross platform reconciliations are seldom implemented.
Agrees with the same Vikram Pandya, Director Fintech of SP Jain School of Global
Management also expresses his thoughts, “With advent of machine learning, banking software can do realtime data analytics and notify the management about suspicious patterns. Software firms should also start offering blockchain based solutions to bring more transparency and efficiency to some of the processes where dependency of value chain is higher. RegTech should be part of the software offering. Internal controls should be embedded within the system and checklist based approach should be implemented.”
Meanwhile, RBI also said it has formed a panel to look into reasons for factors leading to increasing incidents of frauds in banks. The panel will also look into reasons for high divergence in Non-Performing Asset (NPA) classification and provisioning by banks.
"In view of large divergences observed in asset classification and provisioning in the credit portfolio of banks as well as the rising incidence of frauds in the Indian banking system, it has been decided to constitute an Expert Committee under the chairmanship of Y H Malegam, a former member of the Central Board of Directors of RBI, to look into the reasons for high divergence observed in asset classification and provisioning by banks vis-a-vis the RBI's supervisory assessment, and the steps needed to prevent it; factors leading to an increasing incidence of frauds in banks and the measures (including IT interventions) needed to curb and prevent it; and the role and effectiveness of various types of audits conducted in banks in mitigating the incidence of such divergence and frauds," Apex bank states.
The members of the committee include Bharat Doshi, member, Central Board of Directors, RBI; S Raman, former chairman and MD, Canara Bank and former whole-time member, SEBI; and Nandkumar Saravade, chief executive officer, Reserve Bank Information Technology Pvt Ltd (ReBIT). A K Misra, executive director, RBI will be the member-secretary of the committee.
Bank frauds: The procedure & action against the culprits
Views by: Milan Mody & Sandeep Shah, Partners of N A Shah Associates LLP.
1 RBI has issued a master circular Frauds – classification and reporting, dates July 1, 2015.
This circular covers classification, monitoring, provision and closure of fraud cases
Classification of frauds
In order to have uniformity in reporting, RBI has provided guidelines for classification of frauds. There are 7 classifications including a residual category. The classification include (a) Unauthorised credit facilities extended for reward or for illegal gratification and (b) Cheating and forgery
Reporting of frauds to RBI
The circular prescribes norms for reporting of frauds to Reserve bank of India as well to internal management. It also suggest quarterly and annual reporting and monitoring of outstanding frauds. Additional information as regards to unscrupulous borrowers is also required to be furnished to Reserve Bank of India. The circular also suggest that a subcommittee of the board should be formed to provide focused attention and to avoid delays in detection, reporting and monitoring of high value frauds.
Provisioning Pertaining to Fraud Accounts
To ensure uniform provisioning norm in respect of all cases of fraud, it is prescribed that The entire amount due to the bank (irrespective of the quantum of security held against such assets), or for which the bank is liable (including in case of deposit accounts), is to be provided for over a period not exceeding four quarters commencing with the quarter in which the fraud has been detected.
2 Companies Act, 2013 (referred to as Act)
Reporting responsibility on auditor as per section 143 (12) of Act
Auditors has a reason to believe that an offence of fraud involving amount of Rs.1 crore and more, is being or has been committed in the company by its officers or employees, the auditor shall report the matter to the Central Government / RBI as well as to the Board of Directors / Audit Committee within the prescribed time frame and in the prescribed manner
Penalty under the Act
As per section 447 of the Act, in case the fraud in question involves public interest, the term of imprisonment shall not be less than three years but which may extend to ten years and shall also be liable to fine which shall not be less than the amount involved in the fraud, but which may extend to three times the amount involved in the fraud
Serious Fraud Investigation Office (SFIO)
As per section 212 of Act, The Central Government may in public interest order an investigation by SFIO. All the officers and employees are responsible to provide all the details to the investigating officer. The investigating office has wide powers in inspecting the matter.
3 General
The borrowers and all those who have connived would be subject to penalty and criminal prosecution as laid down in the Indian Penal Code