After the spate of bank frauds came into the light, the parliamentarians raised this issue in the ongoing session of the parliament. Answering the question in the Lok Sabha, on July 20, 2018, on the bank frauds committed in the last five years in India, Shiv Pratap Shukla, Minister of State (Finance), quoting the Reserve Bank of India (RBI), revealed the details of loan frauds for cases of Rs.1 lakh and above, the number, amount and percentage of loan frauds reported by banks during the last five financial years.The Minister stressed that the fraud data is by the year of reporting and not the year of occurrence of the fraud or sanction of loan, Letter of Undertaking etc., which may be of an earlier period. E.g., the fraud in PNB’s Brady House branch was reported in February 2018 but is a continuing fraud since 2011.
It is clear from the above graph that in the last five years, the amount of money defrauded increased by 303.06 per cent, whereas the number of fraud cases increased only by 36.53 per cent. In total, in the last five years, the banks were defrauded of over 1.13 lakh crores. However, this still reflects the incomplete picture as the amount of fraud considered in the above data is that of above Rs. 1 lakh. Moreover, since a part of the question was on the frauds committed by various business houses in the gems and airlines industry, the Minister answered, “RBI has informed that data regarding the industrial sector, such as Airlines and Gems industries, is not collected and, therefore, data on frauds in Airlines and Gems industries is not maintained.”
The RBI’s latest Financial Stability Report (FSR), June 2018, takes note that the frauds reported that in terms of the relative share of frauds, Public Sector Banks (PSBs) have a disproportionate share (>85 per cent) (Chart 3.1b) significantly exceeding their relative business share (credit and deposit ≈ 65-75 per cent).
The FSR notes that a sharper rate of growth was observed in the total number of frauds in 2017-18, which is driven by a significant jump in card/internet banking related frauds (Chart 3.1a). Flagging the underlying vulnerability of the technology, the FSR mentioned, “Banks are increasingly leveraging technology to deliver retail services and the significant buy-in from customers by their adoption of these delivery channels are anecdotally validated. The sharper increase in the number of frauds owing to card/internet banking related issues are pointers to the underlying vulnerability of this delivery channel.”
Composition of Fraud and its distribution in Public and Private Sector Banks
The RBI’s analysis of the frauds between 2013-2018 revealed that the composition of fraud amount reported is largely dominated by frauds in loans and advances both in PSBs and Private Sector Banks (PvBs).
A deeper look even within the PSBs revealed that the fraud amount reported in the banks under Prompt Corrective Action (PCA) is well in excess of their relative share in the credit. The FSR pointed out that this could be a result of somewhat lax internal controls which have magnified their stressed asset positions relative to non-PCA PSBs.
Failure of the Risk Management System
Overall, noticing that there is significant information asymmetry between external auditors and internal stakeholders, the latest FSR warned of the consequences of this on the quality of internal oversight. The report noted that structurally the operational risk oversight frameworks of PSBs and PvBs are quite similar. However, the difference in the quantum of fraud owes a lot to poor credit screening, deficiency in oversight of the account by the lead bank and information asymmetry between participating banks in Multiple banking/consortium arrangements, and lack of integration of information technology in the audit oversight.
On the nature of the loans, the FSR indicated that the dominance of loans, particularly working capital loans — that are taken to finance the everyday operations like wages etc. — in PSB frauds (Chart 3.2d) points towards co-ordination issues in implementing the three lines of defence architecture.
The Institute of Internal Auditors — internal audit profession’s most widely recognized advocate, educator, and provider of standards, guidance, and certifications— mentions, “the management control is the first line of defense in risk management, the various risk control and compliance oversight functions established by management are the second line of defense, and independent audit is the third. Each of these three “lines” plays a distinct role within the organisation’s wider governance framework.”
The three lines of defence model has been in place since the early 2000s. However, the Indian banks are still not implementing it stringently. After the $2 billion PNB scam came into light, Urjit Patel, RBI Governor, in a written reply to the Parliamentary Standing Committee on Finance, blamed the failure of all the three lines of defence for the scam.
In fact, the P J Nayak Committee, which, in 2014, submitted its Review of the Governance of Boards of Banks in India, castigated the Boards for inadequately discussing long-term strategy. The Committee observed, that the focus is more tactical and less strategic, such as the location of branches and ATMs, and provision of leased residential accommodation to officers in six locations. Moreover, the deliberations are driven from the vantage-point of compliance rather than business economics. It noticed that there is generally weak evidence of the monitoring of measurable disaggregated business goals in relation to targets. In one bank the taxi fare reimbursement policy got the same coverage as the NPA recovery policy.
While the new models of risk management are also heavily dependent on the technology and advanced data analytics to proactively manage risks, the Indian public sector banks are not yet able to implement fully the traditional model.