Fraud Risks in the Banking industry

Recent news items of cases of frauds and abuses in banks and financial institutions in India

  • Central Bureau of Investigation (CBI) had registered a case on March7, 2020 for alleged cheating, fraud, criminal conspiracy in sanctioning of loans by YES Bank and in exchange receiving kickbacks by Kapoor from DHFL promoter Dheeraj and Kapil Wadhawan.
  • Punjab and Maharashtra Cooperative Bank(PMC Bank) has been facing regulatory actions and investigation over alleged irregularities in certain loan accounts. The collapse of PMC bank exposed a harsh reality – poor regulation allowed the bank to flout rules for years. The bank is accused of lending money to a real estate company – Housing Development & Infrastructure Ltd (HDIL) – through dummy accounts in the name of dead

The Banks and Financial institutions in our country have witnessed several cases of fraudulent practices that are rampant from the top management level to being percolated down to the operational mid and lower management level. Only the tip of the iceberg gets into a national level debate – there are many more waiting to be discovered.

Why do you think that this is happening so often in the banking industry when people trust them and put their entire savings with these financial institutions?

The solution lies in taking a deep look into the internal processes and routines to find out whether there are enough checks and balances and controls – whether manual or software application controls – both are equally important.

It is a fact that vulnerabilities do and will exist in small or big, upcoming or established financial institutions. If the tell-tales signs are not recognised early enough, these organizations are sitting on a time bomb that could explode and damage their business, result in sanctions or even bankruptcy, temporary closure of offices and of course tarnished brand image. (See Annexure below for a sample checklist of fraudulent situations in banks / financial institutions that could result in losses, waste or abuse.)

Some of these early warning signals or “risk factors” should help in mitigation and avoid losses to the banks and financial institutions:

  1. Top management governance and oversight is poor, lacking or only ad-hoc – focus is on fire-fighting issues as and when they arise.
  2. There are only one or two officers in a bank / bank’s branch who have dominating control over all operations and decision-making.
  3. Records maintenance and documentation is inadequate, ineffective or even absent and the same is not questioned or given importance.
  4. Failure of periodic regulatory or compliance reports to the Central Bank of the country or other statutory bodies.
  5. Systems and applications have poor internal controls set up for critical transactions.
  6. By-passing systems through manual intervention is possible and policies and procedures are flouted.
  7. The above aberrations are not noticed because of poor audit programs or they are not reported by the audit team.
  8. Personnel working in critical areas like loan sanction, investment and treasury departments are not rotated and not sent on compulsory leave periodically due to weak vacation policies.
  9. Four-eye principle for approvals and authorizations not adequate or by-passed due to weak internal controls.
  10. Insufficient segregation of duties in processes.
  11. No background checks for new recruits and inefficiencies not addressed through proper training.
  12. Absence of continuous communication on important policies on ethics and business standards and evaluation of their practices.

 

ANNEXURE

This list is by no means exhaustive and it is the diligence of the banks’ audit (internal or external) that matters most. However, this may help in focussing for deeper analysis of fraudulent situations in several areas of banking operations.

  1. Loans:
    1. Forged or fictitious loans to non-existing parties,
    2. accommodation or helping round-tripping of loans,
    3. collusion with politically exposed persons,
    4. loans to insider-related shell companies,
    5. embezzlement of escrow accounts,
    6. commission or kickback on loans,
    7. diverted recoveries of charged-off loans.
  2. Collaterals for loans:
    1. Improperly valued or undervalued collaterals accepted,
    2. forged certificates issued by illegal offshore companies,
    3. round-tripping transactions for payments,
    4. taking collaterals and releasing them prematurely.
  3. Investment and trading in the securities market:
    1. Collusion between a bank employee and trader to transact at inflated prices,
    2. Unauthorized purchases and sales of securities and covering it up,
    3. Not disclosing trading losses to management,
    4. Placing personal trading contracts through accounts to take advantage of bank’s volume discounts on brokerage,
    5. Trades placed based on inside information by an employee for himself/ herself, thereby making personal gains.
  4. Deposits from customers:
    1. Dormant or inoperative accounts misused by personnel for unauthorized transactions like withdrawals or coverups,
    2. Fictitious charges not part of the authorized list of charges,
    3. Manipulating dormant account balances to balance Trial Balance,
    4. Unauthorized overdrafts granted to deposit accounts and covering up,
    5. Withholding checks without proper reason and manipulation of accounts where the bank personnel is acting in a fiduciary capacity,
    6. Setting up fictitious accounts and withdrawing embezzled amounts from the bank.
  5. Correspondent bank accounts:
    1. Unreasonable delay in recording funds transfer and keeping money in float,
    2. Fictitious debits and credits,
    3. Fraudulent letters of credit issued,
    4. Issuing drafts without corresponding recording of transactions,
    5. Fake collections recorded.
  6. Cashier’s desk and transactions
    1. Covering end of day cash shortage with receipts from next day,
    2. Repetitive excess and cash shortages,
    3. Theft of cash by teller – either singly or in collusion with another staff,
    4. Not reporting large currency transactions that are suspicious cash deposits or withdrawals.
  7. Accounting income and expenses
    1. Window dressing with inflated expenses,
    2. Fraudulent rebates and write-offs on loan interest to select clients,
    3. Hiding unreconciled accounts as suspense accounts in Trial Balance,
    4. Under evaluation or ignoring Non-Performing Assets (NPAs),
    5. Over or under provisions in the Profit and Loss Account.

Basics revisited – Basel I, II and III

Before we delve deep into understanding banking industry risks under various categories let us look at what world-wide regulators prescribe as norms to be followed

We all know that Banks play a crucial and important role in the national and global economy. Banks on the one hand bring in deposits from individuals, corporates and other institutions and on the other hand offer loans to borrowers and other financial products. The inflows include the Banks’ own capital plus the liabilities in the form of deposits mobilized and the outflow represents loans and borrowings to their clients on which the banks earn interest, other charges and commissions. These earnings are supposed to cover the operating / administrative expenses of the bank and pay interest to depositors and other borrowers of the bank itself. The banks also have the responsibility to operate in a safe and stable manner that they meet the commitments through maintaining adequate liquidity and creditworthiness. They also have to meet their shareholder expectations and comply with the national regulators norms for the banking industry.

Thus Banks are exposed to various kinds of expected risks and unexpected risks whether related to the market or non-market activities. The risk potential and impact is loss of depositors’ money, loss of trust in the bank leading to a Domino effect that can cascade to several other inter-connected banks and transactions.

While the anticipated or expected losses can be mitigated by Banks through several strategies like product pricing, accounting provisions for Non Performing Assets (NPAs), etc, the unexpected losses arising out of the choice of the banks’ activities and portfolio has to be met through the Banks’ own capital funds in order to protect the depositor’s money.

Banking regulation is complex in several countries – it involves licensing norms (such as for setting up a new bank) and supervisory controls, reporting and disclosures of its various activities. Many banks and financial institutions have a stronghold on the economy with enormous consequences in the event of a failure or collapse of the banking system. This is the reason why Governments come up with bail-out schemes to prevent rippling effects throughout the economy leading to a systemic failure.

What is Basel I?

The formal framework for banks’ capital structure was evolved in 1988 with the introduction of the “International Convergence of Capital Measurement and Capital Standards”, popularly known as Basel I, issued by the Basel Committee on Banking Supervision (BCBS).

Following Basel I, banks were required to maintain a minimum capital adequacy of 8% against risk weighted assets (RWA). Here Basel suggested a portfolio approach to credit risk by assigning appropriate risk weights against each asset (for example, housing loans carry 50% risk weight and corporate loans carry 100% risk weight). The capital components include long term debt funds also by categorising qualitative equity capital as Tier I and others as Tier II. Although the Basel Accord was signed only by the G-10 countries plus two more nations, more than 100 countries across the globe have made these norms mandatory in their domestic banking systems. In India, the Reserve Bank of India (RBI) implemented Basel I norms from 1992 onwards.

Why Basel II?

Basel I was criticised for its rigidity of “one-size fits” approach for banks of all sizes and absence of risk sensitivity in estimating capital requirements. In 2004 the BCBS came out with a comprehensive framework of capital regulation popularly known as Basel II.

Basel II was built up on three pillars – minimum capital requirements, supervisory review process, and market discipline. Under Basel II, banks were required to maintain the minimum capital requirement of 8% against the risk weighted assets, while RWA was computed by considering the three major generic risks

1. Credit risks,

2. Market risks, and

3. Operational risks.

To estimate the capital requirements for credit risk and operational risk, Basel-II proposed a menu of approaches – standardised, foundation internal ratings, and advanced internal ratings approach. However, for market risk Basel II continued with the 1996 framework which suggested both standardised and internal measurement models.

In India, from 2007 / 2008 onwards, banks have followed estimation of capital requirements by following the standardised approach for all the three risks, viz. credit, market and operational risks.

Why Basel III?

Although Basel II was a very comprehensive capital regulation framework architected on sophisticated risk quantification models, it failed to address certain issues which emerged during the financial crisis of 2007-08.

Issues that were noticed:

  1. In good times, when banks were doing well, and the market was willing to invest capital in them, Basel II did not impose additional capital requirement on banks. On the other hand, in stressed times, when banks required additional capital and markets were wary of supplying that capital, Basel II required banks to bring in more of it.

  2. By following value at risk (VaR) models, banks maintained capital requirements against trading book exposures assuming that these could be liquidated, and substantial banking book assets were parked in trading book, which helped banks to optimise the capital requirements.

  3. Basel II assumed that its risk based capital requirement would implicitly mitigate the risk of excessive leverage. Unfortunately, excessive leverage of banks was one of the prime causes of the crisis.

  4. Basel II did not consider liquidity risk as part of capital regulation.

  5. Basel II focussed more on individual financial institutions and ignored the systemic risk arising from the interconnectedness across institutions and markets, which led the crisis to spread to several financial markets.

The BCBS released the Basel III framework entitled “Basel III: A Global Regulatory Framework for more Resilient Banks and Banking systems” in December 2010 (revised in June 2011).

The enhancements of Basel III over Basel II came in four distinct areas:

1. augmentation in the level and quality of capital requirements.

2. introduction of liquidity standards.

3. modifications in provisioning norms, and,

4. introduction of leverage ratio.

The above information should give an idea of the evolution of Basel regulations and its main objectives and provisions.