Inadequate oversight and lax processes led to fraud at PNB

Mumbai/New Delhi: Beneath the perfect storm of Punjab National Bank’s (PNB) Rs11,400-crore fraud lies a series of lax processes and inadequate oversight, surfacing at a time when Indian banks are grappling with Rs10 trillion of stressed loans.

Interviews with executives from several state-run banks and experts reveal that jeweller Nirav Modi and companies linked to him were able to siphon off funds in concert with some PNB executives because of the failure of the bank to integrate its own transaction recording software with the international financial messaging system.

A central bank communication corroborates the same.

“The fraud in PNB is a case of operational risk arising on account of delinquent behaviour by one or more employees of the bank and failure of internal controls,” the Reserve Bank of India (RBI) said in a release on 16 February. RBI has initiated a supervisory assessment of PNB’s control systems.

Officials of Mumbai’s Brady House branch of PNB, without approvals, issued so-called letters of undertaking, or LoUs, (essentially guarantees) that helped Modi’s companies raise credit from other banks. The foreign banks gave the funds to Modi companies on the assurance that PNB will pay up if there is a default.

According to bankers, transactions on SWIFT, an inter-bank messaging facility, must go through a built-in system of audit and reconciliation. These include seeking approval from officials other than those having banking relation with the client, red flags for sudden spurt in transactions, and breach of sectoral and group exposure limits, among others. SWIFT stands for Society for Worldwide Inter-Bank Financial Telecommunication.

“In our bank, majority remittance transactions are centralised. In branch-originated transactions, there is mandatory reporting of all SWIFT messages to the zonal or head office at the end of day,” said senior official with a South-based bank, on the condition of anonymity given the sensitivity of the matter.

LoUs, issued when overseas import payments are involved, basically guarantee liability payment by one bank to another on behalf of its client. The messages on LoUs are sent through SWIFT.

All Indian banks are expected to mandatorily report their LoUs to RBI every quarter, a senior banker with a foreign multinational bank said, adding it’s not clear if PNB or its counter-parties (overseas branches of Indian banks) did so. Also, whenever a SWIFT message is sent, it is verified, checked and authorized at various checkpoints by the operations and treasury teams of the sender and receiver banks, but it appears that no alarm was raised in this case, he said. Besides, whenever an LoU is issued, the receiving bank sends a letter of confirmation to the issuing branch and its controlling office, he added.

PNB has maintained that transactions and messages sent through SWIFT were not recorded in its core banking system software, which typically records daily transactions. This allowed the errant employees escape notice of bank auditors.

While most state-owned banks still have not integrated SWIFT and CBS (core banking system), some of them have started the process.

According to bankers, the advantage of linking both systems is that all transactions are recorded in the system and hence helps in calculation of liabilities.

“The integration helps to ensure that exposure limit set for a particular borrower is not breached because CBS has all account details. It also gives us greater control,” said a senior official of Union Bank of India, requesting not to be named. Union Bank of India has linked SWIFT with CBS partially and has started process for linking other type of transactions such as those related to LoUs.

The country’s largest lender State Bank of India (SBI) has also integrated SWIFT and CBS, Press Trust of India reported on 16 February quoting chairman Rajnish Kumar.

He also said that SBI has an elaborate system of risk management and internal audits.

“One of the risk management practise, which we follow is job rotation. We don’t keep a person for more than three years at one position. There are certain positions which are very sensitive and we monitor those positions very closely,” Kumar said.

A senior official at a large state-owned lender said his bank conducts at least three levels of checks for all transactions involving remittances. First-level check is when the non-fund based exposure such as LoU are sanctioned and transmitted in SWIFT, the second is to report the message to CBS, and the third is the routine process of management information system (MIS).

“In the SWIFT process itself, minimum three to five people are involved. I don’t know the details of the PNB case, but discrepant transactions going undetected for years is highly unlikely in any Indian bank in the current scenario,” said the banker cited above, who also asked not to be named.

In a press conference on Thursday, Sunil Mehta, managing director and CEO of PNB, said the bank is looking at whether there were failures in the internal systems that need to be addressed.

An email sent to Mehta remained unanswered till press time.

Tarun Bhatia, managing director, investigations and disputes, Asia Pacific at risk-management firm Kroll said the case is a not a credit or technology failure, but the failure of the processes.

“At the end, technology is only an enabler and the concept of maker and checker will only work when processes are followed. My sense is that people involved undertook unauthorised trades and there was failure to track it,” he said.livemint