The incidence of bank fraud is trending downward, but the broad picture hides many blind spots
Illustration: Ajay Mohanty
The number of bank frauds in the first half of FY22 fell dramatically to Rs 36,342 crore, from Rs 64,261 crore in the year-ago period. Remarkable as this is, there is no getting away from the fact that the banking system saw “frauds of Rs 100 crore per day over the past seven years,” as Minister of State for Finance Bhagwat Karad told the Rajya Sabha in a written reply in March.
The Reserve Bank of India’s (RBI’s) Annual Report for 2020-21 notes that the average time lag between the date of occurrence of a fraud and its detection was 23 months; for large frauds (Rs 100 crore and above), it was 57 months. A two-decadal analysis by the Financial Stability Report of June 2019 (FSR: June 2019) found that frauds between FY01 and FY18 constituted 90.6 per cent of what was reported in FY19 by value.
If this was not bad enough, the ecosystem grinds to a near-halt after having sniffed a fraud, and seldom takes the next remedial steps. A classic case is that of ABG Shipyard. The ICICI Bank-led consortium declared its Rs 14,000-crore exposure to the company as a fraud in 2019, which Business Standard was first to report on January 24, 2020.
Yet, it was only in February this year that the Central Bureau of Investigation filed its First Information Report — by when the exposure was closer to Rs 25,000 crore, owing to the compounding of interest, making it the biggest bank fraud to date.
Below the radar
“Just because an account is current, it doesn’t mean that the borrower is playing by the rules. You are better off dealing with a reasonable borrower rather than a lucky borrower,” says Rajeev Dewal, legal advisor to the Indian Banks’ Association. It’s an indirect way of saying that as long as the interest is being serviced (or, the account is current), bankers are unconcerned about goings-on like, say, a diversion of funds; or do not deem it fit to carry out a proper audit of the borrower’s inventory.
In September 2018, the RBI deputy governor, M K Jain, gave banks an earful: “Some of the weaknesses and irregularities observed have been recurring in spite of the averments made by bank managements (about) having carried out remediation.” And that “it will not be an exaggeration to say that some of the big losses suffered by banks on account of frauds could have been avoided if a good compliance culture was ingrained in the respective banks”.
With all the technology available, why do bank frauds continue to be detected so late?
“Detection of frauds on the liability side happens instantaneously. But on the asset side, it’s different, as it has to be ascertained if employees of the bank were involved. And then, external agencies involved have to go through it forensically; and all this takes time,” says Ajoy Nath Jha, chief risk officer (CRO) and executive director at IDBI Bank.
Adds Ramaswamy Meyyappan, CRO at IndusInd Bank: “I can know where the funds from the borrower’s account went only if they are group firms. Once it’s outside of that, I have no way of knowing. That said, things have improved vastly and the RBI’s Fraud Monitoring Cell based in Bengaluru alerts banks within almost a week of a fraud happening.”
And now, banks also have to deal with fast-mutating cyber-crimes: “Many cyber-fraudsters are well organised, some better than large companies. You have to constantly upgrade your security architecture and this has to be overseen by specialists,” points out Kalpesh Doshi, chief information security officer (India and South East Asia) at FIS.
In its FSR: June 2019, the RBI said that as at end-December 2018, 204 borrowers that had been reported as fraudulent by one or more banks were not classified as such by other banks with exposure to the same borrower.
One of the major areas of non-uniformity in processes pertains to identifying red-flagged accounts (RFA) based on an indicative list of early warning signals, which is not uniform across banks. In several cases, banks were unable to confirm RFA-tagged accounts as frauds or otherwise within the prescribed period of six months.
According to data from the Central Repository of Information on Large Credits (which warehouses data on all borrowers’ credit exposures) for FY19, the RFA reported by banks exceeded the stipulated six-month period in 176 cases. Reasons cited for delays in recognising frauds included delays in completing forensic audits and inconclusive findings.
Few will go on record about the fact that the RBI’s diktat that all banks in a consortium classify the entire exposure as a fraud — even if it is specific to just one bank, or two — has, in effect, worked as an incentive not to declare frauds. It has long been whispered that even when the relationship manager for an account sniffs a fraud, they are prevailed upon not to escalate matters to the higher management.
This is because it would mean having to inform the consortium, and all banks will have to hang together owing to the RBI’s diktat on uniformity in fraud classification — declare it as a non-performing account (even if current) and make provisions. For state-run banks that have been dependent on recapitalisation support from the Centre, it made sense to push matters under the carpet.
The current data system may be inherently faulty as well.
“To reduce the time needed to detect and declare frauds, banks need alternative data beyond credit ratings for surveillance, including monitoring the borrower’s beneficial owners, bank transfers, salary and creditor payments, and regulatory filings,” notes Rajesh Mirjankar, managing director and chief executive officer at Kiya.ai.
He believes that “alternative data needs to be built for all borrowers who have large exposures. Use of artificial intelligence and machine learning technologies can proactively monitor large exposures and risks.”
Another reason could be the nature of consortium banking today, and taking a step back in time enables a better appreciation of its legacy.
In July 1997, Tata Tea pulled out of its unwieldy decades-old State Bank of India-led consortium of a dozen banks to try out Mint Road’s new brew for India Inc — “multiple banking”. You could shop bilaterally for loans from banks, get a “bespoke” structure and pricing. Twenty-five years on, these galactic arrangements are in disarray — the line between consortium and multiple banking has blurred, and bankers are in a tizzy.
Traditionally, in a consortium, there were inter-creditor ground rules, and the lead bank kept an eye on goings-on. But in multiple banking, a borrower gets independently assessed on credit limits set by individual banks. Today, banks within a consortium also offer borrowers the benefits of multiple banking or “club deals”. And some treat an account as a non-performing asset (NPA) in a quarter, even as others don’t.
If banks in a consortium do “talk” to one another, why can’t they provide for a loan default, irrespective of the 90-day norm and treat it as an NPA upfront? After all, there’s nothing in Mint Road’s rule-book that says you can’t do so.
“I agree that an account can be performing in one quarter and not be so in the next. Now, when you say provide irrespective of the 90-day norm, you have to provide for everybody and anybody. It doesn’t work that way,” says a senior banker, off the record.
Indeed, the Aditya Puri Committee Report (Data Format for Furnishing of Credit Information to Credit Information Companies) of 2014 had this to say on derivatives: “Borrowers have, in general, not been forthcoming in sharing such information with lenders, particularly with banks that are not part of the consortium”.
Another big worry is that while there is data on bank frauds, there’s nothing on this phenomenon in the books of non-banking financial companies (NBFCs) — and this, when two large NBFCs in the last four years turned out to be fraudulent entities: Infrastructure Leasing & Financial Services, and Dewan Housing Finance Corporation.
K V Karthik, partner (financial advisory) at Deloitte India, is guarded in his response: “NBFCs are now profoundly interconnected with entities in the financial sector…and are as exposed to similar risks as banks and, as such, the risk factors relevant to banks will also have a bearing on NBFCs.”
Frauds may have started to dip now, but wait a bit before you cheer.