It is good news that the number of frauds in banks is coming down due to improved technology-led real-time monitoring and control. According to the ministry of finance, the bank frauds during 2016-17 stood at Rs.61,229 crores which declined to Rs.11,583 crores in 2020-21 and then to Rs.648 crores during April – December 2021-22. According to Report on the Trend and Progress of Banking – 2016-17, RBI had pointed out that the process of migration of batch-processed fraud databases to a web-based reporting architecture was largely complete, with regulated entities having started live reporting of fraud monitoring returns from April 1, 2017. Along with early detection mechanisms for frauds, a Central Fraud Registry (CFR) is made functional from January 20, 2016 a searchable centralised database for use by banks. This takes care to avoid any delay in reporting frauds to RBI and follow-up action.
When it comes to large frauds, the position is discouraging. When the banking system was yet to reconcile with the mega fraud of Punjab National Bank (PNB) that came to surface in 2017, purportedly perpetrated by diamantaires – Nirav Modi and Mehul Choksi involving close to Rs.14000 crores, the loan fraud of ABG Shipyard involving Rs.22,848 crores surfaced in 2022. It clearly flagged the weaknesses in risk management systems in banks and also brought to focus the efficiency of regulatory control. Such frauds impinge upon the reputation of banks impacting user confidence.
- How frauds occur:
It is the ill intent of people involved in defrauding the system to siphon off funds that are the genesis of fraud. The fraudster plans well and executes. The next challenge is the vulnerability of the systems to fall prey to such ill-intentioned design. Making systems robust enough to make it difficult for the culprits to intrude into the periphery to defraud is what tests the robustness. Even after technology-led monitoring tools are available to banks, they are unable to foresee and prevent incidents of fraud. In some cases, the nexus between the internal staff of banks and perpetrators cannot be ruled out. The internal staff is lured by disgruntled people to sway them to do what they want them to do. They thus collaborate and woo people to make frauds happen.
Frequent financial frauds are a drag on the efficiency of the financial system. Apart from the loss involved in fraud, the process of finding culprits and punishing them is another huge drag to the efficiency of administration. It also brings down the morale of committed employees to see the fragility of the systems. Minimising scope for frauds and institutionalising strong systemic controls and foolproof systems, processes and the manifestation of alerts are critical for an efficient financial system to unleash the full potentiality of the economy.
Fraud takes place when a person deliberately practices deception in order to gain something unlawfully or unfairly. In most states, the act of fraud can be classified as either a civil or criminal wrong. While fraud is most commonly committed to obtaining benefits of value, it sometimes occurs solely for the purpose of deceiving another person or entity. For instance, if a person makes false statements, it may be considered fraud, depending on the circumstances. Since frauds are the result of the ill will of the people and are something to do with the ethical dimensions, it manifests as operational risk.
In the context of looking at frauds in the financial sector, reference can be made to the definition of operational risk in the capital framework. Operational risk is the loss resulting from inadequate or failed internal processes, people, and systems or from external events. This definition includes legal risk but excludes strategic and reputational risk.
- Internal fraud prevention:
If frauds are to be prevented, the enforcement of operational risk management tools has to be strengthened. Banks have to spruce internal capabilities, skill sets, risk reading systems of their people to apprehend frauds with watchful oversight. Building up robust early warning signs and early intervention will be needed. The staff should be sensitized and well trained to grasp any fraudulent tendencies before they actually happen. They should be trained to pick up early signs of risk to prevent its manifestation. The checks and balances have to be maintained. Deviations to be taken up for rectification. The technology infrastructure should be subjected to rigorous systems audits and compliance audits. The efficiency of systemic controls should be improved. The business managers and technical team have to work together to develop templates and alert systems. The cyber security measures and vulnerability tests of firewalls and the fragility of systems should be checked from time to time. Preventive vigilance must be embedded in the culture of the organisation at every level to ensure care and caution. Even the behavior of people, visitors, influence of large customers must be kept under check.
The efficacy of the internal audit mechanism, the third line of defense has to be robust enough not to escape any non-compliance from the policies, procedures and workflows and standard operating procedures. All the three lines of defense of risk management must work in tandem to reinforce systems and controls. Customer education in using devices that are on self-service mode must be ensured. Institutions have to constantly build capabilities to disseminate financial and digital literacy to stakeholders so that they remain alert and conscious about the tricks of the fraudsters. It is the collective collaboration that fortifies against frauds. The regulators and government have been developing a safety infrastructure and reporting system that will add to the rigor.
- External fraud Prevention methods:
Improved detection and reporting of frauds along with comprehensive steps resulted in a sharp decline of such frauds, RBI has been upgrading fraud prevention methods while the government has instituted wide-ranging structural and procedural reforms to check frauds in banks.
Such systematic and comprehensive checking of frauds, including of the legacy stock of non-performing assets (NPAs), led to the unearthing of frauds perpetrated over the years. Even as the systematic and comprehensive checking has increased the annually reported amount involved in frauds, it has also resulted in a sharp decline in the occurrence of such frauds.
It can be observed that comprehensive steps have been taken to keep a check on frauds in banks, including addressing security flaws and ensuing investigation of such incidents. Following the PNB fraud, RBI directed banks in 2018 to implement security and operational controls, such as a straight-through process between the bank’s core banking solution or accounting system and the SWIFT messaging system, enabling time-based restrictions in SWIFT, review logs at regular intervals, among others. The authentication of SWIFT messages and their integration with the enterprise-wide general ledger has to be ensured so that they remain within the surveillance system.
In order to ensure timely reporting of financial frauds and to stop siphoning off of funds by fraudsters, the Financial Cyber Fraud Reporting and Management System module has been made operational by the Indian Cyber Crime Coordination Centre.
If these efforts work effectively, the financial institutions will be able to better manage the operational risks to prevent frauds – the potential risks to the financial soundness and stability. Better preparedness to thwart the ill designs of the fraudsters has to be embedded in the operations.
Courtesy-https://timesofindia.indiatimes.com/blogs/udayasrinivas-com/improve-operational-risk-management-to-control-frauds-in-banks/