Mumbai: While the financial world struggles to comprehend the bank fraud at Punjab National Bank (PNB), experts said the Rs11,400 crore Nirav Modi case is one of systemic failures and that it could have been detected only by concurrent or internal auditors.
Banks typically undergo four types of audits; statutory audit (which looks into bank balance sheets); internal audit (done by bank staff); concurrent audit (an audit of transactions done as they happen by internal or external auditors); and inspection by the Reserve Bank of India.
The fraud allegedly perpetrated by PNB employees involved branch officials, without authorization, issuing so-called letters of undertaking, or LoUs, (essentially guarantees) that helped Modi’s companies raise credit from other banks. LoUs, issued when overseas import payments are involved, basically guarantees liability payment by one bank to another on behalf of its client.
It involves an issuing bank, a receiving bank, an importer client and overseas client who is the ultimate beneficiary.
The messages on the LoUs are sent through the SWIFT messaging system. SWIFT stands for the Society for Worldwide Interbank Financial Telecommunication. The SWIFT transactions bypassed the bank’s core banking system, which typically processes daily transactions, evading scrutiny by the bank management.
The case is related to jeweller Nirav Modi, who was already under federal investigation following a PNB complaint on 29 January about fraudulent transactions of Rs280 crore. The bank had said at the time that it was checking if the case was actually bigger.
“Everyone is at fault as such a massive fraud does not happen over the years without getting detected," said J.N. Gupta, co-founder and managing director of proxy advisory firm Stakeholder Empowerment Services (SES).
The question is who could have detected these transactions.
“A concurrent auditor or perhaps an internal auditor are the only ones who could have," said Rakesh Nangia, founder and managing partner Nangia & Co. Llp, a consulting firm which also does audit work.
“It’s a failure of systems, controls and processes. The focus should be on ensuring that PSU bank systems are updated and have adequate controls in place," he added.
“A statutory auditor and inspection by RBI could not have detected anything, as these typically look at balance sheets. However, LoUs are off-the books transactions. Even a concurrent audit in India has its pitfalls with low fees, leading to low-quality audits," said a chartered accountant, who did not wish to be identified.
According to Deepak Bhawnani, CEO of Alea Consulting, a corporate fraud investigation consulting firm, RBI will have to investigate systemic loopholes in state-owned banks and ensure risk management systems are made more robust.
“This fraud yet again brings to light how unscrupulous employees can subvert even the most robust of risk mitigation technology. Employees are likely to be compromised during their tenure so there needs to proper and regular background checks, especially for sensitive positions," said Bhawani.