Can two employees really dodge a trusted banking software to pull off a Rs 11,400 crore scam? The fact that a scam of such magnitude went undetected shows the failure of various kinds of audits in the bank, including the RBI's inspection, says a senior chartered accountant tracking the developments.
The Reserve Bank of India has to carry out a deep investigation, forensic audit of the accounts involved in the alleged fraud and also make it compulsory for the banks to carry out forensic audit, PS Prabhakar, Partner in Rajagopal and Badrinarayanan, a chartered accountancy firm, told IANS.
"Every fraud is a lesson for those who want to take it as a lesson.
"Broadly the kinds of audits or inspections that are carried out in Indian banks are statutory audit (carried out by auditors appointed by banks), concurrent audit (carried out by outside auditors at the bank branches), internal audit (carried out by bank staff) and the inspection by RBI " says Prabhakar. He said the statutory auditor is mainly a test check auditor or an audit where transactions are checked at random.
"The internal audit is done by bank staff. Then there is also inspection by RBI officials. It is strange how the fraudulent transactions that have been carried out since 2011 were not detected," Prabhakar said.
Normally large value transactions should be checked and SWIFT system transactions should be carefully checked, he added.
According to the PNB, the alleged fraud was carried out by two staffers by not entering the transactions in the bank's core banking solution. In raising funds and moving money out of PNB, the two directly used SWIFT — the global financial messaging service used to move millions of dollars across borders every hour — and bypassed the core system which processes daily banking transactions and posts updates.
It was a ploy to avoid immediate detection: the SWIFT messages used to raise overseas credit were not readily available in PNB’s FINACLE software system as these were issued without entering into the bank’s CBS.
Prabhakar said a Letter of Credit should normally be given only against receipt of security but it is not done in banks.
"The PNB case is just one bank and one branch. It is not known how many more banks and branches are involved in such transactions," Prabhakar said. According to him, the RBI has to carry out a forensic audit of the books of the parties involved in the alleged fraud in PNB and trace the money or the property bought with that money. He said risk-based information security audit should be done in banks by professionals with specialised knowledge of software systems.
"The costs for the banks will be far less compared to their losses due to frauds," Prabhakar said.
Partner at chartered accountancy firm GSV Associates, M.R.Venkatesh told IANS: "The alleged fraud in PNB is a failure of auditors --internal and statutory -- and also of the regulator."
"The sad part is that everybody involved in such frauds in India know that nothing would happen to them," Venkatesh added.
"It is a failure of PNB's internal checks and controls. I don't know why the bank officials are given the discretion to enter the data in one system and not in the main system (core banking solution)," says Rakesh Nangia, Managing Partner, Nangia & Co.
According to Prabhakar, bankers should scrutinise carefully the gems, jewellery and real estate players before extending any facility to them.
with inputs from Venkatachari Jagannathan, IANS
No comments:
Post a Comment