Embed Size (px)
DESCRIPTION
banking fraud
Citation preview
1
Project Report on
‘Banking Frauds: Issues and Challenges’
Subject: Management of Financial Institutions
Presented to: Presented By:
Dr. Kumar Bijoy Guneet Kaur (13105)
Gurkiran Singh (13106)
Jasleen Kaur (13124)
Lakshit Jain (13149)
[BMS 3FB]
2
TABLE OF CONTENTS
S. No Content Page
1 Introduction 4
2 Definitions and Scope 5
3 Evolution of Frauds 6
4 Types of Frauds in the Banking Sector 7
5 Frauds in the Banking sector: Some Statistics 14
6 Ketan Parekh – RBI : A Case Study 17
7 Cyber Frauds in Banking 23
8 Upcoming Measures : Red Flag Accounts 27
9 Conclusion and Recommendations 30
10 Bibliography 33
3
ACKNOWLEDGEMENT
First and foremost we’d like to thank our Management of Financial Institutions teacher, Dr.
Kumar Bijoy for giving us this topic and also for his kind support and guidance throughout the
completion of this project. Without his guidance this project would not have been such a
success.
We’d also like to thank the University for providing us the opportunity of working on projects as
a part of our curriculum.
We are also grateful to our friends and family for their invaluable support. We would also like
to thank the people who have spent their time extensively researching on this topic. Their
research helped us build this project.
4
INTRODUCTION
Computer and Information Technology has gained pace over the last few years and now has
become one of the most important means of communication and transfer. It has made its way
into all the facets of any industry. Because of its increased use and dependency on it, there has
been a growing trend of online transactions, digital data transfer, electronic database, information
transmission and various other information technology tools. In the time of high degree of
competition, all banks and financial service providers have started making prime use of
technology to make transfers, payments, provide regular information to customers and other
remittance services. But with increased dependence on information technology, people from all
industries witness a high risk of theft, hacking, transmission of virus, and various other kinds of
frauds due to publically available data.
The growth in the banking sector has been more than the growth in India‘s economy over the last
financial year but with this growth has emerged increasing risk and worry due to frauds. Frauds
have been observed in mobile banking transactions, RTGS, NEFT, etc. According to the Reserve
Bank of India, the primary responsibility of combating these frauds lies in the hands of the banks
themselves. The major aspects on which the banks need to concentrate include cybercrime,
identity theft, money laundering, use of black money, loan loss. the banks face a dilemma of
choosing between provision of ease in banking or protection of their customers from the high
risk that exists due to electronic banking. Currently, 74% of the Indian population has mobile
phones. Mobile payment volumes have hence registered a steady rise. A recent study on e-
commerce in India by Accel Partners estimated that shopping through mobile phones grew by
800% in 2013. It is expected to show a compound annual growth rate of 150% by the end of
2016.According to a report published in ICFE Fraud Magazine,9 in 2013, 46% of the complaints
or identity theft frauds reported globally involved breaches of government documents. Over 20%
of all identity theft frauds or complaints were related to breaches of data of financial institutions
(e.g. credit card, loan or other bank information). RBI circular November 2014:10 It has been
reported that in some cases even though the original cheques were in the custody of the
customer, cheques with the same series had been presented and en-cashed by fraudsters.
Thus this trade-off between ease in banking and risk-free banking needs to be overcome such
that the banking sector is able to provide their services and in addition are also able to ensure
safety and security.
We are therefore going to analyse the kinds of frauds faced, the issues that the banks have to
counter due to the frauds, the challenges that need to be overcome, the regulations which are
already prevalent and a few suggestions that can help them to cover and protect themselves from
these frauds.
5
DEFINITION AND SCOPE
According to section 25 of Indian Penal Code, ―a person is said to have done a thing fraudulently
if he did that thing with intent to defraud but not otherwise.‖ Hence fraud can be interpreted as
―an act of criminal deception carried out singly or in collusion with others with a view to
deriving gains to which one is not legally entitled.
Reserve Bank of India has defined fraud as ―All instances wherein Banks have been put to loss
through misrepresentation of books of accounts, fraudulent encashment of instruments like
cheques, drafts and bills of exchange, unauthorized handling of securities charged to banks,
misfeasance, embezzlement, theft, misappropriation of funds, conversion of property, cheating,
shortages, irregularities etc.‖
Although the Reserve Bank of India guides all the banks on the matters of fraud prevention, the
primary responsibility lies with banks themselves. The RBI advises the Chairmen and Managing
Directors/ Chief Executive officers to form internal policy and framework for fraud prevention
and supplies all the commercial banks with Frauds Reporting and Monitoring System (FRMS),
so that the banks can report the cases in the prescribed format. The RBI also asks banks to
specifically nominate an official of the rank of General Manager who will be responsible for
submitting all the returns.
Types of banking frauds as defined by the RBI
In order to have uniformity in reporting, frauds have been classified as under, based mainly on
the provisions of the Indian Penal Code:
Misappropriation and criminal breach of trust.
Fraudulent encashment through forged instruments, manipulation of books of account or
through fictitious accounts and conversion of property.
Unauthorised credit facilities extended for reward or for illegal gratification.
Negligence and cash shortages.
Cheating and forgery.
Irregularities in foreign exchange transactions.
Any other type of fraud not coming under the specific heads as above.
6
EVOLUTION OF FRAUDS
1999-2000
The kinds of frauds in the banking and financial sector that prevailed in the decade of 1990s is
as follows:
Hawala Transactions
Ponzi Schemes
Fake Currency
Cheque Forgery
Advancing loans without adequate due diligence
Siphoning of investors money through Fictitious companies
Use of Fictitious Government securities
2001-2015
The kinds of frauds have changed over time. With the introduction of internet banking, the
industry of banking and financial services have witnessed a change in the kinds of frauds, The
frauds in this time period are more focussed on obtaining information by means of hacking,
identity theft, etc.
Tax Evasion and Money Laundering
Black Money stashed abroad
Cybercrime
Debit/Credit Card fraud
Identity Theft
Fake Accounts
Benami Accounts
Collusive frauds emanating kickbacks to employees of financial institutions
Use of forged instruments such as stamp papers and shares
Violation of Know Your Customer (KYC) norms
7
TYPES OF FRAUDS IN BANKING SECTOR
FRAUD RISKS: BANKING
Fraudulent documentation
Fraudulent documentation involves altering, changing or modifying a document to deceive
another person. It can also involve approving incorrect information provided in documents
knowingly. Deposit accounts in banks with lax KYC drills/inoperative accounts are vulnerable to
fraudulent documentation.
Some such cases are:
• An individual illegally obtains personal information/documents of another person and takes a
loan in the name of that person.
• He/she provides false information about his/her financial status, such as salary and other assets,
and takes a loan for an amount that exceeds his eligible limits with the motive of
non-repayment.
• A person takes a loan using a fictitious name and there is a lack of a strong framework
pertaining to spot verifications of address, due diligence of directors/promoters, pre-sanction
surveys and identification of faulty/incomplete applications and negative/criminal records in
client history.
• Fake documentation is used to grant excess overdraft facility and withdraw money.
• A person may forge export documents such as airway bills, bills of lading, Export Credit
Guarantee Cover and customs purged numbers/orders issued by the customs authority.
Multiple Funding/Diversion/Siphoning of Funds
Siphoning of funds takes place when funds borrowed from financial institutions are utilised for
purposes unrelated to the operations of the borrower, to the detriment of the financial health of
the entity or of the lender. Diversion of funds, on the other hand, can include any one of the
following occurrences:
• Use of short-term working capital funds for long-term commitments not in conformity with the
terms of sanction
• Using borrowed funds for creation of assets other than those for which the loan was sanctioned
• Transferring funds to group companies
• Investment in other companies by acquiring shares without the approval of lenders
8
• Shortage in the usage of funds as compared to the amounts disbursed/drawn, with the
difference not being accounted for
Identity Theft
Fraudsters are devising new ways to exploit loopholes in technology systems and processes. In
case of frauds involving lower amounts, they employ hostile software programs or malware
attacks, phishing, SMSishing and whaling (phishing targeting high net worth individuals) apart
from stealing confidential data.
In February 2013, the RBI advised banks to introduce certain minimum checks and balances
such as the introduction of two factor authentication in case of ‗card not present‘ transactions.
Some examples:
• Unauthorised emails asking for account information for updating bank records are sent by
fraudsters. The customer information is then misused for misappropriating funds.
• Access rights for making entries are given to unauthorised people.
• Bank employees keep original Fixed Deposit (FD) receipts with themselves and hand over
phony FD receipts to customers. They then revoke FDs by forging signatures.
• Lost/stolen card: It refers to the use of a card lost by a legitimate account holder for
unauthorised/illegal purposes.
• Account takeover fraud: An individual illegally obtains personal information of valid
customers and takes control of the card account.
• Theft of valuables: Fraudsters open bank lockers to take key impressions of other lockers and
then use duplicate keys to steal assets.
Internet Banking and related frauds
Around 65% of the total fraud cases reported by banks were technology-related frauds (covering
frauds committed through/at an internet banking channel, ATMs and other payment channels
like credit/debit/prepaid cards), whereas advance-related fraud accounted for a major proportion
(64%) of the total amount involved in fraud.
Some examples:
• Triangulation/site cloning: Customers enter their card details on fraudulent shopping sites.
These details are then misused.
• Hacking: Hackers/fraudsters obtain unauthorised access to the card management platform of
banking system. Counterfeit cards are then issued for the purpose of money laundering.
• Online fraud: Card information is stolen at the time of an online transaction. Fraudsters then
use the card information to make online purchases or assume an individual‘s identity.
9
• Lost/stolen card: It refers to the use of a card lost by a legitimate account holder for
unauthorised/illegal purposes.
•Debit card skimming: A machine or camera is installed at an ATM in order to pick up card
information and PIN numbers when customers use their cards.
• ATM fraud: A fraudster acquires a customer‘s card and/or PIN and withdraws money from the
machine.
• Social engineering: A thief can convince an employee that he is supposed to be let into the
office building, or he can convince someone over the phone or via e-mail that he‘s supposed to
receive certain information.
• Dumpster diving: Employees who aren‘t careful when throwing away papers containing
sensitive information may make secret data available to those who check the company‘s trash.
• False pretences: Someone with the intent to steal corporate information can get a job with a
cleaning company or other vendor specifically to gain legitimate access to the office building.
• Computer viruses: With every click on the internet, a company‘s systems are open to the risk of
being infected with nefarious software that is set up to harvest information from the company
servers.
Incorrect sanctioning or external vendor-induced fraud
According to PwC‘s Global Economic Crime Survey 2014, 20 external fraudsters are still the
main perpetrators of economic crime for the majority of financial service organisations (57% in
2014 and 60% in 2011).
Financial institutions are prime targets for external frauds, given the amount of money fraudsters
can potentially obtain as well as the sensitivity of data held by these organisations (credit card
and personal identity details, for example).
The financial services sector also tends to be more strictly regulated and as a result, many
business processes and functions have corporate controls in place. This makes it more difficult
for frauds to be internally perpetrated without discovery. The absence of
a proactive and robust monitoring framework, however, does not allow the entity to identify
conflict of interest issues such as employees or agents having a close relationship with other
entities. Some examples:
• Falsified Valuations: External consultants advising loan borrowers to fabricate their valuation
report and inflate the amount of funds that can be borrowed
• Corporate espionage: Sharing trade secrets or confidential customer information with the
competitor for commercial benefits
• Merchant collusion: Merchant owners and/or their employee conspiring to commit frauds using
their customers‘ accounts and/or personal information
• Ponzi scheme: A type of pyramid scheme, where money from new investors is used to provide
returns to previous investors
10
• Offshore investing: External vendors convincing investors to invest in outside companies by
showing higher returns when the companies don‘t exist in reality
• Bogus offerings: Investing in a bogus company (no operations, earnings or audited financial
statements)
• Misappropriation of loan disbursements: Loans of lesser value being disbursed to farmers and
funds being misappropriated by intermediators through false documentation
• Inflation of projected sales figures or past income: Large and unusual year end transactions
resulting in profit for the enterprise.
• Others: Faking net worth of directors, faking CA certificates or financial statements, inflating
sundry debtors or reducing sundry creditors, reference checks not being conducted, irregularities
in repayments for loans availed from other banks, frequent start-ups, maintenance of a large
number of small enterprises, etc.
Counterfeit Cheques
Counterfeit or fake cheques that look too good to be true are being used in a growing number of
fraudulent schemes, including foreign lottery scams, cheque overpayment scams, internet auction
scams and secret shopper scams. Unsuspecting sellers get stuck when scammers pass off bogus
corporate or personal cheques.
Tunnelling/phoenixing or asset stripping
Even though the above-mentioned terms are interchangeably used, in the banking world, asset
stripping primarily implies taking company funds or assets of value, and leaving behind debts.
This can happen when a company‘s directors transfer only the assets of one company to another
and not the liabilities. The result is a dormant company which has to be liquidated as it has
large liabilities that cannot be met. Some examples:
• Asset stripping: Fraudsters deliberately target a company or companies to take ownership,
move the assets and then put the stripped entity into liquidation.
• Phoenixing: Directors of a company move the assets from one limited company to another to
‗secure‘ the benefits of their business and avoid the liabilities. Most or all directors will usually
be the same in both companies. This usually is a way of ‗rescuing‘ the assets of a failing business
rather than targeting a company.
• Teeming and lading: In order to maintain the liquidity situation artificially, amounts received
from the subsequent debtor are credited to the earlier debtor‘s account so that one debtor‘s
account does not show an outstanding balance for a long time. Such a process is continued till
the time the original amount misappropriated is finally replaced or till the time the cashier is
caught.
11
Overvaluation or absence of collaterals
Absence of stringent guidelines on the due diligence of professionals assisting borrowers at the
time of disbursement of loans may result in valuation agencies or advocates facilitating the
perpetration of frauds by colluding with the borrowers to inflate security valuation reports. Some
examples:
• Concealing liabilities: Borrowers concealing obligations such as mortgage loans on other
properties or newly acquired credit card debts in order to reduce the amount of monthly debt
declared on the loan application
• Misstatement: Deliberately overstating or understating the property‘s appraised value; when
overstated, more money can be obtained by the borrower in the form of a cash-out
refinance, by the seller in a purchase transaction, or by the organisers of a for-profit mortgage
fraud scheme
• Cash back schemes: The true price of a property illegally being inflated to provide cash-back to
transaction participants, most often the borrowers, who receive a ‗rebate‘ that is not disclosed to
the lender
• Shot gunning: Multiple loans for the same home being obtained simultaneously for a total
amount greatly in excess of the actual value of the property
MOBILE BANKING: FRAUD RISKS
There are two types of mobile financial services that are currently offered in the Indian market—
mobile banking and mobile wallets. Being an easy and convenient mode of transacting, there has
been a 55 times rise in value usage of mobile banking and 5.5 times rise in the volume of
transactions between FY12 and FY15. After the recent changes to RBI policy,
customers of semi-closed pre-paid instruments (PPIs) can now do the following:
• Load up to 1,00,000 INR in wallets
• Transfer money from their wallet to
any bank account
This move, on one hand, enhances the convenience and adaptability of a mobile wallet and on
the other, makes it more susceptible to fraud risks.
Risks associated with mobile banking are:
● Mobile banking application being mapped to an incorrect mobile number: For bank
customers who do not use mobile banking, an employee of the bank could attach an
associate‘s mobile number to the bank account and install a mobile application on his
12
mobile device. The customer‘s account is compromised by the associate and he or she
does not get any notification about the same.
● Creating fake and non-existent users on the mobile financial services platform: Most
of the banks appoint a third party vendor to develop mobile application to be integrated
with their core banking system. The vendor may create two unauthorised users with
rights to initiate and verify transactions, and transfer funds from the organisation to his
associates‘ wallets, effectively stealing money from the bank
● Malware: The increase in the number of mobile banking users is accompanied by a rise
in attacks through malware.
● Data theft: Mass attacks are possible through the theft of credentials which can be used
for personal benefits.
● SIM swap: SIM swap means replacing the old SIM with a new one, when the old gets
lost or damaged, or when one needs a differently sized SIM card. If a fraudster manages
such a swap, he can carry out numerous fraudulent transactions using the mobile number
of the victim. For instance, the valid mobile station international subscriber directory
number (MSISDN) is moved to another handset. The user has no access to their account
and receives no notification. The user with the other handset, on knowing the PIN, can
transact in the account.
● Fake or similar interface apps: Fake applications, with exactly the same user interface
as the original application, are being created to steal confidential information shared by
the user.
Risks associated with Mobile Wallet:
● Increased risk of money laundering: Transfer of money into and out of a mobile wallet
from or to a bank account is now possible. Cash-in from the bank account of an
individual and cash-out to a different bank account of another individual can be used as a
platform for laundering unaccounted money.
● Unauthorised deductions from the wallet of a customer (especially a dormant or
infrequent customer account): Employees of the mobile wallet service provider may
misuse the balance stored in the wallet of a customer by making unauthorised deductions.
Moreover, in case of a mis-happening to a customer with no nomination facility, the
balance in the customer‘s account is not passed on to his family members and remains
with the service provider, which ultimately becomes a low-hanging fruit for the
fraudsters.
● Failure to conduct proper due diligence of merchants: If the merchant on-boarded by
the service provider is a fraudster, and the payment is made by the customer for fictitious
goods or services from the merchant, cash can be rotated with minimum transaction fees.
● No auto log off facility: An individual usually opens the application on his mobile device
for availing of the services and closes the application, instead of logging out. If the
13
mobile device is stolen or lost and a fraudster opens the application, he can misuse the
remaining balance in the service provider‘s wallet
14
FRAUDS IN THE BANKING SECTOR:
SOME STATISTICS
A comparative picture (Table 1) of total number of fraud cases and amount involved as on March
31, 2013 for scheduled commercial banks, NBFCs, Urban Cooperative banks, and Financial
Institutions is as under:
As is evident from the above table, the cumulative number of frauds reported by the banking
sector and the total amount involved in these fraud cases have a major share in the frauds
reported by all entities under RBI’s supervisory jurisdiction. A year-wise break up of fraud cases
reported by the banking sector together with the amount involved is given in Table 2 below:
15
It may be observed that while the number of fraud cases has shown a decreasing trend from
24791 cases in 2009–10 to 13293 cases in 2012–13 i.e. a decline of 46.37%, the amount involved
has increased substantially from Rs 2037.81 crore to Rs. 8646.00 crore i.e. an increase of
324.27%. A granular analysis reveals that nearly 80% of all fraud cases involved amounts less
than Rs. one lakh while on an aggregated basis, the amount involved in such cases was only
around 2% of the total amount involved. Similarly, the large value fraud cases involving amount
of Rs.50 crore and above, has also increased more than tenfold from 3 cases in FY 2009–10
(involving an amount of Rs 404.13 crore) to 45 cases in FY 2013 (involving an amount of Rs
5334.75 crore) (Annex 1). Further, a bank group wise analysis of frauds reveals that while the
private sector and the foreign bank groups accounted for a majority of frauds by number
(82.5%), the public sector banks (including SBI Group) accounted for nearly 83% of total
amount involved in all reported frauds (Table 3 below).
16
While the sheer number of frauds and the amount involved, when seen in isolation, may appear
overwhelming, it is important to view the incidence of frauds in the banking sector in the context
of the massive increase in the number of deposit and credit accounts in banks and the staggering
volume and value of transactions that are processed by the banks every day. To put things in
perspective, let me quote some statistics again. The number of deposit accounts in the banks over
the last ten years (between end 2002 and end 2012) has gone up from 43.99 crore to 90.32 crore
while the number of loan accounts in the same period has also more than doubled from 5.64
crore to 13.08 crore. A quick estimate puts the average number of all transactions that happen
every day in the banking system at approximately 10 crore, which is enormous. The number of
frauds per million banking transactions was about 0.4, which is not a very high figure. Likewise,
besides increase in the number of brick and mortar branches, additional service delivery points
like ATMs and Point of Sale (POS) terminals have also gone up significantly. While the number
of ATM machines has grown from 34789 in March 2008 to 114014 in March 2013, the number
of POS terminals has also more than doubled (from 423667 to 845653) during the same period.
The observation is that on a standalone basis the quantum of frauds, both in terms of number and
amount involved, may appear to be very high, but when one weighs it against the sheer
magnitude of accounts and transactions handled by the banking system, they are not alarming.
17
THE KETAN PAREKH FRAUD AND SUPERVISORY
LAPSES OF THE RESERVE BANK OF INDIA (RBI):
A CASE STUDY
The Ketan Parekh fraud was the biggest of a series of frauds and direct attacks on the systems
and procedures of banking in India in the late 1990s. The exposure of the fraud in 1999 along
with the collapse of several co-operative banks and the largest mutual fund in India, the Unit
Trust of India (UTI) US-64, has seriously undermined the Indian banking system. Coming after a
similar banking and capitals market fraud involving Harshad Mehta in 1991, it has exposed the
glaring lacunae in the existing Indian banking regulatory and supervisory framework.
Nature and Extent of the Fraud:
The nature of the fraud perpetrated by Ketan Parekh lies in the abuse of the banking system in
India to channelise money illegitimately into the stock market. Parekh acquired funds
fraudulently over a long period of time from various commercial and cooperative banks through
the issuance of large-value pay-orders, which are of the same nature as demand drafts, without
the actual cash to back them up or any reciprocal pay-in of funds. The fraud consequently
becomes a statement on how the nexus between bankers, corporate bodies, promoters of
companies, auditors and stock brokers, in the absence of alert and diligent supervision, can
trigger a systemic crisis in the capital markets and which can potentially induce a banking crisis
as well. The Joint Parliamentary Committee (JPC) Report1 on the extent and causes of the fraud,
sums it up in the following terms:
"The scam does not lie in the rise and fall of prices in the stock market but in the large scale
manipulation like the Unit Trust of India (UTI), violation of the risk norms on the stock
exchanges and banks, and use of funds coming through overseas corporate bodies to transfer
stock holdings and stock market profits out of the country." (para 2.20, page 10)
The JPC Report highlights the fact that Parekh owned or controlled 23 entities in the stock
market which he used to build up a complex network of untraceable transactions in order to hide
the sources from where he used to obtain his funds for playing up the market. Parekh‘s modus
operandi was to identify and acquire technology and communication stocks, now termed as ―K-
10 stocks‖ and ramp up their prices by simulating enhanced market activity. They included the
stocks of various companies like Pentafour, Global Telesystems, Zee Telefilms, Himachal
Futuristic Communications Ltd, Pentamedia Graphics, Silver Line Technologies and DSQ.2 The
banking crisis was manifest in the bank run and subsequent fall of Madhavpura Mercantile
18
Cooperative Bank (MMCB) and a collapse of the Unit Trust of India‘s US-64 mutual fund, the
largest mutual fund of the biggest institutional investor in the Indian stock market.
1) Collapse of MMCB:
The fraud was exposed in 1999 when a Rs 140 crore pay-order given to Ketan Parekh by
Madhavpura Mercantile Co-operative Bank (MMCB) bounced. The discounting bank, Bank of
India (BOI), had already given Parekh Rs 137 crore but when the pay-order was sent to the
clearing house it was dishonoured. Meanwhile, Parekh‘s over-valued shares shares had collapsed
in the market and the MMCB could not raise sufficient funds to defend its position.The
involvement of Madhavpura Mercantile Co-operative Bank (MMCB) with Ketan Parekh was the
only reason for its immediate collapse when the fraud broke. The MMCB issued credit regularly
to Parekh in violation of RBI regulations along with UTI and Global Trust Bank and the total
exposure of MMCB to Parekh stood at Rs 840 crores before its collapse. The MMCB‘s Mandvi
Branch alone issued 13 pay-orders to Parekh in only two days against all RBI guidelines. The
RBI has observed generally as regards co-operative banks in one of its reports as,
―The management and boards of several co-operative institutions continue to reflect political
interests rather than genuine co-operative spirit.‖ A similar observation was also given by the
Vikhe Patil Committee Report , ―Excessive politicisation and absence of committed leadership
dedicated to the vision of the co-operative movement have affected the basic fabric of the
democratic co-operative structure. The recovery climate in the co-operative sector has been
vitiated due to across-the-board loan waivers. Poor recoveries and diversion of a part of the
recoveries to fund losses have severely debilitated the health of these institutions.‖ In two
months, about 250 pay-orders totalling Rs 2400 crores were issues by MMCB, UTI and GTB to
Parekh. In fact, GTB and Standard Chartered Bank provided Parekh with an overdraft facility
through which he could route funds into the stock market in violation of RBI guidelines. The
total amount involved in the pay-order fraud was estimated by the Central Bureau of
Investigation (CBI) to total Rs 1030.34 crores. That meant that the banks advanced this amount
of money to Parekh against a permissible overall limit of Rs 475 crores and thereby committing
various deliberate irregularities and wilful breach of all RBI guidelines and directives. The CBI
Report also has stated that Parekh opened 11 accounts in MMCB, Mandvi Branch, in Mumbai
alone and his relatives held 16 accounts in the names of various bogus companies with the Bank
of India, Mumbai Stock Exchange Branch. It also traced an account in Credit Suisse Bank,
Zurich, the contracting partner being a corporation named Elista Ltd, registered in Nassau,
Bahamas, with the beneficial owner being Ketan Parekh.
2) Collapse of UTI’s US-64:
The Unit Trust of India's (UTI) US-64 mutual fund, the largest mutual fund in India, comprising
of two thirds of the total assets of the Indian mutual funds industry and Rs.57,500 crores in
assets, collapsed in the wake of the Ketan Parekh fraud. The US-64 was originally conceived as a
savings instrument for pensioners and middle-class salaried persons and its credibility lay in the
19
fact that it offered a regular and safe income and the highest ever yield was 18% in 1993-94. The
JPC Report, while stating the primary reason as non-observance of basic investment
fundamentals by the fund managers, indicts UTI as follows: "India's largest mutual fund appears
to have taken recourse in brokers for certain transactions, which seem to be in the nature of inter-
scheme transfers, and thus has violated its own guidelines." The UTI invested Rs 3,400 crores in
just 6 out of a total portfolio of 44 stocks which was eroded by 60 per cent of its value in one
year. It also invested Rs 1300 crores in another five stocks, which was devalued by 77 per cent
and stood at Rs 300 crores within a year. The imprudent investment by fund managers in the ―K-
10 stocks‖ was cited by the JPC as a consequence of collusion and connivance with Ketan
Parekh. The Report particularly pointed out the investment in Himachal Futuristic
Communication Limited (HPFCL) and Global Telesystems, two of Parekh‘s favourite stocks. It
pointed out that as on June 2001, UTI had invested Rs 1050.70 crores in HFCL‘s equity, the
market value of which had depreciated by 92 per cent. The JPC Report clearly stated that UTI
―went on building up its portfolio in the Global Telesystems (Private Limited) scrip to facilitate
the upward trend in its prices‖ and that ―decisions not to offload the stock to book profits when
the prices were favourable or cut their losses in adverse circumstances raises doubts‖. The
Rs.30,000 crore portfolio of the fund lost its value by half within 2001. By March/April, 2001,
US-64 Net Asset Value (NAV) stood at Rs.5.81 below par (Rs.10). The government had to
announce a bail out package at a cost of Rs.5120 crores. The Tarapore Committee Report
concluded, "The sanction and disbursement process does indicate that the sanctity of the
sanctioning powers and the laid-down processes have on many occasions not been observed."
The N.L. Mitra Committee constituted after the Ketan Parekh fraud, when examining the
causative factors for the incidence of bank frauds, cited the following reasons in its Report:
A. Large Value Credit Frauds:-
i) Absence of proper physical verification of collateral security offered.
ii) Lack of proper post-disbursement monitoring to ensure appropriate end use of funds.
iii) Lack of pre-sanction survey including improper identification of borrower and verification of
antecedents of prospective borrowers.
B. Lapses in Internal Control Mechanism:-
i) Lack of periodical review of systems and procedures at certain intervals.
ii) Lack of annual review of frauds and serious irregularities pointed out in audit reports which
could also become a basis for review of the basic accounting systems as well as the procedural
guidelines.
iii) Delayed reconciliation of high value intra-branch accounts or inter-branch transactions.
iv) Lack of periodical review of credit outflow from banks
v) Lack of concurrent audit, internal inspection of books, snap audits and verification of audits.
vi) Connivance of supervising staff as well as involvement of lower level bank staff.
20
Lapses in RBI Supervision:
The principal reasons for the incidence of large-value frauds within the domestic banking system
in India through the 1990s can be broadly classified under regulatory lapses arising from
criminal conduct and reckless mismanagement which occur due to the critical absence of or
failure to enforce:
(1) internal control systems;
(2) internal audits of those mechanisms;
(3) corrective actions to mitigate or prevent opportunities for fraud, reckless mismanagement, or
conflicts of interest raising the potential for such behaviour.
An analysis of the supervisory lapses on the part of the RBI in the Ketan Parekh fraud is detailed
below.
(1) Lack of prioritization of large-value bank fraud:
The Reserve Bank of India failed to classify large value "bank frauds" as a separate category of
offences in any of its internal circulars or guidelines to the banks even after the incidence of
Harshad Mehta defrauding several public sector banks and financial institutions. As a
consequence, neither the RBI nor the banks had any well-defined criteria for the prioritisation of
large value fraud-related cases by taking into account the nature and extent of public monies lost
or by the intent of the actors. It also failed to classify as a separate offence by which diversion of
bank funds would constitute fraud.
(2) Lapses in Audit and Internal Control
The Reserve Bank of India (RBI), India's central bank, failed as part of its regulatory duties to
secure the fire-walling of traditional commercial banking activities from new activities which
relate to securities transactions and to minimise the risk of cross-contamination of affiliated
depository institution. The attendant risks of contagion and moral hazard enveloped the
cooperative banks as well as the Unit Trust of India. The S.S. Tarapore Committee formed to
examine the UTI's collapse stated the following as the principal reasons:
i) Unauthorised investment of Rs.3000 crores in shares and debt instruments of 24 companies
between 1997-2001;
ii) Serious deficiencies in sanctioning process; and,
iii) Sanctioning of investments beyond Chairman's delegated powers.
21
(3) Failure to identify large exposure
A crucial regulatory lapse of the Reserve Bank of India in the Ketan Parekh fraud was its failure
to identify funds concentrated in the hands of a single borrower or set of borrowers and the
subsequent diversion of such funds to the stock market in violation of all RBI guidelines. The
bank failed to analyse the risk return profile of investments because of non monitoring of the
credit facilities given to Parekh by UTI and others. There was no scrutiny made as to whether
banks had made a proper credit analysis of the borrower in consonance with prevailing credit or
equity evaluation norms. The concentration of bank funds in the hands of a single borrower or a
particular set of borrowers constitutes a fundamental cause for capital inadequacy problems
faced by banks. The Bank of England's own review following the Johnson Mathey Bank (JMB)
collapse concluded that concentrations of lending to individual borrowers or certain sectors were
the most important recent cause of difficulties in banks 64. Such concentration of capital makes
capital requirements inaccurate and banks fail to distinguish risk variables. The spread of risk in
investments is linked closely to solvency of the bank which in turn determines a banker's
diligence and prudence. Imprudent investments manifest perverse incentives for banks and
financial institutions, as in the case of UTI and MMCB, to look for unsustainably high income
against low capital cost at the cost of the depositor and the shareholder.
(4) Inadequate market intelligence gathering
There never existed any formal Glass-Steagall type of separation in India, as was the case in the
United States, between banking, insurance and securities businesses. As a matter of practice,
banks circumscribed their activities, and market segmentation was formalised by a stock
exchange norm that prevented outsiders from taking a controlling interest in member firms. This
is because the Indian approach to regulation, similar to that of the United Kingdom, does not
coexist easily with a system in which risks freely flow between different parts of the same
financial group. This is a principal factor that led to the collapse of the Unit Trust of India. The
RBI ought to have been more alert and diligent in the gathering of market intelligence regarding
the movement of shares and identification of broker positions. It failed to analyse,
(a) the nexus between institutional investors like UTI and brokers; and,
(b) the role of unscrupulous brokers like Parekh as intermediaries in purchasing securities to play
the markets.
There was a lack of market intelligence sharing between the Securities and Exchange Board of
India (SEBI) and the Market Intelligence and Surveillance Unit (MISU) of the RBI. Such lack of
informal mechanism led to a regulatory failure of covering the broader prudential issue relating
to the capacity of intermediaries to carry on business on ongoing basis including, in particular,
the adequacy of their financial resources or internal control systems. The RBI also failed to
22
identify multiple accounts held by single borrower in same branch of Bank of India, a public
sector bank, as well as MMCB, from which money used to be regularly diverted to the markets.
(5) Problem of Dual Regulation of Co-operative Banks
The failure of MMCB and several co-operative banks in different parts of the country almost
simultaneously raises extremely difficult questions as to the quality and extent of banking
regulation. It represents the problem of having a system of overlapping regulatory arrangement
in the regulation of co-operative banks without the actual division of regulatory workload or
practical separation of supervisory responsibilities.
23
CYBER FRAUDS IN BANKING
In a stsuy done by Soni RR and Soni Neena the cyber frauds in Indian banking system has been
discussed at length. Given below are handpicked experts from the research.
Use of technology in financial services of course has given a tremendous impetus to their
development. However, due to heavy dependency on electronic and digital tools to carry out
business and payment transactions, a serious threat has also been imposed to the safety and
reliability of financial operations. Along with the growing trend of online and cyber transactions,
the number of banking scams has also been on the rise affecting more and more people using
banking technology tools. Frauds with online payments, ATM machines, electronic cards and net
banking transactions have become a serious issue. Huge loss of money of people and institutions
is caused every year due to these cyber frauds in banking firms, even after tight security
measures in electronic transaction. Banks themselves have been found to be involved in
fraudulent practices in a big way causing their customers enormous losses. This study is an effort
to review and analyze the subject in Indian context with a comparative touch between private
and public sector banks in the country.
As the Information and Computer Technology has made its reach into almost every sphere of
life. The world has been witnessing a growing trend of using online transactions, digital data
transfer, electronic database and so many business, social and other activities based on
computers, internet and information technology tools. In the time of cut-throat competition,
every business entity wants to improve its performance level so as to cut costs, increase
productivity and serve the customers better. Banking, insurance and financial organizations are
the prime users of internet and online transactions. They make use of such technology to transfer
cash, make payments, submit account information and other kinds of remittance services. Of
course, the banking services have really got enriched owing to information and internet uses.
But, at the same time, cyber threat is a big issue. Online transactions and data are not free from
being attacked or manipulated. Cases of fraudulent cash withdrawals, account information
hacking, data theft and credit/debit card scams have remarkable association with electronic
systems in banking business. Today, maximum information being online, are highly susceptible
to be attacked by cyber criminals. Cyber fraud cases in banks have become quite common which
cause heavy loss of money to the customers every year. Cyber crime can be described as any
criminal activity done using computers and the Internet. This includes anything from illegally
downloading files to stealing millions of rupees from online bank accounts. Cybercrime also
includes non-monetary offenses, such as creating and distributing viruses on other computers or
posting confidential business information on the Internet. Perhaps the most
24
prominent form of cyber crime is identity theft, in which criminals use the Internet to steal
personal information from other users. Two of the most common ways this is done is through
phishing and pharming which are related with the finding of confidential online information.
According to the Zee Research Group (ZRG) analysis, during the last decade, the Indian banking
sector grew at an average rate of 18 percent in comparison to 7 percent GDP growth rate.
However, during the same period, cyber fraud in the banking sector has emerged as a big
problem and a cause of worry for this sector.
Explaining the rationale behind the increase in amount related to cyber frauds, Pavan Duggal,
Cyber law expert averred, ―Relevant security mechanism has not been followed by the private
sector banks while public sector banks continued to follow the traditional approach.‖ He
lamented that the Gopalakrishna Working Group (GGWG) report recommendations on safe
electronic banking had met with poor compliance. These recommendations mandated that each
bank create a separate information security function to focus exclusively on information security
management, a Board approved information security policy needs to be in place and reviewed at
least annually as also digital evidence needed to be considered as similar to any other form of
legal proof. This manuscript puts forward the issues related to the title.
Reserve Bank of India (RBI) is the regulatory body over banking in India. It keeps close eye on
the banking operations.
Comparative Analysis: The data have been analysed to reveal comparative status of fraud cases
in terms of numbers and amount involved. The study focuses two kinds of comparisons. i. intra
sector (banks within same sector) comparison and; ii. inter banking (between sectors)
comparison.
Inter Banking Sector Comparative Analysis: Banks belonging to the same sector, i.e. public,
private, and foreign sector have been presented in different tables along with their data in terms
of number of cyber crime cases and their monetary values.
Titled study showed a bigger share of private and foreign banks in frauds related to online
banking, ATM, cards and other digital banking transactions. Even with the reducing number of
cases, the value of such cases did not come down proportionately. Banking cyber frauds in the
country are the result of introductory phase of banking technology like ATM, online banking,
mobile banking, EFT etc. which need time for people, market and technology to get matured.
Regulatory framework also gets stronger by experience. Recently RBI has issued guidelines
suggesting measures and reporting methods of cyber fraud cases to be followed by the banks.
25
Detail of Calendar Year wise Cyber Frauds in Public Sector Bank
200
9 201
0 201
1 201
2
S. No Bank Name
No. of Cases
Amount No. of
Amount No. of Amount No. of
Amount
involved
Cases
involved Cases
involved Cases
involved
1 Allahabad Bank 0 0 0 0 1 3.3 0 0
2 Andhra Bank 0 0 1 31.85 1 0.52 0 0
3 Bank of Baroda 6 6.88 5 12.4 5 31.82 3 62.45
4 Bank of India 5 5.21 2 14.61 2 54.49 7 15.82
5 Bank of Maharashtra 4 3.55 4 4.69 2 2.9 3 105.26
6 Bank of Rajasthan Ltd. 0 0 1 0.31 0 0 0 0
7 Canara Bank 6 1.39 0 0 1 0.6 1 10.24
8 Central Bank of India 2 0.84 2 2.15 0 0 0 0
9 Corporation Bank 2 0.72 2 6.21 5 6.44 47 21.69
10 Dena Bank 0 0 1 2.07 1 0.53 0 0
11 FIRSTRAND BANK 0 0 0 0 0 0 14 4.82
12 IDBI Bank Limited 24 16.29 13 15.29 50 44.64 87 203.04
13 Indian Bank 0 0 1 1.41 1 0.41 4 20.9
14 Indian Overseas Bank 2 0.39 3 1.44 10 176.03 0 0
15 Oriental Bank of Comm. 0 0 1 4.75 0 0 0 0
16 Punjab National Bank 33 50.15
108 248.64 28 170.19 14 99.43
17 SBBJ 2 6.66 2 0.15 2 3.49 1 49.32
18 State Bank of Hyderabad 0 0 0 0 4 63.33 6 50.52
26
19 State Bank of India 0 0 0 0 2 14.62 0 0
20 State Bank of Indore 1 0.8 0 0 0 0 0 0
21 State Bank of Mysore 0 0 1 1.01 0 0 0 0
22 State Bank of Patiala 0 0 0 0 4 80.45 2 31.42
23 State Bank of Travancore 0 0 0 0 6 10.3 3 3.2
24 Syndicate Bank 2 0.53 1 2.32 1 0.56 2 7.87
25 UCO Bank 2 0.58 1 1.6 0 0 4 31.22
26 Union Bank of India 5 10.45 7 19.22 2 7.86 9 70.17
27 United Bank of India 1 1.37 0 0 0 0 6 32.86
28 Vijaya Bank 0 0 0 0 0 0 1 8.4
Grand Total 97 105.81 156 370.12 128 672.48
214 828.63
(Amount in lakh)
27
UPCOMING MEASURES: RED FLAG ACCOUNTS
Because of increase in fund diversions by corporates and non-performing assets of banks, the
Reserve Bank of India decided to introduce the concept of a Red Flagged Account (RFA) in an
effort to minimise fraud risks. An RFA account is one where a suspicion of fraudulent activity is
thrown up by the presence of one or more early warning signals (EWS). Presence of these
signals in a loan account should immediately put the bank on alert regarding that bank account.
The RBI suggests Banks to not ignore such EWS but instead use them as a trigger to launch a
detailed investigation into the RFA. The threshold for EWS and RFA is an exposure of Rs 50
crore or more at the level of a bank irrespective of the lending arrangement (whether solo
banking, multiple banking or consortium). No restructuring or grant of additional facilities may
be made in the case of RFA or fraud accounts. Making penal provision stricter, the RBI said the
provisions as applicable to wilful defaulters would apply to the fraudulent borrowers including
the promoter director and other whole time directors of the company insofar as raising of funds
from the banking system or from the capital markets by companies with which they are
associated is concerned, etc. Borrowers who default and also commit a fraud in the account
would be debarred from availing bank finance from banks and financial institutions for a period
of five years from the date of full payment of the defrauded amount. The initial decision to
classify any standard or NPA account as RFA or fraud will be at the individual bank level and it
would be the responsibility of this bank to report the RFA or fraud status of the account on the
CRILC platform so that other banks are alerted. The account would be red flagged by all banks
and subjected to a forensic audit commissioned or initiated by the consortium leader or the
largest lender under multiple banking arrangement. In case the decision is to classify the account
as a fraud, the RFA status would change to fraud in all banks and reported to RBI and on the
CRILC platform within a week.
RBI has also emphasises the need for a whistle blower policy to be set up within a bank to
empower employees to report fraudulent activities, as in 60 percent of the frauds cases, an
insider is involved. Whistleblowers are normally apprehensive about passing on information
within the internal set-ups. It is suggested that an independent third-party whistleblower facility
would reinforce confidence amongst employees to speak up.
Some Early Warning signals which should alert the bank officials about some wrongdoings
in the loan accounts which may turn out to be fraudulent
Default in payment to the banks/ sundry debtors and other statutory bodies, etc., bouncing
of the high value cheques
Raid by Income tax /sales tax/ central excise duty officials
Frequent change in the scope of the project to be undertaken by the borrower
28
Under insured or over insured inventory
Invoices devoid of TAN and other details
Dispute on title of the collateral securities
Costing of the project which is in wide variance with standard cost of installation of the
project
Funds coming from other banks to liquidate the outstanding loan amount
Foreign bills remaining outstanding for a long time and tendency for bills to remain
overdue
Onerous clause in issue of BG/LC/standby letters of credit
In merchant trade, import leg not revealed to the bank
Request received from the borrower to postpone the inspection of the godown for flimsy
reasons
Delay observed in payment of outstanding dues
Financing the unit far away from the branch
Claims not acknowledged as debt high
Frequent invocation of BGs and devolvement of LCs
Funding of the interest by sanctioning additional facilities
Same collateral charged to a number of lenders
Concealment of certain vital documents like master agreement, insurance coverage
Floating front / associate companies by investing borrowed money
Reduction in the stake of promoter / director
Resignation of the key personnel and frequent changes in the management
Substantial increase in unbilled revenue year after year.
Large number of transactions with inter-connected companies and large outstanding from
such companies.
Significant movements in inventory, disproportionately higher than the growth in
turnover.
Significant movements in receivables, disproportionately higher than the growth in
turnover and/or increase in ageing of the receivables.
Disproportionate increase in other current assets.
Significant increase in working capital borrowing as percentage of turnover.
Critical issues highlighted in the stock audit report.
Increase in Fixed Assets, without corresponding increase in turnover (when project is
implemented).
Increase in borrowings, despite huge cash and cash equivalents in the borrower‘s balance
sheet.
Liabilities appearing in ROC search report, not reported by the borrower in its annual
report.
Substantial related party transactions.
29
Material discrepancies in the annual report.
Significant inconsistencies within the annual report (between various sections).
Poor disclosure of materially adverse information and no qualification by the statutory
auditors.
Frequent change in accounting period and/or accounting policies.
Frequent request for general purpose loans.
Movement of an account from one bank to another.
Frequent ad hoc sanctions.
Not routing of sales proceeds through bank
LCs issued for local trade / related party transactions
High value RTGS payment to unrelated parties.
Heavy cash withdrawal in loan accounts.
Non submission of original bills.
30
CONCLUSION AND RECOMMENDATIONS
● Historically, the focus on borrower analysis has been tilted towards books, records and
bank transaction analysis. However, these operate in conjunction with data gathering
through market intelligence and regular public domain checks to provide better insights
into loan account operations.
● Typically, capability within the credit monitoring team to perform adequate and enhanced
background checks and gather market intelligence on prospective borrowers is lacking.
This area will require further emphasis in the pre-sanction stage. In that regard, the banks
should perform the following:
1. Bank statement analysis
• Promoter cash contribution analysis
• Fund tracing - inward and outward
• Payment and credit history
• Interest coverage and payment
• Multiple bank account operations
• Huge cash withdrawal
2. Public domain checks
• Litigation and disputes analysis
• Adverse media reports
• Related and associate entity identification
• Validation of ROC information with financials
• Inadequate public disclosures
• Regulatory/trade sanctions
3. Review of books and records
• Financial statement analysis
• Insurance and security coverage
• Project cost benchmarking
• LC/BG structure and operations
• Debtors and creditors turnover
• Complex entity structure
• Qualified internal and external audit reports
4. Market and intelligence field visit
• Enforcement action on borrowers
• Frequency project profile change
• Physical verification access not available
• Frequent management changes
• Borrower and competition analysis
31
• Inter-connected entities and relationship identification
● The Early Warning Signals (EWS) need to be incorporated in bank accounts in such a
way that at the very instant of the violation of an EWS, the bank authorities are warned of
such violation and can take immediate action. This automation would lead to lower
incidences of frauds.
● There is an urgent need of a central database which contains the modus operandi and
details of all previous frauds cases and all banks should be provided access to use and add
to the database so that it is easier for the authorities to blacklist fraudulent borrowers and
prevent extension of loans to them. Such a database would serve the dual purpose of
serving as a universal literature on laun frauds to prevent similar cases in the future.
● The banks also need to maintain a singular document for the purposes of identification so
that there cannot be cases of loan extension on false identities.
● There is also a need for a bigger role to be played by the credit rating agency in the whole
loan extension process. Loans should only be extended to borrowers who have had a
good past record and no incidence of irregularity or inconsistency. Apart from that, the
RBI can ensure the prevention of frauds by exercising its regulatory powers on the
commercial banks by fire-walling of traditional commercial banking activities from new
activities which relate to securities transactions and to minimise the risk of cross-
contamination of affiliated depository institution and also ensuring the comprehension
adequate market intelligence.
● In order to ensure the safety of funds of the customers, a protected process for any kind of
transaction needs to be followed. Each transaction – account opening, ATM access,
online banking transaction, call center encounter, etc. – should pass through a set of rules
and predictive models. In real time, the system must check transaction activity against
vast, enterprise-wide intelligence about the customer and potentially suspicious
behaviours. The system must check if any deposit is an unusually large deposit for the
concerned individual, it must ensure that the account is not linked to another account
known to be in a suspected fraud ring, it must keep a check on whether the concerned
entity holds multiple accounts or similar identities in unusual ways. If such a system is
developed then it can act as a preventive measure and if any different, unusual activity
prevails then the system can notify the bank as well as the concerned account holder and
accordingly an action can be taken.
● To protect the opening of dummy or fake bank accounts, the bank should adopt mail
account verification process where a mail is sent to the customer at the address supplied
in the online application. Frequently, identity thieves use a true person‘s demographic
32
information to apply for an online account and subsequently (within a day or two) call in
to request a change of address. Mailing verification to the address originally supplied
helps to confirm that the customer is the true person that applied for the online account. A
number of different scenarios can result, two of which are the receipt of return mail,
which would require back-office monitoring and subsequent account restrictions, or a call
from an individual who says he or she has not applied for the product. Based on this, the
bank can further look into the matter and this can lessen the chances of fake accounts.
● To ensure that the true user logs into the account and not some hacker, the bank can
implement the process of confirming a person‘s identity by asking questions not related
to individual‘s credit report so that only the true owner of the account can answer such
questions. But using these questions may require a vendor who can supply the necessary
data. To ensure protection in terms of internet banking, the banks can also allow the
account holder to have a separate self-selected user name that is not printed in any report.
This will ensure that no third party is aware of this login name. However it is not cent
percent protected because the banking employees would be aware of it, but the chances
of it being exploited by some hacker can be avoided.
● To prevent online frauds based on mobile banking, the mobile banking applications can
make use of the cameras on the handset for facial or palm print recognition or the
microphone for voice recognition. Such innovations are costly, however, the benefits
should justify the costs.
33
BIBLIOGRAPHY
The following references have been used for researching about this project:
● www.rbi.org.in
● www.banktech.com
● www.bpcbt.com
● http://trak.in/banking/2013-bank-cyber-fraud-india-statistics/
● https://www.kpmg.com/IN/en/services/Advisory/Risk-
Compliance/Forensic/Documents/Framework-Loan-fraud.pdf
● http://www.isca.in/IJMS/Archive/v2/i7/4.ISCA-RJMS-2013-062.pdf
](https://img.pdfslide.us/doc/110x75/5882ee331a28ab3f1e8b529b/group-technology11.jpg)
![Psychoeducation Group 1[1]](https://img.pdfslide.us/doc/110x75/557a8a5cd8b42abc638b4ca1/psychoeducation-group-11.jpg)
![Pepsi Group 1[1]](https://img.pdfslide.us/doc/110x75/577d26be1a28ab4e1ea20fdd/pepsi-group-11.jpg)
