On 19 January 2018, International Monetary Fund (IMF) published a report on India’s Financial Sector Assessment Program, commending RBI’s remarkable progress in implementing risk-based supervision. The report said, “A system-wide Asset Quality Review (AQR) and the strengthening of prudential regulation testify to the authorities’ commitment to transparency and a more accurate recognition of banking risks.” And exactly 10 days later, on 29 January, Punjab National Bank (PNB) submitted a report to RBI stating that PNB has discovered a fraud.

India’s second largest PSU bank, PNB, cited that in this largest banking fraud of India, diamantaire Nirav Modi has fraudulently acquired advances from bank through the loose mechanism of Letter of Undertaking (LoU) by exploiting the vulnerabilities of the disintegrated banking system via SWIFT messaging system (Society for Worldwide Interbank Financial Telecommunication). Quantifying the amount in question at USD 1.77 billion, PNB accepted that its Core Banking System (CBS) is not integrated with the SWIFT and hence CBS couldn’t detect such large sums of money moving through their Nostro account. It is a standard banking practice that each debit or credit in bank’s Nostro account is reflected in CBS through mirror entries. In the latest development, PNB has revealed additional unauthorized transactions related to the scam, adding another USD 204 million to the estimated size of the fraud. If we talk figures, PSU banks have reported 8670 loan frauds totaling INR 61260 crores in the past five financial years ending March 2017, in which PNB topped with 389 cases amounting to INR 6562 crores. A recent Bloomberg Intelligence report shows that India’s banks have more contingent liabilities than their total assets. These off-balance sheet liabilities stood at about 107 percent of the assets.

After a lot of media frenzy, all the regulatory authorities are taking cognizance of the fraud and lack of preventive & detective steps on their part. Perpetrators have mocked risk management system, concurrent audits and internal controls for seven long years. It’s unclear how internal controls failed to smell the rat that has been dead for quite a while? But we cannot really blame a specific party because contingent liabilities are hard to locate if not voluntarily disclosed, more so when the documentation is truncated. From the face of it, one can deduce that a fraud of this magnitude cannot be a one-man job. Masterminds have connived for issuance of LoUs without collateral to raise and rollover large sums of loan money. This vicious loop of making good old dues by paying out of freshly availed advances is called evergreening. Enforcement Directorate (ED) has attached all the seized properties, stocks, banks accounts, shares, deposits, and yes, luxury cars of the diamond trader Nirav Modi and his uncle Mehul Choksi.

Now the question is could the matter be handled with better sense of maturity and less theatrical dramatics? Can any good be made by closing the stable door after the horse has bolted? The answer is yes. A full-proof plan needs to be laid to prevent and detect such scam, big or small in the coming times. Firstly, the preliminary need is to reinforce banks’ first line of defense- risk management and internal controls. Integrating CBS with ancillary systems and applications in use by the banks is a need of the hour. Secondly, banks should set up committees for fraud monitoring to nip any suspicious transaction in the bud. Thirdly, RBI should undertake random end-to-end surprise transaction test. RBI played a brilliant supervisory role with the AQR, opening a can of worms for the world to see and banks to introspect. Fourthly, rules and regulations, those apply to private banks should be mandated for the PSU banks as well. Surprisingly, for e.g. requirement of having at least one-third independent directors don’t apply to PSU banks. Uniform code for all the banks should be set.