The following article was written by industry experts at Traydstream, the Fintech company that has recently established its centre of Development and Operations in Mumbai, India. This is an attempt to demystify and debunk some of the myths that have emerged around the mechanism of the fraud that has been unearthed at PNB, and that has attracted such attention across India, and the global financial services community.
Reams have been written about who, whom, and how the fraud was perpetrated in the PNB story and it’s likely that the fraud will become a case study in business schools, and part of credit training at banks and Financial Institutions, regarding the Do’s and Don’t’s when lending. While the fraud itself is best left to the investigating agencies to explore, there are a number of learnings for bankers even at this early stage of investigations.
Here are a number of measures that could be introduced in the banking system, to help prevent the occurrence of fraud, as in this instance:
- Recognising and tallying all unfunded liabilities
An undertaking is an unfunded liability which could crystallise into a funded liability at any time. It needs to be recognised and recorded accordingly. All unfunded liabilities like letters of credit, guarantees, etc. should be tallied with the SWIFT / SFMS / secured stationery on which the bank has issued these instruments to be fully updated on all contingent liabilities.
- Balance confirmation at periodic intervals
On the banks’ credit systems, LoU’s should be given the same status as Financial Guarantees and accounting entries should be accordingly booked at the time of issuance of the LOU. The lending banks against LoUs need to take care of their interests and it necessitates that the banks as well as their auditors insist on balance confirmation of the LoUs from the issuers.
- Integrate books of accounts as much as possible with the transactional flow
All transactions need to be fully integrated with the accounting records in the core banking system so that there is no transaction outside and the possibility of mismatch between the transaction movement and the accounting records is mitigated.
- Enhanced due diligence for higher levels of exposure
Automated higher levels of due diligence at a transactional and exposure level, mitigates the risk of higher amounts of transactions or higher exposure being fraudulently or inadvertently taken by officials at the operating level. The due diligence on a transaction should not be restricted only to the onset, but needs to extend to all stages of a transaction, such that if the credit quality of the client deteriorates, or market conditions change, the bank can initiate preventive steps to save its interests. It doesn’t seem in the case at hand, that any such constant monitoring was being undertaken, allowing the perpetrator to make full use of the lack of attention or controls.
- Tighter audit and control processes
All products require comprehensive very tight policy and procedures in place, and new products / processes should requires sign-off from all the control teams in the banks. This will bring to surface any inherent risks in the product / process and enable sufficient controls being laid down in the process document / risk / audit checklist. One of the big problems in banking worldwide, is the lack of proper systems and policies to record all exposures – real and contingent. With large banks it’s possible that branches, units far flung from each other, could be operating under a different standard from the one laid out for the head office. This requires constant communication and audit to ensure the same processes are followed.
- Due diligence on the lenders against LoUs
While it is obvious that the risk of lending against a LoU is with the bank issuing the LoU, it cannot absolve the lending bank of performing due diligence on the customer to whom the amount is being disbursed. Ultimately, any lending has to be reviewed and accounted from a perspective of the worst case situation. What’s the worst that could happen? In this case it would very quickly have led to the scenario where the LoU’s were called and hence PNB would have had to pay. Not lending directly, does not mean not lending or not being exposed. Having an intermediary in the lending, makes it even more important for the credit analysis to be done thoroughly since the intermediary might not have the same standards as yourself.
- Analytics on funds’ flow
We are unaware as of now whether the amounts were directly disbursed to the borrowing entities or it was disbursed into the nostro accounts of PNB. If was indeed in the nostro account of PNB, a tighter analytics on the nostro funds flow, as is required for good AML checks would have brought to light such huge flows on behalf of a customer, without sufficient limits. This is equally applicable to the lending banks against the LoUs. What strikes one as odd is that the sums credited to PNB were, it seems, transferred by the overseas lending banks, as exposures to PNB and not to the final obligor. As bankers, that’s a sure sign of the money being lent to PNB and not the obligor. If that is indeed the case, then these funds were never lent to the obligor but were lent to PNB for the funds to be returned. However, if the accounting entry from the lending banks was to the obligor, the LoU’s were the support under which the lending was predicated and hence were a full credit exposure for PNB. It should have then been recognised and recorded accordingly.
- Culture of adherence to norms
This should be set as an example from the top. There should be zero tolerance to deviation from norms, including sanction of credit limits to the high and mighty, change of roles, documentation norms, etc., irrespective of the rank of the official within the bank. Any instances of wrong doing should be met with appropriate disciplinary measures, to set an example for all others.
- What seems to be “too good to be true” is likely ‘not true’
Like all industries, bankers also have revenue targets to be met. However, if someone is willing to pay you a lot of money for almost next to nothing, it should raise a big red flag. The age old truth in finance, high risk / high return has never been so true.
- Relationship Banking
One of the fundamental of banking has always been maintaining a tight relationship with your client, such that you are aware of everything that’s happening to his business. It’s called ‘know your customer’ or KYC. In this case it seems, KYC norms were not adhered to at all. In fact, in some of the more prudent banks worldwide, KYC does not only restrict itself to the client being lent to, but to the secondary industry sources and surrogate checks such as D&B etc. That seems to have been missed totally here. Specially for such a specialised industry like Diamonds, where to the untrained eye, the difference between glass and a precious stone is very difficult to ascertain. As the adage goes ‘Easy credit, uneasy creditors’, one has to be very careful when lending to have done one’s complete homework.
- Grow slowly, Lend slower
One of the other principals lending is based on, is grow the credit limit slowly. Do not proceed to increase your exposure, exponentially within a short period of time. Experience a few cycles with the client and only with a thorough analysis of the client’s financials should one consider an increase in lending.
- Need Based Finance
Lending to a client should always be provided only for the amount and duration required, never for more than that. Why tempt the obligor into diverting funds that he probably did not deserve and desire, into extraneous uses, that can only come to hurt? This was one of the fundamental learnings from the Sub prime crisis in 2008, but seems to have been completely forgotten or overlooked in this case.
- Refresh and Call Back
Ongoing client businesses require ongoing funding. Their cash flows are constantly coming in and out and hence banks need to fund them constantly. While the predominant businesses around the world, are genuine and build safeguards and controls to monitor the ‘ins’ and ‘outs’ closely, banks have for decades followed a policy of call back. What that requires is for the client to pay back all his working capital dues for at least a week to 10 days to the bank. The net outstanding to the client comes down to zero and hence permits the bank to get itself comfortable that the client has the ability to return the funds and is not using successive borrowings to pay back the earlier ones.
- Credit Bureau
Smart fraudsters are also adept at moving funds between lenders and hence central banks need to a) ensure a regular recording of the exposures that banks have to the obligor and b) banks need to review these exposures to analyse their own lending vs the overall lent to that client. This ensures that a client has not over borrowed from the industry and his exposure is within his client limits.
- Large debtor reviews
One of the other prudent checks that’s prevalent in banking industry is the constant review of the large exposures that the bank might have. At the least it might surface the clients where revenue might be at risk, if the client moves on. But the other purpose of such a review is any of these hidden risks that the bank might have been exposed to. For if a client is making a lot of money for the bank, but does not have a corresponding capital allocated to the exposure or a requisite reason for the inordinate earning, it should serve as a red flag.
Finally, any industry, and specially banking where billions get lent and traded daily, is dependent on governance. A tightly governed organisation has multiple avenues for such risks to be fleshed out. Whether it be a business review, a risk review, and controls check or a transactional audit, it’s critical to ensure that Governance is extremely tight for the bank to rely on. It’s usual for things to go back to normal as time passes, and the worst thing possible would be not to learn from the incident. Institute processes such that it never occurs and conduct a thorough check such that no other such hidden exposure is lurking in the books. For the others who have not been impacted, this is a great learning ground so that one can mitigate any such issues without having to go through the painful experience of living through the loss.
In today’s day and age, with a plethora of technologies at our disposal, it’s paramount to automate systems, connect platforms, be networked and have best in class solutions that support processing, while remaining constantly alert to evolving environmental conditions.
About Traydstream Platform:
Traydstream is a machine learning based financial technology (Fintech / Regtech) platform designed to automate Trade Finance processing for banks and large corporates, reducing operational overheads and improving the accuracy and speed of error and fraud detection in transaction documents. The platform digitises processing and constantly connects with checks and controls around the world, online and real-time, to verify the genuineness of transactions, keeping banks and lending safe.