Deploying a Blockchain System could have prevented tampering of the SWIFT System in case of Punjab National Bank
Banking sector is the engine of economic growth and any malfunction in this engine sends shivers down the entire economy. In the recent years, banks have achieved phenomenal growth which has predominantly been enabled by technology. But human intervention can lead to situation where one can not imagine. PNB fraud case is also a case of technology v/s human intervention. If seeing it from a technology aspect, the case could be considered as a hack in the system however it is indeed more of a bank break-in rather than considering as a cyber crime.
In the wake of PNB SWIFT-related fraud involving significant amount, RBI also reiterated its confidential instructions and mandated the banks to implement, within the stipulated deadlines, the prescribed measures for strengthening the SWIFT operating environment in banks.
Dr. Preeti Goyal a professor of Finance & Accounting at Great Lakes Institute of Management in Gurgaon says, “In the coming years this sector is expected to witness explosive changes and growth with the use of newer technologies such as NFC, block chains, robotic process automation etc. Unfortunately, the fraudsters have also started using innovative methods to misuse the banking system. At the same time tools and techniques such as real time neural network based behavior models and forensic accounting are already changing the face of fraud detection and prevention. This is like a cat and mouse game between the banks and fraudsters and technology remains both a root cause as well as the solution to this.”
While the Nirav Modi fraud has been highlighted as a technology fraud, the focus should actually be on the lack of internal controls, checks and balances that led to this situation. It is not that bank frauds did not happen prior to the use of technology. Many of us will recall how Harshad Mehta duped the banking system of crores of rupees in late 1980s – at that time it was said if banks were automated; it may have been possible to prevent the fraud.
“There is no nirvana to prevent bank fraud. The solution lies in strengthening the internal controls, checks and balances and at the same time investing in latest technology and training people to use it.” She adds.
While this fraud has occurred at one of the branches of PNB, it would eventually affect other Banks in India and outside India due to nature of such contracts. If PNB backs out of its obligations to pay and takes legal route, other banks will also a take a hot.
“As we have seen in past, such frauds are not limited to one branch and we may see other Banks unearthing similar frauds in near future in one of their branches. Considering that Public sector Banks in India are Government backed, there is no immediate threat on existence of any of banks. However, such news weakens the faith of Indian Public and International investors in the Banking system. This is not a good news and will have long term repercussions for Indian banking system as a whole. This is also a final wake up call for banks to put their house in order.” Says Rajeev Mahajan, Co-Founder, CEO and Director at Antworks Money, also the Ex-Senior President – MNC Infrastructure, Yes Bank.
Blockchain Technology Can Help Avoid Scams
There has been some unrest among people regarding the safety of their money deposited in the banks due to the recent turn of events related to bank frauds.
“Financial services are the lifeline of any growing economy and such incidents could tarnish the image of the banking system with much wider implications.”
The above statement made by Sandesh Hegde, Partnerships and Alliances Head at XinFin, is very true and financial industry has always tried its best to keep the transactions and currency exchange process as secure as possible because the risks involved are too big.
For example, letters of undertaking (LoU) is a devoted trade finance instrument which includes buyer credit services also. It is important because many times importers may refuse payment after shipment delivery or exporters might not make timely delivery after getting an early payment. Similarly, there are SWIFT (Society for Worldwide Interbank Financial Telecommunication) IDs and CBS (Core Banking System) to ensure that international banking is secure and efficient. However, not all these techniques are scam-proof which is evident if we follow current events.
Also, if this would have been older times no one might be questioning the bank security measures but in the recent era, there is a way to have a more robust and transparent banking system which could avoid such incidents in future. Yes, we are talking about Blockchain.
Blockchain Is the Next Big Thing…and it’s already here!
The Blockchain is also known as distributed ledger technology or DLT which maintains records of transactions and exchanges and enables point-to-point tracking of data. Blockchain’s decentralized system offers transparency for any transaction recorded the network.
Decentralization eliminates the need for intermediaries or central regulators as no single authority has complete control over the network. Also, it removes the chances of a central point of failure as the whole system functions in the state of consensus.
Blockchain Can Help in Keeping the Money Safe
Blockchain can solve the trust issues between counterparties with its distributed and scam-proof ledger which store all kinds of records like financial transactions, exchange of physical or digital assets, or common trade-related data. In a nutshell, Blockchain can offer a very transparent and secure network for domestic and cross-border transactions. Following are few examples in which blockchain can help financial industry –
- No more fake LOU’s
With Blockchain, everyone in the network can access the ledger and each transaction has to be authorized by all members of the network. Hence, it is asset replication is difficult. In Blockchain powered smart-contracts, a permissioned system of nodes will only authenticate transactions if pre-defined terms, called as triggers, are satisfied. This would guarantee that a LoU is issued once all mandatory circumstances for the issue are fulfilled.
- Real-time CBS update is possible with Blockchain
In the recent bank scam, the CBS was not updated even though the instructions were exchanged with another bank through SWIFT by the bank employees.
Blockchain protocol and API together will update the ledgers with executed transactions details in a real-time. This will resolve the challenges related to missing information due to miscommunication between two different systems.
LoU: A bank guarantee issued for overseas import payments where the issuing bank, unconditionally agrees to repay the principal and interest on the importers loan.
SWIFT: Society for Worldwide Interbank Financial Telecommunication provides a network that enables financial institutions worldwide to send & receive information about financial transactions through messaging in a secure, standardized & reliable environment. The majority of international interbank messages use the SWIFT network.
CBS: Core Banking System a banking service provided by group of networked bank branches where customers may access their bank account and perform basic transactions from any of the member branch offices.
The long term solution that banks can look at for prompt detection and prevention of fraudulent transaction is by deploying a blockchain based system, even other experts also do agree with this. Blockchain consensus is dependent on the entire ecosystem and not an individual. Hence, it would reject such a transaction immediately, since in normal circumstances, it is only one/few individuals who are responsible for the fraud and not the entire network of the bank. It also provides effective protection against fake LoUs.
Sameer Dharap, VP, Blockchain Applications at XinFin states, “Today there is a growing risk and decreasing trust in the current finance and trade ecosystem, and it is imperative to have solutions that can record financial transaction in a trust-less and yet secure, irrevocable system. Blockchain is that solution because it comes with amenities like smart contracting, real time cross border payments and such issues can be avoided at a larger global trade finance market.”
The Blockchain is an underlying layer which offers security and transparency in transaction processing and currency exchange. Hence, an effort is needed from existing regulating entities also including governments, financial institutions and financial industry to reap the benefits of Blockchain.
“Blockchain technology can successfully prevent process frauds in banks, because no one single authority has full control over the movement of assets. If the core banking system is integrated with blockchain, any breach of limits can be immediately tracked and stopped. In the PNB fraud, only one officer had authority to execute the transaction end-to-end, so the fraud was not detected as it bypassed the core banking system.” Says Prasad Ajgaonkar, CEO, iRealities Pvt. Ltd (The company specializes in offering technological innovation, digital services.).
Advocating the Blockchain usage, CEO & Co-Founder of Razorpay, Harshil Mathur says, “A blockchain based system also provides high traceability with the records of transaction being made available in the transaction history, throughout the lifetime. This makes the system transparent and auditable, hence more immune to frauds.”
Software Companies should work with the relevant business function team to understand and identify the dependencies. Most of the conventional systems have maker, checker and authorizer concepts embedded, however, analytics based audit hooks and rule based cross platform reconciliations are seldom implemented.
Agrees with the same Vikram Pandya, Director Fintech of SP Jain School of Global Management also expresses his thoughts, “With advent of machine learning, banking software can do realtime data analytics and notify the management about suspicious patterns. Software firms should also start offering blockchain based solutions to bring more transparency and efficiency to some of the processes where dependency of value chain is higher. RegTech should be part of the software offering. Internal controls should be embedded within the system and checklist based approach should be implemented.”
Whom to Trust
“Technology can protect you from invasion or hacking, but technology cannot protect you from human tendency to perpetrate fraud. It is important to minimize human interference and maximize technology-based transactions.” Says Prasad Ajgaonkar, CEO, iRealities Pvt. Ltd (The company specializes in offering technological innovation, digital services.)
Gokulnath Shetty, retired deputy branch manager with another junior employee misused the Society For Worldwide Interbank Financial Telecommunication or SWIFT codes; as he had passwords to them. He has worked in the bank for a long time and he managed to cover up the whole mess for years.
A big question arises here is whom to trust as modern day banking necessitates working in hand with partners, agents and vendors, etc. besides outsourcing, peripheral and several operational activities involve deploying and trusting outside agency's employees.
In the mist of the PNB Fraud case, there is need to have vigilant backgrounds checks for the employees working in financial
institutions. CEO of SecUR Credentials, a background screening company Rahul Belwalkar says, “Currently, the numbers of PSU’s that opt for Background screening are low because of HR Practices that have been ingrained through the years and their resistance to change these practices. We also suspect that there are push backs from unions as well because of which HR policies haven’t changed in a while. There has been a rise in number of private sector banks and NBFCs that are not only conducting background screening but are also doing regular credit checks on their employees who at the end of the day handle large amounts of clients’ money. In this case too, right from general manager level and other 18 employees have been accused of the fraud; having proper and systematic employee background verification is the need of the hour.”
What more can be Done
In the light of this case; leaders in the industry have suggested some of the measures that should not be avoid. Prasad Ajgaonkar CEO of iRealities suggests that it is extremely important to educate all stakeholders in the banking ecosystem on information security, as banking frauds are not technology frauds but process frauds.
“Making information security training compulsory for all bank employees is an important step in significantly reducing bank frauds. For one of the largest private sector banks, we have created and deployed a comprehensive information security training module, which they are successfully running for the last 3 years.” He says.
There should be a system or mechanism to immediately make the changes in the patches in the system, and it can be made secure. For this, the systems should be open systems. Banks should also have a crises management system in place, for immediate external and internal communication.
Meanwhile, RBI also said it has formed a panel to look into reasons for factors leading to increasing incidents of frauds in banks. The panel will also look into reasons for high divergence in Non-Performing Asset (NPA) classification and provisioning by banks.
"In view of large divergences observed in asset classification and provisioning in the credit portfolio of banks as well as the rising incidence of frauds in the Indian banking system, it has been decided to constitute an Expert Committee under the chairmanship of Y H Malegam, a former member of the Central Board of Directors of RBI, to look into the reasons for high divergence observed in asset classification and provisioning by banks vis-a-vis the RBI's supervisory assessment, and the steps needed to prevent it; factors leading to an increasing incidence of frauds in banks and the measures (including IT interventions) needed to curb and prevent it; and the role and effectiveness of various types of audits conducted in banks in mitigating the incidence of such divergence and frauds," Apex bank states.
The members of the committee include Bharat Doshi, member, Central Board of Directors, RBI; S Raman, former chairman and MD, Canara Bank and former whole-time member, SEBI; and Nandkumar Saravade, chief executive officer, Reserve Bank Information Technology Pvt Ltd (ReBIT). A K Misra, executive director, RBI will be the member-secretary of the committee.
Bank frauds: The procedure & action against the culprits
Views by: Milan Mody & Sandeep Shah, Partners of N A Shah Associates LLP.
1 RBI has issued a master circular Frauds – classification and reporting, dates July 1, 2015.
This circular covers classification, monitoring, provision and closure of fraud cases
Classification of frauds
In order to have uniformity in reporting, RBI has provided guidelines for classification of frauds. There are 7 classifications including a residual category. The classification include (a) Unauthorised credit facilities extended for reward or for illegal gratification and (b) Cheating and forgery
Reporting of frauds to RBI
The circular prescribes norms for reporting of frauds to Reserve bank of India as well to internal management. It also suggest quarterly and annual reporting and monitoring of outstanding frauds. Additional information as regards to unscrupulous borrowers is also required to be furnished to Reserve Bank of India. The circular also suggest that a subcommittee of the board should be formed to provide focused attention and to avoid delays in detection, reporting and monitoring of high value frauds.
Provisioning Pertaining to Fraud Accounts
To ensure uniform provisioning norm in respect of all cases of fraud, it is prescribed that The entire amount due to the bank (irrespective of the quantum of security held against such assets), or for which the bank is liable (including in case of deposit accounts), is to be provided for over a period not exceeding four quarters commencing with the quarter in which the fraud has been detected.
- Companies Act, 2013 (referred to as Act)
Reporting responsibility on auditor as per section 143 (12) of Act
Auditors has a reason to believe that an offence of fraud involving amount of Rs.1 crore and more, is being or has been committed in the company by its officers or employees, the auditor shall report the matter to the Central Government / RBI as well as to the Board of Directors / Audit Committee within the prescribed time frame and in the prescribed manner
Penalty under the Act
As per section 447 of the Act, in case the fraud in question involves public interest, the term of imprisonment shall not be less than three years but which may extend to ten years and shall also be liable to fine which shall not be less than the amount involved in the fraud, but which may extend to three times the amount involved in the fraud
Serious Fraud Investigation Office (SFIO)
As per section 212 of Act, The Central Government may in public interest order an investigation by SFIO. All the officers and employees are responsible to provide all the details to the investigating officer. The investigating office has wide powers in inspecting the matter.
- General
The borrowers and all those who have connived would be subject to penalty and criminal prosecution as laid down in the Indian Penal Code