Given the central bank’s failure to discover, in its multiple inspections over the years, that Punjab National Bank’s (PNB) SWIFT messaging system was not even linked to its core banking solutions, it is obvious RBI will bear the brunt of the blame for the Nirav Modi scam. While the government has asked RBI for a report on whether or not there were regulatory lapses, it seems clear the authorities have learnt little from the various scams over the years. In the case of Satyam, for instance, Price Waterhouse was hauled up for its role as the auditor—the auditors have challenged Sebi’s auditing ban on them for two years. Oddly, there has been very little action so far on PNB’s auditors so far—certainly their role needs to be investigated and they have to explain what kind of audit they were doing if something as basic as linking SWIFT to core banking was not done. RBI also needs to look at whether PSU banks are selecting auditors on the L-1 basis without too much regard to the quality of their audits. Indeed, RBI needs to look at whether auditors, and not just at PNB, need to be blacklisted for not catching things in time, and ensure that the compulsory rotation—including that for firms who have got loans—is done diligently.
Getting bank officials to be on the board of firms who have taken loans seems a good idea since it is clear independent directors aren’t doing much to prevent fraud, but such directors are there on a few defaulter boards even today and that hasn’t really helped. It is, however, critical that, as a matter of routine, banks get detailed accounts of all associate companies of people/firms they make loans to and get good CAs or forensic CAs to do a regular check on fund flows—indeed, RBI’s order that no loans be made to associates at below the market rates also seems to be followed more in the breach.
Indeed, RBI should be paying for auditors/forensics of banks to avoid any conflict of interest, and surprise forensics from time to time is a good idea. While, in the pre-computerisation days, all cheques needed to be authorised by bank managers, it would appear bankers don’t study bank statements with any great degree of scrutiny anymore. And while there are firms who specialise in software to monitor fraud, it is not clear if these are being used—a large fraud detection/management exercise is critical for all PSU banks; the use of the same auditors in loans where frauds have taken place, for instance, should trigger alarms, as should loans to related parties or firms/trusts in which they are directors. Incentive structures, similarly, need to be revisited—if PSU bank managers are incentivised on making loans instead of their recovery, it is obvious where their attention will be, more so since their salaries are so poor.