In India, the financial services industry no longer views banking fraud as the Cost of Doing Business. Reports suggest that reported fraud cases have decreased during the Covid-19 pandemic, but the amount of money lost has significantly increased. This underscores the importance of the fraud risk management function in Indian banks and companies.
The irregularities and fraud cases not only involve outsiders who are just customers, or partners of the financial institutions or companies but also senior management as seen in some of the cases. In this post, we discuss various different aspects associated with fraud risk management.
Early Warning Signals
Reserve Bank of India introduced a mechanism called Early Warning Signals (EWS) and Red Flagged Accounts (RFA) for the banks wherein it stated about 45 red flags. The concept of a Red Flagged Account (RFA) was introduced in the 2015 framework as an important step toward fraud risk control.
Red Flag Account
A Red Flag Account is one where a suspicion of fraudulent activity is raised by the presence of one or more Early Warning Signals (EWS). A bank cannot afford to ignore such EWS but must instead use them as a trigger to launch a detailed investigation into an RFA. Even after these precautionary steps and according to the observations of Risk Professionals; Weak implementation of EWS (early warning signals) by banks, non-detection of EWS during audits, non-co-operation of borrowers during the Forensic Audits, inconclusive Audit Reports, and also sometimes the lack of decision making in joint lenders’ meetings, account for a delay in detection of frauds.
Fraud Risk Intelligence
Currently, the banking system, being the backbone of the nation’s economy, is scourged by high levels of NPAs and it is certainly a worrisome situation. The rising high-value frauds are not just the key concern of the banking industry, and stock markets but for the government and regulators too. While fraud investigators, compliance professionals, and forensic accountants are engaged in assignments like forensic audits, asset tracing, and skip tracing, such types of assignments are categorized into post-mortem activities. There is another emerging area that the banks, companies, and regulators should pay more attention to that is Market Intelligence. One way to prevent fraud and make deterrent measures is revamping the EWS mechanism with the introduction of alerts generated by the activities of Market Intelligence.
Market Intelligence (MI) activity plays a very crucial role in the prevention of these financial crimes. MI is a very independent, proactive, and responsive service through investigative, accounting, and technology capabilities.
Market Intelligence is ultimately a nexus-building activity wherein a banker, an investor, or a company can find out who they are dealing with. Corporate Governance should view Market Intelligence as one of the best practices to employ across industries and thus an integral part.
Third-Party Fraud Risk
The risk of dealing with third parties has grown significantly and it has become essential to verify the business partners to avoid unpleasant surprises. In light of new global laws, companies bear more responsibility, including liability for the actions of their business partners.
In the wake of the Foreign Corrupt Practices Act, the UK Bribery Act, and other such enactments across the world, data, and discreet checks play a significant role in investigating the nexus of the (individuals who are acting as) director with the politically connected, exposed, high net-worth or sensitive persons. Data which is gathered under the market intelligence activity is helpful to understand the background of the promoters when the investors are conducting the due diligence over the investee companies; when publicly listed companies are dealing with vendors, business partners, dealers & even employees.
When organizations enter into any kind of relationship without an appreciation of the possible downside can expose them to financial and reputation risks. The Intelligence team aids private equity firms in identifying hidden factors and red flags. This helps them make informed decisions when investing, acquiring/merging, or hiring. The team gathers public and non-public information to assess a potential partner’s background, track record, reputation, and associations.
According to the RBI’s annual report for 2019-20, Bank Frauds worth more than INR.1.85 lakh crore were reported in the year ended June 2020 compared with over INR. 71,500 crore in the previous fiscal. The report also states that Fraud has been occurring predominantly in the loan portfolio (advances category), both in terms of number and value.
Ministry of Corporate Affairs
MCA has revised CARO to check corporate fraud. Auditors must report on fraud, loan defaults, whistleblower complaints, and Benami properties. The report acts as an early warning signal for management and regulators. However, its effectiveness for better governance is uncertain. The auditor must be qualified and capable to act as both an auditor and a forensic accountant.
Securities Exchange Board of India
On May 5, 2021, the Securities and Exchange Board of India made a public amendment. Regulation 21 made Risk Committees compulsory for the top 500 stock market companies. Now, the top 1000 public companies must have a Risk Committee according to market capitalization. This could have been made compulsory for all public companies for better transparency.
Risk Committee
The risk committee must have 3 members, with a majority being board members and one being independent. For listed entities, 2/3 of the committee must be independent. The amendment states that the committee should meet at least twice in a financial year. Whereas the committee must meet at least quarterly to review financial, operational, sectoral, sustainability, information, and cyber risks.
The Risk Management Committee can get info from employees and experts. They can seek outside advice. Market intelligence presents external risks. Including it helps the committee be transparent. This is useful for a better company function and risk management. A business contingency plan is necessary. The committee must monitor and oversee the risk management policy.
The appointment, removal, and remuneration of the chief risk officer, should be subject to review by the risk management committee. Generally, it is a joint process with the nomination and remuneration committee. The Chief Risk Officer addition is welcoming. They bring market intelligence and investigative expertise. The CRO will be unbiased. They will help the committee understand risks. This will aid in charting out a mitigation plan.
Further, the risk management committee should coordinate its activities with the audit committee in instances where there is any overlap with audit activities. It should ensure that appropriate methodology, processes, and systems are in place to monitor and evaluate risks associated with the business of the listed entity, according to the consultation paper.