Banking frauds or frauds in the financial services industry in India are no more seen as the Cost of Doing Business. Though several recent reports debate that banking frauds or reported fraud cases have decreased in this Covid- 19 pandemic phase, the quantum of money lost has significantly increased in these years. This highlights the importance of the fraud risk management function in Indian banks and companies.
The irregularities and fraud cases not only involve outsiders who are just customers, partners of the financial institutions or companies but also senior management as seen in some of the cases. In this post, we discuss various different aspects associated with fraud risk management.
Early Warning Signals
Reserve Bank of India introduced a mechanism called Early Warning Signals (EWS) and Red Flagged Accounts (RFA) for the banks wherein it stated about 45 red flags. The concept of a Red Flagged Account (RFA) was introduced in the 2015 framework as an important step towards fraud risk control.
Red Flag Account
A Red Flag Account is one where a suspicion of fraudulent activity is raised by the presence of one or more Early Warning Signals (EWS). A bank cannot afford to ignore such EWS but must instead use them as a trigger to launch a detailed investigation into an RFA. Even after these precautionary steps and according to the observations of Risk Professionals; Weak implementation of EWS (early warning signals) by banks, non-detection of EWS during audits, non-co-operation of borrowers during the Forensic Audits, inconclusive Audit Reports, and also sometimes the lack of decision making in joint lenders’ meetings, account for a delay in detection of frauds.
Market Intelligence
Currently, the banking system, being the backbone of the nation’s economy, is scourged by high levels of NPAs and it is certainly a worrisome situation. The rising high-value frauds are not just the key concern of the banking industry, stock markets but for the government and regulators too. While fraud investigators, compliance professionals, and forensic accountants are engaged in assignments like forensic audits, asset tracing, skip tracing, such types of assignments are categorized into post-mortem activities. There is another emerging area that the banks, companies, regulators should pay more attention to that is Market Intelligence. One way to prevent fraud and make deterrent measures is revamping the EWS mechanism with the introduction of alerts generated by the activities of Market Intelligence.
Market Intelligence activity plays a very crucial role in the prevention of these financial crimes. Market Intelligence is a very independent, proactive, and responsive service through investigative, accounting, and technology capabilities.
Market Intelligence is ultimately a nexus-building activity wherein a banker, an investor, a company can find out who they are dealing with. Market Intelligence should be seen as one of the best practices to employ across the industries and thus forming a vital part of Corporate Governance.
Third-Party Fraud Risk
The risk of dealing with third parties has grown significantly and it has become essential to verify the business partners to avoid unpleasant surprises. In the light of new global laws, companies bear more responsibility, including liability for the actions of their business partners.
In the wake of the Foreign Corrupt Practices Act, the UK Bribery Act, and other such enactments across the world, data, discreet checks play a significant role in investigating the nexus of the (individuals who are acting as) director with the politically connected, exposed, high net-worth or sensitive persons. Data which is gathered under the market intelligence activity is helpful to understand the background of the promoters when the investors are conducting the due diligence over the investee companies; when public listed companies are dealing with vendors, business partners, dealers & even employees.
When organizations enter into any kind of relationship without an appreciation of the possible downside can expose them to financial and reputation risks. The Intelligence team can assist private equity firms in identifying any hidden factors or red flags that may impact their business negatively and can help put them in a better place to make notified decisions when: investing in a business entity; acquiring/merging with a business organization or hiring senior management or Key Managerial Personnel. Gathering public and non-public information to provide insights into the background, track record, reputation, and associations of any potential business partner is the key.
According to the RBI’s annual report for 2019-20, Bank Frauds worth more than INR.1.85 lakh crore were reported in the year ended June 2020 compared with over INR. 71,500 crore in the previous fiscal. The report also states that Fraud has been occurring predominantly in the loan portfolio (advances category), both in terms of number and value.
Ministry of Corporate Affairs
The Ministry of Corporate Affairs (MCA) has revised the Companies (Auditor’s Report) Order, or CARO (In a bid to check corporate frauds), under which auditors are now required to report more extensively on many crucial aspects including frauds, loan defaults, whistleblower complaints, and Benami properties. While it may act like finding out early warning signals for both the management and the regulators the question of whether this arrangement will help for better corporate governance – still stands as the intent of the auditor, the qualification and capability for the auditor as he/she has to do a job both as an auditor and a step forward as a forensic accountant.
Securities Exchange Board of India
On 5th may 2021 on Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) (Second Amendment) Regulations, 2021 was made public. In regulation 21, the Risk Committee was compulsory for the top 500 stock market companies which is now mandatory for the top 1000 public companies according to market capitalization. This could have been made compulsory for all the public companies for better transparency from the point of view of shareholders and regulators.
Risk Committee
The risk committee shall have a minimum of three members with the majority of them being members of the board of directors, including at least one independent director, and in case of a listed entity having outstanding Equity shares, at least two-thirds of the Risk Management Committee shall comprise independent directors. The amendment states that the committee should meet at least twice in a financial year whereas a bimonthly or quarterly overview of the risks includes financial, operational, sectoral, sustainability (specifically, environmental, social, and governance-related risks and impact), information, and cyber security.
The Risk Management Committee should have powers to seek information from any employee, obtain outside legal or other professional advice, and secure the attendance of outsiders with relevant expertise if considers necessary. The market intelligence aspect can present risks that are outside the company environment and bringing in the perspective of market intelligence would help the risk committee to discharge its duties in a transparent manner useful for better functioning of the company and mitigation of risks, business contingency plan as well as monitoring and overseeing the implementation of the risk management policy
The appointment, removal, and terms of remuneration of the chief risk officer, if any, would be subject to review by the risk management committee, jointly with the nomination and remuneration committee. The addition of a Chief Risk Officer is a welcoming move as this person using his market intelligence and investigative expertise will be unbiased and will help risk committee members understand the risks in a better manner and chart out a mitigation plan.
Further, the risk management committee should coordinate its activities with the audit committee in instances where there is any overlap with audit activities. It should ensure that appropriate methodology, processes and systems are in place to monitor and evaluate risks associated with the business of the listed entity, according to the consultation paper.