Fraud Risk Management System in banks - Role of Chairmen / Chief Executive Officers - ਆਰਬੀਆਈ - Reserve Bank of India
Fraud Risk Management System in banks - Role of Chairmen / Chief Executive Officers
RBI/2009-10/159 September 16, 2009 The Chairman / Chief Executives of Dear Sir / Madam, Fraud Risk Management System in banks – Role of Chairmen / Chief Executive Officers As you are aware, the incidence of frauds in the banks has been showing an increasing trend over the recent years, both in terms of number of frauds and the amounts involved. It has been observed that the trend is more disquieting in retail segment especially in housing and mortgage loans, credit card dues, internet banking, etc. Moreover, it is a matter of concern that instances of frauds in the traditional areas of banking such as cash credit, export finance, guarantees, letters of credit etc remain unabated. While certain structural factors in the banks' operating environment could account for this rising trend in general, adoption of aggressive business strategies and processes by the banks for quick growth and expansion without ensuring that adequate / appropriate internal controls are in place could, in specific, incentivize operating staff to lower the standards of control while attempting to meet business targets. Also, a continuously rising trend in the cases of frauds is indicative of the fact that the steps taken by banks in investigating the frauds and identifying the fraudsters for eventual criminal prosecution and appropriate internal punitive action for the staff members involved in the frauds have not been adequate. While discussing certain cases of frauds of exceptionally large amounts, the Board for Financial Supervision (BFS) has expressed grave concern that fraudsters with the involvement of bank officials could engineer system wide break down of controls across months while putting through fraudulent transactions. 2. Taking into consideration the concern expressed by Central Vigilance Commission and Central Bureau of Investigation, banks were advised in January 2004 to constitute a Special Committee of the Board for monitoring and follow up of large value frauds involving amounts of Rs 1.00 crore and above. However, the feedback received by us in the recent times and growing incidence of frauds indicate that in matters of large value frauds, the Committee headed by the CEO of the bank might not have played the role as envisaged in our circular DBS.FGV(F)No. 1004/23.04.01A/2003-04 dated January 14, 2004. 3. Taking into account the above position the BFS has felt that the Chief Executive Officers (CEOs) of the banks must provide singular focus on the "Fraud Prevention and Management Function" to enable, among others, effective investigation in fraud cases and prompt as well as accurate reporting of fraud cases to appropriate regulatory and law enforcement authorities including Reserve Bank of India. The Board has observed that in terms of higher governance standards, the fraud risk management and fraud investigation function must be owned by the bank's CEO, its Audit Committee of the Board and the Special Committee of the Board, atleast in respect of high value frauds. And accordingly, they should own responsibility for systemic failure of controls or absence of key controls or severe weaknesses in existing controls which facilitate exceptionally large value frauds and sharp rises in frauds in specific business segments leading to large losses for the bank. 4. In view of the above observations made by the BFS, banks are advised to initiate necessary action at their end at the earliest. Banks may, with the approval of their respective Boards, frame internal policy for fraud risk management and fraud investigation function, based on the above governance standard relating to the ownership of the function and accountability for malfunctioning of the fraud risk management process in their banks. The broad governance framework dictated by the above standard for ownership and accountability may rest on defined and dedicated organizational set up and operating processes, some of which have been set out in the following paragraphs: 5. The banks' Special Committee of the Board, which is chaired by the CEO, should own the Fraud Investigation and Monitoring Function and discharge the relative oversight responsibility in a pro-active manner. Presently, the Special Committees are apprised by the banks' Senior Management of the occurrence of the large value frauds. It has been observed that the said Committees give routine instructions on follow up actions. Essentially, the Committees' directions are not mandated to be implemented by any dedicated operating unit of the banks. The banks may, therefore, delineate in the policy document the processes for implementation of the Committee's directions and the document may enable a dedicated outfit of the bank to implement the directions. In this regard, the banks may have to review the roles and responsibilities of the Vigilance Function, Internal Audit Function and Risk Management Function. On the basis of the review, it may be decided as to what realignments and modifications are needed to ensure that "monitoring and investigation of large value frauds" are recognized as a distinct 'function' and the dedicated unit which is adequately enabled and free from potential conflict of interest is assigned the responsibility to undertake the function. 6. From the operational point of view, banks may take certain measures as detailed below in order to ensure effective quick investigation, monitoring and follow up of frauds:
7. Given the thin line of difference between serious wrongdoings and frauds, the bank should immediately put in place an adequately enabled and efficient 'internal oversight framework' that can prevent the wrongdoings and take the punitive measures against the wrongdoers. Please acknowledge receipt. Yours faithfully, (P. K. Panda) |