Banks in India have the image of one of the most regulated institutions, with stringent controls in place. The common man places a lot of trust in the banking system and that is the very reason why the masses feel extremely secured in storing their valuables in the bank lockers and safe. However, the current series of fraudulent events that took place in some of the renowned banks during the period of 50 days, post announcement of demonetisation on the eve of 8th November 2016, shook the entire nation and it further raises doubts about the functioning of financial institutions and their control framework.
Although, it’s a known fact that none of the security systems could be foolproof, but at the same time, what matters is that how quickly an organisation is able to detect the occurrence of any unsolicited event in its system and fix the loopholes “at the origin itself”, before the situation turns into an uncontrollable monster. Now, this is the grey area which I want to highlight in this blog.
Post demonetisation step was taken by the Government of India, a lot many cases of alleged involvement of bank staff in illegal conversion of old notes of Rs. 500 and Rs. 1000 have been unearthed by the Income Tax Department and the Enforcement Directorate, and the hunt is still going on. Surprisingly, most of these cases which involved a huge sum of money have been detected by the outside agencies namely Income Tax Department/Enforcement Directorate and not by the Bank themselves. This indeed is an alarming situation for any organisation and should be an eye-opener, especially for their Management. It indicates that there are certain areas which demand utmost seriousness and urgency. It’s a high time for the management to investigate into the core reasons which led to such lapses in their respective organisation.
There are a lot of questions that need to be answered. What went wrong? What lured the “educated staff” of banks towards getting involved in money laundering cases on such a large-scale? Why banks could not identify the happening of such frauds at the inception stage itself? Above all, the most important question to be asked is that, was it actually possible to curtail such fraudulent events or not? Although, enquiries in all such cases are being conducted by both the bank management, as well as, the external agencies, but any such enquiry would not lead to a conclusive end till a root-cause analysis of such events is done and the learnings are imbibed in the working style of the organisation, in order to, reduce the chances of occurrence of any such events in the future.
Herewith, let me make it very clear that these learnings are not restricted to the financial institutions alone, rather every business house and professional need to take learning’s from such events and thereby take steps to tighten up the controls in their respective organisation in order to minimize the chances of occurrence of such events in future.
Other than the commonly identified reasons like flaws in controls, the absence of proper checking mechanism, malicious intentions of the person’s involved, etcetera there are always some basic reasons or lapses which do not get accounted in the routine investigations. It is interesting to note here that the main reasons/lapses behind happening of any kind of unsolicited events like frauds, accidents, attacks, etcetera are usually very basic in nature, which obviously we tend to ignore in the long run and that eventually results in a bigger loss. Similarly, in the current frauds, there are two major lapses which the financial institutions somewhere ignored or maybe took them too casually, which subsequently resulted in heavy monetary losses, as well as, loss of their brand image. The two major lapses are –
Installation of CCTV Cameras – “Fear of being watched” is the very first step towards curbing the increasing crimes. The graph of crimes falls drastically if people with malicious intentions have a fear that they are being watched. So, any risk prone organisations like financial institutions should be under tight surveillance. Hence, the mechanism like installation of Close-Circuit Television Cameras (CCTV Cameras) in every financial institution (irrespective of the size, location or business it handles) should be the top most priority of its Management, as well as, the Reserve Bank of India (RBI). Gadgets like CCTV serves as a third eye of the management, by which they can keep a watch on the activities going at the remote places, especially in a war like situations as demonetisation when the flow of cash is too much.
On the contrary, as per the information available on The Reserve Bank of India (RBI) website and The Banking Codes and Standards Board of India (BCSBI) website, it seems as if neither the RBI nor the financial institutions find the installation of CCTV Cameras much effective in comparison to the ‘COST’ involved. The below-mentioned details speak for itself.
As per the RBI Circular RPCD.CO.RRB.BC.No.98/03.05.28/2008-09, dated April 21, 2009, named “Security Arrangement in bank branches – Regional Rural Banks” under the sub-heading Currency Chest Branches it is mentioned that “Modern electronic security gadgets viz. CCTV, alarm system, sensors, electronic locks, hot lines, auto-dialers etc. may be installed at all major bank branches holding large amount of cash”. (Reference: RBI website https://www.rbi.org.in/scripts/BS_CircularIndexDisplay.aspx?Id=4939). Similarly, another RBI circular RBI/2013-14/602 DCM (CC) No.G-20/03.39.01/2013-14, dated May 23, 2014, named CCTV Coverage of all cash handling operations in Currency Chests mentions that CCTVs surveillance should also cover all cash operations in the vaults/strong rooms and other cash handling areas to identify any mischief/irregularity (Reference: RBI website https://www.rbi.org.in/scripts/BS_CircularIndexDisplay.aspx?Id=4939).
The above two circulars reflects that RBI has advised/instructed the banks to install modern electronic security gadgets only at the major bank branches holding large amount of cash or CCTV coverage of all cash handling operations in Currency Chests i.e. those selected branches of scheduled banks which are authorised by the RBI to facilitate distribution of notes and coins. Hence, the guidelines of RBI itself don’t make it mandatory to install CCTV in all the branches of banks.
Further, as per the details available on the website of BCSBI – The Chairman, BCSBI and members of the Governing Council held a conference of Principal Code Compliance Officers and faculty of member banks in Mumbai on February 12, 2011. Wherein, one of the issues raised by member banks, as mentioned against Serial No. 23, is that “As per para 9.1 of Code, banks need to install CCTV for close surveillance as part of security arrangements. This may not be required at Rural and smaller towns”. Against which the BCSBI clarification is that “It is for the banks to assess the security environment of their offices and determine their need to install CCTV for surveillance”. (Reference: BCSBI website http://www.bcsbi.org.in/MB_PrincipalCodes_12Feb2011.html)
So, the stand of banks, in installing CCTV for surveillance, is reflected in the above-mentioned representation, wherein they have very clearly demarcated the need for installation of CCTV cameras based on “location of bank branches”. Thus, the bank management is also of the view that the cost involved in the installation of CCTV cameras in all the branches, far exceeds the benefits it will fetch. However, let me make it very clear that this doesn’t mean that these so-called rural or small town branches are less prone to cash related risks.
Hence, from the above-mentioned discussion, it is very much clear that neither the RBI nor the banks, consider it necessary to install CCTV cameras in all the bank branches, simply because of precedence to Cost over Security. So, in this way, the governing body i.e. RBI, as well as, the bank management unintentionally gave a free hand to the culprits by ignoring the very first step of curbing crimes i.e. Fear of Being Watched.
Implementation of Whistle Blower Policy – If any organisation is not able to detect the occurrence of any fraudulent event in their system “on its own” then it’s a matter of serious concern for that organisation. It calls for some immediate actions to be taken by the organisation like enhancing the security features, strengthening the monitoring and control procedures and, at the same time, evaluating the Whistle Blower Policy of the organisation. Non-detection of fraudulent events somehow indicates that either there is no Whistle Blower Policy in the organisation or else it is not being implemented in the right spirit.
To understand the role of a properly implemented Whistle Blower Policy, in simple terms, let us take the example of the current frauds that happened in any of the bank branches. Now, do you think that all the person’s working in that specific bank branch, including the off-role staff, was involved in that fraud? Was the entire branch corrupt? Is it possible that no one else other than the fraudster knew that there was something fishy going on in the branch? Was there no honest person in the branch? If you think that there is even a slight possibility of the presence of an honest person in that branch, who had some clue about anything illegal going on in the branch then that person could have been the Whistle Blower for the bank.
In the present case, the Whistle Blower would have helped the bank in identifying the fraud at its nascent stage and in turn would have saved the bank from incurring huge losses. However, it works only when an organisation realizes the importance of having a Whistle Blower Policy that is clearly documented, communicated and implemented in the right spirit. Only then any organisation could think of detecting and fixing the loopholes “at the origin itself” and thereby stop any unsolicited situation from turning into an uncontrollable monster.
Since most of the current fraud cases were detected by an outside agency and not the banks themselves, so now the ball is in the bank’s court to analyse and decide whether the Whistle Blower Policy (if at all) is properly implemented in their organisation or not. Do note that there is a vast difference in having a documented process, just for the sake of complying with the rules and regulations, vis-à-vis having a process implemented in the right spirit.
As per my view, if the culprits had the “Fear of Being Watched” and there was a properly implemented Whistle Blower Policy then the situation would have been much different from the present one. At least the banks would have been in a far better position to detect such frauds at the inception stage. And, indeed the early identification of some fraud cases would have curtailed such fraudulent events from growing into such large numbers.
I would like to conclude this blog with the hope that each one of us takes learning from these incidences and strengthen the controls at our workplace so that such events don’t occur in future. At the same time, I also hope that we do have proper communication channels, where a Whistle Blower’s voice is heard and acted upon by the authorized persons with utmost secrecy. Let us all strive together to make our organisations a secure place with stringent controls all around.
God Bless you all!
Be in touch.
Peyush Jain
Peyush Jain 