22 Banks have been fined by RBI for KYC failures. The fines range from Rs 0.50 lakhs in the case of Ratnakar Bank to rs 3.002 crores in the case of IOB. Most other Banks have been fined between 2.50 to 3.0 crores.
The complete list of Banks and the fines imposed is available here:
This is in addition to the three Banks who were fined last month. In this set of fines, RBI imposed a penalty of Rs. 5 crore imposed on Axis Bank, Rs. 4.5 crore on HDFC Bank and Rs. 1 crore on ICICI Bank.
Naavi
As discussed in this column earlier, one more fraud on an Exporter has been reported from Delhi involving diversion of export proceeds.
The loss reported in the Delhi fraud is US$31000 (Rs 18 lakhs). The two other frauds reported from Bangalore were of the order of Rs 50 to 80 lakhs. This indicates that the average losses in these frauds is very high.
Pune has also reported 6 such cases in the last 6 months. Report in TOI
These frauds are targeting both Importers and Exporters. As regards losses to exporters, the loss has to be borne by the ECGC.
In order to avoid the litigation, loss of business relationship and other adverse effects on the exporters and importers, urgent action is required from the end of RBI and ECGC.
Naavi
OPEN LETTER TO RBI AND ECGC
To
Reserve Bank of India
Exchange Control Department
Mumbai
and
ECGC of India
Mumbai
Sub: Increasing Hong Kong Risk for Importers and Exporters from India
Dear Sir
I have recently come across two instances of Cyber Frauds which have been targeted at the Importers and Exporters from India which involves Hong Kong as the center of money laundering where the money due to be paid to the Indian businessman was diverted into a false Bank account in Hong Kong. One of the cases involved an importer importing goods from China and another involved an Exporter exporting to Russia.
In both cases, the fraudsters sent e-mail communications to the paying party impersonating as the receiving party and asking the payment to be made to the credit of a Hing Kong Bank account instead of what was originally agreed to.
As a result of these two instances alone, a sum of around Rs 135 lakhs in foreign exchange has not been received by India. The Exporter would now face a loss which will be a liability on the ECGC. The importer has made a payment in foreign exchange without a corresponding import of the equipment leading to his facing liabilities under FEMA.
I consider that these are not isolated incidents and are also not the only two incidents that have occurred. I suspect that all over India by this time several such incidents must have taken place and this will result in huge losses to ECGC besides many of the genuine Importers and Exporters. This will also lead to a higher NPA incidence at Banks.
There is therefore an urgent need for both RBI and ECGC to take remedial action including a criminal action against the fraudulent parties in Hing Kong. Such action cannot be undertaken by the individual parties and has to be front ended by ECGC. The Government of India also need to take up the matter with the respective countries namely Hong Kong, China and Russia since there is a distinct possibility of involvement of local employees of different organizations in each of these countries.
I request RBI and ECGC to immediately caution all exporters as well as Banks about this new modus operandi of Cyber Criminals and advise remedial action.
If more information is required on the two cases referred to from here which are from Bangalore, the organizations may contact me.
Regards.
Naavi
The owner and an IT official of Vast India Pvt Ltd (VIPL), a company in Mumbai were arrested by Mumbai police for alleged violation of ITA 2008. The dispute arose with the data of 3.22 lakh candidates appearing for the Maharashtra Public Service Commission examination got deleted from the MPSC server causing a postponement of the examinations.
The report states that the arrested persons were trying to flee from Solapur. The alleged motive is that the two persons wanted to discredit MPSC and hence indulged in the crime.
At this point it is not clear if VIPL was maintaining the data and were negligent in maintaining the security of the system which caused the data loss or there is any evidence as to the malicious intention of the accused.
According to the report, it was the MPSC’s internal probe which “revealed” that there was no virus. This needs to be established by an independent forensic evaluation since it is difficult to trust the capability of MPSC to come to a proper conclusion in this regard.
It is stated that the Police have seized certain hard disks and are investigating the cause for the data loss.
Naavi
When the Chairman of a Group which applies for Banking license happens to be a Director of RBI for the last 6 years and continues to be so while the license application is being processed, do we need a second opinion on whether there is any conflict of interest?
The debate about whether there is any conflict of interest or not due to the application of Aditya Birla Nuvo Limited for Banking license amongst the 26 applicants appears strange. How can it be otherwise?
For the Company to say that “There is no conflict” is to be expected. But it is surprising that RBI says that it will refer the matter to the Government to decide if there is any conflict.
A senior official of SEBI has reported to have commented that
“.. till the company was considering applying for the licence and was weighing its options it was fine for the chairman to continue to be on the RBI’s board but then he should step down when the application is taken up for consideration. This is similar to a situation where a father is present on the panel interviewing his own son. There is always a possibility that the panel is influenced even if the person excuses himself from interviewing his son. The Birlas are a reputed group and the chairman will definitely take the right decision of stepping down as director of the RBI board when the time comes”
Some have suggested that Mr Kumar Mangalam Birla should recuse himself from Board meeting where the licenses are likely to be discussed. Some have stated that he should resign.
In our opinion, a person who has been a director for the last six years will continue to exercise influence on the decision of the Board in a situation like this even after he goes out. The statements from the group indicate that they donot accept that there is a conflict and are also expressing the confidence that they will get the license. This actually increases the perception of conflict and any decision in their favour will only vitiate the sanctity of the selection process.
Naavi has already suggested that there should be a transparent process of selection with the publication of the business plans submitted by the licensees and the reports to be submitted on each of the applicants by the selection panel. This would to some extent reduce the perception of unfairness in the allocation of licenses.
However, the only clear solution to the resolution of conflict is for RBI to reject the application of Aditya Birla Group.
The decision of RBI not to rule out the application due to conflict of interest and instead referring it to the Government is therefore an abdication of its responsibility and a first confirmation that political powers will determine who will get the licenses in this round of Bank licensing.
If my hunch is right, since Mr Subbarao will retire as the RBI Chairman, the Government will appoint a suitable person as the next chairman and ensure that the favoured real estate companies and share brokers will all get Banking license so that they can return the favour to their political masters in the days to come.
Naavi
Related Articles:
Will look into conflict of interest issue in Birla bank licence plea
Confident of getting bank licence: Kumar Mangalam Birla
Recuse or resign, that’s the question for Birla now
RBI to look into ‘conflict of interest’ in AB Nuvo’s bank bid
Communist Party voices concern over Birla’s role at RBI
“Mandatory Sanctions” as a part of the Information Security policy has been advocated by HIPAA way back in 1996 and is being increasingly accepted as a necessary part of a good Information Security policy. The theory of Information Security Motivation advocated by the undersigned also provides an important role for mandatory “Sanctions” to ensure that intended information security measures are implemented in practice.
Now the EU has issued a directive that indicates that employersSupervisory employees of organizations who donot take appropriate measures when cyber crimes are committed by their employees could themselves have to face the consequences. The rules allow member states to serve punishment even if an employee carried out hacking without bosses’ knowledge.
The detailed text of the directive is available here.
Basically the directives impose a responsibility for “Due Diligence” and failing which criminal liability may attach on the executives of the company.
This is the concept of “Vicarious Liability” inherent in ITA 2008 both under Section 85 and Section 79.
The directive expects that member states shall impose penalties that are effective, proportionate and dissuasive criminal penalties. An interesting provision is
Member States shall take the necessary measures to ensure that a legal person held liable pursuant to Article 10(1) is punishable by effective, proportionate and dissuasive sanctions, which shall include criminal or non-criminal fines and which may include other sanctions, such as:
(a) exclusion from entitlement to public benefits or aid;
(b) temporary or permanent disqualification from the practice of commercial activities;
(c) placing under judicial supervision;
(d) judicial winding-up;
(e) temporary or permanent closure of establishments which have been used for committing the offence
Naavi writing on “Will RBI disclose “Sanction Mechanism” to enforce sanctity of Banking license conditions?” in the context of the new Banking licenses in India had highlighted the need for RBI to disclose what sanctions it would impose on the Banks for failing to meet the regulatory requirements.
In the past RBI has not been able to impose its own regulations on the Banks and hence Banks in India openly indulge in money laundering, flout ITA 2008, flout RBI guidelines on Internet Banking and force customers to accept illegal operating conditions. These have been increasingly exposed in some adjudication proceedings against leading Banks such as ICICI Bank, Punjab National Bank, Axis Bank etc. Violations of RBI guidelines and law have been brought to the attention of RBI also with a request for cancellation of the licenses of the erring branches. RBI however has failed to respond with such strict sanctions and allowed the weak information security in Banks to continue and take the toll of the customers.
RBI should now observe the clear directives in the EU guideline and see the merit in the demand of the undersigned that closure of a few erring branches of Banks will make them realize that they cannot continue to take the customers for granted.
Similarly when it comes to the norms for licensing that RBI has set up for the 26 applicants, RBI should ensure that along with the licensing norms, the sanctions for non compliance should also be disclosed and implemented without fear or favour.
Naavi
