The Rs 11500 crore fraud in India in Punjab National Bank (PNB) was a fraud which was waiting to happen due to the negligence of the Bank and the software developers supporting the Banking operations.
It appears that those who developed the Core Banking software for the Bank had no understanding of the nature of controls that were required to prevent misuse of “Non Funded Lending”. If money goes out of a lending transaction, it might be captured by the system. But when only a “Letter” goes out “Undertaking a liability to pay contingent to an event of default by a customer”, it may not get into the books until the liability fructifies.
If the liability does not fructify and the letter is issued for a period which lapses, no problem arises to the Bank except for the opportunity loss of a “Commission”.
Such activities lend itself to “Kite flying” frauds which is what has happened in this case. In the past the Harshad Mehta Scam.was in similar mould. Even the Satyam Computer fraud was also of the same nature. In all these cases, certain false papers were floated around on the basis of which another third party lent funds. When such kite flying frauds miss a repayment cycle, it would snow ball into a major scam with a casacading effect.
It is ironic that the name of the fraudster is Nirav Modi and the Congress would be happy to use the occasion to place the blame on Mr Narendra Modi as if Rs 11500 crores has gone to his pockets. Mr Rahul Gandhi who is an expert at spreading falsehood will soon start speaking about this fraud in the Karnataka elections. It would not help if Mr Nirav Modi has left the country and is absconding.
Compared to Mr Vijay Mallya’s case which appeared to be caused out of a business failure of the companies of Mr Mallya, this fraud is of a more criminal nature since it involves “Forgery” of a document in the name of PNB. Hence the kind of protection Mr Mallya may get from international legal processes for not forcing his return to India may not hold for Mr Nirav Modi. Once he is located, he can be quickly arrested in the foreign soil with the help of Interpol and brought back to India.
It is critical for such speedy action to categorize this scam as a result of a “Forgery”. The forgery is because a false unauthorized letter of undertaking has been issued by some of the officials of PNB. Since these letters were issued without proper authorization, they have no legal validity.
Whether the beneficiary of the letter can go behind the unauthorized letter and claim the money from PNB has to be evaluated from the terms of the letter. If the liability arises any time after the public notice of the fraud has been received, then the beneficiary cannot make any claim on PNB.
For the contingent liabilities to fructify, the cause of action should be before the date of publication of the fraud and and the demand should be immediately thereafter.
Whiles frauds using “Contingent Obligations” issued in the name of a Bank or another organization are not new, in this particular case, one can identify the failure of the internal controls of PNB in not properly recording the message sent out of SWIFT undertaking a liability as part of the Bank’s contingent liabilities in the balance sheet.
It is also supposed that no “Digital Signature” was used in the process of signing the letter of undertaking and it was an “Un-digitally signed” letter from the Bank sent out of a system where authentication was based only on password.
This is the failure of the design of the Banking software developed by large companies such as Infosys and used by all major Banks in India and abroad. The software developers only focus on functional aspects of the software and unless there is a domain specialist to assist the developer in understanding the fraud risks, they end up developing software which is not properly designed. The CBS used by PNB is one such software that appears to have not been developed by a proper Techno Banking professional team.
Unless Banks in India and the software companies providing CBS software donot understand the Fraud prevention requirements to be built into the software, we will continue to see more of such frauds not only in the Banking domain but also in other fields.
I recall one of the early software architecture suggestions given by the undersigned to a broking firm where I had suggested control in the form of using accounting principles to track the risks of trading from the placing of the orders to the realization of money from the client etc. Though it was not implemented, it appears that the PNB fraud would have been caught by such a design.
For the records however, we need to remember that
a) not all of Rs 11500 crores will become a loss to PNB. PNB has to immediately send notices to recall all such undertakings and freeze their operations. They should give notices that these are forged letters not binding on the Bank. If there is any leal fall out arising out of this in international Courts, it should be faced.
b) This is a case of forgery and not a case of business failure like that of Mr Mallya and hence extradition from whichever country Mr Nirav Modi is in is not going to be tough.
c) PNB and other banks should review their software systems to ensure that they capture all contingent liabilities for which there could be a simple solution.
d) RBI should recognize that the failure of PNB and the CBS ( Finacle) as part of their supervision failure.
e) Media should not create false propaganda and fear mongering that Rs 11000 crores might have been siphoned off. Most of these may be in the form of loans against assets and if they are recovered, most of the losses can be recouped.
f) Congress will keep shouting and this should be ignored.
g) The Government should not lose time in taking swift action across the globe and confiscate as may properties of Mr Nirav Modi as possible even before full legal process is initiated.
h) Courts and Anti-National Lawyers should be prevented from placing hurdles in the recovery of money which is of paramount importance now.
If proper action is taken the adverse impact of the fraud can be managed. At the same time proper corrective measures must be initiated for the future. “FINACLE” as a product appears to require a complete overhaul and hopefully the software companies involved must act immediately.