Listen to this article:
Note: This is the first in a two-part series. The second part will deal with the FY’18 RAR report, which was prepared in the aftermath of the Nirav Modi and Mehul Choksi scam.
New Delhi: The Reserve Bank of India’s sensitive inspection report for Punjab National Bank (PNB) in FY’17 – a year before the Nirav Modi and Mehul Choksi scandal broke – is replete with examples of operational risks at the public sector lender but ultimately does little to warn of the massive controversy that would emerge a year later.
These confidential reports, which were accessed by The Wire through a Right to Information (RTI) request, are more formally referred to as ‘risk assessment reports’ (RAR) and take place under the RBI’s SPARC framework through which oversight is maintained over scheduled commercial banks.
The SPARC process is fairly comprehensive: the assessments also have an on-site inspection component and are supposed to bring out the deficiencies in a bank’s risk management and processes, as well as provide an effective report card of the lender’s overall functioning.
The FY’17 RAR for PNB highlights a wide array of potential risks and violations, which range from minor issues to slightly more serious problems.
For instance, it describes the involvement of the bank’s senior management in daily affairs as “inadequate”, citing how the majority of irregularities observed in the FEMA (Foreign Exchange Management Act) audit for FY ‘17 were “repeat observations” of the previous year, indicating a “lack of sustainability of compliance”.
The report also notes that there was “inadequate monitoring of overseas exposures, exposure to NBFCs, restructured accounts…” by the senior management.
And, more importantly, even though there were instances of “serious frauds reported in many branches”, PNB had not classified these branches as “high risk”.
The public sector lender also apparently failed to classify certain accounts as special mention account (SMA) (standard as on March 31, 2016) which had already slipped to non-performing asset (NPA) as on March 31, 2017, which the RBI says signified “gaps in effective control”.
To top it off, the report notes: “There were many instances of KYC/AML [know-your-customer/anti money laundering] lapses and other customer information not being correctly assessed/captured…”
Overall, out of a compliance audit that was carried out for 3,107 “items”, wrong reporting of compliance was observed in 373 cases, a little over 12%.
Nirav Modi, Mehul Choksi
But ultimately, the RAR’s findings in FY’17 do little to in terms of examining the specific structural holes that allowed Mehul Choksi and Nirav Modi to get away with the Rs 11,000 crore scam.
This includes gaps in the SWIFT infrastructure – particularly, the lack of linking it to the bank’s core banking solution (CBS) – and the poor performance of the bank’s internal auditing team.
To be fair, the RBI’s FY’17 report does make a few adverse remarks on the “quality of internal audit”, but largely in measured and neutral terms.
“The quality of internal audit was affected due to inadequate human resources, lack of desired skill-set, non-adherence of stipulated times and absence of suitable enforcement measures in case of critical lapses by retired officials,” the report says.
It also does highlight that there was “no STP [straight-through processing] integration between CBS and various critical applications” and that CBS and K+TP (Treasury back Office) applications “were not integrated”.
But, as the FY’18 RAR shows, with hindsight of course – these were major flaws that perhaps should have been given more attention in a report whose sole purpose is to determine a bank’s risk and how well it is managing the same.
In February 2018, the late Arun Jaitley took a potshot at the RBI in the aftermath of the PNB scandal.
“Regulators ultimately decide the rules of the game and regulators have to have a third eye which is to be perpetually open. But unfortunately in the Indian system, we politicians are accountable, the regulators are not,” the former finance minister had said, without specifically referring to the fraud committed by diamantaires Nirav Modi and Mehul Choksi.
Weeks later, the-then Central Vigilance Commissioner K.V. Chowdary also took the central bank to task, saying there had been “no apparent audit” by the RBI during the period of the scam.
The central bank’s defence at that time was that it had “very limited” powers to govern public sector banks and that it had alerted all lenders as to the potential malicious use of SWIFT infrastructure as far back as August 2016.
While there is plenty of blame to go around in India’s governance ecosystem, these RAR reports, the second of which will be published in Part II of this series, shed new light on the central bank’s oversight process.