PNB Scam: A Year Before the Scandal Broke, No Red Flags in RBI’s Assessment Report

The RAR’s findings for FY’17 shed light on a range of operational risks, but do little justice to the structural holes that allowed Mehul Choksi and Nirav Modi to get away with the Rs 11,000 crore scam.

Listen to this article:

Note: This is the first in a two-part series. The second part will deal with the FY’18 RAR report, which was prepared in the aftermath of the Nirav Modi and Mehul Choksi scam.

New Delhi: The Reserve Bank of India’s sensitive inspection report for Punjab National Bank (PNB) in FY’17 a year before the Nirav Modi and Mehul Choksi scandal broke is replete with examples of operational risks at the public sector lender but ultimately does little to warn of the massive controversy that would emerge a year later.

These confidential reports, which were accessed by The Wire through a Right to Information (RTI) request, are more formally referred to as ‘risk assessment reports’ (RAR) and take place under the RBI’s SPARC framework through which oversight is maintained over scheduled commercial banks.

The SPARC process is fairly comprehensive: the assessments also have an on-site inspection component and are supposed to bring out the deficiencies in a bank’s risk management and processes, as well as provide an effective report card of the lender’s overall functioning.

The FY’17 RAR for PNB highlights a wide array of potential risks and violations, which range from minor issues to slightly more serious problems.

PNB Inspection Report 2017 by The Wire on Scribd

For instance, it describes the involvement of the bank’s senior management in daily affairs as “inadequate”, citing how the majority of irregularities observed in the FEMA (Foreign Exchange Management Act) audit for FY ‘17 were “repeat observations” of the previous year, indicating a “lack of sustainability of compliance”.

The report also notes that there was “inadequate monitoring of overseas exposures, exposure to NBFCs, restructured accounts…” by the senior management.

And, more importantly,  even though there were instances of “serious frauds reported in many branches”, PNB had not classified these branches as “high risk”.

The public sector lender also apparently failed to classify certain accounts as special mention account (SMA) (standard as on March 31, 2016) which had already slipped to non-performing asset (NPA) as on March 31, 2017, which the RBI says signified “gaps in effective control”.

To top it off, the report notes: “There were many instances of KYC/AML [know-your-customer/anti money laundering] lapses and other customer information not being correctly assessed/captured…”

Overall, out of a compliance audit that was carried out for 3,107 “items”, wrong reporting of compliance was observed in 373 cases, a little over 12%.

Also read: Why This Is Not the Right Time To Allow Corporate Ownership in Indian Banks

Nirav Modi, Mehul Choksi

But ultimately, the RAR’s findings in FY’17 do little to in terms of examining the specific structural holes that allowed Mehul Choksi and Nirav Modi to get away with the Rs 11,000 crore scam.

This includes gaps in the SWIFT infrastructure particularly, the lack of linking it to the bank’s core banking solution (CBS) and the poor performance of the bank’s internal auditing team.

To be fair, the RBI’s FY’17 report does make a few adverse remarks on the “quality of internal audit”, but largely in measured and neutral terms.

“The quality of internal audit was affected due to inadequate human resources, lack of desired skill-set, non-adherence of stipulated times and absence of suitable enforcement measures in case of critical lapses by retired officials,” the report says.

It also does highlight that there was “no STP [straight-through processing] integration between CBS and various critical applications” and that CBS and K+TP (Treasury back Office) applications “were not integrated”.

But, as the FY’18 RAR shows, with hindsight of course these were major flaws that perhaps should have been given more attention in a report whose sole purpose is to determine a bank’s risk and how well it is managing the same.

Also read: Months Before PNB Scam Blew Up, Nirav Modi Bought Property for Family in New York

Whose fault?

In February 2018, the late Arun Jaitley took a potshot at the RBI in the aftermath of the PNB scandal.

“Regulators ultimately decide the rules of the game and regulators have to have a third eye which is to be perpetually open. But unfortunately in the Indian system, we politicians are accountable, the regulators are not,” the former finance minister had said, without specifically referring to the fraud committed by diamantaires Nirav Modi and Mehul Choksi.

Weeks later, the-then Central Vigilance Commissioner K.V. Chowdary also took the central bank to task, saying there had been “no apparent audit” by the RBI during the period of the scam.

The central bank’s defence at that time was that it had “very limited” powers to govern public sector banks and that it had alerted all lenders as to the potential malicious use of SWIFT infrastructure as far back as August 2016.

While there is plenty of blame to go around in India’s governance ecosystem, these RAR reports, the second of which will be published in Part II of this series, shed new light on the central bank’s oversight process.