India’s banking community was rocked last year with the news that Punjab National Bank (PNB), India’s second largest government-owned bank, was defrauded of $1.77 billion over a seven-year period. It is the biggest case of bank fraud in India’s history.
It started when Nirav Modi, an international businessman and high-profile jeweler to the stars, needed loans to purchase oversees diamonds and other precious stones for his business. His company requested LoUs from PNB to secure these low-cost foreign loans to pay suppliers across the globe. The Brady House branch in Mumbai, managed by Deputy Branch Manager Gokulnath Shetty, granted him LoUs with no cash margin (it is usually 100%), no credit limit, and no required 90-day repayment terms. When the loans came due, rather than pay them off, Modi simply requested another LoU from PNB and Shetty would send it, allowing Modi to continue to receive funds to import his goods.
Because Shetty operated directly through the SWIFT system without registering the transaction with PNB’s Core Banking System (CBS), there was no history of any of these transactions. Furthermore, Shetty was responsible for both making and checking entries, a segregation of duties conflict that allowed him to operate undetected. This could have been prevented with a segregations of duties tool such as Security Weaver’s Separations Enforcer.
There were multiple additional violations, including Shetty sharing SWIFT code passwords with other employees to approve transactions while he was on leave, and Shetty’s multiple transfer orders to other branches being ignored or overturned. This went on for seven years, with no repayment of the loans and the oversees banks continuing to accept LoUs on the promise of PNB’s good name.
The internal controls PNB was using to manage its banking processes were inadequate. There was no mechanism in place, for example, to ensure that SWIFT transactions were being recorded in the system, and no way to check that those transactions were matched to the appropriate LoUs. Here are a few more examples of some controls that, had they been implemented and monitored appropriately, would have prevented PNB’s $1.7 billion loss:
1. Flag any LOU issued without collateral
2. Flag any LoU issued with more than a 90-day repayment period
3. Flag frequent release of LoUs to the same beneficiary
4. Flag a high number of LoUs issued to the same beneficiary
5. Flag any SWIFT transactions for LoUs without collateral
How many other banks are sitting on a similar time bomb? Beyond their own losses, how will that affect their supply chain? Remember, PNB’s partners are potentially on the hook for some of those losses. Do you know If the partners you do business with have adequate controls in place? What will it cost you if they don’t? And are your controls sufficient to protect your company from similar cases of fraud or mismanagement?
Security Weaver’s Process Auditor offers an automated, continuous controls platform designed to help organizations visualize and catch risk patterns within their system at the core process level. Process Auditor’s 130 out-of-the-box templates allow companies to streamline the design, development, and documentation required to deploy process controls for Order to Cash, Procure to Pay, Development to Production, Hire to Retire, and Financial Reporting. For example, enterprises can immediately detect and prevent duplicate payments or detect and alert whenever an employee and a supplier have the same bank account.
Click here for more information about how Process Auditor can help you create a secure, continuously monitored controls environment.