1. INTRODUCTION OF BANKS
1
1.1. EVOLUTION OF BANKING SYSTEM
Banking system occupies an important place in a nation’s economy. A banking institution is indispensable in a modern society. It plays a pivotal role in economic development of a country and forms the core of the money market in an advanced country. Banking industry in India has traversed a long way to assume its present stature. It has undergone a major structural transformation after the nationalization of 14 major commercial banks in 1969 and 6 more on 15 April 1980. The Indian banking system is unique and perhaps has no parallels in the banking history of any country in the world
2
2. WHAT IS FRAUD ? Fraud is defined as any behaviour by which one person intends to gain a dishonest advantage over another. In other words , fraud is an act or omission which is intended to cause wrongful gain to one person and wrongful loss to the other, either by way of concealment of facts or otherwise. Fraud is defined us 421 of the Indian Penal Code and us 17 of the Indian Contract Act. Thus essential elements of frauds are 1. There must be a representation and assertion; 2. It must relate to a fact; 3. It must be with the knowledge that it is false or without 4. It must induce another to act upon the assertion in Question or to do or not to 2.1. FRAUDS IN BANK – CONCEPTS Banks are the engines that drive the operations in the financial sector, which is vital for the economy. With the nationalization of banks in 1969, they also have emerged as engines for social change. After Independence, the banks have passed through three stages. They have moved from the character based lending to ideology based lending to today competitiveness based lending in the context of India’s economic liberalization policies and the process of linking with the global economy. While the operations of the bank have become increasingly significant banking frauds in banks are also increasing and fraudsters are becoming more and more sophisticated and ingenious. In a bid to keep pace with the changing times, the banking sector has diversified it’s business manifold. And the old philosophy of class banking has been replaced by mass banking. The challenge in management of social responsibility with economic viability has increased. belief in its truth; and
3
2.2
FRAUD IN BANKS
Losses sustained by banks as a result of frauds exceed the losses due to robbery, burglary and theft-all put together. Unauthorized credit facilities are extended for illegal gratification such as case credit allowed against pledge of goods, hypothecation of goods against bills or against book debts. Common modus operandi are, pledging of spurious goods, inletting the value of goods, hypothecating goods to more than one bank, fraudulent removal of goods with the knowledge and connivance of in negligence of bank staff, pledging of goods belonging to a third party. Goods hypothecated to a bank are found to contain obsolete stocks packed in between goods stocks and case of shortage in weight is not uncommon. An analysis made of cases brings out broadly the under mentioned four major elements responsible for the commission of frauds in banks. 1. Active involvement of the staff-both supervisor and clerical either independent of external elements or in connivance with outsiders. 2. Failure on the part of the bank staff to follow meticulously laid down instructions and guidelines. 3. External elements perpetuating frauds on banks by forgeries or manipulations of cheques, drafts and other instruments. 4. There has been a growing collusion between business, top banks executives, civil servants and politicians in power to defraud the banks, by getting the rules bent, regulations flouted and banking norms thrown to the winds.
4
2.3. FRAUDS IN DIFFERENT AREAS OF BANKS Savings Bank Accounts The following are some of the examples being played in respect of savings bank accounts (a) Cheques bearing the forged signatures of depositors may be presented and paid. (b) Specimen signatures of the depositors may be changed, particularly after the death of depositors, (c) Dormant accounts may be operated by dishonest persons with or without collusion of bank employees, and (d) Unauthorized withdrawals from customer’s accounts by employee of the bank maintaining the savings ledger and later destruction of the recent vouchers by them. Current Account Fraud The following types are likely to be committed in case of current accounts. (a) Opening of frauds in the names of limited companies or firms by unauthorized persons; (b) Presentation and payment of cheques bearing forged signatures; (c) Breach of trust by the employees of the companies or firms possessing cheque leaves duly signed by the authorized signatures; (d) Fraudulent alteration of the amount of the cheques and getting it paid either at the counter or though another bank. Frauds In Case Of Advances Following types may be committed in respect of advances (a) Spurious gold ornaments may be pledged. (b) Sub-standard goods may be pledged with the bank or their value may be shown at inflated figures.
5
3. RESERVE BANK OF INDIA
Establishment The Reserve Bank of India was established on April 1, 1935 in accordance with the provisions of the Reserve Bank of India Act, 1934. The Central Office of the Reserve Bank was initially established in Calcutta but was permanently moved to Mumbai in 1937. The Central Office is where the Governor sits and where policies are formulated. Though originally privately owned, since nationalisation in 1949, the Reserve Bank is fully owned by the Government of India. Preamble The Preamble of the Reserve Bank of India describes the basic functions of the Reserve Bank as: "...to regulate the issue of Bank Notes and keeping of reserves with a view to securing monetary stability in India and generally to operate the currency and credit system of the country to its advantage." Central Board The Reserve Bank's affairs are governed by a central board of directors. The board is appointed by the Government of India in keeping with the Reserve Bank of India Act.
6
? ?
Appointed/nominated for a period of four years Constitution:
o
Official Directors
?
Full-time : Governor and not more than four Deputy Governors
o
Non-Official Directors
?
Nominated by Government: ten Directors from various fields and one government Official
?
Others: four Directors - one each from four local boards
Functions : General superintendence and direction of the Bank's affairs Financial Supervision The Reserve Bank of India performs this function under the guidance of the Board for Financial Supervision (BFS). The Board was constituted in November 1994 as a committee of the Central Board of Directors of the Reserve Bank of India. Objective Primary objective of BFS is to undertake consolidated supervision of the financial sector comprising commercial banks, financial institutions and non-banking finance companies. Constitution The Board is constituted by co-opting four Directors from the Central Board as members for a term of two years and is chaired by the Governor. The Deputy Governors of the Reserve Bank are ex-officio members. One Deputy Governor, usually, the Deputy Governor in charge of banking regulation and supervision, is nominated as the Vice-Chairman of the Board. BFS meetings The Board is required to meet normally once every month. It considers inspection reports and other supervisory issues placed before it by the supervisory departments.
7
BFS through the Audit Sub-Committee also aims at upgrading the quality of the statutory audit and internal audit functions in banks and financial institutions. The audit sub-committee includes Deputy Governor as the chairman and two Directors of the Central Board as members. The BFS oversees the functioning of Department of Banking Supervision (DBS), Department of Non-Banking Supervision (DNBS) and Financial Institutions Division (FID) and gives directions on the regulatory and supervisory issues. Functions Some of the initiatives taken by BFS include: i. ii. iii. iv. restructuring of the system of bank inspections introduction of off-site surveillance, strengthening of the role of statutory auditors and strengthening of the internal defences of supervised institutions.
The Audit Sub-committee of BFS has reviewed the current system of concurrent audit, norms of empanelment and appointment of statutory auditors, the quality and coverage of statutory audit reports, and the important issue of greater transparency and disclosure in the published accounts of supervised institutions. Current Focus
? ? ? ? ?
supervision of financial institutions consolidated accounting legal issues in bank frauds divergence in assessments of non-performing assets and supervisory rating model for banks. Legal Framework
Umbrella Acts
? ?
Reserve Bank of India Act, 1934: governs the Reserve Bank functions Banking Regulation Act, 1949: governs the financial sector
8
Acts governing specific functions
?
Public Debt Act, 1944/Government Securities Act (Proposed): Governs government debt market
? ? ?
Securities Contract (Regulation) Act, 1956: Regulates government securities market Indian Coinage Act, 1906:Governs currency and coins Foreign Exchange Regulation Act, 1973/Foreign Exchange Management Act, 1999: Governs trade and foreign exchange market
?
"Payment and Settlement Systems Act, 2007: Provides for regulation and supervision of payment systems in India"
Acts governing Banking Operations
? ?
Companies Act, 1956:Governs banks as companies Banking Companies (Acquisition and Transfer of Undertakings) Act, 1970/1980: Relates to nationalisation of banks
? ? ?
Bankers' Books Evidence Act Banking Secrecy Act Negotiable Instruments Act, 1881
Acts governing Individual Institutions
? ? ? ? ? ?
State Bank of India Act, 1954 The Industrial Development Bank (Transfer of Undertaking and Repeal) Act, 2003 The Industrial Finance Corporation (Transfer of Undertaking and Repeal) Act, 1993 National Bank for Agriculture and Rural Development Act National Housing Bank Act Deposit Insurance and Credit Guarantee Corporation Act
9
Main Functions Monetary Authority:
? ?
Formulates, implements and monitors the monetary policy. Objective: maintaining price stability and ensuring adequate flow of credit to productive sectors. Regulator and supervisor of the financial system:
?
Prescribes broad parameters of banking operations within which the country's banking and financial system functions.
?
Objective: maintain public confidence in the system, protect depositors' interest and provide cost-effective banking services to the public. Manager of Foreign Exchange
? ?
Manages the Foreign Exchange Management Act, 1999. Objective: to facilitate external trade and payment and promote orderly development and maintenance of foreign exchange market in India. Issuer of currency:
? ?
Issues and exchanges or destroys currency and coins not fit for circulation. Objective: to give the public adequate quantity of supplies of currency notes and coins and in good quality. Developmental role
?
Performs a wide range of promotional functions to support national objectives. Related Functions
?
Banker to the Government: performs merchant banking function for the central and the state governments; also acts as their banker.
?
Banker to banks: maintains banking accounts of all scheduled banks.
10
Offices
?
Has 22 regional offices, most of them in state capitals. Training Establishments
Has six training establishments
?
Three, namely, College of Agricultural Banking, Bankers Training College and Reserve Bank of India Staff College are part of the Reserve Bank
?
Others are autonomous, such as, National Institute for Bank Management, Indira Gandhi Institute for Development Research (IGIDR), Institute for Development and Research in Banking Technology (IDRBT) 3.1. FUNCTION OF RBI IN FRAUDS
1.1 Incidence of frauds, robberies, etc., in banks is a matter of concern. While the primary responsibility for preventing frauds lies with banks themselves, the Reserve Bank of India (RBI) has been advising banks from time to time about the major fraud prone areas and the safeguards necessary for prevention of frauds. The Reserve Bank has also been circulating to banks, the details of frauds of an ingenious nature, not reported earlier so that banks could introduce necessary safeguards / preventive measures by way of appropriate procedures and internal checks. Banks are also being advised about the details of unscrupulous borrowers and related parties who have perpetrated frauds on banks so that banks could exercise caution while dealing with them. To facilitate this ongoing process, it is essential that banks report to RBI complete information about frauds and the follow-up action taken thereon. Banks may, therefore, adopt the reporting system for frauds as prescribed in following paragraphs. 1.2 The Chief Executive Officers (CEOs) of the banks must provide singular focus on the "Fraud Prevention and Management Function" to enable, among others, effective investigation in fraud cases and prompt as well as accurate reporting of fraud cases to appropriate regulatory and law enforcement authorities including Reserve Bank of India. 1.3 The fraud risk management, fraud monitoring and fraud investigation function must be owned by the bank's CEO, its Audit Committee of the Board and the Special Committee of the Board, at least in respect of high value frauds.
11
1.4 Banks may, with the approval of their respective Boards, frame internal policy for fraud risk management and fraud investigation function, based on the governance standards relating to the ownership of the function and accountability for malfunctioning of the fraud risk management process in their banks. The broad governance framework dictated by the above standard for ownership and accountability may rest on defined and dedicated organizational set up and operating processes. 1.5 A reference is invited as regards reporting of frauds involving Rs. 1.00 crore and above to Special Committee of the Board. 1.6 It has been observed that frauds are, at times, detected in banks long after their perpetration. Sometimes, fraud reports are also submitted to RBI with considerable delay and without complete information. On some occasions, RBI comes to know about frauds involving large amounts only through press reports. Banks should, therefore, ensure that the reporting system is suitably streamlined so that frauds are reported without any delay. Banks must fix staff accountability in respect of delays in reporting fraud cases to RBI. 1.7 Delay in reporting of frauds and the consequent delay in alerting other banks about the modus operandi and issue of caution advices against unscrupulous borrowers could result in similar frauds being perpetrated elsewhere. Banks may, therefore, strictly adhere to the timeframe fixed in this circular for reporting fraud cases to RBI failing which banks would be liable for penal action prescribed under Section 47(A) of the Banking Regulation Act, 1949. 1.8 A software package on 'Frauds Reporting and Monitoring System' was supplied to banks in June 2003 and subsequent revisions carried out in the above package were advised to banks vide RBI Circular . Banks are required to send the returns and data, as prescribed, in soft copy only (except in case of return which is required to be submitted both in hard and soft copies) to RBI Central Office as well as the concerned Regional Office of the Department of Banking Supervision under whose jurisdiction the bank's Head Office is situated. 1.9 Banks should specifically nominate an official of the rank of General Manager who will be responsible for submitting all the returns referred to in this circular.
12
1.10 Fraud Monitoring Cell at Department of Banking Supervision, Central Office will publish a directory of officers of banks/Financial Institutions (FI) responsible for reporting of Frauds etc in January every year. Banks/Financial Institutions should furnish to Department of Banking Supervision, Central Office Fraud Monitoring Cell any changes in the names of officials that will be necessary for inclusion in the directory by December 15 every year.
3. 2. REPORTING OF FRAUDS TO RESERVE BANK OF INDIA 3.2. .1 Frauds involving Rs 1 lakh and above 3.1.1 Fraud reports should be submitted in all cases of fraud of Rs. 1 lakh and above perpetrated through misrepresentation, breach of trust, manipulation of books of account, fraudulent encashment of instruments like cheques, drafts and bills of exchange, unauthorised handling of securities charged to the bank, misfeasance, embezzlement, misappropriation of funds, conversion of property, cheating, shortages, irregularities, etc. 3.1.2 Fraud reports should also be submitted in cases where central investigating agencies have initiated criminal proceedings and/or where the Reserve Bank has directed that they be reported as frauds. 3.1.3 Banks may also report frauds perpetrated in their subsidiaries and affiliates/joint ventures. Such frauds should, however, not be included in the report on outstanding frauds and the quarterly progress reports referred to in paragraph 4 below. 3.1.4 Soft copy of the reports on frauds in FMR formats should be submitted to the Central Office of the Department of Banking Supervision (DBS). Within three weeks of detection of fraud involving Rs. 5.00 lakh and above the copy of FMR-1 should be submitted to the Central Office, DBS and the Regional Office (RO) DBS under whose jurisdiction the Head office of the bank falls and the RO of DBS under whose jurisdiction the branch where the fraud occurs falls. Fraud reports in hard copy format (FMR-1) involving frauds of Rs.1.00 lakh and above and less than Rs. 5.00 lakh should be sent only to the concerned Regional Office of RBI, DBS.
13
3.2.2. Frauds committed by unscrupulous borrowers 3.2.1 It is observed that a large number of frauds are committed by unscrupulous borrowers including companies, partnership firms/proprietary concerns and/or their directors/partners by various methods including the following: i. ii. Fraudulent discount of instruments or kite flying in clearing effects. Fraudulent removal of pledged stocks/disposing of hypothecated stocks without the bank’s knowledge/inflating the value of stocks in the stock statements and drawing excess bank finance. iii. Diversion of funds outside the borrowing units, lack of interest or criminal neglect on the part of borrowers, their partners, etc. and also due to managerial failure leading to the unit becoming sick and due to laxity in effective supervision over the operations in borrowal accounts on the part of the bank functionaries rendering the advance difficult to recover. 3.2.2 In respect of frauds in borrowal accounts, additional information as prescribed under Part B of FMR – 1 should also be furnished. 3.2.3 Banks should exercise due diligence while appraising the credit needs of unscrupulous borrowers, borrower companies, partnership/ proprietorship concerns and their directors, partners and proprietors, etc. as also their associates who have defrauded the banks. In addition to above borrower- fraudsters, third parties such as builders, warehouse/cold storage owners, motor vehicle/tractor dealers, travel agents, etc. and professionals such as architects, valuers, chartered accountants, advocates, etc. are also to be held accountable if they have played a vital role in credit sanction/disbursement or facilitated the perpetration frauds. Banks are advised report to Indian Banks Association (IBA) the details of such third parties involved in frauds. Before reporting to IBA, banks have to satisfy themselves of the involvement of third parties concerned and also provide themwith an opportunity of being heard. In this regard the banks should follow formal procedures and the processes followed should be suitably recorded. On the basis of such information, IBA would, in turn, prepare caution lists of such third parties for circulation among the banks.
14
3.2.4. Frauds in borrowal accounts having multiple banking arrangements Certain unscrupulous borrowers enjoying credit facilities under "multiple banking arrangement” after defrauding one of the financing banks, continue to enjoy the facilities with other financing banks and in some cases avail even higher limits at those banks. In certain cases the borrowers use the accounts maintained at other financing banks to siphon off funds by diverting from the bank on which the fraud is being perpetrated. This is due to lack of a formal arrangement for exchange of information among various lending banks/FIs. In some of the fraud cases, the securities offered by the borrowers to different banks are the same. In view of this, all the banks which have financed a borrower under 'multiple banking' arrangement should take co-ordinated action, based on commonly agreed strategy, for legal / criminal actions, follow up for recovery, exchange of details on modus operandi, achieving consistency in data / information on frauds reported to Reserve Bank of India. Therefore, bank which detects a fraud is required to immediately share the details with all other banks in the multiple banking arrangements.
3..3. Frauds involving Rs. 100.00 lakh and above In respect of frauds involving Rs. 100 lakh and above, in addition to the requirements given at paragraphs 3.1 and 3.2 above, banks may report the fraud by means of a D.O. letter addressed to the Chief General Manager in charge of the Department of Banking Supervision, RBI, Central Office, within a week of such frauds coming to the notice of the bank’s Head Office. The letter may contain brief particulars of the fraud such as amount involved, nature of fraud, modus operandi in brief, name of the branch/office, names of parties involved (if they are proprietorship/ partnership concerns or private limited companies, the names of proprietors, partners and directors), names of officials involved, and whether the complaint has been lodged with the Police/CBI. A copy of the D.O. letter should also be endorsed to the Regional Office of RBI under whose jurisdiction the bank's branch, where the fraud has been perpetrated, is functioning.
15
3.4 Cases of attempted fraud Cases of attempted fraud, where the likely loss would have been Rs. 1.00 crore or more had the fraud taken place, should be reported by the bank to the Fraud Monitoring Cell, Department of Banking Supervision, Reserve Bank of India, Central Office, Mumbai within two weeks of the bank coming to know that the attempt to defraud the bank failed or was foiled. The report should cover the following: • The modus operandi of the attempted fraud • How the attempt did not materialise in the fraud or how the attempt failed / was foiled. • The measures taken by the bank to strengthen the existing systems and controls • New systems and controls put in place in the area where fraud was attempted. Reports on such attempted frauds should be placed before the Audit Committee of the Board. Such cases should not be included in the other returns to be submitted to RBI. 3.5.. Quarterly Returns 3.5.1 Report on Frauds Outstanding 4.1.1 Banks should submit a copy each of the Quarterly Report on Frauds Outstanding in the format given in FMR – 2 to the Central Office and the Regional Office of the Reserve Bank under whose jurisdiction the Head Office of the bank falls within 15 days of the end of the quarter to which it relates. The data should be submitted in soft copy only. Banks which may not be having any fraud outstanding as at the end of a quarter should submit a nil report. 4.1.2 Part - A of the report covers details of frauds outstanding as at the end of the quarter. Parts B and C of the report give category-wise and perpetrator-wise details of frauds reported during the quarter respectively. The total number and amount of fraud cases reported during the quarter as shown in Parts B and C should tally with the totals of columns 4 and 5 in Part – A of the report 4.1.3 Banks should furnish a certificate, as part of the above report, to the effect that all individual fraud cases of Rs. 1 lakh and above reported to the Reserve Bank in FMR – 1
16
during the quarter have also been put up to the bank’s Board and have been incorporated in Part – A (columns 4 and 5) and Parts B and C of FMR – 2. 4.1.4 Closure of fraud cases Banks will report to the Frauds Monitoring Cell, RBI, Department of Banking Supervision (DBS), Central Office, Mumbai and the respective Regional offices of the DBS, the details of fraud cases closed along with reasons for the closure where no further action was called for. Fraud cases closed during the quarter are required to be reported in quarterly return FMR 3 and cross checked with relevant column in FMR-2 return before sending to RBI. Banks should report only such cases as closed where the actions as stated below are complete and prior approval is obtained from the respective Regional Offices of DBS i. ii. iii. iv. v. The fraud cases pending with CBI/Police/Court are finally disposed of. The examination of staff accountability has been completed The amount of fraud has been recovered or written off. Insurance claim wherever applicable has been settled. The bank has reviewed the systems and procedures, identified the causative factors and plugged the lacunae and the fact of which has been certified by the appropriate authority (Board / Audit Committee of the Board) vi. Banks should also pursue vigorously with CBI for final disposal of pending fraud cases especially where the banks have completed staff side action. Similarly, banks may vigorously follow up with the police authorities and/or court for final disposal of fraud cases and / or court for final disposal of fraud cases. Banks are allowed, for limited statistical / reporting purposes, to close those fraud cases involving amounts upto Rs.25.00 lakh, where: a. The investigation is on or challan/ charge sheet not filed in the Court for more than three years from the date of filing of First Information Report (FIR) by the CBI/Police., or b. the trial in the courts, after filing of charge sheet / challan by CBI / Police, has not started, or is in progress.
17
3.5.2. Progress Report on Frauds (FMR-3) 4.2.1 Banks should furnish case-wise quarterly progress reports on frauds involving Rs. 1.00 lakh and above in the format given in FMR – 3 to the Central Office of RBI, Department of Banking Supervision as well as the concerned Regional Office of the Department of Banking Supervision under whose jurisdiction the bank’s Head Office is situated, within 15 days of the end of the quarter to which they relate. 4.2.2 In the case of frauds where there are no developments during a quarter, a list of such cases with a brief description including name of branch and date of reporting may be furnished in Part – B of FMR – 3. 4.2.3 Banks which do not have any fraud involving Rs. 1.00 lakh and above outstanding may submit a nil report. 3.6.. REPORTS TO THE BOARD 3.6.1. Reporting of Frauds 5.1.1 Banks should ensure that all frauds of Rs. 1.00 lakh and above are reported to their Boards promptly on their detection. 5.1.2 Such reports should, among other things, take note of the failure on the part of the concerned branch officials and controlling authorities, and consider initiation of appropriate action against the officials responsible for the fraud. 3.6.2.Quarterly Review of Frauds 5.2.1 Information relating to frauds for the quarters ending March, June and September may be placed before the Audit Committeeof theBoard of Directors during the month following the quarter to which it pertains, irrespective of whether or not these are required to be placed before the Board/Management Committee in terms of the Calendar of Reviews prescribed by RBI. 5.2.2 These should be accompanied by supplementary material analysing statistical information and details of each fraud so that the Audit Committee of the Board would have
18
adequate material to contribute effectively in regard to the punitive or preventive aspects of frauds. 5.2.3 A separate review for the quarter ending December is not required in view of the Annual Review for the year-ending December prescribed below. 5.2.4 Banks are required to constitute a Special Committee for monitoring and follow up of cases of frauds involving amounts of Rs. 1.00 crore and above exclusively, while Audit Committee of the Board (ACB) may continue to monitor all the cases of frauds in general. The Special Committee should consist of CMD in case of public sector banks and MD in case of SBI/its Associates. In case of private sector banks, two members from ACB, two members from Board excluding RBI nominee. 5.2.5 The major functions of the Special Committee would be to monitor and review all the frauds of Rs. 1.00 crore and above so as to:
?
Identify the systemic lacunae if any that facilitated perpetration of the fraud and put in place majors to plug the same:
?
Identify the reasons for delay in detection, if any, reporting to top management of the bank and RBI:
? ?
Monitor progress of CBI/Police investigation and recovery position: Ensure that staff accountability is examined at all levels in all the cases of frauds and staff side action, if required, is completed quickly without loss of time:
?
Review the efficacy of the remedial action taken to prevent recurrence of frauds, such as strengthening of internal controls:
?
Put on place other measures as may be considered relevant to strengthen preventive measures against frauds.
All the frauds involving an amount of Rs 1.00 crore and above should be monitored and reviewed by the Special Committee of the Board in case of all Indian commercial banks. The periodicity of the meetings of the Special Committee may be decided according to the number of cases involved. In addition, the Committee should meet and review as and when a fraud involving an amount of Rs 1.00 crore and above comes to light.
19
5.2.6 The banks may delineate in a policy document the processes for implementation of the Committee's directions and the document may enable a dedicated outfit of the bank to implement the directions in this regard. 3.6.3.. Annual Review of Frauds 5.3.1 Banks should conduct an annual review of the frauds and place a note before the Board of Directors/Local Advisory Board for information. The reviews for the year-ended December may be put up to the Board before the end of March the following year. Such reviews need not be sent to RBI. These may be preserved for verification by the Reserve Bank’s inspecting officers. 5.3.2 The main aspects which may be taken into account while making such a review may include the following: a. Whether the systems in the bank are adequate to detect frauds, once they have taken place, within the shortest possible time. b. Whether frauds are examined from staff angle and, wherever necessary, the cases are reported to the Vigilance Cell for further action in the case of public sector banks. c. Whether deterrent punishment is meted out, wherever warranted, to the persons found responsible. d. Whether frauds have taken place because of laxity in following the systems and procedures and, if so, whether effective action has been taken to ensure that the systems and procedures are scrupulously followed by the staff concerned. e. Whether frauds are reported to local Police or CBI, as the case may be, for investigation, as per the guidelines issued in this regard to public sector banks by Government of India. 5.3.3 The annual reviews should also, among other things, include the following details: a. Total number of frauds detected during the year and the amount involved as compared to the previous two years. b. Analysis of frauds according to different categories detailed in Paragraph 2.1 and also the different business areas indicated in the Quarterly Report on Frauds Outstanding (vide FMR – 2).
20
c. Modus operandi of major frauds reported during the year along with their present position. d. Detailed analyses of frauds of Rs. 1 lakh and above. e. Estimated loss to the bank during the year on account of frauds, amount recovered and provisions made. f. Number of cases (with amounts) where staff are involved and the action taken against staff. g. Region-wise/Zone-wise/State-wise break-up of frauds and amount involved. h. Time taken to detect frauds (number of cases detected within three months, six months and one year of their taking place). i. Position with regard to frauds reported to CBI/Police. j. Number of frauds where final action has been taken by the bank and cases disposed of. k. Preventive/punitive steps taken by the bank during the year to reduce/minimise the incidence of frauds. 3.7. GUIDELINES FOR REPORTING FRAUDS TO POLICE/CBI 6.1 Private sector banks (including foreign banks operating in India) should follow the following guidelines for reporting of frauds such as unauthorised credit facilities extended by the bank for illegal gratification, negligence and cash shortages, cheating, forgery, etc. to the State Police authorities: a. In dealing with cases of fraud/embezzlement, banks should not merely be actuated by the necessity of recovering expeditiously the amount involved, but should also be motivated by public interest and the need for ensuring that the guilty persons do not go unpunished. b. Therefore, as a general rule, the following cases should invariably be referred to the State Police: i. Cases of fraud involving an amount of Rs. 1.00 lakh and above, committed by outsiders on their own and/or with the connivance of bank staff/officers. ii. Cases of fraud committed by bank employees, when it involves bank funds exceeding Rs. 10,000/-. c. Fraud cases involving amounts of Rs 1.00 crore and above should also be reported to the Director, Serious Fraud Investigation Office (SFIO), Ministry of Company
21
Affairs, Government of India. Second Floor, Paryavaran Bhavan, CGO Complex, Lodhi Road, New Delhi 110 003. Details of the fraud are to be reported to SFIO in FMR-1 Format. 6.2 Public sector banks should report fraud cases involving amount of Rs. 1 crore and above to CBI and those below Rs. 1 crore to local police, as detailed below: Cases to be referred to CBI (a) Cases of Rs. 1.00 crore and above upto Rs. 5.00 crore
? ?
Where staff involvement is prima facie evident – CBI (Anti Corruption Branch) Where staff involvement is prima facie not evident – CBI (Economic Offences Wing)
(b) All cases involving more than Rs.5.00 crore – Banking Security and Fraud Cell of the respective centres, which is specialised cell of the Economic Offences Wing of the CBI for major bank fraud cases. Cases to be referred to Local Police Cases below Rs.1 crore – Local Police. i. Cases of financial frauds of the value of Rs.1.00 lakh and above, which involve outsiders (private parties) and bank staff, should be reported by the Regional Head of the bank concerned to a senior officer of the State CID/Economic Offences Wing of the State concerned. ii. For cases of financial frauds below the value of Rs.1.00 lakh but above Rs.10,000/the cases should be reported to the local police station by the bank branch concerned. iii. All fraud cases of value below Rs.10,000 involving bank officials, should be referred to the Regional Head of the bank, who would scrutinize each case and direct the bank branch concerned on whether it should be reported to the local police station for further legal action. 6.3 Filing of Police complaint in case of fraudulent encashment of DDs/TTs/Pay Orders/Cheques/ Dividend Warrants, etc.
22
6.3.1 In case of frauds involving forged instruments, the paying banker has to file the police complaint and not the collecting banker. 6.3.2 However, in case of collection of instrument which is genuine but the amount collected fraudulently by a person who is not the owner, the collecting bank which is defrauded has to file a police complaint. 6.3.3 In case of collection of instruments where the amount has been credited before realisation and subsequently the instrument is found to be fake/forged and returned by the paying bank, it is the collecting bank who has to file a police complaint as they are at loss by paying the amount before realisation of the instrument. 6.3.4 In cases of collection of altered/fake cheque involving two or more branches of the same bank, the branch where the altered/fake instrument has been encashed, should file a Police complaint. 6.3.5 In the event of an altered/fake cheque having been paid/encashed involving two or more branches of a bank under CBS, the branch which has released the payment against a fraudulent withdrawal, should file a Police complaint.
23
3.8.. REPORTING CASES OF THEFT, BURGLARY, DACOITY AND BANK ROBBERIES
7.1 Banks should arrange to report by fax / e-mail instances of bank robberies, dacoities, thefts and burglaries to the following authorities immediately on their occurrence.
a. The Chief General Manager-in-Charge, Reserve Bank of India, Department of Banking Supervision, Central Office, Mumbai. b. Regional Office of the Department of Banking Supervision, Reserve Bank of India under whose jurisdiction the Head Office of the bank falls. c. Regional Office of Reserve Bank of India, Department of Banking Supervision, Reserve Bank of India, under whose jurisdiction the affected bank branch is located to enable the Regional Office to take up the issues regarding security arrangements in affected branch/es during the State Level Security Meetings with the concerned authorities (endorsements). d. The Security Adviser, Central Security Cell, Reserve Bank of India, Central Office Building, Mumbai – 400001. e. Ministry of Finance, Department of Economic Affairs, (Banking Division), Government of India, New Delhi The report should include details of modus operandi and other information as at columns 1 to 11 of FMR – 4 7.2 Banks should also submit to the Reserve Bank, Department of Banking Supervision, Central Office as well as the concerned Regional Office of the Reserve Bank under whose jurisdiction the bank’s Head Office is situated a quarterly consolidated statement in the format given in FMR – 4 covering all cases pertaining to the quarter. This may be submitted within 15 days of the end of the quarter to which it relates. 7.3 Banks which do not have any instances of theft, burglary, and / or robbery to report during the quarter, may submit a nil report
24
4. CREDIT CARDS FRAUDS Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a
transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft 4.1. Origins The fraud begins with either the theft of the physical card or the compromise of data associated with the account, including the card account number or other information that would routinely and necessarily be available to a merchant during a legitimate transaction. The compromise can occur by many common routes and can usually be conducted without tipping off the card holder, the merchant or the issuer, at least until the account is ultimately used for fraud. A simple example is that of a store clerk copying sales receipts for later use. The rapid growth of credit card use on the Internet has made database security lapses particularly costly; in some cases, millions of accounts have been compromised. Stolen cards can be reported quickly by cardholders, but a compromised account can be hoarded by a thief for weeks or months before any fraudulent use, making it difficult to identify the source of the compromise. The cardholder may not discover fraudulent use until receiving a billing statement, which may be delivered infrequently.
25
4.2. Stolen cards When a credit card is lost or stolen, it remains usable until the holder notifies the issuer that the card is lost. Most issuers have free 24-hour telephone numbers to encourage prompt reporting Still, it is possible for a thief to make unauthorized purchases on a card until it is canceled. Without other security measures, a thief could potentially purchase thousands of dollars in merchandise or services before the cardholder or the card issuer realize that the card is in the wrong hands. The only common security measure on all cards is a signature panel, but signatures are relatively easy to forge. Some merchants will demand to see a picture ID, such as a driver's license, to verify the identity of the purchaser, and some credit cards include the holder's picture on the card itself. However, the card holder has a right to refuse to show additional verification, and asking for such verification is usually a violation of the merchant's agreement with the credit card companies. Self-serve payment systems are common targets for stolen cards, as there is no way to verify the card holder's identity. A common countermeasure is to require the user to key in some identifying information, such as the user's ZIP or postal code. This method may deter casual theft of a card found alone, but if the card holder's wallet is stolen, it may be trivial for the thief to deduce the information by looking at other items in the wallet. For instance, a U.S. driver license commonly has the holder's home address and ZIP code printed on it. Visa Inc. offers merchants lower rates on transactions if the customer provides a zip code. In Europe, most cards are equipped with an EMV chip which requires a 4 digit PIN to be entered in to the merchants terminal before payment will be authorised. Requiring a customer's ZIP code is illegal in California where the state's 1971 law prohibits merchants from requesting or requiring a card-holder's "personal identification information" as a condition of accepting the card for payment. The California Supreme Court has ruled that the ZIP code qualifies as personal identification information because it is part of the cardholder's address. Companies face fines of $250–1000 for each violation. Requiring a "personal identification number" (PIN) may also be a violation.
26
Card issuers have several countermeasures, including sophisticated software that can, before a transaction is authorized, estimate the probability of fraud. For example, a large transaction occurring a great distance from the cardholder's home might seem suspicious. The merchant may be instructed to call the card issuer for verification, or to decline the transaction, or even to hold the card and refuse to return it to the customer. The customer must contact the issuer and prove who they are to get their card back (if it is not fraud and they are actually buying a product). 4.3. Identity theft Identity theft can be divided into two broad categories: Application fraud and account takeover. 4.3. 1 . Application fraud Application fraud happens when a criminal uses stolen or fake documents to open an account in someone else's name. Criminals may try to steal documents such as utility bills and bank statements to build up useful personal information. Or they may create counterfeit documents
4.3.2 . Account takeover Account takeover happens when a criminal tries to take over another person's account, first by gathering information about the intended victim, and then contacting their card issuer while impersonating the genuine cardholder, and asking for mail to be redirected to a new address. The criminal then reports the card lost and asks for a replacement to be sent. Some merchants added a new practice to protect their consumers and their own reputation, where they ask the buyer to send a photocopy of the physical card and statement to ensure the legitimate usage of a card.
27
4.4.Skimming Skimming is the theft of credit card information used in an otherwise legitimate transaction. It is typically an "inside job" by a dishonest employee of a legitimate merchant. The thief can procure a victim’s credit card number using basic methods such as photocopying receipts or more advanced methods such as using a small electronic device (skimmer) to swipe and store hundreds of victims’ credit card numbers. Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim's credit card out of their immediate view. The thief may also use a small keypad to unobtrusively transcribe the 3 or 4 digit Card Security Code which is not present on the magnetic strip. Call centers are another area where skimming can easily occur. Instances of skimming have been reported where the perpetrator has put a device over the card slot of an ATM (automated teller machine), which reads the magnetic strip as the user unknowingly passes their card through it. These devices are often used in conjunction with a miniature camera (inconspicuously attached to the ATM) to read the user's PIN at the same time. This method is being used very frequently in many parts of the world, including South America, e.g. in Argentina and Europe, e.g. in the Netherlands Another technique used is a keypad overlay that matches up with the buttons of the legitimate keypad below it and presses them when operated, but records or transmits the key log of the PIN entered by wireless. The device or group of devices illicitly installed on an ATM are also colloquially known as a "skimmer". Recently-made ATMs now often run a picture of what the slot and keypad are supposed to look like as a background, so that consumers can identify foreign devices attached. Skimming is difficult for the typical cardholder to detect, but given a large enough sample, it is fairly easy for the card issuer to detect. The issuer collects a list of all the cardholders who have complained about fraudulent transactions, and then uses data mining to discover
relationships among them and the merchants they use. For example, if many of the cardholders use a particular merchant, that merchant can be directly investigated. Sophisticated algorithms can also search for patterns of fraud. Merchants must ensure the physical security of their terminals, and penalties for merchants can be severe if they are compromised, ranging from large fines by the issuer to complete exclusion from the system, which can be a death blow to businesses such as restaurants where credit card transactions are the norm
28
5.. INTERNET FRAUDS Internet fraud refers to the use of internet services to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme. Internet fraud can occur in chat rooms, email, message boards or on websites. 5.1 .Purchase frauds Purchase fraud occurs when a criminal approaches a merchant and proposes a business transaction, and then uses fraudulent means to pay for it, such as a stolen or fake credit card. As a result, merchants do not get paid for the sale. Merchants who accept credit cards may receive a chargeback for the transaction and lose money as a result 5 .2. Online automotive fraud A fraudster posts a nonexistent vehicle for sale to a website, typically a luxury or sports car, advertised for well below its market value. The details of the vehicle, including photos and description, are typically lifted from sites such as eBay Motors or Autoscout24. An interested buyer, hopeful for a bargain, emails the fraudster, who responds saying the car is still available but is located overseas. The scam artist then instructs the victim to send a deposit via wire transfer to initiate the "shipping" process. The unwitting victim wires the funds, and subsequently discovers they have been scammed. In another type of fraud, a fraudster contacts someone who has posted a vehicle for sale online, asking for the vehicle identification number (VIN) in order to check the accident record of the vehicle. However, the crook actually uses the VIN to make fake documentation for a stolen car, in order to sell it.
29
5.3 PayPal Fraud In a collection in person PayPal scheme, the scammer targets eBay auctions that allow the purchaser to personally collect the item from the seller, rather than having the item shipped, and where the seller accepts PayPal as a means of payment. The fraudster uses a fake address with a post office box when making their bids, as PayPal will allow such an unconfirmed address. Such transactions are not covered by PayPal's seller protection policy. The fraudster buys the item, pays for it via PayPal, and then collects the item from the victim. The fraudster then challenges the sale, claiming a refund from PayPal and stating that they did not receive the item. PayPal's policy is that it will reverse a purchase transaction unless the seller can provide a shipment tracking number as proof of delivery; PayPal will not accept video evidence, a signed document, or any form of proof other than a tracking number as valid proof of delivery.This form of fraud can be avoided by only accepting cash from buyers who wish to collect goods in person. 5.4. Internet ticket fraud
A variation of Internet marketing fraud offers tickets to sought-after events such as concerts, shows, and sports events. The tickets are fake,or are never delivered. The proliferation of online ticket agencies, and the existence of experienced and dishonest ticket resellers, has fueled this kind of fraud. A prime example was the global Beijing Olympic Games ticket fraud run by US-registered exclusive Leisure and Hospitality, sold through a professionallydesigned website, www.beijingticketing.com, with the name "Beijing 2008 Ticketing". On 4 August it was reported that more than AU$50 million worth of fake tickets had been sold through the website. On 6 August it was reported that the person behind the scam, which was wholly based outside China, was a British ticket tout Terance Shepherd.
30
5..5. Click fraud Click fraud occurs when websites that are affiliates of advertising networks that pay per view or per click use spyware to force views or clicks to ads on their own websites. The affiliate is then paid a commission on the cost-per-click that was artificially generated. Affiliate programs such as Google's Adsense pay high commissions that drive the generation of bogus clicks this form of Internet fraud is on the increase 5..6. Friendly fraud Also known as friendly fraud chargeback, is a credit card industry term used to describe a consumer who makes an Internet purchase with his/her own credit card and then issues a chargeback through his/her card provider after receiving the goods or services. When a chargeback occurs, the merchant will always be responsible, regardless of what they did to verify the transaction. The challenge with friendly fraud is that there is no way to verify the authenticity of the transaction, which is in fact legitimate, because the consumer is the one that is not legitimate The online merchant that sells physical products can protect itself by requiring a signature upon delivery of goods. That signature, in addition to information gathered online, helps in the resolution of chargeback disputes. Also, the merchant can request the Card Security Code on the credit card to fight "Card absent environment" chargebacks. These are the three digit codes on the backs of Visa, Mastercard, and Discover cards, and the four digit code on the front of American Express cards 5 .7. Fraudulent Charge-Back schemes There is a class of email spam (usually sent to commercial / corporate email addresses) where the spammer makes an offer to purchase goods (usually not specifically identified) from a vendor. In the email, the spammer makes it clear that they intend to pay for the goods using a credit card. The spammer provides the shipping address for the goods, and requests a product and price-list from the vendor in the initial email. It has been speculated that this is some form of charge-back scheme, whereby the spammer is using a valid credit card but intends to request a charge-back to reverse the charge while at the same time retaining the goods that were shipped to them
31
6. FRAUDS AND ITS PREVENTIVE MEASURES
6 .1 SECURITY REGIME IN BANKING SYSTEM
Security implies sense of safety and of freedom from danger or anxiety. When a banker takes a collateral security, say in the form of gold or a title deed, against the money lent by him, he has a sense of safety and of freedom from anxiety about the possible non-payment of the loan by the borrower. These should be communicated to all strata of the organization through appropriate means. Before staff managers should analyze current practices. Security procedure should be stated explicitly and agreed upon by each user in the specific environment. Such practices ensure information security and enhance availability. Bank security is essentially a defense against unforced attacks by thieves, dacoits and burglars.
32
6..2 PHYSICAL SECURITY MEASURES-CONCEPT A large part of banks security depends on social security measures. Physical security measures can be defined as those specific and special protective or defensive measures adopted to deter, detect, delay, defend and defeat or to perform any one or more of these functions against culpable acts, both covert and covert and acclamations natural events. The protective or defensive, measures adopted involve construction, installation and deployment of structures, equipment and persons respectively. The following are few guidelines to check malpractices 1. To rotate the cash work within the staff. 2. One person should not continue on the same seat for more than two months. 3. Daybook should not be written by the Cashier where another person is available to the job 4. No cash withdrawal should be allowed within passbook in case of withdrawal by pay order. 5. The branch manager should ensure that all staff members have recorder their presence in the attendance registrar, before starting work. Execution of Documents 1. A bank officer must adopt a strict professional approach in the execution of documents. The ink and the pen used for the execution must be maintained uniformly. 2. Bank documents should not be typed on a typewriter for execution. These should be invariably handwritten for execution. 3. The execution should always be done in the presence of the officer responsible for obtain them, 4. The borrowers should be asked to sign in full signatures in same style throughout the documents.
33
5. Unless there is a specific requirement in the document, it should not be got attested or witnessed as such attestation may change the character of the instruments and the documents may subject to ad stamp duty. 6. The paper on which the bank documents are made should be a proof. It should be unique and available to the banks only. 7. The printing of the bank documents should have highly artistic intricate and complex graphics. 8. The documents executed between Banker and Borrowers must be kept in safe custody
6.3. BANKING FRAUD
Banking Fraud is posing threat to Indian Economy. Its vibrant effect can be understood be the fact that in the year 2004 number of Cyber Crime were 347 in India which rose to 481 in 2005 showing an increase of 38.5% while I.P.C. category crime stood at 302 in 2005 including 186 cases of cyber fraud and 68 cases cyber forgery. Thus it becomes very important that occurrence of such frauds should be minimized. More upsetting is the fact that such frauds are entering in Banking Sector as well.
34
In the present day, Global Scenario Banking System has acquired new dimensions. Banking did spread in India. Today, the banking system has entered into competitive markets in areas covering resource mobilization, human resource development, customer services and credit management as well. Indian’s banking system has several outstanding achievements to its credit, the most striking of which is its reach. In fact, Indian banks are now spread out into the remotest areas of our country. Indian banking, which was operating in a highly comfortable and protected environment till the beginning of 1990s, has been pushed into the choppy waters of intense competition. A sound banking system should possess three basic characteristics to protect depositor’s interest and public faith. These are (i) a fraud free culture, (ii) a time tested Best Practice Code, and (iii) an in house immediate grievance remedial system. All these conditions are their missing or extremely weak in India. Section 5(b) of the Banking Regulation Act, 1949 defines banking… “Banking is the accepting for the purpose of lending or investment, deposits of money from the purpose of lending or investment, deposits of money from the public, repayable on demand or otherwise and withdraw able by cheque, draft, order or otherwise”. But if his money has fraudulently been drawn from the bank the latter is under strict obligation to pay the depositor. The bank therefore has to ensure at all times that the money of the depositors is not drawn fraudulently. Time has come when the security aspects of the banks have to be dealt with on priority basis. The banking system in our country has been taking care of all segments of our socioeconomic set up. The Article contains a discussion on the rise of banking frauds and various methods that can be used to avoid such frauds. A bank fraud is a deliberate act of omission or commission by any person carried out in the course of banking transactions or in the books of accounts, resulting in wrongful gain to any person for a temporary period or otherwise, with or without any monetary loss to the bank. The relevant provisions of Indian Penal Code, Criminal Procedure Code, Indian Contract Act, and Negotiable Instruments Act relating to banking frauds has been cited in the present Article.
35
6.4.. LEGAL REGIME TO CONTROL BANK FRAUDS Frauds constitute white-collar crime, committed by unscrupulous persons deftly advantage of loopholes existing in systems procedures. The ideal situation is one there is no fraud, but taking ground realities of the nation’s environment and human nature’s fragility, an institution should always like to keep the overreach of frauds at the minimum occurrence level. Following are the relevant sections relating to Bank Frauds Indian Penal Code (45 of 1860) (a) Section 23 Wrongful gain.Wrongful gain is gain by unlawful means of property to which the person gaining is not legally entitled. (b) Wrongful loss Wrongful loss is the loss by unlawful means of property to which the person losing it is legally (c) Gaining wrongfully. Losing wrongfully-A person is said to gain wrongfully when such person retains wrongfully, as well as when such person acquires wrongfully. A person is said to lose wrongfully when such person is wrongfully kept out of any property, as well as when such person is wrongfully deprived of property. (d) Section 24. Dishonestly Whoever does anything with the intention of causing wrongful gain to one person or wrongful loss to another person, is said to do that thing dishonestly. entitled.
36
(e) Section 28. Counterfeit A person is said to counterfeit who causes one thing to resemble another thing, intending by means of that resemblance to practice deception, or knowing it to be likely that deception will thereby be practiced. BREACH OF TRUST 1. Section 408- Criminal breach of trust by clerk or servant. 2. Section 409- Criminal breach of trust by public servant, or by banker, merchant or agent. 3. Section 416- Cheating by personating 4. Section 419- Punishment for cheating by personation. OFFENCES RELATING TO DOCMENTS 1) Section 463-Forgery 2) Section 464 -Making a false document 3) Section 465- Punishment for forgery. 4) Section 467- Forgery of valuable security, will, etc 5) Section 468- Forgery for purpose of cheating 6) Section 469- Forgery for purpose of harming reputation 7) Section 470- Forged document. 8) Section 471- Using as genuine a forged document 9) Section 477- Fraudulent cancellation, destruction, etc., of will, authority to adopt, or valuable security. 10) Section 477A- Falsification of accounts
37
7. FRAUD -PREVENTION AND DETECTION A close study of any fraud in bank reveals many common basic features. There may have been negligence or dishonesty at some stage, on part of one or more of the bank employees. One of them may have colluded with the borrower. The bank official may have been putting up with the borrower’s sharp practices for a personal gain. The proper care which was expected of the staff, as custodians of banks interest may not have been taken. The bank’s rules and procedures laid down in the Manual instructions and the circulars may not have been observed or may have been deliberately ignored. Bank frauds are the failure of the banker. It does not mean that the external frauds do not defraud banks. But if the banker is upright and knows his job, the task of defrauder will become extremely difficult, if not possible. Detection of Frauds Despite all care and vigilance there may still be some frauds, though their number, periodicity and intensity may be considerably reduced. The following procedure would be very helpful if taken into consideration 1. All relevant data-papers, documents etc should be promptly collected. Original vouchers or other papers forming the basis of the investigation should be kept under lock and key. 2. All persons in the bank who may be knowing something about the time, place a modus operandi of the fraud should be examined and their statements should be recorded. 3. The probable order of events should thereafter be reconstructed by the officer, in his own mind. 4. It is advisable to keep the central office informed about the fraud and further developments in regard thereto.
38
7.1. RBI – REMEDIAL MEASURES In order to have uniformity in reporting cases of frauds, RBI considered the question of classification of bank frauds on the basis of the provisions of the IPC.
Given below are the Provisions and their Remedial measures that can be taken. 1. Cheating (Section 415, IPC) Remedial Measures. The preventive measures in respect of the cheating can be concentrated on cross-checking regarding identity, genuineness, verification of particulars, etc. in respect of various instruments as well as persons involved in encashment or dealing with the property of the bank. 2. Criminal misappropriation of property (Section 403 IPC). Remedial Measure Criminal misappropriation of property, presuppose the custody or control of funds or property, so subjected, with that of the person committing such frauds. Preventive measures, for this class of fraud should be taken at the level the custody or control of the funds or property of the bank generally vests. Such a measure should be sufficient, it is extended to these persons who are actually handling or having actual custody or control of the fund or movable properties of the bank. 3. Criminal breach of trust (Section 405, IPC) Remedial Measure Care should be taken from the initial step when a person comes to the bank. Care needs to be taken at the time of recruitment in bank as well.
39
4. Forgery (Section 463, IPC) Remedial Measure Both the prevention and detection of frauds through forgery are important for a bank. Forgery of signatures is the most frequent fraud in banking business. The bank should take special care when the instrument has been presented either bearer or order; in case a bank pays forged instrument he would be liable for the loss to the genuine costumer. 5. Falsification of accounts (Section 477A) Remedial Measure Proper diligence is required while filling of forms and accounts. The accounts should be rechecked on daily basis. 6. Theft (Section 378, IPC) Remedial Measures Encashment of stolen’ cheque can be prevented if the bank clearly specify the age, sex and two visible identify action marks on the body of the person traveler’s cheques on the back of the cheque leaf. This will help the paying bank to easily identify the cheque holder. Theft from lockers and safe deposit vaults are not easy to commit because the master-key remains with the banker and the individual key of the locker is handed over to the costumer with due acknowledgement. 7. Criminal conspiracy (Section 120 A, IPC) In the case of State of Andhra Pradesh v. IBS Prasad Rao and Other, the accused, who were clerks in a cooperative Central Bank were all convicted of the offences of cheating under Section 420 read along with Section 120 A. all the four accused had conspired together to defraud the bank by making false demand drafts and receipt vouchers.
40
8. Offences relating to currency notes and banks notes (Section 489A -489E ,IPC) These sections provide for the protection of currency-notes and bank notes from forgery. The offences under section are (a) Counterfeiting currency notes or banks. (b) Selling, buying or using as genuine, forged or counterfeit currency notes or bank notes. Knowing the same to be forged or counterfeit. (c) Possession of forged or counterfeit currency notes or bank-notes, knowing or counterfeit and intending to use the same as genuine. (d) Making or passing instruments or materials for forging or counterfeiting currency notes or banks. (e) Making or using documents resembling currency-notes or bank notes. Most of the above provisions are Cognizable Offences under Section 2(c) of the Code of Criminal Procedure, 1973. 7.2. PREVENTIVE MEASURES FOR CREDIT CARDS FRAUDS By merchants:
? ? ?
PAN truncation – not displaying the full number on receipts Tokenization (data security) – not storing the full number in computer systems Requesting additional information, such as a PIN, ZIP code, or Card Security Code
By card issuers:
?
Fraud detection and prevention software that analyzes patterns of normal and unusual behavior as well as individual transactions in order to flag likely fraud. Profiles include such information as IP address Fraud detection and response business processes such as:
? ?
Contacting the cardholder to request verification Placing preventative controls/holds on accounts which may have been victimized Blocking card until transactions are verified by cardholder
41
?
Investigating fraudulent activity
Strong Authentication measures such as:
?
Multi-factor Authentication, verifying that the account is being accessed by the cardholder through requirement of additional information such as account number, PIN, ZIP, challenge questions
?
Out-of-band Authentication, verifying that the transaction is being done by the cardholder through a "known" or "trusted" communication channel such as text message, phone call, or security token device
?
Industry collaboration and information sharing about known fraudsters and emerging threat vectors
By Governmental and Regulatory Bodies:
? ?
Enacting consumer protection laws related to card fraud of credit card issuers
Performing regular examinations and risk assessments
Publishing standards, guidance, and guidelines for protecting cardholder information and monitoring for fraudulent activity By cardholders:
? ?
Reporting lost or stolen cards Reviewing immediately charges regularly and reporting unauthorized transactions
? ?
Installing virus protection software on personal computers Using caution when using credit cards for online purchases, especially on nontrusted websites
42
7.3. Internet Fraud Preventive Measures
1. Never accept a cashier's check that is over the price of the item on sale. 2. Do not assume that because the bank has cashed the check for you, it is a legitimate check. Cashier checks take 30 days to determine if they are legitimate 3.Be more suspicious if you are requested to handle a transaction through a wire transfer. 4. Be aware of individuals posing as a representative of a client. 5. Call the seller to see if the number is correct and working 6. Reconsider doing business with individuals who are reluctant to answer your questions. 7. Take precautions when dealing with individuals/companies from outside your own country. 8. Watch out for individuals who only want to communicate via e-mail. 9 Try to obtain a physical address rather than merely a post office box and a phone number. 10. Make sure you are purchasing merchandise from a reputable source. 11 . Inquire about returns and warranties. 12. When purchasing a vehicle outside of your local area, consider utilizing an escrow or alternate payment service. 13. Don't give out your credit card number(s) online unless the site is a secure and trusted site. Sometimes a tiny icon of a padlock appears to symbolize a higher level of security to transmit data. 14. Before using the site, check out the security/encryption software it uses.
43
15. Make sure the transaction is secure when you electronically send your credit card numbers. Email the seller to see if they have an active email address and be wary of sellers who use free email services, such as yahoo.com. 16. Check with the Better Business Bureau from the seller's area. 17. Check out other web sites regarding this person/company. 18. Be guarded when responding to special offers (especially through unsolicited email) 19. The safest way to purchase items via the Internet is by credit card because you can often dispute the charges if something is wrong. 20. You should also keep a list of all your credit cards and account information along with the card issuer's contact information. If anything looks suspicious or you lose your credit card(s) you should contact the card issuer immediately.
44
8.. METHODS TO OVERCOME THE FRAUDS 8.1 EMV
EMV stands for Europay, MasterCard and VISA, a global standard for inter-operation of integrated circuit cards (IC cards or "chip cards") and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions. It is a joint effort between Europay, MasterCard and Visa to ensure security and global interoperability so that Visa and MasterCard cards can continue to be accepted everywhere. Europay International SA was absorbed into MasterCard in 2002. IC card systems based on EMV are being phased in across the world, under names such as "IC Credit" and "Chip and PIN". The EMV standards define the interaction at the physical, electrical, data and application levels between IC cards and IC card processing devices for financial transactions. There are standards based on ISO/IEC 7816 for contact cards, and standards based on ISO/IEC 14443 for contactless cards.
45
EMV was designed to allow cards and terminals to be backwardly compatible with these standards. France has since migrated all its card and terminal infrastructure to EMV. The most widely known chip card implementations of EMV standard are:
? ? ? ?
VSDC - VISA M Chip - MasterCard AEIPS - American Express J Smart - JCB
Visa and MasterCard have also developed standards for using EMV cards in devices to support card-not-present transactions over the telephone and Internet. MasterCard has the Chip Authentication Program (CAP) for secure e-commerce. Its implementation is known as EMV-CAP and supports a number of modes. Visa has the Dynamic Password Authentication (DPA) scheme, which is their implementation of CAP using different default values. In February 2010 computer scientists from Cambridge University demonstrated that an implementation of EMV PIN entry is vulnerable to a man-in-the-middle attack; however, the way PINs are processed depends on the capabilities of the card and the terminal. This attack is not a general weakness, but it does show that attacks are possible depending on the implementation.
8.2. 3-D Secure
3-D Secure is an XML-based protocol used as an added layer of security for online credit and debit card transactions. It was developed by Visa to improve the security of Internet payments and offered to customers as the Verified by Visa service. Services based on the protocol have also been adopted by MasterCard, under the name MasterCard SecureCode.3-D Secure adds another authentication step for online payments. 3-D Secure should not be confused with the Card Security Code which is a short numeric code that is printed on the card.
46
The basic concept of the protocol is to tie the financial authorization process with an online authentication. This authentication is based on a three domain model (hence the 3-D in the name). The three domains are:
? ? ?
Acquirer Domain (the merchant and the bank to which money is being paid). Issuer Domain (the bank which issued the card being used). Interoperability Domain (the infrastructure provided by the credit card scheme to support the 3-D Secure protocol).
The protocol uses XML messages sent over SSL connections with client authentication (this ensures the authenticity of both peers, the server and the client, using digital certificates). A transaction using Verified by Visa/Secure Code will initiate a redirect to the website of the card issuing bank to authorize the transaction. Each issuer could use any kind of authentication method (the protocol does not cover this) but typically, a password-based method is used, so to effectively buy on the Internet means using a secret password tied to the card. The Verified by Visa protocol recommends the bank's verification page to load in an inline frame session. In this way, the bank's systems can be held responsible for most security breaches. In order for a Visa or MasterCard member bank to use the service, the bank has to operate compliant software that supports the latest protocol specifications. Once compliant software is installed, the member bank will perform product integration testing with the payment system server before it rolls out the system. ACS providers In 3-D Secure protocol, ACS (Access Control Server) is on the issuer side (banks). Currently, most banks outsource ACS to a third party. Commonly, the buyer's web browser shows the domain name of the ACS provider, rather than banks' domain name, however this is not required by the protocol. Dependent on the ACS provider, it is possible to specify a bank owned domain name for use by the ACS.
47
MPI providers Each 3-D secure transaction involves two simple internet request/response pairs: VEReq/VERes and PAReq/PARes. Visa and MasterCard don't license merchants for sending requests to their servers. They isolate their servers by licensing software providers which are called MPI (merchant plug-in) providers. Merchants
The advantage for merchants is the reduction of "unauthorized transaction" chargebacks. The disadvantage for merchants is that they have to purchase MPI to connect to the Visa/MasterCard Directory Server. This is expensive (setup fee, monthly fee and pertransaction fee); at the same time it represents additional revenue for MPI providers. Supporting 3-D Secure is complicated and, at times, creates transaction failures. Buyers/credit card holders The main advantage for cardholders is that there is a decreased risk of other people being able to use their payment cards fraudulently on the Internet. In most current implementations of 3-D Secure, the issuing bank or its ACS provider prompts the buyer for a password that is known only to the bank/ACS provider and the buyer. Since the merchant does not know this password and is not responsible for capturing it, it can be used by the issuing bank as evidence that the purchaser is indeed their cardholder. This decreases risk in two ways: 1. Copying card details, either by writing down the numbers on the card itself or by way of modified terminals or ATMs, does not result in the ability to purchase over the Internet because of the additional password, which is not stored on or written on the card. 2. Since the merchant does not capture the password, there is a reduced risk from security incidents at online merchants; while an incident may still result in hackers obtaining other card details, there is no way for them to get the associated password.
48
In spite of the prevalence of password-based implementations, 3-D Secure does not require the use of password authentication, and it is perfectly possible to use it in conjunction with smart card readers, security tokens and the like. These types of devices may provide a better user experience for customers as they free the purchaser from having to use a secure password. Some issuers are now using such devices as part of the Chip Authentication Program or Dynamic Passcode Authentication schemes. One significant disadvantage is that cardholders may see their browser connect to unfamiliar domain names as a result of some vendors' MPI implementations and the use of outsourced ACS implementations by issuing banks, which may make it easier to perform phishing attacks on cardholders. Proactive fraud monitoring for banks in India Financial institutions today should adopt a proactive, intelligence-led approach to manage fraud risk. A team can assist you in identifying, assessing and improving
fraud monitoring process and system to tackle the unique risks faced by companies. Buying an off-the-shelf system may not equip the bank with the most effective technical paraphernalia or strategic methods to deal with frauds. Selecting the right framework and a seamless integration of bank systems with the fraud monitoring system is integral to safeguard business and customer interests. Why is fraud monitoring imperative?
?
According to RBI-released data, banking-related frauds have doubled in the five-year period between 2004 and 2009.
?
In 2009, the total number of bank frauds was recorded at 23,914, amounting to a loss of INR18.83 billion, where less than 1% of the fraud cases amounted to INR10 million each or even more.
? ?
The last reported count of online fraud cases was 269, amounting to INR590 million. With acquisitions and expansions spurring the growth in size and customer base, banks are witnessing a substantial rise in the numbers and complexity of fraud scenarios. As such, there is a stringent need for robust monitoring.
49
?
The regulator has directed financial institutions to continuously monitor transactions and establish an integrated fraud risk management framework.
?
There is an increasing need to identify early warning signals to capture frauds close to their occurrence.
?
A centralized framework can address fraud risks associated with various business units and products and provide insights to stakeholders to take preventive action at the right time.
?
This also eliminates uncertainty around losses due to fraud and helps the management have a more focused strategy to address fraud-related risks.
What should a company consider while evaluating a “fraud management”strategy?
?
How well do existing fraud identification and monitoring methods control current and emerging risks and are they commensurate with the size/operations of the organization?
? ? ?
How effective have they been in preventing frauds before/at occurrence? What is the vision for fraud monitoring in the next five years to overcome challenges? How responsive are they to new threats and how quickly can they be adapted to detect new fraud patterns?
?
Do they allow the management to make changes to detection rules without the need for the involvement of IT ?
50
9. REVIEW OF LITERATURE THE TIMES OF INDIA, NEW DELHI, FEBRUARY 28, 2011 | UPDATED 09:17 Banks lost Rs. 2,289 crores in scams The recent Rs. 300-crore scam in the Gurgaon branch of Citi Bank is a pointer to a
disturbing trend: the steady rise in the number of banks falling prey to such frauds.
According to the data compiled by the Reserve Bank of India (RBI), the money lost to such scams has doubled in the past four years. In the current financial year, banks lost Rs. 2,289 crore (till December), while the loss was Rs. 1,057 crores in 2007-08.
It's the state-of-the-art private banks, including foreign banks, that appear to be more prone to such frauds. The public sector banks, with their massive presence across the country, also reported an annual average of more than 3,000 cases of frauds and cheating during the past four years. Their better equipped counterparts in the private sector reported almost five times the number of cases.
ICICI Bank alone accounted for almost half of the total scams reported to the RBI. Of the total 21,244 cases reported in 2007-08, a whopping 10,976 were from ICICI. Similarly, in 2008-09, ICICI reported 13,221 of the total 23, 579cases. The bank reported 15,074 of the total 24,788 fraud cases in 2009-10.
51
The second highest number of cases were reported by HSBC (3,770, 3,481, 2,741, 2028); followed by Citi Bank (1,647, 1,182, 1,277, 666); American Express banking (499, 703, 817, 637) and the distant fourth was State Bank of India (561, 745, 545, 615) during the past four financial years - 2007-08, 2008-09, 2009-10, 2010-11 respectively. The figures for the current fiscal are till December, 2010. Maharashtra, with Mumbai being the country's financial capital, reported the maximum number Delhi of was fraud second cases: with (1,006 349 in 2009-10 in and 1,045 and 338 in in 2010-11). 2010-11.
cases
2009-10
Union minister of state for finance Namo Narain Meena presented these figures in the Lok Sabha on Friday. The data has thrown up interesting trends in not just scams and frauds but also the way banks were being targeted by robbers and thieves. Punjab reported the maximum number of dacoity and ATM thefts, followed by Uttar Pradesh and Haryana.State Bank of India appeared to be the favourite for thieves and burglars.
SBI reported 114 such cases in 2009-10 and 79 this year, followed by State bank of Patiala 41 and 39 respectively. Overall, 582 cases were reported across the country in 2009-10 that resulted in a loss of Rs. 21.22 crore, while a recovery of Rs. 6.67 crore could be only made. This year's figure stands at 392 cases, Rs. 16.17 crore loss and Rs. 4.98 crore recoveries. More frauds and shocking loss1,045 bank fraud cases reported by Maharashtra reported in 2010-11. 338 such cases were reported in Delhi in 2010-11 .545 cases reported by SBI highest by a public sector bank in 2009-10 .15,074 cases reported by ICICI in 2009-10 highest by a private bank.2,741 frauds reported by HSBC in 2009-10 - highest by a foreign bank. 2,764 cases reported by public Sector banks in 2010-11 (till Dec).
Rs. 1,497 cr Loss incurred by public Sector banks in 2010-11 (till Dec) .9,175 cases reported by private banks in 2010-11. Rs. 307 cr Loss to private banks in 2010-11.Robberies/thefts Rs. 96 lakh Loss reported by banks in Punjab in 2009-10 because of 81 cases Rs. 21.22 cr Loss reported by banks in across the country in 2009-10 Rs. 16.17 crores . Loss reported by banks in the country in 2010-11 (till date )
52
9 .1. REVIEW OF LITERATURE CIC tells CBI to release Chatwal discharge reports THE TIMES OF INDIA , May 12, 2011, 06.01am IST NEW DELHI: The Central Information Commission has directed CBI to make public reports related to discharge of US-based hotelier and Padma awardee Sant Singh Chatwal from cases of alleged bank fraud. The CBI had refused to share information about the closing of alleged bank fraud cases against Chatwal saying two cases, "interconnected" with the closed cases, were still pending in court and disclosing these reports might adversely affect the prosecution. When the matter reached the commission, RTI applicant Krishnanand Tripathi argued that there was no investigation underway in the cases against Chatwal so the information be disclosed He also alleged that the CBI was "deliberately" trying to suppress information about a "high profile NRI hotelier" as the copy of chargesheet and orders of court were public documents. "A very peculiar claim was made that though the two cases for which information was being sought have been discharged, there are two other fraud cases which are being pursued in which some of the bank officers are the same. No evidence has been given as to how giving the information would impede the prosecution of offenders," information commissioner Shailesh Gandhi pointed out. The CBI had registered, between 1992 and 1994, five cases against Chatwal and some bank officials for allegedly conniving with the intention of defrauding Bank of Baroda and Bank of India. Three of these cases against Chatwal, who received Padma Bhushan last year, were closed by CBI during the tenure of the then directors Vijay Shanker and Ashwani Kumar while chargesheets were filed by the agency in two cases before the court of special judge, CBI, Mumbai. In these two cases, the court discharged Chatwal.
53
In his application, Tripathi had sought copies of chargesheets against Chatwal, copies of judgments delivered in the cases, recommendations made by legal and investigating officers after he was exonerated, advice given by director of prosecution and final observations and decisions made by the then CBI directors. Gandhi said Section 8(1) (h) of the RTI Act cited by the agency exempts disclosure of information which could impede the process of investigation, apprehension, or prosecution. "No claim has been made that any investigation is continuing, and the fact that some bank officers (who were also accused in the cases) are being prosecuted in two other matters cannot justify refusal to give information in the matters relating to Sant Singh Chatwal," Gandhi said. "Frivolously refusing information by claiming one of the 10 exemptions in Section 8(1) without giving explanation is an unwarranted denial of citizens' fundamental right. No proper explanation has been given for denying the information," he said while directing the CBI to provide information by May 31. He also issued showcause notice to CBI official for not providing timely information
54
9.2. REVIEW OF LITERATURE Top all time bank frauds 21 Sep, 2011, 0747 hrs IST, Sugata Ghosh , ET Bureau The UBS rogue trader was no different. Here’s a list of top all-time bank frauds that proves no bank(fraud)ster, including the UBS rogue trader, works in a vacuum. His story like several others is hot material for another bestseller and, perhaps, a Hollywood blockbuster I am sure it didn’t happen in a day. The guy must have been either hiding old losses or propping up performance numbers,” said a banker who has spent years in dealing rooms of MNC banks. Every deal cut in the trading room flows back to the back office for processing; only after that banks can settle with counterparties. Then, how do traders beat the system? Some create a secret dealing portfolio that is not mapped to the bank’s risk assessment engine. It’s easier for a rogue trader who has worked in the back office. He may team up with someone in the back office to mask the trades and open positions. Smart traders have their way around. If they keep a straight face and don’t invite a surprise audit , the game can go on for days. Some take monumental risks: Think of a trader who picks up the phone or keys in trades, but don’t put the deals in the bank’s book. If the bets backfire , he will be caught in no time. T he counterparty will ask the bank for money. If the bank says it knows nothing about the trades, it will fish out proofs. But markets behave, this too can go on for some time. Corners are cut when a large bank enters a country and tries to fit its global technology on the local platform. “In the process, certain controls are compromised ,” said another banker. Only big losses make news. Traders often hide smaller losses. Particularly, those dealing in complex structured products that have no single valuation. The bid and offer price gap is wide enough for the trader to pick a convenient valuation that appears on the books. A trader dealing in exchange traded funds may not have access to currency market. “But he can jump the hurdle by trading through the account of a colleague who is authorised to trade in currencies,” said the banker. Structured product desks have an advantage. Such exotic stuffs are often combinations of multiple currencies , interest rates or stocks; traders here have access to different asset classes. Big losses can happen with small amount money, thanks to the leverage. With $1 million, a trader can lose $50 million. One thing is clear: no bank is safe, and a trader who is willing to take big risks can beat any system.
55
TIME LINE 1960s Frank William Abagnale, Jr . $2.5million various banks. An American security agent who passed $2.5 million worth of forged checks across 26 countries over 5 years
1982 Roberto Calvi (Vatican’s God Bankers) $1.3billion, Banco Ambrosiano An advisor to the Vatican, Calvi headed the Italian bank, which collapsed following bad loans made to dummy companies in Latin America 1995 Nicholas (Nik) Leeson £208million, Barings Bank Leeson is a former derivatives broker whose fraudulent, unauthorised speculative trading caused the collapse of Barings Bank, UK’s oldest investment bank
Toshihide Iguchi £1.1billion, Daiwa Bank Japan’s Daiwa Bank suffered a US$1.1 billion loss from unauthorised bond trading by Toshihide Iguchi, one of its executives in the US 2002 John Rusnak $691million, Allfirst Bank Rusnak was a former currency trader at Allfirst bank in Baltimore. He hid $691 million worth bad bets that snowballed into a major bank fraud
2004 Wang Liming & Miao Ping $2.4million, China Construction Bank Wang Liming, a former accounting officer with the China Construction Bank in Henan, stole 20 million yuan from the bank using fraudulent papers. Ping was an accomplice
56
2006 Vince Facarra A$360million, National Australia Bank Foreign exchange options dealer at National Australia Bank Vince Ficarra, along with colleague David Bullen, defarauded NAB A$360 million by making false trades to safeguard bonuses and hide losses
2007 Internet Fraudsters $1.1million, Nordea Bank Fraud Internet fraudsters siphoned off $1.1m from account holders at Swedish bank Nordea by using a Trojan program from 250 accounts after obtaining login details
2008 Jerome Kerviel £4.9billion, Societe Generale Kerviel, a French trader’s unauthorised use of bank Societe Generale’s computers resulted in losses valued at £4.9 billion
2010 Shivraj Puri Rs 400 crore, Citibank, Gurgaon Funds of 20 high networth customers of Citibank’s Gurgaon branch was allegedly siphoned off by Puri, a bank executive
2011 Kweku Adoboli $2 billion, UBS, Bank A trader with UBS's investment bank caused his bank a $2 billion loss from illegal trading in its London equities unit
57
58
10 . CONCLUSION
The banking system is known to be one of the most rigorously regulated sectors and the strict observance of internal norms would make fraud difficult to operate, if not impossible. Only bank professionals can detect potential weaknesses of internal norms and they are usually not involved in fraud issues, because, apart from their professional training, they also have a clearly positive attitude bigger problem for the individual or their workplace . ? Access the alerts for the latest on stolen checks ? The Internet has made it cheap and easy for criminals around the globe to attempt to trick individuals into revealing confidential information (such as credit card numbers, bank account data, social security numbers and more), as well as deceive computer users into clicking on links or attachments that will compromise the security of their computers and the information stored on them ? Educate yourself about these scams so that you don't fall victim to them ? Assess and appraise the different consequences of credit card data leakage and an insecure data transmission environment ? Understand the process of credit card transaction from start to finish and how to implement and maintain cardholder data security. ? Be able to recognize and intervene in possible data vulnerabilities before it gets leaked or becomes a much ? Lack of controls, absence of management review, and override of existing controls were the three most commonly cited factors that allowed fraud schemes to succeed. ? Reduce the Situational Pressures that Encourage Financial Statement Fraud ? Avoid setting unachievable financial goals. ? Eliminate external pressures that might tempt accounting personnel to prepare fraudulent financial statements. ? Remove operational obstacles blocking effective financial performance such as working capital restraints, excess production volume, or inventory restraints. ? Establish clear and uniform accounting procedures with no exception clauses.
59
? Reduce the Opportunity to Commit Fraud ? Maintain accurate and complete internal accounting records. ? Carefully monitor the business transactions and interpersonal relationships. ? Establish a physical security system to secure company assets. ? Divide important functions between employees, separating total control of one area. ? Maintain accurate personnel records including background checks on new employees. ? Encourage strong supervisory and leadership relationships within groups to ensure enforcement of procedures.
? Reduce the Rationalization of Fraud – Strengthen Employee Personal Integrity ? Managers should set an example by promoting honesty in the accounting area. It is important that management practice what they preach. ? Honest and dishonest behavior should be defined in company policies. ? Consequences for violating rules should be clear.
? Fraud reporting mechanisms are a critical component of an effective fraud prevention and detection system.
? Organizations should implement hotlines to receive tips from both internal and external sources. Such reporting mechanisms should allow anonymity and confidentiality and employees should be encouraged to report suspicious activity without fear of reprisal.
60
? Do not rely on audits
? Organizations tend to over-rely on audits. External audits were the control mechanism most widely used by the victims in this survey, but they ranked comparatively poorly in both detecting fraud and limiting losses due to fraud.
? Audits are clearly important and can have a strong preventative effect on fraudulent behavior, but they should not be relied upon exclusively for fraud detection.
FRAUD PREVENTION IT’S YOUR MONEY KEEP IT
61
11.. BIBILOGRAPHY
Economic Times Times of India
WWW.GOOGLE.COM WWW.SLIDESHARE.NET WWW.SCRIBD.COM
62
doc_876755693.docx
1
1.1. EVOLUTION OF BANKING SYSTEM
Banking system occupies an important place in a nation’s economy. A banking institution is indispensable in a modern society. It plays a pivotal role in economic development of a country and forms the core of the money market in an advanced country. Banking industry in India has traversed a long way to assume its present stature. It has undergone a major structural transformation after the nationalization of 14 major commercial banks in 1969 and 6 more on 15 April 1980. The Indian banking system is unique and perhaps has no parallels in the banking history of any country in the world
2
2. WHAT IS FRAUD ? Fraud is defined as any behaviour by which one person intends to gain a dishonest advantage over another. In other words , fraud is an act or omission which is intended to cause wrongful gain to one person and wrongful loss to the other, either by way of concealment of facts or otherwise. Fraud is defined us 421 of the Indian Penal Code and us 17 of the Indian Contract Act. Thus essential elements of frauds are 1. There must be a representation and assertion; 2. It must relate to a fact; 3. It must be with the knowledge that it is false or without 4. It must induce another to act upon the assertion in Question or to do or not to 2.1. FRAUDS IN BANK – CONCEPTS Banks are the engines that drive the operations in the financial sector, which is vital for the economy. With the nationalization of banks in 1969, they also have emerged as engines for social change. After Independence, the banks have passed through three stages. They have moved from the character based lending to ideology based lending to today competitiveness based lending in the context of India’s economic liberalization policies and the process of linking with the global economy. While the operations of the bank have become increasingly significant banking frauds in banks are also increasing and fraudsters are becoming more and more sophisticated and ingenious. In a bid to keep pace with the changing times, the banking sector has diversified it’s business manifold. And the old philosophy of class banking has been replaced by mass banking. The challenge in management of social responsibility with economic viability has increased. belief in its truth; and
3
2.2
FRAUD IN BANKS
Losses sustained by banks as a result of frauds exceed the losses due to robbery, burglary and theft-all put together. Unauthorized credit facilities are extended for illegal gratification such as case credit allowed against pledge of goods, hypothecation of goods against bills or against book debts. Common modus operandi are, pledging of spurious goods, inletting the value of goods, hypothecating goods to more than one bank, fraudulent removal of goods with the knowledge and connivance of in negligence of bank staff, pledging of goods belonging to a third party. Goods hypothecated to a bank are found to contain obsolete stocks packed in between goods stocks and case of shortage in weight is not uncommon. An analysis made of cases brings out broadly the under mentioned four major elements responsible for the commission of frauds in banks. 1. Active involvement of the staff-both supervisor and clerical either independent of external elements or in connivance with outsiders. 2. Failure on the part of the bank staff to follow meticulously laid down instructions and guidelines. 3. External elements perpetuating frauds on banks by forgeries or manipulations of cheques, drafts and other instruments. 4. There has been a growing collusion between business, top banks executives, civil servants and politicians in power to defraud the banks, by getting the rules bent, regulations flouted and banking norms thrown to the winds.
4
2.3. FRAUDS IN DIFFERENT AREAS OF BANKS Savings Bank Accounts The following are some of the examples being played in respect of savings bank accounts (a) Cheques bearing the forged signatures of depositors may be presented and paid. (b) Specimen signatures of the depositors may be changed, particularly after the death of depositors, (c) Dormant accounts may be operated by dishonest persons with or without collusion of bank employees, and (d) Unauthorized withdrawals from customer’s accounts by employee of the bank maintaining the savings ledger and later destruction of the recent vouchers by them. Current Account Fraud The following types are likely to be committed in case of current accounts. (a) Opening of frauds in the names of limited companies or firms by unauthorized persons; (b) Presentation and payment of cheques bearing forged signatures; (c) Breach of trust by the employees of the companies or firms possessing cheque leaves duly signed by the authorized signatures; (d) Fraudulent alteration of the amount of the cheques and getting it paid either at the counter or though another bank. Frauds In Case Of Advances Following types may be committed in respect of advances (a) Spurious gold ornaments may be pledged. (b) Sub-standard goods may be pledged with the bank or their value may be shown at inflated figures.
5
3. RESERVE BANK OF INDIA
Establishment The Reserve Bank of India was established on April 1, 1935 in accordance with the provisions of the Reserve Bank of India Act, 1934. The Central Office of the Reserve Bank was initially established in Calcutta but was permanently moved to Mumbai in 1937. The Central Office is where the Governor sits and where policies are formulated. Though originally privately owned, since nationalisation in 1949, the Reserve Bank is fully owned by the Government of India. Preamble The Preamble of the Reserve Bank of India describes the basic functions of the Reserve Bank as: "...to regulate the issue of Bank Notes and keeping of reserves with a view to securing monetary stability in India and generally to operate the currency and credit system of the country to its advantage." Central Board The Reserve Bank's affairs are governed by a central board of directors. The board is appointed by the Government of India in keeping with the Reserve Bank of India Act.
6
? ?
Appointed/nominated for a period of four years Constitution:
o
Official Directors
?
Full-time : Governor and not more than four Deputy Governors
o
Non-Official Directors
?
Nominated by Government: ten Directors from various fields and one government Official
?
Others: four Directors - one each from four local boards
Functions : General superintendence and direction of the Bank's affairs Financial Supervision The Reserve Bank of India performs this function under the guidance of the Board for Financial Supervision (BFS). The Board was constituted in November 1994 as a committee of the Central Board of Directors of the Reserve Bank of India. Objective Primary objective of BFS is to undertake consolidated supervision of the financial sector comprising commercial banks, financial institutions and non-banking finance companies. Constitution The Board is constituted by co-opting four Directors from the Central Board as members for a term of two years and is chaired by the Governor. The Deputy Governors of the Reserve Bank are ex-officio members. One Deputy Governor, usually, the Deputy Governor in charge of banking regulation and supervision, is nominated as the Vice-Chairman of the Board. BFS meetings The Board is required to meet normally once every month. It considers inspection reports and other supervisory issues placed before it by the supervisory departments.
7
BFS through the Audit Sub-Committee also aims at upgrading the quality of the statutory audit and internal audit functions in banks and financial institutions. The audit sub-committee includes Deputy Governor as the chairman and two Directors of the Central Board as members. The BFS oversees the functioning of Department of Banking Supervision (DBS), Department of Non-Banking Supervision (DNBS) and Financial Institutions Division (FID) and gives directions on the regulatory and supervisory issues. Functions Some of the initiatives taken by BFS include: i. ii. iii. iv. restructuring of the system of bank inspections introduction of off-site surveillance, strengthening of the role of statutory auditors and strengthening of the internal defences of supervised institutions.
The Audit Sub-committee of BFS has reviewed the current system of concurrent audit, norms of empanelment and appointment of statutory auditors, the quality and coverage of statutory audit reports, and the important issue of greater transparency and disclosure in the published accounts of supervised institutions. Current Focus
? ? ? ? ?
supervision of financial institutions consolidated accounting legal issues in bank frauds divergence in assessments of non-performing assets and supervisory rating model for banks. Legal Framework
Umbrella Acts
? ?
Reserve Bank of India Act, 1934: governs the Reserve Bank functions Banking Regulation Act, 1949: governs the financial sector
8
Acts governing specific functions
?
Public Debt Act, 1944/Government Securities Act (Proposed): Governs government debt market
? ? ?
Securities Contract (Regulation) Act, 1956: Regulates government securities market Indian Coinage Act, 1906:Governs currency and coins Foreign Exchange Regulation Act, 1973/Foreign Exchange Management Act, 1999: Governs trade and foreign exchange market
?
"Payment and Settlement Systems Act, 2007: Provides for regulation and supervision of payment systems in India"
Acts governing Banking Operations
? ?
Companies Act, 1956:Governs banks as companies Banking Companies (Acquisition and Transfer of Undertakings) Act, 1970/1980: Relates to nationalisation of banks
? ? ?
Bankers' Books Evidence Act Banking Secrecy Act Negotiable Instruments Act, 1881
Acts governing Individual Institutions
? ? ? ? ? ?
State Bank of India Act, 1954 The Industrial Development Bank (Transfer of Undertaking and Repeal) Act, 2003 The Industrial Finance Corporation (Transfer of Undertaking and Repeal) Act, 1993 National Bank for Agriculture and Rural Development Act National Housing Bank Act Deposit Insurance and Credit Guarantee Corporation Act
9
Main Functions Monetary Authority:
? ?
Formulates, implements and monitors the monetary policy. Objective: maintaining price stability and ensuring adequate flow of credit to productive sectors. Regulator and supervisor of the financial system:
?
Prescribes broad parameters of banking operations within which the country's banking and financial system functions.
?
Objective: maintain public confidence in the system, protect depositors' interest and provide cost-effective banking services to the public. Manager of Foreign Exchange
? ?
Manages the Foreign Exchange Management Act, 1999. Objective: to facilitate external trade and payment and promote orderly development and maintenance of foreign exchange market in India. Issuer of currency:
? ?
Issues and exchanges or destroys currency and coins not fit for circulation. Objective: to give the public adequate quantity of supplies of currency notes and coins and in good quality. Developmental role
?
Performs a wide range of promotional functions to support national objectives. Related Functions
?
Banker to the Government: performs merchant banking function for the central and the state governments; also acts as their banker.
?
Banker to banks: maintains banking accounts of all scheduled banks.
10
Offices
?
Has 22 regional offices, most of them in state capitals. Training Establishments
Has six training establishments
?
Three, namely, College of Agricultural Banking, Bankers Training College and Reserve Bank of India Staff College are part of the Reserve Bank
?
Others are autonomous, such as, National Institute for Bank Management, Indira Gandhi Institute for Development Research (IGIDR), Institute for Development and Research in Banking Technology (IDRBT) 3.1. FUNCTION OF RBI IN FRAUDS
1.1 Incidence of frauds, robberies, etc., in banks is a matter of concern. While the primary responsibility for preventing frauds lies with banks themselves, the Reserve Bank of India (RBI) has been advising banks from time to time about the major fraud prone areas and the safeguards necessary for prevention of frauds. The Reserve Bank has also been circulating to banks, the details of frauds of an ingenious nature, not reported earlier so that banks could introduce necessary safeguards / preventive measures by way of appropriate procedures and internal checks. Banks are also being advised about the details of unscrupulous borrowers and related parties who have perpetrated frauds on banks so that banks could exercise caution while dealing with them. To facilitate this ongoing process, it is essential that banks report to RBI complete information about frauds and the follow-up action taken thereon. Banks may, therefore, adopt the reporting system for frauds as prescribed in following paragraphs. 1.2 The Chief Executive Officers (CEOs) of the banks must provide singular focus on the "Fraud Prevention and Management Function" to enable, among others, effective investigation in fraud cases and prompt as well as accurate reporting of fraud cases to appropriate regulatory and law enforcement authorities including Reserve Bank of India. 1.3 The fraud risk management, fraud monitoring and fraud investigation function must be owned by the bank's CEO, its Audit Committee of the Board and the Special Committee of the Board, at least in respect of high value frauds.
11
1.4 Banks may, with the approval of their respective Boards, frame internal policy for fraud risk management and fraud investigation function, based on the governance standards relating to the ownership of the function and accountability for malfunctioning of the fraud risk management process in their banks. The broad governance framework dictated by the above standard for ownership and accountability may rest on defined and dedicated organizational set up and operating processes. 1.5 A reference is invited as regards reporting of frauds involving Rs. 1.00 crore and above to Special Committee of the Board. 1.6 It has been observed that frauds are, at times, detected in banks long after their perpetration. Sometimes, fraud reports are also submitted to RBI with considerable delay and without complete information. On some occasions, RBI comes to know about frauds involving large amounts only through press reports. Banks should, therefore, ensure that the reporting system is suitably streamlined so that frauds are reported without any delay. Banks must fix staff accountability in respect of delays in reporting fraud cases to RBI. 1.7 Delay in reporting of frauds and the consequent delay in alerting other banks about the modus operandi and issue of caution advices against unscrupulous borrowers could result in similar frauds being perpetrated elsewhere. Banks may, therefore, strictly adhere to the timeframe fixed in this circular for reporting fraud cases to RBI failing which banks would be liable for penal action prescribed under Section 47(A) of the Banking Regulation Act, 1949. 1.8 A software package on 'Frauds Reporting and Monitoring System' was supplied to banks in June 2003 and subsequent revisions carried out in the above package were advised to banks vide RBI Circular . Banks are required to send the returns and data, as prescribed, in soft copy only (except in case of return which is required to be submitted both in hard and soft copies) to RBI Central Office as well as the concerned Regional Office of the Department of Banking Supervision under whose jurisdiction the bank's Head Office is situated. 1.9 Banks should specifically nominate an official of the rank of General Manager who will be responsible for submitting all the returns referred to in this circular.
12
1.10 Fraud Monitoring Cell at Department of Banking Supervision, Central Office will publish a directory of officers of banks/Financial Institutions (FI) responsible for reporting of Frauds etc in January every year. Banks/Financial Institutions should furnish to Department of Banking Supervision, Central Office Fraud Monitoring Cell any changes in the names of officials that will be necessary for inclusion in the directory by December 15 every year.
3. 2. REPORTING OF FRAUDS TO RESERVE BANK OF INDIA 3.2. .1 Frauds involving Rs 1 lakh and above 3.1.1 Fraud reports should be submitted in all cases of fraud of Rs. 1 lakh and above perpetrated through misrepresentation, breach of trust, manipulation of books of account, fraudulent encashment of instruments like cheques, drafts and bills of exchange, unauthorised handling of securities charged to the bank, misfeasance, embezzlement, misappropriation of funds, conversion of property, cheating, shortages, irregularities, etc. 3.1.2 Fraud reports should also be submitted in cases where central investigating agencies have initiated criminal proceedings and/or where the Reserve Bank has directed that they be reported as frauds. 3.1.3 Banks may also report frauds perpetrated in their subsidiaries and affiliates/joint ventures. Such frauds should, however, not be included in the report on outstanding frauds and the quarterly progress reports referred to in paragraph 4 below. 3.1.4 Soft copy of the reports on frauds in FMR formats should be submitted to the Central Office of the Department of Banking Supervision (DBS). Within three weeks of detection of fraud involving Rs. 5.00 lakh and above the copy of FMR-1 should be submitted to the Central Office, DBS and the Regional Office (RO) DBS under whose jurisdiction the Head office of the bank falls and the RO of DBS under whose jurisdiction the branch where the fraud occurs falls. Fraud reports in hard copy format (FMR-1) involving frauds of Rs.1.00 lakh and above and less than Rs. 5.00 lakh should be sent only to the concerned Regional Office of RBI, DBS.
13
3.2.2. Frauds committed by unscrupulous borrowers 3.2.1 It is observed that a large number of frauds are committed by unscrupulous borrowers including companies, partnership firms/proprietary concerns and/or their directors/partners by various methods including the following: i. ii. Fraudulent discount of instruments or kite flying in clearing effects. Fraudulent removal of pledged stocks/disposing of hypothecated stocks without the bank’s knowledge/inflating the value of stocks in the stock statements and drawing excess bank finance. iii. Diversion of funds outside the borrowing units, lack of interest or criminal neglect on the part of borrowers, their partners, etc. and also due to managerial failure leading to the unit becoming sick and due to laxity in effective supervision over the operations in borrowal accounts on the part of the bank functionaries rendering the advance difficult to recover. 3.2.2 In respect of frauds in borrowal accounts, additional information as prescribed under Part B of FMR – 1 should also be furnished. 3.2.3 Banks should exercise due diligence while appraising the credit needs of unscrupulous borrowers, borrower companies, partnership/ proprietorship concerns and their directors, partners and proprietors, etc. as also their associates who have defrauded the banks. In addition to above borrower- fraudsters, third parties such as builders, warehouse/cold storage owners, motor vehicle/tractor dealers, travel agents, etc. and professionals such as architects, valuers, chartered accountants, advocates, etc. are also to be held accountable if they have played a vital role in credit sanction/disbursement or facilitated the perpetration frauds. Banks are advised report to Indian Banks Association (IBA) the details of such third parties involved in frauds. Before reporting to IBA, banks have to satisfy themselves of the involvement of third parties concerned and also provide themwith an opportunity of being heard. In this regard the banks should follow formal procedures and the processes followed should be suitably recorded. On the basis of such information, IBA would, in turn, prepare caution lists of such third parties for circulation among the banks.
14
3.2.4. Frauds in borrowal accounts having multiple banking arrangements Certain unscrupulous borrowers enjoying credit facilities under "multiple banking arrangement” after defrauding one of the financing banks, continue to enjoy the facilities with other financing banks and in some cases avail even higher limits at those banks. In certain cases the borrowers use the accounts maintained at other financing banks to siphon off funds by diverting from the bank on which the fraud is being perpetrated. This is due to lack of a formal arrangement for exchange of information among various lending banks/FIs. In some of the fraud cases, the securities offered by the borrowers to different banks are the same. In view of this, all the banks which have financed a borrower under 'multiple banking' arrangement should take co-ordinated action, based on commonly agreed strategy, for legal / criminal actions, follow up for recovery, exchange of details on modus operandi, achieving consistency in data / information on frauds reported to Reserve Bank of India. Therefore, bank which detects a fraud is required to immediately share the details with all other banks in the multiple banking arrangements.
3..3. Frauds involving Rs. 100.00 lakh and above In respect of frauds involving Rs. 100 lakh and above, in addition to the requirements given at paragraphs 3.1 and 3.2 above, banks may report the fraud by means of a D.O. letter addressed to the Chief General Manager in charge of the Department of Banking Supervision, RBI, Central Office, within a week of such frauds coming to the notice of the bank’s Head Office. The letter may contain brief particulars of the fraud such as amount involved, nature of fraud, modus operandi in brief, name of the branch/office, names of parties involved (if they are proprietorship/ partnership concerns or private limited companies, the names of proprietors, partners and directors), names of officials involved, and whether the complaint has been lodged with the Police/CBI. A copy of the D.O. letter should also be endorsed to the Regional Office of RBI under whose jurisdiction the bank's branch, where the fraud has been perpetrated, is functioning.
15
3.4 Cases of attempted fraud Cases of attempted fraud, where the likely loss would have been Rs. 1.00 crore or more had the fraud taken place, should be reported by the bank to the Fraud Monitoring Cell, Department of Banking Supervision, Reserve Bank of India, Central Office, Mumbai within two weeks of the bank coming to know that the attempt to defraud the bank failed or was foiled. The report should cover the following: • The modus operandi of the attempted fraud • How the attempt did not materialise in the fraud or how the attempt failed / was foiled. • The measures taken by the bank to strengthen the existing systems and controls • New systems and controls put in place in the area where fraud was attempted. Reports on such attempted frauds should be placed before the Audit Committee of the Board. Such cases should not be included in the other returns to be submitted to RBI. 3.5.. Quarterly Returns 3.5.1 Report on Frauds Outstanding 4.1.1 Banks should submit a copy each of the Quarterly Report on Frauds Outstanding in the format given in FMR – 2 to the Central Office and the Regional Office of the Reserve Bank under whose jurisdiction the Head Office of the bank falls within 15 days of the end of the quarter to which it relates. The data should be submitted in soft copy only. Banks which may not be having any fraud outstanding as at the end of a quarter should submit a nil report. 4.1.2 Part - A of the report covers details of frauds outstanding as at the end of the quarter. Parts B and C of the report give category-wise and perpetrator-wise details of frauds reported during the quarter respectively. The total number and amount of fraud cases reported during the quarter as shown in Parts B and C should tally with the totals of columns 4 and 5 in Part – A of the report 4.1.3 Banks should furnish a certificate, as part of the above report, to the effect that all individual fraud cases of Rs. 1 lakh and above reported to the Reserve Bank in FMR – 1
16
during the quarter have also been put up to the bank’s Board and have been incorporated in Part – A (columns 4 and 5) and Parts B and C of FMR – 2. 4.1.4 Closure of fraud cases Banks will report to the Frauds Monitoring Cell, RBI, Department of Banking Supervision (DBS), Central Office, Mumbai and the respective Regional offices of the DBS, the details of fraud cases closed along with reasons for the closure where no further action was called for. Fraud cases closed during the quarter are required to be reported in quarterly return FMR 3 and cross checked with relevant column in FMR-2 return before sending to RBI. Banks should report only such cases as closed where the actions as stated below are complete and prior approval is obtained from the respective Regional Offices of DBS i. ii. iii. iv. v. The fraud cases pending with CBI/Police/Court are finally disposed of. The examination of staff accountability has been completed The amount of fraud has been recovered or written off. Insurance claim wherever applicable has been settled. The bank has reviewed the systems and procedures, identified the causative factors and plugged the lacunae and the fact of which has been certified by the appropriate authority (Board / Audit Committee of the Board) vi. Banks should also pursue vigorously with CBI for final disposal of pending fraud cases especially where the banks have completed staff side action. Similarly, banks may vigorously follow up with the police authorities and/or court for final disposal of fraud cases and / or court for final disposal of fraud cases. Banks are allowed, for limited statistical / reporting purposes, to close those fraud cases involving amounts upto Rs.25.00 lakh, where: a. The investigation is on or challan/ charge sheet not filed in the Court for more than three years from the date of filing of First Information Report (FIR) by the CBI/Police., or b. the trial in the courts, after filing of charge sheet / challan by CBI / Police, has not started, or is in progress.
17
3.5.2. Progress Report on Frauds (FMR-3) 4.2.1 Banks should furnish case-wise quarterly progress reports on frauds involving Rs. 1.00 lakh and above in the format given in FMR – 3 to the Central Office of RBI, Department of Banking Supervision as well as the concerned Regional Office of the Department of Banking Supervision under whose jurisdiction the bank’s Head Office is situated, within 15 days of the end of the quarter to which they relate. 4.2.2 In the case of frauds where there are no developments during a quarter, a list of such cases with a brief description including name of branch and date of reporting may be furnished in Part – B of FMR – 3. 4.2.3 Banks which do not have any fraud involving Rs. 1.00 lakh and above outstanding may submit a nil report. 3.6.. REPORTS TO THE BOARD 3.6.1. Reporting of Frauds 5.1.1 Banks should ensure that all frauds of Rs. 1.00 lakh and above are reported to their Boards promptly on their detection. 5.1.2 Such reports should, among other things, take note of the failure on the part of the concerned branch officials and controlling authorities, and consider initiation of appropriate action against the officials responsible for the fraud. 3.6.2.Quarterly Review of Frauds 5.2.1 Information relating to frauds for the quarters ending March, June and September may be placed before the Audit Committeeof theBoard of Directors during the month following the quarter to which it pertains, irrespective of whether or not these are required to be placed before the Board/Management Committee in terms of the Calendar of Reviews prescribed by RBI. 5.2.2 These should be accompanied by supplementary material analysing statistical information and details of each fraud so that the Audit Committee of the Board would have
18
adequate material to contribute effectively in regard to the punitive or preventive aspects of frauds. 5.2.3 A separate review for the quarter ending December is not required in view of the Annual Review for the year-ending December prescribed below. 5.2.4 Banks are required to constitute a Special Committee for monitoring and follow up of cases of frauds involving amounts of Rs. 1.00 crore and above exclusively, while Audit Committee of the Board (ACB) may continue to monitor all the cases of frauds in general. The Special Committee should consist of CMD in case of public sector banks and MD in case of SBI/its Associates. In case of private sector banks, two members from ACB, two members from Board excluding RBI nominee. 5.2.5 The major functions of the Special Committee would be to monitor and review all the frauds of Rs. 1.00 crore and above so as to:
?
Identify the systemic lacunae if any that facilitated perpetration of the fraud and put in place majors to plug the same:
?
Identify the reasons for delay in detection, if any, reporting to top management of the bank and RBI:
? ?
Monitor progress of CBI/Police investigation and recovery position: Ensure that staff accountability is examined at all levels in all the cases of frauds and staff side action, if required, is completed quickly without loss of time:
?
Review the efficacy of the remedial action taken to prevent recurrence of frauds, such as strengthening of internal controls:
?
Put on place other measures as may be considered relevant to strengthen preventive measures against frauds.
All the frauds involving an amount of Rs 1.00 crore and above should be monitored and reviewed by the Special Committee of the Board in case of all Indian commercial banks. The periodicity of the meetings of the Special Committee may be decided according to the number of cases involved. In addition, the Committee should meet and review as and when a fraud involving an amount of Rs 1.00 crore and above comes to light.
19
5.2.6 The banks may delineate in a policy document the processes for implementation of the Committee's directions and the document may enable a dedicated outfit of the bank to implement the directions in this regard. 3.6.3.. Annual Review of Frauds 5.3.1 Banks should conduct an annual review of the frauds and place a note before the Board of Directors/Local Advisory Board for information. The reviews for the year-ended December may be put up to the Board before the end of March the following year. Such reviews need not be sent to RBI. These may be preserved for verification by the Reserve Bank’s inspecting officers. 5.3.2 The main aspects which may be taken into account while making such a review may include the following: a. Whether the systems in the bank are adequate to detect frauds, once they have taken place, within the shortest possible time. b. Whether frauds are examined from staff angle and, wherever necessary, the cases are reported to the Vigilance Cell for further action in the case of public sector banks. c. Whether deterrent punishment is meted out, wherever warranted, to the persons found responsible. d. Whether frauds have taken place because of laxity in following the systems and procedures and, if so, whether effective action has been taken to ensure that the systems and procedures are scrupulously followed by the staff concerned. e. Whether frauds are reported to local Police or CBI, as the case may be, for investigation, as per the guidelines issued in this regard to public sector banks by Government of India. 5.3.3 The annual reviews should also, among other things, include the following details: a. Total number of frauds detected during the year and the amount involved as compared to the previous two years. b. Analysis of frauds according to different categories detailed in Paragraph 2.1 and also the different business areas indicated in the Quarterly Report on Frauds Outstanding (vide FMR – 2).
20
c. Modus operandi of major frauds reported during the year along with their present position. d. Detailed analyses of frauds of Rs. 1 lakh and above. e. Estimated loss to the bank during the year on account of frauds, amount recovered and provisions made. f. Number of cases (with amounts) where staff are involved and the action taken against staff. g. Region-wise/Zone-wise/State-wise break-up of frauds and amount involved. h. Time taken to detect frauds (number of cases detected within three months, six months and one year of their taking place). i. Position with regard to frauds reported to CBI/Police. j. Number of frauds where final action has been taken by the bank and cases disposed of. k. Preventive/punitive steps taken by the bank during the year to reduce/minimise the incidence of frauds. 3.7. GUIDELINES FOR REPORTING FRAUDS TO POLICE/CBI 6.1 Private sector banks (including foreign banks operating in India) should follow the following guidelines for reporting of frauds such as unauthorised credit facilities extended by the bank for illegal gratification, negligence and cash shortages, cheating, forgery, etc. to the State Police authorities: a. In dealing with cases of fraud/embezzlement, banks should not merely be actuated by the necessity of recovering expeditiously the amount involved, but should also be motivated by public interest and the need for ensuring that the guilty persons do not go unpunished. b. Therefore, as a general rule, the following cases should invariably be referred to the State Police: i. Cases of fraud involving an amount of Rs. 1.00 lakh and above, committed by outsiders on their own and/or with the connivance of bank staff/officers. ii. Cases of fraud committed by bank employees, when it involves bank funds exceeding Rs. 10,000/-. c. Fraud cases involving amounts of Rs 1.00 crore and above should also be reported to the Director, Serious Fraud Investigation Office (SFIO), Ministry of Company
21
Affairs, Government of India. Second Floor, Paryavaran Bhavan, CGO Complex, Lodhi Road, New Delhi 110 003. Details of the fraud are to be reported to SFIO in FMR-1 Format. 6.2 Public sector banks should report fraud cases involving amount of Rs. 1 crore and above to CBI and those below Rs. 1 crore to local police, as detailed below: Cases to be referred to CBI (a) Cases of Rs. 1.00 crore and above upto Rs. 5.00 crore
? ?
Where staff involvement is prima facie evident – CBI (Anti Corruption Branch) Where staff involvement is prima facie not evident – CBI (Economic Offences Wing)
(b) All cases involving more than Rs.5.00 crore – Banking Security and Fraud Cell of the respective centres, which is specialised cell of the Economic Offences Wing of the CBI for major bank fraud cases. Cases to be referred to Local Police Cases below Rs.1 crore – Local Police. i. Cases of financial frauds of the value of Rs.1.00 lakh and above, which involve outsiders (private parties) and bank staff, should be reported by the Regional Head of the bank concerned to a senior officer of the State CID/Economic Offences Wing of the State concerned. ii. For cases of financial frauds below the value of Rs.1.00 lakh but above Rs.10,000/the cases should be reported to the local police station by the bank branch concerned. iii. All fraud cases of value below Rs.10,000 involving bank officials, should be referred to the Regional Head of the bank, who would scrutinize each case and direct the bank branch concerned on whether it should be reported to the local police station for further legal action. 6.3 Filing of Police complaint in case of fraudulent encashment of DDs/TTs/Pay Orders/Cheques/ Dividend Warrants, etc.
22
6.3.1 In case of frauds involving forged instruments, the paying banker has to file the police complaint and not the collecting banker. 6.3.2 However, in case of collection of instrument which is genuine but the amount collected fraudulently by a person who is not the owner, the collecting bank which is defrauded has to file a police complaint. 6.3.3 In case of collection of instruments where the amount has been credited before realisation and subsequently the instrument is found to be fake/forged and returned by the paying bank, it is the collecting bank who has to file a police complaint as they are at loss by paying the amount before realisation of the instrument. 6.3.4 In cases of collection of altered/fake cheque involving two or more branches of the same bank, the branch where the altered/fake instrument has been encashed, should file a Police complaint. 6.3.5 In the event of an altered/fake cheque having been paid/encashed involving two or more branches of a bank under CBS, the branch which has released the payment against a fraudulent withdrawal, should file a Police complaint.
23
3.8.. REPORTING CASES OF THEFT, BURGLARY, DACOITY AND BANK ROBBERIES
7.1 Banks should arrange to report by fax / e-mail instances of bank robberies, dacoities, thefts and burglaries to the following authorities immediately on their occurrence.
a. The Chief General Manager-in-Charge, Reserve Bank of India, Department of Banking Supervision, Central Office, Mumbai. b. Regional Office of the Department of Banking Supervision, Reserve Bank of India under whose jurisdiction the Head Office of the bank falls. c. Regional Office of Reserve Bank of India, Department of Banking Supervision, Reserve Bank of India, under whose jurisdiction the affected bank branch is located to enable the Regional Office to take up the issues regarding security arrangements in affected branch/es during the State Level Security Meetings with the concerned authorities (endorsements). d. The Security Adviser, Central Security Cell, Reserve Bank of India, Central Office Building, Mumbai – 400001. e. Ministry of Finance, Department of Economic Affairs, (Banking Division), Government of India, New Delhi The report should include details of modus operandi and other information as at columns 1 to 11 of FMR – 4 7.2 Banks should also submit to the Reserve Bank, Department of Banking Supervision, Central Office as well as the concerned Regional Office of the Reserve Bank under whose jurisdiction the bank’s Head Office is situated a quarterly consolidated statement in the format given in FMR – 4 covering all cases pertaining to the quarter. This may be submitted within 15 days of the end of the quarter to which it relates. 7.3 Banks which do not have any instances of theft, burglary, and / or robbery to report during the quarter, may submit a nil report
24
4. CREDIT CARDS FRAUDS Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a
transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft 4.1. Origins The fraud begins with either the theft of the physical card or the compromise of data associated with the account, including the card account number or other information that would routinely and necessarily be available to a merchant during a legitimate transaction. The compromise can occur by many common routes and can usually be conducted without tipping off the card holder, the merchant or the issuer, at least until the account is ultimately used for fraud. A simple example is that of a store clerk copying sales receipts for later use. The rapid growth of credit card use on the Internet has made database security lapses particularly costly; in some cases, millions of accounts have been compromised. Stolen cards can be reported quickly by cardholders, but a compromised account can be hoarded by a thief for weeks or months before any fraudulent use, making it difficult to identify the source of the compromise. The cardholder may not discover fraudulent use until receiving a billing statement, which may be delivered infrequently.
25
4.2. Stolen cards When a credit card is lost or stolen, it remains usable until the holder notifies the issuer that the card is lost. Most issuers have free 24-hour telephone numbers to encourage prompt reporting Still, it is possible for a thief to make unauthorized purchases on a card until it is canceled. Without other security measures, a thief could potentially purchase thousands of dollars in merchandise or services before the cardholder or the card issuer realize that the card is in the wrong hands. The only common security measure on all cards is a signature panel, but signatures are relatively easy to forge. Some merchants will demand to see a picture ID, such as a driver's license, to verify the identity of the purchaser, and some credit cards include the holder's picture on the card itself. However, the card holder has a right to refuse to show additional verification, and asking for such verification is usually a violation of the merchant's agreement with the credit card companies. Self-serve payment systems are common targets for stolen cards, as there is no way to verify the card holder's identity. A common countermeasure is to require the user to key in some identifying information, such as the user's ZIP or postal code. This method may deter casual theft of a card found alone, but if the card holder's wallet is stolen, it may be trivial for the thief to deduce the information by looking at other items in the wallet. For instance, a U.S. driver license commonly has the holder's home address and ZIP code printed on it. Visa Inc. offers merchants lower rates on transactions if the customer provides a zip code. In Europe, most cards are equipped with an EMV chip which requires a 4 digit PIN to be entered in to the merchants terminal before payment will be authorised. Requiring a customer's ZIP code is illegal in California where the state's 1971 law prohibits merchants from requesting or requiring a card-holder's "personal identification information" as a condition of accepting the card for payment. The California Supreme Court has ruled that the ZIP code qualifies as personal identification information because it is part of the cardholder's address. Companies face fines of $250–1000 for each violation. Requiring a "personal identification number" (PIN) may also be a violation.
26
Card issuers have several countermeasures, including sophisticated software that can, before a transaction is authorized, estimate the probability of fraud. For example, a large transaction occurring a great distance from the cardholder's home might seem suspicious. The merchant may be instructed to call the card issuer for verification, or to decline the transaction, or even to hold the card and refuse to return it to the customer. The customer must contact the issuer and prove who they are to get their card back (if it is not fraud and they are actually buying a product). 4.3. Identity theft Identity theft can be divided into two broad categories: Application fraud and account takeover. 4.3. 1 . Application fraud Application fraud happens when a criminal uses stolen or fake documents to open an account in someone else's name. Criminals may try to steal documents such as utility bills and bank statements to build up useful personal information. Or they may create counterfeit documents
4.3.2 . Account takeover Account takeover happens when a criminal tries to take over another person's account, first by gathering information about the intended victim, and then contacting their card issuer while impersonating the genuine cardholder, and asking for mail to be redirected to a new address. The criminal then reports the card lost and asks for a replacement to be sent. Some merchants added a new practice to protect their consumers and their own reputation, where they ask the buyer to send a photocopy of the physical card and statement to ensure the legitimate usage of a card.
27
4.4.Skimming Skimming is the theft of credit card information used in an otherwise legitimate transaction. It is typically an "inside job" by a dishonest employee of a legitimate merchant. The thief can procure a victim’s credit card number using basic methods such as photocopying receipts or more advanced methods such as using a small electronic device (skimmer) to swipe and store hundreds of victims’ credit card numbers. Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim's credit card out of their immediate view. The thief may also use a small keypad to unobtrusively transcribe the 3 or 4 digit Card Security Code which is not present on the magnetic strip. Call centers are another area where skimming can easily occur. Instances of skimming have been reported where the perpetrator has put a device over the card slot of an ATM (automated teller machine), which reads the magnetic strip as the user unknowingly passes their card through it. These devices are often used in conjunction with a miniature camera (inconspicuously attached to the ATM) to read the user's PIN at the same time. This method is being used very frequently in many parts of the world, including South America, e.g. in Argentina and Europe, e.g. in the Netherlands Another technique used is a keypad overlay that matches up with the buttons of the legitimate keypad below it and presses them when operated, but records or transmits the key log of the PIN entered by wireless. The device or group of devices illicitly installed on an ATM are also colloquially known as a "skimmer". Recently-made ATMs now often run a picture of what the slot and keypad are supposed to look like as a background, so that consumers can identify foreign devices attached. Skimming is difficult for the typical cardholder to detect, but given a large enough sample, it is fairly easy for the card issuer to detect. The issuer collects a list of all the cardholders who have complained about fraudulent transactions, and then uses data mining to discover
relationships among them and the merchants they use. For example, if many of the cardholders use a particular merchant, that merchant can be directly investigated. Sophisticated algorithms can also search for patterns of fraud. Merchants must ensure the physical security of their terminals, and penalties for merchants can be severe if they are compromised, ranging from large fines by the issuer to complete exclusion from the system, which can be a death blow to businesses such as restaurants where credit card transactions are the norm
28
5.. INTERNET FRAUDS Internet fraud refers to the use of internet services to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme. Internet fraud can occur in chat rooms, email, message boards or on websites. 5.1 .Purchase frauds Purchase fraud occurs when a criminal approaches a merchant and proposes a business transaction, and then uses fraudulent means to pay for it, such as a stolen or fake credit card. As a result, merchants do not get paid for the sale. Merchants who accept credit cards may receive a chargeback for the transaction and lose money as a result 5 .2. Online automotive fraud A fraudster posts a nonexistent vehicle for sale to a website, typically a luxury or sports car, advertised for well below its market value. The details of the vehicle, including photos and description, are typically lifted from sites such as eBay Motors or Autoscout24. An interested buyer, hopeful for a bargain, emails the fraudster, who responds saying the car is still available but is located overseas. The scam artist then instructs the victim to send a deposit via wire transfer to initiate the "shipping" process. The unwitting victim wires the funds, and subsequently discovers they have been scammed. In another type of fraud, a fraudster contacts someone who has posted a vehicle for sale online, asking for the vehicle identification number (VIN) in order to check the accident record of the vehicle. However, the crook actually uses the VIN to make fake documentation for a stolen car, in order to sell it.
29
5.3 PayPal Fraud In a collection in person PayPal scheme, the scammer targets eBay auctions that allow the purchaser to personally collect the item from the seller, rather than having the item shipped, and where the seller accepts PayPal as a means of payment. The fraudster uses a fake address with a post office box when making their bids, as PayPal will allow such an unconfirmed address. Such transactions are not covered by PayPal's seller protection policy. The fraudster buys the item, pays for it via PayPal, and then collects the item from the victim. The fraudster then challenges the sale, claiming a refund from PayPal and stating that they did not receive the item. PayPal's policy is that it will reverse a purchase transaction unless the seller can provide a shipment tracking number as proof of delivery; PayPal will not accept video evidence, a signed document, or any form of proof other than a tracking number as valid proof of delivery.This form of fraud can be avoided by only accepting cash from buyers who wish to collect goods in person. 5.4. Internet ticket fraud
A variation of Internet marketing fraud offers tickets to sought-after events such as concerts, shows, and sports events. The tickets are fake,or are never delivered. The proliferation of online ticket agencies, and the existence of experienced and dishonest ticket resellers, has fueled this kind of fraud. A prime example was the global Beijing Olympic Games ticket fraud run by US-registered exclusive Leisure and Hospitality, sold through a professionallydesigned website, www.beijingticketing.com, with the name "Beijing 2008 Ticketing". On 4 August it was reported that more than AU$50 million worth of fake tickets had been sold through the website. On 6 August it was reported that the person behind the scam, which was wholly based outside China, was a British ticket tout Terance Shepherd.
30
5..5. Click fraud Click fraud occurs when websites that are affiliates of advertising networks that pay per view or per click use spyware to force views or clicks to ads on their own websites. The affiliate is then paid a commission on the cost-per-click that was artificially generated. Affiliate programs such as Google's Adsense pay high commissions that drive the generation of bogus clicks this form of Internet fraud is on the increase 5..6. Friendly fraud Also known as friendly fraud chargeback, is a credit card industry term used to describe a consumer who makes an Internet purchase with his/her own credit card and then issues a chargeback through his/her card provider after receiving the goods or services. When a chargeback occurs, the merchant will always be responsible, regardless of what they did to verify the transaction. The challenge with friendly fraud is that there is no way to verify the authenticity of the transaction, which is in fact legitimate, because the consumer is the one that is not legitimate The online merchant that sells physical products can protect itself by requiring a signature upon delivery of goods. That signature, in addition to information gathered online, helps in the resolution of chargeback disputes. Also, the merchant can request the Card Security Code on the credit card to fight "Card absent environment" chargebacks. These are the three digit codes on the backs of Visa, Mastercard, and Discover cards, and the four digit code on the front of American Express cards 5 .7. Fraudulent Charge-Back schemes There is a class of email spam (usually sent to commercial / corporate email addresses) where the spammer makes an offer to purchase goods (usually not specifically identified) from a vendor. In the email, the spammer makes it clear that they intend to pay for the goods using a credit card. The spammer provides the shipping address for the goods, and requests a product and price-list from the vendor in the initial email. It has been speculated that this is some form of charge-back scheme, whereby the spammer is using a valid credit card but intends to request a charge-back to reverse the charge while at the same time retaining the goods that were shipped to them
31
6. FRAUDS AND ITS PREVENTIVE MEASURES
6 .1 SECURITY REGIME IN BANKING SYSTEM
Security implies sense of safety and of freedom from danger or anxiety. When a banker takes a collateral security, say in the form of gold or a title deed, against the money lent by him, he has a sense of safety and of freedom from anxiety about the possible non-payment of the loan by the borrower. These should be communicated to all strata of the organization through appropriate means. Before staff managers should analyze current practices. Security procedure should be stated explicitly and agreed upon by each user in the specific environment. Such practices ensure information security and enhance availability. Bank security is essentially a defense against unforced attacks by thieves, dacoits and burglars.
32
6..2 PHYSICAL SECURITY MEASURES-CONCEPT A large part of banks security depends on social security measures. Physical security measures can be defined as those specific and special protective or defensive measures adopted to deter, detect, delay, defend and defeat or to perform any one or more of these functions against culpable acts, both covert and covert and acclamations natural events. The protective or defensive, measures adopted involve construction, installation and deployment of structures, equipment and persons respectively. The following are few guidelines to check malpractices 1. To rotate the cash work within the staff. 2. One person should not continue on the same seat for more than two months. 3. Daybook should not be written by the Cashier where another person is available to the job 4. No cash withdrawal should be allowed within passbook in case of withdrawal by pay order. 5. The branch manager should ensure that all staff members have recorder their presence in the attendance registrar, before starting work. Execution of Documents 1. A bank officer must adopt a strict professional approach in the execution of documents. The ink and the pen used for the execution must be maintained uniformly. 2. Bank documents should not be typed on a typewriter for execution. These should be invariably handwritten for execution. 3. The execution should always be done in the presence of the officer responsible for obtain them, 4. The borrowers should be asked to sign in full signatures in same style throughout the documents.
33
5. Unless there is a specific requirement in the document, it should not be got attested or witnessed as such attestation may change the character of the instruments and the documents may subject to ad stamp duty. 6. The paper on which the bank documents are made should be a proof. It should be unique and available to the banks only. 7. The printing of the bank documents should have highly artistic intricate and complex graphics. 8. The documents executed between Banker and Borrowers must be kept in safe custody
6.3. BANKING FRAUD
Banking Fraud is posing threat to Indian Economy. Its vibrant effect can be understood be the fact that in the year 2004 number of Cyber Crime were 347 in India which rose to 481 in 2005 showing an increase of 38.5% while I.P.C. category crime stood at 302 in 2005 including 186 cases of cyber fraud and 68 cases cyber forgery. Thus it becomes very important that occurrence of such frauds should be minimized. More upsetting is the fact that such frauds are entering in Banking Sector as well.
34
In the present day, Global Scenario Banking System has acquired new dimensions. Banking did spread in India. Today, the banking system has entered into competitive markets in areas covering resource mobilization, human resource development, customer services and credit management as well. Indian’s banking system has several outstanding achievements to its credit, the most striking of which is its reach. In fact, Indian banks are now spread out into the remotest areas of our country. Indian banking, which was operating in a highly comfortable and protected environment till the beginning of 1990s, has been pushed into the choppy waters of intense competition. A sound banking system should possess three basic characteristics to protect depositor’s interest and public faith. These are (i) a fraud free culture, (ii) a time tested Best Practice Code, and (iii) an in house immediate grievance remedial system. All these conditions are their missing or extremely weak in India. Section 5(b) of the Banking Regulation Act, 1949 defines banking… “Banking is the accepting for the purpose of lending or investment, deposits of money from the purpose of lending or investment, deposits of money from the public, repayable on demand or otherwise and withdraw able by cheque, draft, order or otherwise”. But if his money has fraudulently been drawn from the bank the latter is under strict obligation to pay the depositor. The bank therefore has to ensure at all times that the money of the depositors is not drawn fraudulently. Time has come when the security aspects of the banks have to be dealt with on priority basis. The banking system in our country has been taking care of all segments of our socioeconomic set up. The Article contains a discussion on the rise of banking frauds and various methods that can be used to avoid such frauds. A bank fraud is a deliberate act of omission or commission by any person carried out in the course of banking transactions or in the books of accounts, resulting in wrongful gain to any person for a temporary period or otherwise, with or without any monetary loss to the bank. The relevant provisions of Indian Penal Code, Criminal Procedure Code, Indian Contract Act, and Negotiable Instruments Act relating to banking frauds has been cited in the present Article.
35
6.4.. LEGAL REGIME TO CONTROL BANK FRAUDS Frauds constitute white-collar crime, committed by unscrupulous persons deftly advantage of loopholes existing in systems procedures. The ideal situation is one there is no fraud, but taking ground realities of the nation’s environment and human nature’s fragility, an institution should always like to keep the overreach of frauds at the minimum occurrence level. Following are the relevant sections relating to Bank Frauds Indian Penal Code (45 of 1860) (a) Section 23 Wrongful gain.Wrongful gain is gain by unlawful means of property to which the person gaining is not legally entitled. (b) Wrongful loss Wrongful loss is the loss by unlawful means of property to which the person losing it is legally (c) Gaining wrongfully. Losing wrongfully-A person is said to gain wrongfully when such person retains wrongfully, as well as when such person acquires wrongfully. A person is said to lose wrongfully when such person is wrongfully kept out of any property, as well as when such person is wrongfully deprived of property. (d) Section 24. Dishonestly Whoever does anything with the intention of causing wrongful gain to one person or wrongful loss to another person, is said to do that thing dishonestly. entitled.
36
(e) Section 28. Counterfeit A person is said to counterfeit who causes one thing to resemble another thing, intending by means of that resemblance to practice deception, or knowing it to be likely that deception will thereby be practiced. BREACH OF TRUST 1. Section 408- Criminal breach of trust by clerk or servant. 2. Section 409- Criminal breach of trust by public servant, or by banker, merchant or agent. 3. Section 416- Cheating by personating 4. Section 419- Punishment for cheating by personation. OFFENCES RELATING TO DOCMENTS 1) Section 463-Forgery 2) Section 464 -Making a false document 3) Section 465- Punishment for forgery. 4) Section 467- Forgery of valuable security, will, etc 5) Section 468- Forgery for purpose of cheating 6) Section 469- Forgery for purpose of harming reputation 7) Section 470- Forged document. 8) Section 471- Using as genuine a forged document 9) Section 477- Fraudulent cancellation, destruction, etc., of will, authority to adopt, or valuable security. 10) Section 477A- Falsification of accounts
37
7. FRAUD -PREVENTION AND DETECTION A close study of any fraud in bank reveals many common basic features. There may have been negligence or dishonesty at some stage, on part of one or more of the bank employees. One of them may have colluded with the borrower. The bank official may have been putting up with the borrower’s sharp practices for a personal gain. The proper care which was expected of the staff, as custodians of banks interest may not have been taken. The bank’s rules and procedures laid down in the Manual instructions and the circulars may not have been observed or may have been deliberately ignored. Bank frauds are the failure of the banker. It does not mean that the external frauds do not defraud banks. But if the banker is upright and knows his job, the task of defrauder will become extremely difficult, if not possible. Detection of Frauds Despite all care and vigilance there may still be some frauds, though their number, periodicity and intensity may be considerably reduced. The following procedure would be very helpful if taken into consideration 1. All relevant data-papers, documents etc should be promptly collected. Original vouchers or other papers forming the basis of the investigation should be kept under lock and key. 2. All persons in the bank who may be knowing something about the time, place a modus operandi of the fraud should be examined and their statements should be recorded. 3. The probable order of events should thereafter be reconstructed by the officer, in his own mind. 4. It is advisable to keep the central office informed about the fraud and further developments in regard thereto.
38
7.1. RBI – REMEDIAL MEASURES In order to have uniformity in reporting cases of frauds, RBI considered the question of classification of bank frauds on the basis of the provisions of the IPC.
Given below are the Provisions and their Remedial measures that can be taken. 1. Cheating (Section 415, IPC) Remedial Measures. The preventive measures in respect of the cheating can be concentrated on cross-checking regarding identity, genuineness, verification of particulars, etc. in respect of various instruments as well as persons involved in encashment or dealing with the property of the bank. 2. Criminal misappropriation of property (Section 403 IPC). Remedial Measure Criminal misappropriation of property, presuppose the custody or control of funds or property, so subjected, with that of the person committing such frauds. Preventive measures, for this class of fraud should be taken at the level the custody or control of the funds or property of the bank generally vests. Such a measure should be sufficient, it is extended to these persons who are actually handling or having actual custody or control of the fund or movable properties of the bank. 3. Criminal breach of trust (Section 405, IPC) Remedial Measure Care should be taken from the initial step when a person comes to the bank. Care needs to be taken at the time of recruitment in bank as well.
39
4. Forgery (Section 463, IPC) Remedial Measure Both the prevention and detection of frauds through forgery are important for a bank. Forgery of signatures is the most frequent fraud in banking business. The bank should take special care when the instrument has been presented either bearer or order; in case a bank pays forged instrument he would be liable for the loss to the genuine costumer. 5. Falsification of accounts (Section 477A) Remedial Measure Proper diligence is required while filling of forms and accounts. The accounts should be rechecked on daily basis. 6. Theft (Section 378, IPC) Remedial Measures Encashment of stolen’ cheque can be prevented if the bank clearly specify the age, sex and two visible identify action marks on the body of the person traveler’s cheques on the back of the cheque leaf. This will help the paying bank to easily identify the cheque holder. Theft from lockers and safe deposit vaults are not easy to commit because the master-key remains with the banker and the individual key of the locker is handed over to the costumer with due acknowledgement. 7. Criminal conspiracy (Section 120 A, IPC) In the case of State of Andhra Pradesh v. IBS Prasad Rao and Other, the accused, who were clerks in a cooperative Central Bank were all convicted of the offences of cheating under Section 420 read along with Section 120 A. all the four accused had conspired together to defraud the bank by making false demand drafts and receipt vouchers.
40
8. Offences relating to currency notes and banks notes (Section 489A -489E ,IPC) These sections provide for the protection of currency-notes and bank notes from forgery. The offences under section are (a) Counterfeiting currency notes or banks. (b) Selling, buying or using as genuine, forged or counterfeit currency notes or bank notes. Knowing the same to be forged or counterfeit. (c) Possession of forged or counterfeit currency notes or bank-notes, knowing or counterfeit and intending to use the same as genuine. (d) Making or passing instruments or materials for forging or counterfeiting currency notes or banks. (e) Making or using documents resembling currency-notes or bank notes. Most of the above provisions are Cognizable Offences under Section 2(c) of the Code of Criminal Procedure, 1973. 7.2. PREVENTIVE MEASURES FOR CREDIT CARDS FRAUDS By merchants:
? ? ?
PAN truncation – not displaying the full number on receipts Tokenization (data security) – not storing the full number in computer systems Requesting additional information, such as a PIN, ZIP code, or Card Security Code
By card issuers:
?
Fraud detection and prevention software that analyzes patterns of normal and unusual behavior as well as individual transactions in order to flag likely fraud. Profiles include such information as IP address Fraud detection and response business processes such as:
? ?
Contacting the cardholder to request verification Placing preventative controls/holds on accounts which may have been victimized Blocking card until transactions are verified by cardholder
41
?
Investigating fraudulent activity
Strong Authentication measures such as:
?
Multi-factor Authentication, verifying that the account is being accessed by the cardholder through requirement of additional information such as account number, PIN, ZIP, challenge questions
?
Out-of-band Authentication, verifying that the transaction is being done by the cardholder through a "known" or "trusted" communication channel such as text message, phone call, or security token device
?
Industry collaboration and information sharing about known fraudsters and emerging threat vectors
By Governmental and Regulatory Bodies:
? ?
Enacting consumer protection laws related to card fraud of credit card issuers
Performing regular examinations and risk assessments
Publishing standards, guidance, and guidelines for protecting cardholder information and monitoring for fraudulent activity By cardholders:
? ?
Reporting lost or stolen cards Reviewing immediately charges regularly and reporting unauthorized transactions
? ?
Installing virus protection software on personal computers Using caution when using credit cards for online purchases, especially on nontrusted websites
42
7.3. Internet Fraud Preventive Measures
1. Never accept a cashier's check that is over the price of the item on sale. 2. Do not assume that because the bank has cashed the check for you, it is a legitimate check. Cashier checks take 30 days to determine if they are legitimate 3.Be more suspicious if you are requested to handle a transaction through a wire transfer. 4. Be aware of individuals posing as a representative of a client. 5. Call the seller to see if the number is correct and working 6. Reconsider doing business with individuals who are reluctant to answer your questions. 7. Take precautions when dealing with individuals/companies from outside your own country. 8. Watch out for individuals who only want to communicate via e-mail. 9 Try to obtain a physical address rather than merely a post office box and a phone number. 10. Make sure you are purchasing merchandise from a reputable source. 11 . Inquire about returns and warranties. 12. When purchasing a vehicle outside of your local area, consider utilizing an escrow or alternate payment service. 13. Don't give out your credit card number(s) online unless the site is a secure and trusted site. Sometimes a tiny icon of a padlock appears to symbolize a higher level of security to transmit data. 14. Before using the site, check out the security/encryption software it uses.
43
15. Make sure the transaction is secure when you electronically send your credit card numbers. Email the seller to see if they have an active email address and be wary of sellers who use free email services, such as yahoo.com. 16. Check with the Better Business Bureau from the seller's area. 17. Check out other web sites regarding this person/company. 18. Be guarded when responding to special offers (especially through unsolicited email) 19. The safest way to purchase items via the Internet is by credit card because you can often dispute the charges if something is wrong. 20. You should also keep a list of all your credit cards and account information along with the card issuer's contact information. If anything looks suspicious or you lose your credit card(s) you should contact the card issuer immediately.
44
8.. METHODS TO OVERCOME THE FRAUDS 8.1 EMV
EMV stands for Europay, MasterCard and VISA, a global standard for inter-operation of integrated circuit cards (IC cards or "chip cards") and IC card capable point of sale (POS) terminals and automated teller machines (ATMs), for authenticating credit and debit card transactions. It is a joint effort between Europay, MasterCard and Visa to ensure security and global interoperability so that Visa and MasterCard cards can continue to be accepted everywhere. Europay International SA was absorbed into MasterCard in 2002. IC card systems based on EMV are being phased in across the world, under names such as "IC Credit" and "Chip and PIN". The EMV standards define the interaction at the physical, electrical, data and application levels between IC cards and IC card processing devices for financial transactions. There are standards based on ISO/IEC 7816 for contact cards, and standards based on ISO/IEC 14443 for contactless cards.
45
EMV was designed to allow cards and terminals to be backwardly compatible with these standards. France has since migrated all its card and terminal infrastructure to EMV. The most widely known chip card implementations of EMV standard are:
? ? ? ?
VSDC - VISA M Chip - MasterCard AEIPS - American Express J Smart - JCB
Visa and MasterCard have also developed standards for using EMV cards in devices to support card-not-present transactions over the telephone and Internet. MasterCard has the Chip Authentication Program (CAP) for secure e-commerce. Its implementation is known as EMV-CAP and supports a number of modes. Visa has the Dynamic Password Authentication (DPA) scheme, which is their implementation of CAP using different default values. In February 2010 computer scientists from Cambridge University demonstrated that an implementation of EMV PIN entry is vulnerable to a man-in-the-middle attack; however, the way PINs are processed depends on the capabilities of the card and the terminal. This attack is not a general weakness, but it does show that attacks are possible depending on the implementation.
8.2. 3-D Secure
3-D Secure is an XML-based protocol used as an added layer of security for online credit and debit card transactions. It was developed by Visa to improve the security of Internet payments and offered to customers as the Verified by Visa service. Services based on the protocol have also been adopted by MasterCard, under the name MasterCard SecureCode.3-D Secure adds another authentication step for online payments. 3-D Secure should not be confused with the Card Security Code which is a short numeric code that is printed on the card.
46
The basic concept of the protocol is to tie the financial authorization process with an online authentication. This authentication is based on a three domain model (hence the 3-D in the name). The three domains are:
? ? ?
Acquirer Domain (the merchant and the bank to which money is being paid). Issuer Domain (the bank which issued the card being used). Interoperability Domain (the infrastructure provided by the credit card scheme to support the 3-D Secure protocol).
The protocol uses XML messages sent over SSL connections with client authentication (this ensures the authenticity of both peers, the server and the client, using digital certificates). A transaction using Verified by Visa/Secure Code will initiate a redirect to the website of the card issuing bank to authorize the transaction. Each issuer could use any kind of authentication method (the protocol does not cover this) but typically, a password-based method is used, so to effectively buy on the Internet means using a secret password tied to the card. The Verified by Visa protocol recommends the bank's verification page to load in an inline frame session. In this way, the bank's systems can be held responsible for most security breaches. In order for a Visa or MasterCard member bank to use the service, the bank has to operate compliant software that supports the latest protocol specifications. Once compliant software is installed, the member bank will perform product integration testing with the payment system server before it rolls out the system. ACS providers In 3-D Secure protocol, ACS (Access Control Server) is on the issuer side (banks). Currently, most banks outsource ACS to a third party. Commonly, the buyer's web browser shows the domain name of the ACS provider, rather than banks' domain name, however this is not required by the protocol. Dependent on the ACS provider, it is possible to specify a bank owned domain name for use by the ACS.
47
MPI providers Each 3-D secure transaction involves two simple internet request/response pairs: VEReq/VERes and PAReq/PARes. Visa and MasterCard don't license merchants for sending requests to their servers. They isolate their servers by licensing software providers which are called MPI (merchant plug-in) providers. Merchants
The advantage for merchants is the reduction of "unauthorized transaction" chargebacks. The disadvantage for merchants is that they have to purchase MPI to connect to the Visa/MasterCard Directory Server. This is expensive (setup fee, monthly fee and pertransaction fee); at the same time it represents additional revenue for MPI providers. Supporting 3-D Secure is complicated and, at times, creates transaction failures. Buyers/credit card holders The main advantage for cardholders is that there is a decreased risk of other people being able to use their payment cards fraudulently on the Internet. In most current implementations of 3-D Secure, the issuing bank or its ACS provider prompts the buyer for a password that is known only to the bank/ACS provider and the buyer. Since the merchant does not know this password and is not responsible for capturing it, it can be used by the issuing bank as evidence that the purchaser is indeed their cardholder. This decreases risk in two ways: 1. Copying card details, either by writing down the numbers on the card itself or by way of modified terminals or ATMs, does not result in the ability to purchase over the Internet because of the additional password, which is not stored on or written on the card. 2. Since the merchant does not capture the password, there is a reduced risk from security incidents at online merchants; while an incident may still result in hackers obtaining other card details, there is no way for them to get the associated password.
48
In spite of the prevalence of password-based implementations, 3-D Secure does not require the use of password authentication, and it is perfectly possible to use it in conjunction with smart card readers, security tokens and the like. These types of devices may provide a better user experience for customers as they free the purchaser from having to use a secure password. Some issuers are now using such devices as part of the Chip Authentication Program or Dynamic Passcode Authentication schemes. One significant disadvantage is that cardholders may see their browser connect to unfamiliar domain names as a result of some vendors' MPI implementations and the use of outsourced ACS implementations by issuing banks, which may make it easier to perform phishing attacks on cardholders. Proactive fraud monitoring for banks in India Financial institutions today should adopt a proactive, intelligence-led approach to manage fraud risk. A team can assist you in identifying, assessing and improving
fraud monitoring process and system to tackle the unique risks faced by companies. Buying an off-the-shelf system may not equip the bank with the most effective technical paraphernalia or strategic methods to deal with frauds. Selecting the right framework and a seamless integration of bank systems with the fraud monitoring system is integral to safeguard business and customer interests. Why is fraud monitoring imperative?
?
According to RBI-released data, banking-related frauds have doubled in the five-year period between 2004 and 2009.
?
In 2009, the total number of bank frauds was recorded at 23,914, amounting to a loss of INR18.83 billion, where less than 1% of the fraud cases amounted to INR10 million each or even more.
? ?
The last reported count of online fraud cases was 269, amounting to INR590 million. With acquisitions and expansions spurring the growth in size and customer base, banks are witnessing a substantial rise in the numbers and complexity of fraud scenarios. As such, there is a stringent need for robust monitoring.
49
?
The regulator has directed financial institutions to continuously monitor transactions and establish an integrated fraud risk management framework.
?
There is an increasing need to identify early warning signals to capture frauds close to their occurrence.
?
A centralized framework can address fraud risks associated with various business units and products and provide insights to stakeholders to take preventive action at the right time.
?
This also eliminates uncertainty around losses due to fraud and helps the management have a more focused strategy to address fraud-related risks.
What should a company consider while evaluating a “fraud management”strategy?
?
How well do existing fraud identification and monitoring methods control current and emerging risks and are they commensurate with the size/operations of the organization?
? ? ?
How effective have they been in preventing frauds before/at occurrence? What is the vision for fraud monitoring in the next five years to overcome challenges? How responsive are they to new threats and how quickly can they be adapted to detect new fraud patterns?
?
Do they allow the management to make changes to detection rules without the need for the involvement of IT ?
50
9. REVIEW OF LITERATURE THE TIMES OF INDIA, NEW DELHI, FEBRUARY 28, 2011 | UPDATED 09:17 Banks lost Rs. 2,289 crores in scams The recent Rs. 300-crore scam in the Gurgaon branch of Citi Bank is a pointer to a
disturbing trend: the steady rise in the number of banks falling prey to such frauds.
According to the data compiled by the Reserve Bank of India (RBI), the money lost to such scams has doubled in the past four years. In the current financial year, banks lost Rs. 2,289 crore (till December), while the loss was Rs. 1,057 crores in 2007-08.
It's the state-of-the-art private banks, including foreign banks, that appear to be more prone to such frauds. The public sector banks, with their massive presence across the country, also reported an annual average of more than 3,000 cases of frauds and cheating during the past four years. Their better equipped counterparts in the private sector reported almost five times the number of cases.
ICICI Bank alone accounted for almost half of the total scams reported to the RBI. Of the total 21,244 cases reported in 2007-08, a whopping 10,976 were from ICICI. Similarly, in 2008-09, ICICI reported 13,221 of the total 23, 579cases. The bank reported 15,074 of the total 24,788 fraud cases in 2009-10.
51
The second highest number of cases were reported by HSBC (3,770, 3,481, 2,741, 2028); followed by Citi Bank (1,647, 1,182, 1,277, 666); American Express banking (499, 703, 817, 637) and the distant fourth was State Bank of India (561, 745, 545, 615) during the past four financial years - 2007-08, 2008-09, 2009-10, 2010-11 respectively. The figures for the current fiscal are till December, 2010. Maharashtra, with Mumbai being the country's financial capital, reported the maximum number Delhi of was fraud second cases: with (1,006 349 in 2009-10 in and 1,045 and 338 in in 2010-11). 2010-11.
cases
2009-10
Union minister of state for finance Namo Narain Meena presented these figures in the Lok Sabha on Friday. The data has thrown up interesting trends in not just scams and frauds but also the way banks were being targeted by robbers and thieves. Punjab reported the maximum number of dacoity and ATM thefts, followed by Uttar Pradesh and Haryana.State Bank of India appeared to be the favourite for thieves and burglars.
SBI reported 114 such cases in 2009-10 and 79 this year, followed by State bank of Patiala 41 and 39 respectively. Overall, 582 cases were reported across the country in 2009-10 that resulted in a loss of Rs. 21.22 crore, while a recovery of Rs. 6.67 crore could be only made. This year's figure stands at 392 cases, Rs. 16.17 crore loss and Rs. 4.98 crore recoveries. More frauds and shocking loss1,045 bank fraud cases reported by Maharashtra reported in 2010-11. 338 such cases were reported in Delhi in 2010-11 .545 cases reported by SBI highest by a public sector bank in 2009-10 .15,074 cases reported by ICICI in 2009-10 highest by a private bank.2,741 frauds reported by HSBC in 2009-10 - highest by a foreign bank. 2,764 cases reported by public Sector banks in 2010-11 (till Dec).
Rs. 1,497 cr Loss incurred by public Sector banks in 2010-11 (till Dec) .9,175 cases reported by private banks in 2010-11. Rs. 307 cr Loss to private banks in 2010-11.Robberies/thefts Rs. 96 lakh Loss reported by banks in Punjab in 2009-10 because of 81 cases Rs. 21.22 cr Loss reported by banks in across the country in 2009-10 Rs. 16.17 crores . Loss reported by banks in the country in 2010-11 (till date )
52
9 .1. REVIEW OF LITERATURE CIC tells CBI to release Chatwal discharge reports THE TIMES OF INDIA , May 12, 2011, 06.01am IST NEW DELHI: The Central Information Commission has directed CBI to make public reports related to discharge of US-based hotelier and Padma awardee Sant Singh Chatwal from cases of alleged bank fraud. The CBI had refused to share information about the closing of alleged bank fraud cases against Chatwal saying two cases, "interconnected" with the closed cases, were still pending in court and disclosing these reports might adversely affect the prosecution. When the matter reached the commission, RTI applicant Krishnanand Tripathi argued that there was no investigation underway in the cases against Chatwal so the information be disclosed He also alleged that the CBI was "deliberately" trying to suppress information about a "high profile NRI hotelier" as the copy of chargesheet and orders of court were public documents. "A very peculiar claim was made that though the two cases for which information was being sought have been discharged, there are two other fraud cases which are being pursued in which some of the bank officers are the same. No evidence has been given as to how giving the information would impede the prosecution of offenders," information commissioner Shailesh Gandhi pointed out. The CBI had registered, between 1992 and 1994, five cases against Chatwal and some bank officials for allegedly conniving with the intention of defrauding Bank of Baroda and Bank of India. Three of these cases against Chatwal, who received Padma Bhushan last year, were closed by CBI during the tenure of the then directors Vijay Shanker and Ashwani Kumar while chargesheets were filed by the agency in two cases before the court of special judge, CBI, Mumbai. In these two cases, the court discharged Chatwal.
53
In his application, Tripathi had sought copies of chargesheets against Chatwal, copies of judgments delivered in the cases, recommendations made by legal and investigating officers after he was exonerated, advice given by director of prosecution and final observations and decisions made by the then CBI directors. Gandhi said Section 8(1) (h) of the RTI Act cited by the agency exempts disclosure of information which could impede the process of investigation, apprehension, or prosecution. "No claim has been made that any investigation is continuing, and the fact that some bank officers (who were also accused in the cases) are being prosecuted in two other matters cannot justify refusal to give information in the matters relating to Sant Singh Chatwal," Gandhi said. "Frivolously refusing information by claiming one of the 10 exemptions in Section 8(1) without giving explanation is an unwarranted denial of citizens' fundamental right. No proper explanation has been given for denying the information," he said while directing the CBI to provide information by May 31. He also issued showcause notice to CBI official for not providing timely information
54
9.2. REVIEW OF LITERATURE Top all time bank frauds 21 Sep, 2011, 0747 hrs IST, Sugata Ghosh , ET Bureau The UBS rogue trader was no different. Here’s a list of top all-time bank frauds that proves no bank(fraud)ster, including the UBS rogue trader, works in a vacuum. His story like several others is hot material for another bestseller and, perhaps, a Hollywood blockbuster I am sure it didn’t happen in a day. The guy must have been either hiding old losses or propping up performance numbers,” said a banker who has spent years in dealing rooms of MNC banks. Every deal cut in the trading room flows back to the back office for processing; only after that banks can settle with counterparties. Then, how do traders beat the system? Some create a secret dealing portfolio that is not mapped to the bank’s risk assessment engine. It’s easier for a rogue trader who has worked in the back office. He may team up with someone in the back office to mask the trades and open positions. Smart traders have their way around. If they keep a straight face and don’t invite a surprise audit , the game can go on for days. Some take monumental risks: Think of a trader who picks up the phone or keys in trades, but don’t put the deals in the bank’s book. If the bets backfire , he will be caught in no time. T he counterparty will ask the bank for money. If the bank says it knows nothing about the trades, it will fish out proofs. But markets behave, this too can go on for some time. Corners are cut when a large bank enters a country and tries to fit its global technology on the local platform. “In the process, certain controls are compromised ,” said another banker. Only big losses make news. Traders often hide smaller losses. Particularly, those dealing in complex structured products that have no single valuation. The bid and offer price gap is wide enough for the trader to pick a convenient valuation that appears on the books. A trader dealing in exchange traded funds may not have access to currency market. “But he can jump the hurdle by trading through the account of a colleague who is authorised to trade in currencies,” said the banker. Structured product desks have an advantage. Such exotic stuffs are often combinations of multiple currencies , interest rates or stocks; traders here have access to different asset classes. Big losses can happen with small amount money, thanks to the leverage. With $1 million, a trader can lose $50 million. One thing is clear: no bank is safe, and a trader who is willing to take big risks can beat any system.
55
TIME LINE 1960s Frank William Abagnale, Jr . $2.5million various banks. An American security agent who passed $2.5 million worth of forged checks across 26 countries over 5 years
1982 Roberto Calvi (Vatican’s God Bankers) $1.3billion, Banco Ambrosiano An advisor to the Vatican, Calvi headed the Italian bank, which collapsed following bad loans made to dummy companies in Latin America 1995 Nicholas (Nik) Leeson £208million, Barings Bank Leeson is a former derivatives broker whose fraudulent, unauthorised speculative trading caused the collapse of Barings Bank, UK’s oldest investment bank
Toshihide Iguchi £1.1billion, Daiwa Bank Japan’s Daiwa Bank suffered a US$1.1 billion loss from unauthorised bond trading by Toshihide Iguchi, one of its executives in the US 2002 John Rusnak $691million, Allfirst Bank Rusnak was a former currency trader at Allfirst bank in Baltimore. He hid $691 million worth bad bets that snowballed into a major bank fraud
2004 Wang Liming & Miao Ping $2.4million, China Construction Bank Wang Liming, a former accounting officer with the China Construction Bank in Henan, stole 20 million yuan from the bank using fraudulent papers. Ping was an accomplice
56
2006 Vince Facarra A$360million, National Australia Bank Foreign exchange options dealer at National Australia Bank Vince Ficarra, along with colleague David Bullen, defarauded NAB A$360 million by making false trades to safeguard bonuses and hide losses
2007 Internet Fraudsters $1.1million, Nordea Bank Fraud Internet fraudsters siphoned off $1.1m from account holders at Swedish bank Nordea by using a Trojan program from 250 accounts after obtaining login details
2008 Jerome Kerviel £4.9billion, Societe Generale Kerviel, a French trader’s unauthorised use of bank Societe Generale’s computers resulted in losses valued at £4.9 billion
2010 Shivraj Puri Rs 400 crore, Citibank, Gurgaon Funds of 20 high networth customers of Citibank’s Gurgaon branch was allegedly siphoned off by Puri, a bank executive
2011 Kweku Adoboli $2 billion, UBS, Bank A trader with UBS's investment bank caused his bank a $2 billion loss from illegal trading in its London equities unit
57
58
10 . CONCLUSION
The banking system is known to be one of the most rigorously regulated sectors and the strict observance of internal norms would make fraud difficult to operate, if not impossible. Only bank professionals can detect potential weaknesses of internal norms and they are usually not involved in fraud issues, because, apart from their professional training, they also have a clearly positive attitude bigger problem for the individual or their workplace . ? Access the alerts for the latest on stolen checks ? The Internet has made it cheap and easy for criminals around the globe to attempt to trick individuals into revealing confidential information (such as credit card numbers, bank account data, social security numbers and more), as well as deceive computer users into clicking on links or attachments that will compromise the security of their computers and the information stored on them ? Educate yourself about these scams so that you don't fall victim to them ? Assess and appraise the different consequences of credit card data leakage and an insecure data transmission environment ? Understand the process of credit card transaction from start to finish and how to implement and maintain cardholder data security. ? Be able to recognize and intervene in possible data vulnerabilities before it gets leaked or becomes a much ? Lack of controls, absence of management review, and override of existing controls were the three most commonly cited factors that allowed fraud schemes to succeed. ? Reduce the Situational Pressures that Encourage Financial Statement Fraud ? Avoid setting unachievable financial goals. ? Eliminate external pressures that might tempt accounting personnel to prepare fraudulent financial statements. ? Remove operational obstacles blocking effective financial performance such as working capital restraints, excess production volume, or inventory restraints. ? Establish clear and uniform accounting procedures with no exception clauses.
59
? Reduce the Opportunity to Commit Fraud ? Maintain accurate and complete internal accounting records. ? Carefully monitor the business transactions and interpersonal relationships. ? Establish a physical security system to secure company assets. ? Divide important functions between employees, separating total control of one area. ? Maintain accurate personnel records including background checks on new employees. ? Encourage strong supervisory and leadership relationships within groups to ensure enforcement of procedures.
? Reduce the Rationalization of Fraud – Strengthen Employee Personal Integrity ? Managers should set an example by promoting honesty in the accounting area. It is important that management practice what they preach. ? Honest and dishonest behavior should be defined in company policies. ? Consequences for violating rules should be clear.
? Fraud reporting mechanisms are a critical component of an effective fraud prevention and detection system.
? Organizations should implement hotlines to receive tips from both internal and external sources. Such reporting mechanisms should allow anonymity and confidentiality and employees should be encouraged to report suspicious activity without fear of reprisal.
60
? Do not rely on audits
? Organizations tend to over-rely on audits. External audits were the control mechanism most widely used by the victims in this survey, but they ranked comparatively poorly in both detecting fraud and limiting losses due to fraud.
? Audits are clearly important and can have a strong preventative effect on fraudulent behavior, but they should not be relied upon exclusively for fraud detection.
FRAUD PREVENTION IT’S YOUR MONEY KEEP IT
61
11.. BIBILOGRAPHY
Economic Times Times of India
WWW.GOOGLE.COM WWW.SLIDESHARE.NET WWW.SCRIBD.COM
62
doc_876755693.docx