1. 1
DISSERTATION REPORT ON
BANK FRAUDS IN INDIA
(Submitted for the partial fulfilment for the award of Degree of B.Com (Hons.)
in Accounting)
To
AMITY COLLEGE OF COMMERCE
AMITY UNIVERSITY
HARYANA
Submitted by:- Supervised by:-
Abhishek kundu Mrs. KamakshiMehta
Enrolment No.:- A50004616084 Designation:Assistant Professor
Batch:- 2016-2019 Amity College ofCommerce
2. 2
CANDIDATE’S DECLARATION
I, Abhishek kundu certify that the work embodied in this Dissertation is my own
bonafide work carried out byme under the supervision of Mrs. KamakshiMehta
at Amity College of Commerce, AMITY University. The matter embodied in
this Dissertation has not been submitted for the award of any other
degree/diploma.
I declare that I have faithfully acknowledged, given credit to and referred
to the research workers wherever their works have been cited in the text and the
bodyof the Dissertation. I further certify that I have not will fully lifted up some
other’s work, paragraph, text, data, results etc. reported in the journals, books,
magazines, reports, dissertations, thesis, etc., or available at web-sites and
included them in this Dissertation and cited as my own work.
Date: …………….
Place: Gurgaon (Abhishek kundu)
3. 3
CERTIFICATE FROM THE SUPERVISOR
This is to certify that the above statement made by the candidate is correct to the
best of our knowledge.
Forwarded: Name of Supervisor
4. 4
ACKNOWLEDGEMENT
It is now my pleasant duty to acknowledge my deep sense of gratitude to
all thosewho have extended their valuable help to me in completing of this work.
It is very difficult for me to express my deep sense of gratitude to my teachers
and supervisor (Mrs. Kamakshi Mehta), Assistant professor, Amity college of
Commerce, AMITY University within the span of a few words. She guided me
meticulously at every stage of this work.
TABLE OF CONTENT
5. 5
S. No. Content Page No.
1. Chapter 1- Introduction 6
A. Banking sector 6-7
B. What is bank fraud 8
C. Types of Bank frauds 9-12
2. CHAPTER 2 - Fraud continues to be on the rise 13-19
Impact of the Companies Act 2013 on the state of fraud 20-23
3. CHAPTER 3- Fraud risk management at banks 24-27
Getting it right: Defining the role of technology 28
Emerging fraud risks 29
Are banks guilty of underestimating the problem? 30-31
4. CHAPTER 4- Case study 32
(A) PNB Scam
33-35
(B) Bank scam by Vijay Mallya 36-37
(C) Rotomac Pen Scam 38-40
5. CHAPTER 5- Managing the face of fraud tomorrow 41-50
6 CHAPTER 6- Conclusion 51
7. CHAPTER 7- Bibliography 52
6. 6
CHAPTER 1- INTRODUCTION
A. Banking sector
Banks are the engines that drive the operations in the financial sector, money markets and
growth of an economy. With the growing banking industry in India, frauds in Banks are also
increasing and fraudsters are becoming more sophisticated and ingenious. Shockingly, the
banking industry in India dubs rising fraud as “an inevitable cost of doing business.” As part
of the study, a questionnaire- based survey was conducted in 2012-13 among 345 Bank
employees “to know their perception usually over-burdened staff, weak internal control
systems, and low compliance levels on the part of Bank Managers, Offices and Clerks.
Although banks cannot be 100% secure against unknown threats, a certain level of
preparedness can go a long way in countering fraud risk.
Internal audit promising steps are: educate customers about fraud prevention, make application
of laws more stringent, leverage the power of data analysis technologies, follow fraud
mitigation best practices, and employ multipoint scrutiny. In 2015, the RBI has introduced new
mechanisms for banks to check loan frauds by taking pro-active steps by setting up a Central
Fraud Registry, introduced the concept of Red Flagged Account, and Indian investigative
agencies (CBI, CEIB) will soon start sharing their databases with banks.
A well-organized and efficient banking system is an essential pre-requisite for the economic
growth of every country. In modern era, banking industry plays an important role in the
functioning of organized money markets, and also acts as a conduit for mobilizing funds and
channelizing them for productive purposes. It has been observed during the last 50 years that
even the sophisticated markets and long-functioning banking systems have had significant
bank failures and bank crisis on account of increasing magnitude of frauds and scams. Banks,
therefore, need to get their customers actively involved in their fraud prevention efforts as
customers may be willing to switch to competing banks if they feel left in the dark about those
efforts. Since banking industry is a highly-regulated industry, there are also a number of
external compliance requirements that banks must adhere to in the combat movement against
fraudulent and criminal activity.
The Indian banking industry is unique and has no parallels in the banking history of any country
in the world. Banking industry, which was operating in a highly comfortable and protected
environment till 1990s, has been pushed into the choppy waters of intense competition. After
independence, the banks have passed through three stages. They have moved from the
character-based lending to ideology-based lending to today competitiveness-based.
7. 7
The banking sector of India accommodates 1,175,149 employees, with total of 1, 09, 811
branches in India (and 171 branches abroad), and manages an aggregate deposit of Rs.
67,504.54 billion (US$1.31 trillion) and bank credit of Rs. 52,604.59 billion (US$870 billion).
The net profit of the banks operating in India was Rs. 1,027.51 billion (US$17 billion) against
a turnover of Rs. 9,148.59 billion (US$150 billion) for the financial year 2012-13. The public-
sector banks (PSB) accounted for 74.6% of bank deposits, while private-sector banks had only
18%, with the rest of the funds lying with regional rural banks and foreign banks. The PSBs
have a 75% market share, but the number of banking frauds by private banks is five times that
of PSBs. The phenomenal spread of branches, growth and diversification in business, large-
scale computerization and networking, have collectively new frontiers for banks to augment
their revenues.
The banking sector, being the barometer of the economy, is the reflective of the macro-
economic variables. There has been a noticeable upsurge in transaction through ATMs and
internet/mobile banking. Consequently, the different banks have invested considerably to
increase their banking network and their customer reach. The Indian banking industry is
currently worth Rs. 81 trillion (US$1.31 trillion), as shown below in graph, and banks are now
has witnessed a steady growth in its total business and profits, the amount involved in
bank frauds has also been on the rise. This unhealthy development in the banking sector
produces not only losses to the banks but also affects their credibility adversely.
The banking sector is the most dominant sector of the financial system in India. Significant
progress has been made with respect to the banking sector in the post liberalization period. The
financial health of the commercial banks has improved manifolds with respect to capital
adequacy, profitability, and asset quality and risk management. Further, deregulation has
opened new opportunities for banks to increase revenue by diversifying into investment
banking, insurance, credit cards, depository services, mortgage, securitization, etc.
Liberalization has created a more competitive environment in the banking sector.
8. 8
B. What is Bank fraud?
Fraud is any dishonest act and behaviour by which one person gains or intends to gain
advantage over another person. Fraud causes loss to the victim directly or indirectly. Fraud
has not been described or discussed clearly in The Indian Penal Code but sections dealing
with cheating. concealment, forgery counterfeiting and breach of trust has been discusses
which leads to the act of fraud.
In Contractual term as described in the Indian Contract Act, Sec 17 suggests that a fraud
means and includes any of the acts by a party to a contract or with his connivance or by his
agents with the intention to deceive another party or his agent or to induce him to enter in to a
contract.
Banking Frauds constitute a considerable percentage of white-collar offences being probed
by the police. Unlike ordinary thefts and robberies, the amount misappropriated in these
crimes runs into lakhs and crores of rupees. Bank fraud is a federal crime in many countries,
defined as planning to obtain property or money from any federally insured financial
institution. It is sometimes considered a white-collar crime.
Bank fraud is the use of potentially illegal means to obtain money, assets, or other property
owned or held by a financial institution, or to obtain money from depositors by fraudulently
posing as a bank or other financial institution.[1] In many instances, bank fraud is a criminal
offence. While the specific elements of particular banking fraud laws vary depending on
jurisdictions, the term bank fraud applies to actions that employ a scheme or artifice, as
opposed to bank robbery or theft. For this reason, bank fraud is sometimes considered
a white-collar crime.
The number of bank frauds in India is substantial. It in increasing with the passage of time.
All the major operational areas in banking represent a good opportunity for fraudsters with
growing incidence being reported under deposit, loan and inter-branch accounting
transactions, including remittances.
Bank fraud is a big business in today's world. With more educational qualifications, banking
becoming impersonal and increase in banking sector have gave rise to this white collar crime.
In a survey made till 1997 bank frauds in nationalised banks was of Rs.497.60 crore.
This banking fraud can be classified as:
# Fraud by insiders
# Fraud by others
9. 9
C. Types of Bank frauds
As banks open to new digital channels, fraudsters may take advantage of security loopholes
that pass undetected by banks and end up causing a significant compliance fine or data loss.
Fortunately, the digitization of banking services also brings about new technological solutions
able to tackle modern security challenges and detect suspicious behaviour efficiently, helping
banks to protect digital data from fraud.
Here's how the digital transformation in banking helps to fight the 5 most common types of
banking fraud today.
1. Money laundering and sanctions screening
Money laundering is a leading source of compliance fines for financial institutions. Banks can
use smart transaction segmentation to spot money laundering attempts right away and avoid
being fined. By lowering the number of false positive and negative alerts, banks will spend
fewer resources on catching bad actors red-handed.
10. 10
That's why banks are turning to artificial intelligence (AI) which promises to transform
segmentation into a powerful anti-money laundering (AML) process that delivers considerable
improvements with full transparency for model review. Banks can use AI solutions to monitor
activities from an extensive, global perspective and link bad actors together to reduce false
positive alerts without compromising compliance with regulatory guidelines. Another
promising solution is blockchain. Microsoft, Blue Prism, and Identities recently teamed up
to address the money-laundering problem using the blockchain technology.
Success story: Jaima Co-operative Bank uses a system called Banking Easy ran on Microsoft
Azure that enables the organization to focus entirely on banking operations and benefit from
the sophisticated AML suite as part of their system for handling digital data.
2. Internal fraud
Dodgy employee expenses are more popular than you’d expect. The Association of Certified
Fraud Examiners recently revealed that the median loss from a single case occupational fraud
throughout the world amounts to $150,000.
Solutions that use AI or machine learning algorithms can analyze vast repositories of data and
spot patterns that help in solving the problem of workplace fraud by pinpointing all dodgy-
looking expenses.
Success story: To battle the problem of internal fraud, Willis Towers Watson
implemented multifactor authentication systems to regulate employee spendings better.
Moreover, employees can access the project management platform Visual Studio Team
Services only from within the corporate network. The organization monitors both individual
and group resource usage with Azure Resource Manager.
11. 11
3. Credit card fraud
That type of fraud is commonplace, but new tools using machine learning algorithms for risk
management offer a light in the tunnel to solving the problem.
Financial organizations used to rely on linear algorithms to tell good and suspicious
transactions apart. Today, banks take advantage of more advanced algorithms that separate
acceptable and potentially fraudulent transactions. They place positive transactions in the
express lane and run more sophisticated algorithms on customers who appear to be more
problematic. These algorithms are available to banks thanks to the increased computing
capacity of the cloud technologies.
Success story: Apart from cutting-edge algorithms, financial institutions are introducing new
types of secure transactions - for instance, biometric transactions. First Tech Federal Credit
Union recently moved its operations to the cloud and became the first credit union that
participates in the MasterCard biometric payment model. The so-called “selfie-pay” doesn't
require a credit card at transaction, significantly reducing the risk of credit card fraud.
4. Mobile fraud
The mobile industry is no stranger to fraud. As mobile banking services grow, so do fraud
attempts using mobile device capabilities.
Fraudsters are creating new fraud schemes by blending old strategies with new technologies or
banking services. According to Guardian Analytics, 72% of mobile banking fraud is committed
via mobile remote deposit capture (RDC). RDC is a system that allows scanning checks
remotely and transmitting the check images to a bank for deposit through an encrypted Internet
connection.
12. 12
However, financial institutions are using the global spread of mobile devices to their advantage
as part of the authentication systems for both employees and customers.
Success story: Türkiye Finans Bank uses solutions for data security such as Azure Multi-
Factor Authentication that provide the bank's employees with a second level of identity
authentication on top of username and password when accessing corporate applications
through the Internet. Even if a fraudster intercepts the username and password, they won't be
able to access corporate data without taking hold of the user’s phone as well.
5. Identity and social fraud
As criminals incorporate more advanced digital methods, banking customers need advanced
solutions for protecting their identity and ensuring safe access to banking services.
Software solutions that use deep learning algorithms help financial institutions develop
sophisticated systems that can match DNA sequences and assist with identity recognition in
many ways, ranging from digital and physical signatures to biometric data recognition.
Financial institutions combine such tools to offer customers and employees a balance between
usability and security. Operating on a range of devices and applications, these tools are paired
with secure cloud platforms like Microsoft Azure to deliver timely threat intelligence and offer
maximum protection against fraud.
13. 13
CHAPTER 2 - FRAUD CONTINUES TO BE ON THE
RISE
The last decade has seen significant coverage of corporate fraud in the Indian media. While the
Indian government has passed several laws aimed at curbing fraud,1 poor enforcement has
diluted the intended impact. With the rise of new business models backed by technology, fraud
has spawned new variants and seems to be on the rise. Around 56 percent of our survey
respondents believe that fraud will continue to increase in the coming years Traditional
schemes2 dominate the fraud landscape Despite the extensive adoption of technology by
organizations to build global business models, corporate India continues to face challenges in
mitigating traditional fraud schemes.
According to our survey respondents, diversion/ theft of funds or goods, bribery and corruption,
and regulatory non-compliance were the top three fraud concerns faced by their organizations.
Further, over 50 percent of survey respondents felt that procurement, sales and distribution
functions were most vulnerable to fraud, indicating that greater business exposure to external
stakeholders such as vendors, suppliers, customers, and distributors could significantly
increase the risk of fraud.
Around 28 percent of the survey respondents have indicated that their organizations did not
experience any fraud in the last two years. In our experience, organizations with robust internal
controls detect red flags regularly and investigate them for potential fraud. In the absence of
red flags or fraud, we would recommend that organizations re-look at their controls and test
them for effectiveness.
In our view, insufficient mechanisms to prevent and detect fraud, as well as limited
enforcement of internal controls are likely to be the reasons that organizations continue to
experience traditional fraud. Specifically, in the area of bribery and corruption, organizations
have, in the past, considered bribery as the ‘cost of doing business’, and hence demonstrated a
degree of acceptability towards this practice. But with increased scrutiny by foreign regulators,
and the Indian government taking a tough stand on bribery by enforcing legislations like the
Prevention of Corruption Act while passing judgments on cases, we are seeing several
companies taking efforts to address the risk of bribery and corruption.
14. 14
What is contributing to the rise in fraud?
Fraud tends to be committed primarily due to the presence of three major factors: financial
pressure, opportunity, and rationalization. While these factors are present in a growing
economy, they can get exacerbated during an economic downturn, when margins are tight and
profitability is a challenge. This has been clearly brought out in our survey results, where
respondents have attributed the increase in fraud to the lack of oversight by line managers or
senior management on deviations from existing process/ controls; business pressure to meet
targets; and collusion between employees and external parties.
Lack of oversight by line managers/ senior manager on deviations from existing process/
controls Poor internal controls, dilution of existing systems/ controls and non-adherence to
procedures can increase the likelihood of frauds in banks. Based on our experience, the
following are some instances where controls tend to be overlooked.
Lack of segregation of duties: The same individual is responsible for making bank deposits,
posting them to the accounts receivable system and performing monthly bank reconciliations.
Poor physical controls: Custody of security forms such as bank draft forms, deposit
receipts and cheque books is handed over to counter staff without obtaining a written
acknowledgement. Low priority areas, such as internal/ inter-branch accounts tend to be less
frequently monitored for oversight or malpractice.
In addition to the instances listed above, limited oversight is also a reason for fraud in areas
such as loans and advances. Some examples include inadequate KYC checks on prospective
borrowers by bank managers, and the subsequent limited monitoring of the use of funds loaned.
Further in many cases, loans may be processed based on insufficient documentation/ wrong
valuation of collateral. We also observe that banks are increasingly outsourcing these tasks –
KYC, documentation support etc. – to third parties, which can further dilute the scope of
managerial oversight.
Business pressure to meet targets
One of the common reasons cited for limited oversight is the heightened pressure to exceed
business targets that are often linked to compensation. Under the current economic climate of
tepid credit growth, banks may face increased pressures to meet or exceed financial targets.
With increased pressure, the risk of fraudulent activity can tend to escalate due to the
sensitivities involved in cases of missed earnings or perceived bad news. With employee
compensation increasingly being tied to performance, it may therefore drive individuals to
achieve overly optimistic results
Collusion between employees and external parties
Insider fraud, whether arising from coercion, collusion, or otherwise, are increasingly
considered to be one of the most serious fraud threats faced by financial institutions. An
aspirational work force can resort to unethical ways of meeting business targets, thereby putting
the bank at risk to fraud and reputational damage. A number of instances of employee-external
party collusion have been seen in recent incidents of payment fraud and account take-over.
15. 15
Impact of fraud
Financial or Banking scams have never been a rare phenomenon in economy of any country.
However, India has witnessed a plethora of these unwanted aliens over the past 3-4 decades.
From the prominent ones of Harshad Mehta, Ketan Parekh, Satyam, Subroto Roy and Spectrum
Scam to the most recent ones of Nirav Modi, Vikram Kothari and Simbhaoli Sugars, many
other players are hamstrung and the investigators are left to get choked. However, the economy
has finally begun showing some signs of caution after the recent outbreak of India’s biggest
bank fraud of more than INR 11,400 crore.
It is said that if the strings are pulled tightly and every potential borrower is scrutinized as a
default case, then the economy will head towards even a more difficult time that would choke
legitimate credit growth of the Indian economy.
A working paper by the Indian Institute of Management (IIM), Bangalore in 2016 stated that
Indian banks had lost over INR 22,700 crore in frauds over the previous three years while the
cost of frauds for last five years can be summed as INR 61,200 crore. However, if one closely
look at the overall credit in banking system which was INR 83 lakh crore last year, these frauds
will appear as a very small proportion of it. Bank failures have large social consequences in
any economy of a country due to its financial linkages with other parts commonly termed as
“network externalities”.
One of a recent report suggested the delay of 359 infrastructure projects that resulted in a cost
overrun of INR 200,000 crore. The additional scrutiny in bank credit disbursement will add up
to additional delays that may ultimately stall many more projects.
Some of the recent fraud incidents in India reported by the media relate to fixed deposits, loans
disbursement or extending credit facilities for bribes, phishing and other internet/ ATM based
frauds. These high-profile cases in recent times have shown that frauds not only undermine
profits, operating efficiencies and reliability of services but can also have a severe impact on
an organization’s reputation. In addition to potential fines levied by regulatory bodies, it can
have a negative impact on employee morale and investor confidence. Survey respondents have
concurred with this Impact.
Finance Minister Arun Jaitley on Saturday said cases of willful default and bank fraud will
have a detrimental impact on the government's objective of ensuring ease of doing business.
Speaking at the ET Global Business Summit 2018 in New Delhi, Jaitley said repeated
occurrence of fraud causes major setbacks to efforts for improving ease of doing business,
and this subsequently creates room for criticism on the economy.
"Cases of willful default and bank frauds are much more than a business failure. If you
periodically have incidents like these, the entire effort around ease of doing business goes
into the background and these scars on the economy take the front seat. If a fraud is taking
place in multiple branches of the banking system and no one raised the red flag, it is a matter
of concern for the country. Similarly, the indifference of the top management and multiple
layers of auditing system which chose to look the other way has created a worrisome
situation," he said.
16. 16
Highlighting the role of regulators in the economy, Jaitley hinted at the introduction of new
regulations, adding that they need to keep a "third eye" on the sector. He also said tighter
laws need to be implemented to ensure criminal acts in business lead to punishment,
wherever the culprit is.
"Unfortunately, in the Indian system, we politicians are accountable, but regulators are not,"
he added. In lieu of the 1.77 billion-dollar Punjab National Bank (PNB) fraud involving top
jewellery designer Nirav Modi, and his uncle Mehul Choksi, Jaitley had earlier stressed on
the need for supervisory agencies to assess what new systems had to be put in place to find
those who were cheating banks.
"What were auditors doing? If both internal and external auditors have looked the other way
and failed to detect, then I think CA professionals must introspect. Supervisory agencies also
must introspect what are the additional mechanisms they have to put in place," he said.
The public sector PNB had earlier this month detected a 1.77-billion-dollar scam in which
Nirav Modi had acquired fraudulent letters of undertaking from one of its branches in
Mumbai for overseas credit from other Indian lenders.
17. 17
Tackling bribery and corruption
The majority of survey respondents have indicated that their organizations are considering
implementing a formal code of conduct and ethics policy with a dedicated section on tackling
bribery and corruption, followed by imparting periodic trainings to employees on
understanding and dealing with various forms of corruption. This behaviour is indicative of the
changing attitudes to bribery and corruption in corporate India. It is believed that the way the
senior management deals with external stakeholders (regulators, suppliers, customers etc.) has
a strong bearing on how the employees of the organization perceive the business is run. Hence,
the tone-at-the-top and actions of the senior management are a critical measure of how
successful an anti-bribery and corruption program is/ will be. However, we noted that a
relatively small portion of the survey respondents considered this aspect when they wanted to
tackle bribery and corruption.
Our interpretation is that while, corporate India acknowledges that the process of mitigating
the risk of bribery and corruption is ongoing, it feels that policies and procedures may be
sufficient guides to help drive positive behaviour among employees.
Another interesting finding is that a small portion of the survey respondents considered the
need to educate third-parties to tackle bribery and corruption. At the same time, a majority of
survey respondents identified tracking the levels of compliance by third party stakeholders as
the key challenge to implementing an anti-bribery and corruption compliance program. While
at first glance, these statements appear to be contradictory, it is possible that companies are
relying only on internal controls to mitigate the risk from third parties. As organizations mature,
we hope to see stringent anti-bribery and corruption compliance measures being expected of
external stakeholders, and hence better monitoring of their compliance levels.
Interestingly, a very small number of survey respondents stated that they are investing in tools
and technology, especially data analytics, for detecting potential bribery and corruption
instances. In our experience, technology is a powerful mechanism to mitigate potential bribery.
Globally, we see companies investing in tools to monitor high-risk activities involving
functions or individuals working with the government/ vendor organizations. These activities
are tracked to identify red flags such as conflicts of interest, complex routing of transactions
through third parties, mismatched invoices and purchase orders, back-dated contracts,
unusually high payments made to counterparties, unusual phrases used for denoting facilitation
payments and bribes, as well as mismatched expense claims.
With strong enforcement of global laws, we are seeing Indian companies with global operations
demonstrating a zero tolerance culture within the organization. In addition, many industry
bodies have set up committees to help organizations identify and adopt good practices to
mitigate the risk of bribery and corruption. The World Economic Forum has launched the
‘Partnering Against Corruption Initiative’ with industry bodies across the world to strengthen
business and government collaboration on increasing transparency in business dealings.
The Indian government, on its part, has initiated programs such as e-procurement in select
departments with an aim to curb bribery in public dealings. The coming years are likely to see
a strong enforcement of Indian legislations in the area of bribery and corruption, considering
the recent cases of enforcement of the Prevention of Corruption Act against corporates. With
further proposed changes in the Prevention of Corruption Act, the Indian anti-corruption law
is expected to become at par with international regulations.
18. 18
Contributors to fraud
Survey respondents attributed the prevalence of fraud risks to the lack of efficient internal
controls/compliance systems, diminishing ethical values and inadequate due diligence of
employees/third parties.
In our experience, we have observed that many companies do not spend enough time building
robust backend systems to manage fraud risks. While Indian businesses use technology to
monitor transactions, there is room for significant automation of processes and controls.
Human touch points continue to monitor and manage technological controls. People managing
these processes can be compromised or may unintentionally overlook certain aspects of
compliance in a bid to focus/ support growth.
For instance, during the growth phase, companies tend to put pressure on executives to grow
the business, often linking compensation to achievement of business targets. In such instances,
compliance and fraud risk management processes tend to get ignored, given the heightened
single-minded focus on growth. In light of the socio-economic developments over the years,
and the potential for growth in the future, there is a rise in aspiration levels among people. At
times, the need to fulfil these aspirations can lead to a tendency to compromise on ethical
values. Therefore, we believe it is imperative for companies to invest in developing a robust
code of conduct and follow it up with a comprehensive program to ensure that the code is
imbibed by employees in their day-to-day business activities.
Survey respondents have also highlighted that inadequate due diligence on third parties is one
of the key contributors to fraud. Adequate due diligence that includes understanding the
counterparty’s market reputation, relevant experience, business interests and affiliations,
financial position, clients served and litigation exposure can help identify the right partners. In
addition to undertaking due diligence activities, we also believe that organizations which invest
in helping their external stakeholders imbibe and comply with the organization’s values, see
better working synergies and reduced risk of fraud.
Profiling the Fraudster
Instances of big-ticket frauds in Indian corporations have historically involved employees,
either as perpetrators or as conduits. Survey respondents indicated that senior management
employees (senior managers and above) were most likely to commit fraud. However, in our
experience all employees are equally susceptible to committing fraud.
The infographic in the next page highlights the types of frauds most likely to be perpetrated
across all levels of employees in an organization and the indicative red flags. The table has
been developed on the basis of Deloitte India forensic team’s experience of fraud detection
over the last couple of years.
Fraud losses continue to be deceptive
Although large value scams running into several hundred crores of rupees are making media
headlines regularly, responses to our survey indicate that perhaps majority of corporate India
does not experience even a fraction of that value of loss. Only 3 percent of our survey
respondents said they suffered fraud loss of over Rs 100 million. About 38 percent of our
survey respondents said that they had suffered no fraud loss and another 23 percent said they
were unable to quantify the loss due to fraud.
19. 19
Globally it is estimated that the average fraud loss in companies is about 5 percent of revenues3.
This raises concerns over corporate India’s understanding of fraud loss and the ability to
compute it accurately. This, in turn, may result in a lackadaisical approach to implementing
fraud risk management measures.
It is important to understand that in addition to the monetary loss from fraud, loss of reputation
and credibility can also have severe repercussions for a business – long term ban from
conducting business or in some cases, business termination itself. These aspects too must be
considered when one thinks of fraud loss.
20. 20
Impact of the Companies Act 2013 on the state of fraud
Comprehensive legislation combined with strong enforcement can be a big deterrent to fraud.
The majority of the survey respondents agreed that the potential for prosecution and
enforcement is a strong deterrent against fraudulent conduct. In this context, India’s position
on legislations to curb corporate fraud is still evolving. The Companies Act 2013 is a
significant development in the evolution of India’s regulatory environment.
This law is the first in the country to focus comprehensively on fraud risk management and
prescribes stringent punishment upon the violation of its provisions. The Act includes specific
provisions to address the risk of fraud, alongside prescribing greater responsibility and
increased accountability for independent directors and auditors. It goes beyond professional
liability for fraud and extends to personal liability, prescribing penalties for directors, key
management personnel, auditors and employees.
Effective enforcement of this legislation can reduce fraud significantly, according to 88 percent
of the survey respondents. Among the provisions in the Act, survey respondents identified the
mandatory establishment of a vigil mechanism for listed companies, and a greater degree of
accountability placed on the Board of Directors, as the most effective provisions in tackling
wrongdoing
21. 21
Mandatory vigil mechanism
The Companies Act 2013 calls for the establishment of a vigil mechanism for directors and
employees to report concerns about unethical behavior, suspected fraud or violations of the
company’s code of conduct or ethics policy. However, the effectiveness of a vigil mechanism
is not guaranteed by its mere existence, but by the confidence that stakeholders place in its
functioning. As per the Deloitte India’s Whistleblowing Survey 20145, survey respondents felt
that a whistle-blower program, should necessarily have the following key characteristics.
a) Anonymity and confidentiality
b) Adequate whistle blower protection
c) Transparency and Independence, as required by the legislation, and to provide for an
objective view
d) A dedicated team to handle whistle-blower complaints (third party or internal)
e) A well-documented process of addressing complaints, feedback and communication.
From an operational standpoint, a robust whistleblowing mechanism should feature multi-
channel accessibility and multi-lingual support. Close to 38 percent of respondents to Deloitte
India’s Whistleblowing Survey 20146 identified the need for multiple reporting methods, such
as a dedicated phone number, an exclusive email address or website, and the ability to receive
complaints by post or fax.
A comprehensive solution would be to engage a 24-hour response center staffed by multi-
lingual officers to receive information, as well as analysts to prepare incident reports from
disclosures received through any of these channels. Whistleblower reports are sensitive and
not being able to use one’s preferred language can adversely impact a report’s completeness
and accuracy. For many companies, whose operations span national
and linguistic borders, the ability to take reports in many different languages is absolutely
essential.
Lastly, support from senior management is crucial to making whistleblower programs
successful. For instance, senior officers at a company known to us, sent an email to all
employees, sharing their experience of testing the whistleblower hotline, helping reassure their
staff about how easy and confidential the whole process was. Subsequently, the company saw
higher number of employees use the hotline.
Given the limited success that Indian companies have had in the past with their whistleblower
programs, we would recommend a well-planned campaign to create awareness about the
whistleblower program and its features to all stakeholders.
22. 22
Greater accountability on board and directors to prevent and detect fraud
The majority of our survey respondents felt that the Board should be responsible for preventing
fraud, while external auditors should be responsible for fraud detection. They also felt that the
Chief Security Officer should be responsible for fraud investigation. In our view, it is not
prudent to restrict these responsibilities to one individual/ team. Equal representation from the
board of directors, audit committee and risk and compliance teams, can effectively utilize
synergies to create a robust mechanism to monitor fraud incidents.
Global research7 indicates that fraud risk management should not be restricted to be the role
of a few Board members; in fact it has to be a combination of varied experts such as Internal
Audit, Audit Committee, Information Technology, Ethics office, Security and staff.
Survey respondents have indicated that Internal Auditors should not be responsible for fraud
prevention. In our view, the internal audit team is most familiar with the company’s processes
and can therefore prove to be useful in preventing fraud.
Survey respondents also indicated that the Board’s responsibility should be restricted to fraud
prevention. We, however, feel that the Board should take the onus of proactively monitoring
their companies’ efforts to understand and mitigate fraud risks and also be involved in setting
up a system through which investigations are performed and resolved competently and
objectively, particularly in cases where the senior management may be involved in fraud.
Further, active monitoring and Board oversight act as strong deterrents to fraud and enhance
the perception of detection. These actions also demonstrate the ‘Tone at the Top’ and help set
the platform for an internal antifraud culture.
Most of the survey respondents felt that external auditors should be held accountable for fraud
detection. However, globally, over the last five years, external auditors have detected less than
5 percent of frauds within organizations and their contribution to fraud detection is steadily
falling, with only 3 percent of frauds being detected by them in 20148. In our experience, the
inherent limitations of statutory audit, make it difficult for external auditors to detect fraud and
therefore placing significant onus of fraud detection on them may not be adequate.
We are also seeing traction among companies making efforts to ensure that the senior
management is equipped to deal with fraud. Survey respondents highlighted the key areas of
focus as creating a zero tolerance culture, periodic communication to employees on ethical
behavior, and review of code of conduct to include specific policies on fraud.
Alongside the efforts being taken to revisit the code of conduct and other documentation to
extend the scope to cover fraud risks, it is also important to sensitize senior management to the
risk of fraud because they are responsible for setting the tone at the top and cascading the
message of fraud risk management to employees.
23. 23
However, only 38 percent of survey respondents indicated that they organized periodic training
programs for senior management on fraud risk management. In our view, the senior
management team should spend time understanding the provisions under the Companies Act
2013, as several provisions indicate the need for a proactive approach to fraud risk
management, as opposed to the existing reactive approach that survey responses have indicated
throughout the survey. Complying with the provisions of the Act is possible only if the senior
management can recognize the gaps in compliance levels and take appropriate measures to
plug them. Further, the Act prescribes penalties on the senior management (including up to 10
years of imprisonment and/ or fines of up to INR 25 Lakh) in case of fraud or noncompliance,
making them personally liable for negligence.
To ensure compliance with the Companies Act 2013, we have observed that a few companies
have identified ‘fraud risk management champions’ to drive the implementation of training
programs across the organization. These leaders also served as a single point of contact to deal
with all issues arising due to fraud, misconduct and noncompliance.
The Companies Act 2013, in our view, has challenged the fraud risk management efforts
undertaken by companies in the past. Companies need to think strategically and make long
term investments in tackling fraud. Setting up a dedicated internal investigations and response
team, investing in data analytics tools to detect red flags, and including due diligence processes
as part of the larger fraud risk management framework, are some initiatives that can prove to
be helpful in the long term.
24. 24
CHAPTER 3- FRAUD RISK MANAGEMENT
AT BANKS
The current status of anti-fraud programs
The key to any anti-fraud program is to have a framework in place that will not only prevent
fraud but also be able to detect fraud incidents in real time. However, the task of developing
and maintaining such a robust enterprise wide anti-fraud program with proactive monitoring
components can be daunting for any organization.
The key features which should necessarily be part of any organization’s fraud risk management
program include the following:
Preventive mechanism
• Understanding roles and responsibilities
• Ongoing fraud awareness program
• Formal and well designed due diligence process
• Periodic fraud risk assessment
Detective mechanism
• Reporting procedures
• Whistle-blower protection
• Invest in Data analytics
Response mechanism
• Investigation process
• Corrective action
• Communication
• Continuous monitoring
An effective fraud risk management solution can help banks manage fraud risks in a manner
consistent with regulatory requirements, as well as with the entity’s business needs and
marketplace expectations. Through this survey, we asked banks about the various anti-fraud
measures that they had adopted.
25. 25
Survey respondents have highlighted that they face certain challenges in maintaining the
efficiency of antifraud security controls at an enterprise-wide level, such as struggling to work
across channels and/ or finding it difficult to integrate with applications/ tools (such as
integrating online transactions and ATM transactions, and integration between retail banking,
corporate banking and private banking transactions); however, over 80 percent of them find
their current controls to be largely effective. Further, in terms of the implementation status of
various anti-fraud programs, it is heartening to note that banks have progressed across several
parameters compared to the last edition of our survey, taking cognizance of the impact of fraud
on their organization.
Around 43 percent of the survey respondents appear to have an effective intelligence gathering
mechanism, compared to 28 percent from our previous survey in 2012. Such an intelligence
gathering mechanism can enable banks to identify weaknesses inherent to their process, and
also be used to identify new threats hitherto unknown.
Only half of the survey respondents indicated having an effective risk assessment program;
however, more than two-thirds of the survey respondents indicated that they have effective
fraud control strategy and policies in place.
A fraud control plan describes an organization’s approach to controlling fraud. It includes
actions to be taken to reduce the fraud risks identified through the fraud risk assessment process
and assigns responsibility for their treatment. In case the fraud risks are not identified, the fraud
prevention controls will be rendered inadequate, posing a challenge to fraud risk strategy at
banks.
A significant proportion of survey respondents have indicated that employee background
checks, while implemented in the organization, are not effective. In our experience, more often
than not, employees who engage in unethical behavior or commit fraud tend to have a history
of dishonesty. Pre-employment screening helps reduce the risk of employing people with a
checkered past or those who claim to have qualifications they do not possess. It allows
organizations to have greater confidence in the work ethics of their employees.
We recommend that banks undertake the following pre-employment checks at the minimum:
• Confirmation of identity
• Police check for any convictions
• Residence address check
• Verification of qualifications claimed, and
• Employment check with previous employers
26. 26
A quick analysis of the survey findings also indicates that banks need to immediately focus and
speed up their efforts in the following areas:
• Conduct regular fraud risk assessments
Existing processes within the bank must be regularly challenged to unearth gaps in the controls
environment. Once this is done, the fraud risk exposure should be assessed periodically to
identify specific potential schemes and events that the organization needs to mitigate. A good
fraud risk assessment should necessarily answer three questions.
- Am I aware of all the fraud scenarios in my immediate environment?
- Do I have the necessary controls in place? And am I aware of how a potential fraudster can
override or circumvent existing systems and controls?
- How is the effectiveness of controls monitored?
Further, a team of specialists can be instituted to collect information on the latest fraud schemes
and test existing controls for vulnerability. Many banks may have such a team as part of their
fraud investigation units.
• Invest in an intelligence gathering mechanism
“Mystery Shopping” or “Market Intelligence” is an important element of fraud vulnerability
assessment. This will enable banks to not only test the efficacy of controls to existing and new
fraud scenarios but also have the ability to identify collusion, if any, which could result in
circumvention of controls. This can also be leveraged in providing objective and accurate
information on individuals and entities in the context of due diligence, litigation support, fraud,
asset tracing and business investigations.
• Use dedicated forensic tools during an investigation process
Today’s business environment generates vast amounts of data. The key to a successful
investigation is to not only manage this data and turn it into meaningful information, but also
collect, preserve and analyse large and disparate data to support or refute facts and allegations
of a case. Forensic tools can be used to navigate IT systems for evidence of malfeasance, such
as information deletion, policy violations and unauthorized access. A wealth of information
can be recovered from computers, including active, deleted, hidden, lost or encrypted files or
file fragments which can be presented in a court of law. These include tools for forensic
imaging, electronic discovery, data anomaly detection and records management which can help
banks and their legal counsels in handling and analysing large and complex data issues to help
support their cases.
Overall, a significant majority of respondents have indicated that they plan to invest in
enhancing or implementing certain anti-fraud measures. While these costs largely cover
elements that fall within a fraud risk management framework, it indicates that banks have
realized that managing the risk of fraud is a continuous process that will need regular
investment in order to meet current challenges as well as future fraud scenarios.
27. 27
Being proactive in managing the risk of fraud To be or not to be,
therein lies the question
Survey respondents indicated that the top three challenges faced by banks in preventing fraud
were: lack of customer/ staff awareness; integration of data from various source systems; and
inadequate fraud detection tools.
Employees are often the first ones to detect fraud. Organizations that have effective anti-fraud
training programs experience less-costly losses, quicker resolutions of fraud cases, and an
enhanced reputation for customer protection7. Targeted fraud awareness training for
employees and managers is a critical component of a well-rounded program for preventing and
detecting fraud. By implementing an effective fraud awareness program, management can
harness the efforts of all staff members in its anti-fraud activities and can significantly reduce
the cost of fraud within the organization.
On a broad level, fraud awareness training should include following key topics:
• What is fraud and its effects on the organization
• Who perpetrates fraud and the fraud triangle
• How to identify fraud and the red flags to look out for (including behavioural signs)
• How to report fraud – the availability of channels and the process of dealing with complaints
As new regulations such as the Companies Act, 2013, place greater emphasis on the presence
of a vigil mechanism to mitigate fraud risks, banks must ensure that their employees are aware
of their organization’s whistle-blower program. In our experience, little effort is taken to
sensitize employees on how their complaints are managed as well as how the whistle-blower
and suspect are dealt with throughout the investigation process. A clear and well-documented
process for managing complaints can give greater confidence to employees to report
suspicions.
For instance, the processes required to establish allegations involving junior or middle ranking
staff tend to be fairly straightforward across most companies. Either internal or external
investigators are appointed to review the matter and report the allegations that are raised.
Usually, an appropriate senior manager will then deal with the matter after seeking advice from
the Legal and/ or HR teams. However, if the allegation is against a senior manager, the situation
can become a little complicated. Companies without a robust policy for dealing with such a
scenario, mostly, run the risk of such investigations becoming compromised by senior
management involvement or of such allegations being ignored. Employees need to be made
aware of these detailed processes around how their complaints will be handled, so that they can
gain trust in the system.
On the technology front, banks have been struggling with a number of legacy applications
catering to various aspects of their operations. These systems often result in islands of
information with limited data in a format that may be incompatible with the rest of the
organizational data. Additionally with sophisticated anti-fraud solutions requiring varied types
of data inputs for analysis, banks are realizing that they may not have been capturing the
requisite information in their existing system, resulting in lack of sufficient data for meaningful
analytics.
28. 28
Getting it right: Defining the role of technology
In the realm of fraud detection, the ability to reveal relationships, transactions, locations and
patterns can make the difference between uncovering a fraud scheme at an early stage as
opposed to having it grow into a major incident. From money-laundering schemes to anti-
corruption laws, from manipulating financial statements by reporting fictitious revenues to
inappropriate sanctioning; forensic analytical tools can help explore data and quickly identify
errors, irregularities and suspicious transactions embedded within your day to day business,
thereby providing clarity to concerns raised by managers and employees.
According to the responses received, a little over half of the survey respondents appear to have
implemented a dedicated fraud detection/ analytics solution. However, interestingly only one
in every three respondents who has implemented such a solution appears to be entirely satisfied
with it. In our experience, banks are trying to leverage their existing transaction monitoring
tools for fraud monitoring. Many are of the opinion that existing tools in the market are
expensive/ ineffective with a few indicating insufficiency of data for non-implementation.
It was interesting to note that a large number of respondents sought technology to help them
either highlight red flags where controls have been circumvented or where controls need to be
enhanced. In our opinion, this could be because banks have realized that ‘deviation from
existing controls by line managers/ supervisors’ is one of the major causes of fraud in the sector.
With technology available which can help banks detect these deviations in controls, the internal
audit team can also leverage this solution to undertake forensic based audits8, which could go
a long way in enhancing the efficiency of detecting frauds in time.
29. 29
Emerging fraud risks
The advancement of technology in providing innovative services, combined with the explosive
growth in internet banking, has permanently altered the business landscape and how banks
manage this risk. While cybercrime as a trend is not to be ignored, the actual losses are, at
times, not significant enough to a bank’s financials. The potentially greater impact from
cybercrime is on customer and investor confidence, reputational risk, and regulatory impact
that together add up to substantial risks for financial services companies. These issues
ultimately have the potential to impact the reliability of a bank and in extreme cases may lead
to a systemic crisis.
With organizations increasingly depending on technology, it is perhaps not surprising to find
that cybercrime continues to increase in volume, frequency and sophistication. This includes
ATM skimming, phishing/ vishing and misuse of credit and debit cards. Additionally, when
asked to select the top three areas which were giving ‘sleepless nights to bankers’, it was no
wonder that Internet Banking/ ATM fraud, E-Banking and Identity fraud were the top culprits.
Interestingly, in addition to the above as a future fraud concern, mortgage portfolio also appears
to be increasingly vulnerable to the risk of fraud.
These concerns appear to be in line with overall statistics available in India as well as the global
trend. India itself, has witnessed a massive surge in cybercrime incidents in the last ten years -
from just 23 in 2004 to 72,000 last year. As per the government's cyber security arm Computer
Emergency Response Team-India (CERT-In) 62,189 cybersecurity incidents were reported in
just the first five months this year 9.
On a global level, the likely annual cost to the economy from cybercrime is estimated to be
more than $400 billion10 . Additionally, a global survey of corporate C-level executives and
board members (conducted last year) revealed that cyber risk was now the world’s third
corporate-risk priority overall 11. Interestingly, the same survey from 2011 ranked
cybersecurity as only the twelfth highest priority; a rapid rise explained perhaps in part by the
evolving nature of the risks themselves.
30. 30
Are banks guilty of underestimating the problem?
Since the first edition of our survey (over six years ago), banks have consistently reported an
increase in fraud incidents as well as the value of fraud loss incurred by an overwhelming
amount. However, it is interesting to note that the actual percentage increase in fraud incidents
experienced (as reported by respondents in previous editions) has been consistently higher in
comparison to the expected percentage envisaged by the respondents from each previous
edition.
While the incidents of fraud have been on the rise, there appears to be no clear trend as both
the nature of the frauds as well as the reasons behind them are diverse. The survey throws up
some interesting questions:
• Is the rise in identification of frauds a direct result of the banks’ inadequate fraud risk
management systems and processes; or
• Is the rise in reported fraud incidents a direct result of increased regulatory scrutiny and/or
recognition of frauds?
Statistics released1 by the Reserve Bank of India, however, indicate that during the same
period, the number of frauds as well as the amount involved in these fraud incidents have
increased more than three times. The sharp rise in fraud incidents over the years have
inadvertently left banks feeling extremely vulnerable. This steady increase in fraud risks in
banks may be symptomatic of the weakness in the underlying fraud risk management
framework and/ or processes. The data however, offers little hope for relief on the immediate
horizon
31. 31
Are banks doing enough?
Over the years, fighting the risk of fraud has assumed centre stage and become a C-suite issue.
Managing fraud has become increasingly important for banks not only because of increased
regulatory scrutiny but also due to increased stakeholder expectations and the detrimental effect
from the actual fraud loss incurred.
Today, a fraud incident is no longer viewed in isolation or as a one-off mere compliance issue.
While survey responses indicate that banks are investing significant amounts of money in
enhancing their fraud risk management (FRM) capabilities, it appears to be missing the mark
on addressing some of the core issues. Across our three editions there seem to be certain
concerns that continue to be highlighted as primary reasons behind the increase in fraud
incidents. Despite their recurrence over the years, there appears to be little that has been done
to help identify the root cause and mitigate them.
Having adequate prevention methods in place makes it harder for fraud to be committed. One
such effective prevention mechanism is to deploy regular fraud detection data analytics to help
identify and monitor the risks of fraud. It is critical to realise that data is one of the most
important assets of any organisation. With fraud schemes and the sophistication of fraud
perpetrators constantly evolving, analytics tools provide the ability to discern anomalies,
patterns, and trends - including in real time - across available data that might otherwise go
unnoticed, whether within a business unit, in a particular region, or across the enterprise.
Any controls put in place by the makerchecker are bound to fail if these issues remain
consistently unaddressed. Is the focus on business targets forcing people to overlook the
controls, and if so, what are banks doing about it? Addressing this issue is one of, if not the
biggest, industry challenges. At the end of the day, who controls the controllers?
New technologies, new entrants into the industry, new regulations and changing consumer
preferences are combining to disrupt and contribute to this increase. Existing approaches seem
to have become less effective at identifying and mitigating fraud risks. We believe now is the
time to re-examine the overall approach, to review what risks are emerging and what responses
are necessary
32. 32
CHAPTER 4- CASE STUDY
Bank frauds that have rockedIndian banking sectorin 2018
Although the third month of 2018, last year has seen a string of bank frauds and scams across
India that has raised questions about the governance and credit managing practices at private
and public sector banks. This includes the huge PNB scam perpetrated by diamond jeweller
Nirav Modi and Mehul Choksi, Rotomac scam to name a few.
India has witnessed numerous banking scams in the recent times and huge amount of money
has been lost due to this. Earlier this year the Reserve Bank of India warned banks about an
increase in bank frauds. A series of Bank scams have significantly shaken the trust on many
Indian Banks and a huge question mark has been slammed in the face of the credibility of the
banks. Read this article to know about the Major Bank Frauds in India
The Indian banking sector has experienced considerable growth and changes since
liberalisation of economy in 1991. Though the banking industry is generally well regulated and
supervised, the sector suffers from its own set of challenges when it comes to ethical practices,
financial distress and corporate governance. This study endeavours to cover issues such as
banking frauds and mounting credit card debt, with a detailed analysis using secondary data
(literature review and case approach) as well as an interview-based approach, spanning across
all players involved in reporting financial misconduct.
The report touches upon the case of rising NPAs in the past few years across various scheduled
commercial banks, especially public sector banks. The study finally proposes some
recommendations to reduce future occurrence of frauds in Indian banking sector. The
credibility of third parties such as auditing firms and credit rating agencies is also questioned
in the study and is believed to be a significant contributor amongst other causes, such as
oversight by banks and inadequate diligence.
So Here are some top 3 Bank frauds in India occurred in 2018, a brief look at each of the scams
that rocked the banking sector in India in 2018.
33. 33
(A) PNB Scam
In what may turn out to be one of the biggest scams in the country’s corporate history, Delhi-
based Punjab National Bank (PNB) said on Wednesday it had been defrauded of about Rs 114
billion by jeweller Nirav Modi, his maternal uncle Mehul Chinubhai Choksi, and other relatives
through a clutch of companies they own.
The country’s second-largest public sector bank (PSB) said two of its employees were involved
in the scam, where the bank’s core banking system was bypassed to raise payment notes to
overseas branches of other Indian banks, including Allahabad Bank, Axis Bank, and Union
Bank of India, using the international financial communication system, SWIFT.
The Punjab National Bank Fraud Case relates to fraudulent letter of undertaking
worth ₹14,356.84 crore (US$ 2.1 billion) issued by the Punjab National Bank at its Brady
House branch in Fort, Mumbai; making Punjab National Bank liable for the amount. The fraud
was allegedly organized by jeweller and designer Nirav Modi. Nirav, his wife Ami Modi,
brother Nishal Modi and uncle Mehul Choksi, all partners of the firms, M/s Diamond R US,
M/s Solar Exports and M/s Stellar Diamonds; along with PNB officials and employees, and
directors of Nirav Modi and Mehul Choksi's firms have all been named in a charge sheet by
the CBI. Nirav Modi and his family absconded in early 2018, days before the news of the scam
broke in India.
Punjab National Bank (PNB) alleges associates of three firms - Diamond R US, M/s Solar
Exports and M/s Stellar Diamonds- approached PNB on 16 January 2018, with a request
for LoUs to make payment to its overseas suppliers. The bank demanded at least a 100 percent
cash margin for issuing LoUs, but the firms contested that they had received LoUs without any
such guarantee in the past. Branch records did not show any such facility having been granted
to the firms, PNB suspected fraud and began digging into transaction history.
On 29 January 2018, PNB filed a complaint with the CBI, wherein it was alleged that Nirav,
Ami Modi, Nishal Modi and Mehul Choksi, all partners of M/s Diamond R US, M/s Solar
Exports and M/s Stellar Diamonds, in collusion with two bank officials committed the offence
of cheating against PNB and caused a wrongful loss.
The PNBofficial in his complaint informed the agency that at the Bank’s branch office at Brady
House in Fort, Mumbai, two of its employees, Gokulnath Shetty, retired Deputy Manager of
PNB and another bank official Manoj Kharat, issued fraudulent LoUs to Hong Kong based
creditors on behalf of three firms associated with Nirav Modi and the Gitanjali Group. “The
public servants committed abuse of official position to cause pecuniary advantage to Diamonds
R US, Solar Exports and Stellar Diamonds and wrongful loss of Rs 280.70 crore to PNBduring
2017,” said the first information report (FIR) filed by CBI.
34. 34
The bank initially said that two of its employees at the branch were involved in the scam, as
the bank's core banking system was bypassed when the corrupt employees issued LOUs to
overseas branches of other Indian banks, including Allahabad Bank, Axis Bank, and Union
Bank of India, using the international financial communication system, SWIFT. The
transactions were noticed by a new employee of the bank. The bank then complained to the
CBI, who is currently investigating the scam apart from ED and RBI. On a later date, CBI
named key officials Usha Ananthasubramanian, former CEO of PNB, executive directors KV
Brahmaji Rao and Sanjiv Sharan in a charge sheet holding them responsible for failure to
implement several circular and caution notices issued by the RBI regarding the reconciliation
of SWIFT messages and core banking systems.
The finance ministry has sought details about fraudulent transactions involving this case or
related incidents by the end of this week and in a fresh missive has asked all banks to undertake
a clean-up drive. DFS Secretary Rajiv Kumar said this seemed to be an isolated case and would
not impact other banks.
Nirav Modi is currently in the United Kingdom and is seeking political asylum in Britain
though the Indian government has officially asked for his extradition. The Enforcement
Directorate has begun attaching assets of the accused and is seeking to immediate confiscation
under the Fugitive Economic Offenders Ordinance.
Modi is on the Interpol's wanted list for criminal conspiracy, criminal breach of trust, cheating
and dishonesty including delivery of property, corruption, money laundering since
February 2018.
35. 35
Just about a week ago, diamond jeweller Nirav Modi opened a new store in Macau. Barely
three months ago, he had opened a second store in DLF Emporio’s Chanakya mall in New
Delhi, with plans for another one, in Bengaluru, later this year. Modi has been relentless in
building his brand regardless of banks having a problem of fraudulent and unauthorised
transactions with his companies. His website is running Valentine’s Day promotions beside
pictures of Hollywood celebrities wearing his jewellery and details of the fashion shows he
sponsored recently.
Modi’s ambition was to expand to 100 stores by 2020, not unusual for a brand that is trying
to grow. He has boutiques in New York, Las Vegas, Honolulu, Singapore and Beijing. There
is one store in London, three stores in Macau, and four stores in Hong Kong, where Modi’s
sister Purvi Mehta is based and runs the company’s design division. Besides Bengaluru,
another boutique was slated to open in London.
All this could be derailed now, as lenders to Modi, his company Firestar Diamond and other
firms huddle into emergency meetings to try and figure out what their exposure in either
loans or bank guarantees to the diamond company is. On Tuesday, the Central Bureau of
Investigation received two complaints from Punjab National Bank (PNB) against Modi and a
jewellery company, alleging fraudulent transactions worth about $1.8 billion.
36. 36
(B) Bank scam by Vijay Mallya
The flamboyant liquor baron, Vijay Mallya, once hailed as the King of Good Times and Indian
version of Richard Branson, is being chased by almost every institution in the country — the
banks, regulators and, finally, the judiciary — for the Rs 9,000 crores he owes to the lenders.
How did Mallya fall to his current plight, where he is personally held accountable for the failure
of the airline business Kingfisher Airlines and delayed repayment of loans? The answer lies in
a decision forced on him by lenders in 2010 to give a second lease of life to the airline that was
then on the brink of a collapse.
“Mallya had his back against the wall. Banks insisted him to offer personal guarantees for any
further lending,” said a retired banker, who was previously with State Bank of India (SBI), on
condition of anonymity. “Otherwise, there was no reason why Mallya is personally held
responsible for the repayment of the loan (Rs 9,000 crore now including the accrued interest
amount). There are bigger stressed borrowers (companies) around,” the banker said, giving
examples like Bhushan Steel and Winsome Diamonds. The Kingfisher Airline, grounded in
2012, never made profit in its eight years of operations. When Mallya approached the group of
lenders for further lending in 2010, there was serious differences of opinion among the group
of senior bankers in SBI, and other banks in the consortium, on why should they lend to the
airline again. But, the majority decision was to take the big risk again and lend to Mallya.
“It was, in a way, throwing good money after bad (since the KFA exposure was already
stressed),” the banker quoted earlier said. “But, if we didn’t do that at that point, the exposure
till then would have gone bad instantly. No one wanted that to happen. There was no option
before us,” said the official. But, everyone knew what was in the store, though no one said
anything in the discussion room. “The mood was partly that of helplessness and partly
optimism,” the banker said. Bankers were optimistic because Mallya himself was hopeful of
turning around the airline, even though the entire aviation industry was groping in darkness.
Ironically, however, despite Mallya’s optimism, everyone saw the writing on the wall.
In March 2012, Kingfisher halted its international operations to Europe and Asian countries
and cut down local flights to 110-125 a day with a fleet of 20 planes from 340 flights earlier to
save money. By October 2012, the bird flapped its wings for the last time. Since then, it hasn’t
seen the skies. Kingfisher, once the second-largest airline in India, had little chances of
resuming its operations since the necessary regulatory approvals were not in sight and its
balance sheet was bleeding. The company’s losses had widened to Rs 2,142 crore for its fiscal
fourth quarter ending in March 2013, compared with a net loss of Rs 1,150 crores a year earlier.
The accumulated losses as of March 2013 stood at a whopping Rs 16,023 crore.
Its dues had mounted to over Rs 15,000 –Rs 16,000 crore to banks, airports and others and its
flying licences expired at the end of last year. The death bells were beginning to ring. In his
desperation to revive the airline, Mallya twice submitted revival plans to the aviation regulator,
with parent UB Group committing initial funding, but with no luck. In its eight-year life, the
airline never made profit even once.
Mallya remained optimistic though not to lose the airline’s licence. “We have not submitted an
ambitious plan. We have submitted a holding plan," Mallya told reporters, while the
government wasn’t convinced. "The problem is in the last two to three months, he's given so
many plans and he's not adhered to any of them," the then Aviation Minister Ajit Singh told
reporters in New Delhi.
37. 37
Panic was beginning to set in in the banking industry, especially state-run banks, which were
the majority in the banking consortium. After all, banks had to answer a lot to shareholders not
just for further lending to Mallya in 2010, but for offering generous loan recast facilities and
converting the debt of Kingfisher to equity at a huge premium.
In early 2011, the bank consortium including SBI had converted debt amounting to Rs 1,400
crore into equity at a 60 percent premium to the prevailing market price. Going by the stock
exchange data, on March 31, there was preferential allotment to SBI and ICICI Bank due for
conversion of compulsorily convertible preference shares into equity shares at a price of Rs
64.48 each. Remember, on that day, KFA shares closed at Rs 39.90 on the BSE.
"Within a few months, the share value had eroded so much that banks were put in a difficult
position,” said the banker quoted earlier. Kingfisher last traded at Rs 1.36 on the BSE on 22
June 2015. The entire loan restructuring exercise to Kingfisher was done without any special
dispensation from the RBI, which means that banks had to make heavy provisioning on their
books, hoping that the airline will revive sooner or later and pay back the money. That never
happened.
Finally, Kingfisher, was declared an NPA by most banks, including SBI, towards the end of
2011 and beginning of 2012. The majority burden of Kingfisher loans was on government-
owned banks. The smartest in the lot was ICICI Bank, which managed to sell its entire Rs 430
crore Kingfisher loan exposure to a debt fund managed by the Kolkata-based Srei Infrastructure
Finance Ltd in mid-2012. The sarkari banks were the real bakaras in the entire story.
Banks' chances of getting their money back from Mallya are very less since Kingfisher hardly
has any assets left for banks. Even if banks go ahead and sell Kingfisher assets such as the
Kingfisher House in Mumbai, it will fetch only a fraction of what is at stake. The only hope
for banks is if Mallya himself have a change of mind and decides to pay back banks from his
personal wealth (Mallya has shares worth Rs7000 crore in various companies and lot more in
fixed assets).
"But, all that will happen if he returns to the country and say he will pay back,” the banker said,
adding that bankers are more irked by Mallya flaunting his wealth publicly even now when
thousands of crores are at stake. According to reports Mallya already received $40 million of
his severance pay fro Diageo before his flew to UK. Can the final battle between banks, led by
SBI, and Mallya in Supreme Court and Bangalore DRT result in lenders getting their money
back? Chances are less.
38. 38
4. Rotomac Pen Scam
After billionaire jeweller Nirav Modi, industrialist Vikram Kothari, the promoter of Rotomac
Pens, is being investigated by the CBI for defaulting on more than Rs 3,700 crore in loans from
government banks. Investigators raided Vikram Kothari's home and establishments in Uttar
Pradesh's Kanpur around daybreak, hours after the CBI filed a First Information Report (FIR).
Vikram Kothari has denied any wrong doing. "Yes, I took a loan from the bank but it's wrong
information that I haven't paid," he said. Mr Kothari, his wife and son were questioned during
the searches that began around 4 am at three addresses in Kanpur. CBI sources say action
against the billionaire followed a formal complaint by Bank of Baroda, one of the banks from
which Vikram Kothari had taken loans. Mr Kothari allegedly owes Rs 3,695 crore to Allahabad
Bank, Bank of India, Bank of Baroda, Bank of Maharashtra, Indian Overseas Bank, Oriental
Bank of Commerce and Union Bank of India.
Rotomac pen promoter Vikram Kothari faced heat of central agencies after the Central Bureau
of Investigation (CBI) as well as the Enforcement Directorate (ED) registered separate cases
against him and his company for allegedly swindling of billions from seven banks from 2008.
Rotomac Global Private Limited cheated a consortium of banks to the tune of Rs 36.95 billion
(Rs 3,695 crore), including interest by siphoning off loans sanctioned to the company for
procurement of wheat and other goods for export.
The CBI registered a case after receiving a complaint from Bank of Baroda against Kanpur-
based Rotomac Global Private Limited, its director Vikram Kothari, his wife Sadhana Kothari,
and son Rahul Kothari and unidentified bank officials.
Initially, the alleged scam was estimated to be of Rs 8 billion (Rs 800 crore) but after the CBI
started to probe into the accounts of the company, it was found that the company had allegedly
taken loans from Bank of India, Bank of Maharashtra, Indian Overseas Bank, Union Bank of
India, Allahabad Bank and Oriental Bank of Commerce were taken.
39. 39
The raids on Mr Kothari coincide with a CBI investigation into the massive PNBscam in which
bank officials helped Nirav Modi and others get credit from overseas banks using fake
guarantees. Nirav Modi and his family left the country in the first week of January, before the
CBI started investigating the fraud.
Amid reports over the weekend that Vikram Kothari had also fled the country - like several
high-profile tycoons under investigation - he was spotted at a wedding on Sunday night. "I live
here and will continue to live here only. There is no country better than India. I am not going
to run away anywhere," he told reporters. In February last year, Mr Kothari was declared a
wilful defaulter. He contested it in the Allahabad High Court and won but allegedly didn't pay
his dues. All through last year, various properties belonging to Mr Kothari and his family
members were put up for auction by the banks to recover a part of their dues.
The CBI alleged that the accused had cheated a consortium of seven bank by siphoning off
bank loans to the tune Rs 29.19 billion (Rs 2,919 crore). The total outstanding amount along
with interest and liabilities for the company were pegged at Rs 36.95 billion (Rs 3,695 crore),
the CBI alleged. Immediately after registering the case, the CBI carried out searches at three
locations in Kanpur which included Kothari's residence and office premises. While making
clear that no arrests have taken place in the case so far, CBI spokesperson Abhishek Dayal said
Kothari, his wife and son were being examined by the CBI.
According to the CBI officials, the company allegedly used two modus operandi for siphoning
off the loans secured from consortium of banks from 2008 onwards.
Loan utilised for purposes, other than executing export orders The CBI alleged that the credit
sanctioned for a particular export order was diverted to a different offshore company and later
the money was remitted back into the Kanpur-based company without executing an export
order.
No export was undertaken, though, according to officials of the CBI who referred to details
given in the Bank of Baroda complaint.
CBI Spokesperson Abhishek Dayal quoting Bank of Baroda complaint said:
"Rotomac cheated the consortium of banks by siphoning off bank loans."
Interestingly, the official said Rotomac was working for interest rate differential in local and
foreign currency. "Number of front and fictitious companies were formed to carry out illegal
activities by Rotomac which submitted forged documents to obtain the money from the banks,"
Dayal said. The official said the credit disbursed and sanctioned to the company was utilised
for the purposes other than executing export orders.
"For example, credit sanctioned for export order received from Singapore for the supply of
wheat was diverted to a Singapore-based firm Bargadia Brothers Pvt Ltd but the money was
later remitted back to Rotomac," he said.
"In other cases, the money disbursed by the bank for procurement of goods and some other
export materials was not utilised for this purpose and no export order was executed by the
Rotomac."
40. 40
The official said "this misappropriation of funds" violated the FEMA (Foreign Exchange
Management Act) guideline. Bank of Baroda also alleged in its complaint that "most of the
transactions of Rotomac are with a limited number of buyers, sister companies and sellers and
no genuine business transactions were carried out, according to other CBI official who did not
want to be named. In other cases, money disbursed by the banks for procurement of goods for
export was not utilised and no export order was executed ever. This is a misappropriation of
the fund, criminal breach of trust and violation of FEMA guidelines, the officials said.
It is alleged that the company was working for interest rate differential in local and foreign
currency and even fake documents were submitted to induce banks to advance money, the CBI
alleged. The agency registered the case under the Prevention of Money Laundering Act
(PMLA), after studying the CBI FIR that was registered on Sunday. The ED, the officials
said, would probe if the funds obtained through the alleged fraud were laundered and if the
proceeds of the crime were subsequently used by the accused to create illegal assets and black
money.
This scam is related to the biggest Private Sector Bank of the country i.e. SBI leading the
consortium of 14 public and private sector. The principle loan is about Rs. 824 crores, adding
the interest due would indicate a loss of more than Rs 1,000 crore to the banks.
The main accused in this scam is Kanishka Gold Pvt. This company did not pay a loan of Rs.
824 crores, which has been converted into "NPA". The CBI has registered a case against
Chennai-based company Kanishka Gold and ED has started investigating the fraud. The
director of this company Bhupendra Kumar Jain and his wife Neeta Jain have fled the country.
The banks whose money is trapped in this scam are;
1. Bank of India :- Rs 754.77 crore
2. Indian Overseas Bank :- Rs 771.07 crore
3. Union Bank of India :- Rs 458.95 crore
4. Bank of Baroda :- Rs 456.53 crore
5. Allahabad Bank :- Rs. 330.68 crore
6. Oriental Bank of Commerce :- Rs 97.47 crore
7. Bank of Maharashtra :- Rs 49.82 crore
41. 41
CHAPTER 5- MANAGING THE FACE OF FRAUD
TOMMOROW
As we know that nowadays, the banking industry is facing an acute problem of fraud. The
problem is global, and no country is fully protected. Fraudsters have become experts in
hijacking online sessions: they steal client credentials and use malware to swindle funds from
unaware account holders. In his book “Future Crimes” Marc Goodman explains that “criminals
are often the first to exploit emergent technologies and turn their complexity against their
users”. According to Financial Fraud UK report, in 2016 financial fraud losses across payment
cards, remote banking and cheques resulted in astonishing £768.8 million, an increase
of 2% compared to 2015. At the same time, prevented fraud totalled £1.38 billion in 2016. The
anti-fraud measures undertaken by the banks and card companies helped to save up to £6.40 in
every £10 of attempted fraud transaction.
The Association for Financial Professionals’ 2016 Payments Fraud and Control Survey found
that 73% of finance professionals reported an attempted or actual payments fraud in 2015. In
the face of such threats, banking institutions are looking for the best options possible to fight
against cybercrime.
“The banks are the lifelines of the economy and play a catalytic role in activating and sustaining
economic growth, especially, in developing countries and India is no exception.
Fraud is a real operational risk for the banking system. The Reserve Bank of India (“RBI”) has
defined ‘Fraud’ as “A deliberate act of omission or commission by any person, carried out in
the course of a banking transaction or in the books of accounts maintained manually or under
computer system in banks, resulting into wrongful gain to any person for a temporary period
or otherwise, with or without any monetary loss to the bank.”
The latest Financial Stability Report by RBI in June 2018 suggest that the banking system has
reported around 6,500 instances involving fraud of around Rs 30, 000 crores in the last fiscal.
Several other banking frauds which were reported subsequently have raised several questions
about the ability of the PSBs to contain these situations.
The world is seeing a rise in new frauds in which the business community appears to be largely
unaware of. Some of the key frauds uncovered in very recent times in the world are mentioned
below. The Deloitte India Fraud Survey has identified four emerging frauds that can
significantly impact the way Indian businesses use digital media. These include social media
fraud, e-commerce fraud, cloud computing fraud and virtual currency/ crypto-currency related
fraud. Each of these frauds has been discussed in the coming pages, along with potential
measures for mitigation.
42. 42
(A) E-commerce fraud
Electronic Commerce (E-commerce) encompasses all businesses conducted by the use of
computer networks. The Indian e-commerce industry is currently valued at approximately INR
224 billion and is growing at the rate of 50-55 percent annually. It is expected to be
approximately INR 504 billion large in the next two years10. Currently travel related bookings
such as flight ticket, rail ticket and hotel bookings form the largest chunk of the e-commerce
industry followed by online retail of consumer goods.
The primary reason for the growth of the e-commerce industry has been the increasing internet
penetration in India. In 2006 there were only 21 million active internet users, whereas in June
2014, there were close to 243 million users11. This rise in the number of
people familiar with, and able to access the internet, has spurred the development of online
marketplaces. Almost three-fourths of our survey respondents said they were comfortable
doing business online, although they considered some aspects of e-commerce transactions
prone to the risk of fraud. Online payments, procurement of materials, and trading in stock
markets were identified as areas vulnerable to fraud risks. This is in line with global research
which indicates that e-commerce payment fraud is on a rise. US-based research data shows that
the value of fraudulent transactions is often four times the value of a regular transaction.
Further, procurement of materials online is likely to be considered risky in India, due to
concerns over the performance, availability and security of the materials purchased13. Further,
many a times, sellers may not disclose data pertaining to the product, its quality, legality of
use, and warranty. Each merchant can follow different standards for representing product
related data, making it challenging for buyers to estimate the quality and legitimacy of products
on sale. Traditionally, this risk was mitigated to some extent due to physical inspection of
goods prior to purchase, and a predominant credit-based business model that facilitated return
of goods, if found unsatisfactory.
While the above mentioned fraud risks may not deter organizations from e-commerce trade,
survey respondents mentioned other fraud risks, such as leakage and loss of confidential data,
fraudulent transactions and inadequate security at payment gateways, that could deter their
organizations from doing business online. This opinion can be attributed to global media
coverage of such issues that highlight the difficulty in tracing the extent of data and fraud loss.
While we don’t see fraud risks deterring corporates from transacting online, it would still be
advisable to take measures to mitigate fraud risks. Some of the measures that merchants and
customers can adopt to have a safer e-commerce experience include:
1. Establish anti-fraud policies and procedures: Every merchant must have a policy on sales,
online payments, sales returns, shipping, customer details verification and a fraud manual that
identifies potential fraud risks. Buyer organizations can have a similar policy that details how
to identify genuine e-commerce websites and guidelines on conducting business online. A
section that helps identify and report fraudulent sites must also be included in the policies.
2. Forming a dedicated team to monitor e-commerce frauds: Several companies have
identified in-house teams that research on new frauds and communicate it to the organization.
Such teams also challenge business processes regularly with an aim to unearth any gaps in
controls. This proactive approach to identifying emerging frauds is an effective strategy, given
the evolving nature of e-commerce business in India.
43. 43
3. Due diligence: Given the large third party ecosystem that supports e-commerce in India,
merchants need to ensure that they conduct adequate due diligence before associating with
business partners. Further, this diligence can also be extended to check and verify genuine
customers. Buyer organizations can also conduct due diligence on e-commerce service
providers, as well as traders who use the platform, to ensure that they are transacting with
reliable parties with a good reputation in the market.
4. Communication and Training: Communicating fraud risks and safeguards to employees
and vendors can help prevent fraud incidents. Employees should be educated on safety
mechanisms, identifying fraud risks, as well as conducting business ethically online, through
periodic training programs.
The E-commerce model can help convert the largely unorganized retail sector to a
technologically savvy organized sector. While India is in the process of developing a
legislation which can be enforced on either the buyer or seller in terms of a framework within
which business needs to be conducted, formation of contracts and the liabilities involved
therein, nonetheless, cues can be taken from The United Nations Commission for International
Trade Law (UNCITRAL), a model law on e-commerce which serves as a benchmark for
national and international legislation and assists contracting parties in formulating their
contracts. The UK’s E-commerce regulation known as Electronic Commerce (EC Directive)
Regulations 2002, clarifies and harmonizes the rules of online business throughout Europe with
the aim of boosting consumer confidence.
While the government is working closely with e-commerce players and manufacturers to
develop legislation that addresses the concerns of doing business online, companies should also
aim to fortify themselves with adequate safeguards to mitigate the risk of fraud and reputation
loss.
44. 44
(B) Cloud Computing fraud
With increasing number of users demanding simultaneous access to data and applications over
multiple devices such as desktop PCs, notebook computers, smartphones and now smart
watches, cloud computing is gaining appeal for both enterprise and personal use.
The current state of technology makes it possible to edit and share documents and data across
multiple devices and locations. Some subscriptions also allow users to collaborate and interact
in real-time.
As the number of cloud-based service providers grow, risk to systems and intellectual property
have also grown. While well-known service providers have sophisticated security and access
control systems, the safeguards employed by scores of lesser-known service providers may not
be relatively well documented. Some of the key risks that users of cloud computing may face
include, data loss from unauthorized use of low-quality systems, hacking, theft of intellectual
property, and theft of confidential customer data.
Fraud losses from cloud computing are difficult to estimate though the damage could be
massive depending on the sensitivity of the data lost. It is therefore important that companies
remain aware of the risks they can face while using cloud computing as part of their business
operations. It is not surprising that only 5 percent of survey respondents indicated that their
organizations had sustained losses from cloud-based intrusions. Around 43 percent were
unaware of data loss or leakages arising from hacking or hijacking of cloud services and a
similar percentage of those surveyed reported no losses.
45. 45
Mitigating cloud computing risks starts with defining a comprehensive policy. Such a policy
should include the following key components –
a. Prohibiting the use of cloud services that violate the company’s data domicile policies14
b. Screening, testing and deploying an enterprise-grade cloud solution that complies with the
company’s own security standards, reliability requirements and brand image
c. Allocating end-to-end responsibility for audit and security management to a dedicated team
d. Prescribing a usage policy for end-users that is consistent with the company’s compliance
policies, security procedures and code of conduct.
These components must be periodically reviewed and updated, in line with changes in the
service providers’ policies and feature upgrades. This is where the bulk of Indian companies
seem to have a challenge. Close to 58 percent of survey respondents were unaware of the
frequency with which their compliance and security policies related to cloud computing were
updated.
While survey respondents indicated that other preventive measures such as IT and software
audits, signing non-disclosures agreements, and pre-engagement assurance via vendor due
diligence are in use, there was no indication on periodic monitoring of fraud risk management
measures. The majority of the survey respondents said IT audits were performed only at the
time of vendor appointment and/ or yearly.In our experience, conducting periodic IT audits or
monitoring the data pertaining to cloud within organizations is not as cumbersome as it was in
the early days of the Internet. By utilizing technology, one can monitor transactions in real time
and use that information to conduct a meaningful audit.
46. 46
(C) Social media fraud
Social networking is a valuable asset helping companies by providing strategic inputs,
estimating competitive advantage and brand leverage, and also serving as a structured medium
to buy and sell goods and receive feedback from users.
While companies have invested in establishing social networking platforms, it appears that few
have a deep understanding of exactly how social media works, on the basis of the responses
we have received for this section of the survey. As a result, social media remains an enigma
for many executives, and most companies find it difficult to manage its operation and outreach,
let alone the risks.
Our survey indicates that the most significant fraud risk concerning corporations is that of data
disclosures. These include sharing of confidential information such as client names, financial
details, reputation related matters, private employee related matters or forward looking
information such as business plans. Recently, a leading cloud services provider came under
scrutiny for the leak of several private pictures, some featuring high profile socialites or
celebrities. It was later discovered that these pictures were shared by other users on popular
social media platforms amplifying the damage to reputation. Due to the impact on reputation,
there was considerable market share loss to most of the cloud providers.
The risk of data disclosure can be attributed to the lack of a formal training/ sensitization
program for employees. Our survey respondents agree and over 61 percent indicated the
absence of a formal policy or training on using social media in their organization.
Employees not educated in social-media matters pose the greatest risk when it comes to social
business. Social-sphere activity may create situations not covered by traditional rules and risk
frameworks. The use of social networks has, in an unprecedented way, blurred the line between
employees' work and personal use of technology. As a result, the ways in which social
platforms are used by employees give rise to a host of challenges for employers, including how
best to protect confidential information.
Some of the common risks and corresponding mitigation measures that companies need to be
aware of while using social media or allowing employees to use social media include:
• Click-jacking – Malicious hyperlinks are concealed beneath social media content that
appears legitimate and upon clicking, the user ends up either downloading malware, or sending
the user’s ID to a website, without his/ her knowledge. A variant of this type of fraud is cross-
site scripting where malicious code is injected into a trusted website and upon access, infects
the user’s system. A solution is to set browser options to maximize security and disable
provisions of any scripting.
• Doxing – Fraudsters may hack into social media sites and publicly release personally
identifiable information about individuals such as full name, date of birth, address, and private
pictures. This information can be used to steal an individual’s identity and commit fraud, harass
and bully individuals or coerce them into acting illegally or to extort money. To prevent
instances of doxing, it is advisable to be careful of the information one shares about oneself,
family, and friends on social media.
• Scams - Fake deals that trick people into providing money, information, or service in
exchange for the deal. Cybercriminals use popular events and news stories as bait for people
to open infected email, visit infected websites, or donate money to bogus charities. It is
recommended that people verify the validity of such deals by contacting the companies making
the said offers on products.