RBI's Mundra asks bankers to report loan frauds swiftly

Calling for a proactive approach to reporting of loan frauds, Reserve Bank Deputy Governor S S Mundra has said up to four years of "NPA seasoning" has been observed in reporting of such cases, which exposes bankers to the risk of being charged with "abetting" the offence.
"In almost all the cases, we have observed that the exposure has got seasoned as an NPA for three to four years before the borrower was declared fraudulent....Banks and bankers could be charged for abetting the criminal offence. My call to you therefore, is to identify and declare the account as fraud without wasting time," Mundra said, adding that as much as 92 per cent of financial frauds are loan-related.

He rued that the gap between the date of occurrence of the fraud and detection of the same has been widening.
In the remarks made during a closed door bankers' event on Monday and published late last evening, Mundra said delay in reporting of a fraud can have "far-reaching implications on the employee conduct and internal governance standards".
Mundra did not refer to any particular case while making the remarks, which came days after the entire brass of state-run IDBI Bank was arrested for allegedly conniving to sanction loans for the fugitive businessman Vijay Mallya.
Mundra also said despite Reserve Bank raising flags on cyber security, banks continue to have "significant" gaps in their architectures and asked the boards of respective banks to monitor the same.

"Banks were advised to assess the gaps in their preparedness vis-a-vis the baseline requirements prescribed by RBI and to draw a time-bound plan to bridge the gaps urgently.

"The assessment reveals that barring a few banks the gaps are indeed significant, more so in respect of public sector banks," he said.
"This warrants immediate and continued attention of the board and senior management of banks," he said.
Citing the recent incidents of ATM and debit card frauds which resulted in millions of debit cards being replaced, Mundra said there is a need to appoint a chief information security officer (CISO) and radically change budgeting for cyber security.

Even after the Bangladesh Bank incident in which
millions were lost to fraudsters, the domestic banking system has witnessed "an attempt" to defraud a bank through the abuse of SWIFT messaging system, but there was no monetary loss, Mundra said.
Referring to increased adoption of digital technologies, especially in the wake of note ban, Mundra said while the benefits of technology were obvious, we need to be "conscious of security aspects as well".
He said the RBI has come out with a framework on security under which 30 major banks will undergo a detailed 'IT examination' this fiscal, while all other lenders will be covered in the next fiscal.

RBI's dedicated subsidiary on IT has already become operational and will be assisting in such efforts, he said.
The commercial banker-turned-central banker said banks react to cyber incidents in a "knee-jerk and ad-hoc manner" which can jeopardise future probes, and urged them to report incidents quickly by sticking to the stipulated 2 to 6 hour window.
The RBI has also observed that there are certain loose ends in the security framework like in configuration of devices, patch management, OEM-supported software, password management or port management. These are ignored or entirely left to the vendors resulting in an "undesirable impact".
Even though knowledge of cyber-related aspects is relevant for all stakeholders including board members, Mundra said the RBI has observed that this is "ignored".

Stating that malware often strikes days after compromising the system, Mundra said there is a need to be on guard continuously by scouting for "innocuous looking unknown programmes/malware from time to time".
In the face of rapid changes in technology, Mundra also questioned whether there is a need to employ newer and newer technology enabled products at a fast pace.
"My point is frequent introduction of new technology may only end up stretching human resources beyond their capabilities and might eventually prove counter-productive," he added.