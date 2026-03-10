The recent ₹500-crore fraud in a private-sector bank is not merely another headline. It raises a deeper and more uncomfortable question: Why do such incidents continue despite sophisticated controls, advanced analytics and board-level oversight?

According to the latest Annual Report of the Reserve Bank of India, banks and financial institutions reported 23,953 frauds in 2024-25, involving ₹36,014 crore.

Nearly 92 per cent of the amount relates to advances. While there is no official break-up of employee-driven frauds, industry estimates suggest that 35-40 per cent of cases involve internal participation or collusion.

What makes these numbers worrying is that many such frauds continue for years before detection, suggesting that formal control frameworks often identify problems only after losses have already accumulated.

Public debate has largely centred on digital frauds — phishing, mule accounts, and cybersecurity breaches. Those risks are real and rising. Yet internal fraud at the branch level remains an under-examined vulnerability. When branches became sales engines The structural shift began in the early 2000s when new-generation private sector banks redefined the role of the branch. Branches increasingly became sales-focused outlets, while operations were centralised for efficiency and cost control. Central Processing Centres brought greater standardisation and scale. But this also created blind spots. The depth of branch-level processes reduced. Operational ownership became diffused. Customer relationships grew more transactional and often non-face-to-face. In many branches, daily conversations now revolve around targets; process discipline is assumed to be embedded elsewhere in the system.

Compounding this is the high attrition at the frontline. Relationship officers and sales executives frequently move between institutions, chasing better incentives. Rapid churn weakens institutional memory and dilutes accountability. When ownership is transient, supervision becomes episodic. Control thrives on continuity; attrition disrupts it. Fraud rarely begins with a systems breakdown. It usually begins with human vulnerability. Incentives and signal distortion Another structural evolution in banking has been the growing dependence on fee income from third-party products such as insurance, mutual funds and wealth products. Cross-selling is legitimate and commercially necessary. Diversified revenue streams strengthen banks. However, when fee targets overshadow core banking metrics, behavioural distortions can emerge. Frontline staff is often evaluated as much on insurance premiums or mutual fund mobilisation as on deposit growth or credit quality.

Aggressive quarterly targets, combined with performance-linked incentives, can blur the line between suitability and salesmanship — and in extreme cases between compliance and circumvention. The issue is not third-party distribution itself. It is distorted incentives. When revenue generation dominates the narrative, risk conversations inevitably recede. Risk dashboards capture historical anomalies; they rarely capture ethical stress building at the base of the organisation. A question that risk management committees should ask after every such episode is this: Which dashboard predicted this? Institutions spend enormous effort tracking known risks. Far less time is spent anticipating behavioural risk created by incentive design, attrition and cultural dilution.

The controls that truly matter Employee-driven fraud typically exposes foundational gaps. Are employee credit histories reviewed periodically, or only at the time of onboarding? Financial stress can be an early warning signal. Is staff rotation meaningful in sensitive roles? Does high attrition weaken maker-checker discipline? Does consequence management send a visible and credible signal? In many institutions, disciplinary outcomes remain opaque, weakening the deterrent value that visible accountability is meant to create. Beyond Know Your Customer, do banks practise “Know Your Colleague”? Branches are visited by cluster heads, business heads, risk teams and auditors. But how often do these visits go beyond reviewing targets, cross-sell numbers and tick-box compliance? How frequently do leaders ask uncomfortable questions about staff pressure, process shortcuts or ethical grey zones?

Conduct risk cannot be embedded through e-learning modules alone. It requires visible supervision, engagement and example. Culture is the real control We often hear that “tone at the top” matters. It does. But tone without transmission is ineffective. If the message from leadership does not translate into behaviour at the branch counter, it remains rhetoric. The real first line of defence is not the risk department. It is the operating staff — branch staff, call centre teams and sourcing executives. If they do not internalise risk ownership, no amount of capital can protect reputation. Financial losses can be absorbed. Reputational erosion cannot be recapitalised.

There is a tendency to design processes primarily to satisfy regulatory expectations. Compliance should be the starting point, not the destination. Controls designed merely to “meet regulatory requirements” become checklists. Controls designed out of institutional conviction become culture. Technology will grow sharper. Artificial intelligence will detect anomalies faster. But fraud prevention will still depend on hiring discipline, rational incentive structures, frontline stability, credible supervision and visible consequence management. If well-capitalised, technologically sophisticated banks continue to witness internal fraud, the problem is not capital. It is culture. And culture does not sit on a dashboard. It sits at the branch counter — defined by what the incentive sheet rewards.