Stung by a series of frauds in the financial sector over the past six months, the Reserve Bank of India (RBI) today unveiled measures to tighten internal controls in banks.
In two separate circulars, RBI asked foreign and private banks to institute the role of an internal vigilance officer and laid down stringent norms to prevent frauds. These norms are based on the feedback of forensic scrutinies on banks chosen on the occurrence of high-value frauds or a sharp rise in the number of frauds in them.
In December 2010, Citibank said one of its employees had siphoned off Rs 400 crore by selling financial products that were not authorised by it. In April, RBI had penalised 19 commercial banks, including seven private sector ones and 11 foreign lenders, for mis-selling derivative products to their clients.
| AREAS WHERE FRAUDS HAVE INCREASED # Housing loans # Loans given against hypothecation of stocks # Forged documents # Loans against forged fixed deposit receipts # Escalation of overall cost of the property to obtain higher loan amount # Over valuation of mortgaged properties at the time of sanction # Over-invoicing of export bills # Frauds stemming from housekeeping deficiencies |
Foreign and private sector banks, unlike their public sector counterparts, are not mandated to have a chief vigilance officer. RBI has said such entities should have an executive designated as chief of internal vigilance (CIV) and the appointment should be based on experience, track record, proven integrity and ability to inspire confidence among personnel in the organisation.
"The existing vigilance functions of a few private sector and foreign banks were mapped with the existing guidelines in the matter and it was observed that the practices vary widely among banks," RBI said.
The normal tenure of a CIV would be three years, extendable up to a further period of two years. “But if a CIV has to shift from one bank to another without completing the approved tenure in the previous bank, the principle of overall tenure of six years will apply,” RBI said.
In the case of public sector banks, the chief vigilance officer is appointed for three years, which could be extended by two years. These officers are drawn from other public sector banks or the RBI. For administrative purposes, they report to the chairman of the bank and for vigilance matters, they report to the Central Vigilance Commission at the Union government.
Role details
RBI, which has marked the role and the function of the CIV, said such functionaries should not be a party to processing and decision-making processes or be involved in transactions likely to have clear vigilance sensitivity. Banks have been asked to frame a board-approved policy on staff rotation and the minimum period of mandatory leave for staff, including the CEO. The CIV’s functions will include preventive and punitive vigilance and surveillance and detection of malpractices.
Banks have been asked to hold periodic meetings between the CIV and chief executive to review the vigilance functions. The CIV should also give a report on the vigilance activities to the board and local governing council at regular intervals. Private and foreign banks will have to put in place such an internal vigilance system within three months and a compliance report on this has to be given to the RBI by August 31.
According to RBI, the forensic scrutinies have shown that while the banks do have certain policies and processes for monitoring of fraud, these are not well structured and systematic to ensure proper focus on typical fraud events. Besides, there is lack of consistency in treatment of transactions having characteristics of fraud, as also in their reporting to the “competent authority, RBI said.
Asking the banks to define fraud based on RBI guidelines, the regulator asked them to structure the functions in three categories, namely, detection and reporting of frauds, corrective action, and preventive and punitive action.
Banks have also been asked to put checks and disincentives of their human resources policies as part of their fraud risk management framework.
Banks will need to put in place criteria for appointing executives in treasury operations, relationship managers for high value customers and heads of specialised branches.
“The internal auditors, as also the concurrent auditors, must be specifically required to examine the implementation of these policies and point out instances of breaches irrespective of apparent justifications for non-compliance, if any,” RBI said.
