In the hierarchy of high profile banking functions, the trade finance department which deals with buyer’s credit falls closer to the bottom rather than the top. It has been seen as a low-risk, short-term, sometimes mechanical business, built atop an existing client relationship. As such, it flies under the radar. But those same perceived characteristics - short-term, low-risk and mechanical - may be among the key reasons that the fraud at Punjab National Bank went unnoticed until it blew up into a Rs 11,400 crore scam - the biggest in the history of Indian banking.
To understand the genesis of the fraud, it is useful to study the basics of the business. Doing so, makes the flaws in the model and the loopholes in regulations fairly obvious in retrospect.
Here’s how the business works.
A company, with which a bank has an existing credit relationship (gives loans to), is in the import-export business. It needs capital to manage some part of its operations in a foreign jurisdiction. However, banks in that jurisdiction may either be unwilling to lend to this company (because they are not familiar with it) or charge it high rates of interest for loans. Also, borrowing in India is more expensive because interest rates are high. But if the company is willing to take on some currency risk, it can reduce its interest rate risk. So, the company goes back to its relationship bank in India and gets a guarantee (in the form of a ‘Letter of Understanding’ or ‘Letter of Credit’). It then goes to the offshore branch of another Indian bank and borrows against this guarantee at a lower rate.
For the company, this means cheap and quick credit. For the overseas branch of the Indian bank, it means low-risk lending income since it is giving out money against the guarantee of another bank. For the home bank, it means cross-selling and another stream of income from the same client. Even prevailing regulations lull everyone into a false sense of comfort. The risk weight assigned to buyer’s credit is 20 percent compared to the 100 percent risk weight attached to corporate loans.
It worked well for all concerned. Till now.
The PNB case has exposed a whole series of issues, which need to be examined at a system level and plugged, said a retired Reserve Bank of India official who spoke on the condition of anonymity. This person added that this is not the first time that fraudulent transactions have been reported linked to ‘Letter of Understanding’ / ‘Letter of Credit’ facilities and it won’t be the only instance found, if the regulator combs through the system.
The Gaps In Technology
The first and most obvious gap is in the SWIFT communication system used as a ‘recognised’ channel of communication for inter-bank transactions. In the past, most notably in the case of the Bangladesh Central Bank, SWIFT systems have been hacked to transfer funds illegally. In the case of the PNB-Nirav Modi fraud, fraudulent messages were sent by bank staff who had access to the SWIFT system.
The SWIFT system cannot be a standalone system of communication, said the former RBI official quoted above. He explained that the SWIFT system is often managed by relatively junior level staffers and the mandated checks can be overcome by people acting in concert to defraud a bank.
As widely reported, not all banks have linked their SWIFT systems to their core banking systems (CBS), even though the technologies permit such a linkage. The RBI, too, does not specifically mandate such a linkage and relies on broader guidelines for managing operational risk.
“The standing procedure of maker-checker applies to this too. End of the day reconciliation has to be done. And a back-office unconnected with the operating unit should be checking messages too. All these are standing instructions relating to all financial transactions,” R Gandhi, former RBI deputy governor told BloombergQuint in an interaction last week. Normally, SWIFT messages are audited by end of day or the next morning, said Gandhi.
The system, however, failed in the case of PNB. According to early reports on the scam, the first instances of fraudulent LoUs may date back to 2011. “We still need detailed facts of the case, but if it has gone on for so long, then it is definitely worrying to me,” Gandhi said in the interview.
The Gaps In Credit Assessment
The flaws exposed by the PNB fraud are not restricted to technology and back office processes. They extend to the function of credit assessment core to the banking business.
In the Nirav Modi case, the biggest gap in credit management is, of course, on the part of PNB. According to the first complaint filed by the bank, there were no sanctioned credit limits in place for Modi’s companies. Yet LoUs were issued, against whom a contingent liability of Rs 11,400 crore piled up.
But there was lapse on part of the banks that loaned funds against the LoUs too. This lapse stems from the nature of buyer’s credit as an instrument.
Another former RBI official, also speaking on the condition of anonymity, said the first question that a bank needs to ask while sanctioning buyer’s credit is why the concerned company is borrowing via this route? They are essentially substituting their own credit risk with that of a bank for a fee, this official explained. From a credit perspective, that’s what it boils down to, this official said.
According to this official, foreign banks typically look at the underlying credit quality of the final borrower rather than see it as an exposure to another bank. They price the risk accordingly. That’s one reason that much of the buyer’s credit availed by Indian companies comes from foreign branches of Indian banks rather than foreign banks, said this person. The local banks are familiar with the company and assume that the home bank has done the credit assessment, the person explained.
This is not the right way to do the business, said this person while adding that each individual bank should be required to confirm the veracity of the LoUs or LCs and also do a credit assessment of the underlying company. This is important even from the perspective of managing your asset-liability mismatch, said this official.
The Gaps In Regulatory Scrutiny
A third question that emerges from the PNB-Nirav Modi saga is whether the RBI is aware of risks that may emerge from contingent liabilities. The regulator takes stock of the off-balance sheet exposure of banks as part of its overall supervisory review and also asks banks to include these exposures while computing capital adequacy ratio, said both former RBI officials.
However, data on individual banks and their contingent liabilities via instruments like buyer’s credit has not been easily available for scrutiny. It was only in January 2018 that the RBI expanded the list of items that must be reported to the regulator in the XBRL format for sharing business information. The new list includes ‘contingent credits’, which include letters of credit and guarantees. This may eventually allow for quicker detection of a build-up of risk at a bank level or corporate level.
The RBI mandated ‘concurrent audit’ system has also failed in the case of PNB. These guidelines were reviewed in July 2015 when the RBI told banks to expand the scope of concurrent audits. Such an audit is expected to run parallel to the functioning of a financial institution to “shorten the interval between a transaction and its examination by an independent person,” said the RBI guidelines. The revised rules specified that the concurrent audit must cover large branches, those that deal in high risk businesses and activities including off-balance sheet items.
Banks were, however, given the discretion to decide on whether the concurrent audit is conducted by the bank’s own staff or by external auditors. In light of the PNB incident, the RBI may need to tighten its concurrent audit rules, said the second former RBI official quoted above.