Research Article - (2016) Volume 3, Issue 3
School of Accountancy, College of Business, Universiti Utara Malaysia, Sintok, Malaysia
Objective: Fraud is a worldwide phenomenon that affects all continents and all sectors of the economy. With the rapidly growing banking industry in India, frauds are increasing fast, and fraudsters have started using innovative methods.Shockingly, the banking industry in India dubs rising fraud as an inevitable cost of business. One of the most challenging aspects in the Indian banking sector is to make banking transactions free from electronic crime. There is no “one silver bullet” to stop all frauds forever. By leveraging the power of data analysis software, banks can detect fraud sooner and reduce the negative impact of significant losses owing to fraud.
Methods: The present study is both descriptive and analytical in nature. As part of the study, in 2013-14 a questionnaire-based survey was conducted among 345 bank employees of the National Capital Region area. The questionnaire was structured into two parts. In fact, the first part comprised of several questions that attempted to know their opinions while working in a bank regarding training received, attitude towards the procedures prescribed by RBI, awareness level towards frauds and their compliance level under the following six heads: deposit account, loans and advances, administration of passbook and check book, drafts section, internal and inter-branch accounts, and credit-card section. Moreover, the second part encompassed the issues about how to integrate technology in the banking industry in order to detect and prevent frauds in Indian banks. It also examined the technology solutions available and how to integrate forensic approach to combat bank frauds in the Indian banking industry.
Results: The present study indicates there is limited separation of duties, false documentation, and inadequate or nonexistent control account for 60% of the fraud cases. It found that professional and managerial employees were involved in 45% of the cases. Bank Managers compliance level is the lowest in administration of check/pass book; while highest compliance is noticed in internal checks. Banks in India are not able to follow “zero-tolerance” policy. There is considerable difference in compliance level of employees of various banks on account of differences in the organizational culture, training provided, past experiences and their mental attitudes to strictly follow the RBI procedures.
Mostly ffrauds in the banking institutions are detected through customer complaints, followed by an internal or external tip, which is in line with global trends.Although banks cannot be 100% secure against unknown threats, a certain level of preparedness can go a long way in countering fraud risk. Internal audit professionals should play an integral role in their organization’s fraudfighting efforts. Some of other promising steps to control frauds are: educate customers about fraud prevention, make application of laws more stringent, leverage the power of data analysis technologies, follow fraud mitigation best practices, and employ multipoint scrutiny.
Conclusion: Promising steps to control frauds are: educate customers about fraud prevention, make application of laws more stringent, leverage the power of data analysis technologies, follow fraud mitigation best practices, and employ multipoint scrutiny. In 2015, the RBI has introduced new mechanisms for banks to check loan frauds by taking pro-active steps by setting up a Central Fraud Registry, introduced the concept of Red Flagged Account, and Indian investigative agencies (CBI, CEIB) will soon start sharing their databases with banks. Although banks cannot be 100% secure against unknown threats, a certain level of preparedness can go a long way in countering fraud risk.
Bank frauds, banking industry, RBI,risk management, use of technology, current scenario, future challenges.
It is universally accepted that for the smooth functioning of a money market and economic growth of a country, an efficient and good banking system is a must. Banking industry in India has traversed a long-way to assume its present stature in the21st century. According to Singh, [1]“The Indian banking industry is unique and has no parallels in the banking history of any country in the world. After independence, the banking sector has passed through three stages: character-based lending to ideology-based lending to competitiveness-based lending.” Similarly, Kumar and Sriganga [2] stated, “Banking sector of India accommodates 1175,149 employees, with total of 109,811 branches in India (and 171 branches abroad), and manages an aggregate deposit of Rs. 67,504.54 billion and bank credit of Rs. 52,604.59 billion.” Indeed, PSBs have a 75% market share, but the number of funds by private banks is 5 times of PSBs. The phenomenal spread of branches, growth and diversification in business, large-scale computerization and networking, have collectively increased manifold the operational risks faced by the banks. Unfortunately, it is also true banking industry has to face many types of frauds and scams. The Reserve Bank of India (RBI) is the central policy making and nationallevel regulatory body by keeping an eye over the entire banking industry.
Recently, Pan [3] stated that “deposits of Indian banking industry is Rs. 81 trillion (USD1.30 trillion) in 2014. Banks are using internet and mobile devices to carry out transactions and communicate with the masses.” Moreover, according to KPMG-CII report [4] “Indian banking sector has potential to become 5th largest in the world by 2020, and 3rd largest by 2025.” Besides, Kaveri [5] remarked that “while the Indian banking industry has witnessed a rapid growth in their business and profits, the amount involved in bank frauds has also been on the rise. This unhealthy development causes losses to the banks and badly affects their credibility.” As KPMG’s ‘India Fraud Survey 2012’ [6] states, “Despite having a strong regulator, the financial services sector has emerged as the most susceptible sector to frauds.” Fraudulent activities cause losses to banks and their customers, and also reduce money available for the development of economy. [7] Shockingly, “the banking industry in India dubs rising fraud as an inevitable cost of business” (E&Y). According to Deloitte India Banking Fraud Survey Report [8] (Edition II, 2015), “Common causes of frauds in banking include diversion & siphoning of funds, whereas fraudulent documentation and absence, or overvaluation of collaterals were the main reasons for fraud in retail banking.” Thus, in nutshell, “inadequate measures to prevent banking fraud is the primary reason for widespread frauds. Technology is like a double-edged sword [9], which can be used to perpetuate, detect and prevent frauds.”
However, Gates and Jacob [10] have pointed out that “the misuse of technology in the banking includes use of banking access for over-payments to vendors, sharing confidential information, and misuse of technology for unauthorized activities.” Also, providing services on mobile and social media platforms, with limited knowledge of security requirements, poses lot of threats to customers and banks. [11] Data analysis software enables auditors and fraud examiners to analyze an organization’s business data to gain insight into how well internal controls are operating and toidentify transactions that indicate fraudulent activity or the heightened risk of fraud [12]. Data analysis can be applied to just about anywhere in an organization where electronic transactions are recorded and stored. As Kumar and Sriganga stated, “By leveraging power of data analysis technology, banks can detect fraud very soon and reduce the impact of losses due to frauds. Use of new technology can prove to be very helpful to control the fraud risk in banks [2].” It is a well-known fact that investigation and prosecution of fraudsters in India is “very slow, time-consuming process, thus, the danger of fraud will always be there. Since banking industry is a highly-regulated industry, there are also a number of external compliance requirements that banks must adhere to in the combat movement against fraudulent and criminal activity.
Recently, banking sector business has become more complex with the development in the field of information and communication technology, which has changed the nature of bank fraud and fraudulent practices. For example, Berney [13] observed that customers rely heavily on the web for their banking business, which leads to an increase in the number of online transactions. Similarly, Gates and Jacob,10 and Malphrus [14] have asserted that the internet provides fraudsters with more opportunities to attack customers, who are not physically present on the web to authenticate transactions. Fraud, however, is a major component of operational risk. But if the banker is upright and knows his job well, the task of the defrauder will become extremely difficult, if not impossible. This has thrust enormous responsibilities in terms of prescribing and maintaining an effective architecture of internal checks and controls, and optimum use of innovative technology. [15] Banks have more technology and more incentive than ever to combat fraud in electronic banking services. But whether they have enough technology and incentive to protect consumers from the headaches of a compromised account, payment card or identity is doubtful.
Meaning and Types of Bank Frauds
Fraud is a worldwide phenomenon that affects all continents and all sectors of the economy. As per RBI, fraud can be “loosely” described as “any behavior by which one person intends to gain a dishonest advantage over another.” Fraud encompasses a wide-range of illicit practices and illegal acts involving intentional deception or misrepresentation. The Institute of Internal Auditors’ “International Professional Practices Framework (IPPF)” [16] defines fraud as: “Any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.” Fraud impacts organizations in several areas including financial, operational, and psychological. While the monetary loss owing to fraud is significant, the full impact of fraud on an organization can bestaggering. In fact, the losses to reputation, goodwill, and customer relations can be devastating. As fraud can be perpetrated by any employee within an organization or by those from the outside, therefore, it is important to have an effective fraud management program in place to safeguard your organization’s assets and reputation.
Banks can secure and preserve the safety, integrity and authenticity of the transactions by employing multipoint scrutiny: cryptographic check hurdles. In addition, banks should rotate the services of the persons working on sensitive seats, keep strict vigil of the working, update the technologies employed periodically, and engage more than one person in large-value transactions. Of course, internal auditors can continue to win the battle against frauds and scams through the continued application of fundamentals, such as education, technological proficiency, and support of good management practices.Close attention and vigilance on the part of both banks and customers is, therefore, the best deterrence. According to Freddie Mac, [17] “Fraud Mitigation Best Practices” include: (a) Fraud Risk Management Policies and Procedures: Put sound and appropriate fraud detection, prevention, investigation, resolution, and reporting policies and procedures in place, and communicate them to employees; (b) Regulatory Compliance: Ensure appropriate policies and procedures are in place pertaining to your company’s obligations under the RBI Act, as applicable; (c) Ethical Conduct: Familiarize employees with your company’s standards for ethical conduct; (d) New Employee Awareness: Incorporate fraud awareness in new employee orientation programs; and (e) Training: Ensure that employees receive fraud training appropriate for their roles and levels.
One of the most challenging aspects in the Indian banking sector is to make banking transactions free from electronic crime [18]. Fraud detection in banking is a critical activity that can span a series of fraud schemes and fraudulent activity from bank employees and customers alike. It may be noted at the outset that all the major operational areas in banking industry offers a good opportunity for fraudsters, with growing fraud and financial malpractices being reported under deposit, loan, and inter-branch accounting transactions (including remittances). Frauds generally take place in a financial system when safeguards and procedural controls are inadequate, or when they are not scrupulously adhered to, thus, leaving the system vulnerable to the perpetrators. [19] Most of the time, it is difficult to detect frauds well-in-time, and even more difficult to book the offenders because of intricate and lengthy legal requirements and processes. In the fear of damaging the banks reputation, these kinds of incidence are often not brought to light. Historical evidence shows that whether the agency (or individual) committing the fraud works for the bank or deals with it, the culprit usually does very careful and detailed planning before he finally attacks the system at its most vulnerable point. Table 1 shows some of the common types of frauds in the Indian banking sector.
In today’s volatile economic environment, the opportunity and incentive to commit frauds have both increased. Instances of as set misappropriation, money laundering, cyber crime and accounting fraud are only increasing day-by-day. With changes in technology, frauds have taken the shape and modalities of organized crime, deploying increasingly sophisticated and innovative methods of perpetration. In the 21st century, as financial transactions become increasingly technology-driven, new technology seems to have become the weapon of choice, when it comes to fraudsters.
According to the PwC [20] Global Economic Crime Survey 2014, “cybercrime was one of the top economic crimes reported by organizations across the world, including India.” Regulations and laws governing the financial services sector in India are continuously evolving. For any growing organization, it is critical to keep up with the changing laws in order to mitigate risks and stay ahead. Some of the important regulatory drivers for the financial sector in India are as follows: (a) Reserve Bank of India Act, 1934; (b) Securities and Exchange Board of India Act, 1992; (c) Companies Act, 2013; (d) Prevention of Money Laundering Act, 2002; and (e) The Black Money (Undisclosed Foreign Income and Assets) and Imposition of Tax Act, 2015. The PwC’s Survey identified that suspicious transaction reporting, effective fraud risk management measures, whistle blowing processes and tip-offs helped financial services organizations to detect most frauds.
There is no simple way to squash fraud, but by implementing the right mix of technologies and prevention techniques, treasury executives can greatly reduce their organization’s risk. As Accenture’s Santoro puts it, “A solid portfolio of solutions with multiple layers of protection and controls can go a long way toward providing the necessary protection. If you put enough deadbolts at the door, thieves are going to give up and look elsewhere.” It is an endless game of “cat and mouse” between banks and cyber-criminals. There is a virtual arms race taking place online between financial institutions and cyber criminals, who as soon as the bank deploys a new process or technology to prevent online fraud, they find a weakness to exploit. [11,21] In addition, customers expect to be protected from fraud, but also want anti-fraud tools to look at them holistically, assessing the fraud risk of transactions based on their individual profiles. Five ways to combat bank frauds are highlighted below as:
1. Adopt appropriate technologies: An inclusive mix of strong authentication systems; analytics software; and bank services, positive pay and payee verification, for example, can greatly reduce an organization’s exposure to fraud. It is important to have layers of protection.
2. Beef up your internal controls: Sarbanes- Oxley mandates that companies pay strict attention to their internal controls. But even the most thorough Sarbanes-Oxley compliance effort cannot provide comprehensive protection against fraud. Proactive organizations will want to put additional controls in place, including rigorous approval procedures and careful separation of duties. That is especially true of disbursement processes, such as wire transfers.
3. Screen job applicants carefully: One of the biggest security problems company’s face is fraud perpetrated by trusted insiders. Key finance functions such as treasury must conduct background checks on potential hires, and companies should also consider drug testing and honesty testing. It is the first line of defense.
4. Educate your workforce: Employees need to understand how damaging fraud can be to the organization. They must be able to recognize signs of fraudulent activity and know how to report it. In addition, treasury employees will need to betrained in the correct use of the company's fraudprotection tools and technologies.
5. Prosecute thieves: Many organizations fire employees who are caught stealing but avoid prosecuting them for fear of bad publicity. A zero-tolerance policy goes a long way toward reducing the risk of illegal activity. Likewise, managers should immediately turn over any evidence of suspected fraud to law enforcement agencies.
Who is Responsible for Fraud Detection?
While the senior management and the board of Directors of the Banks are ultimately responsible for a fraud management program, internal audit can be a key player in helping to address fraud. By providing an evaluation on the potential for the occurrence of fraud, internal audit can show an organization how it is prepared for and is managing these fraud risks. Instead of relying on reactive measures like whistleblowers, organizations can and should take a more hands-on approach to fraud detection. [11] A fraud detection and prevention program should include a range of approaches–from point-in-time to recurring and, ultimately, continually for those areas where the risk of fraud warrants.
Based on key risk indicators, point-in-time (or ad hoc) testing will help identify transactions to be investigated. If that testing reveals indicators of fraud, recurring testing or continuous analysis should be considered. According to Deloitte India Banking Fraud Survey Edition II (2015), “Some of the top reasons for increase in fraud incidents are: (a) Lack of oversight by line managers/senior management on deviations from existing processes, (b) Business pressures to meet unreasonable targets, (c) Lack of tools to identify potential red flags, and (d) Collusion between employees and external parties.” [8]
In today’s automated world, many business processes depend on the use of technology. This allows for people committing fraud to exploit weaknesses in security, controls or oversight in business applications to perpetrate their crimes. However, the good news is that technology can also be a means of combating fraud. Internal audit needs to view technology as a necessary part of their toolkit that can help to prevent and detect fraud. Leveraging technology to implement continuous fraud prevention programs helps to safeguard organizations from the risk of fraud and reduce the time it takes to uncover fraudulent activity. This helps both to catch fraud faster and to minimize the impact it can have on organizations. According to ACL,11 the analytical techniques, which may prove very effective in detecting fraud, are shown below:
• Calculation of statistical parameters to identify outliers that could indicate fraud
• Classification to find patterns amongst data elements
• Stratification of numbers to identify unusual entries
• Digital analysis using Benford’s Law to identify unexpected occurrences of digits in naturally occurring data sets.
• Joining different diverse sources to identify matching values where they should not exist
• Duplicate testing to identify duplicate transactions such as payments, claims or expense report items.
• Gap testing to identify missing values in sequential data where there should be none.
• Summing of numeric values to identify control totals that may have been falsified
• Validating entry dates to identify suspicious items for postings or data entry.
As very strongly emphasized by Bhasin, [22] “In the 21st century, the forensic accountants are in great demand and forensic accounting is listed among the top- 20 careers of the future.” Recent accounting scandals and the resultant outcry for transparency and honesty in reporting, therefore, have given rise to two disparate yet logical outcomes. First, forensic accounting skills have become very crucial in untangling the complicated accounting maneuvers’ that have obfuscated financial statements. Second, public demand for change and subsequent regulatory action has transformed corporate governance (CG) scenario [23]. Therefore, many senior-level company officers and directors are under the ethical and legal scrutiny. In fact, both these trends have the common goal of addressing the investors’ concerns about the transparent financial reporting system. The failure of the corporate communication structure has also made the financial community realize that there is a great need for skilled professionals that can identify, expose, and prevent structural weaknesses in three key areas: poor CG, flawed internal controls, and fraudulent financial statements. [24] Therefore, forensic accounting skills are becoming increasingly relied upon within a corporate reporting system that emphasizes its accountability and responsibility to stakeholders.
Magnitude of Frauds in Banks: Indian Banking Industry Scenario
Different types of frauds caused Rs. 6,600 crores of loss to the Indian economy in 2011-12, and banks were the most common victims in swindling cases; insider enabled fraud accounted for 61% of fraud cases. However, Soni and Soni [25] concluded that “cyber fraud in the banking industry has emerged as a big problem and a cause of worry for this sector.” Similarly, another survey conducted by Deloitte [26] shows that “banks have witnessed a rise in the number of fraud incidents in the last one year, and the trend is likely to continue in the near future.” The Deloitte India Banking Fraud Survey Report Edition II added, “the number of frauds in banking sector have increased by more than 10% over the last two years. Banks witnessed rise in level of sophistication with which frauds were executed.”8 It is universally accepted that continued prevalence of frauds will have long-term bad consequences for banks, customers, investors, government and the economy in general.
The year-wise details, beginning from 2000-01 to 2013-14, regarding the number and amount of frauds reported by the Indian banking sector to the RBI, are shown in Table 2. The following broad generalizations can be made. During the last six years, from 2000-01 to 2005-06, the number of fraud cases has shown a constantly rising trend. For example, in 2000-01 there were 1858 cases of frauds, which substantially jumped to 2658 fraud cases in 2005-06. However, in 2006-07 and 2007-08, the number of fraud cases declined sharply from 2568 to 1385, respectively. In fact, the amount involved in fraud cases has also increased very sharply from the lowest level of Rs. 374.97 crore during 2002-03 to the highest level of Rs. 1134.39 crore during 2005-06. The year 2007-08 was an exceptional year in which the amount of loss caused due to fraud declined to Rs. 396.86 crore. In sharp contrast to this, year 2005-06 was also a very significant year for the banking industry, since this year witnessed the highest ever fraud loss of Rs. 1134.39 crore. Keeping in view the loss of Rs. 451.04 crore in 2004-05, the loss of Rs. 1134.39 crore in 2005-06, works out to about 2.5 times the loss of previous year. Moreover, the scenario of number of frauds and amount involved has significantly changed from 2008-09 to 2013-14. For example, 24,791 cases of frauds were reported in 2009-10, which showed a constant trend of decline till 2012-13. Number of fraud cases reported were 19,827 in 2010-11, which declined to 14,735 cases in 2011-12, and 13,293 cases in 2012-13 (a decline of 46.37%), respectively. As against this, the trend has reversed when we have a look at the amount of loss suffered by banks during the same period. For instance, the amount of loss suffered has increased very sharply from Rs. 2037.81 crore in 2009-10 to Rs. 8646 crore in 2012-13, an increase of 324.27%. As Pai and Venkatesh [27] (2014) reported, “As on March 31, 2014 banks reported total loss of Rs. 169,190 crore from 29,910 cases. In 2012-13, Rs. 13,293 crore of fraud was detected from 8646 cases.” During Apr.-Dec. 2014, PSBs suffered losses of Rs. 11,022 crore from 2100 fraud cases involving Rs. one lakh or more. During same period, 46% more amount was lost due to frauds compared to last full-year.
With the advent of mobile and internet banking, the number of banking frauds in the country is on the rise as banks are losing money to the tune of approximately Rs. 2,500 crore every year. While the figure for 2010-11 was Rs. 3,500 crore, for the current financial year (till September) it is about Rs. 1,800 crore. Further, state-wise list of information on banking frauds shows Maharashtra (Mumbai) reporting the highest number of cases to the RBI. In the last financial year, banks in the Maharashtra reported 1,179 cases with Rs. 1,141 crore being lost to such frauds. Maharashtra is followed by Uttar Pradesh with 385 cases during the same period.
Review of Literature
Jeffords [28] (1992) examined 910 cases submitted to the “Internal Auditor” during the nine-year period from 1981-1989 to assess the specific risk factors cited in the Treadway Commission Report. Approximately 63 percent of the 910 cases are classified under the internal control risks. Similarly, Calderon and Green [29] made an analysis of 114 actual cases of corporate fraud published in the “Internal Auditor”from 1986 to 1990. They found that limited separation of duties, false documentation, and inadequate or nonexistent control account for 60 percent of the fraud cases. Moreover, the study found that professional and managerial employees were involved in 45% of the cases. Ziegenfuss [30] performed a study to determine the amount and type of fraud occurring in state and local government.
Willson [31] examined the causes that led to the breakdown of ‘Barring’ Bank, in his case study, “the collapse of Barring Banks”. The collapse resulted due to the failures in management, financial and operational controls of Baring Banks. However, Bhasin [32] examined the reasons for check frauds, the magnitude of frauds in Indian banks, and the manner in which the expertise of internal auditors can be integrated in order to detect and prevent frauds in banks. In addition to considering the common types of fraud signals, auditors can take several ‘proactive’ steps to combat frauds. One important challenge for banks, therefore, is the examination of new technology applications for control and security issues. In another study, Bhasin [33] examined in-depth the corporate accounting fraud perpetuated by the Satyam management team in collusion with the auditor.
As per the survey conducted by Ganesh and Raghurama [34], about 80 executive from Corporation Bank and Karnataka Bank Ltd of India, were requested to rate their subordinates in terms of development of their skills before and after they underwent certain commonly delivered training programs. Responses revealed that for the 17 skills identified, there was improvement in the skills statistically. The paired t-test was applied individually for the seventeen skills, and all these skills have shown statistical significance. Moreover, another study to investigate the reasons for bank frauds and implementation of preventive security controls in Indian banking industry was performed by Khanna and Arora [35]. The study “seeks to evaluate the various causes that are responsible for bank frauds. The result indicate that lack of training, overburdened staff, competition, low compliance level are the main reasons for bank frauds.”
Mhamane and Lobo [36] in their study attempted to detect and prevent fraud in case of internet banking using Hidden Markov Model algorithm. Chiezy and Onu7 evaluated the impact of fraud and fraudulent practices on the performance of 24 banks in Nigeria during 2001-2011. Secondary sources of data were used for the study. The relationship between fraud cases and other variables were estimated using Pearson product moment correlation and multiple regression analysis was used. The paper recommended that banks in Nigeria need to strengthen their internal control systems and the regulatory bodies should improve their supervisory role. However, Dzomira [21] investigated the use of digital analytical tools and technologies in electronic fraud and detection used in the Zimbabwe banking industry. He concluded that banking institutions should reshape their anti-fraud strategies to be effective by considering frauds detection efforts using advanced analytics and related tools, software and application to get more efficient oversight. Similarly, Kumar and Sriganga [2] highlighted the common insider frauds occurring in banks and also tried to categorize them into different types. They focused on different generic data mining techniques and in specific, the techniques used for detecting insider frauds.
The foregoing discussion suggests that the literature on the bank frauds in Indian-context is very limited and inconclusive. Thus, our study builds on the previous literature of bank frauds in the Indian banking sector. The scope of the study has been confined to 21 banks in the National Capital Region (NCR) of India.
Research Methodology
The present study is both descriptive and analytical in nature. As part of the study, in 2013-14 a questionnaire-based survey was conducted among 345 bank employees of the National Capital Region (NCR) area. The questionnaire was structured into two parts.In fact, the first part comprised of several questions that attempted to know their opinions while working in a bank regarding training received, attitude towards the procedures prescribed by RBI, awareness level towards frauds and their compliance level under the following six heads: deposit account, loans and advances, administration of passbook and check book, drafts section, internal and inter-branch accounts, and credit-card section. Moreover, the second part encompassed the issues about how to integrate technologyin the banking industry in order to detect and prevent frauds in Indian banks. It also examined the technology solutions available and how to integrate forensic approach to combat bank frauds in the Indian banking industry.
All the respondents were selected through the random sampling method. There were 42 public sector banks in the area and finally, 21 banks were selected. The sampled employees comprising of Managers, Officers and Clerks of the branches were given the questionnaire by personally visiting them in bank. Out of all the employees, 296 employees responded, with an overall response rate of 85%. In all, there were 57 managers, 130 officers and 109 clerks as respondents and grouped on the basis of the following parameters, as shown in Table 3.
Findings and Analysis of Data
The RBI, being the overall central regulatory agency, has developed many important guidelines for prevention of bank frauds, which can help banks to prevent frauds. In the first part of the questionnaire, we focused on the compliance level of these security controls were measured under the following six heads—internal checks, deposit accounts, administration of check books and passbooks, loans and advances, drafts, internal accounts and inter branch accounts. The results of this study indicate that the security control measures are not fully complied with. As per a study, limited separation of duties, false documentation, and inadequate or nonexistent control account for 60% of the fraud cases. It found that professional and managerial employees were involved in 45% of the cases. Thus, education, training and awareness programs are informal intervention measures that should be implemented to prevent frauds. Undoubtedly, security controls prescribed by RBI, if followed with 100% adherence, can prevent frauds to a maximum extent.
Table 4 depicts the average compliance score of Bank Managers under the various heads. The results show that Bank Managers compliance level is the lowest (65%) in administration of check/pass book. In sharp contrast, the highest (95%) compliance is noticed in internal checks. The Managers gave second highest (91%) importance to loans and advances, and gave almost equal importance to the draft section (84%), internal and interbranch account (83%), and deposit account (82%), respectively. But surprisingly, still there is lack of 100% compliance related to security controls under any of the above listed six bank heads. Thus, it is amply clear that till now, banks in India are not able to follow “zero-tolerance” policy. [37]
Table 5 provides a snapshot of average compliance scores of Bank Officers under the various heads. The compliance level of Officers is the “highest” in internal & inter-branch account (86%), followed by draft section (81%) and deposit account (75%). Surprisingly, Bank Officers gave the lowest scores to the following two areas viz., loans and advances (65%), and administration in check and pass book (60%) sections. Keeping in view the Bank Managers and Officers scores, we can draw a broad conclusion: nobody likes to perform the work especially in the administration of check and pass book section.” Thus, there appears to be considerable differences in compliance level of employees of various banks, most probably, on account of differences in the organizational culture, training provided, past experiences and their mental attitudes to strictly follow the RBI procedures.
We feel that if the detailed procedures and/or instructions as prescribed by the RBI, if fully complied with (both in letter and spirit), no doubt, it can greatly reduce the incidences of frauds. But the present study revealed “very low percentage of respondents display highly-favorable attitude towards the procedures laid-down by RBI.” As Table 6 shows, a “very high proportion of respondent (211/296) believe that they do not have sufficient staff to carry out the work meticulously, they are usually overburdened with work and hence, not able to follow the procedures strictly. Since this attitude is based on the perception of bank employees towards adequacy of staff, it can be inferred that “if there is an adequate number of bank staff hopefully the compliance level will be more.”
From Table 7, we can conclude that “the compliance level of the managers (48%) is higher than that of officers (22%). This may be due to the fact that managers are more rigorously trained and their attitude towards RBI’s procedures is more favorable than that of officers and clerks. Hence, Mangers awareness level is high as they have increased level of responsibility.
It is amply clear from Table 8 the awareness level is very low, both on the part of Clerks and Officers in Banks. For example, only 9.17% of clerks and 13.07% of officers belong to “high” category of awareness level. However, Managers show a little better awareness level. For example, around 15.78% of Managers belong to high category of awareness level. A careful study of the data contained in the table reveals shockingly that about 52% of Clerks, 49% of Officers, and 47% of Managers belong to “low” category of awareness level. It is very disappointing to know that the awareness level of Bank employees about various types of frauds and losses suffered by the banks are very low. Hence, with this dismal scenario, how can we expect from them to follow detailed procedures and guidelines issued by the RBI and take pro-active actions to prevent frauds and mitigate bank losses?
Table 9 depicts the relative importance (on 10 point score) assigned by the Bank Managers, Officers and Clerks to the reasons responsible for the commitment of bank frauds. Managers gave more weightage to lack of training (7), and followed by overburdened staff (5). In sharp contrast to this, both Officers (6) and Clerks (7) felt that overburdened staff is the main reason responsible for bank frauds, which is followed by lack of training for Officers (5) and Clerks (6), respectively.
When we asked the bank employees and managers, 80% indicated that fraud detection tools and technologies are the most effective ways of combatting bank frauds. On the other hand, 43% of the respondents showed that real-time decision making tools are effective in preventing fraud, while 22% respondents showed that monitoring of accounts is effective, whilst 77% indicated that customer awareness is most effective of preventing fraud, and finally, 76% of the respondents revealed that training of employee putting emphasis on identification and response to fraudulent activities is the most effective way of preventing fraud in organisations. The response given by Bank Employees and Bank Managers are shown in Table 10.
Based on how fraud incident is typically detected in bank, a large majority of 21% respondents gave the reason of complaint by a customer. However, the second important reasons given by 18% of respondents were internal whistle-blower and during audit of accounts or reconciliation process. Over 16% of respondents gave the reason “through automated data analysis or transaction monitoring software.” Moreover, other important reasons given by the respondents were: at the point of transaction (10%), through a third-party notification (7%), by accident (6%) and review by a law enforcement agency (4%), respectively. To conclude, as shown in Table 11,survey respondents indicated that frauds in their organizations were most commonly detected through customer complaints, followed by an internal or external tip, which is in line with global trends.
Banks response to fraud is critical as it has the ability to prevent future occurrences. Any response to fraud should be swift and effective so as to percolate the right message to employees. According to a 2009 Circular issued by RBIstates, “Banks to investigate frauds of large values with the help of skilled manpower in order to effectively take internal punitive action against the staff in question, along with external legal prosecution of the fraudsters and their abettors, if required.” In line with RBI’s recommendations, the majority of thesurvey respondents indicated that upon the detectionof fraud, they carried out internal investigations, whileothers reported the incident to a law enforcementagency (see Table 12). The reasons given by respondents were: internal investigation is done (46%), incident reported to legal agency (32%), and forced to resign (14%). It is interesting to note that only 8% ofsurvey respondents indicated using an independentconsultant to carry out investigations. Survey respondents indicated that the top three challenges faced by banks in preventing fraud were: lack of customer awareness (23%); integration of data from various sources (20%); and inadequate fraud detection tools (18%).
It is important to understand that fraud investigation requires specific skill sets like “forensic accounting and technology” to collect adequate evidence, which can be admissible in a court of law. [38] In the absence of these, banks may not have the confidence to take legal resource or action on the fraudster, which could be one of the reasons why banks may not be reporting all the cases to law enforcement agencies. While theresponses received in our survey indicate that banks haveset up a dedicated fraud investigative cell, it appears to be hampered by thelack of dedicated technology tools for investigation. Alittle over 40% of survey respondents indicatedthey had not started implementing dedicated forensic technology tools for investigation, whereas, 20% of respondents had partially implemented these tools.Only 20% indicated that they had implemented forensic technology tools for investigation, and that thesetools were effective.
The second part of the questionnaire focussed very specifically about the use of technology in banks. Accordingly, we asked the Bank Employees and Bank Managers regarding the most effective methodologies used by them in banks to detect and prevent frauds. The response given by Bank Employees and Bank Managers are shown in Table 13.An overwhelming majority of 85% of the respondents indicated that they are planning to use in their bank intrusion prevention technologies. However, 78% of the respondents expressed the opinion that fraud management system be planned for use. However, 68% of the respondents revealed that they intend to use strong encryption techniques in future, and 70% indicated that they plan to apply neural net fraud detection technologies. As against this, 62% of the respondents plan to use strong authentication, as on-going fraud prevention and detection program in future.
According to the responses received, 53% of the respondents appear to have implemented a dedicated fraud detection/analytics solution. However, only one in every three respondents appears to be entirely satisfied with it. The following responses were given by the respondents, in order of response: ability to highlight redflags where controls are being circumvented (29%),ability to identify where enhanced controls are needed (27%), provide enhanced tracking of high-risk customers (19%), provide case management abilities (13%) and provide audit trails (12%), respectively (see Table 14). Thus, it was interesting to note that 56% of respondents sought technology to help them either highlight red-flag areas (29%), where controls have been circumvented, or where controls needed to be enhanced (27%). We feel this could be because banks have realized that “deviation from existing controls by line managers/supervisors is one of the major causes of fraud in this sector.” With technology available, which can help banks detect these deviations in controls, the internal audit team can also leverage this solution to undertake forensic based audits, which could go a long way in enhancing the efficiency of detecting frauds in time. [39]
Since banks are increasingly depending on technology, it is not surprising to find that cybercrime continues to increase in volume, frequency and sophistication. This includes ATM skimming, phishing/vishing and misuse of credit and debit cards [40] (Bhasin, 2007). Table 15 shows that ATM frauds ranked first with 23%, phishing and vishing attacks with 16%, mortgage with 114%, credit cards with 10%. Others (37%), includes options such as third-party POS skimming, account takeover fraud, IP theft, money laundering etc. Additionally, when asked to select the top three areas which were giving sleepless nights to bankers, it was no wonder that internet banking/ATM fraud, E-Banking and identity fraud were the top culprits. Interestingly, mortgage portfolio also appears to be increasingly vulnerable to the risk of fraud.
Also, we asked the respondents some questions about “the demand for FCAs in the future—next five, ten and twenty years.” As can be seen from Table 16, the majority of respondents felt that the demand for FCAs will increase well into the foreseeable future. In fact, ninety-four percent felt that the demand for FCAs would increase in the next 10 years. Respondents were also asked “if they felt that there will be enough FCAs available to meet the demand in the next five, or ten years, and beyond the next 10 years.” As can be seen in Table 17, many participants were unsure if the supply of FCAs would be enough to meet the demand in the future.
Recently, the banking industry around the world has undergone a tremendous change in the way business is conducted. As pointed out by Bhasin [41], “Leading banks are using Data Mining (DM) tools for customer segmentation and profitability, credit scoring and approval, predicting payment default, marketing, detecting fraudulent transactions, etc.” Finally, the sampled respondents were asked, “In general, do FCAs needs to know computer-based forensic techniques?” Eighty-four percent of the respondents answered in “yes” to this question. Moreover, we asked the respondents “how important four different software tools are for FCAs: ACL, IDEA, Data Mining, and Digital Evidence Recovery.” The scales were anchored at each end with the descriptors “extremely unimportant” and “extremely important,” respectively. For the purpose of analysis, the descriptor “extremely unimportant” was given a weight of 1, while the descriptor “extremely important” was given a weight of 7. The mid-point of the scale “neither” was given a weight of 4. Table 18 shows the results. The respondents rated each of these four tools as important, with data mining being rated as the most important with a mean score of 5.83.
Discussion on frauds cannot be complete without analysis of human behavior. An employee in a bank is like a fish in a small ocean. Nobody can determine when and how much water a fish has consumed. Likewise a corrupt and dishonest person in a bank can commit frauds with impunity. [42] Unfortunately, most of the employees committing frauds get scot free, with the award of minor penalties, and the cases pending in courts keep on dragging for many years. The time taken for cases to be ascertained as fraud was very high. It took over 10 years for 45% of the cases and between 5 to 10 years for 67% of the cases, creating a great disconnect between the punishment meted out and the offence. [43]
Recently, the RBI [44] pointed out that “detection of fraud takes very long-time, and banks tend to report an account as fraud only when they exhaust the chances of recovery. Delays in reporting of frauds further delay the alerting of other banks about the modus operandi through caution advices that may result in similar frauds being perpetrated elsewhere.” Bhasin [45] concluded “In the current environment, forensic accountants are in great demand for their accounting, auditing, legal, and investigative skills in order to detect and prevent frauds and scams in the Indian banking sector.” An analysis of big cases looked into by the CBI reveals that bankers sometimes exceed their discretionary powers, and give loans to unscrupulous borrowers on fake/forged documents. More than 7,000 employees of different PSBs are under the scanner for their involvement in these cases. As B. VenkatRamana [46], general manager, corporate communication, UCO Bank said, “The most prevalent nature of cheating and forgery cases relates to forged/fake documents/diversion of funds by borrowers. When fraud is proved with employees’ involvement, there is a disciplinary action/criminal case against the employee.” According to the General Manager (Risk Management), Bank of Baroda, the bank immediately carries out an internal investigation if a case of fraud is detected. The incidence is reported to the RBI and a complaint lodged with the local police/state CID/EOW/CBI depending upon the amount involved. In case involvement of the employee is proved, bank takes disciplinary action, which includes even termination/dismissal of the employee [47].
There is lack of trained and experienced bank staff, and tremendous increase in banking business. By-and-large, new recruits do not have adequate training or experience before they are put into a responsible position. Undoubtedly, training improves the capabilities of employees by enhancing their skills, knowledge and commitment towards their work. [34] Moreover, bank staff feels they are overburdened with work. The life has become fast and the bank staff does not have enough time to scrutinize documents thoroughly. Dilution of system and nonadherence to procedures is also a significant reason for bank frauds. This shows that a full-proof system has not been developed and implemented to familiarize the bank employees of various types of frauds that take place in banks every year. “Most banks try to put in place robust systems and controls to prevent fraud and forgery— regrettably crooks and criminals use more and more sophisticated methods, especially where online fraud is concerned, to defraud banks,” said Meera Sanyal, former CEO and Chairperson of Royal Bank of Scotland in India [27].
The primary responsibility for preventing frauds lies with individual banks. Major cause for perpetration of fraud is laxity in observance in laid down system and procedures by supervising staff. However, the RBI routinely advises banks about major fraud prone areas and the safeguards necessary for prevention of frauds. This is done so that banks can introduce necessary safeguards by way of appropriate procedures and internal checks. With growing usage and dependency on electronic forms of transaction, banks have employed more secured means and platform separate from the normal channels of communication. The authenticity and integrity of such a platform is ensured through usage of specific software, which ensures the validity of the bank’s electronic documents. [48] To keep the above frauds at bay, RBI prescribes that bank should conduct annual review of frauds and apprise its board regarding the findings; banks should have proper reporting mechanism in place to report to the RBI all information about frauds and the follow-up action taken. We would like to make the following three recommendations to the banking industry: (a) Push top management to implement policies that encourage moral behavior and demonstrate an ethical culture. Appoint a senior person for the anti-fraud group to put fraud prevention and controls on the bank’s map; (b) Conduct detailed fraud risk assessments to help focus management’s attention on the risks to be addressed. These should include specific fraud schemes that could be perpetuated against the bank; and (c) Prepare an anti-fraud policy and create appropriate training which clearly defines fraud and misconduct.
How Technology is Shaping the Fight Against Bank Frauds?
Technology is like a double-edged sword. On the one hand, perpetrators are using it to further fraudulent schemes; on the other hand, we are making some of our best progress using the same technology. Undoubtedly, technology can prove helpful in fraud detection and prevention in banks.[49] Unfortunately, the fraud takes on many forms to be handled with any ‘single’ application or approach. The cat and mouse game will continue. As technology becomes more advanced, fraudulent schemes will become more complex, while more sophisticated fraud solutions will be developed to combat hackers’ best efforts. As the landscape of fraud continues to shift, business leaders must be aware of trends and predictions that will allow them to implement internal/external controls and systems to help reduce the risk of fraud and keep them from becoming another statistic.[50] By leveraging the power of data analysis software, banks can detect fraud sooner and reduce the negative impact of significant losses owing to fraud.
Neural Networks have been extensively put to use in the are as of banking, finance and insurance. Usually such applications of neural networks systems involve knowing about the previous cases of fraud, to make systems learn the various trends. Fraud cases are statistically analysed to derive out relationships among input data and values for certainkey parameters in order to understand the various patterns of fraud. This knowledge of fraud trends is then iterativelytaught to feedforward neural networks, which can successfully identify similar fraud cases occurring in the future. [51] In the realm of fraud detection, the ability to revealrelationships, transactions, locations and patternscan make the difference between uncovering a fraudscheme at an early stage as opposed to having it grow into a major incident. From moneylaunderingschemes to anti-corruption laws, from manipulatingfinancial statements by reporting fictitious revenues toinappropriate sanctioning; forensic analytical tools canhelp explore data and quickly identify errors, irregularities and suspicious transactions embedded within your business, thereby providing clarity to concerns raised by managers and employees [52].
Whether it is financial transactions, customer experience, marketing of new products or channel distribution, technology has become the biggest driver of change in the banking sector. Most banks are, therefore, insisting on cashless and paperless transactions. The substantially larger proportion of technology related frauds in the Indian banking sector by number is only expected as there has been a remarkable shift in the service delivery model with greater technology integration in the banking industry. Even though the incidence of cyber frauds is extremely high, the actual amount involved is generally very low. The new technologies adopted by banks are making them increasingly vulnerable to various risks, such as, phishing, identity theft, cards kimming, vishing (voicemail), SMSishing (text messages), Whaling (targeted phising on high net worth individuals),viruses and Trojans, spyware and adware, social engineering. [53,56] Changing technology and rapid flow of information have placed the customer at the center. It is critical for every bank to understand customer needs and expectations and offer customized services.
While some of the risks in the banking sector have always been there, they keep on changing with the constantly evolving technology standards and regulatory framework. Part of the challenge is that the types of financial fraud and characteristics of fraudsters have changed in recent years. For instance, check fraud is in decline while electronic fraud is on the rise, and the latter tends to be perpetrated by more sophisticated criminals. Cheque fraud has been around the globe since the ancient time, but the pace of changing schemes has been very slow for banks to react with very good procedures—many of them still ‘manual’. According to Bhasin [54], “Some of the technological innovations, which may be already in use in some banks are: (a) Twodimensional Bar Codes, (b) Data Glyphs, (c) Biometrics, (d) Cheque Image Processing, (e) Data Mining (f) Data Analytics, etc.” Given this complicated fraud prevention picture, banks will need to figure out their own patterns of exposure and deploy tools with the best fit. Banks have more technology and more incentive than ever to combat fraud in electronic banking services. But whether they have enough technology and incentive to protect consumers from the headaches of a compromised account, payment card or identity is doubtful. Threats are escalating more quickly than what banks, or even just other businesses in general, can deploy in terms of defenses against those threats. [55]
There is no “one silver bullet” to stop all frauds forever. Rather, the pace of new threats is not going to slow down and nobody (no bank, no retailer and no consumer) is ever 100%secured. What is needed instead is a combination of checks from a layered approach that banks will have to adopt and consumers will have to accept if they want to utilize electronic banking services. That suggests consumers should expect to see, and might want to welcome, an ongoing stream of new solutions that banks will employ to stay a step ahead of electronic banking fraudsters. It is most unfortunate that the current system of usernames and passwords, with which consumers are familiar, is basically broken. Consequently, banks also have begun to deploy an array of other technologies, some of which are so exotic and sophisticated they might seem like science fiction [56].Here, is a summary of some of the technology that is on tap:
• Device fingerprinting tracks a series of identifiable hardware and software attributes to recognize a user’s (or fraudster’s) device.
• Behavioral analytics monitor navigation techniques and other aspects of a user’s online behavior to search for anomalies or suspicious activity.
• Malware detection searches for potentially fraudulent changes to a user’s Web browser to assess whether it's been compromised.
• Knowledge-based authentication presents a series of static or dynamic and supposedly secret questions to establish a user’s identity.
• Password tokens give a user a one-timeonly password that must be entered before it expires.
• Out-of-band authentication challenges a user to access a one-time-only password or code that is sent to another device, such as a mobile phone or land line.
• Transaction signing requires a user to digitally sign each transaction.
• Endpoint protection requires a user to download a one-time-only, secure browser to access a website.
• Voice printing records attributes of a caller’s speech over time and matches those attributes against subsequent calls. Voice printing is an example of biometrics, which use unique physical traits, or characteristics to identify individuals.
However, as technology advances, we are seeing a distinct proliferation of more complex fraud schemes. At the same time, we are seeing more breakthroughs in the use of technology to detect fraud. Strategies that we have used in just the past few years will become completely outdated, as a fresh set of tactics will debut.50 To minimize the potential damage of fraud, companies need to invest not just in more advanced technology but in people and policies for detecting attacks as quickly as possible. While the networks are just too large to prevent every attack from occurring, detection is crucial. Most companies do not have adequate protocols and staff in place to deal with incidents of fraud. While advanced technology serves as a great tool to combat fraud, the issue should be viewed as more than just an IT problem and looked at as a business problem. Remember, the cost of trying to prevent fraud is far less expensive to a business than the cost of fraud committed on a business. [51]
Global Trends in Fraud Prevention and Detection
Technology can play a major part in combatting new age frauds, the E&Y Fraud Survey [57] noted and added that a “proactive Forensic Data Analysis” can help governments, regulatory bodies and corporate to counter the increasingly complex nature of frauds. While it is not possible for banks to operate in a zero fraud environment, proactive steps such as conducting risk assessments of procedures and policies can help them hedge their risk of contingent losses due to fraud. Some techniques such as data visualization have proved to be effective. Fuzzy logic is another technique, which can be used on the data records of a company. These clubbed with a social network analysis, can indicate possible threat of collusion. Progressive reviews of unstructured data can help banks analyze the sentiments, tones and elements described in the fraud triangle (incentive, pressure and rationalization). This, together with unsupervised pattern recognition, can proactively help them to put in place fraud parameters. A careful study of the latest fraud cases in India suggests: (a) banks the most vulnerable, (b) difficult to detect collusion and (c) need for investors to be vigilant. Banks are enhancing their processes, controls and fraud risk management frameworks to minimize the opportunities for fraud, as well as, reduce the time taken in their detection. Many banks are implementing their fraud control and reporting frameworks to generate information in a way that the level of fraud identified, prevented and actual losses incurred are identified. This approach has enabled the benefits of skilled resources and automated tools to be quantified more precisely.
Regulators and investigative agencies are also trying to gear up for the changed environment. The Central Bureau of Investigation (CBI) announced that it is developing a “Bank Case Information System (BCIS)” to curb banking frauds. This database contains the names of accused persons, borrowers and public servants compiled from the past records [58]. Moreover, the RBI [59] has released “a new framework to check loan frauds by way of early warning signals for banks and red flagging of accounts where defaulters shall have no access to further banking finance.” It also has plans to set up a “Central Fraud Registry” that can be accessed by all Indian banks. In addition, the CBI and Central Economic Intelligence Bureau (CEIB) will share their databases with banks. The SEBI is in the process of getting its existing business intelligence gathering software, which is used for detecting fraudulent activities in capital markets, upgraded. Whilst the legal environment and regulators have pushed the financial sector in the right direction, individual institutions are also taking the lead in protecting their earnings and reputation. Some of the top trends include:
• Automated Analysis Tools: Today, the industry is increasingly aware of the need for automated analysis tools that identify and report fraud attempts in a timely manner. Solution providers are providing real-time transaction screening, third-party screening as well as compliance solutions.
• Sector-Oriented Benchmarking Solutions: Solutions aimed at assessing the fraud vulnerability of financial institutions are now available. They help in formulating a targeted and costeffective action plan against fraud risks.
• Data Visualization Tools: These are being used to provide a visual representation of complex data patterns and outliers to translate multidimensional data into meaningful pictures or graphics.
• Behavioral Analytics: This is helping businesses identify enemies disguised as customers. The data analytics implemented by the institutions to understand customer behavior, preferences, etc. are also helping in the detection of fraudulent activity either in real-time or post mortem.
• Deep Learning: Internet payment companies providing alternatives to traditional money transfer methods are using deep learning, a new approach to machine learning and artificial intelligence that is good at identifying complex patterns and characteristics of cybercrime and online fraud.
• The Internal Audit Function: This function is being altered to include fraud risk management in its scope. The changed technological landscape requires the old ways of internal auditing to give way to new, technologically equipped audit functions. Annual audit planning may no longer be fully effective and flexible audit plans are the need of the hour, as fraud risk assessments require extensive use of forensic and data analytics solutions.
Effective background checks of employees and associates are recommended. It is difficult but also necessary to integrate data from various sources to be able to derive the benefits of analytics techniques. Banks do face challenges in maintaining the efficiency of anti-fraud security controls at an enterprise-wide level. Challenges arise while integrating channels or within applications and tools (integrating online and ATM transactions, retail banking and corporate banking or integrating subsidiary banks where different information systems are used). The tone at the top is critical in the fight against fraud. Lack of customer and/or staff awareness can result in failure of even the best of technology solutions. It takes a concerted effort to be able to build, maintain and sustain an effective fraud risk management program. Banks need to build awareness around the latest technological and procedural vulnerabilities and fraud schemes, to be able to remain one-step ahead of the fraudsters.
In addition, incident management procedures need to be well-defined and comprehensive, in order to ensure that incidents of fraud are managed without exposing the organization to any legal or reputational risks. Forensic tools can be used to navigate IT systems for evidence of malfeasance such as information deletion, policy violations and unauthorized access. These tools can help the company legal counsels to prepare for a suit to be filed against the fraudster. Apart from internal controls, banks need to also educate the customers. Since the manoeuvres used by cyber-criminals to target sensitive financial data are sophisticated and constantly changing, financial institutions must look at existing security controls with a new approach and risk appetite. The three lines of defense can only be strengthened by technology, not replaced by it.
Customers love online banking for its convenience, while banks benefit from lower costs and a greater reach than a physical branch network provides. Since banking fraudsare going to ultimately affect customer relationship quality and customer loyalty, fraud prevention and its effective communication is very important. [60] In order to ensure that both parties continue to benefit from online banking, it must remain a safe and secure channel that allows legitimate customers access as needed, while simultaneously blocking entrance to cybercriminals. Cybercriminals will continue to target online banking for as long as it is worth their effort to do so. Each instance of online fraud helps additional investment by cybercriminals in the people and technology they need to overcome bank’s defenses. Although, there is not a “one-size-fits-all” portfolio of fraud tools and tactics that is applicable to all banks, the following approaches do exist that can prove highly effective in preventing online frauds: (a) multi-factor authentication, (b) geolocation, (c) device recognition, (d) transaction monitoring, (e) navigation controls, (f) cross-channel, and (g) entitylink analysis. Educating the customer on how to help prevent online banking fraud is just one element of a bank’s fraud defenses. Deploying advanced technology that can quickly adapt to changes in the cybercriminal’s modus operandi is essential to protecting the online channel. Customer must have confidence in the security of a bank’s online platform. There is no end in sight, but banks must stay committed to winning each battle they fight to prevent online fraud. [61] To help prevent and detect financial crime, banks need both an integrated (and timely) data set and the ability to bring sophisticated analytics to bear on the data to generate useful insights. Thus, we see the following three major elements for banks that comprise this capability: (a) enhanced data quality, (b) analytics to transform data into information, and information into insight, and (c) application of data visualization techniques.
While the banking industry in India has witnessed a steady growth in its total business and profits, the amount involved in bank frauds has also been on the rise. This unhealthy development in the banking sector produces not only losses to the banks but also affects their credibility adversely. [5] According to Klein [62], “The business firms lose 5% of revenue each year to fraud. When applied to the 2013 estimated gross world product, this revenue loss translates to a global figure of nearly USD3.7 trillion.” Accordingly, the Government of India has expressed serious concern over the sharp rise in cases of fraud and corruption in the Indian banking sector. Recently, the RBI chief Mr. Rajan has written to the PMO seeking concerted action in the country’s 10 biggest bank frauds allegedly involving prominent real-estate, media and diamond firms that are being probed by the CBI. [63] Moreover, fraud and fraudulent activities inflict severe financial difficulties on banks and their customers; they also reduce the amount of money available for the development of the economy.[7] Many banks and companies that have been victims of frauds are reluctant to share and publicize the facts of the fraud cases due to fear of ‘adverse’ impact on their reputation. [64]
Inadequate measure to prevent banking fraud is the primary reason for widespread frauds. So, what should banks do to safeguard the interests of its customers? According to Chakrabarty [65], Deputy Governor of the RBI, “Banks should strengthen their reporting system, quickly report fraud cases, and fix staff accountability. There is urgent need for sharing practices of fraudsters and methods used by such criminals.” As Siddique and Rehman [66] stated, “The only promising step is to create awareness among people about their rights and duties, and make application of laws more stringent to check crimes.” Banks should ensure that the reporting system is suitably streamlined so that frauds are reported without any delay and fix staff accountability. Banks must provide sufficient focus on the “Fraud Prevention and Management Function” to enable effective investigation of fraud cases. The fraud risk management, fraud monitoring and fraud investigation function must be owned by the bank’s CEO, its Audit Committee of the Board and the Special Committee of the Board, at least in respect of large value frauds. [67] Banks can also frame internal policy for fraud risk management and fraud investigation function, based on the governance standards relating to the ownership of the function and accountability for malfunctioning of the fraud risk management process in their banks.
According to E&Y [57] ‘India Fraud Indicator’ “Since it is impossible for banks to work in a fraud-free environment, banks should conduct risk assessment of policies and hedge the risk of likely losses due to fraud.” Expressing concern over zooming up of the corporate fraud in the last 15 years, Mr. RanjitSinha (CBI Director), said at an ASSOCHAM [68] event, “Rising number of frauds in Indian banks are taking place due to collective failure of regulatory oversight system comprising of external auditors, audit committee, internal audit system, board of directors, independent directors, shareholders, etc. All regulatory and investigative agencies must work in close cooperation and share their inputs and databases with each other in order to prevent frauds.” Although banks cannot be 100% secure against unknown threats, a certain level of preparedness can help to face with confidence fraud risks. Recently, the RBI has “established Central Fraud Registry [59] by sharing information about unscrupulous borrowers at the time loans are sanctioned by cross-checking their credentials, and thus, helping banks to control their bad loans. The CBI and Central Economic Intelligence Bureau will also share their databases with banks.” The regulators also stressed on prevention of fraud through improved market intelligence. Now, we are hopeful that with the help of new initiatives, banking industry would be able to minimize the fraud losses, gain customer trust and improve their reputation.
The top three fraud risks that are currently the highest concern to the banks are: (a) Internet banking and ATM fraud, (b) E-banking (credit card and debit card, etc.), and (c) Identity fraud.Despite the proliferation of online and mobile service offerings and the rise in cybercrime, banks and financial institutions can fight back. A comprehensive anti-fraud program can not only protect customers but can cause wouldbe cyber criminals to turn their attentions elsewhere.
It is important to understand that fraud investigation requires specific skill sets like forensic accounting and technology to collect adequate evidence. [70] While the evidence unearthed by a fraud investigation can vary on a case-to-case basis; typically, it needs to be relevant and comprehensive to be admissible in a court of law. Certain additional aspects, such as, the source of the evidence, a legitimate witness, electronic evidence and data etc., can all add credibility to the case. In the absence of these, banks may not have the confidence to take legal recourse or action on the fraudster which could be one of the reasons why banks may not be reporting all the cases to law enforcement agencies.Prior to Satyam [71] (often called as India’s Enron) fraud, most companies perceived fraud as largely an internal event, primarily pinching the bottom line. They now understand that fraud can have an impact not only on the reputation and business prospects but also on the survival of the firm. This concern has led to higher demand for FCAs in countries like India and China. The Ministry of Corporate Affairs in India has also established the Serious Fraud Investigation Office, which seeks the help of FCAs. The government recently proposed to give more teeth to the SFIO under the new Companies Bill by providing it statutory recognition and empowering it with more powers. The FCA’s being professional members of the CG and Audit Committees, can play a far greater role in coordinating company efforts to achieve a cohesive policy of ethical behavior within an organization. [72] By helping companies to detect and prevent fraud, FCAs can create a ‘positive’ work environment, establish ‘effective’ lines of communication, and be vigilant as a corporate ‘watchdog’, the FCAs role can gradually evolve into a key component in the CG system.Let us hope that FCAs, through their specialized knowledge, training and skills, will be able to improve CG scenario, still a work-in-progress, across the globe.
Last, but not the least, effective customer education and communications programs–helping customers recognize how to prevent fraud, but also helping them understand their own responsibilities–should go hand-in-hand with sophisticated cyber security measures. Only by working in partnership with their customers can financial institutions develop truly effective fraud prevention efforts.
The author is grateful to the reviewer of this journal for carefully reading the paper and for offering his valuable comments and suggestions, which finally helped the author to improve this paper.