Punjab National Bank is in the eye of the storm for not having nipped the alleged Rs 11,400-crore Nirav Modi scam in the bud. By now, both senior bank functionaries and junior officials of the branch where the scam took place have been questioned. Finance Minister Arun Jaitley has raised concerns about auditors, regulators and top bank functionaries being unable to detect the scam in time.

Part of the blame may lie with the government itself, particularly the finance ministry. One of its nominees, a senior Indian Administrative Services officer, is a member of the audit committee of the bank’s board of directors. This committee, a subset of the board, is meant to supervise audits and ensure that they are conducted with due diligence and that proper checks are in place to ensure such scams do not go undetected. Documents of the bank show that the audit committee was well aware of how weak its audit and scrutiny system was. As recently as September, another branch of the bank had been found embroiled in a Rs 464-crore scam involving foreign exchange, black money and shell companies.

But, for two years, between 2015 and 2017, the Punjab National Bank did not have an adequate number of independent board members on the audit committee. These independent members are individuals who are not employees or have any stake in the bank’s business.

Regulations of the Securities and Exchange Board of India require two-thirds of the members on the audit committee to be independent to ensure better scrutiny. But the bank’s statutory auditors, signing off the consecutive annual reports, found that the bank was in breach of this regulation. Instead of fixing this breach, the bank justified it saying that it followed instructions and regulations of the Reserve Bank of India in electing the audit committee members. All the while, the government nominee continued to be a member of the audit committee.

Total oversight

To understand the possible lapses that allowed the scam in Punjab National Bank to go undetected, Scroll.in talked to a senior forensic auditor working for a public sector bank, and to several other officials working in senior positions. They laid bare the different stages within Punjab National Bank where red flags should have been raised over the past several years.

In its First Information Report to the Central Bureau of Investigation on the scam, Punjab National Bank explained how the key reason the scam went undetected internally for so long was that two key softwares to log transactions were not connected. These two softwares are SWIFT, short for Society for Worldwide Interbank Financial Telecommunications, and the Core Banking Solution, or the main online account keeping software. Consequently, the bank said, its employees were able to send messages on SWIFT that provided credit to Nirav Modi’s companies (in the name of Letters of Understanding), which they did not log into the Core Banking Solution.

It is true that the two softwares are not linked in this bank. But that could not have created a blind spot for auditors, explained the forensic auditor, who did not want to be identified. “The guidance note of the Institute of Chartered Accountants of India specifically requires auditors to check the SWIFT records independently and cross verify them against the bank’s main accounts,” he said. “There are specific detailed guidelines for verifying detailed audit trail from SWIFT records with the main bank accounts. This is mandated so because many public sector banks do not have the two softwares linked at the moment.”

The Institute of Chartered Accountants of India is a self-governing body of all auditors, which regularly puts out advisories on how to audit different kinds of entities.

The guidance note for auditing banks, revised as recently as 2017, notes, “Following documents are required to be verified by the statutory auditors during review...SWIFT messages originated by overseas bank specifying the terms of Buyer’s Credit.”

The auditor explained: “The internal auditors of the bank, the concurrent auditors of the branch and the statutory auditors of the bank should have all been checking this every year.”

Institute of Chartered Accountants of India's Guidance Note on Auditing Banks

Bank branches dealing with foreign exchange – such as the Punjab National Bank’s Brady House branch in South Mumbai from where the scam allegedly took place – must get special approvals by the RBI.

The level of audits and scrutiny prescribed for branches dealing with foreign exchange is of a much higher degree than that prescribed for others. The audit committee of the board oversees a quarterly report particularly on the foreign exchange dealings of such branches.

Early signs

“Concurrent and other auditors cannot possibly check every transaction at even such a branch which deals with foreign exchange,” said the forensic auditor. “Therefore, they are required to look particularly at segments of lending where sudden increases and decreases are being noticed through the year or year-on-year. In these segments we should be carrying out a 100% audit of all transactions.”

The Punjab National Bank did see rapid changes in this kind of lending to the gems and jewellery sector, shows data. The loans extended to customers through Letters of Understanding, which Nirav Modi got, are classified as part of the non-fund based offshore loans.

By the end of March 2013, the bank’s overseas non-fund based loans stood at Rs 407 crore. By March 2014, the loans had zoomed to Rs 3,458 crore. By March 2017, they stood at Rs 4,302 crore show the bank’s annual reports. The funded loans – which typically require the bank to give the money right away to the customer – galloped from Rs 2,665 crore to Rs 23,602 crore over the same period. The unpaid loans from this customer segment – non-performing assets in banking parlance – were also above 20% of the total loaned sum in some years, which is far above the bank-wide average.

“Customers dealing in gems and jewellery have been treated as a risky segment to lend for several years now by bankers,” said S Nagarajan, general secretary of the All India Bank Officers’ Association. “In fact they often complain about how tough it has got to secure low-interest and easy loans these days. Auditors are required to keep a specific eye out for such segments. The audit committee of the board should have ideally delved into these fluctuations and made sure the loans given to them, particularly in foreign exchange, are specially scrutinised. They cannot escape responsibility.”

Cash trail

In a regular loan, the bank advances money to the customer. The customer returns some of the principal amount every month along with interest, which becomes the bank’s income. The kind of loan the Punjab National Bank offered to Nirav Modi’s companies works a bit differently.

Take the following example. A customer approaches Bank A in India wanting to import gems worth Rs 100. For this purpose, Bank A sends a letter of understanding to Bank B, a foreign bank based abroad. Bank B transfers the foreign exchange required in the account of Bank A that it holds (called a Nostro account). The customer withdraws the money from the Nostro account to pay for his import. Within a fixed time, the customer pays back the amount to Bank A, which then remits the funds to Bank B. If the customer does not repay Bank A, that bank has to still repay Bank B. Bank A takes a commission on the transaction at the time of issuing the letter of understanding.

“Auditors are required to check these commissions or fee separately,” said the forensic auditor. “If they had done their due diligence they would have seen a difference in the number of letters of understanding moving through the SWIFT software and the missing commissions against them in the bank’s main accounting system. That is the standard practise.”

Another senior official who has dealt in foreign exchange for over three years at another public sector bank said, “Auditors are required to also specifically check the Nostro accounts. There are detailed guidelines for it. That should have thrown up the fact that Letters of Understanding were being issued but not logged in the main accounts.”

A review of the guidance note by the Institute of Chartered Accountants of India confirms that rather detailed guidelines exist for auditors to verify Nostro accounts.

Past lapses

It is not as if the bank’s audit committee was not aware of how weak its audit and fraud detection systems are. An official of another public sector bank pointed to a filing to the Bombay Stock Exchange in December in which Punjab National Bank admitted to several lapses. Last September, a Rs 484 crore scam involving foreign exchange transfers by a Chennai branch through shell companies was detected by CBI. This too involved funnelling out money using the bank’s Nostro accounts.

In the filing, the Punjab National Bank states: “Regulatory feedback has noted that we have had many instances of lapses relating to our compliance with know your customer norms, anti-money laundering laws...failure to update the risk status of customers”.

The report admits that the RBI had earlier stated that the bank has “had no system to monitor large credits to small accounts and money mules, among other matters”. The RBI had repeatedly fined the bank for its lapses, the bank management admitted in its filings.