While the scam highlights the need for an overhaul of the oversight mechanism of banks and of their internal controls, questions are being raised on why multiple audits failed to raise an alarm
Punjab National Bank in an FIR filed with the Central Bureau of Investigation submitted that its in-house investigation had not found any role of chartered accountants, the statutory auditors and empanelled valuers in the alleged scam.
That would be music to the ears of the five statutory auditors of the New Delhi-headquartered bank.
However, it remains unanswered as to why multiple levels of audit failed to raise an alarm in the system.
Liability for the fraud
On the question of liability, legal experts are unanimous that the issue is loaded against Punjab National Bank.
Lawyers say the general principle is that a banker is bound to honour a Letter of Credit, standby letters of credit performance, bond and bank guarantees on face value.
The exceptions to this norm arise only when there is a fraud.
“However, a fraud by the bank or an employee of the bank is not an exception and cannot be a reason for disputing its liability,” says Sawant Singh, partner, Phoenix Legal.
Jayesh H, senior partner and Saurabh Sharma, senior associate, Juris Corp, point out that if it is established that banks' officials were involved in this fraud, then Punjab National Bank may be held liable, applying principle of vicarious liability.
“This principle has been upheld in multiple judgments of the Supreme Court and various high courts in the country,” says Kannan Rahul, partner, Trilegal.
Legal experts say the bank could attempt to dispute its liability by claiming that the beneficiary was hand-in-glove with the delinquent employees.
There is also a question of other banks not doing due-diligence on meeting statutory RBI guidelines while issuing Letter of Credit to the beneficiary against Letter of Understanding.
Accoriding to Ramesh K Vaidyanathan, managing partner, Advaya Legal, the other banks were entitled to rely on the Letter of Understanding issued by Punjab National Bank.
“They may invite action from the RBI under the central bank’s supervisory capacity over the banks for failure to follow norms. However, this does not disentitle them from being paid by Punjab National Bank,” he says.
Role of auditors
Auditors say it is difficult to capture such fraudulent transactions in the statutory audit process.
“Yes, there were clear gaps in the entire internal controls, which include audit processes,” says Rakesh Nangia, managing partner, Nangia & Co.
What makes the task more difficult for the auditors is that the scam was conducted in collusion with several employees.
“There is a failure in the complete chain of responsibility matrix and could not have continued without collusion,” he says.
According to Reshmi Khurana, managing director, Kroll India, the scam relates to fraudulent transactions in relation to one client.
“Such frauds can only be captured if auditors, whether internal or statutory auditors, monitor high-value or unusual transactions on a routine basis,” she says.
Amarjit Chopra, former president of Institute of Chartered Accountants of India, points out that it is difficult for auditors to identify such fraudulent transactions largely because they were carried out bypassing the core banking system.
“The technology auditors of the bank need to be asked how come two technical systems, SWIFT and the core banking system, do not talk to each other. It is a case of system failure,” he concedes.The lessons for the audit community are many, feels Jamil Khatri, partner, BSR&Co.
“Use of data analytics technology in the audit process enhances the chance of highlighting any transaction which is an outlier and could need further investigation,” he says.
Moreover, auditors need to have a thorough understanding of the client's business and related risks.
“This will help them flag-off any suspected deviations from internal controls,” he adds.
For Vishesh C Chandiok, CEO, Grant Thornton India, the biggest take away from the scam is the need to take a step back and think how the pillars of oversight - board, internal audit, audit, regulatory - can be collectively strengthened.
“One has to fight the urge to blame someone or respond with additional regulations,” he says.