'NiMo having skipped, the next best bet is a high-profile banker.'
'Ms Usha happens to be in the wrong place at the wrong time.'
Ms Usha's crime? That's as thin as it gets,' says S Muralidharan, former managing director, BNP Paribas.
Illustration: Dominic Xavier/Rediff.com
Billions have been defalcated, salted away, and the perpetrators have removed themselves from the reach of the rather short, incompetent and extremely ineffective arm of Indian Law.
The story thus shifts to blame allocation.
The Clown Prince makes a connection based on a shared last name. The ruling dispensation weakly and reluctantly tries to pin it on the previous and notoriously kleptocratic regime presided over by someone well past his sell-by date.
It seems as if the present dispensation can't decide if they themselves were or were not responsible!
The breathless excitement of the hyperventilating visual media has run out of steam. Almost as an afterthought a bank CEO and couple of EDs have been 'stripped of their powers'.
Announcing the developments, the financial services secretary alluded to 'a set process'; for doing such things. What he meant was that this time it is going to be done by the book.
There was a time when a doyen of Indian banking was peremptorily and summarily sacked, allegedly for his refusal to lend to a businessman. He had refused to resign and dared the government to sack him. They did, although they had to amend an Act to do so.
Ah, those were the days of defiant bankers and decisive leaders.
In these politically correct times 'set process' has replaced defiance and decisiveness.
It is a given that when officials take shelter behind 'processes', they are preparing the ground for lack of results.
I am not suggesting that the impugned lady be paid a midnight visit by the investigators; in fact, I am glad that despite the media and political frenzy she was shown the courtesy due to a woman; I am merely reminded of the delightful world of Yes Minister in which non-result was guaranteed when Sir Humphrey went into verbal overdrive.
Ms Usha's crime? That's as thin as it gets: 'Failing to comply with RBI instructions concerning SWIFT and Core Banking System'. That is government speak for failing to implement the RBI's circular on integrating SWIFT system with the Bank's Banking Platform (aka the Core Banking System).
It is certainly a management failure. But is it a crime?
SWIFT is the acronym for Society for Worldwide Interbank Financial Telecommunication.
Based in Belgium it comprises of 11,000 financial institution members and handles 15 million messages a day between them.
It does not perform clearing and settlement functions, but merely speedily transmits standardised financial messages in a secured environment.
As such, it is not a money-transfer mechanism, although messages it carries may result in payments /transfers and receipts.
It can also be used to communicate promises to pay such as letters of credit/guarantees/undertakings etc.
The CBS is a financial accounting system which maintains customer accounts and banks' own internal accounts -- think of it as a vast system of old-style ledgers except you don't get muscular handling it.
The astute reader may already have identified the nub of the issue: How do you integrate the CBS, which is an accounting system, with SWIFT which is a messaging system?
It is a bit like filing all customer correspondence of old in the ledgers of those times.
The RBI's relationship with the banks used to be interesting: They thought we were a bunch of cowboys and lazy lubbers who were loath to implement their words of wisdom and we thought they were a bunch of desk jockeys who got their daily dose of jollies by drafting impractical, unimplementable and often incomprehensible circulars.
They were like a former boss in my PSU bank days: When the backlog in books-balancing kept mounting he would sagely declaim 'Something Must be Done', trying to look decisive but was clueless as to what exactly we could/should do.
Lack of front-line banking expertise or experience compounded the RBI's problem.
Most of the time we considered the RBI circulars as an expression of the desire to cover their rear ends should things go wrong. That their instructions were hardly ever blueprints for doing something is not an overstatement.
Despite their successful deflection of the blame for the famous Harshad Mehta scam, it was in a great measure facilitated, according to those in the know, by their public debt office not reconciling/settling interbank transactions in government securities.
Computerising and speeding up reconciliation of G-Sec transactions has eliminated scope for that type of fraud -- we have remained free of scams in that area for 25 years now.
It is thus likely that some old-timer in RBI realised the dangers of the gap between SWIFT and CBS and caused a circular to be issued in 2016.
Not complying with the aforesaid circular is the reason cited for Ms Usha being stripped of her powers.
The question is, what did the RBI do after issuing a circular?
Did they realise how serious it could be?
Did they have a clue as to how a bank employee/customer working alone or in cahoots could exploit the loophole to commit a financial fraud?
If the matter was serious enough to warrant a circular -- it certainly was -- should they have done more? Like 'inspecting' the banks to monitor the progress and/or reviewing it with the CEOs until compliance was complete?
If there was no progress, should they not have alerted the secretary of financial services?
Was s/he advised of this glaring weakness in PSU banks' systems, with the RBI's views on the ramifications of not minding this gap?
Given that the 21 PSU banks generally use one or the other CBS, it should not have been impossible to implement SWIFT integration despite its nature differing from that of CBS.
It is a bit of a technical issue, but is more of a managerial/supervisory failure.
What of the owners of the PSU banks? Do they bear any responsibilities at all?
Or is it their job merely to make inane statements, after the fact, about 'set processes'?
This raises a general question about how the PSU banks' 'internal controls' are structured, acted upon and periodically reviewed and upgraded.
Things could have changed since I was last there, but I do not think any Indian PSU bank has a systematic 'Internal Control System' that drills down to the lowest active unit.
In European banks, this control system is written by each manager for the area under her/his care so that it takes a microscopic view of the day to day activities and lists them according to their importance in terms of likelihood of occurrence and impact if they did occur.
This process makes the managers explicitly think about risks in their area of responsibility.
It also alerts the manager's supervisor to the critical areas that s/he in turn should keep an eye on, and so on right up to the very top.
One cannot repeat and recycle the previous year's list the next year.
One dimension of managerial assessment each year is awareness of risks and devising and implementing control measures.
One can hardly overemphasise that the best place to control risks is at the individual employee level by fostering and nurturing a very high ethical standards, by helping them develop a fine sense of risk and assisting them practice their own control measures.
And, of course, zero tolerance of unethical behaviour.
In the PNB case, it could be said that two managers colluding could send out messages communicating unauthorised credit facilities.
Firstly, I would argue that it would take more than two.
Secondly, had there been a practice of post facto scrutiny, by a different department/person of SWIFT messages sent out, these fraudulent messages would have come to light.
Had they been referred to the department that approved credit facilities, it would have turned up the fraud a lot earlier and when it was still small.
It is very likely that the PNB branch where this happened had a so-called 'concurrent audit', or an audit on a continuous basis, every day of the year, every year.
Did they not audit the SWIFT activities and controls thereof?
Ronald Reagan put it succinctly: 'Trust, but Verify'.
Coming back to the hapless Ms Usha, is she a villain, victim, or a scapegoat?
Her achievements appear to be long and varied -- CEO of a couple of PSU banks, head of the team to set up 'women-centric' banking, the first chairwoman of the Indian Banks Association, etc etc.
Could she have been naive enough to be persuaded into some hare-brained scheme to send unauthorised financial messages? I don't think so.
The very fact that even the ministry hasn't come up with anything other than 'non compliance with RBI instructions' shows that a case of conspiracy to defraud will not stick.
If not a villain, could she be a victim?
She did not have a varied and successful career over three-and-a-half decades by being a victim. Mind you, she climbed a pole that is greased twice as much for a woman as for a man.
She couldn't have met with the success she has if she was merely a victim.
A scapegoat then? Very likely.
There's no percentage to the government in catching and incarcerating a few deputy managers at PNB.
However, NiMo having skipped, the next best bet is a high-profile banker. Ms Usha happens to be in the wrong place at the wrong time.
Nothing personal; it's strictly business.
The government appointed her so they have every right to sack her so long as they are the majority owners of the bank.
One could easily make out a case for poor management of a grave risk.
The ministry is fooling itself if it thinks that RBI instructions are implicitly and immediately obeyed.
For one, as I have already noted, unless things have changed recently, they are issued by desk jockeys woefully out of touch with the ground realities and intent on covering their own tails, unmindful of the practicability.
I cannot escape the thought that Indian regulations are made with the cynical mindset of escaping accountability if things go wrong.
This needs to change.
Regulations need to take into account ground realities and specificities of the business they regulate.
What is disquieting is the total silence on how exactly was the fraud carried out.
It is as if our easily-outraged media are only interested in corruption in high places, but not in simple and effective frauds.
If it was a question of NiMo having obtained undeserved credit lines, then why would he resort to a plain and simple fraud at the sharp end?
He could easily have got his friends in high places to order that more credit be given -- that is how Mallya did it as did a host of other names whose businesses are now up for grabs.
That brings us to the elephant in the room no one wants to talk about. What is the connection between the high profile bankruptcy cases, failed large businesses, bank NPAs and fugitive tycoons? Government control of banks.
We argue in favour of ejecting failed or fraudulent businessmen from the businesses they used to own; yet we turn a blind eye to the biggest owner of them all: Government.
I would argue that the rash of poor loan decisions, systemic failures, management failures etc are all traceable to two factors: 1. Government ownership and control of banks, and 2. Political interference in banks. The latter will not stop so long as the former remains in place.
Next year will mark the 50th anniversary of Nationalisation of banks. Let us also make it the beginning of the end for government control of banks.
S Muralidharan retired as the managing director of BNP Paribas after serving the bank for 20 years.