Don’t miss the latest developments in business and finance.

RBI e-mail on risk control in November 2016 did not reach us, says PNB

CBI's probe into the Rs 143 billion Nirav Modi-Mehul Choksi fraud hinges on the premise that the Delhi-based bank did not follow suggestions made by the Reserve Bank of India (RBI) from time to time

Bs_logoPNB, Punjab National Bank
Somesh Jha New Delhi
Last Updated : Jun 21 2018 | 6:41 AM IST
Punjab National Bank (PNB) has claimed that the lender did not receive a crucial directive sent by the Reserve Bank of India (RBI) in November 2016 asking all commercial banks to strengthen their risk mechanism to avert fraud.
 
The RBI last week blamed the PNB board for the Rs 143 billion Nirav Modi-Mehul Choksi fraud.
 
The Central Bureau of Investigation’s (CBI’s) probe into the fraud hinges on the premise that the Delhi-based bank did not follow suggestions made by the RBI from time to time.
 
Documents reviewed by Business Standard show an interesting turn of events during the CBI probe. PNB claimed it never received an important e-mail titled ‘Cyber security controls – frauds related to trade finance transactions – misuse of SWIFT’ sent by the RBI on November 30, 2016. The RBI’s ‘confidential’ e-mail highlighted the deficiencies that the regulator found in the SWIFT system, through a survey of banks, including PNB, conducted earlier in 2016.

 
Through the circular, the RBI asked chief executives of all commercial banks to seek approval of their respective boards by February 2017 to strengthen the SWIFT infrastructure, which was at the centre of India’s biggest banking fraud at PNB. The RBI also directed banks to verify transactions that took place using SWIFT from January 1, 2015, “to ensure that all such transactions were captured in the books of accounts and were supported by genuine underlying transactions.” PNB reported the fraud to the CBI and other agencies in January 2018. 

 
Both the RBI and PNB did not respond to e-mails.
 
Interestingly, though all other banks confirmed to the RBI about the receipt of the e-mail, only PNB reported it was unaware of the diktat.
 
A group of companies belonging to Nirav Modi and Mehul Choksi fraudulently secured loans worth Rs 143 billion. These loans were issued by PNB executives through SWIFT, a global messaging system. The fraud went undetected for seven years since the SWIFT was not integrated with PNB’s core banking system (CBS).

 
Recent correspondence exchanged between the RBI and PNB show how, during a follow-up exercise by the regulator in February 2018, PNB denied receiving the November 2016 circular.
 
After the PNB scam broke towards the end of January, the RBI sought a compliance report from all banks, including PNB, through an e-mail dated February 16, on a series of circulars issued in 2016, including the one sent in November 2016.
 
“The referred letter (dated November 25, 2016) is not received,” PNB General Manager Ashwini Vats told the RBI in its February 20 communique.
 
The central bank then wrote to PNB Managing Director and Chief Executive Officer Sunil Mehta on March 7 attaching a copy of the e-mail delivery notification of the November 2016 directive. “You are advised to examine the reason for non-availability of the circular at your end and report to us,” said Deepan Dey, assistant general manager, banking supervision, RBI.
 
PNB reverted saying though the bank received an e-mail with a password to open the November 2016 circular, it did not receive the e-mail containing the circular. “Both the e-mails were sent on November 30, 2016, to md@pnb.co.in within 11 minutes gap,” RBI General Manager (banking supervision) Pankaj Ekka told the CBI during the investigation.
 
As a practice, the RBI sends passwords of its confidential circulars to banks through e-mails in advance.
 
After conducting a thorough probe, the bank’s chief compliance officer confirmed to the RBI again on March 19 that it had received no such e-mail. Among all banks, only PNB did not receive the RBI’s e-mail containing the November 2016 circular.
 
Apart from highlighting a communication breakdown, the whole episode points to two key elements – that the RBI did not check whether PNB complied with its important communique until the scam broke, and PNB never asked the regulator about the circular even after receiving a separate e-mail with the password to open it.
 
This happened despite the fact that the RBI had appointed a senior supervisory manager for PNB between May 2013 and April 2017 who is supposed to be the nodal officer between the bank and the RBI.
 
The central bank also has a nominee on the board of PNB, which was supposed to take corrective measures to comply with the November 2016 circular. However, the RBI in its justification to the CBI said it had issued two circulars in August 2016 that had asked banks to take corrective measures, including the ones mentioned in its November 2016 circular. “Notwithstanding the bank’s claim of not having received the e-mail containing the November 25, 2016 circular, the controls enumerated in the first two circulars (August 3, 2016 and August 10, 2016) were not implemented by the bank… Had the control mechanism prescribed in the above circulars been implemented by PNB in letter and spirit, the fraud could have been averted or detected early,” Ekka said in his submission.
 
The CBI last month filed two separate chargesheets, naming the bank's former chief executive Usha Ananthasubramanian, its executive directors KV Brahmaji Rao and Sanjiv Sharan, general managwr (international operations) Nehal Ahad, among others in connection with the case. The CBI has said that these executives had facilitated the fraud “through their acts and ommissions.”
Next Story