There is a significant increase in number of bank frauds, especially with the involvement of persons from within. Few days ago, Moneylife reported in the case of Dr Ajay Sood, a non-resident Indian (NRI), from whose account Rs1.33 crore were withdrawn using the same numbered cheques when the originals were in his possession in the US. He even found his mobile number changed and an Aadhaar number submitted in the bank. Since Dr Sood is an NRI, he is not required to submit Aadhaar. Yet there was one in the bank record along with changed mobile number. Such frauds are not possible without help or involvement from the insiders, including bank employees.
However, banks are increasingly outsourcing many jobs and, thus, allowing employees of outsourced agency or agencies access to its core banking solution (CBS). The Reserve Bank of India (RBI), in its Financial Stability Report December 2018
, has expressed concern over this.
It says, "The employees in the outsourced agency had the same access rights, both read/ write, to the bank’s CBS. Further, it was also observed that user control related activities such as password resetting, access rights to bank’s applications and change request, were handled by the outsourced agency."
In addition, RBI says, the service level agreements signed by banks with their outsourced agencies did not recognise the central bank's right to inspect the service-provider of the bank and their books and accounts.
The RBI had conducted a thematic study on operations of the service centres or business process outsourcing subsidiaries of major foreign banks. RBI says, its study revealed that outsourcing agencies or group entities were working as per mandate given to them and no such concerns were observed, which may expose banks to reputation risk.
During July 2017 to 30 June 2108, the central bank found non-compliance by banks on fraud classification and reporting. This resulted in the RBI's enforcement department taking action against 14 banks, including a payment bank and a small finance bank. The department also imposed a penalty of Rs102.4 crore (Rs1,024 million).
Between 1st July and 31 October 2018, the enforcement department took action against seven banks, including a payments bank and a cooperative bank and imposed a penalty of Rs14.2 crore (Rs142 million) for non-compliance with fraud classification and reporting.