“Imperative of revisiting the operational risk control architecture in public sector banks (PSBs) in India: a qualitative analysis”

The banking sector in India has contributed to economic growth, parity and equity while equally keeping focus on profit and social objectives. The successive prudential and regulatory reforms introduced in the banking sector have made it more robust and stronger to withstand the bubbles and external shocks. Still, the Indian banking sector in general and public-sector banks (PSBs) in particular have been suffering from the bank frauds. This study endeavors to cover the increasing incidences of banking frauds in PSBs and probes the weaknesses and chinks in the operational risk architecture at the PSBs in India. This study selects Punjab National Bank as a true representative of PSBs and treats it as a critical case study to apply the learning and findings to the PSBs in India. This qualitative analysis of the study revealed that the chinks in the operational risk control mechanism and lax corporate governance are the main reasons behind the increasing incidences of frauds at PSBs. The findings of the study showed that a strong corporate governance and compliance framework, robust risk manage- ment architecture, investment in people, technology and systems will go a long way in achieving tighter control and supervision, streamlining processes and, most of all, adhering to a culture of checks and balances.


INTRODUCTION
The reforms introduced in 1991 in the banking sector in India have contributed to economic growth, parity and equity while equally keeping their focus on profit and social objectives. The successive prudential and regulatory reforms introduced in the banking sector have made it relatively more robust and stronger to withstand the bubbles and external shocks.
Irrespective of the progress achieved in the prudential and regulatory realms, the Indian banking sector in general and PSBs in particular have been suffering from the poor corporate governance and unethical practices resulting in banking frauds. As per the Reserve Bank of India (RBI) report, public sector banks have witnessed as many as 8,670 loan fraud cases amounting to Rs. 61,260 crores over a period of last five financial years up to March 31, 2017. A rare and occasional banking fraud can be considered as the cost of doing business, but the repetitive and massive frauds happening in PSBs depict the deep hidden weaknesses in the risk management of PSBs.
The problem with the PSBs stems from the relative negligence of the risk management function by their boards and top management. The inability of the bank to control operational risk and the inattentiveness of all stakeholders to notice the signs of slackness over a long period of time have brought colossal loss of reputation for the banking system. The recent spate of arrests of top bankers working in Public Sector Banks by the investigative agencies for frauds highlights the utter lack of operational risk management and disregard for corporate governance. More than the amount of money involved and lost the negativity and skepticism these scams generated in the global financial community are more harmful in the long run for the country. The iterative and massive banking frauds weaken the faith of Indian public and international investors in the banking system. Therefore, this study endeavors to understand the reasons for increasing incidences of banking frauds in the PSBs and probes the weaknesses and chinks in the operational risk architecture at the PSBs. This study also aims to provide recommendations to prevent banking frauds at PSBs. The rest of the paper is divided as follows. The first section covers the detailed review of available literature on bank frauds across the world in general and India in particular. The second section of the paper explains the justification for the adoption of qualitative methodology for the study and its relevance to the phenomenon of banking frauds at PSBs. The third section uses the qualitative tool of the 5W2H method to uncover the anatomy of fraud at Punjab National Bank, which is treated as a critical case study of PSBs in India. It also makes a critical review and analysis of the existing risk management practices and architecture in the public-sector banks in India. The fourth section presents the research results. It also highlights and presents the case for revisiting the risk management architecture to prevent banking frauds in PSBs. The last section concludes.

LITERATURE REVIEW. THEORETICAL BACKGROUND
RBI, the regulator of banks in India, defines fraud as "A deliberate act of omission or commission by any person, carried out in the course of a banking transaction or in the books of accounts maintained manually or under computer system in banks, resulting in wrongful gain to any person for a temporary period or otherwise, with or without any monetary loss to the bank". On the other hand, Basel Committee (2006) asserts that frauds are losses that originate from failed internal processes, people and systems or from external events.

Reasons for bank fraud
The three factors like pressure, opportunity and rationalization (the triangle of fraud) function as enabling factors for the occurrence of a fraud within the organization (Cressy, 1973). The disgruntled employees are more likely to break the rules, irrespective of their age and position to equate with the perceived inequalities (Holliger & Clark, 1983). The fraud is likely to happen in a situation where situational pressure and opportunity for fraud are high, combined with low personal integrity of the individual (Albretch, 1984). Wolfe and Hermanson (2004) added one more element to the fraud triangle theory, that is capability. They found that a smart, knowledgeable, influential person and in a powerful position can either coerce or bully his subordinates or colleagues to commit a fraud or be a partner in fraud willingly or unwillingly. The triangle of external pressure, personal financial needs and financial target has contributed to risks in bank frauds (Skousen & Wright, 2006). The lesser probability of employee gets exposed or caught increases the chances of him committing a bank fraud (Chen et al., 2007). Hogan, Rezace, Riley, and Velury (2008) believe that the fraud triangle theory helps in the detection, control and prevention of the fraud. Crime or fraud is often done with cohorts but in isolation. The personal goal of achieving an individual financial target and external pressure of achieving a particular target may also influence the tendency of bank frauds (Hasnan et al., 2008). Murdock (2008) reported that the employee who is under pressure be it financial or non-financial is vulnerable for committing a bank fraud.
Omar and Mohammad Din (2010) reported that main conspirator will manipulate the feelings of the colleagues or co-workers or subordinates to be a part of the fraud by bullying them or by influencing them for the utilization of their skills in committing a fraud. The individual cognitive biases, conditions and heuristics influence the employees to get into the acts of bank frauds (Anandrajan & Kleinman, 2011). Kaseem and Higson (2012) found that a lot of frauds are orchestrated by the people with right knowledge and right capabilities. The employee under internal or external pressure is likely to commit the bank frauds (Dellaports, 2013). The dishonest employees will eventually infect a portion of the honest employees within the organization and make them commit frauds (Wells, 2014). The technical expertise and the confidence to pull off the fraud without being exposed or get caught motivate the employees to indulge in bank frauds (Wolfe & Hermanson, 2004). Thus, the following hypothesis is tested.
H1: The presence of three factors like pressure, opportunity and rationalization (the triangle of fraud) are enabling factors for the occurrence of a fraud within the public sector banks in India.

Corporate governance and bank frauds
It is not presence and existence of the audit committees, which will prevent the occurrence of the frauds, but it is the way audit committees operate and function within the organization (Alleyne & Howard, 2005). A person with low personal integrity is more vulnerable to commit a fraud than the person with high personal integrity (Dorminey et al., 2010). The act of outsourcing the recruitment process of bank employees to the third parties may result in bank losing the full control of recruitment process, resulting in morally corrupt and dishonest employees entering into the banking system (Newenham & Kawindi, 2011). The employees who lack in ethical values tend to commit bribery and corruption (Chen et al., 2013). The organizations having an independent board of directors are more effective in the prevention of frauds, and these organizations will have lower incidences of frauds (Agrawal & Chadha, 2005). Thus, the following hypothesis is proposed.
H2: The lack of compliance and lax corporate governance result in banking frauds in PSBs in India.

Operational risk procedures and bank frauds
The operational risk emerges from the lack of regular independent checks in performance, inadequate organizational control methods, and inadequate methods of communication, unauthorized access and physical control of assets, records, computer programs or data (Jeffords, 1992). The inadequate internal control, ambiguity in job roles, failure to counsel when the performance levels or personal behavior fall below the acceptable level, and inadequate operational review are some of the factors resulting in frauds within the organizations (Bologna, 1994). The limited separation of duties, false documentation, and inadequate control account for more than half of the frauds (Calderon & Green, 1994). Fraudsters are opportunists who identify the chinks within the internal control mechanism and embezzle the bank to their benefits (Smith, 1995). Haugen and Selin (1999) reported that there are many reasons for employee fraud ranging from revenge, overwhelming personal debt, substance abuse and pressure. Sharma and Brahma (2000) indicated that one of the main reasons for the perpetration of fraud is laxity in following the internal control mechanism and procedures by the supervising staff. Fraudsters commit the fraud by exploiting the laxity on the part of the supervising officials in observance of safeguards set by the Reserve Bank of India (RBI). The lack of supervision, surveillance, monitoring and the lacunas in the internal control practices provide the opportunity for potential fraudsters within the organization (Ramos, 2003). A fraud-friendly environment is noted by lax corporate culture, deficit or near absence of risk control, staff apathy and overconfidence The lack of training, overburdened staff competition and low compliance level are some of the main reasons for the bank frauds (Khanna & Arora, 2009). The chinks in the internal control mechanism create the opportunity for fraudsters and this opportunity created will enhance the motivation of an employee to commit the bank fraud (Vona, 2012). A stronger internal control helps the organizations to identify the problems and situations, which could be potential cases of frauds (Nyakarimi & Karwirwa, 2015). The weaknesses in the internal control, improper supervision, lack of management approval and improper separation of duties of employees open the door for employees to engage in bank frauds (Sanusi et al., 2015). Thus, it is expected that there is a positive relationship between the inherent weaknesses in risk management architecture and lax corporate governance resulting in banking frauds in PSBs. Thus, the following hypothesis is tested.
H3: The inherent weaknesses and chinks in the prevalent risk management architecture provide the opportunity for potential fraudsters to commit banking frauds in public sector banks in India.
This study endeavors to cover the increasing incidences of banking frauds in the PSBs and probes the chinks in the operational risk architecture in PSBs. Based on the analysis and findings, it also aims to revisit the risk management architecture in PSBs and provides recommendations to prevent the incidents of frauds in PSBs.

RESEARCH EXECUTION
The research methodology consists of primary and secondary research questions, which are as detailed below: A) Primary research question: What are the reasons and factors contributing to the frauds at PSBs in general and at Punjab National Bank in particular?
B) Secondary research questions: • To study, probe and deconstruct the fraud at the PNB as a critical case study to draw the lessons for the PSBs in India.
• To critically evaluate and revisit the prevalent operational risk management and corporate governance practices at the PSBs in India.
• To offer remedial suggestions for course correction in the prevalent risk management framework and corporate governance of PSBs to reduce operational risk and resultant bank frauds.
An Inductive Reasoning Approach has been adopted for the current study. Inductive Reasoning, according to Leedy and Ormrod (2010), "begins not with a pre-conceived truth or assumption, but instead with observation. With the Inductive Reasoning Approach, people use specific instances or occurrences to draw conclusions about entire classes of objects or events". Hence, this study treats the scam at the PNB as a critical case study and attempts to draw inferences and recommendations to the entire public sector banking. Therefore, an Inductive Reasoning Approach is appropriate for this study.
This research paper assumes the form of a qualitative study. According to Peshkin (1993), qualitative studies typically serve for the purposes of: • description (to reveal nature of certain situations, settings, scenarios, processes, relationships, systems or people); • interpretation (to provide new insights about a particular phenomenon, develop new perspectives and new concepts about the phenomenon, discover the problems that exist within the phenomenon); • verification (to allow the researcher to test the validity of certain assumptions, claims, theories or generalizations within real world contexts); and • evaluation (to provide a means through which a researcher can judge the effectiveness of certain policies, practices or innovations).
To critically probe the increasing incidents of frauds in the public sector banks, this study has decided to adopt the description, interpretation, verification and evaluation of the phenomenon; therefore, the qualitative approach has been adopted. By critically probing, evaluating and dissecting the scam at the PNB, through the information, articles, published reports, interviews and opinions of the stakeholders, the study attempts to provide the multiple perspectives of the phenomenon. For this reason, the quality approach has been adopted.
A critical case study design has been adopted for this study. A case study, according to Eisenhordt (1989), allows for multiple level analyses within a single setting and focuses on the dynamics of a particular scenario. Moreover, a critical case study approach allows the researcher to explain the situations, which are too complex to measure or understand through research instrument or survey.
The method of critical case study was adopted in this study as the bank frauds are happening at an alarming rate across PSBs in India. The reason for selecting the Punjab National Bank (PNB) is that it is the second largest public sector bank representing all the problems associated with PSBs in India. Moreover, the CIBIL website shows that PNB is having the highest number of willful defaulters as well as the highest amount of outstanding credit in defaults. It accounts for almost 30% of the amount outstanding from nationalized banks. Both the number of defaulters and the amount involved make PNB an ideal choice for critical case study on PSBs. Therefore, this study has adopted the critical case study approach so that the inferences drawn can be applied to the entire public banking sector.

ANATOMY OF FRAUD AT PUNJAB NATIONAL BANK. A 5W2H METHOD
Since this study is based on scams and financial irregularities happening at the public sector banks in India, an attempt was made by researchers to collect secondary data published in various sources like newspapers, magazines, journals, blogs and websites, related with the subject matter. The methodology adopted for this study is qualitative in nature and applies the qualitative research tool 5W2H. It is a quality management tool and concept used to examine the problem to get feasible solutions. This qualitative tool helps us to have a holistic view of the problem (in this case, operational risk in the public sector banks) and offers the solutions to improve the operational risk management in the public sector banks.
This qualitative tool of 5W2H stands for 5 Ws and 2 Hs. They are as follows: 1. What is the problem? 2. Why is it a problem?
3. Where do we encounter the problem? 4. Who is impacted? 5. When did we first encounter the problem? 6. How did we know there was a problem? 7. How often do we encounter this problem?
In this section, an attempt has been made to critically analyze the fraud at the Punjab National Bank, which is so characteristic and representative of most of the frauds happened in the public sector banks of India (see Table 1). By analyzing, an attempt has been made to draw the inferences and conclusions for the public sector banks in India. The 5W2H approach has been employed to analyze the efficiency and effectiveness of operational risk mechanism in public sector banks of India. The firms claimed that they had in the past been allowed credit without margin. On scrutiny, it was discovered that the earlier approvals had been made fraudulently. On January 29, 2018, a criminal complaint alleging fraud and for registration of an FIR is filed; it accused bank employees -including the "maker" and the "checker" -of fraud. In the following week, a fraud report was submitted to the RBI detailing a total fraud of Rupees 11,394 Crore in the accounts of Nirav Modi Group and the Gitanjali Group and Chandri Paper and Allied Products Private Limited.
Why is it a problem?
While issuing the buyer's credit, the regulatory mechanism demands the commercial banks to insist on 100% margin money or collateral before issuing the LoUs. In case of PNB fraud, no Margin money or collateral was insisted or received by the PNB while issuing the LoUs to the Nirav Modi and his associates. This is a clear and classic case of bank employees conniving with the borrowers to commit the fraud. Generally, SWIFT messages have to go through a threelayer security system: a maker, a checker and a verifier. In PNB's case, LoUs had been issued by the branch officials through SWIFT without the approval of the competent authorities and the necessary documents of import.
The SWIFT platform was not linked or integrated with the CBS at PNB. This flaw within the PNB was exploited by perpetrators for seven long years. As per the RBI guidelines, the buyer's credit should not exceed 90 days, but many of the LoUs issued by the PNB had 360 days of maturity and duration.
PNB failed in monitoring the fraudulent transactions of LoUs from the very beginning since 2011.
If it adhered to the internal check and balance, it could have identified the fraud within 24 hours. PNB failed miserably to adhere to the rule books.
No linkage or reconciliation of LoUs issued with the end transactions and underlying documents for movement of goods.
Non-confirmation by overseas lending banks/branches with LoUs issuing branch of the genuineness of LoUs, particularly when abnormally large amounts were issued.
Where do we encounter the problem?
These kinds of problems are witnessed and periodically keep on happening at most of the public sector banks in India. The fraud at Punjab National Bank is a symptom which is similar to most of the public sector banks in India.
Who is impacted? Public sector banks in particular and its stakeholders in particular. Customers of the bank; employees; board of directors; auditors; creditors; regulations; government of India.
When did we first encounter the problem?
On February 14, 2018, state owned Punjab National Bank (PNB) disclosed that it has discovered $1.77 billion (around Rs. 11,400 crore) worth of fraudulent transactions at one of its Mumbai branches. In a complaint to the Central Bureau of Investigation (CBI), the bank had named the firms and people associated with billionaire jeweller Nirav Modi to have caused this massive fraud using the bank officials.

RESEARCH RESULTS
The detailed anatomy and deconstruction of PNB fraud ticks all the right boxes for a classic failure in corporate governance and operational risk management system in public sector banks. Figure 2 is a testimony of the severity of instances of frauds in public sector banks of India as reported in the annual report of Reserve Bank of India for the period of 2017-2018.
In this case of PNB fraud, all the pillars of oversight, board, internal audit, audit and regulatory all failed collectively. Based on the 5W2H analysis of the fraud at Punjab National Bank, the following suggestions can be made for improving the corporate governance and operation risk management architecture at the public sector banks in India. They are as follows: 1. Having a Chief Risk Officer (CRO) who is a member of the bank's leadership team, is a standard practice worldwide. With the recent PNB fraud, RBI should re-visit how banks treat their risk management functions and place less reliance on multiple layers of audits, which can detect such frauds only post-facto.
2. Banks need to change their shallow and superficial approach to operational risk and accord it the same priority as credit risk and market risk.
3. It is important to minimize human interference and maximize transactions in the public sector banks.
4. There is an immediate need to train line management about managing operational risks, especially those employees who are handling sensitive and risky portfolios.

5.
In the mist of the PNB fraud case, there is a need to have vigilant background checks for the employees working in financial institutions. Assessment of economic risks requires banking personnel who are meaningfully educated, competent, insightful and visionary. Unfortunately, these qualities are hardly emphasized in the processes of recruitment and promotions. This needs to change.
6. To prevent the frauds like PNB, one should take distributed-ledger style technology of 2 Hs How did we know there was a problem?
On January 16, 2018, partnership firms of the Nirav Modi Group approached the PNB's Brady House branch with a request to allow buyer's credit. The new employee at the Foreign Exchange department denied the request and demanded 100% cash margin. The firms claimed that they had in the past been allowed credit without margin. On scrutiny, it was discovered that the earlier approvals had been made fraudulently. On January 29, 2018, a criminal complaint alleging fraud and for registration of an FIR is filed; it accused bank employees -including the "maker" and the "checker" -of fraud. In the following week, a fraud report was submitted to the RBI detailing a total fraud of Rupees 11,394 Crore in the accounts of Nirav Modi Group and the Gitanjali Group and Chandri Paper and Allied Products Private Limited.
How often do we encounter this problem?
It is mandatory to have the standard operating system of responsible and responsive banking. Since, there is neither proper internal coordination nor any external control over the monitoring process, such problems keep on happening in the public sector banks.  7. The Board of Governance for public sector banks (PSBs) must be strengthened with modern and sophisticated risk management expertise. This will help the bank board to better understand, and act upon, the risks in the banks. The skills, attitude and knowledge of the auditors need to be improvised.
8. Besides institutionalizing a whistle-blower policy, the staff should be able to sense wrongdoings and alert the management. It is necessary to realize that keeping the work-space safe and secure is the collective responsibility of all staff.
9. Bank managers should also be given appropriate incentives for making a proper assessment of risks to avoid NPs, and avoid delay in recognition of NPAs.
10. Legal reforms are highly desirable to empower the RBI to fully exercise the same responsibilities for PSBs as now apply to private banks and to ensure a level playing field in supervisory enforcement.
11. It is extremely important to educate all stakeholders in the banking ecosystem that banking frauds are not technology frauds, but are process frauds. The solution lies in strengthening the internal controls, checks and balances and at the same time investing in latest technology and training people to use it.

CONCLUSION
Banks are public trust institutions and, therefore, the central focus of its existence should be on having a strong corporate governance and robust risk management architecture. While the banks can take care of internal controls to put a check on frauds or attempted frauds by the employees, it is for the regulators, government, law enforcing agencies and the judiciary to ensure swift action is taken to book the culprits without delay. The only solution is to not only put operational control systems in place but also to educate every employee to improve their effectiveness as part of the operational control system. The only invincible operational risk management is to foster the collective collaboration of staff in the long-term interest of the industry. This is not the first or last time that a fraud has occurred. However, the right lessons and required course corrections in the risk management framework of banks, at a systematic and specific level, must be adopted to minimize future incidents of operational losses.

LIMITATIONS OF THE STUDY
The following are the limitations of the study.
1. The study is having few limitations, and the adoption of critical case method to analyze the phenomenon of banking frauds in public sector banks is one of them.
2. On the other hand, this study adopted the qualitative approach which is prone for subjectivity in the analysis and interpretation.