It may take a scandal the magnitude of the Videocon, Nirav Modi, or Vijay Mallya cases to bring the issue of banking fraud into the spotlight. But, once again data around banking fraud ruled the headlines after the RBI released its annual report for FY 2022-23 two weeks ago.
Buried deep inside the report were some interesting stats that shine a light on the state of banking fraud in India, especially with respect to digital lending. So this week, I decided to dig a little deeper into the data presented by the central bank.
Here’s what I found:
I. Private sector banks account for most number of frauds
The RBI’s annual report showed that 66% of the total number of frauds that occurred in FY 22-23 could be attributed to private sector banks. In contrast, public sector banks accounted for 25.2% of the total number.
Interestingly, however, public sector banks led in terms of the value involved in frauds. In FY 22-23 alone, Rs 21,125 crore was involved in 3,405 instances of fraud in public sector banks. While a larger number of frauds occurred in their private sector counterparts, the amount involved was significantly lower considering the number of frauds. Rs 8,727 crore was involved in 8,932 instances of fraud in private sector banks.
What explains these strange numbers? I have a theory.
II. Small value vs large value frauds
Let’s look at another data set released by the RBI as part of the report. The number of frauds reported in the advances category stood at 4,109 and the amount involved was Rs 28,792 crore. The number of frauds in the card/ internet category was 6,659, but the corresponding amount involved stood at just Rs 276 crore.
In other words, 30% of the total bank frauds committed in FY 22-23 involved 95.2% of the total value, while ~50% of the total frauds involved only 0.9% of the total value.
Could this have anything to do with what we took away from the first table? Let’s assume two things of importance:
Card/internet-related frauds can be attributed largely to private sector banks
Frauds related to advances occurred mostly in public sector banks
Private sector lending is leading the charge in digital lending
By 2027, digital lending will account for 40% of total lending in India. It is interesting to note that private sector banks already command 55% of the market share in digital lending. This fact gives us reason to believe that a large chunk of frauds through internet channels (49.2%) are occurring largely in the private sector.
What does this say about the quality of safeguards in private sector lending? Over the past year, we have seen a number of developments to keep usurious, predatory lending at bay, and keep frauds in check. The government’s crackdown on illegal lending apps is one example. The RBI’s digital lending guidelines have also made the provision to set up the Digital India Trust Agency tasked with verifying digital apps before they are accessed by the public.
But before we go belligerent at private banks, it is important to take note of two things:
1. Internet/card-based fraudulent operations are examples of criminal ingenuity more than the bank’s failure. Banking frauds that occur on the internet generally circle around identity theft, phishing, and other illicit activities that give access to a user’s bank account. Banks can, and must, continue to fortify their systems against such fraud through robust transaction monitoring, customer education, the use of real time data in creating customer profiles, etc.
2. Given that the ticket size of loans disbursed through digital lending activities tends to be small, the amount of money involved in such frauds is significantly lower. However, I think lenders must take this phase of digital lending as a litmus test and strengthen their safeguards before they innovate on credit products of higher value.
Now, contrast this with what is happening in public sector banks:
PSU operational incapabilities explain the high volumes of money involved in frauds?
As much as Rs 28,792 was involved in 4,109 frauds occurring in the advances category. These numbers are eerily similar to the overall number of frauds in PSUs and their corresponding figure for the amount involved – Rs 21,125 crore was involved in 3,405 instances of fraud.
Moreover, PSBs have a small share in digital lending and are still riddled with operational inefficiencies. It won’t be far-fetched to conjecture that a bulk of the frauds in the loan portfolio (advance) category are attributable to public sector banks.
Unlike internet-related frauds, the onus for frauds pertaining to loan advances rests with the bank, making PSBs all the more susceptible to risk. Here’s why:
PSBs are exposed to riskier sectors of the economy. NPAs in this sector were at a record high during 2015-2018, clocking as much as 14.6% in March 2018.
PSBs are known to struggle with weakened governance, such as arbitrary appointments and transfers of executives, and the government’s shareholder action interfering with regulation.
Regulating PSBs is routinely impeded as the RBI’s authority is often undercut due to political pressures and the legal system’s lags.
PSBs have been slow to digitise and are excessively reliant on manual, error-prone processes.
These facts often reduce the RBI’s role to that of fraud detection rather than prevention. Which brings me to the next point made by the RBI in its report…
III. Fraud vintage
There’s a glaring problem with the latency of fraud detection among Indian banks. In FY 22-23, 94.5% of the frauds reported had occurred in previous years. In FY 21-22, previously unreported frauds made up 93.7% of the total number.
The RBI mentioned in its annual report for FY 20-21, but not this year, that the average time of lag between the date of occurrence of the fraud and its detection was 23 months. The RBI has put in place procedures for the submission of Fraud Monitoring Returns (within three weeks of detection). However, banks’ individual fraud detection capabilities remain beyond the scope of this regulation.
Banks often report accounts as fraud only when their chances for recovery are completely exhausted. This not only results in a delay in alerting other lenders, but also in inaction against such borrowers through law enforcement.
Moreover, legal interventions upholding borrowers’ rights may also result in additional lags in reporting of frauds. For instance, the Supreme Court recently held that borrowers must be heard before their accounts are labelled as fraudulent.
Conclusion
Banking fraud is many things – it’s a weathervane for banks’ systems efficiency, and for the state of their cybersecurity measures. But most importantly, it is the unavoidable cost of doing business for lenders.
But this doesn’t mean they do nothing to mitigate it. The regulator (the RBI) is doing its bit to mitigate fraud by improving data reliability in Fraud Monitoring Returns and strengthening the Fraud Risk Management System. Lenders, especially those dabbling in digital lending, must likewise do all they can to rein in this cost of doing business.
At FinBox, we’ve compiled a terrific Guide to Fraud Detection that you must read if you’re involved in digital lending!
That’s all from me this week!
Cheers,
Rajat