The Reserve Bank of India has directed that the fraud risk management and fraud investigation function of a bank must be owned by the bank's chief executive officer, its audit committee and the special committee of the bank's board for high-value frauds.
Outlining the role of chairmen and chief executive officers in the fraud risk management system, the RBI further stated that the audit committee and special committee of the board should also own responsibility for systemic failure of controls or any absence of key controls or severe weaknesses in existing controls which facilitate exceptionally large-value frauds.
Towards this, the banks should set up dedicated and well-organised "special surveillance and investigation function", which would, on a continuous basis, exercise surveillance over potentially fraud-prone areas and investigate large-value frauds.
This unit would also be responsible for mandatorily implementing the recommendations of the special committee of the bank's board, so that the monitoring and investigation of large-value frauds were recognised as a distinct function. These recommendations till date were optional.
To start with, banks have been advised to immediately set up "internal oversight framework," which can prevent wrongdoings and take punitive measures.
This has been done following the increasing incidents of banking frauds in recent years, both in terms of their numbers and the amount involved. It has been observed that the trend was more prevalent in the retail segment, especially in housing and mortgage loans, credit card dues, internet banking.
Banks, with the approval of their respective boards, may frame internal policy for fraud risk management and fraud investigation function, based on the above governance standard relating to the ownership of the function and accountability for malfunctioning of the fraud risk management process in their banks.
The function of the unit will have to be discharged in a centralised manner instead of leaving it to the regional offices of banks, where such specialisation may not be available. So the banks should own specialised fraud monitoring, investigation and follow-up function for large-value frauds or frauds which occur across the bank.
The banks should identify staff with proper aptitude and provide necessary training to them in forensic audit so that only such skilled personnel were deployed for investigation of large-value frauds.
The banks may build up a data/information pool of large-value frauds and analyse them periodically, which may act as knowledge repository for policy responses.