Assess the Risk of Fraud :
As per SA 240, “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements”, the auditor’s objectives are to identify and assess the risks of material misstatement in the financial statements due to fraud, to obtain sufficient appropriate audit evidence on those identified misstatements and to respond appropriately. The attitude of professional skepticism should be maintained by the auditor so as to recognise the possibility of misstatements due to fraud. When obtaining an understanding of the bank and its environment, the auditor should make inquiries of management, internal auditors and others regarding the following:
Management’s assessment of the risk that the financial statements may be materially misstated due to fraud, including the nature, extent and frequency of such assessments as well as the controls in place to prevent and detect fraud.
Management’s process for identifying and responding to the risk of fraud in the bank, including any specific risks of fraud that management has
identified or that have been brought to its attention; or classes of transactions, account balances, or disclosures for which a risk of fraud is likely to exist; and the internal control that management has established to address these risks. The auditor could also obtain information from the
management regarding the various frauds which have occurred in the year under audit or previous years to identify system lacunae which led to the
lapse. The auditor could ascertain whether the necessary rectification/ remedial action has been taken to prevent similar frauds from happening
again. The auditor could also ascertain the necessary controls (preventive, detective or deterrent – manual or automated) in place to ensure early
detection of frauds post occurrence.
Management’s communication, if any, to those charged with governance regarding its processes for identifying and responding to the risks of fraud in the bank.
Management’s communication, if any, to regulatory authorities.
Management’s communication, if any, to employees regarding its views on business practices and ethical behaviour.
Actual, suspected, or alleged fraud that the bank is investigating.
Process the bank undertakes to respond to internal or external allegations of fraud affecting the bank.
Understanding how those charged with governance exercise oversight of management’s processes for identifying and responding to the risks of fraud in the bank, and the internal control that management has established to address these risks. This also helps to corroborate management’s responses to the inquiries mentioned above.
The auditor could use the information gathered above to develop an effective audit plan that will appropriately respond to identified risks, and would also help in providing the necessary level of assurance.
Some of the common fraud risk factors in deposit taking, dealing and lending activities areas are summarised hereunder:
ICAI in February, 2016 issued the Revised Guidance Note on Reporting on Fraud under Section 143(12) of the Companies Act, 2013. Part B of the
Guidance Note paragraph 11 deals with Reporting to RBI in case of frauds noted in audit of banks. Auditors of banking companies may also refer the Guidance Note for further clarity.
The MCA issued the Companies (Amendment) Act, 2015 in May 2015 which, inter alia, amends section 143(12) of the Companies Act, 2013.The
amended section 143(12) reads as follows:
“Notwithstanding anything contained in this section, if an auditor of a company in the course of the performance of his duties as auditor, has
reason to believe that an offence of fraud involving such amount or amounts as may be prescribed, is being or has been committed in the company by its officers or employees, the auditor shall report the matter
to the Central Government within such time and in such manner as may be prescribed:
Provided that in case of a fraud involving lesser than the specified amount, the auditor shall report the matter to the audit committee constituted under section 177 or to the Board in other cases within such time and in such manner as may be prescribed:
Provided further that the companies, whose auditors have reported frauds under this sub-section to the audit committee or the Board but not reported to the Central Government, shall disclose the details about such frauds in the Board’s report in such manner as may be prescribed.”
Further, the MCA through its notification dated 14 December 2015 has also amended Rule 13 of the Companies (Audit and Auditors) Rules, 2014. The
amended Rule 13 requires the reporting of a fraud as follows:
(1) If an auditor of a company, in the course of the performance of his duties as statutory auditor, has reason to believe that an offence of fraud, which involves or is expected to involve individually an amount of rupees one crore or above, is being or has been committed against the company by its officers or employees, the auditor shall report the matter to the Central Government.
(2) The auditor shall report the matter to the Central Government as under:-
(a) the auditor shall report the matter to the Board or the Audit Committee, as the case may be, immediately but not later than two days of his knowledge of the fraud, seeking their reply or observations within forty-five days;
(b) on receipt of such reply or observations, the auditor shall forward his report and the reply or observations of the Board or the Audit Committee among with his comments (on such reply or observations of the Board or the Audit Committee) to the Central Government with in fifteen days from the date of receipt of such reply or observations;
(c) in case the auditor fails to get any reply or observations from the Board or the Audit Committee within the stipulated period of forty-five days, he shall forward his report to the Central Government along with a note containing the details of his report that was earlier forwarded to the Board or the Audit Committee for which he has not received any reply or observations;
(d) the report shall be sent to the Secretary, Ministry of Corporate Affairs in sealed cover by Registered Post with Acknowledgement Due or by Speed Post followed by an e-mail in confirmation of the same;
(e) The report shall be on the letter-head of the auditor containing postal address, e-mail address and contact telephone number or mobile number and be signed by the auditor with his seal and shall indicate his Membership Number; and
(f) the report shall be in the form of a statement as specified in Form ADT-4.
(3) In case of a fraud involving lesser than the amount specified in sub- rule (I), the auditor shall report the matter to Audit Committee constituted under section 177 or to the Board immediately but not later than two days of his knowledge of the fraud and he shall report the matter specifying the following:-
a) Nature of Fraud with description;
b) Approximate amount involved; and
c) Parties involved.
(4) The following details of each of the fraud reported to the Audit Committee or the Board under sub-rule (3) during the year shall be disclosed in
the Board’s Report:-
a) Nature of Fraud with description;
b) Approximate Amount involved;
c) Parties involved, if remedial action not taken; and
d) Remedial action taken.
The auditor of a banking company would need to comply with provisions of section 143(12) and the related Rules also.
RBI circular dated 7th May 2015 on framework for dealing with loan frauds has introduced the concept of a Red Flag Account (RFA), i.e., an account
where suspicion of fraudulent activity is thrown up by the presence of one or more early warning signals (EWS).
Some Early Warning signals which should alert the bank officials about some wrongdoings in the loan accounts which may turn out to be fraudulent
1) Default in payment to the banks/ sundry debtors and other statutory bodies, etc., bouncing of the high value cheques.
2) Raid by Income tax /sales tax/ central excise duty officials.
3) Frequent change in the scope of the project to be undertaken by the borrower.
4) Under insured or over insured inventory.
5) Invoices devoid of TAN and other details.
6) Dispute on title of the collateral securities.
7) Costing of the project which is in wide variance with standard cost of installation of the project.
8) Funds coming from other banks to liquidate the outstanding loan amount.
9) Foreign bills remaining outstanding for a long time and tendency for bills to remain overdue.
10) Onerous clause in issue of BG/LC/standby letters of credit.
11) In Merchanting trade, import leg not revealed to the bank.
12) Request received from the borrower to postpone the inspection of the godown for flimsy reasons.
13) Delay observed in payment of outstanding dues.
14) Financing the unit far away from the branch.
15) Claims not acknowledged as debt high.
16) Frequent invocation of BGs and devolvement of LCs.
17) Funding of the interest by sanctioning additional facilities.
18) Same collateral charged to a number of lenders.
19) Concealment of certain vital documents like master agreement, insurance coverage.
20) Floating front / associate companies by investing borrowed money.
21) Reduction in the stake of promoter / director.
22) Resignation of the key personnel and frequent changes in the management.
23) Substantial increase in unbilled revenue year after year.
24) Large number of transactions with inter-connected companies and large outstanding from such companies.
25) Significant movements in inventory, disproportionately higher than the growth in turnover.
26) Significant movements in receivables, disproportionately higher than the growth in turnover and/or increase in ageing of the receivables.
27) Disproportionate increase in other current assets.
28) Significant increase in working capital borrowing as percentage of turnover.
29) Critical issues highlighted in the stock audit report.
30) Increase in Fixed Assets, without corresponding increase in turnover (when project is implemented).
31) Increase in borrowings, despite huge cash and cash equivalents in the borrower’s balance sheet.
32) Liabilities appearing in ROC search report, not reported by the borrower in its annual report.
33) Substantial related party transactions.
34) Material discrepancies in the annual report.
35) Significant inconsistencies within the annual report (between various sections).
36) Poor disclosure of materially adverse information and no qualification by the statutory auditors.
37) Frequent change in accounting period and/or accounting policies.
38) Frequent request for general purpose loans.
39) Movement of an account from one bank to another.
40) Frequent ad hoc sanctions.
41) Not routing of sales proceeds through bank.
42) LC’s issued for local trade / related party transactions.
43) High value RTGS payment to unrelated parties.
44) Heavy cash withdrawal in loan accounts.
45) Non submission of original bills.
Besides the above Red flags, auditor could also review –
a) Cheque/bills discounting facility used for liquidation of funds without any physical collateral or just for deferment of liability.
b) Repayment of third party loans despite bank’s loan account irregular or out of order.
c) Maintenance of bank accounts with other bank without consent of lender bank.
d) Inordinate delay in conducting stock inspections by bank officials and/or stock auditors at the instance of the borrower not to show its weakness and misutilisation of funds.
RBI in the Master Direction No. RBI/DBS/2016-17/28 DBS.CO.CFMC.BC.No.1/23.04.001/2016-17 on “Frauds – Classification and
Reporting by commercial banks and select FIs” dated July 1, 2016 has stated that the following acts constitute fraud:
Fraudulent removal of pledged stocks / disposal of hypothecated stocks without the knowledge of the bank / inflating the value of stocks in the stock statements & drawing excess bank finance.
Diversion of funds, lack of interest or criminal neglect on the part of the borrowers partners etc., in adhering to financial discipline and managerial
failure with mala fide intent leading to the unit becoming sick and laxity in effective supervision over the operations in borrowable accounts on the part of bank functionaries rendering the advance difficult for recovery and resulting in financial loss to the bank.
The Master Direction states that banks should conduct an annual review of the frauds to consider
a) Whether the systems in the bank are adequate to detect frauds, once they have taken place, within the shortest possible time.
b) Whether frauds are examined from staff angle and, wherever necessary, the staff side action is taken without undue delay.
c) Whether deterrent punishment is meted out, wherever warranted, to the persons found responsible without undue delay.
d) whether frauds have taken place because of laxity in following the systems and procedures or loopholes in the system and, if so, whether
effective action has been taken to ensure that the systems and procedures are scrupulously followed by the staff concerned or the loopholes are plugged.
e) Whether frauds are reported to the local Police for investigation.
Diversion of Funds, inflating value of stocks, showing unpaid stocks as paid stocks, not providing for bad debts etc., are common practices by unscrupulous borrowers in Banks and frequently reported by Concurrent / Stock auditors in Banks.
Auditors should take due cognizance of the same and banks could be asked to report the same as frauds on a case to case basis after due consideration of the borrower’s intent and the frequency of such instances, risk of default as a result of such practices, materiality of the amount financed by the bank and outstanding, availability of collateral and loan to value ratio or margin of safety.