Fraud Risk Management in Indian Banking 2024

Questions and Answers

What year were the new Directions on Fraud Risk Management issued?

2023

2024 (correct)

2022

2025

Which two acts provide the Reserve Bank of India with the powers to issue the Directions?

Reserve Bank of India Act, 1948 and Financial Institutions Act, 1995

Banking Regulation Act, 1949 and Securities Act, 1992

Companies Act, 1956 and Banking Regulation Act, 1949

Reserve Bank of India Act, 1934 and Banking Regulation Act, 1949 (correct)

What is the main purpose of the Directions issued by the Reserve Bank of India?

To enhance the efficacy of fraud risk management in the banking sector (correct)

To regulate the lending rates of commercial banks

To outline customer service standards in banks

To provide guidelines for loan recovery processes

What do the new Directions supersede?

Earlier Directions on Fraud Risk Management dated July 03, 2017

Which types of institutions do the Directions apply to?

Commercial banks, regional rural banks, and All India financial institutions

What is the 'date of occurrence' in the context of fraud reporting?

The date when the misappropriation of funds first began

Within how many days must banks report incidents of theft, burglary, dacoity, and robbery to the Fraud Monitoring Group?

Not later than seven days

What is involved in the internal audit process within banks concerning fraud?

Controls and processes related to fraud cases including closure and withdrawal

What is to be reported as the 'date of classification' in fraud handling?

The date when approval for classification is obtained

What is the deadline for banks to submit a quarterly Return on theft, burglary, dacoity, and robbery to the RBI?

Within 15 days of the end of the quarter

Within how many days should banks report individual fraud cases to RBI after classification?

14 days

What is necessary for the Early Warning System (EWS) to be effective?

Inclusion of both quantitative and qualitative indicators

Who must banks report incidents of fraud perpetrated in their group entities to?

RBI

What should happen to the reported frauds regarding persons/entities not involved in the fraud?

They should not be reported in the FMR.

What should happen upon triggering an EWS alert?

Assessment for potential fraud and red flagging if necessary

What is the timeline for reporting a red-flagged account to the Reserve Bank?

Within seven days

What must banks do if they want to withdraw an FMR or remove names from it?

Provide due justification and obtain approval from a senior official.

What is the time frame for banks to close reported fraud cases involving amounts up to ₹1 crore?

More than three years from FIR registration

Which entity is responsible for conducting audits on red-flagged accounts?

An internal audit team determined by the bank's policy

What should a bank do if an external audit report on a red-flagged account is inconclusive?

Conclude the account's status based on internal assessment only

Who is responsible for reporting frauds involving forged instruments to the RBI?

The paying banker

At what loan amount must banks subject title deeds to periodic legal audit?

₹5 crore

What purpose does the Data Analytics and Market Intelligence Unit serve?

Facilitating early detection and prevention of fraudulent activities

What is required for banks regarding their EWS systems after issuance of new directions?

Upgrade existing systems within six months of directions

What must banks conclude before transferring loan accounts classified as fraud to other lenders?

Fraud must be confirmed.

What should auditors do when they find potential fraudulent transactions during an audit?

Document and investigate further.

Which type of accounts requires stringent monitoring due to potential fraud?

Non-KYC compliant and money mule accounts

Which type of accountability must banks examine regarding staff delays in reporting fraud cases?

Staff Accountability

What must banks consider when choosing external auditors for investigating red-flagged accounts?

Competency, due diligence, and track record of the auditors

What is the role of the Central Repository of Information on Large Credits (CRILC)?

To store and report on red-flagged accounts

How often should the effectiveness of the EWS system be tested?

Periodically, to ensure integrity and robustness

What is essential for the integrity of the EWS system?

Robust design and data security

What must happen before classifying an account as fraud?

Requirements for cooperation from the borrower must be applied

What triggers the need for a bank to monitor a transaction in real-time?

Activity in accounts that are below KYC norms

What is required when an account is identified as a fraud by any bank?

All borrowal accounts of group companies with common promoters/directors must also be examined.

How should banks handle staff accountability in cases of fraud?

Examinations must adhere to internal policy and be time-bound.

What action should be taken if Law Enforcement Agencies initiate an investigation regarding a borrower account?

The account should be immediately red-flagged and classified as fraud.

What happens to persons/entities reported as fraud by banks after full repayment?

They can request additional credit facilities after a five-year cooling period.

What must banks do upon identifying third-party service providers involved in fraud cases?

They must report details to the Indian Banks' Association for caution lists.

In which circumstance can a fraud classification be removed from an entity?

If the entity undergoes a resolution leading to management change and proper plan implementation.

What is one of the reporting requirements for banks regarding incidents of fraud?

They should establish a designated officer or point for fraud reporting.

What information must banks ensure is utilized effectively in fraud risk management?

Information available in the Central Fraud Registry.

What classification must banks adhere to when reporting fraud incidents to the Reserve Bank of India?

Misappropriation of funds and fraudulent credit facilities are recognized categories.

What ongoing obligations do banks have regarding their internal policies about fraud?

They have continuous obligations to refine and follow internal policies on fraud management.

What must happen to former executive directors involved in fraud cases after resolution plans are implemented?

Penal measures continue to apply to them.

What approach should banks take towards the accountability of high-level executives in fraud cases?

Accountability examinations must be initiated for all levels, including high-ranking officials.

What must banks maintain for proper coordination with Law Enforcement Agencies regarding fraud incidents?

Structured procedures and designated officers for efficient reporting.

Which entities are referred to as 'Commercial Banks' in the context provided?

All banks incorporated in India, including foreign banks and various types of banks

What is the minimum time provided for responding to a Show Cause Notice (SCN)?

21 days

What should a well-laid system in banks for the issuance of an SCN ensure?

Transparency in SCN issuance and examination of responses

Who is responsible for the implementation of the fraud risk management policy in banks?

Senior Management

What must the Special Committee of the Board for Monitoring and Follow-up of cases of Frauds consist of?

At least two independent directors and one whole-time director

What do Early Warning Signals (EWS) and Red Flagging of Accounts (RFA) provide in banks?

Alerts for potential fraudulent activity

How frequently must the Fraud Risk Management Policy be reviewed by the Board?

At least once in three years

Who oversees the effectiveness of the framework for EWS and RFA?

Risk Management Committee of the Board

What is the role of the Senior Official designated for fraud monitoring in banks?

Monitoring and reporting incidents of fraud

What should a Red Flagged Account trigger within a bank?

Deeper investigation from a potential fraud angle

What does the SCN issued by banks provide to the involved parties?

Details of actions leading to fraud declaration

What is required of the Committee of the Board regarding the incidents of fraud?

To review and monitor fraud cases and suggest mitigating measures

What is the primary focus of the Whistle Blower Policy in banks?

To handle the reporting of suspicious activities or fraud

Which of the following is NOT a characteristic of the Fraud Risk Management system in banks?

Detection of all forms of banking fraud instantly

Study Notes

Overview of Fraud Risk Management Directions

• Title: Reserve Bank of India (Fraud Risk Management) Directions, 2024.
• Issued under the Reserve Bank of India Act, 1934, and the Banking Regulation Act, 1949.
• Supersedes previous directions from July 3, 2017.
• Applicable to a range of banks including commercial banks, regional rural banks, and all India financial institutions.

Applicability

• Covers all banking companies operating in India, including local area banks, foreign banks, and various specialized banks.
• Includes entities like Exim Bank, NABARD, NHB, SIDBI, and NaBFID as All India Financial Institutions (AIFIs).
• Collectively referred to as 'banks' within the directions.

Purpose

• Aims to establish a framework for preventing, detecting, and reporting fraud effectively.
• Promotes early reporting of fraud incidents to law enforcement and regulatory bodies.

Governance Structure

• Banks must issue a Show Cause Notice (SCN) to entities under investigation for fraud.
• A minimum of 21 days is required for the accused to respond to the SCN.
• A reasoned order must be provided regarding the classification of accounts as fraudulent.
• Fraud Risk Management Policy mandates review by the Board at least every three years.

Special Committee for Fraud Monitoring

• Establishment of a "Special Committee of the Board for Monitoring Frauds" (SCBMF) mandatory, chaired by an independent director.
• Committee oversees fraud risk management effectiveness and suggests improvements to internal controls.

Early Warning Signals (EWS) Framework

• Banks must have a system to flag accounts suspicious of fraud via EWS and Red Flagging of Accounts (RFA).
• Risk Management Committee of the Board (RMCB) monitors the EWS framework, approving indicators and turnaround times for alerts.

Data Analytics and Monitoring

• Banks must establish a dedicated Data Analytics and Market Intelligence Unit.
• This unit will analyze banking transactions to identify potential fraud patterns and ensure timely preventive measures.
• Systems must integrate with existing banking infrastructure for robust monitoring.

Investigation and Reporting Protocols

• External or internal audits are required for red-flagged accounts.
• Banks establish clauses in loan agreements for conducting necessary audits upon account red-flagging.
• Immediate reporting to the Reserve Bank of India (RBI) within seven days upon classification of accounts as fraud.

Staff Accountability and Third-Party Oversight

• Examination of staff involvement in fraud cases is crucial, with specific guidelines for accountability assessments.
• Banks must ensure third-party service providers are subject to accountability measures regarding fraud.

Penal Measures and Reporting Fraud

• Entities classified as fraudulent face restrictions on obtaining credit for five years post-repayment of defrauded amounts.
• Banks must report fraud incidents to RBI through the Fraud Monitoring Returns (FMR) format promptly.

Compliance and Review

• Banks are mandated to report cases of fraud within strict timeframes, ensuring accountability for delays.
• Mechanisms for adherence to the principles of natural justice to be maintained while classifying accounts as fraudulent.
• Continuous reassessment and upgrading of fraud risk management strategies are essential.

These directions provide a comprehensive approach to mitigating fraud risk and enhancing the accountability of banking institutions in India.### Fraud Case Management and Reporting

• Any withdrawal or removal related to fraud cases requires justification and approval from a whole-time director or higher.
• Closure of pending fraud cases is facilitated, ensuring staff accountability is assessed.
• Banks may close reported fraud cases under ₹1 crore if:
  • Investigations are ongoing or no charge-sheet has been filed for over three years from the FIR registration date.
  • A charge-sheet has been filed, and the court trial is still pending beyond the three-year period since the FIR.

Cheque Fraud Reporting

• Fraud involving forged instruments is to be reported by the paying banker, not the presenting banker to avoid duplication.
• Presenting banks must provide underlying instruments upon request to assist in LEA investigations and report to RBI.
• In cases of genuine instruments, where payment is made to an incorrect recipient and later the instrument is proven false, the presenting bank must file a fraud report with the RBI and inform LEAs.

Legal Audits and Fraud Investigation

• Legal audits for large loan accounts of ₹5 crore and above are mandatory until loans are repaid, with a threshold of ₹1 crore for Small Finance, Local Area, and Regional Rural Banks.
• Fraud investigations must be completed before transferring any classified fraud accounts to other lenders or Asset Reconstruction Companies (ARCs).
• Auditors are responsible for reporting questionable transactions immediately to senior management or the Audit Committee.

Fraud Reporting Local Guidelines

• Internal audits must cover fraud case management, including prevention, detection, classification, monitoring, and closure processes.

Key Dates in Fraud Reporting

• 'Date of Occurrence': When misappropriation or fraud events begin, recorded by audits.
• 'Date of Detection': When fraud is first recognized within the branch or department.
• 'Date of Classification': The date when approval for classification of fraud is obtained.

Reporting Theft and Burglary

• Banks are required to report theft, burglary, dacoity, and robbery incidents to the Fraud Monitoring Group within seven days of occurrence.
• Quarterly returns summarizing theft and burglary cases must be submitted to the RBI online within 15 days after the end of the quarter.

Description

This quiz focuses on the directives issued by the Reserve Bank of India regarding fraud risk management in 2024. It covers the applicability of these directives to various banking institutions and outlines the governance structure for reporting and preventing fraud. Test your understanding of these important regulatory guidelines.