Share this

India trade finance sector faces fallout of ‘astounding’ PNB fraud

Asia / 08-03-18 / by
0

Weeks after the biggest fraud in the history of India’s financial industry was revealed, its trade finance sector is trying to come to terms with the fallout.

International banks are withholding guarantees for local bank instruments, the cost of funding is rising, while some are calling for the letter of undertaking (LOU) to be “extinguished”.

All of this, after an extraordinary documentary fraud was unearthed at a branch of the Punjab National Bank (PNB), the second-largest public bank in India, which some in the sector are saying could end up costing billions of dollars.

In February, it was announced that two PNB employees had “fraudulently issued LOUs and transmitted Swift instructions to the overseas branches of Indian banks”, for seven years. These were used to raise buyer’s credit for Nirav Modi, a billionaire jeweller, and his uncle, Mehul Choksi. At that point, the fraudulent transactions amounted to US$1.77bn, but one banker tells GTR that the final amount could be well in excess of that.

“I think it could be closer to US$4bn, that’s what people in the industry have been saying,” says the source, who wished not to be named.

The fraudsters were issuing the LOUs on the Swift system, but were not entering them on PNB’s core banking system (CBS). Ideally, the transactions would have been automatically flagged on the CBS, but in this case, the Swift system was not integrated, highlighting a deficit in both technology and controls which allowed this to fester for so long.

“It is astounding, every banker that I speak to is astounded. How could such a thing have happened? It exposed failures in the control system at multiple levels. Either in this particular incident the controls are very bad or, for some particular reason, they were deliberately disabled. These can be the only two explanations,” Hemindra Hazari, an independent banking analyst in India, tells GTR.

The immediate result is that local banks are struggling to get international banks to confirm their guarantees, which is in effect driving up the cost of import financing. According to local media reports, the likes of Citi, Deutsche Bank, Standard Chartered and HSBC are now reluctant to accept guarantees in the form of LOUs from local banks,

Ramesh Ganesan, head of transaction banking at IndusInd Bank, confirms that international banks have changed tack, but doesn’t think it will be long term.

“It is a kneejerk reaction by some who may not have clarity on what has happened,” he says. “The issue is all about fraud in one PNB branch and is not affecting other banks. The markets reacted because other banks abroad, who financed it, were not sure of the genuineness of the transaction and commitment of PNB. Many financing banks are Indian banks’ overseas branches. For them, PNB is very well known, it is owned by the government. I am now seeing all the banks doing their financing and taking a risk on other banks, knowing fully well that this is localised fraud. It will not have any ripple effect in the industry as a whole. The only impact I see is that the pricing has gone up.”

Aneish Kumar, managing director of BNY Mellon’s Indian operations, has also seen some market movement since the fraud.

“A lot of people are asking banks like us if we can fund LOUs, four or five banks are going slow on buyer’s credit. There’s a lot of demand, cash flows of some small import companies are suffering, which could lead to an extended receivables collecting period and working capital issues. I think there’s going to be a long working capital cycle now,” he tells GTR.

Hazari, the banking analyst, expects more dramatic change in the sector. He says that “the reputational risk is enormous” and that the fraud is a “huge blow” to the image of Indian banks abroad. He also calls for the scrapping of the LOU, an instrument widely used in India to guarantee export finance.

“In my view the LOU should be extinguished,” he says. “For one it’s not a global product. If there’s genuine trade finance, there’s a letter of credit, which is globally recognised. The documentation is far more stringent than on an LOU.”

 

How does it compare with other frauds? 

Documentary fraud is no new thing in trade finance, and this event has added volume to the calls for digital methods to replace paper-based trading in the sector. In recent years, the Qingdao metals fraud and the Access World warehouse receipts fraud have made headlines in East Asia.

Peter Bennett is a partner at law firm Stephenson Harwood, and advised international commodity trading group Mercuria in the Qingdao metals High Court case against Citi. He says that while the Access World and Qingdao cases were complex, involving a myriad of documents, fictitious warehouse receipts and stocks of metals, this one is relatively straightforward in comparison.

“In the case of PNB, and based upon what we have read from the press reports, the analogy is with that of the collapse of Barings back in 1995, where you had one trader inside Barings who undermined the system to create a series of financially suicidal deals for the bank and which went unnoticed and unchecked by the bank’s internal compliance system. As I understand matters, PNB’s internal IT system was abused and the internal compliance system failed so that the overwhelming number of these deals were never registered,” he tells GTR.

Something broadly similar has happened in PNB, where the internal compliance systems failed to pick up on a number of employees in one branch of the bank issuing a series of guarantees for vast sums. All of these were funnelled towards Choksi and Modi, from the accounts of the confirming banks overseas.

“It’s very straightforward. The sum involved is alleged to be at least US$1.7bn and all of those principal creditors will be looking to enforce the fraudulent guarantees against PNB. The question now is whether and to what extent those fraudulent guarantees are binding on PNB. They might have been unauthorised internally, but to the principal creditor receiving them, PNB, acting through its employees, might have been representing that they were genuine and enforceable. I expect PNB will be scrutinising every claim made,” Bennett says.

 

The veracity of the system

The lapse in risk controls is what most people find remarkable in this case. Banks often rotate senior staff every few years, to avoid the accumulation of knowledge and responsibility that can lead to manipulation of the system.

“Rotation of staff and segregation of duties, splitting responsibilities so it’s not just a single individual in control of every element, because that’s the foundation of fraudulent behaviour, trade or otherwise. The moment you give payroll or whatever it might be to the hands of a single individual, you create the opportunity,” Tim Phillipps, the leader of Deloitte’s Asia Pacific financial crime unit, tells GTR.

It’s also uncommon for access to the Swift network to be open to such junior staff. Gokulnath Shetty, the deputy branch manager of PNB’s Brady House outlet in Mumbai has been jailed this week, but the transmission of messages on the Swift network is usually a three-step verification process.

“He seems to have controlled the nostro accounts and therefore seems to have controlled the back office. All of these have their own check systems in the banking system. To me it looks very doubtful whether it could be a very low level person handling this. If it turns out it was, then there’s been a protocol problem. How can a low level employee have access to all of these systems? These are my two inferences from what is currently known,” Hazari says.

There is no suggestion that there is a fault in the Swift system in this case, simply that bad actors manipulated a technological deficit within PNB. One lawyer describes the systems in place as “prehistoric”, while others have said that this clearly makes the case for blockchain technology.

The Reserve Bank of India and Swift have reportedly agreed to work together to screen all cross-border trade transactions (Swift declined a request to be interviewed for this story), and for now, the overhaul that would be required by distributed ledger technology seems unrealistic.

For trade financiers in India, the priority will now be on doing the simple things right.

Tags: , , , , , , , , , , , , , ,

take me back

Comments


Recommended for you

T&CsPrivacy Policy© Exporta Publishing & Events Ltd 2018

Privacy Policy

Our privacy commitments

This Privacy Policy outlines the information we may collect about you in relation to your use of our websites, events, related publications and services (“personal data”) and how we may use that personal data. It also outlines the methods by which we and our service providers may (subject to necessary consents) monitor your online behaviour to deliver customised advertisements, marketing materials and other tailored services. This Privacy Policy also tells you how you can verify the accuracy of your personal data and how you can request that we delete or update it.

This Privacy Policy applies to all websites operated by Exporta Publishing & Events Ltd (as indicated on the relevant website).

This privacy statement does not cover the activities of third parties, and you should consult those third-party sites’ privacy policies for information on how your data is used by them.

Any questions regarding this Policy and our privacy practices should be sent by e-mail to privacy@gtreview.com or by writing to Data Protection Officer at, Exporta Publishing & Events Ltd, 4 Hillgate Place, London, SW12 9ER, United Kingdom. Alternatively, you can telephone our London headquarters at +44 (0) 20 8673 9666.

Who are we?

Established in 2002 and with offices in London and Singapore, Exporta Publishing & Events Ltd is the world’s leading trade and trade finance media company, offering information, news, events and services for companies and individuals involved in global trade.

Our principal business activities are:

  • Business-to-Business financial publishing. We provide a range of products and services focused on international commodities, export, supply chain and trade finance markets including magazines, newsletters, electronic information and data
  • Organisers of seminars, conferences, training courses and exhibitions for the finance industry

Exporta Publishing & Events Ltd is a company registered in the United Kingdom with company number 4407327 | VAT Registration: 799 1585 59

Data Protection Policy

This Data Protection Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

Why do we collect information from you?

Our primary goal in collecting personal data from you is to give you an enjoyable customised experience whilst allowing us to provide services and features that will meet your needs.
We collect certain personal data from you, which you give to us when using our Site and/or registering or subscribing for our products and services. However, we also give you the option to access our Sites’ home pages without subscribing or registering or disclosing your personal data.

We also collect certain personal data from other group companies to whom you have given information through their websites (including, by way of example, Exporta Publishing & Events Ltd and subsidiaries, in accordance with the purposes listed below). Should we discover that any such personal data has been delivered to any of the Sites, we will remove that information as soon as possible.

Why this policy exists

This Data Protection Policy ensures Exporta Publishing & Events Ltd:

  • Complies with data protection law and follow good practice
  • Protects the rights of staff, customers and partners
  • Is open about how it stores and processes individuals’ data
  • pretexts itself from the risk of a data breach

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.

Data protection law

The Data Protection Act 1998 described how organisations – including Exporta Publishing & Events Ltd – must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information collected must be stored safely, not disclosed unlawfully and used fairly.

The Data Protection Act is underpinned by eight important principles. These say that personal data must:

  • Be processed fairly and lawfully
  • Be obtained only for specific, lawful purposes
  • Be adequate, relevant and not excessive
  • Be accurate and kept up to date
  • Not be held for any longer than necessary
  • Processed in accordance with the rights of data subjects
  • Be protected in appropriate ways
  • Not be transferred outside the European Economic Area (EEA), unless that country of territory also ensures an adequate level of protection

How do we collect information from you?

We obtain information about you when you use our website, for example, when you contact us about products and services, when you register for an event, register to receive eNewsletters, subscribe or register for a trial to our GTR magazine/website.

 Types of Personal Data Held and its Use

1.      Customer Services and Administration

On some Sites, Exporta Publishing & Events Ltd collects personal data such as your name, job title, department, company, e-mail, phone, work and/or home address, in order to register you for access to certain content, subscriptions and events. In addition, we may also store information including IP address and page analytics, including information regarding what pages are accessed, by whom and when.

This information is used to administer and deliver to you the products and/or services you have requested, to operate our Sites efficiently and improve our service to you, and to retain records of our business transactions and communications. By using the Sites and submitting personal information through the registration process you are agreeing that we may collect, hold, process and use your information (including personal information) for the purpose of providing you with the Site services and developing our business, which shall include (without limitation) the purposes described in the below paragraphs.

2.      Monitoring use of our Sites

Where, as part of our Site services, we enable you to post information or materials on our Site, we may access and monitor any information which you upload or input, including in any password-protected sections. Subject to any necessary consents, we also monitor and/or record the different Sites you visit and actions taken on those Sites, e.g. content viewed or searched for. If you are a registered user (e.g. a subscriber or taking a trial), when you log on, this places a cookie on your machine. This enables your access to content and services that

are not publicly available. Once you are logged on, the actions you take – for example, viewing an article – will be recorded (subject to any necessary consents). We may use technology or a service provider to do this for us. This information may be used for one or more of the following purposes:

  • to fulfil our obligations to you;
  • to improve the efficiency, quality and design of our Sites and services;
  • to see which articles, features and services are most read and used
  • to track compliance with our terms and conditions of use, e.g. to ensure that you are acting within the scope of your user licence;
  • for marketing purposes (subject to your rights to opt-in and opt-out of receiving certain marketing communications) – see paragraph 3 below;
  • for advertising purposes, although the information used for these purposes does not identify you personally. Please see paragraph 5 below for more details;
  • to protect or comply with our legal rights and obligations; and
  • to enable our journalists to contact and interact with you online in connection with any content you may post to our Sites.

Please see paragraph 5 below for more information on cookies and similar technologies and a link to a page where you can turn them on or off.

3.      Marketing

Some of your personal data collected under paragraphs 1 and 2 above may be used by us to contact you by e-mail, telephone and/or post for sending information or promotional material on our products and/or services and/or those of our other group companies.
We give you the opportunity to opt-out of receiving marketing communications. Further detail can be found on the applicable Site and in the footer of each marketing communication sent by us, our group companies or service providers. See also “Consents and opt-outs” section below.
We will not share your information with third parties for marketing purposes.

4.      Profiling

We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you.

5.      Cookies and similar technologies

All our Sites use cookies and similar technical tools to collect information about your access to the Site and the services we provide.

What is a cookie?

When you enter some sites, your computer will be issued with a cookie. Cookies are text files that identify your computer to servers. Cookies in themselves do not identify the individual user, just the computer used.

Many sites do this whenever a user visits their site in order to track traffic flows, recording those areas of the site that have been visited by the computer in question, and for how long.

Users have the opportunity to set their computers to accept all cookies, to notify them when a cookie is issued, or not to receive cookies at any time. Selecting not to receive means that certain personalised services Exporta Publishing & Events Ltd offers cannot then be provided to that user.

 

Why do we use cookies?

  1. Log In – Where we provide log in mechanisms for site users a cookie is created at login and for the duration of the session. Each cookie contains a unique reference number only (no personal information) which is used to confirm you are authorised.
  2. Analytics – To allow us to keep track of traffic to our website we use cookies. The cookies simply tell us if you have previously visited our website so we can get more accurate figures for New vs Returning visitors.

Find and control your cookies

All of the major browser providers offer advice on setting up and using the privacy and security functions for their products. If you require technical advice or support for a specific browser/version please contact the provider or visit their website for further details: www.microsoft.com / www.mozilla.com / www.apple.com
 / www.opera.com / www.aol.com / www.netscape.com
 / www.flock.com / www.google.com

We may use cookies to:

  • remember that you have used the Site before; this means we can identify the number of unique visitors we receive to different parts of the Site. This allows us to make sure we have enough capacity for the number of users that we get and make sure that the Site runs fast enough
  • remember your login session so you can move from one page to another within the Site;
  • store your preferences or your user name and password so that you do not need to input these details every time you visit the Site;
  • customise elements of the layout and/or content of the pages of Site for you;
  • record activity on our Sites so that we understand how you use our Sites enabling us to better tailor our content, services and marketing to your needs;
  • collect statistical information about how you use the Site so that we can improve the Site; and
  • gather information about the pages on the Site that you visit, and other information about other websites that you visit, so as to place you in a “market segment”. This information is only collected by reference to the IP address that you are using, but does include information about the county and city you are in, together with the name of your internet service provider.

Most web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that, or to notify you each time a cookie is set. You can also learn more about cookies in general by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser. Please note however, that by blocking, deleting or turning off cookies used on the Site you may not be able to take full advantage of the Site.

6.      E-mail tracking

E-mail tracking is a method for monitoring the e-mail delivery to those subscribers who have opted-in to receive marketing e-mails from GTR, including GTR Africa, GTR Asia, GTR Americas, GTR Europe, GTR Mena, GTR eNews, Third party e-mails and GTR Ventures.

Why do we track e-mails?

So that we can better understand our users’ needs, we track responses, subscription behaviour and engagement to our e-mails – for example, to see which links are the most popular in newsletters. They enable us to understand the consumers journey through metrics including open rate, click-through rate, bounces and unsubscribes. Any other purposes for which Exporta Publishing & Events Ltd wishes to use your personal data will be notified to you and your personal data will not be used for any such purpose without obtaining your prior consent.

How do you track GTR eNewsletters?

To do this, we use pixel GIFs, also known as “pixel tags” – these are small image files that are placed within the body of our e-mail messages. When that image is downloaded from our web servers, the e-mail is recorded as being opened. By using some form of digitally time-stamped record to reveal the exact time and date that an e-mail was received or opened, as well the IP address of the recipient.

7.      Consents and opt-outs

You can give your consent to opt-out of all or any particular uses of your data as indicated above by:

  • Indicating at the point on the relevant Site where personal data is collected
  • Informing us by e-mail, post or phone
  • Updating your preferences on the applicable Site or eNewsletter (unsubscribe and preference options are available in the footer of each eNewsletter)

To turn cookies and similar technologies on and off, see the information in paragraph 5 above. Any questions regarding consents and opt-outs should be sent by e-mail to privacy@gtreview.com or by writing to Data Protection Officer at, Exporta Publishing & Events Ltd, 4 Hillgate Place, London, SW12 9ER, United Kingdom. Alternatively, you can telephone our London headquarters at +44 (0) 20 8673 9666.

8.      Disclosures

Information collected at one Site may be shared between Exporta Publishing & Events Ltd and other group companies for the purposes listed above.

We may transfer, sell or assign any of the information described in this policy to third parties as a result of a sale, merger, consolidation, change of control, transfer of assets or reorganisation of our business.

9.      Public forums, message boards and blogs

Some of our Sites may have a message board, blogs or other facilities for user generated content available and users can participate in these facilities. Any information that is disclosed in these areas becomes public information and you should always be careful when deciding to disclose your personal information.

10.  Data outside the EEA

Services on the Internet are accessible globally so collection and transmission of personal data is not always limited to one country. Exporta Publishing & Events Ltd may transfer your personal data, for the above-listed purposes to other third parties, which may be located outside the European Economic Area and/or with a different level of personal data protection. However, when conducting transfers, we take all necessary steps to ensure that your data is treated reasonably, securely and in accordance with this Privacy Statement.

Who has access to your information?

Confidentiality and Security of Your Personal Data

We are committed to keeping the data you provide us secure and will take reasonable precautions to protect your personal data from loss, misuse or alteration.

However, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features described above to try to prevent unauthorised access.

We have implemented information security policies, rules and technical measures to protect the personal data that we have under our control from:

  • unauthorised access
  • improper use or disclosure
  • unauthorised modification
  • unlawful destruction or accidental loss

All our employees, contractors and data processors (i.e. those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of your personal data, are obliged to keep the information confidential and not use it for any other purpose than to carry out the services they are performing for us.

Responsibilities

Everyone who works for or with Exporta Publishing & Events Ltd has some responsibility for ensuring data is collected, stored and handled appropriately. Each team handling personal data must ensure that it is handled and processed in line with this policy and data protection principles. However, the following people have key areas of responsibility. The board of directors is ultimately responsible for ensuring that Exporta Publishing & Events Ltd meets its legal obligations.

Name of Data Controller


The Data Controller is Exporta Publishing & Events Ltd. Exporta Publishing & Events Ltd is subject to the UK Data Protection Act 1998 and is registered in the UK with the Information Commissioner`s Office.

How to access, update and erase your personal information

If you wish to know whether we are keeping personal data about you, or if you have an enquiry about our privacy policy or your personal data held by us, in relation to any of the Sites, you can contact the Data Protection Officer via:

  • By writing to this address: Data Protection Officer, Exporta Publishing & Events Ltd, 4 Hillgate Place, London, SW12 9ER, UK
  • Telephone: +44 (0) 20 8673 9666
  • E-mail: privacy@gtreview.com

Upon request, we will provide you with a readable copy of the personal data which we keep about you. We may require proof of your identity and may charge a small fee (not exceeding the statutory maximum fee that can be charged) to cover administration and postage.

Exporta Publishing & Events Ltd allows you to challenge the data that we hold about you and, where appropriate in accordance with applicable laws, you may have your personal information:

  • erased
  • rectified or amended
  • completed

Disclosing data for other reasons

In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances, Exporta Publishing & Events Ltd, will disclose requested data. However, the Data Controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisors where necessary.

Changes to this Privacy Statement

We will occasionally update this Privacy Statement to reflect new legislation or industry practice, group company changes and customer feedback. We encourage you to review this Privacy Statement periodically to be informed of how we are protecting your personal data.

Providing information

Exporta Publishing & Events Ltd aims to ensure that individuals are aware that their data is being processed, and that they understand.

  • How the data is being used
  • How to exercise their rights

To this end, the company has a privacy statement, setting out how data relating to individuals is used by the company. This is available on request and available on the company’s website.

Review of this policy

We keep this Policy under regular review. This Privacy Statement was last updated in April 2018.