There are several ways in which banks the world over facilitate credit to their customers when they are importing and exporting goods. For instance, when I used to work in India, about 30 plus years ago, I was employed as a sales engineer distributing the high technology products of an American company. Most customers in those days were the defence laboratories, manufacturers for defence and so on. Abdul Kalam was the director of Defence Research and Development laboratories in Hyderabad and was tasked with producing missiles such as Agni, Trishul and so on. Suffice to say, there was a lot of activity.

Every time a new project came down the pipeline, there would be an elaborate procurement process that would involve the buyer opening a Letter of Credit (LC) with an Indian bank such as the State Bank of India. The LC would specify the amount in dollars since it was a US supplier, would specify whose responsibility the goods were once it left the premises of the supplier, where it would land and so on. Excruciating details needed to be filled, even for small amounts. This LC would be checked, double checked and triple checked by at least three different entities (the buyer, the distributor—i.e. the company I worked at—the foreign exchange group in the company that telexed the data to the company that handled international sales). If even one comma was out of place, the LC would be rejected and the process would start all over again. The point of this is that there were many checks when money left India for purchasing equipment from abroad.

Fast forward to the present. There are many ways in which banks provide credit facilities to its customers. A due diligence process is undertaken, the size and capacity of the business to repay is computed and the limits are accordingly set. These limits are set in the Core Banking System (CBS) or a trade finance system. This covers all types of guarantees by the bank such as a Letter of Undertaking (LoU), a Bank Guarantee (BG) or a Letter of Credit (LC) facility.

LoU issued via manual entry in SWIFT, bypassing CBS.

HOW IS AN LOU SUPPOSED TO WORK?

When an LoU is issued normally in the CBS, the CBS makes a debit entry and then generates an LoU SWIFT (Society for Worldwide Interbank Financial Telecommunication) message that is then transmitted to the foreign entity. For more, see Figure 1.

But what really happened in the case of Punjab National Bank was that there was a manual entry of SWIFT message that was possible, which the SWIFT gateway provided. This method bypassed the use of the Core Banking System module. This means that the CBS does not have any knowledge of the LoU. For more, see Figure 2.

Regrettably, this “shortcut” is used all too often in Indian banking to generate fake LCs and BGs.

Figure 1 was a simple illustration of how an LoU works. Figure 3 describes the same operation with a Release Control Mechanism (RC). Swift gateways provide an RC, which can be used to check every swift message that goes out of the bank. In this mechanism, every message should have a backing accounting entry in CBS and if such an entry is not found, the system does not allow the swift message to be sent out. In the case of LoUs, the backing entry in CBS will be the debit entry. Many global banks also implement anti money laundering screening or anti-terrorist scanning for each SWIFT message as part of the release control mechanism checks.

LoU with Release Control Mechanism.

HOW COULD HAVE THIS HAPPENED?

Go to any bank in India. You will find a Rs 2 pen tied to the desk that has all the forms. This is how zealously they guard their property. Then how could this happen, that too for several years? This clearly indicates that there were higher ups in the know and perhaps were on the take. As I mentioned previously, this cannot be wished away as an isolated instance. There are several such scams in the banking system and the system needs to be controlled immediately.

WHAT IS THE SOLUTION?

For this, we need to go back to an age when Laser Soft CBS product was the dominant software provider for the banks. Their software had a robust implementation of LoUs similar to what is described in Figure 3. How they were replaced by Finacle and how their business was almost driven to the ground is a story of deliberate attempted murder of an enterprise that needs to be told here.

Corporation Bank, a PSU bank was among the first to automate its banking operations. Since they were headquartered in Chennai and as was Laser Soft, they worked closely to implement the CBS. One of the perceived limitations that were held against the Laser Soft product was that it did not have a Relational Database Management System (RDMBS). Even if this were true, it could have been enabled in a very short time.

A reliable source, who wished not to be named, told me that though there was a public perception that the Reserve Bank of India (RBI) had advised all banks to go for RDBMS; apparently there was no such directive. “Advice” came from the UPA government to all Public Sector Undertaking (PSU) banks to change over to Finacle. They obeyed in a herd, despite the high cost involved. Given the leakages that have taken place in the banking system, a ruthless examination by investigating agencies should be made of the UPA decision to change a well-functioning software with a much more expensive (and plainly inadequate) alternative.

WAS LASER SOFT PREVENTED FROM BIDDING?

My reliable source also added that when Corporation Bank was evaluating various solutions for an RDBMS based software solution, the rules were abruptly tweaked in such a way as to exclude Laser Soft. If true, this warrants a thorough investigation by the Central Bureau of Investigation. Prime Minister Narendra Modi needs to act in order to protect his image of being a clean politician and to save the banking system from further fraud. I have also heard rumours that other chairmen of PSU banks were also coaxed into buying the new software. There was allegedly an instance of an ex-chairman landing at the city, where a PSU bank was headquartered, to lobby for Finacle. The CBI needs to investigate this without fear or favour. I have also heard that RBI continues to use Laser Soft CBS. If this is true, it is a stinging indictment of banks that go by “advice” from interested quarters. The Nirav Modi-created meltdown in PNB resources could be the tip of a much bigger iceberg of similar ways in which the banking system is being defrauded.

AN I.T. NIGHTMARE

When an existing piece of software, say Microsoft Word for Windows, which is what I used to type this article is being considered to be replaced, then it raises several concerns in the minds of the Information Technology (IT) group. These are the guys who will have to go to every computer on which the old software is installed, take it out and replace it with the newer software. Suffice to say it is a pain in the neck. They usually resist change. Why fix something when it is not broken? Long story short, unless there is a compelling reason for changing the product, the IT guys do not want to change it. They are often overworked, asked to deal with many tasks that their job description does not list. No wonder that in several banks, installation of Finacle software is still a work in progress.

CONCLUSION

The corrective action has to be put in place immediately by moving forward. All existing software, all security measures should be checked, upgraded and verified. If this means foreign banking has to be suspended for a few days, so be it. This is the public’s money that is being played with. Most importantly, an inquiry needs to get conducted as to how the public banking system was “attacked from within” during the UPA period. Four years is too long a time for the government to avoid responsibility for its inability to ensure that the PNB scam was stopped in its tracks soon after the victory of the “na khaoonga, na khane doonga” Prime Minister in 2014.

Replies to “Banking scam has UPA era roots”

  1. When LOU/ BG/LC is issued the liability amount of HAS to necessarily get validated in the CBS and then only the SWIFT message goes through. If some one created free format SWIFT message and bypassed the system its criminal and action will be taken. Moreover, every SWIFT message needs to be audited with print-log at least on the following day , if its not done its dereliction of duty , or even collusion.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

*

*