Is your bank safe ?
Updated: Jul 24
Typical perception of a Bank (Illustration source: kingofwallpapers.com)
“A chain is only as strong as its weakest link” as someone wise said. The recent demonetization drive in India transformed my long held view of banks from a heavily guarded vault to that of an ordinary chain which was susceptible to twists, and damage if someone had the right pressure to apply at its different links.
Last quarter of 2016, several top Indian banks came under the scanner for violating Reserve Bank of India's (RBI) directives governing the India's bold demonetization step. It has been amazing to see how people who had the right connections could smoothly walk into the banking system, and get large amounts of their illegal money get converted into legal currency bypassing all checks. As per the above report: “troves of illegally accumulated new notes worth lakhs and sometimes even crores have been found with several individuals across India”. Several banks including the RBI itself got caught on the wrong side of the law. Axis Bank CEO apologised to customers in the wake of money laundering reports. Call for an urgent need for stricter compliance mechanisms is being raised.
Such vulnerability of banks is not an India specific phenomena. Globally several banks have been fined millions of dollars for not being able to comply with applicable regulatory guidelines. Standard Chartered Bank got fined multiple times in excess of 1 Billion USD over past ten years, most recent occurrence being in Dec 2016 and prior to that in 2014 and 2012. Wells Fargo is another example where 5300 employees were fired in 2016 for opening fake accounts. Other global banks such as JP Morgan Chase and Citibank have had their share of violations in the past incurring huge penalties. In India, RBI recently fined three government run banks for violations.
Why is it hard for a bank to be run morally?
Let us look at the root cause of the problem. The regulators for the banking industry have been actively churning out new regulations or updating existing ones, yet we see loose ends everywhere. If you look closer, regulations are essentially directives that are meant to safeguard the interest of the consumers by preventing operations that could allow the banking system to be misused. Examples of misuse include infusion of money earned through illegal means such as terrorism or corruption, as legal money into banking system (called money laundering) or committing fraud for personal gains.
The primary financial regulators in India include the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Insurance Regulatory and Development Authority of India (IRDAI) and Ministry of Corporate Affairs (MCA). USA has U.S. Securities and Exchange Commission (SEC), Financial Industry Regulatory Authority (FINRA), Commodity Futures Trading Commission (CFTC), Federal Reserve System ("Fed") and others that govern the financial landscape there. A more thorough list of country wise regulators is available at [Wikipedia].
Now, given that banks are people run organizations like any other, they too are susceptible to human error and fraud. Regulators restrict the conduct of banks primarily to prevent such scenarios. They scrutinize various banks periodically to ensure that the conduct of those banks are in compliance with the prescribed regulations. However, these regulations are essentially guidelines written in natural language text (often complex) that are subject to human interpretation. Banks interpret these regulations and define their internal policies and procedures that govern the operations of their ground staff.
Now, the cycle from regulation to bank’s policies to monitoring and connecting back to regulator through periodic reporting is mostly a manual workflow, as of today. Currently, there does not exist an end to end mechanism to automatically ensure compliance with applicable regulations. Compliance officer of a bank has a tough job at hand. She needs to keep track of various regulators affecting different functions of a bank. Next, she needs to be aware of all the regulations issued by each of those regulators and any updates released periodically. With each new regulation and update come the tasks of:
identifying changes in the regulatory environment,
identifying their impact on current business,
updation in internal policies and processes as appropriate,
changing backend systems and
re-training the employees
Today banks employ human experts at each stage of this cycle to ensure that the internal policies are being followed diligently. There is some technological help deployed by various banks for monitoring specific processes such as Know-Your-Customer (KYC), Anti-Money Laundering (AML) and others that is bringing huge cost savings for them. However, most of the cycle remains largely a human run process which is prone to error in human judgement or intention and is also extremely costly.
Understanding the complexity hidden underneath, I have now come to appreciate the humongous challenge that banks face. At one hand they need to keep catching up with the regulator, while on the other the other they need to manage their internal operations to be compliant. All this while they keep the customer satisfied (who likes to wait a week for account opening) and aim to keep the business profitable at the same time (huge compliance costs or violation penalties eat up a major chunk of earnings).
I truly believe that the industry needs help. While your bank is probably safe in a physical sense but there is a dire need for automation to build secure digital walls around banking systems that are stronger than human will, are scalable and are much more cost effective.
Disclaimer: Any views expressed in the article are personal views of the author.
PS: This article was originally published at LinkedIn