20.3 C
New York

Banking Sector Fraud



Banking is the one of the great invention of the world. Banks are back bone of financial market, economy, and financial sector and play very important role to run the economy of any country.

As per annual Report of RBI 2012-13, total schedule commercial Bank of India are 89 with total number of office are 92114 and total number of employee are 10, 96,984 and deposits ,investment and advances are (In million ) Rs.7,42,95,324 Rs.2,61,32,752 and Rs. 5,87,97,025  respectively .

The phenomenal spread of branches, growth and diversification in business, large scale computerization and networking have collectively increased manifold the operational risk faced by the banks .

Although banks cannot be 100% secure against unknown threats, a certain level of preparedness can go long way in countering fraud risk. Promising steps to control frauds are educate the customers about frauds prevention, make application of law more stringent ,leverage the power of data analysis technologies, follow fraud mitigation best practices and employ multipoint security .

In 2015 RBI has introduced new mechanism to check loan frauds by taking proactive steps by setting up Central Frauds Registry, introduced the concept of Red Flagged Account and Indian Investigation Agency will start sharing their data base with Banks.

According KPMG CII report India Banking Sector has potential to become 5th largest in the world by 2020 and 3rd largest by 2025.While Indian banking industry has witnessed a rapid growth in their business and profit the amount involved in bank has also been on the rise.

As KPMG’S India Fraud Survey 2012 “despite having strong regulator financial service sector has emerged as most susceptible sector to frauds “. Thus in nutshell inadequate measure to prevent banking fraud is the primary reason for widespread Frauds .Technology is the double edged sword ,which can be used to perpetuate ,detect and prevents frauds .


RBI as a statutory body has, per se, not defined the term “fraud” in its guidelines on Frauds. A definition of fraud was, however, suggested in the context of electronic banking in the Report of RBI Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds, which reads as: “A deliberate act of omission or commission by any person, carried out in the course of a banking transaction or in the books of accounts maintained manually or under computer system in banks, resulting into wrongful gain to any person for a temporary period or otherwise, with or without any monetary loss to the bank”.

According to the Association of Certified Fraud Examiners (ACFE), fraud is “a deception or misrepresentation that an individual or entity makes knowing that misrepresentation could result in some unauthorized benefit to the individual or to the entity or some other party”.

Fraud, under Section 17 of the Indian Contract Act, 1872, includes any of the following acts committed by a party to a contract, or with his connivance, or by his agents, with intent to deceive another party thereto or his agent, or to induce him to enter into the contract:

· The suggestion as a fact, of that which is not true, by one who does not believe it to be true;

· The active concealment of a fact by one having knowledge or belief of the fact;

· A promise made without any intention of performing it;

· Any other act fitted to deceive;

· Any such act or omission as the law specially declares to be fraudulent

Various Aspects of Bank Frauds:

Broadly, the frauds reported by banks can be divided into three main sub-groups:


After the international focus on KYC, RBI brought a paradigm shift in the approach to KYC by banks in India. It moved away from introduction to document based identification – hence introduction is no more required. It also shifted the focus from financial loss (from frauds) to the banks to the loss of reputation to the banks (by non-compliance). The other principles are that the KYC information collected is to be consistent with risk perception and other information to be collected only with consent of the customer and the KYC related information is confidential – not to be divulged for cross-selling or any other purpose. RBI has prescribed that the KYC policy of banks should have the following key elements:

Customer Acceptance Policy

Customer Identification Procedures

Monitoring of Transactions, and

Risk Management

 If one were to carefully observe, each of the elements is intended to make the customer-bank relationship a fraud-free one. Fraudulent documentation involves altering, changing or modifying a document to deceive the bank. It can also involve approving incorrect information provided in documents knowingly (cases of connivance of bank staff with fraudsters). Deposit accounts in banks with lax KYC drills/ inoperative accounts are vulnerable to fraudulent documentation. Some typical examples:

· To evade taxes, an individual routes savings transactions through multiple bank accounts

· An individual illegally obtains personal information/ documents of another person and takes a loan in the name of that person.

· He/she provides false information about his/her financial status, such as salary / IT return and other assets, and takes a loan for an amount that exceeds his / her eligible limits with the motive of non-repayment.

· A person takes a loan using a fictitious name and there is a lack of a strong framework pertaining to spot verifications of address, due diligence of directors/promoters, pre-sanction surveys and identification of faulty/incomplete applications and negative/criminal records in client history.

· Fake documentation is used to grant excess overdraft facility and withdraw money.

· A person may forge export documents such as airway bills, bills of lading, Export Credit Guarantee Cover and customs purged numbers/orders issued by the customs authority. In each of these examples, there is possible laxity in checking documents. KYC is not just checking the documents submitted but ensuring that whatever has been submitted pertains to the same person / applicant.


Frauds related to the advances portfolio accounts for the largest share of the total amount involved in frauds in the Indian banking sector. Increase in the cases of large value fraud (involving amount of Rs. 50 crore and above) in accounts financed under consortium or multiple banking arrangements involving even more than 10 banks at times, is an unwelcome trend in the banking sector. Another point that needs to be highlighted here is that public sector banks account for a substantial chunk of the total amount involved in such cases. Majority of the credit related frauds are on account of deficient appraisal system, poor post disbursement supervision and inadequate follow up.

a. Siphoning of funds takes place when funds borrowed from banks are utilized for purposes unrelated to the operations of the borrower.

b. Diversion of funds includes any one of the following occurrences:

· Use of short-term working capital funds for long-term commitments not in conformity with the terms of sanction

· Using borrowed funds for creation of assets other than those for which the loan was sanctioned

· Transferring funds to group companies

· Investment in other companies by acquiring shares without the approval of lenders

· Shortage in the usage of funds as compared to the amounts disbursed/ drawn, with the difference not being accounted for


In 2014, around 65% of the total fraud cases reported by banks were technology-related frauds (covering frauds committed through / at an internet banking channel, ATMs and other payment channels like credit/debit/prepaid cards). Business and technology innovations that the banking sector is adopting in their quest for growth are in turn presenting heightened levels of cyber risks. These innovations have probably introduced new vulnerabilities and complexities into the system. For example, the continued adoption of web, mobile, cloud, and social media technologies has increased opportunities for attackers. Similarly, the waves of outsourcing, offshoring, and third-party contracting driven by a cost reduction objective may have further diluted institutional control over IT systems and access points. These trends have resulted in the development of an increasingly boundary-less ecosystem within which banking companies operate, and thus a much broader “attack surface” for the fraudsters to exploit.

Hacking: Hackers/fraudsters obtain unauthorized access to the card management system of the respective bank. Counterfeit cards are then issued for the purpose of money laundering.

Phishing: A technique used to obtain your card and personal details through a fake email.

 Pharming: A similar technique where a fraudster installs malicious code on a personal computer or server. This code then redirects clicks you make on a Website to another fraudulent Website without your consent or knowledge.

Vishing: Fraudsters also use the phone to solicit your personal information.

Smishing: It uses cell phone text messages to lure consumers in. Often the text will contain an URL or phone number. The phone number often has an automated voice response system. And again just like phishing, the smishing message usually asks for your immediate attention.

Debit card skimming: A machine or camera is installed at an ATM which picks up card related information and PIN numbers when customers use their cards.

Computer viruses: With every click on the internet, a company’s systems are open to the risk of being infected with nefarious software that is set up to harvest information from the company servers.

Counterfeit instruments: Fake cheques / Demand Drafts that look too good to be true are being used in a growing number of fraudulent schemes, including foreign lottery scams, cheque overpayment scams, internet auction scams and secret shopper scams.

With the growing business of mobile banking, it is essential that we devote exclusive space and time to this aspect / mode of banking. The risks associated with Mobile Banking have to be studied on a two pronged base i.e. Transactions through Mobile and Mobile Wallets. Why Mobile Wallets? The reason is that at the backend of every e-Wallet we either have a bank account, banks’ credit card or debit card. According to RBI, in 2014-2015, 22 million of the 589 million bank account holders were using mobile banking apps. The volume of mobile banking transactions has also risen from around Rs.1,819crore in 2011–12 to about Rs.1.02 trillion in 2014–15, as per a PwC report. Possible frauds with Mobile Banking:

Fake apps: The first step in stealing money online is to steal information. This can be done by creating a fake app outside a play store. Hackers create fake apps which will look exactly as the original one and the usage & interface is similar to the original app.

Mobile banking application being mapped to an incorrect mobile number: For bank customers who do not use mobile banking, an employee of the bank could attach an associate’s mobile number to the bank account and install a mobile application on his mobile device. The customer’s account is compromised by the associate and he or she does not get any notification about the same.

SIM Swap: The fraudsters shall first collect the personal banking information through phishing, vishing, smishing or any other means. Once they have the same, they manage to have the SIM card blocked, and obtain a duplicate one by visiting the mobile operator’s retail outlet with fake identity proof. The mobile operator deactivates the genuine SIM card, which was blocked, and issues a new SIM to the fraudsters. It is now simple to generate a one-time password (OTP) required for transactions using the stolen banking information. This OTP is received on the new SIM held by the fraudsters and they can now transact before the bank customer realizes the theft and alerts the bank. Possible frauds with Mobile Wallets:

Increased risk of money laundering: Transfer of money into and out of a mobile wallet (with open and semiopen wallet option available) from or to a bank account is now possible. Cash-in from the bank account of an individual and cash-out to a different bank account of another individual can be used as a platform for laundering unaccounted money.

Fake merchants: If the merchant on-boarded by the service provider is a fraudster, and the payment is made by the customer for fictitious goods or services from the merchant, cash can be debited from the account. Adoption of mobile commerce is dependent on customers’ perceptions about how safe their virtual money is from fraud. Over time, the ability to successfully counter frauds can become a key business differentiator for mobile wallet companies. Fraud therefore needs to be considered as a critical business risk rather than just a one-off financial loss.


As per The Pioneer (Recovering Loan, People Trust), frauds glore rocking bank in India ,RBI has released data that the Bank lost Rs.61260 Crore in loan frauds in last five year between 2012-17.

As per Times of India (May 2, 2018):According to RBI ,over 23000 cases of frauds involving whopping Rs. 1 lakh Crore have been reported in last five years in various bank .

 A total 5152 cases of frauds, up from over 5000 cases in 2016-17and amount Rs.28459 Crore were reported in bank from April-17 to March 18.

In 2016-17 bank has reported 5076 cases of frauds involving Rs.23933 crore.

From 2013 to march 2018, 23886 cases has been reported which contain Rs. 100,718 Crore frauds.

As per RBI, 4693 such cases involving Rs.18698 Crore and 4639 cases which involve 19455 Crore were reported in 2015-16 and 2014-15 respectively.

In 2013-14, bank reported 4306 cases of frauds, involving Rs.10170 Crore, RBI said.

Among the prominent one is the over Rs.13000 Crore frauds in the PNB allegedly committed by NairavModi and his uncle MehulChoski.

According to Government Data, the Gross Non Performing Assets (NPAs) of all banks in country, amounting Rs. 8, 40,958 Crore in December 2017.As per data presented by ministry of state of Finance on March 18.

S.no.Bank(Rs.)Amount of NPA in Crore
3IDIB Bank44,542.00
4Bank of India47,474.00
5Bank of Baroda41,649.00
6Union Bank of India38,047.00
7Canara Bank37794.00
8ICICI Bank33,849.00

As per The Indian Express (December 2018): in 2017-18, however, frauds related off-balance sheet operation ,foreign exchange Transaction, deposit accounts and cyber activity took centerstage.

Bank reported more cyber frauds during the year, losing the Rs.109.60 Crore in 2059 case in 2017-18 as against Rs.42.3 Crore with 1372 cases in previous year.

                       FRAUDS IN BANK OPERATION
Area  2015-16   2016-17     2017-18
Off-Balance Sheet4132.4563.32016,287.7
Foreign Exchange1750.8162201.0091425.8
Clearing Account1786.6275.7375.6
Inter-Branch A/cs410.110.461.2
Non-Resident A/cs88.8113.465.5

There has been a jump in the quantum of funds involved in frauds in banks and other financial institutions during the year 2017-18.

As per data submitted by the Reserve Bank of India (RBI) to the Centre, the amount increased to ₹41,167.7crore in the last financial year against ₹23,933.9crore in the previous year.

For public sector banks, it had gone up significantly from ₹19,529 crore to ₹29,246 crore. Nationalised banks witnessed a steep increase in this regard.

This increase is noteworthy as it could not be prevented despite a directive to public sector banks to ensure a framework for timely detection of frauds.

For SBI, there was a decrease in the amount involved, though the number of reported frauds had gone up. It came down to ₹254,198 lakh from ₹303,642 lakh in the previous year. The number of frauds, however, had gone up to 981 from 794.

Apparently, banks became victims of high-profile customers, as the number of frauds were 2,883 against 2,709 in the financial year 2016-17.

A look into the last five years’ data reveals that there has been a three-fold increase in public money that was lost. For instance, in 2013-14, the amount involved was ₹10,170 crore, and the number of reported frauds were only 4,306.

The RBI had, in February 2018, constituted a panel under the chairmanship of YH Malegam to look into factors that contribute to the increase in the number of frauds. It has also been asked to come up with measures to prevent frauds.

The Central Vigilance Commission (CVC) has analysed 17 large-value accounts across seven different sectors – gem and jewellery, manufacturing/industry, agro, media, aviation, service/projects and discounting of cheques.


According to the Central Bank, modus operandi of large value frauds involves opening current account outside the lending consortium without a non- objection certificate from lender, deficient and fraudulent services /certification by third party entities, diversion of fund by borrowers through various means ,including through associated /shell companies, lapses in credit underwriting standards and failure to identify early warning signals.  

There is lack of properly trained and experienced person. There is a sudden and tremendous increase in banking business. The sudden expansive explosion has created a vacuum of personnel. New recruits often do not have adequate training or experience before they are put in responsible positions. The findings reveal that 68.77% of respondents have not undergone any formal training in prevention of bank frauds Moreover bank staff feels overburdened. The life has become too fast. The banker does not have enough time to scrutinize documents thoroughly. About two thirds of the respondents (approximately 68%) feel that they do not have sufficient staff to carry out the work meticulously. The overburdened staff was given the highest weight age as the reason responsible for bank frauds.

The bank frauds also occurred due to not updated the system as per requirement. That time the transaction of bank depends upon the computer system and when the system has not been updated, chances of frauds havebeen increased.

Recent time the fraudster does the frauds by attacked on clients directly .The Common man easily caught in their trap and loose the money.


Protecting public funds is high priority for all Government and Banking Industries. The bank should not only follow the security procedure but also do aware the customer, clients, staff regarding bank frauds.

Following steps to be taken for preventation of Frauds-

  • Conduct periodic surprise of audit and annual review of procedure.
  • Provide for the physical security of all cheque.
  • Require additional review process of all cheque over specified amount.
  • Ensure proper segregation of duties staff initiating, authorizating , preparing, signing and mailing payments and reconciling bank statement.
  • Review all bank at least annually .Consolidate or eliminate that are not frequently utilized.
  • Aware to customer not to share card number, CVV, PIN, OTP, Internet banking user id,to any one on any cost.
  • Aware to customer check the URL of the website while making the payment through online mode i.e.RTGS/NEFT, also the website should ideally start with ‘https’(s stand for security)
  • Update the system periodically as per standard. 

Guidelines for Reporting Frauds to the Police-

Private sector Bank /Foreign Bank (Operating in India).

  • While reporting the frauds, banks are required to ensure that, besides the necessity of recovering the amount, the guilty person do not get unpunished.
  • Cases that are required to be referred to state police include -:
  • Cases of fraud involving an amount of Rs. 1.00 lakh and above committed by outsiders on their own or with the connivance of bank staff/officers.
  • Cases of bank involving amount exceeding 10000/- committed by bank employee.
  • Fraud cases involving amount of Rs.1.00 crore and above should also be reported to Serious Fraud Investigation Officers (SFIO),GOI , in FORM-1

Public Sector Banks.

                        Case refer to CBI-

  • Cases fraud involving amount of Rs.1.00 Cr and above up to Rs.7.50Cr.:-
  • Where staff involvement is prima Facie evident-CBI (Anti -Corruption Branch)
  • Where staff involvement is prima Facie not evident-CBI (Economic Offences Wing)
  • All cases involving more than Rs.7.50Cr –Banking security fraud cell of the respective centers, which is the specialize cell of Economic Offences Wing of the CBI for major bank frauds cases.

Cases to be referred to Local Police-

Fraud InvolvingComplaint to be Filed with
Rs.1 lakh and above involving outsiders.()Private party and Bank Staff)Regional Head of the bank to State CID/Economic OffencesWing of State concerned
Below Rs. 1.00 Lakh but above Rs. 10,000/-Local Police Station by the branch
Below Rs. 10,000/- involving bank officialsReported to Regional Head of the bank to decide on further course of action.
Fraudulent encashment of DD/TTs/Pay orders/ Cheques/ DWs, etc.Local Police concerned
Frauds involving forged instrumentsPaying banker to Local Police
Collection of genuine instrument, but collected frequently by a person who is not the ownerCollecting bank to Local Police concerned
Payment of uncleared instrument which found to be fake/forged and returned by the paying bankCollecting Bank to Local Police
Collection/payment of altered/fake cheque involving 2 or more branches of the same bankBranch where the cheque was encashed to the Local Police


While fraud is not a subject that any bank wants to deal with, the reality is that most organizations experience fraud to some degree. It should be recognized that the dynamics of any organization (why only bank) requires an ongoing reassessment of fraud exposures and responses in light of the changing environment an organization encounters. Especially given the unrelenting pace of regulatory change within the banking sector, these stricter regulatory requirements are demanding more attention from management, affecting the profitability of different lines of business, and increasing costs of compliance.

a. The frauds may be primarily due to lack of adequate supervision of top management, faulty incentive mechanism in place for employees, collusion between the staff, corporate borrowers and third party agencies, weak regulatory system, lack of appropriate tools and technologies in place to detect early warning signals of a fraud, lack of awareness of bank employees and customers; and lack of coordination among different banks across India and abroad.

b. The minds of officers cannot be read during the time of recruitment. Mindset of some private and some public sector bank employees shall be to intentionally defraud the organisation. What the organisations can do is to establish and recheck systems which shall raise the timely alert on deviations.

c. Online banking is the new trend and it is here to stay. Banks must realize that the customers who use online banking services is a very powerful group capable of launching scathing attacks using the social media, which can irreparably tarnish the reputation of banks. Banks would need to constantly monitor the typology of the fraudulent activities in such transactions and regularly review and update the existing security features to prevent easy manipulation by hackers, skimmers, phishes, etc. Banks have traditionally planned for resilience against physical attacks and natural disasters; cyber resilience can be treated in the same way. Banks should consider their overall cyber resilience capabilities across several dimensions.

d. Society and media should demand stringent action against the perpetrators of financial frauds

e. As new regulations such as the Companies Act, 2013, place greater emphasis on the presence of a vigil mechanism to mitigate fraud risks, banks must ensure that their employees are aware of their organization’s whistleblower policy and should socially ostracize them. They could be borrowers, lenders, staff or any other stakeholder in the scheme of frauds. Early detection, through the implementation of requisite programs / software’s / system to detect both emerging threats and the fraudster’s moves, can be an essential step towards containing and mitigating losses. Incident detection that incorporates sophisticated, adaptive, signaling, and reporting systems can automate the correlation and analysis of large amounts of IT and business data, as well as various threat indicators, on an enterprise-wide basis. Banks’ monitoring systems should work 24/7, with adequate support for efficient incident handling and remediation processes.

Related articles


Recent articles