Blog Archives
A Wounded Unicorn
As cash crunches strike e-tailers, valuations plummet and down-rounds loom large, the stark reality facing e-commerce unicorns become clear for all to see. Protestations that all is well, and attempts to talk up valuations become less credible by the day. As boardroom conflicts escalate and the day of reckoning fast approaches, a shake-out in the sector becomes imminent. The e-commerce sector becomes a pressure cooker.
Against this backdrop, take a hypothetical e-tailer unicorn that is facing a cash crunch. What if the e-tailer suddenly discovers bugs in its offices and finds that it is the target of corporate espionage? To make matters worse, an investor disappears and a massive data theft follows.
The all-important funding round stalls.
As the stakes escalate and risk surges inexorably, murder follows.
This is the fictional tale narrated in SABOTEUR, the latest corporate thriller set in Bangalore. As bots mimic humans in the Indian cyberspace, men risk millions in Hong Kong. A story of a wounded unicorn and its venture fund investors.
Institutionalizing Insider Trading?
Insider trading, I’ve often thought, must be one of the easiest white-collar crimes to pull off. Even easier than procurement fraud, which must be one of the most pervasive.
Someone in the accounts department of a listed company tells his friend or relative: ‘We’ve done better than expected this quarter. We’ll beat market expectations.’ The friend promptly buys a hundred shares of the company. And when the results come out and the share price surges, the friend is a few thousand rupees richer.
Now, how do prosecutors even begin to establish that price-sensitive information was used to profit from the trade? Unless, of course, the insider was foolish enough to put his tip on an email or a text message. Not only is insider trading easy to pull off (at least on a small scale), it is also horrendously difficult to prove.
There are tens of thousands of people in listed companies who possess such price-sensitive information from time to time. It’s not just the blokes in the accounts department, but also others too – both employees and outsiders (auditors, consultants, I-Bankers, advisors, etc.).
During my tenure at the Big Four audit/consulting firms, this was something we had to constantly look out for. The law explicitly prevents auditors and consultants from divulging such information – inadvertently or otherwise – to any party who may benefit from it. And we were prohibited from owning stocks of companies we audited or advised. Independence/propriety is indeed a big deal at these firms.
Be that as it may, many do believe that insider trading is prevalent in India. On a small scale, at least.
A couple of years back, I was wondering how insider trading could be ‘institutionalized’ (by a hypothetical Indian Prof. Moriarty, if you will) and scaled up. I sat down and ‘designed’ a suitable mechanism. To my delight, I found the scheme eminently workable, and reasonably watertight. And more importantly, it could be implemented with simple technology that is widely available.
I then put on another hat (that of an investigator or SEBI), and began looking at how one would go about discovering and unraveling the insider trading scheme once it was implemented. Clearly, that would require sifting through tons of stock market data, and possibly the use of analytics.
Once I had both ends of the scheme figured out, I built a murder mystery around it. That became Insider, the novel that Hachette has just released. If you do get to read it, please drop me a note. I’d like to hear what you think of the workability of the little scheme.
Elephant in the Room – Part 1
Here is a stunning statistic: banking fraud has grown eleven times faster than banks’ profits have. PSU banks saw fraud grow at a CAGR of 102% between 2010 and 2013, when their profits grew at 9%.
One may be tempted to think that this unprecedented malaise must be due to across-the-board vulnerabilities in banks. It is not. Banks have contained certain kinds of fraud very well, but have been spectacularly unsuccessful in dealing with some others.
Shareholder wealth eroded
Disaggregated data on frauds for individual banks is not easily available. However, a recent article by S Pai and M Venkatesh, which was based on RTI data, offers an interesting insight. When their information is combined with IBA’s bank performance data, the impact of fraud becomes visibly shocking (see chart below).
One bank has lost more to fraud than its entire profit. Even the country’s largest bank lost a large chunk of its profits to fraud. The banks in between, which are smaller and earn less, have fared worse. But are these banks representative of the banking sector? Or, are they just outliers that make sensational news? What then is the situation in the sector as a whole?
Combining data from RBI and IBA shows that frauds in PSU banks as a whole stood at 12% of their combined profits in 2013. In any company, the management would be willing to go to great lengths to bring 12% additional profitability. Surely, there is a case for banks to look at frauds seriously?
Projecting the impact of this malaise further, we find that effective fraud management could potentially add a whopping Rs 52,000 crores to shareholder wealth. To put it in perspective, that’s more than the GDPs of 40% of India’s states! This is most likely an underestimate, as the market would reward increased diligence with a higher PE ratio.
Further, bear in mind that RBI’s data includes only reported frauds. Even if we assume that all detected frauds were reported, these figures do not include undetected frauds. Nor does it include incidents that are under investigation, or have not yet been declared fraudulent. Bringing all frauds into the equation would only paint a darker picture.
The elephant in the room
But what kind of frauds are we talking about? Bring up the topic of fraud, and what gets spoken about are phishing, credit card misuse, account hacking, and online/ATM frauds – i.e. technology related frauds. With billions of automated transactions taking place every month, it is not humanly possible to monitor such volumes. Banks therefore turn to technology for a solution, and rightly so.
Software vendors have taken note of this. They offer real time fraud detection tools for online banking, sophisticated pattern recognition algorithms, and a whole range of software products to combat technology fraud. This is indeed welcome, as we need these tools.
To be fair, we have not done badly in mitigating technology fraud risk. In some ways, online credit card transactions are safer in India than elsewhere. The additional authentication factor of sending an OTP to the customer’s mobile phone, for instance, has made online transactions considerably safer in India. This additional authentication factor is missing in many countries. If an overseas merchant’s website is hacked, tens of thousands of customers are immediately at risk.
But in all this discussion, we are missing the elephant in the room.
While technology related frauds account for a whopping 98% of the fraud cases reported, they contribute to a mere 2% of the value. The real elephant in the room is what RBI calls ‘advance related frauds’ – i.e. fraudulent loans.
Between 2010 and 2013, we had 1.12 lakh cases of technology fraud adding up to Rs. 357 crore, whereas a mere 2,760 cases of loan fraud set the sector back by a staggering Rs. 16,690 crore. The loan fraudster is enjoying an unprecedented run.
Technology fraud, on which we focus much of our attention, is now a relative fleabite. It is so because of the attention it has received. Banks have waged war on technology fraud, and have succeeded. But in focussing on technology, we have neglected another vulnerable area – loans. It is in the loans and advances business of banks that the fraudster now stalks.
This disparity between the two kinds of frauds is a result of two things. Firstly, the supply base of tools for fighting technology fraud is well developed. Unfortunately, this is not the case with loan frauds – there are few software products that banks can buy off the shelf. Secondly, the human element (along with the vagaries and moral hazards that come with it) is considerably larger with loan frauds, and the fraudster is seldom alone.
Conclusion
Technology fraudsters are like mosquitoes – they come into your house through windows and cracks, but their damage is limited. But the loan fraudster is a burglar – he breaks in through the back door and makes off with the family silver.
The banking sector has done well in mitigating the technology fraud risk, but hasn’t done enough on the loans front. This has left residual vulnerability in the system that fraudsters have exploited. It is to this that the sector must now turn its attention.
This dire need is underlined by a glance back at RBI’s data. While loan related frauds grew at an astonishing CAGR of 87%, technology frauds have been almost static with a mere 2% growth. Besides, a typical loan fraud is a thousand times larger than a technology fraud.
Tackling loan frauds will be a lot tougher than combating technology frauds. Issues of governance, collusion, negligence and a host of moral hazards will need to be addressed. Software packages that are so effective in mitigating technology fraud risk may be of limited assistance. Further, an unprecedented level of cooperation between banks will be called for.
Part 1 of this article has attempted to make the case for banks to turn the spotlight on loan frauds. Part 2 will discuss what they and the RBI must do to combat this malaise.
Detective fiction set in India - corporate & domestic 