Here is a stunning statistic: banking fraud has grown eleven times faster than banks’ profits have. PSU banks saw fraud grow at a CAGR of 102% between 2010 and 2013, when their profits grew at 9%.

One may be tempted to think that this unprecedented malaise must be due to across-the-board vulnerabilities in banks. It is not. Banks have contained certain kinds of fraud very well, but have been spectacularly unsuccessful in dealing with some others.

Shareholder wealth eroded

Disaggregated data on frauds for individual banks is not easily available. However, a recent article by S Pai and M Venkatesh, which was based on RTI data, offers an interesting insight. When their information is combined with IBA’s bank performance data, the impact of fraud becomes visibly shocking (see chart below).

One bank has lost more to fraud than its entire profit. Even the country’s largest bank lost a large chunk of its profits to fraud. The banks in between, which are smaller and earn less, have fared worse. But are these banks representative of the banking sector? Or, are they just outliers that make sensational news? What then is the situation in the sector as a whole?

Combining data from RBI and IBA shows that frauds in PSU banks as a whole stood at 12% of their combined profits in 2013. In any company, the management would be willing to go to great lengths to bring 12% additional profitability. Surely, there is a case for banks to look at frauds seriously?

Projecting the impact of this malaise further, we find that effective fraud management could potentially add a whopping Rs 52,000 crores to shareholder wealth. To put it in perspective, that’s more than the GDPs of 40% of India’s states! This is most likely an underestimate, as the market would reward increased diligence with a higher PE ratio.

Further, bear in mind that RBI’s data includes only reported frauds. Even if we assume that all detected frauds were reported, these figures do not include undetected frauds. Nor does it include incidents that are under investigation, or have not yet been declared fraudulent. Bringing all frauds into the equation would only paint a darker picture.

The elephant in the room

But what kind of frauds are we talking about? Bring up the topic of fraud, and what gets spoken about are phishing, credit card misuse, account hacking, and online/ATM frauds – i.e. technology related frauds. With billions of automated transactions taking place every month, it is not humanly possible to monitor such volumes. Banks therefore turn to technology for a solution, and rightly so.

Software vendors have taken note of this. They offer real time fraud detection tools for online banking, sophisticated pattern recognition algorithms, and a whole range of software products to combat technology fraud. This is indeed welcome, as we need these tools.

To be fair, we have not done badly in mitigating technology fraud risk. In some ways, online credit card transactions are safer in India than elsewhere. The additional authentication factor of sending an OTP to the customer’s mobile phone, for instance, has made online transactions considerably safer in India. This additional authentication factor is missing in many countries. If an overseas merchant’s website is hacked, tens of thousands of customers are immediately at risk.

But in all this discussion, we are missing the elephant in the room.

While technology related frauds account for a whopping 98% of the fraud cases reported, they contribute to a mere 2% of the value. The real elephant in the room is what RBI calls ‘advance related frauds’ – i.e. fraudulent loans.

Between 2010 and 2013, we had 1.12 lakh cases of technology fraud adding up to Rs. 357 crore, whereas a mere 2,760 cases of loan fraud set the sector back by a staggering Rs. 16,690 crore. The loan fraudster is enjoying an unprecedented run.

Technology fraud, on which we focus much of our attention, is now a relative fleabite. It is so because of the attention it has received. Banks have waged war on technology fraud, and have succeeded. But in focussing on technology, we have neglected another vulnerable area – loans. It is in the loans and advances business of banks that the fraudster now stalks.

This disparity between the two kinds of frauds is a result of two things. Firstly, the supply base of tools for fighting technology fraud is well developed. Unfortunately, this is not the case with loan frauds – there are few software products that banks can buy off the shelf. Secondly, the human element (along with the vagaries and moral hazards that come with it) is considerably larger with loan frauds, and the fraudster is seldom alone.

Conclusion

Technology fraudsters are like mosquitoes – they come into your house through windows and cracks, but their damage is limited. But the loan fraudster is a burglar – he breaks in through the back door and makes off with the family silver.

The banking sector has done well in mitigating the technology fraud risk, but hasn’t done enough on the loans front. This has left residual vulnerability in the system that fraudsters have exploited. It is to this that the sector must now turn its attention.

This dire need is underlined by a glance back at RBI’s data. While loan related frauds grew at an astonishing CAGR of 87%, technology frauds have been almost static with a mere 2% growth. Besides, a typical loan fraud is a thousand times larger than a technology fraud.

Tackling loan frauds will be a lot tougher than combating technology frauds. Issues of governance, collusion, negligence and a host of moral hazards will need to be addressed. Software packages that are so effective in mitigating technology fraud risk may be of limited assistance. Further, an unprecedented level of cooperation between banks will be called for.

Part 1 of this article has attempted to make the case for banks to turn the spotlight on loan frauds. Part 2 will discuss what they and the RBI must do to combat this malaise.

Elephant in the Room – Part II