Finance scandals: fix criminal liability

Summertime blues for Indian banks and IT services

sanjpandey

Sanjay Pandey | May 21, 2013



The month of May is very hot in most parts of India. This year, it has been unusually hot for the Indian banking and the IT services industry too. Leading Indian banks (ICICI Bank, HDFC Bank, AXIS Bank etc) exposed by Cobrapost have been accused of serious violations of norms. IT companies involved in card payment processing services (ElectraCard Services, Enstage Inc) have been in news for compromise of their systems leading to a $45 million theft from ATMs across 27 countries. This has raised alarm bells regarding adequacy of systemic controls in these industries. Their capability to prevent and respond to such incidents is under global scrutiny.

Preventing frauds and ensuring consumer protection has been the cornerstone of various policies mandated by RBI for the banks. They attempt to ensure that customers are correctly identified through ‘know your customer’ (KYC), the permanent account number (PAN) quoted is not fictitious and customer accounts are genuine. Compliance audits are conducted at regular intervals to make sure that these guidelines are followed.

Similarly, the IT industry, though it lacks any regulatory control, has been observing client-mandated policies. Certifications like ISO 27001 and PCI DSS are now quite normal for Indian IT companies, which provide IT services to clients.

In spite of these precautionary measures, violations are rampant. The problem lies in implementation and enforcement of established policies.

Implementation, more often than not, is mainly done for compliance purposes. Once the audits are over, normal ways of doing business returns.

Enforcements are weak. Punishments for violations, if any, in banking are mostly pecuniary in nature.  The IT industry, shockingly, doesn’t even face this minimal pecuniary threat as it is under no regulatory control. 

No wonder then that the banks named in the Cobrapost expose allegedly indulged in serious malpractices without any apparent fear. They violated KYC norms, used fictitious PAN cards and helped customers open fictitious NRO accounts. The IT services companies mentioned above, on the other hand, had their systems compromised by criminals for reported intercontinental theft using cloned debit cards of RAK Bank of Dubai and National Bank of Muscat. 

If this kind of scenario has to stop, our response to these incidents needs to be much stronger. It is common knowledge that if a person forges a signature or presents a false document for an anticipated gain, he is charged with forgery under the Indian penal code (IPC). In the present case, banks which have been found allegedly helping customers open fictitious accounts based on forged or false documents are yet to be similarly charged. 

Similarly, the Indian IT companies whose systems were compromised and led to hackers changing withdrawal limits on debit cards of banks, cannot be considered as unfortunate victims. They were entrusted the work of processing payments by these banks. It was for them to ensure safety and security of transactions. This trust reposed on these companies has been violated due to the alleged hacking of their systems. While the banks have gone on record stating that they will try every measure to recover the money, there is nothing which is being considered to fix the criminal responsibility of the companies involved in such a major cross-border crime.

Fortunately, in order to strengthen the response we don’t need to look far. Provisions of the IPC are sufficient to deal with forgery, cheating and criminal conspiracy. In case of any future event of a similar nature, penal sections of IPC can be applied. Along with this, shifting the burden of proof of innocence on the accused institutions or companies will make the response even more effective.

Hence, slight changes in the system along with effective enforcement will ensure that the Indian banking systems are not exposed and the IT services sector doesn’t face such credibility issues. Response to incidents which eventually lead to wrongful loss to somebody and wrongful gain to somebody else is a criminal offence and has to be dealt with as per the provisions of criminal law. Effective steps to establish criminal liability in these recent cases will make sure these industries don’t face such rough weather in future.

Comments

 

Other News

Centre intensifies preparedness as El Niño threat looms

Amid uncertainty in the southwest monsoon due to the potential impact of El Niño, the government is addressing the situation with comprehensive preparedness, a clear strategy, and strong ground-level action. While challenges remain, the entire system has been activated in advance and is working proa

India is crossing a climate threshold

On June 28, Delhi recorded a maximum temperature of 41.3°C, four degrees above the seasonal normal. But the “feels like” temperature, which factors in humidity, showed more than 51°C. What the body experienced was very different from what the thermometer recorded.  India`

The Geography of India’s inflation

India today finds itself in an unusual position. At a time when geopolitical conflicts, trade fragmentation, and supply-chain disruptions are reshaping the global economy, the country`s macroeconomic fundamentals remain relatively upwards. Growth remains among the highest in the world, inflation has larg

How to listen to the great storytellers that the trees are

The Trees of My Country: A Natural History of India in 50 Trees By T. R. Shankar Raman, with illustrations by Manali Patil Aleph Book Company, 284 pages, Rs 1,499  

This tree in Bihar turns out to be the oldest accurately dated banyan

A banyan tree in Munger, Bihar, estimated to be around 700 years old, has been identified as the oldest accurately dated banyan tree, Ficus benghalensis, using radiocarbon dating, a method that relies exclusively on scientific evidence rather than historical records or local lore. Banyan

Corporate Governance 3.0: What the boardroom of 2030 will look like

The phrase "corporate governance" often evokes images of board meetings, compliance checklists, and regulatory filings. For years, governance was viewed primarily as a mechanism to prevent fraud, protect minority shareholders, and ensure regulatory compliance. However, the events of the last deca





Archives

Current Issue

Opinion

Facebook Twitter Google Plus Linkedin Subscribe Newsletter

Twitter