Absence of a true system can lead to issues that banks face today, feels Deepak Bhawnani, CEO, Alea Consulting, which specializes in reputation risk and corporate investigation
Mohan: What is integrity due diligence and its relevance in the banking and financial services sector?
Deepak Bhawnani: There are various types of due diligence exercises conducted prior to a business association. The three key ones are legal, financial and integrity. All three encompass a comprehensive assessment of the potential business partner or lender. Integrity due diligence focuses on reputation risks and entails investigating information regarding regulatory compliance, source of funds, corporate governance, political exposure, sanctions and blacklists, i.e. issues that, by association, can adversely impact the financial institution’s brand integrity.An integrity due diligence is imperative to the BFSI sector. One main reason ascribed to accumulation of bad loans is lack of adequate due diligence.
Do you think the concept has caught the attention of the Indian bankers?
In private sector banks, certainly. I cannot, however, say the same for public sector banks.
Is customer due diligence a norm in good banking practices? Is not KYC sufficient?
A cookie-cutter approach to KYC does not suffice to identify risks of money laundering or terrorist financing. While an enhanced KYC may not be necessary for all clients, there should be a mechanism to trigger such checks automatically for the high-exposure customers. Currently, the process is seen as a one-time exercise, ie, during the client on-boarding stage. Clients should be subject to an enhanced KYC each time the financial exposure rises above a threshold. Customer due diligence should be an essential practice in banks to protect them from regulatory fines, loss of funds and their reputation.
Other areas where banks should undertake due diligence exercises to ward off possible risks?
One major area to consider is a background screening of bank employees holding sensitive roles and managers with high limit approval authority. The ongoing PNB scam worth over US$2 billion divulged collusion and involvement of various bank employees for over 8 years. The employees have been found to be part of yet another scam duping the bank. Many of the guilty have now been arrested, along with employees of the companies receiving the funds.
Validation and valuation of collateral, ie, assets of the promoters and guarantors prior to disbursement of high-ticket loans should be a core part of the due diligence.
Random and frequent screening is required for red flag checks. Prior to disbursement of loans, there must be checks for related parties, auditor independence and other conflicts.
Indian banks are facing an unprecedented NPA burden. Could this have been avoided had the banks adopted scientific due diligence programs?
In addition to regulatory forbearance, the Rs10 trillion NPA stresses in India can be attributed to lacunae in the due diligence and appraisal process prior to loan disbursement. Limited audit scope and relationship manager monitoring of an account post-sanction contributes to the losses. RBI has stipulated a Central Fraud Registry (CFR) for banks for early detection of frauds and mitigate risks. However, the bank scams indicate that either the database was insubstantial or not reviewed properly. Robust risk management practices and audits to review implementation would have certainly mitigated losses by providing an early warning.
Has consortium lending by Indian banks aggravated NPA stress?
Though the RBI has mandated due diligence in consortium lending, banks have been reluctant. In a scenario of consortium lending, banks usually accept the due diligence carried out by the leader and do not put any effort as part of the association. Another concern would be instances of banks asking borrowers to provide due diligence reports, instead of following the RBI mandate. Such checks must be independent, confidential and the sole responsibility of the lending bank.
The recent Canara Bank scam highlights how the banks in a consortium work in isolation and not share red flags. Incidentally, the RBI in a report has blamed conflict of interest among the consortium members as a major reason for piling up of bad loans.
Do you think successful corporate entities have formalized the due diligence programs? What, according to you, is the awareness about this in the banking and financial services sector?
Most, if not all, private equity funds will conduct some level of due diligence on a potential investor. Some focus on the individuals, while others on the organization.
Banks have largely been reactive, ie, investigate to recover – and this is what needs to change. A proactive approach would have limited exposure in the long run.
The recent RBI notification to banks, to weekly report identification of incipient stress of borrowers (with aggregate exposure of Rs50 million and above), to the Central Repository of Information on Large Credits is laudable.
In a bank or a financial services institution, ideally, who should have the responsibility for carrying out reputational due diligence?
The structure exists, ie, the Chief Risk Officer, Chief Security Officer, or Chief Vigilance Officer associated with the financial institution. Any of these officers can be given the mandate and budget to initiate reputational due diligence process. The report should then be reviewed by an internal ‘Green Light Committee’ before making the final decision.
Your word on importance of safeguarding brand value to ward off reputational risk?
Global capital only comes to those countries, to accelerate growth, where there is a stable government, strong currency, reliable banking and robust legal system with recourse. The image and respect of PSU and private banks has an impact on both the quantity and quality of money that comes into the country.
Finally, what is the future of due diligence in the banking industry?
What needs to be made clear across the banking industry is that filling a compliance form does not constitute a due diligence. Independent profiling and checking against a whole host of regulatory compliance, enforcement, PEP, litigation and other databases – of the entity and its directors and shareholders – is what should be a mandatory part of the approval process.
Don’t lend to the unknown. Trust, but Verify!