Public sector banks are aggressively reaching out to the top four audit and accounting firms, known as the Big Four, to get their systems risk assessed in the wake of the fraud at Punjab National Bank. While the tendency at nationalised banks has been to stay away from broadening forensic data analysis capabilities beyond traditional anti-fraud and compliance, they are now going in for a scale-up of risk management capabilities, experts said.
Experts in the Big Four said they have tried reaching out to nationalised banks including PNB in the past, but faced rigidity of approach when convincing bank officials of possible anomalies in the systems. The PSUs are restricted by either budgetary constraints, a mindset for keeping control physical and not fixing responsibility for compliance.
Now, four public sector banks linked to the PNB fraud crisis have enquired with KPMG to enlist their audit and advisory services in this week alone. The banks are same entities which have featured in the ongoing crisis set off by the PNB scam. “What these banks need is an immediate assessment of their exposure to this incident (PNB) and transactions related to the same. They also need on an urgent basis anti-fraud mechanisms to counter trade based laundering and transactions, a major area of concern in the public sector banks,” Mohit Bahl, head-forensic services, KPMG (India), said.
The PNB had invited a Request for Proposal (RFP) to carry out the forensic auditing of their systems in 2016, but didn’t want to spend more than ₹15 lakh for the work. Most of the Big Four had opted to not participate because of this, experts said. “With that budgetary benchmark, risk assessment could only be done for the sake of doing. In the past, when we reached out to PNB, they weren’t forthcoming in enlisting our services. But then, which public sector bank has done that? Now, they are waking up to this reality and making enquiries with us,” a forensic expert from PricewaterhouseCoopers (PwC), who did not wish to be quoted, said.
Security experts who have digital forensic testing for the public sector banks said these banks have far too much lethargy in decision-making, and suffer from general fatigue. “The risk officer at a public sector bank is convinced he will not be thrown out if something goes wrong in the system. Such officials want to keep control physical and are generally averse to technological changes. On the other hand, banking worldwide doesn't work without tech interfaces, data analytics and sophisticated IT controls,” said Sachin Dedhia of Skynet Secure Solutions, which does digital forensic testing for public sector banks in Mumbai.
