RBI to keep auditors on a tight leash: Would PNB scam have transpired if regulator learnt lessons from 2009’s Satyam fraud?

Why did the RBI wait for a series of bank scams to transpire before coming up with the idea of tighter auditor supervision? The Reserve Bank of India (RBI) has said it will take punitive action against auditors, particularly after a series of bank frauds surfaced in the recent past, mainly at vulnerable state-run banks. Going by a new RBI circular titled 'Enforcement action framework in respect of statutory auditors (SAs) for lapses in the statutory audit of commercial banks', the RBI says wrongdoers will be met with punitive action such as being debarred from conducting business with banks. "To improve audit quality and bring about a transparent mechanism to examine the accountability of SAs in a consistent manner, it has been decided to put in place a graded enforcement action framework to enable appropriate action by the RBI in respect of the banks SAs for any lapses observed in conducting a statutory audit," the central bank said. The RBI action on auditors is long overdue but here is the question. Why did the central bank wait for a series of bank scams to materialise over years before coming up with the idea of tighter auditor supervision? The problems with auditing standards in India and the collusion with companies to hide real facts from public isn’t a new thing. Everyone knew about this nexus. There have been instances like the infamous Satyam fraud in 2009 where auditor, PwC, was pulled up for alleged rule violations, compelling market regulator SEBI to announce a two-year ban early this year. This showed that auditors, in some way, were party to the fraud with Satyam’s B Ramalinga Raju. Instances such as Satyam and several others should have served as an eye-opener to the RBI, about the need for strict regulation on auditing standards. There is no strict regulation for auditors apart from the Institute of Chartered Accountants of India (ICAI) which, at best, acts as a self-regulatory body of accountants or a quasi-regulator. Over the years, the RBI’s light touch on auditors has cost the banking industry dearly, as empirical evidence has already shown. Take the Punjab National Bank (PNB) fraud for example. The fraud began in 2011 and went on for a good six years. In hindsight, it is evident that various audits (concurrent and statutory) failed miserably, both at the branch level and at the bank level, to identify the fraud allegedly perpetrated by fugitive diamantaire Nirav Modi, using fake letters of undertaking (LoUs). PNB auditors were either sitting ducks or colluded with Modi -- The lender conducts a concurrent audit through the year and such a fraud should have reflected there. PNB miserably failed to follow the rule book that could have prevented the fraud. The RBI too failed to identify the scam despite having all systems in place. Had the RBI learnt lessons from the Satyam fraud, which made the news in 2009, and effected a necessary course correction on the auditing process for the banking sector (like it has done now), the uncle-nephew duo could have been stopped from reportedly executing India’s biggest bank fraud. But, the regulator remained blissfully unaware of the problems. For sure, the RBI has done a commendable job in managing systemic risks by ring-fencing the Indian banking system during the 2008 financial crisis, something that is well appreciated the worldover. But, the central bank’s inability to act in advance on flawed auditing and surveillance systems in the banking sector raised questions on its ability to ensure risk management tools are working well. In fact, a few former members of the RBI top brass have already flagged this issue. In an interview to Firstpost in February this year, former RBI deputy governor KC Chakrabarty said the Indian banking system did not have proper risk management systems in place. “In many cases, the audit is bogus. Whatever the branch manager wants, that will be in the audit. We have not made anyone accountable, hence such frauds happen. Audit has to be risk-based. Whatever statement the branch manager prepares, the auditor follows. This needs to change,” Chakrabarty said. That sums up a major problem in India’s crisis-ridden banking industry.