How to avoid another PMC

How to avoid another PMC

Reading the happenings in PMC Bank, I would like to suggest essential controls that need to be introduced by RBI to avoid repetition. These suggestions would be of help to other Banks as well.

I am a CISA (Certified Information Systems Auditor) from ISACA, USA & B COM, ACA with 35+ years experience in Europe, India & Middle East in the field of Risk Management, Chief Information Officer, Financial Controller & Chief Internal Auditor.

I proceed to list the points which are only indicative and not exhaustive.

1. Fully computerized accounting systems (understand that PMC had some manual systems)

2. Clear Organisation Charts based upon Authority and Responsibilities of each position - from Chairman to the peon

3. Ensure no conflict of interests in functionalities in 2 above

4. Documented Policies and Procedures, uploaded on the intranet and documented confirmations within the System from employees that they have read and understood

5. Employees’ access rights to perform duties to be granted only after they confirm that the Policies and Procedures are read and understood. Changes to the Policies and Procedures to be intimated within the System only. Confirmations to be obtained from relevant employees within the System. Same process to be followed when employees are transferred and/or assigned new position

6. External Auditor to be appointed by RBI. Fees to be decided based on a formula and should be paid by RBI based on Shareholder's nod

7. Intelligent systems, ie policies & procedures to be built in the system with real time monitoring, real time alerts, alerts to relevant Officials based on organisation chart and severity. For example, a rule such as value of loan to a single borrower not to exceed 2% of available funds, to be built in the system. System to block any excess approvals and if exceptions are permitted,  real time alerts to be sent to concerned (including RBI, Auditors, etc.)

8. Written declaration from all employees and Directors to provide list of related parties. The same to be entered into the system so that any dealings with them are subjected to relevant scrutiny. Employees to inform any changes immediately

9. Maker checker controls built in the system

Etc, etc ….

By studying and implementing controls in PMC, the same could be applied to ALL Banks. RBI could start the process simultaneously in all Banks. This approach would help in speedier implementation as in any case it is a long drawn process.

The process and speed for reigning in all Banks has become urgent. I submit that many of the suggestions might have been already implemented, but having worked in large organisations, my experience tells me that even if a particular control has been implemented, it needs constant review and upgradation due to several reasons. Non updation gives rise to loopholes – many times with disastrous consequences.

RBI needs to start it’s act urgently to save itself from being called Reasons Bank of India.