Banks, frauds and stakeholders

Driven by my passion as a former banker with 24 years of local and global banking exposure and deeply concerned by the recent frauds in the Sri Lankan banking sector, I was compelled to write this article under “My View” to elaborate on the causes of such frauds. This article is therefore structured around four major stakeholders: the banks themselves, regulators, auditors, and customers.

Banks in the wrong direction

Long ago, credit was granted purely based on an assessment of “repayment capacity.” The ability to repay a loan or lease was the key criterion, in addition to many other prerequisites. However, today, this fundamental principle has dramatically shifted towards “target-oriented credit”. This negative paradigm shift, driven by an unending desire to earn “supernormal” profits and to attain industry “supremacy,” has not only undermined but significantly deteriorated the standards of the banking industry and the credit quality.

Secondly, a closer scrutiny of banks reveals that almost all banks operate with 08-10 IT systems that function in silos and lack integration. Consequently, such disintegrated systems lead to weak controls, namely protective, detective, and corrective mechanisms. Reconciliation of entries across these fragmented systems becomes a nightmare. Paradoxically, despite this fragmentation, banks are aggressively pushing customers toward e-banking and mobile applications to conduct transactions, primarily to reduce costs and gain competitive advantage. However, true competitive advantage and distinctive competence can only be achieved through well-integrated and sophisticated systems, not through fragmented solutions. With such levels of system disintegration, the effectiveness of firewalls, data encryption (SSL/TLS), and other security measures may also be compromised.

Thirdly, many banks are directly or indirectly controlled by tycoons. According to David McClelland, such individuals fall into the “Need for Achievement” (N’Ach) category. Tycoons typically possess a strong psychological drive to maximise wealth or accomplishments. This is precisely where so-called professional boards and corporate management teams must exercise managerial independence, managerial hegemony and cultivate the ability to say “no” without explicitly saying “no.” Several banks are currently facing challenges due to their inability to do so.

Local banks are primarily engaged in retail banking and operate extensive branch networks, often exceeding 200–300 branches. In such environments, ground-level experience is essential for understanding operational realities, practical difficulties and making informed decisions at the apex level. However, when individuals are parachuted into apex positions from unrelated industries due to “connections” rather than “competence,” it demotivates experienced ground-level managers. This often leads to poor decision-making and encourages capable middle managers to seek better opportunities locally or globally.

Another emerging trend over the past 4–5 years is the recruitment of interns who are burdened with significant responsibilities with no experience in an attempt to reduce costs. As a result, middle management and executives are increasingly under pressure. While cost reduction is necessary, it must not come at the expense of quality. A critical question arises: has any CEO or CFO in a bank conducted a value chain analysis in the past three years to identify cost reduction opportunities while adding value? The answer, in most cases, would be no.

Finally, many audit departments have been downsized as a cost-reduction measure. However, with the introduction of e-banking and Internet of Things (IoT)-based banking activities, have banks recruited forensic auditors to strengthen their internal audit teams? Forensic auditing is now a vital sub-discipline that integrates traditional financial auditing with digital systems, specialised hardware, cybersecurity frameworks, and cloud-based platforms. The development and growth of any industry rely on four determinants: factor endowments, demand creation, related and supporting industries, and well-formulated strategies. Banking and Finance industries are no exception. Unfortunately, most of these determinants are currently lacking in the banking sector. Therefore, strong hardware support, audit support, system integration, and knowledge-based capabilities are urgently needed.

Regulators’ perspective

Regulators can be categorised primarily into two bodies for the finance industry. The Central Bank of Sri Lanka (CBSL), often referred to as the “bankers’ banker,” and the Securities Exchange Commission (SEC). SEC is the Government regulatory body responsible for protecting investors and ensuring the integrity of the market. 

CBSL must exercise heightened vigilance, particularly in an environment where competition for banking supremacy is increasingly intense. Under the current economic and geopolitical uncertainties, aggressive competition is both unethical and risky. CBSL should go beyond routine oversight and critically examine key areas, including outstanding balances, various types of suspense accounts, corresponding non-performing asset (NPA) portfolios, and whether these figures are reasonable and aligned. It should also verify whether monthly reconciliations of suspense accounts are performed and whether impairments comply with CBSL guidelines.

From a strategic standpoint, CBSL could collaborate with institutions such as the World Bank to implement a unified core banking system across all banks—either through structured financing arrangements or as part of a broader technical intervention. This is where even the Government can strategically and technically intervene through budgetary allocations. Such a system would enable centralised monitoring, similar to how multinational corporations oversee global operations across many continents. Any irregularities or manipulations at the bank level would automatically trigger alerts at CBSL. Illegal and dubious inward and outward remittances can also be monitored by the CBSL through such a system centrally. 

In addition to banks, CBSL must also pay close attention to finance companies. The growth of finance companies has far outpaced other economic indicators. In my view, these institutions have been significant contributors to the erosion of foreign exchange reserves, particularly through vehicle imports, which impose multiple negative impacts on the economy and the foreign exchange reserves (forex). The repercussions of recent vehicle imports are now evident.

From a proactive perspective, CBSL should take decisive action to regulate or phase out Registered Finance Leasing Establishments (which do not accept customer deposits), rural money lenders, and unauthorised cheque discounting agents. It is my sincere hope as a strategist, that the proposed Finance and Business Act (FBA) will incorporate these elements to streamline the financial sector in Sri Lanka. Much like administering vaccines to a child at the right time, despite temporary discomfort and agonies, timely regulatory action is necessary to prevent severe long-term financial consequences.

Regarding the SEC, large volumes of funds are often routed through the Colombo Stock Exchange (CSE), particularly in bank share transactions. Both SEC and CBSL must carefully monitor the source of funds, beneficial ownership (BO), ultimate business beneficiary (UBB) and ultimate business ownership (UBO) of such transactions. Liquidity constraints should never justify accepting large, unexplained deposits. Finance companies and the stock market must not serve as channels for money laundering, including placement and layering of illicit funds.

I am also of the view that the SEC, as the apex authority, should introduce limits on the number of clients handled by audit firms to ensure that their focus, responsibility, and accountability towards banks and listed companies are not diluted.

Auditors' role

External auditors have a critical role to play, not merely in certifying financial statements, but in ensuring the robustness and effectiveness of internal control systems within banks and finance companies.

Banks and Finance companies often employ various tactics to present a more favorable picture of NPAs. Therefore, auditors must be vigilant and discerning. A comprehensive audit extends beyond financial statements, mandatory disclosures and notes; it includes the Chairman’s Report, CEO’s report, sustainability disclosures, governance practices, HR reports, and other qualitative disclosures. For instance, do the auditors query about the rosy HR statement given in the annual report if the staff turnover of the bank / company is more than the industry norms, as these two are incompatible?  Higher number of voluntary disclosures reflects the social ethics and the personal ethics of the directors and the owners. Auditors bear the responsibility of ensuring that all these components are accurate and reliable.

How many audit firms have recruited forensic auditors capable of addressing emerging IoT-related risks? Do auditors challenge directors and BACs, given that the public has entrusted trillions of rupees as deposits to these banks and finance companies? Compared to regulators like CBSL, auditors are better positioned to identify irregularities due to their direct and quarterly engagement with financial records.

There is also a need for greater alignment between internal audit heads, Bank Audit Committees (BAC), and external auditors, ensuring a vertically integrated audit framework. Recent frauds and malpractices provide ample testimony for such weak vertical frameworks. Both banks and audit firms must expand their expertise to keep pace with evolving global landscapes trends by recruiting professionals going beyond their comfort zones of banking and financials respectively. For instance, during the hedging deal crisis in Sri Lanka, it was evident that global banks anticipated a drop in oil prices to around $50 per barrel, contrary to the popular impression of $200 per barrel at that time. These global banks relied on highly qualified experts, including PhDs in economics, to guide decision-making in complex areas such as commodities, futures, and derivatives. Such examples accentuate the importance of maintaining professionalism and inculcating specialised knowledge in the contemporary world.

Customers’ perspective

From the customers’ side, a degree of negligence also contributes to vulnerability. Many customers fail to safeguard their banking information.  For example, by sharing PINs or passwords with others. Some even use their primary mobile devices, which store sensitive financial data, for questionable or unsafe activities, thereby exposing themselves to fraud and cyberattacks.

Furthermore, the level of financial literacy in Sri Lanka remains relatively low. Awareness of financial security, foreign exchange transactions, and general banking practices is limited, except for a small segment of the population. In dealing with such financially vulnerable segments, banks, regulators, and auditors have an even greater responsibility, not only to react, but to anticipate risks, envisage probable scenarios and act proactively. This needs expertise, experience and knowledge. 

Conclusion

This article is penned with the sincere intention of safeguarding the interests of banks in SL, CBSL, auditors, and customers, while helping to mitigate and prevent further malpractice within the financial system.

(The author is a Senior Management Consultant at PIM and also a pracademic, strategist, company director, and former banker.)