De-risk your corporate bank account from frauds
The Hindu Business Line
Partner, Fraud Investigation and Dispute Services
Ernst & Young
In the last few years several frauds have been reported across sectors in India, be it technology, banking, retail or infrastructure. One common thread was the misuse of bank accounts to perpetrate fraud. In spite of the awareness generated by reports of large frauds in the recent past, we continue to witness an increase in the use of bank accounts to perpetrate frauds.
The frauds range from embezzlement of cash to misrepresentation of the revenue of a company. Bank confirmations and statements are being fudged more frequently, sometimes in connivance with the bank staff as well.
Any large-scale fraud involving siphoning of funds either by management or employees cannot be perpetrated without the misuse of the company’s bank accounts. Here are some recent case studies:
A mid-sized company had to inform its employees that they would not receive their salaries on time as an employee had siphoned out funds from the company account by fudging emails/ approvals pertaining to bonus/ adhoc payments.
An employee at a branch of a multinational bank transferred funds to his personal bank accounts by creating fictitious entries in foreign exchange gain or loss account
The CEO of a company inflated sales through round tripping. Funds transferred against fictitious capital and other purchases were repatriated back into the company as receipts towards fictitious sales.
The fraud scheme was implemented by opening two additional bank accounts that were not reflected in the company’s books.
An employee of a large technology company siphoned out more than Rs 20 crore by transferring funds from the company’s bank account to his personal account
The administration head of a retail organisation transferred funds from the company account to accounts opened in the name of fictitious vendors. In a few instances, the funds that were transferred directly to his personal bank account also went undetected by the company
In all the above cases, a deeper study of the modus operandi indicates that the fraud scheme could have been unravelled much earlier had there been adequate oversight on the use of the bank accounts.
Here are some reasons why companies/ auditors (internal/ external) fail in the timely detection of frauds.
Lack of segregation of duties, as well as rotation of duties in the banking and treasury functions;
Frequent sharing of passwords, defeating the utility of maker-checker controls;
Bank reconciliation is not performed/ reviewed appropriately for all accounts, including inactive accounts;
For most organisations, the high volume of transactions in bank accounts proves a deterrence in carrying out thorough checks;
In several cases, banks do not provide the exact payee details in the bank statement (soft/ hard copy), making it near-impossible for a company to carry out adequate payee checks (books vs. bank statements);
Auditors rely on the copy of bank statement provided by the company and do not obtain it directly from the bank/ Internet;
The way most audits are planned, a vertical review (area-wise) is carried out instead of a horizontal review (end-to-end transaction). The transaction as a whole is not visible;
The practice of reviewing all bank statements together for a defined period in order to identify round tripping of funds to show higher sales is almost extinct;
Internal controls and audit procedures are well known to fraudsters and are predictable
In conclusion, any large-scale misappropriation of funds, whether perpetrated by employees or by the senior management, would invariably involve misuse of bank accounts. A robust bank reconciliation process coupled with forensic data analytics on bank accounts to identify unusual transactions would help audit committees, management and auditors in the prevention and timely detection of large frauds.