Banking Fraud- where were the auditors?

The banking sector has seen NRB taking control over several problematic banks in past and recent times, including decisions of liquidation.  Conflicts within management, related party transactions and credit issues are increasingly coming into news which are the outcomes of ineffective control systems and poor corporate governance practices. Such poor practices have widespread affect and also provide ground for frauds by the employees and management or those charged with governance. Here we look at what will be the role of auditor in this regard.

The term “fraud” refers to an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. When the fraud involves one or more members of management or those charged with governance, it is termed as management fraud.

Banking Offense and Punishment Act 2064 has instead used the term ‘banking offense’ which is broad in definition, including instances of frauds.  The activities defined as offense is so comprehensive that it even includes third person who deals with the bank in any transactions, for e.g. if somebody provides falsified details to the bank while availing loan is doing an offence. So, offense or fraud (as auditor’s say) could be anything- like granting loan to a personally related party and then diverting the fund for own’s purpose, misuse of loan by the borrower in collusion with bank management and directors, other cases of fraudulent loans, falsification of loan applications and credit appraisals or even abuse of electronic cards etc.

The responsibility for preventing and detecting fraud rests with the directors. But whenever corporate governance problems or instances of banking fraud are identified, one of the first question asked is “How wasn’t it known earlier and where were the auditors?”

Bank auditors- responsibility without boundaries

Bank and Financial Institution Act 2063 requires the external auditor to separately report to NRB through its ‘Long form Audit Report’ on risk management systems and fraud identification, on the status of legal compliance and overall functioning of the bank and financial institution. Though the provisions are not explicitly concerned with fraud, these reporting widen the scope of auditor’s responsibility. The auditor should also disclose in its report to shareholders whether any staff or directors have acted fraudulently or have not acted in best interest of the bank.

The stringent reporting requirement for auditors of commercial banks is a globally accepted practice, however, the auditors in Nepalese context are more vulnerable to these practice, as the possible risk for an audit failure is not limited to financial liability or reputation risk but stretch towards exposure to high risk of facing legal charges even before being provided adequate opportunity to prove their point. This threat is always more serious in countries like ours where disciplinary proceedings and judiciary processes are lengthy and often not transparent, and where law enforcement authorities themselves lack good governance.

Should frauds be identified in normal audit?

The primary objective of an audit of a bank by an external auditor is to enable an independent auditor to express an opinion as to whether the published financial statements of the bank are prepared, in all material respects, in accordance with the identified financial reporting framework. The auditor should maintain an attitude of professional skepticism throughout the audit, recognizing the possibility that a material misstatement due to fraud could exist.

However, the auditor cannot be held responsible for not detecting frauds. Fraud may involve sophisticated and carefully organized schemes designed to conceal it, such as forgery, deliberate failure to record transactions, or intentional misrepresentations being made to the auditor. Such attempts at concealment may be even more difficult to detect when accompanied by collusion. Collusion may cause the auditor to believe that audit evidence is persuasive when it is, in fact, false.

The auditor is always concerned with fraud that causes a material misstatement in the financial statements. But the subsequent discovery of a material misstatement of the financial statements resulting from fraud does not, in and of itself, indicate a failure to comply with ISAs.

The two differing angles

Auditors do not make subjective judgments to identify frauds, nor do they make legal determinations of whether fraud has actually occurred. This is a principle accepted worldwide. Let’s understand it with an example.

Suppose the bank management has sold an NBA at a price lower than NBA value to a person without going through tender process to a related person of bank’s directors. But the auditor cannot go beyond the records available at the bank to identify whether the purchaser is related to management or directors. He can only indicate and identify the process loophole in the transaction and risk arising from such practices with a recommendation for the future. But in contrast to that NRB might have information and details with it to confirm that the purchaser is a close relative of one of the director and the NBA has been sold at lower price without tender process intentionally, thus terming it a fraud.

Auditors- Challenges and limitations

There are also certain limitations on what an auditor can verify.

• The reporting requirements involve plenty of subjective judgment and the understanding of the auditors and of NRB supervisors might differ at places.
• Banking Offense Act 2064 considers that providing loans to any close relatives of the person who have financial interest in the bank, e.g. promoter, director, shareholder or to CEO or employees is an offence. Close relatives is very widely defined in the Act and even includes separated family members. So, it can be impracticable for an auditor to verify these details and he might have to limit himself to obtaining a declaration from the management and the board regarding such compliance.
• A detailed audit of all transactions of a bank and forming an informed opinion in all the factors to be reported to NRB would not only be time-consuming and extremely expensive but also wholly impracticable.
• The audits are carried out at intervals and not continuously. So, it cannot be possible for an auditor at year end to carry out a complete evaluation of internal control and to monitor a bank’s compliance with all NRB rules.
• There is not transparency in selection of auditors by audit committee as the reasons for selecting an auditor or changing auditors before statutory period of three years is never disclosed. Legal provisions are taken more as formalities. So, a good relationship with promoters and bank management is often necessary for an audit assignment which in turn can affect auditor’s independence while disclosing all relevant matters to shareholders and NRB.
• Auditors even face resource constraint while audit of large banks because of low fee structure, for which they themselves are responsible. In AGM, Shareholders always make hue and cry on appointment and fee issues and management make it their excuse while considering fee request of auditors.

Though principally it is agreed that the auditor has a much more difficult role in detecting misstatements when fraud is involved, the risk is always there that the auditors are even made responsible for supervisory failures in identifying irregularities in bank and financial institutions. NRB in its own is able to exercise a more persuasive influence over banks in achieving stringent control system, strong corporate governance and fraud control measures because of its regulatory powers, which is not the case with auditors they can only monitor the actual application of such practices. So, it is for the auditors to come forward to make their perception of the responsibility towards fraud as perception of NRB and the other stakeholders at large.