The recent massive fraud at the Bank of Baroda (BoB), thoroughly investigated and reported by The Reporters’ Collective (TRC) and Al Jazeera, should raise serious concerns. The Reserve Bank of India (RBI) has reacted by banning the bank from using its World mobile app to onboard new clients.
However, the gravity of the situation demands more severe condemnation, as it represents an assault on customers’ trust in a bank, which is the bedrock of the banking industry.
In contrast, a recent employment lawsuit against Citibank which the bank won serves as a reminder of the expectations regarding honesty and integrity within the banking industry. The judge in this case acknowledged the possibility of a misunderstanding behind an expense claim but emphasized the obligation of the claimant to rectify the situation immediately.
The judge underscored the bank’s requirement for honesty from its employees, which is a basic expectation. The Financial Conduct Authority in the UK has even penalized banking executives for offenses such as not paying for train tickets.
What happened at BoB, a public sector bank where the government holds a 64 percent stake, constitutes a colossal failure of corporate governance norms. The size of the fraud, around Rs 22 lakhs, is almost trivial compared to the magnitude of this failure. Most of the affected accounts belonged to impoverished individuals, many of whom didn’t even own smartphones.
This wasn’t an isolated incident involving a few rogue employees. Senior management at BoB ordered the boosting of registrations on the app, which would have required the involvement of numerous personnel.
In an attempt to inflate numbers for their two-year-old digital app, the bank’s management allowed employees to sign up on behalf of unsuspecting customers using their own or others’ phone numbers, including those of friends, relatives, sanitation workers, and security staff.
Once registered, the customers would be removed from the app, and the same number would be used for the next customer. It continued until whistleblower complaints prompted an audit.
This practice had the potential to lead to a catastrophic failure, as it exposed customers to the risk of fraud. The individuals with the registered mobile numbers gained access to the accounts and could change online banking passwords, obtain new ATM cards, empty bank accounts, and more.
Incidents of digital fraud involving banks in India have been increasing, with the value and volume of digital frauds committed through cards and internet-based payment methods nearly doubling over the past year, according to the RBI’s FY23 annual report.
Predictably, when first approached for comments, BoB asserted it had “robust systems with the necessary controls in place.” However, it later admitted to the mistakes and instructed the relevant managers to take necessary action for recovery and restoration of the money in customer accounts.
In the United States, banks now face significant penalties for even minor transgressions related to customer data misuse and product mis-selling. For instance, the Consumer Financial Protection Bureau (CFPB) imposed a $37.5 million penalty on the US’s fifth-largest bank, U.S. Bank, for illegally accessing customers’ credit reports and opening accounts and products without customers’ permission.
Furthermore, Wells Fargo & Company and its subsidiary had to pay $3 billion to resolve criminal and civil liability for pressuring employees to meet unrealistic sales goals, resulting in millions of accounts and products being provided to customers under false pretenses or without consent.
Given the gravity of the situation at BoB, the RBI should not let the public sector bank off with a mere temporary ban on its app, especially when it has recently imposed substantial fines on private banks like Kotak Mahindra Bank and ICICI Bank. It is imperative that BoB faces severe consequences for this significant breach of trust and security.