Concurrent Audit of Banks mean verifying the transactions without any time gap.
That’s one of the most frequently heard term in context of bank audits.
Isn’t Banking system is crucial for survival of any economy?
The answer will be an obvious yes.
There is much need to place robust controls and check points for smooth functioning of those banks.
Concurrent Audit of Banks helps in attaining such objectives.
Before deep diving into the concept, we will try to understand the basics.
What is Concurrent Audit mean?
Concurrent Audit is a way of performing Audit simultaneously as and when the transaction happens.
Long form of Definition:
The word Concurrent means “happening or done at the same time”. Audit means verification of transactions, typically by an independent body.
A concurrent Audit is a systematic verification of financial transactions or activities at the time of happening or parallelly with occurrence of the transaction.
Concurrent Audit reduces the time gap between the happening of a transaction and its verification. It aims to prevent errors or fraudulent transactions by taking timely remedial actions.
Table of contents
- What is Concurrent Audit mean?
- How about an example?
- Which Entities require Concurrent Audits?
- Why more emphasis on Concurrent audits?
- Who Performs Concurrent Audits?
- How to Conduct Concurrent Audits?
- Cash Verification
- Is KYC Compliance a Mandate for Concurrent Audit of Bank?
- KYC Example:
- ATM/Debit Cards/Credit Cards
- Does Concurrent Audit benefits from verifying Dormant/Inoperative Accounts?
- Loans and Advances
- Does Concurrent Audit of Banks helps in finding Income Leakage?
How about an example?
Consider a transaction allowing a 9% Personal Loan of Rs.100 Crore to a customer by a Bank.
Assume that Bank has to undergo concurrent audits.
The concurrent Auditor must verify all the transactions happening in the Bank. The Bank’s headquarters define the audit’s scope.
Auditor noted that the interest charged (9%) is less than that stipulated by the bank policy of 10%. Early discovery of this resulted in saving interest amount to the Bank. So, the Auditor found out the income leakage of around Rs.1 Crore.
That’s a wow moment, right?
Which Entities require Concurrent Audits?
We often tend to correlate concurrent Audits with banks for various reasons such as regulatory compliance, its wide implementation in this sector etc. However, concurrent Audit is an audit methodology that can fit in any business sector.
The methods and examples in this post are applicable to the banking industry. We can implement those in other sectors as well. That’s because the design of concurrent audit scope is with the following fundamentals:
- Prevention and timely detection of serious irregularities or fraud
- Strengthening the Internal controls in place
- Identifying early warning signals (Like Multiple instances of Cheque bounces of a customer)
Why more emphasis on Concurrent audits?
Frauds or errors are one of the foremost reasons for considerable losses to banks, and this leads to more emphasis on establishing independent examination of financial transactions.
Fraud vs Errors
Intention is the distinguishing factor between these two. Frauds are nothing but a careful plan to deceive and gain an unfair advantage. Errors on other hand, are unintentional, and there is no objective of false representation. Below paras discusses these two intentions in detail.
The alarming rise in banking sector fraud resulted in more emphasis on concurrent audits. Also, RBI and other banks are increasing the scope of audits, and this adds more responsibilities to concurrent auditors.
As per RBI Annual Report, bank fraud increased to 74% in 2018-19. It resulted in a total fraud of Rs. 71,543 crores in 2018-19 as against Rs.41,167 crore in 2017-18.
Current Year Update
According to official data, the number of fraud cases in private as well as public sector banks dropped to 118 in FY22 from 265 in 2020-21.
Source: Live mint
PNB Scam: The bank initially said that two of its employees at the branch were involved in the scam, as the bank’s core banking system was bypassed when the corrupt employees issued LOUs to overseas branches of other Indian bank. Read the full article on the Wikipedia page.
It seems that bank employees tried to gain an unfair advantage with a false representation.
RBI has imposed a fine on seven public sector banks. The total fine amount is Rs. 11 Crore. One of the reasons for the imposition of a fine is non-compliance in respect of the code of conduct for opening and operating current accounts. This non-compliance could be a result of an error.
The concurrent Auditor has a duty to report non-compliances pertaining opening of new savings and current accounts. This example will illustrate why the banks insist on more testing areas under concurrent audit scope and introducing the concurrent audit to more number of branches in-order to avoid such fines.
So, Concurrent audits act as a medium of preventive vigilance to detect such kinds of frauds or errors.
Current Year Update
RBI imposed following fines in recent times.
- Bank of Maharashtra – Rs.1.12Cr fine
- Axis Bank – Rs.25 Lakhs fine
Who Performs Concurrent Audits?
Bank’s own staff (Retired employees) or external auditors (independent) can perform these audits. However, there are specific guidelines laid out by RBI for appointing Chartered Accountants (CA) firms for these assignments. Such guidelines are:
- Any partner of the CA firm shall not be a director on the board of the Bank (Independence of CA)
- No other partner of the firm mentioned above (first point) is also ineligible
- CA’s should not be subjected to inquiry in the past as per the Institute of Chartered Accountants Act, 1949
- Completion of Certificate course on Concurrent Audit of banks by ICAI
The List goes on…
To sum up, the idea behind the above requirements is to ensure that there shall not be any compromise in the Auditor’s ability to carry out the audit function or report significant deficiencies.
How to Conduct Concurrent Audits?
Concurrent Audits of banks are primarily driven by the scope defined by the Bank’s head office and RBI guidelines. The Bank Head office or respective authority overseeing such audits provides the guidelines and desired format of expected report. These help auditors to give a clear picture of typical audit areas to test. Additionally, Chartered Accountants can take the help of various resources provided by ICAI through its portal. Manual on Concurrent Audits is the best resource.
We must first understand the areas that a Concurrent Auditor needs to verify. The same are added below in detail.
Cash transactions are most common in banks. However, there has been a decrease in Cash usage due to the convenience of using digital payment platforms. Thanks to those platforms.
Auditors should focus on the following areas:
- Physical verification of Cash in the currency chest of the Bank and ATM, if any
- Cash always comes with the inherent risk of being theft. So, there are certain retention limits laid down by the respective bank. So, Cash at the branch shall not exceed the retention limits. If so, then auditors need to mention it in the report. (Retention Limits are laid down in concurrent audit guidelines provided by Head office of respective Bank).
- Ensure Proper Insurance coverage for the inward and outward remittances
- Banks need to report the Counterfeit Currency. Check whether such instances happened during previous months or years. Practicality: The happening of such events is remote.
Soiled or Mutilated Notes:
All bank branches facilitate the exchange of Soiled or Mutilated notes.
Reserve Bank of India (Note Refund) Rules, 2009 requires all the bank branches to display a board indicating the facility of such exchanges.
Such Soiled or Mutilated notes will be handed over to the Currency Chest.
Currency Chest will submit all such notes to RBI.
However, there is no time limit for this. But Auditor shall verify whether the branch has a notice board displayed and inquire about the existence of such procedures.
Submitting Soiled Notes to Chest: Branch Managers will be more willing to give a positive answer. Check if the branch has done such an exchange in prior months with any supports to corroborate inquiries made. Auditors can ask for any report generated for such soiled notes. It leaves Auditor with more positive evidence regarding the existence of such a procedure.
- Bank needs to report the accounting of currency chest transactions and the delays to RBI
What are the consequences of delayed reporting to RBI?
Currency Chests must report all the transactions on the same day to RBI. If it’s not the case, banks are charged penal interest or flat fees for the period of delayed reporting.
Penal interest is not only for delay in reporting but also covers the following instances:
- Wrong Reporting
- Inclusion of Ineligible Amounts in Chest Balances
Source: RBI Website
Disclaimer: The above information is extracted from the RBI website solely intended to educate users.
Audit team can check this by verifying for the recent historical reports. Alternatively, Auditors can verify the penal charges account and understand if there are any such instances.
Is KYC Compliance a Mandate for Concurrent Audit of Bank?
Yes, that’s very much required. Lets understand about the KYC and need for its compliance.
KYC means Know Your Customer.
RBI has issued guidelines (KYC Guidelines – Anti Money Laundering Standards) requiring banks to frame policies and controls to prevent Money laundering activities.
Banks must obtain certain proofs to validate a customer before entering a financial transaction or establishing a banking relationship. Proofs here would depend on the type of customers opening the bank account or entering into a banking relationship.
What are the types of Customers?
Customers are categorized into two types
- Natural Person
- Artificial Persons (Like Companies, LLP etc…)
There is a requirement for the Natural Persons to provide proof of Identity and Proof of Address. We have added an inclusive list of Proofs below in Table:
Note: Banks have Pre-defined acceptable proofs in their KYC Norms or Account Opening Form. As a Concurrent Auditor, ensure that the branch has adhered to such guidelines.
Artificial Persons are also required to provide proof such as Partnership Agreement for firms, Company Incorporation documents (Memorandum and Articles of Association) and Board resolution authorizing opening of bank accounts.
Mere submission of a photocopy of the above proofs will not suffice. The authorized officer of the bank shall also confirm the authenticity of photocopies with the Original documents. Such officer will add their initials to photocopies confirming verification with the Originals.
PAN Card is also mandatory for opening a bank account irrespective of either natural or artificial person.
- There shall not be opening of any new accounts with a fictitious name
- Banking transactions shall not be allow a persons on the RBI sanctions list or Government Watch Lists.
- Details such as the nature of business and customer financial status help in risk categorization. It furthers the bank in determining financial credibility and thereby assists in providing Credit facilities to the customers
- Obtaining such proofs help the bank to monitor transactions and avoid unnecessary hardships and costs.
- Anti-Money Laundering (AML) Guidelines requires banks to obtain such information. AML – Means changing the identity of illegal money into legal.
Lets go through the below example to have a clear understanding of the requirements to comply with KYC norms.
It is an illusionary example for understanding purposes.
Mr A has a huge amount of cash received as a bribe during his business. Then, he opened bank accounts with fake proofs and used such accounts for his business payments. Previously, the bribe amount is not in the books. But now, it’s a legal money. So, Mr A got a double benefit (Conversion of Illegal money and Moving it into business as legal money).
The auditor should perform the following checks in verifying KYC:
- The Account Opening form is filled with all mandated details such as Nomination, specimen signatures, passport photos etc.
- Bank officers need to verify the address and identity proofs.
- Submission of PAN Card or Form 60/61
- Verify whether all the details are properly entered into the bank application software. Specimen signature also needs to be scanned and attached to the customer profile. Specimen Sign helps bankers to validate various services like Cheques and DDs issued by the customer
- Bank needs to obtain the KYC details on periodic basis. Periodicity is determined by customer risk and bank norms.
How to verify steps taken by bank for KYC compliance?
- Inquiry whether there is such procedure in the bank
- If so, then check for it’s implementation
- Normally, banks do a follow-up through SMS/Email to update KYC
- If the risk is higher, the submission requirement might be less than 2-3 years. It all varies from bank to bank.
ATM/Debit Cards/Credit Cards
Verify whether the branch levied charges for issuing a debit card or ATM card per the bank policies.
In General, if the cards are due for renewal then there will not be any charges. However, if there is a need for replacement (Stolen or missing cards) then bank needs to charge for it. Ensure to check if the applicable taxes like GST are levied.
Perform physical count of following cards
- Cards which are left over (Not possible for bank to delivery due to variety of reasons)
- Banks started with new approach for quick opening of bank accounts. So, customer can open the bank account and get the instant kit on the same day. Instant kit includes debit card as well. Bank will have inventory Cards which are ready for immediate activation.
Cards which are unused within their expiry date shall be destroyed or to be sent to the head office as per their policy. So, audit team can check for the same.
Does Concurrent Audit benefits from verifying Dormant/Inoperative Accounts?
Accounts that are not operative for a pre-defined period will be frozen, and no further operations are allowed unless authorized by a competent banker officer.
Consider verifying whether appropriate charges are levied before bringing it to active state.
Obtain the List of Dormant Accounts, which became active recently. Verify whether such accounts are backed by proper authorization. Also check if proper charges are levied for bringing the accounts into active. So, it helps in checking that there is no income leakage due to such accounts.
How to verify Dormant Accounts?
Dormant Accounts report can be pulled from bank software. So, obtain the report as of the date and three months old (for example). Run a quick comparison and figure out the active accounts in those.
Typically such accounts come into operation if the bank has received a request from the customer. Banks will also insist on a deposit along with KYC proofs.
Loans and Advances
Bankers’ primary business is to lend money for interest. Interest payments are due monthly, quarterly, half-yearly, or annually. No specific period is applicable for all the Loans and advances, and it depends on a case-to-case basis.
Loans and Advances are a prime audit risk for concurrent auditors due to the volume of money involved. So, a special focus shall be given to these banking products.
What are the Checkpoints in Loans and Advances?
The answer depends on the type of Loan Product. However, we can see the generic pointers applicable for all loans first. Then, we will move on to specific audit checkpoints for each loan category.
General Check Points
- Check whether the Interest rate charged is per bank terms.
- Loan Application and appropriate forms are filled in by the customer. Also, verify if those applications are backed by proper supports.
- Check whether documentation charges and processing charges along with GST are levied as per bank policy.
- Obtain the Loan statement and verify whether principal and interest repayment are regular.
- In case of irregular payments, ask for the next steps taken by the branch to ensure prompt collection.
Gold Loans are loans granted against the Security of Gold Coins or Ornaments. The checkpoints are below.
- Obtain the Gold Valuation Report to check the security value and compare it with the sanctioned Loan amount. The loan amount shall always be lower than the value of the Security.
- Most banks have a policy of sanctioning loans with an upper cap of 60% to 70% of security value. So, there will always be a buffer of 30-40% on the security value and loan is sanctioned for remaining balance. Request for the policy and verify whether the same is followed.
- Depending on the loan amount, the Banker may approach a second valuer for the valuation of the Security. Here, the second valuer shall be independent of the traditional valuer. So, check for those instances as per bank policy and verify whether the same is followed appropriately.
For example, the Bank policy is to obtain a second valuation report for a gold loan exceeding Rs.1 Crore.
Mr. Loss approaches a bank for Rs. 1.5 Crore Gold Loan. Now, bankers request a second opinion to gain better comfort over the security value per their policy.
Note: Primary and Second valuation reports shall not be on the extreme end. For instance, Report A values gold as worth Rs.10 Crores, and Report B mentions the same gold security value as Rs.5 Crores. Then, this current scenario results in checking for the competence of the valuers.
A difference of 5%-10% is acceptable.
Bank Overdraft and Credit Cards fall into these categories.
A bank overdraft is a loan facility that allows the account holder to withdraw money beyond what is available in their account. So, these are an equivalent version of credit cards.
Overdrafts are one of the old banking products before the start of using credit cards.
Bank overdrafts are generally unsecured.
Do you recall seeing an option of asking to open an overdraft facility instead of premature closure of your online fixed deposit?
Banks are making the most of technology. So, they started showing up those pop-up questions to increase their banking business.
Credit cards are the best banking products. Banks allow their customers a free credit periods (45 days or 50 days, or 90 days) per their policy. It generates a statement with the outstanding balance after the completion of credit term. Customers can pay the entire amount with no interest fees or paying a minimum amount with interest.
The initial limit will be lower and gradually rise as per the person’s spending ability. The individual credit score, salary, or business income are additional factors that contribute for increasing the limits.
These days, financial institutions are moving forward with novel strategies, such as customizing credit cards for each individual. Examples include e-commerce-specific credit cards (Flipkart Axis Bank, Amazon ICICI Card), travel-related cards (Doctors Credit Card), and the list could go on and on.
These loan applications are handled by banking teams based in the corporate headquarters. So, the concurrent auditor has nothing to do with it.
Checks to be done
Let’s look at the checkpoints in this instance to gain a broad picture.
- Credit card transactions will be converted into EMI per customer preferences. Such EMI transaction requires the levy of processing charges.
- Furthermore, any processing fees will be subject to GST. Verify if those charged GST rates are per the GST Act and Rules.
- Banks shall consider classifying the unpaid credit cards as non-performing assets if the amount is outstanding for more than 90 days.
- Obtain the late payments report and determine whether any penalties for late payments are imposed.
- If bank overdrafts are granted with a fixed deposit as Security, then ensure that appropriate withdrawal controls (like lien on FD) are in place.
Loans sanctioned for corporate organizations to meet their working capital needs, expansion or commencement of business, or the purchase of fixed assets are referred to as corporate loans.
- Board of directors will approve fresh borrowings or modifications to the existing financings. So, verify if the loans are adequately supported with Board resolution.
- If a loan is given on the Security of immovable assets such as land, buildings, or others, ensure that the Security was adequately inspected before loan sanction. Obtain the inspection report as well as photos of the securitized asset.
- Working capital Loans like Cash Credit or overdrafts are granted by hypothecation of inventory and book debts. So, Check the value of the inventory and book debts with the most recent audited financial statements.
- Banks may require frequent audits of stock and book debts if necessary. Inspect those for such reports and check if any concerning discoveries will result in the borrowers defaulting.
- Borrowers must present a periodic stock and book debts statement, an audited balance sheet, and a provisional balance sheet per the loan terms. Check to see if the submission is on time.
Drawing power is the maximum amount which borrowers can use for his personal or business needs.
- Similar to Gold Loans, there will be a buffer between the security value and the loan amount, and the buffer or margin must always meet during the loan tenure.
- For example, Banker’s margin amount per their policy is 40%. If the value of inventory shall be Rs.100 Lakhs, then the Working Capital Limit is Rs.60 Lakhs. So, the bank needs to check the drawing power for the loan periodically as and when stock statements are received.
What if the inventory value is lower?
If the value of inventory is Rs.50 Lakhs, then the working capital limit will reduce to Rs.30 Lakhs. It does not stop there. Bankers might, and bankers repay immediately based on their credibility assessment.
Auditors are advised to pick up samples of borrowers whose drawing power depends on the value of stock and book debts. Further, also verify whether the security value after considering the margin is at least equal to the sanctioned amount.
Does Concurrent Audit of Banks helps in finding Income Leakage?
- Banks charge a fee for providing chequebook facility and non-maintenance of minimum balance. Verify whether the bank levies such charges before allowing further transactions. Banks software may not charge the fees if the account does not have a sufficient balance.
- Loan comes with stipulated terms like submission of data/reports such as stock and book debt statements, balance sheet, confirmation that proper statutory returns are filed. If there is non submission or delay in submission then bank need to levy the charges as per their policy. Check for those instances
- Ensure proper recovery of Locker rents. Ask if there is any e-mandate to the associated savings or current account.
- Verify the Staff welfare and Stationery expenses GL. Those expenses shall be consistent with prior months.
Lastly, perform substantive analytical procedures over periodic revenue and expenses to help you in understanding the historic trends and in finding gaps
Concurrent Audit is a way to reduce the time gap between occurrence and verification of transactions. It helps in preventing and detecting frauds/errors and there by contributing to the smooth functioning of banks.
The typical areas to be covered are:
- Firstly, audit team need to check for the KYC Compliance
- Physical verification of Cash and Debit or Credit cards
- Verify whether the Loans and advances are sanctioned as per bank powers.
- Check if the Loans and advances are sanctioned after obtaining appropriate loan application and other forms along with supporting’s like pre and post inspection reports, title deeds of property, if applicable, regular repayments etc.
- Ensure that there is no loss due to income leakage
- Ask for the compliance with applicable state and central laws
- Perform Physical inspection of borrowers security (for example – Immovable property, Stock)
The above list is not a comprehensive. So, follow as per the guidelines and scope defined by appointing authority. We hope this guide helps in steering your audits in right direction.
All the best for your bank audits. Keeping reading and loving this blog.
Do share this guide with your co-professionals!