Regulate, don’t privatise~II

Office of the CAG New Delhi


It is not my case that PSBs should not be privatised, but that the regulatory system that covers private banks as well as PSBs India should be made reliable, effective and unfailing, with multiple checks inserted to cover all identified risks.

I believe that the existing laws and rules are more or less adequate and may only need a little re-engineering to strengthen oversight. Audit of banks is one essential instrument of this oversight.

Banks typically are subjected to four kinds of audits ~ statutory audit, which is basically an audit of the bank’s financial statements by auditors appointed by the RBI; internal audit conducted by the bank itself, a concurrent audit of transactions by internal or external auditors; and inspection done by the RBI.

Under the concurrent audit system, each bank branch is audited by not one but two teams of auditors, it is a part of the banks early warning system to detect frauds and irregularities.

None of these mechanisms, not even concurrent audits nor internal audit, could detect the scam that was going on for seven long years. What is their accountability? RBI itself is audited under section 50 of the RBI Act 1934, by auditors appointed by the Central Government.

Though Section 51 of the Act enables the Government to appoint the CAG of India as auditor of the RBI, the provision has never even been invoked. The Government clearly wants the CAG to be away from the audit of the RBI for reasons best known to itself.

Even the PSBs, though they qualify as government companies having majority stake-holding by the Government, are out of the ambit of CAG’s audit, a fact which is mostly unknown, even to knowledgeable commentators.

CAG has the authority to audit government companies under section 19 of the CAG’S (Duties, Powers and Conditions of Service) Act, which mandates the CAG to conduct audit of Government Companies in accordance with the provisions of the Companies Act.

Section 143 of the Companies Act 2013 empowers the CAG to appoint the statutory auditor and direct him in auditing the accounts of the Government Company.

CAG also has the authority to conduct a supplementary audit over and above the statutory audit conducted by the statutory auditor appointed by him, and report the results thereof to the Parliament or state legislature, as the case may be.

It may be mentioned that CAG has the power to penalize the statutory auditor if he fails in his duties as auditors, a power which he exercises judiciously and regularly.

The appointment of auditors is made following a robust and transparent process and there has rarely been any complaint against the objectivity of the process.

It is partly to the credit of the robustness of the CAG’s oversight that even in an age when scams erupt with astonishing regularity in almost every entity under the control of the government, no major scam of the public sector companies has as yet shocked us into numbness like the way the PNB scam has.

Public sector banks are governed by the Banking Regulation Act, 1949 and Banking Companies (Acquisition and Transfer of Undertakings) Act, 1970. The Banking Regulation Act, 1949 gives wide powers to the RBI to control advances by banking companies and to issue directions thereon (Section 21), appoint auditors or order special audit of banks if necessary (Section 30), inspect banks (Section 35), remove managerial and other staff, appoint additional Directors, supersede the Board of Directors and override other laws in this regard, including imposition of punishments for certain activities (Section 36).

If despite such statutory provisions, RBI complains of inadequate powers, it means that it has been taking its powers and responsibilities rather casually. It should probably draw some lessons from Mr. T N Seshan and Mr Vinod Rai who made their institutions immensely powerful even within the existing framework of laws.

PSBs are audited by auditors appointed by the RBI under Section 10 of the Banking Companies (Acquisition and Transfer of Undertakings) Act, 1970 which provides that auditors will be appointed by the Central Government with the approval of the RBI and will submit their report to the Centre and which will be placed in Parliament.

RBI sometimes picks the auditors from the panels prepared by the CAG, but unlike the Government companies, the CAG exercises no power of direction or supplementary audit of their reports, neither does he review their performance or penalize those violating the auditing standards.

RBI has now delegated the powers to appoint auditors to the Board of Directors of individual banks, and the process of their appointment is shrouded in opaqueness, in which the possibility of conflict of interest in the appointment process cannot be ruled out.

Further, many PSBs have a huge number of branches. The branch is the pivot in respect of sanction of loans and their disbursement, security or collateral, documentation and recovery.

Since most of these transactions are handled at the branch level, their audit naturally assumes extreme importance. There are multiple statutory auditors of a bank; the work distributed among them remains a grey area which leads to lot of dilution and diffusion of responsibility and hence laxity in audit. The principal statutory auditors often fail to take into cognizance the poor internal controls existing within a branch.

Statutory auditors are chartered accountants, and are bound by the rules and ethical standards of the Institute of Chartered Accountants of India (ICAI) which is a self-regulatory body established by Parliament, and that, probably is its biggest flaw.

ICAI includes government representatives as part of its oversight who often lack the acumen that is required in understanding accounting and auditing to be able to exercise effective oversight; it also creates unmitigated conflicts of interest.

One argument proffered against the CAG audit of PSBs is that the CAG may not have the necessary expertise for audit of PSBs or RBI. But the expertise was not required under the existing regime, as these audits were kept outside his purview. Once he is given the responsibility for auditing these, it is only a matter of time before the necessary expertise is developed.

The CAG conducts three kinds of audit ~ compliance audit where he checks compliance to rules, regulations and procedures; financial audit which is basically an audit of financial statements and disclosure requirements; and performance audit, which is focused on performance, where he may question the rationale for giving a loan.

If the government wants to protect the autonomy of the banks, CAG may be debarred from conducting performance audit of the banks. But he will still be able to see that the disclosure requirements are fully met, that rules are complied with and that risks have been adequately covered.

PSBs will then unquestionably benefit from the CAG’s expertise in appointment, regulation and supplementary audit. But there has to be other mechanisms as well.

In the aftermath of the Enron scandal, governments realised the need for creating a non-government entity to regulate the audit profession, before which the audit profession was self-regulated even in the US.

This led to the creation of the Public Company Accounting Oversight Board (PCAOB), a private-sector, non-profit corporation created by the Sarbanes–Oxley Act of 2002 to oversee the audits of public companies and other issuers in order to protect the interests of investors and further the public interest in the preparation of informative, accurate and independent audit reports.

The conflict of interest in self-regulatory bodies was recognised, inhibiting their ability to protect the interests of investors. All PCAOB rules and standards require approval by the US Securities and Exchange Commission (SEC).

Through the PCAOB, for the first time, US public companies were subjected to external and independent oversight instead of self-regulation. PCAOB discharges four primary functions in exercising the oversight of auditors ~ registration, inspection, standard setting and enforcement, and is a member of the International Forum of Independent Audit Regulators (IFIAR). These actions helped to strengthen the quality of auditing in the US.

We also need to shake up the audit profession, as suggested by Krishnamurthy Subramanian, first, by creating a National Financial Reporting Authority (NFRA) and then activating a mechanism for IFIAR.

We have a Quality Review Board (QRB), set up under Section 28A of the Chartered Accountants Act, 1949 which is mandated to conduct independent audit quality reviews. QRB is not yet a member of IFIAR for which it needs to demonstrate its independence.

The IFIAR membership consists of 52 independent audit regulators from around the world, besides observers like the Basel Committee on Banking Supervision, European Commission, Financial Stability Board, International Association of Insurance Supervisors, International Organization of Securities Commissions, Public Interest Oversight Board, and the World Bank.

Once we align ourselves with such and other international organisations, and allow the CAG access to RBI and PSB accounts, much of the malaise afflicting the banking sector can be effectively addressed. Privatisation of banks is a knee-jerk reaction and if we privatise without strengthening their regulation, the PSBs will continue to be mired in such scandals.

(Concluded)

The writer is a commentator. Opinions expressed are personal