Private sector lender IndusInd Bank said a “technical glitch” led to its subsidiary disbursing microfinance loans without customer consent, biometric authentication and OTP validation during the COVID-19 pandemic, according to the conclusions of the audit firm Deloitte. The bank has also set up a panel to probe the responsibility of its staff, if any.
The case relates to allegations of disbursement of microfinance loans by its subsidiary Bharat Finance Inclusion Limited (BFIL) between March 2020 and October 2021 without the consent of its clients.
Disbursement of loans without following KYC standards and registering customer consent at BFIL was reported by whistleblowers in November 2021, according to IndusInd Bank’s Tuesday, March 8 statement.
After receiving complaints from whistleblowers, the bank took immediate action like conducting an internal audit, an IT audit and stopping OTP-based authentication for loan disbursement in November 2021. IndusInd bank then appointed Deloitte Touche Tohmatsu India LLP or Deloitte to conduct an independent review of the technical glitch.
Deloitte delivered its report on March 7 in which it focuses on four main points. This was – to review the details of the technical issue resulting in disbursement of loans without biometric authentication and OTP validation, to review the product design and implementation of the products deployed in the first and second wave of the COVID-19 pandemic between March 2020 and October 2021, review of the overall loan portfolio and the NPA identification process followed by BFIL and assessment of the accounting impact on the regularization of income and the recognition of income, if applicable.
According to Deloitte’s findings shared in the press release, the technical issue was caused by IT change management and the process gap. The loan portfolio, where registration of consent was an issue, stood at Rs 8.87 crore as of December 31, 2021. These findings also indicate that with respect to product design, no adverse findings have been made with respect to compliance with existing regulatory guidelines.
“The Bank’s microfinance products require full collection of arrears or repayment of a delinquent loan before disbursement to a client. Some operational issues were highlighted during product deployment,” Deloitte’s findings noted.
They also point out: “In one of the products introduced to provide liquidity support to customers during the COVID-19 pandemic, the sequence of collections and disbursements could not be established because both occurred at the same time. day. This product was discontinued in September 2021 and the bank has, on a prudent basis, fully provisioned the exposure of this product as of December 31, 2021.”
Deloitte also highlighted certain areas for improving the processes and management of the banking activities of its subsidiary – BFIL – particularly in terms of technology and control. The likely implication of the findings of the review – failures in product execution and problems with recording customer consent – amounts to Rs 13.5 crore in terms of revenue recognition and provisioning requirement.
The bank carries contingent provisions of Rs 3,328 crore outside the provision coverage ratio, including Rs 368 crore for the standard microfinance portfolio as of December 31, 2021.
“In addition, the bank will make an additional provision of Rs 13.15 crore in Q4FY22 based on the findings of the review. The board has appointed a committee to assess staff liability, if any, arising from the findings of the report,” the bank noted.
IndusInd Bank said it has a “strong risk management and control framework”, adding that this framework will be further strengthened based on Deloitte’s findings.
(With contributions from the agency)