Issue link: https://maltatoday.uberflip.com/i/1498480
8 OPINION 4.5.2023 Wanted - tighter oversight on banks George Mangion George Mangion is a senior partner at PKF, an audit and consultancy firm, and has over 25 years' experience in accounting, taxation, financial and consultancy services. His efforts have made PKF instrumental in establishing many companies in Malta and established PKF as a leading professional financial service provider on the Island R ecent overseas bank failures have had international regulators step up on their toes amid fears of con- tagion with investors shedding risk assets across Europe. Asian stocks diverged on US pledges to backstop troubled lenders af- ter the collapse of SVB was followed by the failure of Signature Bank. Such news has not caused concern on local financial observers, it appears no deep furrows on the foreheads of official regulators who seem to label the news as a passing hindrance. Who would have ex- pected UBS to take over its troubled Swiss rival Credit Suisse for $3.25 billion follow- ing crunch talks aimed at preventing a wider international banking crisis. e deal, in which Switzerland's biggest bank will take over the second largest, was vital to prevent economic turmoil from spreading throughout the country and beyond. No ripples on the banking spheres in Malta, even though one reads about a number of scams and belt tight- ening measures that resulted from harsh ECB directives. All this occurred in the past five years. A glaring example of a se- rious breach in security was reported on Times of Malta concerning how an HSBC manager who has admitted to an auda- cious swindle involving unauthorised withdrawals from client accounts using forged signatures. Bank admitted that it was "indeed possible" that a rogue banker had forged client signatures. Typically, the heist involved topping up funds withdrawn from one client's account by replacing them with funds illicitly withdrawn from another client's account. is case involved falsifying and forging bank and client records and mis- appropriating funds. e bank is seeking to recover €1 mil- lion in misappropriated funds and dam- ages from a former mortgage protection manager, who worked for the bank from 1989 until he was fired in August 2021. He was dismissed, after complaints began to trickle in from HSBC's clients over un- explained withdrawals and transfers, trig- gering an internal bank investigation and a criminal complaint. One must stop and reflect how in this modern age of strict governance based on digital protocols, internal staff at HSBC can perpetrate such a scam for over two years and this was halted mainly as a result of complaints by defrauded depositors. It is unbelievable, how such an international bank has admitted in civil court proceed- ings that to this very day, it has been unable to establish the full extent of the fraud, and there may be other clients who were im- pacted that they are not yet aware of. e standard crime of "teeming and lading" brings me memories of studies in auditing journals of twenty years ago when at that time transactions were physically mon- itored and ECB and Basel 111 rules did not attempt to regulate European banking practices. It does not rain, it pours. is case involved a senior bank manag- er who over-rode the rules, as he started carrying out unauthorised withdrawals and stealing cash deposits in 2019. It is unbelievable in these days of com- puter security mechanisms that the bank was only alerted to such actions two years later. One may attempt to blame internal auditors who overlooked such a weak- ness but then again, the external auditors did not spot this scam. It had to be the defrauded customers who sounded the alert. HSBC quickly eliminated the possi- bility that the funds had been transferred out of client accounts due to some sort of administrative error. In its defense, HSBC said the bank's in- ternal investigation has been concluded and all impacted customers identified and contacted. is is not an isolated fly in the ointment for banks in Malta. e Reuters news media reports how Bank of Valletta failed for years to detect or address risks involving thousands of payments. It said BOV had not dealt with a litany of risk management failings de- spite repeated warnings from the Frank- furt-based ECB regulator stretching back to 2015. e report adopted by the ECB in the summer after a recent inspection called for remedial measures, including assessing if BOV's top managers are fit for their jobs, and reducing exposure to risks posed by foreign clients. In a particular but not isolated case, a customer has revealed how he lost thou- sands of euros in a number spoofing scams after believing he had received an SMS from his bank. It goes without saying, that the victim said he felt "em- barrassed" to have been duped by the sophisticated cybercrime but decided to share his story to warn others. In this age of computer surveillance and digital oversights, one is surprised how such fake messages appear to be authentic. In a particular case, it started with an SMS from what appeared to be a genuine BOV number, which he had previous- ly received authentic messages. Such a notorious scam is known as number or ID spoofing. In the scam message, the customer was warned that their mobile device has had its access limited for se- curity purposes and asked to either visit a branch or re-authenticate their device by visiting the BOV website. A MFSA warning letter is quoted to read that despite various interactions, BOV is perceived as lacking in effectively addressing the spirit as well as the actual concerns raised, and does not show the required sense of urgency expected in these circumstances to address the issues at hand. e MFSA told the bank's management that BOV had issues when it came to tak- ing on new clients, and "major deficien- cies" when it came to the effectiveness of its internal governance. is letter includ- ed the effectiveness of the bank's board in providing strategic and governance over- sight. Despite warnings, BOV kept scant de- tails about the source of wealth of the shuttered Pilatus' bank directors and no documentation was provided when its owner Ali Sadr opened an account in 2014. Again, BOV authorised a €36 mil- lion loan facility to Stewards Healthcare which were found in a Court judgement to have entered into a fraudulent com- mercial agreement with government to run three state hospitals. Most, probably such loans were secured by the State yet the top credit manager authorizing such a bad debt had quietly resigned his post. In another case, BOV allowed Centu- rionBet, a gambling company which the ECB said had its licence withdrawn in Britain in 2009, to continue transferring money even though its licence had also been revoked by Maltese authorities in 2017. In a reaction to the ECB report, BOV's de-risking exercise has taken on a much wider dimension. e bank is to- day engaged in a priority process - agreed with, and monitored by its regulators - to deal with the legacy issues highlighted by the report. As a government-controlled bank (the state holds the largest share) it has made strong progress in addressing the specific issues within the relevant timelines, and is confident that its processes will be sub- stantially enhanced as a result.