A leading PSB under critical scrutiny
Bank of Baroda is a reputed Public Sector Bank with 115 years of existence. It has its presence in 17 countries across the globe. Its mission statement reads “To be a top ranking National Bank of International Standards committed to augmenting stake holders’ value through concern, care and competence”.
True to its public sector image, the bank has more than 60% branches in rural and semi-urban areas, and the bank along with its 3 RRBs has been continuously the industry leader under Financial Inclusion garnering a whopping 16% industry share in PMJDY – Basic Saving Bank Deposits accounts and more than 18% share in PMJDY deposits (industry consisting of all banks including public, private, co-op and RRBs). It has a loyal customer base of more than 15 crore.
A bank of such good repute has now been under critical scrutiny and reproach.
AL JAZEERA expose
On 11th July 2023, Al Jazeera and The Reporters’ Collective brought out an online article on the bank headlining “India’s Bank of Baroda tampered with accounts to flog app – The second-largest government-owned bank linked mobile numbers of strangers to boost app registrations, compromising security.”
It detailed the modus-operandi and wrong practices adopted for on-boarding customers for registering in its mobile application “BOB WORLD”. It also exposed the ill-fated wrongful HR practices (fixing unrealistic business & action targets and driving the staff to achieve them by any means, hook or crook) adopted by the bank to drive the BOB WORLD mobile-app registration process. (https://www.aljazeera.com/economy/2023/7/11/indias-bank-of-baroda-misused-customer-data-to-flog-app). It appears that this expose has not been refuted or confronted or challenged by the bank.
Action by RBI
Suddenly on 10th Oct 2023, to everybody’s surprise, RBI directed Bank of Baroda to suspend, with immediate effect, any further on-boarding of their customers onto the ‘bob World’ mobile application. It says that this action is based on certain material supervisory concerns observed in the manner of on-boarding of their customers onto this mobile application. However, RBI notification has not mentioned about any audit or inspection carried out by them in this regard and did not elaborate on these material concerns. It has left the public opinion to wide open speculations.
Recently Al Jazeera updated its expose with latest details about the damage control exercises in the bank and reported that money was stolen from accounts of customers linked with wrong mobile numbers.
Economic Times wrote with a headline “Bank of Baroda (BoB) World app scam could be tip of iceberg; RBI should appoint IT auditors in banks”.
Money control reported that the bank had suspended 60 staff including 11 assistant general managers, especially in Vadodara region.
Bloomberg in its article stated that in a pursuit to meet steep targets for signing up customers to the bank’s mobile app, BoB World, Bank of Baroda executives across at least 10 cities linked existing bank accounts without cell phone numbers to unrelated numbers to show new customers were added on and the bank executives pocketed benefits and rewards for meeting or beating their targets. It also said that as a result of customer app probe BoB suspends dozens of executives and claws back benefits.
What is the trigger?
DFS (Department of Financial Services) of Govt. Of India has been holding periodic meetings with commercial banks since many years and drives digital banking. It collects data from the banks on digital transactions on weekly basis and reviews it.
As part of GOI’s PSB reforms agenda, IBA (Indian Banks Association) oversees and drives the EASE (Enhanced Access & Services Excellence) banking reforms agenda comprising 30 action points across 6 themes. Progress of PSBs against the PSB Reforms EASE Agenda has been rigorously tracked through EASE Reforms Index measuring the PSB performance on 140 metrics against respective benchmarks for continuous improvement on PSB reform priorities. The EASE reforms drive is for a “CLEAN & SMART” PSB banking. Through this “SMART banking” agenda, PSBs are driven to achieve digital banking metrics.
The story of Mobile Number linkage
RBI vide its notification dated 6th July 2017, directed that “Banks must ask their customers to mandatorily register for SMS alerts and wherever available register for e-mail alerts, for electronic banking transactions. The SMS alerts shall mandatorily be sent to the customers, while email alerts may be sent, wherever registered.” However, RBI did not elaborate on the propriety to be adopted for verification of mobile numbers during the process of its linkage to bank accounts. The issue in non-availability of any online mechanism to ascertain ownership of mobile numbers, both post-paid and pre-paid, forced banks to deploy methods as they deemed fit.
The story of Aadhaar based mobile validation
Some banks adopted Aadhaar based mobile number verification process. But it has its own failures. Aadhaar does not de-duplicate mobile number, in other words UIDAI does not prevent linkage of same mobile number to multiple Aadhaar numbers. Same mobile number can be linked to many Aadhaar numbers without any limitation. To boost Aadhaar-mobile linkage UIDAI deployed one API (Application Interface for accessing and updating UIDAI data) solution to be used by all financial institutions. It even directed them to mandatorily deploy the API in its solutions. But unfortunately, due to a security lapse in API (mobile number not getting encrypted during online transit) there were attempts to infiltrate the packets and change the mobile numbers. This API was later withdrawn by UIDAI. But how many wrong linkages materialised when the UIDAI’s API was live and what action UIDAI took to correct or delink such cases is not known.
BoB’s Digital drive
To comply with the DFS guidelines and to meet the EASE reforms agenda targets on digital transformation, many banks including Bank of Baroda are adopting
various measures for pushing customers from traditional branch banking to a faceless online banking mode.
BOB, it is reported has its own daily Dashboard, for the benefit of its branches and controlling offices, displaying the details of customer transactions into cash mode and digital. It is also learnt that it has been monitoring technical error data on daily basis. It also went on a digital transformation campaign through adverts. So far so good.
But, in this rat race for converting branch banking to a digital mode and to compete with customer mobile applications of other peer banks like YONO, etc., Bank of Baroda changed the get-up of its existing customer mobile application, “Baroda MConnect” and included few new features in it and renamed it stylishly as “BOB World”.
With a fresh and redeemed vigour, the bank reportedly indulged in a massive customer registration drive, PMJDY mela type, of the rechristened BOB World mobile app. It appears that daily unrealistic on-boarding / registration targets asynchronous to the ground realities like accounts not having mobile numbers or having un-verified numbers, were thrust on operational units.
This appears to be followed up by mass meetings of executives controlling the branches to drive the set agenda. The ground reality of more than 50% of the transaction accounts belong to the FI- BSBD segment customers, many of whom do not even own a traditional mobile set let alone a smart phone, was not even thought of it appears.
This pressure tactics, dissociated from reality, on operational units forced few adventurous staff to invent and discover unethical methods to achieve the set targets and it appears to have spread through the length and breadth of the bank.
What is the way out?
Through some whistle blowers the unethical process adopted by BoB has come to limelight. But it is not known how other peer banks fare in this regard. The growing online frauds in digital transactions and AEPS (Aadhaar Enabled Payment System) transactions, as noted by concerned civil society groups, shall force anybody to logically conclude that this issue may not be unique to BoB but might be affecting many peer institutions as well. But has not come to public scrutiny may be due to complicity of some of the stakeholders.
So, as a responsible central bank, RBI must guide the banks properly and must have appropriate supervisory and control mechanisms to trigger and warrant action keeping in mind the privacy of customer data and the safety, security of public money. DFS must also mind setting reasonable agenda keeping the aspect of security in digital transformation. Will these events open the eyes and ears of the people managing the show and at the helm of affairs? They must keep in mind the public do keep watch of the affairs.