Three banks in Kenya closed over a short period – Imperial Bank, Dubai Bank and Chase Bank.
Today, Dubai Bank is set for liquidation, the State Bank of Mauritius acquired most of Chase Bank, and KCB is negotiating to acquire Imperial Bank.
The sector seems to have stabilised in spite of the interest rate caps and economic slowdown of activity, and what is of interest are three bank stories from Denmark, India and South Africa.
From South Africa, we have an investigators’ report on VBS Mutual Bank, which was placed under curatorship, the equivalent of receivership, in March 2018 after experiencing liquidity problems.
The report found that VBS had been a struggling bank, relying on small depositors, but which adopted a turnaround strategy of aggressive deposits mobilisation and launching new lucrative products such contract financing.
It sought parastatal deposits such as Sh14 billion from South Africa’s PIC and the Passenger Rail Agency for which they offered a super deposit rate of 9.25 percent for Sh7 billion.
VBS did not provide financial statements, and when the rail agency managers downloaded them from a website, they were shocked to find that the R1 billion sought was the same size as VBS's assets.
The rail agency eventually did not deposit any money, but the audit uncovered WhatsApp messages at VBS, which led the auditor to conclude that "every deposit ever made by a municipality into VBS arose as a result of a commission or consultation fee paid to solicit the deposit."
Meanwhile, the new contract-financing business was not recorded on the bank's operating system. It was treated as an off-balance-sheet asset and such loans did not go through the bank's other credit-approval processes.
Moreover, while the managers said the bad-loan portion was about four percent, the investigator said it was over 80 percent, and many of the borrowers were found to have had links to the bank's chairman and CEO.
He documented how VBS managers had communicated on Gmail on how to wipe out overdrawn balances by crediting the accounts with fictitious deposits, created using MS Excel.
Crucially, the bank's lead audit partner borrowed heavily from it but did not reveal this to his employer, KPMG, and went ahead to give audit opinions while knowing there was a hole of Sh50 billion at the bank.
The report says he was compromised by the bank through Sh200 million channelled through companies owned by his wife and cousin, and which the auditor used to buy luxury vehicles and to pay for his MBA classes at Oxford University.
Bank emails about his borrowing were done on personal accounts and not the official VBS email system, and while he made some repayments, they were reversed every month.
Then there is Danske Bank Group, the largest financial institution in Denmark.
In 2007, it acquired Sampo Bank, which had a tiny branch in Estonia with a few thousand customers, including non-resident citizens of Russia, Azerbaijan and Ukraine.
Documents at the branch were in Estonian and on Russian IT platforms and the branch had its own platform, which meant that its customers and transactions were not visible to the parent bank.
Plans made in 2008 to merge the Estonian branch IT and systems into the main bank were later abandoned, as this was considered too expensive for a small part of the bank.
Over the next few years, a series of news reports, whistle-blower messages, internal reports and investigations by authorities arose about activities by residents of Azerbaijan, Moldova, France and Russia who were customers at the Estonia branch.
The Russian Central Bank wrote to the Danish Financial Authority that "clients of Sampo Bank permanently participate in financial transactions of doubtful origin" estimated at "billions of roubles monthly” which may be aimed at tax and customs evasion and can be connected to criminal activity.
On September 2017, Danske Bank acknowledged there were "major deficiencies in controls and governance that made it possible to use Danske Bank's branch in Estonia for suspicious transactions estimated at over $234 billion [Sh24 trillion], which may be linked to criminal activities such as money laundering," and in September 2018, the CEO of Danske Bank resigned.
Finally, we have the Punjab National Bank, in India, which is headquartered in New Delhi.
In January 2018, some firms associated with the family of billionaire diamond dealer Nirav Modi approached a branch of the bank in Mumbai with import documents, requesting finance to pay overseas suppliers.
When they were asked to provide cash to cover the facilities, they said they had enjoyed such facilities in the past, but curiously there were no records at the bank.
The branch was a star performer and this was largely due to the Modi accounts, which had exponential growth of import and export transactions.
Further investigations showed that two bank managers had issued fraudulent letters without following required procedures or getting approval, and had been transmitting SWIFT messages to overseas branches without making entries in the banking system.
The fraud went on for seven years, with the first guarantee of Sh1.5 billion that bypassed the system in March 2011, and one manager went on to authorise over 1,200 fake guarantees.
In an unexplained oversight, he had an unlimited approval ceiling even though his status meant he could only approve Sh3.7 million. He also served seven years at the branch, even though the bank had a policy that no officer should stay in the same office for more than three years.
An internal report found that the SWIFT system was not integrated with the bank's core system. Also, some audit queries raised in the branch had been overlooked and inspection visits did not uncover easily traceable transaction paperwork.
Modi and his uncle Mehul Choski had both left the country before police filed a complaint and they have denied being part of a criminal conspiracy in the fraudulent transfer of Sh177 billion worth of transactions.
There are elements of similarity in the three bank stories with past ones in Kenya, such as insider lending, system lapses, transactions done off the core systems, new business lines that were not fully integrated, isolated branches, compromised auditors, and unsupervised or corrupt managers who take advantage of the lapses.
These should still be red flags in an age when the majority of bank transactions are initiated and executed over mobile phones or through third parties, not at branches, with no physical interface and paperwork at the bank.