POLICY DOCUMENT ON MONITORING AND REPORTING OF FRAUD OAIS AUTO FINANCIAL SERVICES LTD

Transcription

1 POLICY DOCUMENT ON MONITORING AND REPORTING OF FRAUD OAIS AUTO FINANCIAL SERVICES LTD

2 Modification History Date of Version Description Authors Approved by Revision Initial Draft Mr. Parthasarathi Board Ray Directors of 2

3 - CONTENTS Serial No Subject Page No 1. Preamble 3 2. Definition and Scope Fraud in the context of OAFS and OAIS Business Preventive Measures Functional Areas Susceptible to Frauds and requirement of care Fraud Handling Process Fraud- Review Process Fraud- Reporting to MD / Audit Committee / Board Annexures: I. Illustrative List of Activities interpreted as fraud II. Format of Sworn Statement on Ethics III. Excerpts from Adopted Fair Practice Code IV. Internal Reporting of Ascertained / Suspected Frauds V. Format of Reporting prescribed by RBI VI. Format of Quarterly Reporting to RBI VII. Guidelines of RBI on monitoring of Fraud

4 1. Preamble: a. OAIS Auto Financial Services Ltd (OAFS) being a Systemically Important Non Deposit Taking Non Banking Financial Company (NBFC ND SI), registered as such with the Reserve Bank of India (RBI), has been advised by RBI to put in place a Fraud Identification, Monitoring, Reporting and Review Mechanism. The relevant instruction has been issued vide Notification No RBI/ /424 DNBS.PD.CC. No. 256 / / dated March 02, ` b. The Notification inter alia obligates all NBFC ND SI including OAFS to: i. Put in place a reporting system so that frauds are reported without any delay. ii. Fix staff accountability in respect of delays in reporting of fraud cases to the RBI. iii. Report all cases of frauds involving amount less than Rs. 2.5 million to the respective Regional Offices of RBI in whose jurisdiction registered office of the company is located iv. Report individual cases of frauds involving amount of Rs. 2.5 million and above to Frauds Monitoring Cell, Department of Banking Supervision, RBI v. Disclose the amount related to fraud, reported in the company for the year in the Balance Sheets c. OAFS, is a subsidiary of ORIX Auto Infrastructure Services Ltd (OAIS), which in turn is a subsidiary entity of ORIX Corporation Japan. Hence, OAIS is required to comply with provisions of Sarbanes Oxley which inter alia requires sign off on fraud risk assessment and disclosures. d. The aforesaid developments enjoin on OAFS to put in place a compliant Fraud identification, monitoring and reporting framework. 2. Definition and Scope: a. Wikipedia defines the term Fraud in the following words: In criminal law, a fraud is an intentional deception made for personal gain or to damage another individual; the related adjective is fraudulent. The specific legal definition varies by legal jurisdiction. Fraud is a crime, and also a civil law violation. Defrauding people or entities of money or valuables is a common purpose of fraud, but there have also been fraudulent 4

5 "discoveries", e.g., in science, to gain prestige rather than immediate monetary gain. b. The Indian Contract Act, 1872, states: Fraud means and includes any of the following acts committed by a party to a contract, or with his connivance, or by his agents, with intent to deceive another party thereto his agent, or to induce him to enter into the contract; i. Non disclosure of a fact by one party to contract, who has the knowledge or belief of, to another party who does not have, when such fact is essential to the contract and the knowledge of which would have altered the decision of the other party; ii. A material misstatement made by one party knowing that the statement is false; iii. A promise made without any intention of performing it; iv. Any other act fitted to deceive; v. Any such act or omission as the law specially declares to be fraudulent. c. Despite having contractual dimension, tortuous dimension and criminal dimension of fraud, India does not have a definition of fraud in legislation like Companies Act, Indian Penal Code etc. Govt of India therefore proposes to introduce the same in the Companies Bill. Such definition would draw upon the structure provided for an analogous definition in the UK Fraud Act, d. As per UK Fraud Act, 2006, a person is held guilty of fraud if he / she is in breach of any of the following sections: i. Section 2 (fraud by false representation), ii. Section 3 (fraud by failing to disclose information), and iii. Section 4 (fraud by abuse of position). e. Fraud by false representation: A person is in breach of this section if he / she: i. dishonestly makes a false representation, and ii. intends, by making the representation, To make a gain for himself or another, or To cause loss to another or to expose another to a risk of loss. iii. A representation is false if: 5

6 It is untrue or misleading, and The person making it knows that it is, or might be, untrue or misleading. iv. Representation means any representation as to fact or law, including a representation as to the state of mind of: the person making the representation, or Any other person. v. A representation may be express or implied. For the purposes of this section a representation may be regarded as made if it (or anything implying it) is submitted in any form to any system or device designed to receive, convey or respond to communications (with or without human intervention). f. Fraud by failing to disclose information: A person is in breach of this section if he / she: i. Dishonestly fails to disclose to another person information which he / she is under a legal duty to disclose, and ii. intends, by failing to disclose the information To make a gain for himself or another, or To cause loss to another or to expose another to a risk of loss. g. Fraud by abuse of position: A person is in breach of this section if he / she: i. Occupies a position in which he / she is expected to safeguard, or not to act against, the financial interests of another person, ii. dishonestly abuses that position, and iii. intends, by means of the abuse of that position To make a gain for himself or another, or To cause loss to another or to expose another to a risk of loss. iv. A person may be regarded as having abused his position even though his conduct consisted of an omission rather than an act. h. Gain and loss: i. extend only to gain or loss in money or other property; ii. include any such gain or loss whether temporary or permanent; 6

7 iii. Property means any property whether real or personal (including things in action and other intangible property). iv. Gain includes a gain by keeping what one has, as well as a gain by getting what one does not have. v. Loss includes a loss by not getting what one might get, as well as a loss by parting with what one has. i. Possession etc. of articles for use in frauds: A person is guilty of an offence if he / she have in his /her possession or under his /her control any article for use in the course of or in connection with any fraud. j. Making or supplying articles for use in frauds: A person is guilty of an offence if he / she makes, adapts, supplies or offers to supply any article: i. knowing that it is designed or adapted for use in the course of or in connection with fraud, or ii. Intending it to be used to commit, or assist in the commission of, fraud. k. Article: includes any program or data held in electronic form. 3. Fraud in the context of OAIS and OAFS Business: a. The business canvas of OAIS and OAFS has undergone vast changes in the recent past due to unprecedented and unparalleled expansion of the automobile related business, dependence on external vendors and contract chauffeurs and integration of technology and willing movement towards a compliant and transparent management process. This has given rise to risk of control dilution and created a scope for unscrupulous persons to perpetrate frauds. The companies have been continuously improving systems and procedures and have been periodically updating them to prevent surprises. b. However, compliance is a cultural issue and takes time to sink in. Therefore non observance of laid down systems and procedures and not giving due regard to administrative and procedural safeguards, are major contributory factors in the likely occurrence of frauds. Lack of knowledge, negligence and connivance on the part of the staff, vendors and chauffeurs could facilitate perpetration of frauds. c. A high level of attrition in critical functions also result in inadequate transfer of charges leading to enabling situations being created for commission of frauds. 7

8 d. Therefore, preventive vigilance assumes great significance. Preventive vigilance involves activities to prevent occurrence of lapses and irregularities and it is a continuous process. Its usefulness lies in its ability to prevent loss and damage to the Companies. e. While the broad principles for identification or branding of an action as fraud will be based on the aforesaid UK Fraud Act 2006, some illustrative instances of fraud in the business of OAIS and OAFS are attached in Annexure I. f. Business and Functional Heads are expected to review the list periodically and update the list in the context of experience and knowledge gained in conducting businesses. 4. Fraud Prevention Measures: a. Every Office of OAIS and OAFS shall have at prominent place inside the office a display Board sporting the following pronouncement for clients: IF ANYBODY OF THIS OFFICE ASKS FOR GRATIS OR IF YOU HAVE ANY INFORMATION ON CORRUPTION IN THIS OFFICE OR IF YOU ARE A VICTIM OF CORRUPTION IN THIS OFFICE YOU MAY COMPLAIN TO THE FOLLOWING, OVER PHONE, E MAIL, AND LETTER OR THROUGH UPLOAD ON COMPANY WEB SITE. PLEASE NOTE TO GIVE YOUR COMPLETE NAME, FULL ADDRESS AND TEL NO. TO OBTAIN URTHER DETAILS OF THE COMPLAINT, EVIDENCE ETC. TO FACILITATE ENQUIRY/ INVESTIGATION.ANONYMOUS COMPLAINTS AND THOSE WITHOUT VERIFIABLE DETAILS ARE NOT LIKELY TO BE ATTENDED/ INVESTIGATED. OUR RESPONSE WILL BE IMMEDIATE. YOUR IDENTITY WILL BE KEPT SECRET b. In accordance with the Justice Mitra Committee Recommendations to Reserve Bank of India, on legal aspects of frauds, the following preventive measures are proposed: i. Adoption of Code of Ethics: The draft of Sworn Statement to be signed by each employee of OAIS / OAFS is attached in Annexure II ii. Adoption of Standard Operating Procedure (SOP) in respect of each area of business and support function: The SOPs, duly reviewed, by 8

9 Internal Auditors may be made widely available within the company for uniform understanding and adoption iii. Adoption of a system of internalization of SOP: The HR, the Business Heads and the Functional Heads would initiate adequate steps to cover 100% of the employees of OAIS and OAFS through a training process to familiarize them with the SOP. Besides job cards would be prepared based on SOPs by the respective Business and Function and would be provided to each desk employee for facilitating adoption of uniform operating process iv. Adoption of and working within Discretionary Financial and Administrative Powers delegated by Management: In the course of discharge of business, the Business Heads and Functional Heads would need certain authorities and they would also be required to sub delegate certain authorities. All such authorities duly reviewed and approved by management would be made available to concerned persons and they would be expected to exercise delegated authorities within defined limits judiciously. v. Adoption of a culture of regular reporting of decisions taken within delegated powers to Management: The delegates would be expected to submit periodical MIS to Management advising them of the authorities exercised by them during a given period. vi. Adoption of a culture of regular review of exceptional transactions / reports in computer system: Business / Functional Heads should personally ensure posting/passing of exceptional transactions and monitoring of list of exceptional transactions in computer systems at during / at the end of each day. vii. Adoption of a culture of Internal Audit Compliance Process: Internal Audit is a tool to get transaction level as well as system level risks developing while doing businesses. Due review and rectification of the irregularities pointed out in a time bound manner also would contribute to arresting probability of frauds. viii. Submission of Periodical Legal and Regulatory Compliance Audit Certificate : A practice of procuring legal compliance certificate before execution of large value transactions including contract based investments and also of regulatory compliance certificate from concerned business and functional heads would contribute to an accountable approach towards elimination of possibility of frauds. 9

10 5. Functional Areas Susceptible to Frauds and requirement of care: a. The following functional areas in OAIS and OAFS are normally vulnerable to fraudulent actions: i. Cash Imp rest: Periodical cash verification, both internal and external, should be done as per prescribed procedure. Verification of cash must have an element of surprise. It must not be taken as a routine exercise/ ritual. ii. Collection and Post Dated Cheques (PDC): The cheques received towards rentals / EMIs should be crossed on acceptance. PIS should be filled in after due verification of the details of application of the proceeds of cheques. Before parting with the cheque after due verification as to applicability and filling in of PIS the same must be uploaded in System (PIS Module). PDCs should be handled in accordance with the guidelines provided in PDC Management Policy Document. PDCs should be crossed immediately on receipt, bearer word should be stricken through and the rubber stamp containing name of OAIS OAFS as the case may be should be put in place of payee, in case the same is blank. If the name is of anyone other than OAIS OAFS, the same should be returned to client in exchange of a fresh PDC. PDCs must be kept in fire proof cabinet under dual control one of the controller being Accounts and the other being Collection. Further details of PDCs must be uploaded in PDC Module in AXAPTA. On due date when PDC is required to be encashed or on return of security PDCs upon liquidation of dues as the case may be, the same needs to be taken out from joint custody after making due records, noted in AXAPTA PDC Module as regards take out and handled the way stated in foregoing paragraph. PDCs must not be under control of Marketing iii. Stamp Account: Wherever Non Judicial Stamps / Revenue Stamps are required to be procured and kept in inventory, the same should be handled like cash. Custody should be joint one being Accounts and the other legal or person nominated by legal. It could be a good practice to create a Stamp Account in General Ledger under Cash Group to route inflow and outflow through the account. Stamp should be subjected to checks as in case of cash imp rest. iv. Bank Account: Bank Accounts must be reconciled at the end of each week ideally, each fortnight preferably and each month mandatorily. Cheques issued but not presented and collection deposited but not credited must be taken up with procurement department and bank respectively for further action. 10

11 v. Suspense Account Any Account used for temporary routing of receipts / payments must be branded as sensitive account and all entries there in must be scrutinized by the Head of Accounts / may be permitted only with approval of Head of Accounts. Such Account should be reconciled each month and the open debit items and open credit items must be kept at minimum vi. Inter Branch Account: Inter Branch Account should also be handled in similar fashion Arrears of house-keeping, balancing of client accounts, Inter- Branch Account reconciliation etc. should be accorded top priority, so that fraud in these areas are detected at early stages. As far as possible, reconciliation work should be allotted to different persons every time. All primary records like vouchers, ledgers, receipts and payment registers/books etc. are required to be preserved very carefully in fire proof storage under lock and key and no unauthorized person is to be allowed access to such records, so as to preclude possibility of any mischief or tempering thereto. vii. Lease Returned Assets : The assets belong to company are temporarily allowed to be used by lessees during lease period based on recommendation of Marketing and are required to be returned / dealt with in terms of lease agreement. Once an asset is due for return from lessee either on expiry of term or on occurrence of events requiring repossession of asset, the matter should be sensitized by Marketing / Collection internally to Accounts / legal/ Service centre Used Car divisions while requesting clients to peacefully make over possession of the asset to the company s concerned division/ agents. Business Heads are required to advise all Marketing staff in this respect. Even if the requirement is to redeploy the asset either by way of extension or by way of secondary lease, the process should be documented and followed, even if notionally, keeping the spirit of the process of handling lease returned assets documented hereinabove. viii. Repossessed Assets: The above process is required to be followed in case of repossessed assets too. The only difference in case of repossession is the act may at times be not peaceful and require legal intervention. Further, at times the subsequent deployment / disposal of such asset may be contingent upon the outcome of legal action and therefore are required to be maintained / secured during such period. ix. Advance Pending Capitalization Account: This is a sensitive account requiring close scrutiny at frequent intervals. At this stage advance has been made out / asset has been made over while the same has not 11

12 been documented as such in books of accounts. Accounts, Acquisition and Marketing have great responsibility at this stage and are required to work in close co-ordination to reduce the period of perking at this stage. x. Vendor Payment Account: In OAIS-OAFS where a significant part of operations are outsourced, this head of account requires closer scrutiny at frequent intervals. Also the process of vendor payment has to pass through front office, mid office and accounts to comply with four eye principle of supervision. Any developing concentration in vendor profile in the portfolio should be avoided. xi. Profit & Loss Account: Other items of expenses impacting Profit and Loss Account should also be monitored as stated above xii. IT Systems: Since the functioning of OAIS and OAFS have to some extent migrated to ERP platform and there are significant manual intervention in the invoicing, collection and reconciliation process, the systemic risk from IT cannot be overestimated. CTO from Australia is reviewing this aspect and guidelines given by him are required to be complied with great care and application xiii. Procurement Function: Procurements in Business, IT and Administration need to be based on budget prepared and approved, based on pre approval of vendors and based on price grids pre approved. xiv. Stores: Inventory Control measures / Materials Management measures are required to be introduced and followed with same principle as in procurement. [The above are some of the representative instances / processes and are by no means exhaustive. Detailed list of items/ processes / heads of accounts requiring scrutiny from susceptibility to fraud angle are to be drawn up by Business and Support Functions for commensurate protection measures] 6. Fraud Handling Process: a. Appraisal: i. As soon as an actual, suspected or attempted fraud is noticed or detected, offices should immediately gather all relevant details and contact their Business Head. Wherever necessary, Head IR and Head Legal should be approached for lodging FIR with the police authorities as per guidelines. 12

13 ii. Offices should report the details of the fraud to the Corporate Office as per Annexure IV. While reporting frauds, various aspects covered by the relative questionnaire should be taken care of. In case some information or details are not readily available, the submission of the report or other available details should not be held up. The remaining information may be furnished immediately thereafter. iii. As details of frauds are required to be reported to Reserve Bank of India, offices should report complete details promptly without any delay or laxity. Further developments, such as progress made in the Police Investigation, enhancement in the fraud amount, fresh recovery/prospects of recovery of fraud amount, position of insurance claim, if any, current status of disciplinary action, amount restored and amount eventually written off should also be reported from time to time, till the case is finally disposed off. b. Filing of FIRs : i. During the course of day to day working, our offices sometimes come across various types of frauds committed by chauffeurs, vendors etc. Even staff members are also covered by the extant RBI guidelines on frauds. ii. Usually, such frauds involve commission of offences and our offices and authorities are required to decide whether the matter should be reported to Police Authorities. iii. Section 39 of the Code of Criminal Procedure, 1973, casts an obligation on any person aware of the commission of or of the intention of any other person to commit any offence punishable under any of the Sections of Indian Penal Code, mentioned in the said Section 39, to forthwith give information to the nearest Magistrate or Police Officer. Some of the offences mentioned in Section 39, which are relevant as far as OAIS-OAFS business is concerned, are as under: a) Offence of robbery punishable under Section 392 and 399 Indian Penal Code. b) Offences relating to illegal gratification (Section 161 to 165 A). c) Offences relating to currency notes and bank notes (Sections 489 A to 489 E IPC). 13

14 iv. In view of the above provisions, all cases of robbery involving company's cash or other property should be immediately reported to the Police Authorities. Similarly, if any offence of theft or extortion of cash or other property is committed, Police Authorities should be informed immediately. v. Similarly, if any person presents counterfeit currency notes or Bank Notes, to any of the offices of company, in view of the provisions contained in Section 39, it would be necessary to report the matter to the Police. vi. Frauds in which our staff members are involved : Instances need to be taken up with BH, HR/ IR, Legal and COO/MD instantly for further action vii. When an incident is reported as an alleged case of fraud and when the company is not in a position to determine immediately as to whether the reported incident is actually a case of fraud or not, the company may decide not to file an F.I.R. till a view is taken about the presence or otherwise of the element of fraud in the reported incident, since lodgment of F.I.R. is, evidently, an acceptance by the company to the effect that a fraud has been perpetrated on it. Such cases would be decided based on investigation report conducted avoiding conflict of interest. c. Restoration: i. In customer accounts where a fraud is established it is advisable to effect restoration of the amount involved in fraud as early as possible to protect company s image. ii. Request should be put up to MD through Business Head, HR/IR, Legal, Accounts and COO after satisfying that due actions are taken in the case in regard to lodging of FIR/Insurance claim, initiating staff actions etc. d. Write off of the amount of loss: i. Whenever a case is cleared from all angles such as Police Action / Staff Action etc. and loss arising out of fraud case has been crystallized and there are absolutely no chances of recovery, then the proposal to write-off the loss arising out of fraud is required to be submitted in similar manner to MD and approval obtained for write off. 14

15 e. Closure of a fraud case: i. A fraud case would mature for closure, if it is concluded from following angles: a) When FIR is lodged and the case is closed by Police treating the same as true but undetected and certificate received from Police authorities as such. b) Where culprit is traced, police has registered a case with the competent court and that case is decided. c) Wherever staff actions were warranted, due actions are initiated and cases are completed. d) Where all avenues for recovery are exhausted and amount irrecoverable is identified after eligible amount of Insurance claim is obtained. e) Amount of loss arising out of fraud is crystallized and the same is duly written-off. 7. Fraud Review Process a. Frauds identified and reported are required to be reviewed regularly at prescribed intervals till the cases are closed on satisfactory examination, action and reporting after obtaining due approval. For this purpose, Abnormal Case Reports (ACR) and also Fraud Reports are required to be regularly reviewed and reported to MD through Chief Compliance Officer. b. Police complaints lodged should separately be tracked and reported by HR/IR as such cases are normally expected to remain open for a relatively longer period of time c. Similarly, quarterly progress reports on frauds involving Rs. hundred thousand and above reported to RBI should be individually reviewed till closure. 8. Reporting of Frauds : a. Consolidated statement of all attempted and reported frauds up to Rs. hundred thousand is to be submitted to MD by BH every month. b. All frauds above Rs. hundred thousand are required to be reported to Audit Committee of Board promptly on their detection. Such reports inter alia should, touch upon failure of systems and processes and also on the 15

16 part of the concerned officials, and consider initiation of appropriate action against the officials responsible for the fraud. c. Besides, information relating to frauds for the quarters ending March, June and September may be placed before the Audit Committee of Board during the month following the quarter to which it pertains. These should be accompanied by supplementary material analyzing statistical information and details of each fraud so that the Audit Committee would have adequate material to contribute effectively in regard to the punitive or preventive aspects of frauds. d. Annual Review of Frauds: Annual review of frauds should be undertaken and suitable note placed before the Board of Directors for information. The reviews for the year-ended December may be put up to the Board before the end of March the following year. Such reviews need to be preserved for verification by the Reserve Bank s inspecting officers. e. While preparing the note, guidelines of RBI as to extant coverage as provided in annexed notification may be kept in view. 16

17 ANNEXURE- I Illustrative List of actions / events that could be interpreted as fraud Function Front Office in Finance Business and Operating Business Instance The associated staff having some confidential and unique information about a product of the company passes on the information to competitor to create his employable position in the market causing a decline in the business of the company. The associated staff having some unique information about the financial strength or intent of the client company withholds the information to support functions and superiors leading to exposure of company to risk of financial loss at the expense of meeting business target The associated staff enters in to understanding with client that is inconsistent with the sanction terms and are prejudicial to interest of company The associated staff neglects to organize recovery of RV and or asset at the end of lease period and / or premature termination of contract Acquisition The associated staff fails or neglects to procure assets as per mandate of marketing and in compliance with the request of client The associated staff fails or neglects to convert the procurement to advantage of the company at best possible terms The associated staff fails or neglects to cause delivery of the asset as per agreed schedule Resources Having taken credit from a bank on the security interest of charge being created on lease rentals / loan installments, inventories etc with due margin contribution from company fails to relate borrowing to available drawing power. Insurance Having knowingly taken insurance in respect of a non insurable risk Credit Violating the guideline of the company and / or of the Reserve Bank without acting prudently and sanctioning the loan/lease negligently causing a wrongful loss to the company 17

18 Function Invoicing & Collection Legal and Compliance Finance & Accounts Instance Failing to provide System generated data on delays and defaults to operations and marketing persons in a time bound and transparent manner and after due reconciliation with clients records Failing to raise invoices on clients in time Failing to obtain acknowledgement from clients for collection of dues on due dates with details of asset wise collections made and TDS deducted. Failing to collect TDS certificates periodically and hand over to Accounts. Failing to draw up legally enforceable agreement Failing to enforce security in time after requests are formally put up for legal action by Business Heads Failing to report progress of litigation with costs to management in time Failing to provide timely and accurate Accounts and MIS to Management duly reconciled with clients Failing to comply with the prudence and principles of accounting Failing to point out inconsistencies / unusual transactions in accounts to Management in time Taxes Failing to advise Management about applicable tax laws, about requirement of documentation from tax compliance point of view and about tax efficient ways of doing deals [The above are some of the representative instances / processes and are by no means exhaustive. Detailed list of items/ processes / heads of accounts requiring scrutiny from susceptibility to fraud angle are to be drawn up by Business and Support Functions for commensurate protection measures] 18

19 ANNEXURE- II SWORN STATEMENT to be signed by each member of staff of OAIS OAFS as part of Fair Practice Code I hereby acknowledge that I have received a copy of the OAIS / OAFS s ( the Company ) Code of Ethics and that I understand that all OAIS /OAFS employees, managers and directors are required to comply with every requirement in the Code of Ethics, especially the ones pertaining to safeguarding information crucial to maintaining public trust. I agree to the following two clauses and promise to adhere to the regulations as follows: 1. Compliance Requirements: i. I am responsible for maintaining the confidentiality of personnel and confidential internal information pertaining to the OAIS / OAFS operations. I will not disclose any confidential information to third parties by any means at any time, other than where permission has been granted by the Company. ii. iii. iv. I will not copy or otherwise duplicate any confidential information for purposes other than those required by my employment responsibilities. I will not take any confidential information from the workplace for purposes other than that required to fulfill the duties of my employment. I understand that personal use of computers, the internet, or electronic media, can only be made to the extent permitted by the Company s System Security Policy. I will comply with this Policy. v. I will not use my own electronic media (floppy disks, CDs, DVDs, USBs and other external devices) in the workplace, except where this is permitted by Company policy, or has been specifically authorized vi. vii. Should I resign from the company, I will return all confidential information that I administer or hold before leaving the workplace, including electronic recordings, copies and originals. After my resignation, I will remain subject to the compliance requirements stipulated here. I will comply with the company s policies and regulations on information management. 19

20 2. Consent Requirement i. To prevent any leak of confidential information or misconduct, the company may check computers, , and Internet use without my permission if the officer responsible for information security deems it necessary. ii. iii. If I have problems, questions or concerns about the compliance with the Code of Ethics, I will direct them promptly to my supervisor, manager or the Group Audit Manager, as appropriate. I understand my responsibility to report promptly to the Company if I suspect or witness any violations, either current or future, of the OAIS / OAFS Code of Ethics, including any violations of law. AFFIRMATION I CONFIRM THAT I AM IN COMPLIANCE WITH THE TWO CLAUSES IN THE SWORN STATEMENT ABOVE AND PROMISE TO COMPLY WITH THESE CLAUSES AT ALL TIMES 20

21 ANNEXURE- III Fair Practice Code: Collection and Repossession of Assets: Code for Collection of Dues and Repossession of Security: 1. The code would apply to the company and its Contractors for the purpose of collection, recovery and repossession of security/ies. The dignity of and respect for the Customer would be central to company s debt collection policy. Company s debt collection policy would be premised on courtesy, fair treatment and persuasion. The company would not normally follow policies, which are unduly coercive in collection of dues. 2. The Company would normally resort to repossession of the security/ies only when the collection/ recovery of dues are not forthcoming in spite of request made. 3. The applicant / Customer / obligor would be contacted ordinarily at the address provided to the company as business address, residence address or other point of contact. However, he may be contacted at such other place, the company feels he has moved to /or would be available. Their privacy would be respected as far as practicable. 4. Identity and authority of the person to represent the company would be made known to the applicant / Customer / obligor when he /she are contacted. 5. Applicant / Customer / obligor would be provided with the information regarding the dues and necessary notice would be given for enabling discharge of dues. 6. Reasonable notice would be given before repossession of security and its realization, unless the Company has reasons to believe that the applicant / Customer / obligor is about to dispose of/remove the whole or any part of the security/ies, from the locality where it ordinarily remained or by whom it is used or caused to be remained or used, as the case may be, at the time of creation of security. 7. Repossession will be pursued in cases where there is built in re-possession clause in the contract / loan agreement with the borrower / lessee and the clause is legally enforceable. 8. During visit to applicant / Customer / obligor place for collection of dues, decency and decorum would be maintained. 9. Inappropriate occasions such as bereavement in the family or such other calamities would be avoided for making calls/visits to collect dues. 21

22 10. Demeanor that would suggest criminal intimidation or threat of violence would be avoided unless instances of provocation exist. Grievance Redressal: 1. The Company would have a Grievance Redressal Mechanism across the organization, working under an apex level at the Corporate Office to resolve disputes arising out of violation of this code. 2. The Grievance Redressal Team would consist of the following officials:- a. Any one of the Director of the Company b. Business Finance Controller of OAIS c. Senior Vice President (Resources) of OAIS d. Company Secretary & Chief Compliance Officer The quorum of the Team shall be three (3). 3. The complaints may be made at the Branches / Regional Offices / Corporate Office shall be addressed to the Grievance Redressal Team (Recovery and Repossession), Corporate Office of the company. 4. The complaint should contain name and address of the Customer making the complaint, contact number, name of the Branch and the deal number; date of occurrence of the incidence, brief narration of the complaint, with sequence of events and relief s sought, if any. 5. Responses to complaint whether positive or negative requiring more time for redressal would be given within 7 days from the date of complaint unless the nature of complaint is such that it requires verification of voluminous facts and figures or it requires further clarification from regulators / concerned administrative authorities (e.g. VAT, Service Tax etc). 6. The Team shall regularly report to the Board of Directors on the status of outstanding grievances. Communication of the terms and conditions: 1. Terms and conditions of the contract/loan agreement would o contain provisions regarding: a. notice period before taking possession; b. circumstances under which the notice period can be waived; 22

23 c. the procedure for taking possession of the security; d. provision regarding final chance to be given to the borrower for repayment of loan before the sale / auction of the property; e. procedure for giving repossession to the borrower and f. Procedure for sale / auction of the property. 2. A copy of such terms and conditions shall be made available to the borrowers / lessees. RBI Guidelines on Repossession of Assets: On 24th April 2009, RBI has come out with clarification as regards repossession of vehicles financed by NBFCs. It has been clarified that NBFCs might have repossession agents to repossess assets provided: o They have a built in re-possession clause in the contract/loan agreement with the client which must be legally enforceable. o The terms and conditions of the contract/loan agreement contains provisions regarding: notice period before taking possession; circumstances under which the notice period can be waived; the procedure for taking possession of the security; a provision regarding final chance to be given to the borrower for repayment of loan before the sale / auction of the property; The procedure for giving repossession to the borrower and the procedure for sale / auction of the property. o A copy of such terms and conditions is made available to the client 23

24 ANNEXURE- IV Internal Reporting on Ascertained / Suspected Frauds: (Event based) Particulars Details Company Date of Report Date of Incidence Date of Detection Amount Involved Nature of Fraud i. Misappropriation and criminal breach of trust ii. Fraudulent encashment through forged instrument / manipulation of books of accounts iii. Unauthorized credit facilities extended for reward or for illegal gratification through usage of forged documents and / or by withholding material information iv. Negligence & cash shortage v. Cheating & forgery vi. Other (to be mentioned) Modus Operandi Deviations from usual procedure How escaped attention Fraud committed by i. Internal force ii. External force [Tick Appropriate] iii. Internal & external forces Action taken/proposed to be taken Whether any complaint with the Police has been lodged. If so, the number & date. If not, the reasons therefore. Steps taken/proposed to be taken to avoid recurrence of such incidents iv. (staff and outsiders) 24

25 ANNEXURE- V Reporting Format prescribed by RBI

26 26

27 27

28 28

29 29

30 30

31 ANNEXURE- V Quarterly Reporting Format prescribed by RBI

32 32

33 This must be calendar year. 33

34 34

35 Annexure VI RBI Guidelines on Monitoring of Fraud INTRODUCTION 1.1 Incidence of frauds in NBFCs is a matter of concern. While the primary responsibility for preventing frauds lies with NBFCs themselves, a reporting system for frauds is prescribed in the following paragraphs, which may be adopted by NBFCs. 1.2 It is possible that frauds are, at times, detected in NBFCs long after their perpetration. NBFCs should, therefore, ensure that a reporting system is in place so that frauds are reported without any delay. NBFCs should fix staff accountability in respect of delays in reporting of fraud cases to the Reserve Bank. 1.3 Delay in reporting of frauds and the consequent delay in alerting other NBFCs about the modus operandi and issue of caution advices against unscrupulous borrowers could result in similar frauds being perpetrated elsewhere. NBFCs may, therefore, strictly adhere to the timeframe fixed in this circular for reporting fraud cases to the Reserve Bank failing which NBFCs would be liable for penal action as prescribed under the provisions of Chapter V of the RBI Act, NBFCs should specifically nominate an official of the rank of General Manager or equivalent who will be responsible for submitting all the returns referred to in this circular. 1.5 It may be noted that NBFCs are not required to submit Nil reports to Frauds Monitoring Cell/Regional Offices of Department of Non-Banking Supervision. At the same time enough precautions may be taken by deposit-taking NBFCs to ensure that the cases reported by them are duly received by Frauds Monitoring Cell/Regional Offices of Department of Non-Banking Supervision as the case may be. 2. CLASSIFICATION OF FRAUDS 2.1 In order to have uniformity in reporting, frauds have been classified as under based mainly on the provisions of the Indian Penal Code: (a) Misappropriation and criminal breach of trust. (b) Fraudulent encashment through forged instruments, manipulation of books of account or through fictitious accounts and conversion of property. (c) Unauthorized credit facilities extended for reward or for illegal gratification. (d) Negligence and cash shortages. (e) Cheating and forgery. (f) Irregularities in foreign exchange transactions. (g) Any other type of fraud not coming under the specific heads as above.

36 2.2 Cases of 'negligence and cash shortages' and irregularities in foreign exchange transactions referred to in item (d) and (f) above are to be reported as fraud if the intention to cheat/defraud is suspected/ proved. Cases of cash shortage up to Rs. 1,000/- reported on the same day by persons handling the cash and where there is no suspicion of fraud need not be reported as fraud. However, cases of cash shortage involving more than Rs. 1,000/- and those detected by the management/ inspecting officer, irrespective of the amount, may be reported as fraud. 2.3 NBFCs having overseas branches/offices should report all frauds perpetrated at such branches/offices also to the Reserve Bank as per the format and procedure detailed under Paragraph 3 below. 3. REPORTING OF FRAUDS TO RESERVE BANK OF INDIA 3.1 Frauds involving Rs. 1 lakh and above Fraud reports should be submitted in all cases of fraud of Rs. 1 lakh and above perpetrated through misrepresentation, breach of trust, manipulation of books of account, fraudulent encashment of FDRs unauthorized handling of securities charged to the NBFC, misfeasance, embezzlement, misappropriation of funds, conversion of property, cheating, shortages, irregularities, etc Fraud reports should also be submitted in cases where central investigating agencies have initiated criminal proceedings suo moto and/or where the Reserve Bank has directed that they be reported as frauds Wherever information is available, NBFCs may also report frauds perpetrated in their subsidiaries and affiliates/joint ventures. Such frauds should, however, not be included in the report on outstanding frauds and the quarterly progress reports referred to in paragraph 4 below The fraud reports in the prescribed format should be sent to the Central Office (CO) of the Reserve Bank of India, Department of Banking Supervision, Frauds Monitoring Cell where the amount involved in fraud is Rs 25 lakhs and above and to Regional Office of the Reserve Bank of India, Department of Non-Banking Supervision under whose jurisdiction the Registered Office of the NBFC falls where the fraud amount involved in fraud is less than Rs 25 lakh, in the format given in FMR 1, within three weeks from the date of detection. 3.2 Frauds committed by unscrupulous borrowers It is observed that a large number of frauds are committed by unscrupulous borrowers including companies, partnership firms/proprietary concerns and/or their directors/partners by various methods including the following: (i) Fraudulent discount of instruments. 36

37 (ii) Fraudulent removal of pledged stocks/disposing of hypothecated stocks without the NBFC s knowledge/inflating the value of stocks in the stock statement and drawing excess finance. (iii) Diversion of funds outside the borrowing units, lack of interest or criminal neglect on the part of borrowers, their partners, etc. and also due to managerial failure leading to the unit becoming sick and due to laxity in effective supervision over the operations in borrowal accounts on the part of the NBFC functionaries rendering the advance difficult of recovery In respect of frauds in borrowal accounts involving an amount of Rs. 5 lakh and above, additional information as prescribed under Part B of FMR 1 may also be furnished. 3.3 Frauds involving Rs. 25 lakh and above In respect of frauds involving Rs. 25 lakh and above, in addition to the requirements given at paragraphs 3.1 and 3.2 and above, NBFCs may report the fraud by means of a D.O. letter addressed to the Chief General Manager-in charge of the Department of Banking Supervision, Reserve Bank of India, Frauds Monitoring Cell, Central Office and a copy endorsed to the Chief General Manager-in-charge of the Department of Non- Banking Supervision, Reserve Bank of India, Central Office within a week of such frauds coming to the notice of the NBFC. The letter may contain brief particulars of the fraud such as amount involved, nature of fraud, modus operandi in brief, name of the branch/office, names of parties involved (if they are proprietorship/ partnership concerns or private limited companies, the names of proprietors, partners and directors), names of officials involved, and whether the complaint has been lodged with the Police. A copy of the D.O. letter should also be endorsed to the Regional Office of Reserve Bank, Department of Non-Banking Supervision under whose jurisdiction the Registered Office of the NBFC is functioning. 3.4 Cases of attempted fraud Cases of attempted fraud, where the likely loss would have been Rs. 25 lakh or more, had the fraud taken place, should be reported to the Central Office of the Reserve Bank, Department of Banking Supervision, Frauds Monitoring Cell and a copy endorsed to Central Office of the Reserve Bank, Department of Non-Banking Supervision indicating the modus operandi and how the fraud was detected. Such cases should not be included in the other returns to be submitted to the Reserve Bank. 4. QUARTERLY RETURNS 4.1 Report on Frauds Outstanding NBFCs should submit a copy of the Quarterly Report on Frauds Outstanding in the format given in FMR 2 to the Regional Office of the Reserve Bank of India, 37

38 Department of Non-Banking Supervision under whose jurisdiction the Registered Office of the NBFC falls irrespective of amount within 15 days of the end of the quarter to which it relates Part A of the report covers details of frauds outstanding as at the end of the quarter. Parts B and C of the report give category-wise and perpetrator-wise details of frauds reported during the quarter respectively. The total number and amount of fraud cases reported during the quarter as shown in Parts B and C should tally with the totals of columns 4 and 5 in Part A of the report NBFCs should furnish a certificate, as part of the above report, to the effect that all individual fraud cases of Rs. 1 lakh and above reported to the Reserve Bank in FMR 1 during the quarter have also been put up to the NBFC s Board and have been incorporated in Part A (columns 4 and 5) and Parts B and C of FMR Progress Report on Frauds NBFCs should furnish case-wise quarterly progress reports on frauds involving Rs. 1 lakh and above in the format given in FMR 3 to the Central Office (CO) of the Reserve Bank of India, Department of Banking Supervision, Frauds Monitoring Cell where the amount involved in fraud is Rs 25 lakhs and above and to Regional Office of the Reserve Bank of India, Department of Non-Banking Supervision under whose jurisdiction the Registered Office of the NBFC falls where the fraud amount involved in fraud is less than Rs 25 lakh within 15 days of the end of the quarter to which it relates In the case of frauds where there are no developments during a quarter, a list of such cases with a brief description including name of branch and date of reporting may be furnished as per FMR REPORTS TO THE BOARD 5.1 Reporting of Frauds NBFCs should ensure that all frauds of Rs. 1 lakh and above are reported to their Boards promptly on their detection Such reports should, among other things, take note of the failure on the part of the concerned officials, and consider initiation of appropriate action against the officials responsible for the fraud. 5.2 Quarterly Review of Frauds Information relating to frauds for the quarters ending March, June and September may be placed before the Board of Directors during the month following the quarter to which it pertains. 38

39 5.2.2 These should be accompanied by supplementary material analyzing statistical information and details of each fraud so that the Board would have adequate material to contribute effectively in regard to the punitive or preventive aspects of frauds All the frauds involving an amount of Rs 25 lakh and above should be monitored and reviewed by the Audit Committee of the Board (ACB) or if ACB is not there, other Committee of the Board of NBFCs. The periodicity of the meetings of the Team may be decided according to the number of cases involved. However, the Team should meet and review as and when a fraud involving an amount of Rs 25 lakh and above comes to light. 5.3 Annual Review of Frauds NBFCs should conduct an annual review of the frauds and place a note before the Board of Directors for information. The reviews for the year-ended December may be put up to the Board before the end of March the following year. Such reviews need not be sent to RBI. These may be preserved for verification by the Reserve Bank s inspecting officers The main aspects which may be taken into account while making such a review may include the following: (a) Whether the systems in the NBFC are adequate to detect frauds, once they have taken place, within the shortest possible time. (b) Whether frauds are examined from staff angle. (c) Whether deterrent punishment is meted out, wherever warranted, to the persons found responsible. (d) Whether frauds have taken place because of laxity in following the systems and procedures and, if so, whether effective action has been taken to ensure that the systems and procedures are scrupulously followed by the staff concerned. (e) Whether frauds are reported to local Police, as the case may be, for investigation The annual reviews should also, among other things, include the following details: (a) Total number of frauds detected during the year and the amount involved as compared to the previous two years. (b) Analysis of frauds according to different categories detailed in Paragraph 2.1 and also the different business areas indicated in the Quarterly Report on Frauds Outstanding (vide FMR 2). (c) Modus operandi of major frauds reported during the year along with their present position. (d) Detailed analyses of frauds of Rs. 1 lakh and above. (e) Estimated loss to the NBFC during the year on account of frauds, amount recovered and provisions made. (f) Number of cases (with amounts) where staff are involved and the action taken against staff. (g) Time taken to detect frauds (number of cases detected within three months, six months and one year of their taking place). 39