How Blockchain could have prevented the 'Great Indian 11000 Crore PNB Bank Fraud' ?

Blockchain is a distributed digital ledger that enables and records the secure transfer of data and documents through a public or private peer-to-peer network. Blockchain allows secure management of a shared ledger & transactions are verified & stored on a network without any governing authority.  Blockchain configuration can be on a public open-source network or a private Blockchain network that required explicit permissions to read/write.

The best example of how #Blockchain can prevent fraud is the 14th Feb 2018 news report about The Great Indian INR 11000 Crore PNB Bank Fraud.

1. A businessman #NiravModi allegedly bribed couple or more bank officials of PNB (Punjab National Bank) and managed to get a fake letter of Undertaking or LOU from PNB Bank, without providing any collateral to the bank (providing collateral is the standard practice).
2. Then #NiravModi allegedly used the FAKE  LOU to fool few more banks and businesses ( which basically means that PNB bank is his guarantor as per the fake LOU and if Nirav is not able to pay his creditors then PNB Bank would be responsible for paying his creditors, to an amount of INR 11000 Crore or more. Holy Flying Cow!)
3. The Fraud was not detected for years because the fraudster issued a fake LOU but did not record it in the bank account so bank was not even aware of the LOU (apart from the people who were involved in the fraud)
4. Whats also  surprising is that none of the business associates or banks cross checked with Punjab National Bank for 7 years to verify that the LOU was authentic.

Core issue of PNB Fraud is poor implementation of BPM process :

Before we discuss blockchain lets make one thing clear that the main issue in the PNB Scam is poor definition and implementation of business process regarding LOU. If the business process management software does not implement tasks of review and approval for critical process like LOU then this calls for a immediate review of the BPM system of PNB Bank (and other public sector banks) as there could be other issues in implementation of other critical processes. The other issues is banking process defined by RBI does not seem to have a task of crosschecking with issuing bank to verify the authenticity of LOU or similar  documents issued by a bank.  As a matter of fact if on bank official can forge a document and the banking does not have process to validate the authenticity of the document then tomorrow some outsider can also forge the document and bank would not be able to identify the fraud! Some serious software process audit is immediately required by PNB and would be ideal if other banks also audit the software implementation of their business process management and seek expert guidance on how to fix/improve the BPM implementation and have an audit trail which can help trace any anomaly or attempt at fraud .


So how could blockchain prevent a similar fraud? Before we begin discussing blockchain let me remind you to not confuse blockchain with Bitcoin or any other cryptocurrency Bitcoin is one implementation uses cases of blockchain technology. The following image shows typical steps in working of  #blockchain.

                                       
                                                                        
The Great Indian 11000 Crore PNB Bank Fraud is in-reality is a very basic type of fraud!  This kind of fraud is so basic that it needs brain of a 5th grade school kid who hides his mark sheet from his parents when he gets poor grades! The bank officer who gave the forged LOU to #NiravModi did not document in bank record that he had issued a LOU. As there was no record of issues LOU in the bank computers, no one in the  bank was able to detect the fraud for years. The LOU was allegedly used by  #NiravModi to commit more frauds of which details are not available in media as of today. Its a huge scam because if #NiravModi (assuming the fraud is proved) did not honor the creditors then PNB bank would end holding the sack worth INR 11000 Crore! This fraud was successful  because in the banking process there was no process to restrict a corrupt employee to issue a LOU and neither did the bank define a process for other banks to validate the authenticity of LOU issued by the bank.
                                                          At at business process level one would call this a very poor implementation of a business process. Any letter of credit issues by any bank should not be valid unless it is cross verified by the bank with PNB but here the letter was used for many years without any creditor ever bothering to check the authenticity of the LOU with the provider bank! Frankly I can't believe this fraud actually happened but I guess there are many fools in the business world who don't even bother to check a bank guarantee is authentic or not! So how could we have a software system than can prevent such fraud irrespective of how many foolish bankers are involved in the process!

How blockchain could have prevented the PNB Bank 11000Cr Fraud?

1. In a blockchain world , all the steps in the 'Letter Of Credit' process would have been recorded in a blockchain ledger database
2. Notification of each step in the process of  'Letter Of Credit' process would have gone to all approving bank officials and it would be impossible for any employee junior or senior to issue a letter of credit without knowledge of the bank officials.
3. Even after 'Letter Of Credit' is issued when the customer shares the 'Letter Of Credit' with any bank or business entity, they would be able to view the process trail of the blockchain which is fool proof because blockchain ledger database it is like a database which only allows insert and does not allow update or delete
4. Since 'Letter Of Credit' entry in database cannot be deleted from a transaction ledger in blockchain it is not possible for anyone to HIDE any information or UPDATE any information without knowledge of the approving bank authorities.This means the LOU could not have been issued at all if a system similar to blockchain was implemented.
5. When the LOU is shared with another bank or business entity the guarantor bank (PNB in this case) would get notified when the blockchain transaction gets updated. This would ensure that same LOU is not shared with multiple banks or business entities to commit fraud.
6. The following figure shows transactions in a sample business process flow

 


1. A bank officer initiated a LOU , thus creating a transaction in the blockchain
2. How approving authorities are automatically notified by the blockchain system
3. How the approval transaction is inserted in the same block and becomes an immutable entry in the database
4. How the issuing bank keeps getting informed when the LOU is submitted to another bank to get credit or to a business associate to ensure there is a immutable chain of life-cycle of the LOU that is only accessible to authorized personals
5. For the life-cycle of the LOU the entire chain of transaction are attached to the LOU and all concerned people would be able to see the history and authenticate the LOU  

• In summary, blockchain or a similar software design that creates an immutable log of a bank process flow foe ex. LOU ensures that a ''log' of all activities or transactions is maintained in a secure ledger database  and is through the life of the document and even after the document validity expires. The immutable log helps build a trust relationship between partner entities and and it also helps speed the business process as all entities get copy of entire transaction log' as updates in real time this facilitating transference. 
• For those who did not understand the above example of business process, imagine a tamper proof paper register (from which pages cannot be removed!) in which all banking transactions have to be recorded in sequential order, using a permanent marker pen (so entries cannot be erased). A copy of the paper register is sent to each supervising  bank official (sounds redundant but this is just an example) Since a copy of register goes to every official within seconds of transaction being done, there is no way a official will not know about a transaction. Now when borrower submits this LOU document to another bank, a copy of register is again sent to the issuing bank officials and also to the receiving bank officials  - so all authorities get a copy of updated register every time a new update happens ( This is only an example in reality an entry is made in a 'Write only database" for every transaction, from which data cannot be deleted nor updated) . 
• The rule of the game is to build trust of participating parties, each transaction is recorded in a 'write only immutable database' and participating parties get a copy of transaction log every time a new transaction happens. So at any point of time every participant has the latest  transaction ledger. There is some amount of redundancy in the process because the ledger gets sent to all participants every time there is a transaction but it helps to ensure absolute trust since there is no one person managing the central database and there is no change of manipulation of data without knowledge of other concerned parties and as mentioned earlier all participants have their own copy of database which is immutable and tamper proof.