THIRUVANANTHAPURAM: Major loopholes in the banking software used by Karuvannur service cooperative bank came to the aid of the cartel of employees who had committed a loan fraud worth Rs 300 crore over the years. Investigators suspect that the loopholes in the software and negligence in software security were purposeful acts on part of the senior employees for facilitating illegal deals.
The state crime branch is probing the loan fraud case and six employees of the bank have been placed under suspension following the registration of FIR. Out of the 27 employees of the bank, 18 had been assigned as administrators of the software. The admins of the high-security software included attender Suma, peon Sujamol and Rubco commission agent Bijoy. Those with admin powers can amend personal ledgers without the knowledge and help of the persons concerned.
“If one with admin access manipulates personal registers, the software can’t trace who has done that. Several of the records, including Gahaan documents, loan narration details, surety details and details of pledged land were missing with regard to suspicious loans. This has even led to a situation wherein real beneficiaries of the suspected loans couldn’t be identified,” found the investigation conducted by a team led by Cooperation assistant registrar Omana K L last year.
Another major discrepancy detected in the probe is that the software doesn’t mandate details such as Gahaan number and document number of the title deed while adding the document of the land pledged as collateral. “This discrepancy was widely seen misused in the bank,” the report noted.
‘Day open, Day end’ facility for ensuring that all transactions done on a particular day are recorded on the same day in the bank software was incorporated in the banking software only on June 6, 2017, found the report. “Till the introduction of the facility, any employee can execute transactions at his will and even delete transaction records without leaving traces of evidence. After the introduction of ‘day open day end’ facility, deletion can be done only on request. There is no record of previous deletion requests in the file and that shows there was no mandatory security system in place earlier,” the probe panel observed.
Suspended manager M K Biju and bank secretary T R Sunilkumar had misused this facility for correcting records related to benami loans issued to the cartel of employees. A woman employee had testified before the inquiry panel that her code and password were used by M K Biju for manipulating the records related to a sanctioned loan.
During the inspection, it was also found that several of the login details used by retired employees and those who are on long leave were active. “Multiple users can login from a single terminal, automatic password reset system is defunct, no record in software about changes in login ID and password and there is no system to register access log and remote log,” the probe panel noted about other discrepancies.