Proper record keeping in soft form required for robust computerised banking operation
In a circular dated February 1998, the RBI had asked the banks to develop or design adequate internal control policies and procedures to mitigate risks. In the circular, the RBI had further directed that all transactions must be entered and accepted ‘once and only once, data accurately entered, standing data changes authorised and accurately entered.’ The circular talked of the need to maintain sufficient audit trails in a secure manner so that the entries cannot be altered.
In reply to an application filed under the Right to Information (RTI) Act, the RBI has informed the applicant S Dheenadhayalan, that the banks have been advised to identify key risks that threaten computerised banking operations. Earlier, in a ruling, the Apex Court ruling had held that electronic records without proper safeguards are not admissible evidence. In Civil Case No 4226 of 2012, the Supreme Court had observed that the computer outputs (paper printouts or copies which are stored / recorded in optical or magnetic media) are “secondary” which are susceptible to tampering, alteration, transposition and excision. The Court held that a whole trial based on such evidence could lead to a travesty of justice.
The CAG had examined 9,334 cases pertaining to the farm loan waiver scheme of 2008 for scrutiny and found that 2,824 records were tampered with, overwritten or altered. Instances have come to notice where the guidelines have not been followed like keeping a stand alone computer. The crashing of such appliances led to loss of all the data. Examples:-
· In March 2010, the Indian Bank told Deepak Flexo Packs of Virudunagar, Tamil Nadu, that it had revised the waiver claim on its account from ₹32.53 lakh to ₹5.84 lakh.
· In June 2010, Punjab National Bank informed Raju Industries, Bangalore that the figure of ₹33.92 lakh quoted in the possession notice invoking the Sarfaesi Act was a mistake, and it must be read as ₹12.60 lakh.
The RTI application points to the need for sensitizing all the government agencies in respect of their electronic record keeping practice.