Search This Blog

Thursday, July 27, 2017

Another year, Another month, Another Philippine Bank's Reputation Lies in Tatters

Another year, another month, another bank's reputation lies in tatters. And the pace is accelerating.

First there was the Great Bangladesh Central Bank Heist of 2016 in which RCBC had a starring role. The case raised the country's international profile immensely - but not in a good way. It revealed what many cross-border criminals already knew: that the Philippines was one of the top money-laundering capitals of the world.

But what seemed very appalling was not just the source of the stolen money (the Bangladesh Central Bank) nor the amount stolen (USD $81 million) but also the fact that a mere RCBC branch manager can create fictitious bank accounts in the name of an existing bank client without him knowing about it and then using those very bank accounts to funnel illegally obtained funds.

Lost Culture of Compliance

There is also something that former RCBC President Lorenzo Tan said that foreshadowed subsequent "incidents" in the Philippine Banking industry. He said that the US$ 81 million transaction did not need his approval because the money can enter the system without the need for their intervention.

"Because to impose such a requirement would slow down the process that needs to be expeditious and efficient...International remittances under accurate SWIFT instructions are credited to the beneficiaries accounts without the need of any manual intervention."

In other words, expeditiousness and efficiency triumphed over compliance and internal controls. When growth and profit are paramount, compliance and internal controls get run over. Every. Single. Time.

Banks are normally very staid, very conservative, very boring institutions that are known to dot every "i" and cross every "t". They have to be because they safeguard the public's money and are highly regulated institutions.  But that "culture of compliance" seems to have been lost not just in RCBC in 2016 but in the rest of the Philippine banking system.

And the chickens are now coming home to roost.

In the first week of June 2017, a programmer in BPI bypassed procedures made changes to a "live" computer banking system which resulted in a system wide shutdown for almost two days. This incident was closely followed by a similar incident two weeks later at Security Bank as well as a series of ATM skimming incidents at BDO Unibank.

Then reports of outright thefts started coming in. On the last day of June 2017, a mere cash unit head at the Ortigas branch of Union Bank of the Philippines did an unauthorized transfer of Php 17 million (US$ 340 K) to another branch and was promptly arrested for theft.

Maria Victoria Lopez of Metrobank

Metrobank Fraud

A little more than two weeks later, Ma. Victoria Lopez, a Vice President for Corporate Services at Metrobank was arrested for internal fraud that involved at least Php 900 million (US$ 18 million) to up Php 2.5 billion (US$ 50 million). Unlike RCBC's Maia Santos-Deguito, not only did she created fake bank accounts in the name of a legitimate client, Universal Robina Corporation (URC), she also created fake loans from Metrobank to URC that URC absolutely had no knowledge of.

The scale and sophistication of the fraud is mind-blowing, to say the least. Not only does Metrobank not know how much was lost, they also do not know how long it has been going on, or who else was in on the fraud. The fraud should have triggered red flags on so many levels. Here are some, to name a few:

  1. The client, URC, should have been receiving reports on its loan balances every month and those balances should have reflected the fake loans.
  2. Metrobank's Management Information System should have been generating reports that included the fake loans.
  3. Metrobank's Treasury Department, which disburses the loans in tranches, would have been generating reports that URC was receiving the said loans.
  4. Metrobank's Legal Department would have had a copy of the fraudulent Promissory Notes (P/Ns) and Loan Documents. Moreover, the said documents would have been signed by both the client and bank officers and witnessed by bank officers/legal staff as well as by client finance/legal personnel.
  5. Metrobank's Relationship Manager should have noticed that the client was availing of an extra Php 900 million to Php 2.5 billion in loans.

It is hard to believe that a single Vice President could bypass so many internal processes in the bank without the connivance of others, namely: 1) her boss; 2) her subordinates; etc. It's like a "Murder in the Orient Express" plot - either no one else did it or everyone else did it. Either way, Metrobank seems to be playing fast and loose with its assets and ditto for the other banks.

What's truly confounding is than Metrobank is a well-established bank, having been around for almost 55 years and it is the second largest bank in the country. It survived numerous booms and busts including a severe economic recession in the waning years of the Marcos regime as well as the contagion of the Asian Financial Crises. Given that, it's internal controls and operating procedures must be very well-established, if not set in stone.

Possible Culprit? Rapid Industry Growth

What has been left unsaid is the possible role that rapid credit growth has played in the loss of this "culture of compliance" throughout the banking system. The Philippine economy has been on a tear for almost ten years now and domestic credit has grown even faster than the economy.  According to the World Bank, Philippine domestic credit as a percentage of GDP has grown from 47.44% of GDP in 2007 to around 63.49% of GDP as of 2016, eclipsing the 53.87% posted in 1983 (peak of the Marcos years). However, this ratio is still significantly below the 1997 peak of 78.54% during the Asian Financial Crisis, so it still has room to run.


On an absolute basis, the Total Loan Portfolio of Philippine Universal and Commercial Banks (UKBs) - the space that Metrobank competes in- has been growing very rapidly. As of the first quarter of 2017, the TLP of UKBs stood at Php 6.75 trillion or a little less than 2 1/2 times what it was in 2010 (Php 2.80 trillion).  Growth in TLP has been compounding at 15.11% a year since 2010 or almost 40% faster than its historical CAGR of 11.08% from 1983 to 2017 Q1.


Metrobank was privy to that boom and grew even faster than the industry. Metrobank's TLP grew from Php 299.34 billion as of December 2010 to Php 929.39 billion as of 2017 Q1, for a CAGR of 19.87% versus an industry CAGR of 15.11% for the same period. In other words, Metrobank's TLP grew over 30% faster than the banking industry during the same period (2010 to 2017 Q1) and almost 80% than the banking industry's historical CAGR from 1983 to 2017 Q1.

Source: Metrobank's Statements of Condition 2010 to 2017 Q1

So when the industry itself is growing very fast and your firm is growing even faster than the industry, things are bound to break. At that point, these staid banks act more like fast-growing startups and less like the conservative and sometimes hidebound financial institutions they once were. Compliance, internal controls tend to get cast aside in the name of expediency, profit, and market share even though bank checks and balances are well established within the industry and in your own firm. This leaves openings for bank officers and staff with criminal intent to perpetuate fraud. Hence, the blow-ups in RCBC, Union Bank, and Metrobank.

Reminiscent of US Chain of Title Mess and Subsequent Robo-signing Scandal

A similar breakdown of well established procedures took place during the US Real Estate Boom that took place in the early 2000's. Mortgage origination and securitization grew so fast that corners were cut in the Chain of Title process even though such processes date back to as early as 1677. As a result, there was a widespread failure to convey the mortgage documents, notes, and borrower IOUs to the securitization trusts, leaving the securitization trusts essentially unsecured and leaving them with no ability to foreclose on defaulted borrowers.  To remedy this deficiency, many mortgage servicers resorted to the act of robo-signing and inserting fake and ante-dated documentation into the trusts well after the trusts were formed.

Everyone, from the bank originators to the investment bank packagers, got hooked on the easy profits, and kept pushing for ways to streamline the process, to both increase their profits and increase the size of the potential market. The biggest problems result from cutting corners, including the failure of the deal sponsors to adhere to their own agreements with investors, that led to this mess. Securitization had existed since the 1970s; MERS, one of the biggest culprits in the uncertainties over title, did not become a serious player until 1999. The widespread failure to convey notes (the borrower IOU) to securitization trusts appears not to have started until sometime between 2002 and 2004.

Perhaps a similar, but not as extreme, dynamic played out in Philippine banking where bank officers bypassed traditional internal controls all in the name of expediency and market share, enabling criminals to take full advantage of the system.

Another Possible Casualty of Rapid Growth: Poor Due Diligence and Loose Credit Standards

Another casualty of rapid growth could be an increasing lack of due diligence as well as a severe loosening of credit standards, leading to major losses sometime in the future. So far, that does not seem to have happened - yet. NPLs are at historical lows and credit standards, based on senior loan officer surveys, have not changed much.



The legendary investor Warren Buffet likes to say "Only when the tide goes out do you discover who's been swimming naked." The tide hasn't gone out yet for the Philippine banking industry but the likes of RCBC, Union Bank, and Metrobank have already been caught swimming naked.

Related Posts:

The Great Bangladesh Central Bank Heist of 2016: Whose Heads Should Roll in RCBC?

The Great Bangladesh Central Bank Heist of 2016: So Whose Heads Have Rolled in RCBC?

After the BPI Computer Glitch, the New BSP Cyber-Security Guidelines May Be Ignoring the Ticking Time Bomb in the Heart of Philippine Banks

No comments:

Post a Comment