Banks can extend unsecured loans to customers without getting noticed by their board of directors or supervisory authorities, and the ability depends on the level of corporate governance, former banker and chairman of the Cyprus Securities and Exchange Commission Marios Clerides said.
Extending an unsecured loan “is relatively easy without the board of directors or the supervisory authority noticing it,” Clerides who served as general manager at Hellenic Bank until December 2013 and the Cooperative Central Bank until June 2015, said in an interview. “Some on-the-spot audits are carried out at banks but this doesn’t mean that they can check every single loan and the board, if the internal review makes no reference to it, may not notice it. It’s like in cases of airliner crashes where there is a multi-factor failure”.
“If the system works as it was designed to, it is more difficult,” Clerides added. “It can be done if we take the human factor into account, which allows unintentional or intentional mistakes,” further enabled by concerns of bank employees aware of wrongdoing, that reporting it may get them into trouble with their superiors.
Clerides’ comments came after reports in the international press that the Panamanian law firm Mossack Fonseca helped companies, politicians, criminals and celebrities set up offshore companies abroad in order to dodge taxes and launder money in various countries, including Cyprus, prompting the Central Bank of Cyprus to announce investigations into possible wrongdoing.
In 2013, when Cyprus Popular Bank, also known as Laiki, then Cyprus’s second largest lender, was wound down after it became insolvent and customers lost all their deposits in excess of €100,000, unsecured loans also played a role. Laiki, under former strongman Andreas Vgenopoulos, reportedly granted unsecured loans to individual and corporate customers in Greece worth tens – or, in some cases, hundreds – of millions euros, which were insufficiently collateralised. These loans have caused a loss of at least €2.5bn. Similar practices forced Bank of Cyprus in 2013 to convert almost half of its customers’ uninsured deposits into equity.
The two banks also suffered a combined €4.5bn loss in Greece’s 2011 debt restructuring.
The Guardian reported on Monday that Cyprus’s RCB Bank, owned by over 46 per cent by Russia’s state-owned VTB Bank, almost 33 per cent by Crendaro Investments Limited, and about 20 per cent by Bank Otkritie Financial Corporation (Public Joint Stock Company), granted a loan worth $650m (€486m) to Sandalwood Continental, a British Virgin Islands-based firm set up by Mosseck Fonseca and linked to friends of Russian president Vladimir Putin. The company was eventually closed and Ove Financial, another BVI company, took over Sandalwood’s operations.
In response to the Guardian report, RCB Bank, supervised by the Single Supervisory Mechanism as of 2015, denied in a statement that provides unsecured loans “as a principle” and said that it acts in a transparent manner and provides to European and Cypriot authorities all required information about its activities. The bank declined to disclose information about transactions with its clients, citing Cypriot legislation, and added that it strictly adheres to anti-money laundering rules.
According to the bank’s 2014 annual report, total unsecured loans granted to customers stood at almost $184m out of its $8.5bn overall portfolio, compared to less than $17m the year before.
Christoforos Pissarides, who shared the Nobel Prize in economic science in 2010 and is a member of the RCB board, declined to comment to a question by the Cyprus Business Mail. “My views are fully expressed by the bank’s press release and I have nothing to add,” he said.
Former banker Clerides said that in smaller amounts, unsecured loans are easier to grant and named as an example credit cards which usually have no collateral, and it often depends on the instructions given to bank employees on how far they can go in extending secured or unsecured loans.
In cases of bank employees or executives who might grant 10 loans worth €100,000 each instead of a €1m unsecured loan,in an attempt to circumvent internal regulations loans,Clerides said that “you are dealing with internal fraud”.
Such cases of internal fraud may take up to 18 months for the internal audit or the supervisor to spot, he said.
“It is not up to the supervisor to make sure whether the loan is secured,” Clerides added. “There is no guideline saying that a loan should be collateralised. It is internal regulations. For the supervisor, the loan will become problematic after an on-the-spot audit”.
Before the Single Supervision Mechanism of the European Central Bank assumed its current role, the central bank audited what internal auditors left unaudited, Clerides continued.
In January, the Central Bank of Cyprus initiated consultations with stakeholders in the Cypriot banking system aiming at simplifying bank lending procedures in an attempt to make collateral less important in loan business by giving more emphasis on a borrower’s cash flow and ability to repay a loan.
Keeping unsecured loans in check “is a matter of corporate governance and culture,” the former banker said. “Unfortunately, there is this gap in Cyprus and also abroad. It is very difficult for someone to express dissent over things happening in an organisation if the livelihood of the person in question hangs in the balance”.
Clerides added that effectively combating this phenomenon requires people in key posts, such as internal audit or regulatory compliance officers, with “courage of conviction” and institutionalised protection for whistle-blowers.
Both Clerides and former central bank board of directors’ member Stavros Zenios said that banks should not keep the same person as internal auditors for too long, since concern that the successor will spot and report previous wrongdoings may deter internal auditors from exercising their duties negligently.
Zenios, who also teaches finance and risk management at the University of Cyprus and the Norwegian School of Economics, said that it is important to make sure that “internal auditors are protected to do their job”.
In addition, regulators should also learn from their mistakes, Clerides said. At the same time, he warned that banks should not be turned “into police institutions”.
“A bank has the responsibility to control (a customer’s transactions) without turning into police because the banking system wouldn’t be able to operate in such a case,” Clerides said.
Zenios added that it will be hard, if not impossible, to make sure that banks will stop extending unsecured loans, as the need for bank confidentiality remains and “is an important element”, as “everyone wants his bank data protected”.
“On the other hand, this data protection makes concealing irregularities possible,” he said.
Therefore, there will always be a “constant race between those who want to take advantage of the system for unlawful purposes, and supervisors and those who carry out checks on the other hand,” he said.