Steven*, a working professional, approached a Registrar and Transfer Agent (RTA), Philip*, for transmission of shares bought by his father who passed away six years ago. He was alarmed when informed by Philip that the shares held by his father were dematerialised (converted from physical shares into electronic format) and had been sold through the stock exchanges. Steven found this disconcerting as he had been taking care of his father’s accounts and investments at the time of this alleged sale. And the transfer was not authorised by him!
While discussing his predicament with a friend who was a stock market enthusiast; Steven was surprised when he was told that the shares must have been fraudulently transferred to benefit key employees of the Registrar and Transfer agency. He realised that by adopting an “invest and forget” philosophy, he had presented the fraudsters with an opportunity to defraud him.
This is not a one-off case. It has been seen that a host of ‘passive’ investors such as Steven have lost money due to fraudulent practices adopted by RTAs.
Veteran investors have often lived by this “invest and forget” philosophy to earn stable yet good returns on equity. However, volatility in the global financial markets and rising incidents around fraud is leading them to rethink this conventional approach. Today, companies as well its investors are being increasingly targeted by suave fraudsters for financial gain.
Why are RTAs required?
In order to have a single agency process the registry work related to physical and dematerialized shares, many listed companies had outsourced share transfers and other allied activities to registered third-parties. However, after outsourcing and over a period of time, companies began to lose focus on supervision and governance over the activities carried out by these outsourced vendors, or RTAs. This led to RTAs gaining extensive access and control of critical activities including interaction with banks, which led to misuse of authority as well as gaps in the shareholder management processes. This lack of supervision resulted in a surge in fraudulent practices.
These frauds are not a recent occurrence – such practices have been seemingly going on since a decade now. The situation remained hidden in most cases, as there were no claimants or the amounts involved were very low. They were therefore, neglected by investors or did not come to the notice of the company or the regulator.
But as the saying goes “nothing can be hidden forever”, these frauds eventually surfaced and companies woke up to notice the vulnerabilities in their processes over a period of time.
Close analysis around the trend shows that fraud vulnerabilities were initially exploited by fraudsters using smaller values as well as volumes. However, the inability of organisations to detect this led to bigger volumes with higher values. It was also observed that the failure to detect fraudulent practices was not due to lack of capability, but more because of omission or even ignorance.
The following critical red flags would have been typically overlooked by organisations, which may have helped boost the confidence of fraudsters:
Little intervention due to unawareness by both company and investors would tend to enable fraudsters to exploit these vulnerabilities through some of the methodologies listed below:
Despite fraud risks and vulnerabilities coming to the surface, it was seen that some companies rationalized by saying that these are issues only with certain RTAs and their company could not fall prey to such risks, especially as they have a different RTA on board. But it is in the interest of companies’ to proactively check whether their existing processes and supervision takes care of the risks and weaknesses associated with the process.
As these kind of cases could damage the reputation of organizations and shake shareholder confidence, it is imperative for them to revisit the existing controls and their effectiveness to identify and address fraud risks. Outsourcing without assessing impending threats or deploying adequate monitoring mechanisms could potentially do more harm than good. Thus, outsourced governance may lead to erosion of investor confidence and impact organisational growth.
*All names and cases in the above article are fictitious
(This is the second of a two-part series on outsourced governance)