Introduction

“There is no law, no system, no set of regulations which can more effectively hold governments to account than the conscience of man. Opposition parties, the public and the press rely on individuals, not systems, to tell us what those who rule over us would like us not to know. We call them “whistleblowers” because, like referees, they seek to keep the players in our political system in check.”[i]

The menace of the corruption has not only crippled our economy but also widened the gap between the various segments of the society. Anna Hazare warned that in last 62 years gigantic e corruption has become so rampant in country that it has become a bigger threat than Pakistan. The people in India live in a state of despair as they believe that no one can change the current situation. However, there are valiant few, who think that the menace of the corruption can be eradicated and blew the whistle exposing the corruption, corrupt elements and their corrupt practices but they had to pay heavy price for their bravery. The murder of Satyendra Dubey, an IIT Kanpur alumnus and, National Highways Authority of India (NHAI) engineer who exposed corruption in the national highway building program is still fresh in public memory (Indian psyche). The issue of protection of whistleblowers first caught the attention of the entire nation with the gruesome murder of Dubey after he wrote a letter to the office of then PM A B Vajpayee in November, 2002 detailing corruption in the construction of highways. In the said letter, he had also specifically requested that his identity be kept secret, but the letter was circulated to various government departments without masking Dubey’s identity. The Government apathy in shielding the identity of Dubey resulting into his murder uniquely galvanized nation-wide protest, which forced the government to take some concrete steps towards drafting a full- fledged law to protect whistleblowers.

Who is whistleblower?

Whistleblowers have been called ‘canaries in the coalmine’. They have been accused of ‘commit[ting] the truth’[ii]. A whistleblower is defined as someone who exposes wrongdoing, fraud, corruption or mismanagement. In many cases, this could be a person who works for the government who would report misconduct within the government or it could be an employee of a private company who reports corrupt practices within the company[iii].

Whistleblowers may make their allegations internally (for example, to other people within the accused organization) or externally (to regulators, law enforcement agencies, to the media or to groups concerned with the issues). There is some reason to believe that people are more likely to take action with respect to unacceptable behavior, within an organization, if there are complaint systems that offer not just options dictated by the planning and controlling organization, but a choice of options for individuals, including an option that offers near absolute confidentiality. However, external whistleblowers report misconduct on outside persons or entities. In these cases, depending on the information’s severity and nature, whistleblowers may report the misconduct to lawyers, the media, law enforcement or watchdog agencies, or other local, state, or federal agencies[iv].

Difference between Whistleblower and Informers

Often the term Whistleblower is confused with the term Informer who have generally a bad reputation, and known as “Mukhbir” popularly. The most important distinction between the two terms is the liability of the person disclosing the information. Informants are often themselves involved in some sort of unethical enterprise and are using the disclosure of information as a means to reduce their liability, either voluntarily, or due to coercion. They are in a subordinate place to the body or person they are disclosing to and must follow their orders or face sanctions. In comparison, whistleblowing laws do not affect the liability of those that are involved in criminal enterprises. Another difference is that the informants often seek favours or remuneration for their disclosures but the same is not true in case of whistleblowers. However, a few type of anti-corruption laws do allow for rewards to be given to those that disclose, typically a part of the money recovered in corruption cases.

What is whistleblowing?

There is no globally accepted definition of ‘whistleblowing’. Among other things, it can be an act of free speech, an anti-corruption tool, and an internal management dispute mechanism. One of the first modern definitions of whistleblowing was given by US consumer activist Ralph Nader in 1971 who described it as “An act of a man or woman who, believing that the public interest overrides the interest of the organization he serves, blows the whistle that the organization is involved in corrupt, illegal, fraudulent or harmful activity.

US Academics Marcia P. Miceli and Janet P. Near defined ‘whistleblowing’ as, “the disclosure of organizational member’s (former or current) disclosure of illegal, immoral or illegitimate practices under the control of their employers to persons or organizations that may be able to effect action. They describe whistleblowing as a four state process:-

1. A triggering event occurs, involving questionable, unethical, or illegal activities, and this leads to an employee to consider blowing the whistle.
2. The employee engages in decision making, assessing the activity and whether it involves wrongdoing, gathering additional information, and discussing the situation with others.
3. The employee exercises voice by blowing the whistle; alternatively, the employee could exit the organization, or remain silent out of loyalty or neglect.
4. Organization members react to, and possibly retaliate against the whistleblower.

Other academics have focused on whistleblowing as mostly an element of free speech and the right of individuals to express dissent.

An expansive view of whistleblowing can be taken which treats whistleblowing as a means to promote accountability by allowing for the disclosure by any person of information about misconduct while at the same time protecting the person against sanctions of all forms.

Major Whistleblowing Legislations around the World

Many countries have devised and adopted a variety of laws and procedures for protecting and encouraging whistleblowing as discussed below:

The United States

The US has dozens of whistleblower laws at the state and federal level, as well as separate clauses in legislation designed to achieve other health, safety or welfare objectives. The three principal acts, however, are the Whistleblower Protection Act 1989, the Corporate and Criminal Accountability Act (Sarbanes-Oxley Act), and the False Claims Act.

(A)  The Whistleblower Protection Act 1989

Initiated with the whistleblower protection provisions in the Civil Service Reform Act of 1978, this Act was revised in 1989, and again in 1994. Initially, for most forms of retaliation, federal workers were to be supported by the Office of the Special Counsel (OSC), but this agency proved to be ineffective. Until passage of the Whistleblower Protection Act in 1989, OSC conducted only one hearing to restore a whistleblower’s job. Also created was a Merit Systems Protection Board, of which the OSC was part, designed to protect against retaliatory discrimination in promotion, but it was no more effective than the OSC. They were considered, however, largely symbolic. Thomas M. Devine, legal director of the not-for-profit Government Accountability Project (GAP) asserts:

‘Whistleblower protection is a policy that all government leaders support in public but few in power will tolerate in private.’

Public sector employees are required to disclose wrongdoing to their employer first. This is a weakness if the whistleblower believes that he or she will not get a fair hearing from the employer. They cannot go around an employer that they know will not be receptive to their complaints. It also has no confidentiality clauses. Its major weakness, is that the principal initiative lies with the whistleblower. Essentially, the whistleblower must sue whoever makes the threats or carries out the intimidation.

(B)  The Sarbanes-Oxley Act

The Sarbanes-Oxley Act was passed in 2002 to combat corporate criminal fraud and to strengthen corporate accountability. It was a legislative response to the fraudulent activities exemplified by World Com and Enron Corporation. The Act provides for enhanced financial disclosures and auditor independence of publicly held corporations. Section 301 of the Act requires that audit committees of the boards of public corporations establish procedures for ‘the confidential, anonymous submission by employees’ of complaints regarding internal accounting controls or auditing matters.

The Act provides some protections and assistance for the whistleblower. Employees are not required to complain to their employers first, but may complain to a Federal regulatory or law enforcement agency; any Member of Congress or any committee of Congress; or a person with supervisory authority over the employee. It does entertain the right of the whistleblower to take legal action if they suffer retaliation. Those found guilty of retaliation are liable to up to ten years in prison. The Sarbanes-Oxley Act is new, however, and it is possibly too soon to make any judgments. Its impact, however, is primarily limited to financial matters.

(C)  The False Claims Act

Designed to stop fraud against the government, this act was passed during the US civil war under the administration of Abraham Lincoln. Regarded as the single most successful whistleblowing legislation in the country, the False Claims Act works by providing the whistleblower between 15 and 30 per cent of the government’s total recovery, the percentage depending on the extent to which the whistleblower took the action that enabled the recovery to take place. It was amended in 1986 to establish protections for whistleblowers, and to prevent harassing and retaliation against them. The Bill, which permits an anonymous disclosure, has been copied by a number of states in the US.

The United Kingdom

In UK legislation to protect whistleblowers was enacted in the wake of well-publicized scandals and disasters that occurred in 1980s and early 1990s. These included the collapse of Bank of Credit and Commerce International (BCCI), the drowning of four children at Lyme Bay, and the Clapham Rail crash.

The Public Interest Disclosure Act of 1998

The Public Interest Disclosure Act (PIDA) became effective on July 2, 1999, in England, Wales and Scotland, as an amendment to the Employment Rights Act of 1996. PIDA covers both private and public employees (except police officers), and provides that “a worker has the right not to be subjected to any detriment by any act, or any deliberate failure to act, done on the ground that the worker has made a protected disclosure.” Under the PIDA, whistleblowers must use prescribed channels for making disclosures in order to retain the Act’s protection. The disclosure can be made to the employer itself or an appropriate authority, and forbids the disclosure to media. As is clearly apparent, the UK’s scheme is materially different from that of the United States, which does not require employees to use any particular channel to raise their concerns.

Canada

Canada has very few laws which pertain directly to whistleblowing. The federal government enacted the Public Servants Disclosure Protection Act in 2007. The intent of this act is to protect most of the federal public service from reprisals for reporting wrongdoing. However, this Act has been extensively criticized as setting too many conditions on whistleblowers and for protecting wrongdoers.

Several provinces also have legislation which protects whistleblowers to an extent:

• Section 28 of the New Brunswick Employment Standards Act, Chap. E-7.2, provides specific protection for those reporting wrongdoing.
• In Ontario, the Environmental Protection Act, R.S.O. 1990, c. E.19 and the Environmental Bill of Rights, S.O. 1993, c. 28 provide protection.
• Saskatchewan’s Labour Standards Act provides protection, although the reporting must have been done to a lawful authority.

A number of other acts provide narrow protections to individuals reporting wrongdoing under those acts.

Whistleblower legislation in India

The need of Whistleblower legislation in India need not be emphasized. The need was felt in view of the glaring cases of corruption to draft a suitable legislation for encouraging and protecting honest persons to expose corrupt practices on the part of public functionaries. The Law Commission in its 179^th Report had recommended that in order to eliminate corruption, a law to protect whistleblowers was essential. The commission in its report referred to the evil of corruption among public servants and maladministration and the adverse effects thereof to the country, then to the options available for eradication of corruption, the right to freedom of expression and the right to know and the limitations of the right to privacy, then to the protection afforded to whistle blowers in various countries by the judiciary and in particular by the English Courts, the European Court and by the American Courts. The commission in the said report discussed the salient features of various laws protecting whistleblowers in UK, Australia, New Zealand and USA and finally recommended a draft bill for protection of whistleblower which was appended to the said report. In 2004, in response to a petition filed after the murder of Satyendra Dubey, the Supreme Court directed that a machinery be put in place for acting on complaints from whistleblowers till a law is enacted. The government notified a resolution in 20044 that gave the Central Vigilance Commission (CVC) the power to act on complaints from whistleblowers[v].

Based on the 179th report of the Law Commission the legislature first drafted “The Public Interest Disclosure and Protection to Persons Making the Disclosures Bill, 2010”, then the Protection of whistle blowers and the Public Interest Disclosure and Protection of Persons Making Disclosure Bill, 2010 (Whistleblower bill) and finally, the Anti Corruption, Grievance Redressal and Whistleblower Protection Bill, 2011.

Freedom of Speech, Right to Know and Right to Privacy[vi]

Before discussing the aforesaid bills for whistleblowing enabling public servants to provide information about corruption or mal-administration in their department, it is necessary to refer to the Constitutional provisions relating to Freedom of Speech, Right to Know and the Right to Privacy as the whistleblowing one way or the other touches these freedoms guaranteed by the constitution.

Freedom of speech and expression is guaranteed by sub clause (a) of Article 19(1) of the Constitution of India. This right is, however, subject to Article 19(2) which permits law to be made for the purpose of imposing reasonable restrictions in the interests of the sovereignty and integrity of India, the security of State, friendly relations with foreign States, public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence.

Our Supreme Court had occasion to deal with the exposure of the conduct of government through the media or otherwise. In one of the earliest cases in S. Rangarajan vs. P. Jagjivan Ram, 1989 (2) SCC 574, the Supreme Court held that criticism of government policies was not prohibited though there should be a proper balance between freedom of expression and social interests. But courts cannot simply balance the two interests as if they are of equal weight. The court’s commitment to freedom of expression demands that it cannot be suppressed unless the situations created by allowing the freedom are pressing and the community interest will be endangered. The anticipated damage should not be remote, or conjectural or farfetched. It should have proximate and have a direct nexus with the expression.

The legal foundation for exposure of corruption , misconduct or mal-administration by public servant was laid down by the Supreme Court in R. Rajagopal vs. State of Tamil Nadu, (1994) 6 SCC 632. The case involved the publication of serious misconduct of public servants by a convict who was serial-killer. The case squarely deals with the right to know and the limits of privacy of public servants. The Supreme Court referred to the judgments of the American Court in New York Times vs. Sullivan, already referred to and another judgment of the House of Lords in England reported in Derbyshire vs. Times Newspaper Ltd., 1993(2) WLR 449. The Supreme Court held that while decency and defamation were two of the grounds referred to in Clause (2) of Art. 19, still any publication against any person will not be objectionable if such publication was based on ‘public record’. In addition, in the case of ‘public official’, the right to privacy or for that matter, the remedy of action for damages is simply not available with respect to their acts and conduct relevant to the discharge of their official duties. This is so even where the publication is based upon facts and statements which are not true, unless the public official establishes that the publication was made with reckless disregard for truth. In such a case, it would, however, be enough for the person who published the news to prove that he reacted after a reasonable verification of the facts. It is not necessary for him to prove that what he has published is true. Of course, where the publication is proved to be false and actuated by malice or personal animosity, damages can be awarded. In a very recent case of Sri Bhardwaj Media Pvt. Ltd. V. State, it was held by the court that when corruption of individuals in the institution is exposed, it gives an opportunity to authorities to take action against those who indulge in corruption and to clean its stables. Instead of expressing gratefulness to the persons who exposes corruption, if the institutions start taking action against those who expose corruption, the corruption is bound to progress day and night. India is already placed very high in the index of corruption and is considered one of the most corrupt countries of the world.

Recently, the Supreme Court has draw the genesis of the citizens ‘right to know’ from their right to freedom of speech and expression. The Court observed in Dinesh Trivedi vs. Union of India, 1997 (4) SCC 306 that in modern constitutional democracies, it is axiomatic that citizens have a right to know about the affairs of the government which, having been elected by them, seeks to formulate sound policies of governance aimed at their welfare. To ensure that the continued participation of the people in the democratic process, they must be kept informed of the vital decisions taken by the government and the basis thereof. The Court was dealing with the Vohra Committee Report and stated that though it was not advisable to make public the basis on which certain conclusions were arrived at in that Report, the conclusion reached in that Report should be examined by a new body or institution or a special committee to be appointed by the President of India on the advice of the Prime Minister and after consideration with the Speaker of the Lok Sabha.

In the light of the above judgment of the American and English Courts and our Supreme Court, on the question as to the scope of ‘free speech’, the Commission is of the view that a statute enabling complaints to be made by public servants, or persons or NGOs against other public servants and the grant of protection to such complainants is perfectly valid and will not offend the right to privacy emanating from sub-clause (a) of clause (1) of Art. 19. The right to privacy has to be adequately balanced against the right to know. Both these rights emanate from same sub-clause in Article 19.

The Indian Whistleblowing legislation and its origin

In the past, the various committee’s & commissions have submitted their report recommending the setting up of mechanism  or bill to encourage whistle blowing as a tool or eradicating corruption. The earlier efforts in this regards can be traced to:-

• The Santhanam Committee Report, 1963
• The Administrative Reforms Commission Report 1967
• Vohra committee Report
• 129^th Law Commission Report

The Legislature as stated has drafted three legislations for the protection of whistleblower but finally the Anti Corruption, Grievance Redressal and Whistleblower Protection Bill, 2011, popularly known as Lok Janpal bill is introduced in Rajya Sabha as on 5^th August, 2011. Section 2 (n) in the Definition Clause of the Bills defines “Wishtleblower”.

“whistleblower” means any person who faces threat of (i) professional harm, including but not limited to illegitimate transfers, denial of promotions, denial of appropriate perks, departmental proceedings, discrimination or (ii) physical harm or is actually subjected to such harm; because of either making a complaint to the Lokpal under this Act or for filing an application under Right to Information Act, 2005.”

Thus, the definition assumes that the whistleblower may face threat of professional harm or physical harm. Further, the protection is available under the act only if the complaint is made to the Lokpal under the proposed Act or if one files an application under the RTI Act, 2005. Thus, the draft bill do not makes any provision for the protection of the whistleblower if the disclosure is outside the purview of the proposed act or not under the RTI Act, 2005. Thus, if the disclosure about the corruption is made to the media and there is an imminent threat to the life of the whistleblower, then the protection under the draft bill cannot be claimed by the wishtleblower. (See Section 2 (n) read with Section 20 of the Draft Bill.

The Act provides for the protection from threat of physical or professional victimization. The protection can be sought from the Lokpal (See Section 20 of the proposed bill) who will take immediate steps for the protection of the victim whistleblower as mentioned in the section 20 of the said draft bill.  The said Section also provides that if requested, the identity of the complainant shall be kept secret.

[i] Editorial in The Independent of London, on the arrest of Tory M.P. Damian Green for suspicion of leaking documents November 29, 2008

[ii] Research Note no. 31 2004–05; Whistleblowing in Australia—transparency, accountability … but above all, the truth (Available at http://www.aph.gov.au/library/pubs/rn/2004-05/05rn31.htm)

[iii] http://articles.timesofindia.indiatimes.com/2010-03-29/india/28135662_1_public-interest-disclosures-cvc-protection

[iv] Indirect Tax Practitioners Association vs. R.K. Jain, AIR2011SC2234

[v] Source: PRS Legislative Research

[vi] Source: 179^th Law Commission Report

Phishing is the internet age crime, born out of the technological advances in internet age. “Phishing” is a newer form of social engineering. Typically, Phishing is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information, such as passwords, usernames, login IDs, ATM PINs and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. The phishing attacks will then direct the recipient to a web page (mirror webpage) so exactly designed to look as a impersonated organization’s (often bank & financial institution) own website and then they cleverly harvest the user’s personal information, often leaving the victim unaware of the attack.
Phishing has become so rampant that even, the Oxford English Dictionary added “Phishing” to its latest publication making it a definitive word of English Language. It defines “Phishing” as:

“phishing • noun the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, online.”

As per the American Banker’s Association “Phishing attacks use ‘spoofed’ e-mails and fraudulent Web sites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, Social Security numbers, etc. By hijacking the trusted brands of well-known banks, online retailers and credit card companies, phishers are able to convince up to 5 percent of recipients to respond to them.”

The Anti-Phishing Working Group (APWG) which is an industry association focused on eliminating identity theft and fraud from the growing problem of phishing and email spoofing defines Phishing as a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials.

According to the Annual Report of the Indian Computer Emergency Response Team (CERT-In), Deptt. of Information Technology, Ministry of Communications & Information Technology, (Govt. of India) in the year 2009, the CERT-In handled about 374 phishing incidents.

Major factors for increase in Phishing Attacks:
There are three major factors behind the recent spurt in phishing attacks worldwide particularly in India:

Unawareness among public: Worldwide, particularly in India, there has been lack of awareness regarding the phishing attacks among the common masses. The users are unaware that their personal information is actively being targeted by criminals and they do not take proper precautions when they conduct online activities.

Unawareness of policy – The fraudsters often count on victim’s unawareness of Bank/financial institution policies and procedures for contacting customers, particularly for issues relating to account maintenance and fraud investigation. Customers unaware of the policies of an online transaction are likely to be more susceptible to the social engineering aspect of a phishing scam, regardless of technical sophistication.

Technical sophistication – Fraudsters are now using advanced technology that has been successfully used for activities such as spam, distributed denial of service (DDoS), and electronic surveillance. Even as customers are becoming aware of phishing, criminals are developing techniques to counter this awareness. These techniques include URL obfuscation to make phishing emails and web sites appear more legitimate, and exploitation of vulnerabilities in web browsers that allow the download and execution of malicious code from a hostile web site.

Techniques of Phishing attacks

Man-in-the-middle attacks: In this class of attack, the attacker sits between the customer and the real web-based application, and proxies all communications between the systems. This form of attack is successful for both HTTP and HTTPS communications. The customer connects to the attackers server as if it was the real site, while the attackers server makes a simultaneous connection to the real site. The attackers server then proxies all communications between the customer and the real web-based application server – typically in real-time.

URL Obfuscation Attacks: Using URL obfuscation techniques which involves minor changes to the URL, the fraudster tricks the user to follow a hyperlink (URL) to the attacker’s server, without the users realizing that he has been duped. URL Obfuscation uses the unspoken, unwritten secrets of the TCP/IP protocol to trick users into viewing a website that they did not intend to visit.

XSS (Cross-site Scripting): Cross-site scripting attacks (XSS) make use of custom URL or code injection into a valid web-based application URL or imbedded data field. In general, these XSS techniques are the result of failure of a site to validate user input before returning it to the client’s web-browser.
Phishing scenario in XSS:
• Victim logs into a web site
• Attacker has spread “mines” using an XSS vulnerability
• Victim fall upon an XSS mine
• Victim gets a message saying that their session has terminated, and they have to to authenticate again
• Victim’s username and password are send to attacker

Some cases of phishing in India:
Phishing is a relatively new concept in India, unheard of couple of years back but recently there has been rise in the number of phishing cases in India where the innocent public fall prey to the sinister design of fraudster. In India, the most common form of phishing is by email pretending to be from a bank, where the sinister asks to confirm your personal information/login detail for some made up reason like bank is going to upgrade its server. Needless to say, the email contains a link to fake website that looks exactly like the genuine site. The gullible customers thinking that it is from the bank, enter the information asked for and send it into the hands of identity thieves.
There were phishing attempts over ICICI Bank, UTI Bank, HDFC Bank, SBI etc. in which the Modus operandi was similar. It was reported that a large number of customers of these banks had received emails, which have falsely been misrepresented to have been originated from their bank. The recipients of the mails were told to update their bank account information on some pretext. These emails included a hyperlink with-in the email itself and a click to that link took recipients to a web page, which was identical to their bank’s web page. Some of the unsuspecting recipients responded to these mails and gave their login information and passwords. Later on, through internet banking and by using the information so collected a large number of illegal/fraudulent transactions took place.

Apart from the general banking phishing scams, some of the recent phishing attacks that took place in India are as follows:

• RBI Phishing Scam: In a daring phishing attack of its kind, the fraudsters even have not spared the Reserve Bank of India. The phishing email disguised as originating from the RBI, promised its recipient prize money of Rs.10 Lakhs within 48 hours, by giving a link which leads the user to a website that resembles the official website of RBI with the similar logo and web address. The user is then asked to reveal his personal information like password, I-pin number and savings account number. However, the RBI posted a warning regarding the fraudulent phishing e-mail on the bank’s official website.
• IT Department Phishing Scam: The email purporting to be coming from the Income Tax Department lures the user that he is eligible for the income tax refund based on his last annual calculation, and seeks PAN CARD Number or Credit Card details.
• ICC World Cup 2011: One of the biggest sporting events is also under phishing attack. The fraudsters have specifically targeted the internet users of the host countries i.e. India, Bangladesh and Sri Lanka where the matches of the world cup are going on. India, which has been allotted 29 matches of the world cup, is obviously the prime targets of the phishing attacks. The Modus Operandi is similar to the banking phishing attack. The fraudsters through the similar looking fake website of organizers of the event have tried to lure victims with special offers and packages for the grand finale of the event. The Users were asked for credit card details to book tickets and packages along with their personal information which once submitted would be used to compromise the online banking account of the victim leading to financial losses to the victim.
• Google under Phishing Attack: Recently, the users of the Google email services, “Gmail” purportedly received a legal notice from the Gmail team which wanted users to refurbish their account name, password, occupation, birth date and country of residence with a warning that users who did not update their details within 7 days of receiving the warning would lose their account permanently. However, the spokesperson of the Google denied any such legal notice coming from them and stated it to be a phishing attack designed to collect personal information, called ‘spoofing’ or ‘password phishing’.

Modus Operandi of phishing attack used to target bank customers in India:-
1. The hackers have created a fake look alike websites of the target Bank or the organization and sent emails to the customers of the bank/organization luring them to provide them the login details in order to upgrade the server. It was revealed that for this purpose the fraudster hosted the web page containing URL Links of the target bank/organization with the help of their associates from foreign countries like Nigeria, Russia etc.
2. Before a transfer of funds through internet banking is executed, the bank sends a SMS to the transferor in order to confirm the transaction. The fraudsters, when they get hold of the customer’s personal information changed the contact numbers of customers with their own, so that the transfer of funds through victim account to beneficiary accounts goes unnoticed.
3. In these cases, when the customers fell into trap and passed on their Internet banking password and user name, the fraud was perpetuated in three forms:-
a) The account to account transfer from1 the victim’s account to a beneficiary account.
b) For recharging the mobile phones.
c) Making purchases online permissible by net banking facility.
4. The beneficiary account in which the funds were transferred were fake accounts which were opened by giving fake ID documents, like fake passports, fake election I Cards, Fake Pan Cards etc.
5. The phishing scam revealed the involvement of Nigerians but the beneficiary accounts were opened in the name of Indians as the account with Nigerian names would arouse suspicion. Some of the beneficiary account holders were carrier of the hackers while some of the beneficiary’s accounts were opened by luring the persons by giving them some consideration in lieu of their services to open the account in their names and get the ill-gotten money transferred in their accounts.
6. The suspected IP addresses from which the fraudulent internet transaction took place were of various foreign countries which indicate the use of proxy IPs by the hackers to mislead the investigation agencies.
7. It has been revealed that the amount has been withdrawn immediately by the hacker after the account has been compromised.

Phishing-A Cyber Crime, the provisions of Information Technology Act, 2000
The phishing fraud is an online fraud in which the fraudster disguise themselves and use false and fraudulent websites of bank and other financial institutions, URL Links to deceive people into disclosing valuable personal data, later on which is used to swindle money from victim account. Thus, essentially it is a cyber crime and it attracts many penal provisions of the Information Technology Act, 2000 as amended in 2008 adding some new provisions to deal with the phishing activity. The following Sections of the Information Technology Act, 2000 are applicable to the Phishing Activity:

Section 66: The account of the victim is compromised by the phisher which is not possible unless & until the fraudster fraudulently effects some changes by way of deletion or alteration of information/data electronically in the account of the victim residing in the bank server. Thus, this act is squarely covered and punishable u/s 66 IT Act.

Section 66A: The disguised email containing the fake link of the bank or organization is used to deceive or to mislead the recipient about the origin of such email and thus, it clearly attracts the provisions of Section 66A IT Act, 2000.

Section 66C: In the phishing email, the fraudster disguises himself as the real banker and uses the unique identifying feature of the bank or organization say Logo, trademark etc. and thus, clearly attracts the provision of Section 66C IT Act, 2000.

Section 66D: The fraudsters through the use of the phishing email containing the link to the fake website of the bank or organizations personates the Bank or financial institutions to cheat upon the innocent persons, thus the offence under Section 66D too is attracted.

The Information Technology Act, 2000 makes penal provisions under the Chapter XI of the Act and further, Section 81 of the IT Act, 2000 contains a non obstante clause, i.e. “the provisions of this Act shall have effect notwithstanding anything inconsistent therewith contained in any other law for the time being in force”. The said non obstante clause gives an overriding effect to the provisions of the IT Act over the other Acts including the Indian Penal Code. The aforesaid penal provisions of the IT Act, 2000 which is attracted to the phishing scam are however been made bailable by virtue of Section 77B IT Act intentionally in view of the fact that there is always an identity conflict as to the correct or accurate identity of the person behind the alleged phishing scam and there is always a smokescreen behind the alleged crime as to the identity of the person who has actually via these online computer resources have or have not committed the offence and in view of the possible misuse of the penal provision for cyber offences as contained in the IT Act, the offence is made bailable.

What Should Internet Users Do About Phishing Schemes?
With online transactions on rise, certain precautionary measures are to be taken by all those who make their transactions online, like credit card holders, internet bank users, to shield themselves from such frauds. Some of the precautionary measures are as follows:-
1) The US Department of Justice recommends the user to follow a golden rule what is known as Stop, Look & Call (SLC). The SLC rule emphasizes that:-
a. You must STOP because the phishing emails are always desperate in their language and so eager to retrieve information from you. It generally comes with a warning you give the personal information or else your account would be deactivated. Be automatically suspicious of any email with urgent/desperate requests for personal financial information.
b. You must LOOK because the link provided in the phishing email is a fake URL and by using your sixth sense, you would see that email address itself is bogus. For example, an email which purportedly come from UTI Bank might be UTI.Bank @ yahoo.com which obviously is not the original email address of UTI Bank.
c. You must CALL because in case you find the email suspicious & even if you don’t fall into the trap, it should be your endeavor as a good citizen to inform the target bank and the law enforcement agencies so that timely action should be taken to save other customers from being trapped by the fraudster.
2) Check your credit card and bank account statements regularly and look for unauthorized transactions, even small ones. Report discrepancies immediately
3) Ensure that your system has the current security software applications like; anti-spam, anti-phishing, anti-virus and anti-spyware etc.

What do you do if you think you are a victim?
• If you have provided account numbers, pin number, password, login detail to the phisher, immediately notify the bank with which you have the account so that your accounts can’t be compromised.
• Even if you don’t fall into the trap, it is your duty as a good citizen to avoid others from falling into the trap. You should report phishing to bank or agency that was being impersonated as well as to police.

Phishing is a major concern in the contemporary e-commerce environment in India and will continue to be so because of the lack of awareness among the Internet users who are new to the internet realm. There is no silver bullet to thwart the phishing attack. However, it has been noticed in the most of the phishing scams worldwide particularly in India that the hacker succeeds in phishing attempt due to the uninformed, gullible customers who without knowing that they are being trapped unwittingly pass on the information asked for by the fraudster. Therefore, the awareness and customer education is the key here to fight the menace of the “Phishing” apart from mitigating or preventative measures. The law enforcement agencies, the legislature, the industry should come together and coordinate in their fight against the menace of the Phishing.

Neeraj Aarora
AICWA, LLB, MIMA, PGD (Cyber Law), CFE
Advocate

Earlier the Criminal Jurisprudence of India did not recognize the concept of “plea bargaining” as such. However, reference may be made to section 206 (1) and Section 206 (3) of the Code of Criminal Procedure and section 208 (1) of the Motor Vehicles Act, 1988. These provisions enable the accused to plead guilty for petty offences and to pay small fines whereupon the case is closed.

The Government was hesitant to take a policy decision on the introduction of the plea bargaining in the criminal justice system due to opposition from the legal experts, judiciary etc. The Hon’ble Supreme Court has criticized the concept of Plea Bargaining in its judgment namely, Murlidhar Meghraj Loya v. State of Maharashtra, AIR 1976 SC 1929

Further, the Hon’ble Supreme Court in the case of Kachhia Patel Shantilal Koderlal v. State of Gujarat and Anr 1980CriLJ553 strongly disapproved the practice of plea bargain. The Apex Court held that practice of plea bargaining is unconstitutional, illegal and would tend to encourage corruption, collusion and pollute the pure fount of justice. Similarly, in Kasambhai v. State of Gujarat, AIR 1980 SC 854 the Supreme Court had expressed an apprehension that such a provision is likely to be abused.

The Law Commission of India advocated the introduction of ‘Plea Bargaining’ in the 142nd, 154th and 177th reports. The Law commission noted that the experience of United States was an evidence of plea bargaining being a means for the disposal of accumulated cases and expediting the delivery of criminal justice.

Based on the recommendation of the Law Commission, the new chapter on plea bargaining making plea bargaining in cases of offences punishable with imprisonment upto seven years has been included in Crl.R.C and the same has come into effect from 05.07.2006. A consideration of Chapter XXI-A dealing with plea bargaining will show that certain procedure prescribed for plea bargaining under Sections 265-A to 265-L of Cr.P.C are to be complied to make it a valid plea bargaining. As per Section 265-A, the plea bargaining shall be available to the accused charged of any offence other than offences punishable with death or imprisonment or for life or of an imprisonment for a term exceeding seven years. Section 265-B contemplates an application for plea bargaining to be filed by the accused which shall contain a brief description of the case relating to which such application is filed, including the offence to which the case relates and shall be accompanied by an affidavit sworn by the accused stating therein that he has voluntarily preferred, after understanding the nature and extent of the punishment provided under the law for the offence, the plea bargaining in his case and that he has not previously been convicted by a court in a case in which he had been charged with the same offence. Sub-clause 4(a) is to the effect that if the court is satisfied with the voluntary nature of the application, then it shall provide time for working out a mutually satisfactory disposition of the case which may include giving to the victim by the accused compensation and other expenses. Section 265-C prescribes the procedure to be followed by the court in working out a mutually satisfactory disposition. Section 265-D deals with the preparation of the report by the court as to the arrival of a mutually satisfactory disposition or failure of the same. Section 265-E prescribes the procedure to be followed in disposing of the cases when a satisfactory disposition of the case is worked out. Section 265-F deals with the pronouncement of judgment in terms of such mutually satisfactory disposition. Section 265-G says that no appeal shall lie against such judgment. Section 265-H deals with the powers of the court in plea bargaining. Section 265-I makes Section 428 applicable to the sentence awarded on plea bargaining. Section 265-J contains a non obstante clause that the provisions of the chapter shall have effect notwithstanding anything inconsistent therewith contained in any other provisions of the Code and nothing in such other provisions shall be construed to contain the meaning of any provision of chapter XXI-A. Section 265-K says that the statements or facts stated by the accused in an application for plea bargaining shall not be used for any other purpose except for the purpose of the chapter. Section 265-L makes the chapter not applicable in case of any juvenile or child as defined in Section 2(k) of Juvenile Justice (Care and Protection of Children) Act, 2000.

Unless the aforesaid procedure contemplated in Chapter XXI-A is followed the same cannot be a valid disposal on plea bargaining. Even though ‘plea bargaining’ is available after the introduction of the said amendment is available, in cases of offences which are not punishable either with death or with imprisonment for life or with imprisonment for a term exceeding seven years, the chapter contemplates a mutually satisfactory disposition of the case which may also include giving compensation to victim and other expenses. The same cannot be done without involving the victim in the process of arriving at such settlement.

The provisions also mandate the court to give accused the benefit of Probation of Offenders Act where so ever it is permissible. Thus, if an admonition or a supervisory order is passed under the Probation of Offenders Act, 1958, then Section 12 of the said Act provides that it shall not cast any stigma on the offender. Section 12 of the Probation of Offenders Act, 1958 provides that a person found guilty of an offence and dealt with under section 3 or 4 of the said Act, shall not suffer any disqualification attached to the conviction. Thus, the Government employees who are released on probation under the Probation of offenders Act are saved from the disqualification which is attached to conviction. See Sh. Charan Singh Vs. M.C.D. (Writ Petition (Civil) No. 18725/2005) decided on 05/10/2006

Concept of Plea Bargaining should be encouraged and the litigant should be encouraged to avail the remedy of plea bargaining to settle the pending cases. For the successful implementation of plea bargaining and to achieve its objectives, the role of judiciary and the bar is very important.  The member of the bar should encourage the litigant to opt for the plea bargaining rather than to treat the plea bargaining a threat to their profession. With the changing world scenario where all the countries are shifting to ADR from the traditional litigation process which is lengthy as well as complex, the plea bargaining may be one of the best recourse as an ADR mechanism to meet the challenges of disposal of pending cases.

Neeraj Aarora

Advocate

Today the CBI’s website, connected to the command centre of world police organisation — Interpol — 24×7 has been hacked, but what about tomorrow? What is the guarantee that next cyber attack may take place on something more critical, like the power grid?

The hacking of Government websites is not new and in past too the hackers group with patronage of government establishment successfully penetrated the highly secure websites belonging to Government of India. However, it is not a one sided affair as there are hacker group from either side who in retaliation or out of political or strategic compulsion hack each other websites. It is no more a secret that our neighbors with whom we have troubled relations find it politically and strategically useful to have arms-length relationship with hackers. One blogger has written that the hackers claim that they are sometimes paid secretly by the Chinese government — a claim the Beijing government denies. There is a number that circulates the web (not confirmed data) that the Chinese government pays to up to 50,000 highly skilled military hackers to use the Internet for specific purposes that are defined by the government officials (cyber expert James Mulvenon told a congressional commission in 2008). The hacker community is diverse with different purposes, for example; (a) Script-kiddies – people, teenagers who are doing it for fun or to show off or to see what they can actually accomplish (b) Criminal Hackers-criminals who are just hacking for financial gains, (c) Patriotic hackers – people that hack websites out of a kind of nationalistic feeling (d) Government backed hackers; There are hackers that are probably employed by the government, probably by the military and the security agencies that are used to attack specific targets for political reasons and last but not the least there are hackers in the military that are thinking about how cyber would be used in an actual military conflict.

The category to which the Pakistani Hackers group who hacked the CBI website is not difficult to imagine. The Pakistan Cyber Army, claim that the Indian Cyber Army had allegedly hacked into the oil and gas regulatory website in Pakistan. The Pakistan Cyber army in retaliation has therefore also hacked the website of CBI. So, the group clearly fall under point (c) mentioned above i.e. patriotic hackers, however it is equally true that they have the government sponsorship too.

As far as the law is concerned, we have Information Technology Act, 2000 on statute book which deals with hacking, particularly the government owned website, say Section 66 (punishing the offence of hacking) read with Section 70 Information Technology Act (punishing access or attempt to access the protected systems). However, these sections are not effective as far as cross border cyber crimes are concerned, more so if one traces the digital footprints of hacking to hostile countries with which we have troubled relations and do not have bilateral treaty. The only solution seems to be is to first identify the critical and vulnerable cyber infrastructure, upgrade their security, setting up of a cyber command structure with experts in cyber security and warfare to continuously look at the cyber security aspects and suggest measures to upgrade the security, make preemptive cyber attacks against enemy cyber infrastructure and last but not the least thwart any similar cyber attacks emanating from foreign land.

The need for international cooperation on these critical issues and the role that international law can play in containing the threat cannot be undermined. As far as the cyber espionage is concerned, there is no known international treaty on this issue, however, on the criminal front there is a convention on cyber-crime drawn up by Council of Europe which is the first international treaty seeking to address Computer crime and Internet crimes by harmonizing national laws, improving investigative techniques and increasing cooperation among nations. However, the problem with this convention or treaty is that most of the major players including India itself have not signed it which could have gone a long way consistent legal enforcement standards across national borders about dealing with instances of cross border cyber crimes. As an alternative to the aforesaid convention, as a short time security measure we can enter into treaty with the Pakistan and China like the one we have with Pakistan to not attack each other nuclear installations, in similar manner we can agree to not launch cyber attacks on each other identified critical cyber installations.

Neeraj Aarora

Advocate

How much it is difficult for a common folk to get register FIR in a genuine case as heinous as rape where police simply turn down the complaint and do not register the FIR except when they are forced to do so by the order of the Court. However, the police acted very promptly on a complaint of President Secretariat where the preliminary enquiry made by police itself reveals that no offence is made out and Sections imputed under the Information Technology Act and Indian Penal Code is gross abuse of law and wastage of time by the investigating agencies that should devote its productive time to curb crimes and do some meaningful investigations into the genuine complaint registered as FIR. The Sections of the IT Act and IPC imputed in the aforesaid FIR has no connection with the allegations as mentioned in the FIR. Section 66 IT Act is applicable when a person dishonestly or fraudulently, does any act referred to in section 43 which contains mainly ten acts which mainly comprises of downloading, copying from computer without permission, introducing virus or contaminant, hacking etc. Clearly, the registration of the domain in the name of the President does not fall under any of the ten acts specified under Section 43 IT Act. Further, Section 66A is applicable for sending offending messages through communication device etc. which is clearly not applicable to allegations as made in the complaint. Lastly, the Section 469 IPC is applicable when electronic record forged is used or intended to be used to harm the reputation of other. The alleged website with the domain name containing the he President istered the name of the President do not attract the Section 66A IT Act either. allegations as mentionname of the President is without any content. Now, the question arises, how can it harm the reputation of the President except misleading the general public.

The aforesaid allegation in the complaint simply discloses the abusive registration of the domain name using the name of the President, which is a case of cyber squatting. The word “cyber squatting” is not defined under the Indian Laws. However, Cyber squatting (also known as domain squatting), according to the United States federal law known as the Anti cyber squatting Consumer Protection Act, is registering, trafficking in, or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else. The cyber squatter then offers to sell the domain to the person or company who owns a trademark contained within the name at an inflated price.

The aforesaid case of cyber squatting or domain name squatting is not first of its kind in India. There have been instances where the domain names in the name of the famous personalities have been registered. One such domain name www.arunjaitley.com containing the name of Senior Counsel and BJP Leader Mr. Arun Jaitley was registered by the cyber squatter. Mr Jaitley filed the suit in the Hon’ble Delhi High Court, stating that his name was being used by some other person who had made a website using his name. Justice S Murlidhar granted an injunction to use the website and directed Network Solutions & Portfolio Brains Ltd not to sell or transfer the domain in his name until the proceedings of the court were completed.

The recourse available to the prominent person in whose name there is abusive registration of the domain name as alleged in the complaint filed by the President Secretariat is to:-

a)      Filing a case under the Uniform Domain Name Dispute Resolution Policy (UDRP) created by ICANN

b)      Pursuing a litigation in the Court of Law or

c)      Buying the Domain name

Thus, the allegation as contained in the complaint made by the President Secretariat do not attract any provisions of the Information Technology Act or the Indian Penal Code and the registration of the FIR is gross abuse of process of law and wastage of time by investigating agency.

Neeraj Aarora

Advocate

It has been decided that every stock exchange shall maintain its own penal of arbitrators as per number of disputes so as to enable to the arbitrators to handle the arbitration references easily and to dispose off them within the prescribed time limit. The stock exchanges shall ensure that the arbitrators have adequate qualifications and are included in the panel in accordance with fair and transparent criteria & there has been a short code of conduct for the arbitrators. Specifically the arbitrators are to act in a fair, impartial and independent manner, and shall disclose circumstances where there is conflict of interest. The stock exchange shall provide at least seven days of continuing education to every arbitrator each year & and an appraisal would be given to the arbitrators as per their performances.

The arbitrator should be appointed within 30 days after receiving the arbitration reference by the exchange. Arbitration claims can also be filed after six month under the new framework since the limitation period for arbitration has now been modified to three years as prescribed under the Limitation Act, 1963. An award should be passed within four months after appointment of the arbitrator. The time for issue of arbitral award may be extendes for upto two months on a case to case basis after recording the reasons for the same. An appeal may be filed before the appellate panel of arbitrators of the stock exchange within one month from the date of receipt of arbitral award.

Uncertainty about arbitration fees has been removed by fixing the maximum limit. A client filing an arbitration reference for claim/counter claim upto Rs. 10 lakh within six months does not have to pay any fees. For such clients, the costs are to be borne by the stock exchange. Six months shall be computed from the end of the quarter during which the disputed transaction(s) were executed/ settled, whichever is relevant for the dispute, and after excluding the time taken by the Investors Grievances Redressal Committee of the Stock Exchange to resolve the dispute and the time taken by the member to attempt the resolution of the dispute.

As per the circulars, the arbitration and appellate arbitration shall be conducted at the regional centre (Delhi, Mumbai, Kolkata and Chennai) nearest to the client. The application under Section 34 of the Arbitration and Conciliation Act, 1996, if any, against the decision of the appellate panel shall be filed in the competent Court nearest to such regional centre. Other stock exchanges shall provide the arbitration facility, including appellate arbitration, at the place where it is located.

The arbitral award shall be disclosed by the stock exchange on its website in different formats. The stock exchange shall preserve the arbitral and appellate arbitral award with acknowledgements, confirming receipt of award by the disputing parties, permanently and other records pertaining to arbitration for five years from the date of arbitral award, appellate arbitral award or Order of the Court, as the case may be; and register of destruction of records relating to other records permanently.

The initiative taken by the SEBI will certainly increase the transparency into the arbitration mechanism of the exchanges and will improve the quality of arbitral awards apart from protecting the interest of small investors. Neeraj Aarora Advocate

Neeraj Aarora

Advocate

Forensic accounting is a rapidly growing area of accounting concerned with the detection and prevention of financial fraud and white-collar criminal activities. George A. Manning in his book “Financial Investigation and Forensic Accounting” defines Forensic Accounting as the science of gathering and presenting financial information in a form that will be accepted by a court of jurisprudence against perpetrators of economic crimes. The integration of accounting, auditing, and investigative skills yields the specialty known as Forensic Accounting which focuses very closely on detecting or preventing accounting fraud. “Forensic”, according to the Webster’s Dictionary means, “Belonging to, used in or suitable to courts of judicature or to public discussion and debate.” The word accounting is defined as “a system of recording and summarizing business and financial transactions and analyzing, verifying, and recording the results.” The term ‘forensic accounting’ refers to financial fraud investigation which includes the analysis of accounting records to prove or disprove financial fraud and serving as an expert witness in Court to prove or disprove the same. Thus, basically, the forensic accounting is the use of accounting for legal purposes.

The History of Forensic Accounting

The forensic accounting can be traced back as far as 1817 to Meyer v. Sefton, a Canadian case that allowed an ‘expert witness’ to testify in court. The term ‘forensic accounting’ was first published in an article in 1946 “Forensic Accounting- Its Place in Today’s Economy” authored by Maurice E. Peloubet, a partner in Price Waterhouse. He stated that, “during the war both the public and industrial accountant have been and now engaged in the practice of forensic accounting”. Many scholars have traced the roots of investigative accounting to his work. Interest in forensic accounting spread through the United States and England early in the twentieth century. One of the first institutions to use the services of such investigative accountants was the IRS. The story of Al Capone the famous mobster being caught on a tax evasion scheme is well-known. The FBI decided to use forensic accountants and employed nearly 500 such agents during World War II. As a profession, forensic accounting continued to grow during the latter half of the century, as GAAP and tax laws became widespread and mandatory.

The need for Forensic Accounting

Forensic Accounting is a fast emerging field in the “World of Accounting”. Although it has been around for a long time, it has become increasingly popular and much relevant today in view of global financial crisis due to the downfall of the Lehman Brothers and its ripples felt across the globe. Thus, a new avatar of Accountant has emerged known as Forensic Accountant. Although Investigative Accounting has been around for years, it has only recently begun to transform into a new branch of accounting, hence Forensic Accounting. Forensic accountants unlike traditional accountants, look beyond the numbers, put their nose and eye deep into the financial books, records and data to uncover fraud, hidden assets, siphoned funds and the like. The word forensic is defined as the application of scientific knowledge to legal problems and legal proceedings. The word accounting is defined as “a system of recording and summarizing business and financial transactions and analyzing, verifying, and recording the results.” By combining these two definitions it can be concluded that forensic accounting utilizes his regular accounting principles & practices in legal situations. Forensic Accounting is like the bridge which connects accounting system to legal system. Thus, we can say that the forensic accounting is an accounting that is used in a court of law. One of the most notable legal situations in the recent past would be the Enron scandals; where large numbers of American forensic accountants were employed. The wave of financial crisis primarily caused by corporate malfeasance and fraudulent financial activities eroded public trust and investor confidence in financial reports and audit services and need was felt to look beyond the conventional accounting function which only fulfilled the compliance requirements i.e. company’s books of accounts are kept in accordance with rules & regulations. In view of the increasing number of financial frauds committed by conspiracy with complex accounting records manipulation, it was felt that a new tribe of Accountant is needed to detect the financial fraud in companies with his accounting, auditing, and investigative skills and also assist in legal matters. This area of accounting came to be known as ‘forensic accounting’. There is a global awareness to fight the cases of financial frauds. Though many strategies have been formulated and many actions have been taking to fight against it, the problem still persists. One of the major hindrances in fighting financial crime cases is lack of quality forensic analysis of the financial statements and records due to lack of forensic accounting professionals. This author who had been an investigating officer during his tenure with Delhi Police in number of major cases of financial crimes have faced this dearth of quality forensic accounting experts who could have come handy in timely & accurate investigation of the intricate financial crimes and unearth the complex modus operandi adopted by the fraudsters who are themselves in some cases highly qualified financial professionals. The reason why there has been rampant increase in white collar financial crimes because they think that they can get away with it with impunity and the greatest deterrent to thwart the criminal act is law enforcement. However, the conviction rate in the financial fraud cases was very low due to weak law enforcement which is attributable to weak litigation support in prosecution process. Without full support of accounting expert, prosecutors often fail to prove and provide strong evidence to put fraudsters behind bar. Here, the Forensic accounting can play an important role here by providing accounting or financial information or other evidentiary inputs for legal purposes. To achieve the aim, forensic accountant besides having financial accounting expertise, should also have proven skill in law, scientific investigative technique, interpersonal and communication skills etc.

Growth of Forensic Accounting

The Western Countries are utilizing the forensic accounting expertise to address the financial fraud cases. United States and Canada are pioneers in development & implementation of Forensic Accounting. The Canadian Institute of Chartered Accountant recently recognized Investigative and Forensic Accounting as an accounting specialty. The CICA has started granting its members to use the designation initials CAIFA who complete three years post qualification experience as a CA with Diploma in Investigative and Forensic Accounting (DIFA) from the University of Toronto. The CA-designated specialist in investigative and forensic accounting (CAIFA) combines the well-recognized and respected attributes of the CA – in particular integrity, understanding of business, and financial acumen – with an in-depth knowledge and experience in investigative and forensic accounting. The CA-designated specialist in investigative and forensic accounting (CAIFA) combines the well-recognized and respected attributes of the CA – in particular integrity, understanding of business, and financial acumen – with an in-depth knowledge and experience in investigative and forensic accounting. This is accomplished through a profession-endorsed certification process that has ongoing experience and education requirements. The CAIFA tells litigation lawyers, law enforcement professionals, the courts and other legal forums that the designated holder is well positioned to practise in areas such as fraud and economic loss quantification, including:

• investigating and analyzing financial evidence;

• testifying as an expert witness ;

• becoming involved in criminal investigations and uncovering financial evidence in employee or insurance fraud cases;

• Investigating in the rapidly evolving area of computer and Internet fraud.

Forensic Accounting implementation in India

However in India, this branch of accounting has not got its due recognition even after alarming increase in the complex financial crimes and lack of adequately trained professionals to investigate and report on the complex financial crimes. The task of Forensic Accountants is handled by Chartered Accountants who apart from handling traditional practice of auditing as required under the Companies Act, 1956 or Income Tax Act are called upon by the law enforcement agencies or the companies or private individuals to assist in investigating the financial crime or scam. The CA or CWAs in India are best suited for this profession due to their financial acumen acquired during their rigorous training which can be further honed by introducing post qualification degree or diploma in Investigating and Forensic Accounting similar to one introduced by CICA. The CA or CWA who acquire post qualification in Investigative & Forensic Accounting can use the designation CA-IFA or CWA-IFA and be legally recognized as the Forensic Accounting Experts to handle the investigation of financial crimes and give expert testimony in the Court of Law. However, no efforts has so far been made by the ICAI and ICWAI, the two leading statutory accounting professional bodies to move in this direction and set up a institute which can offer the post qualification diploma in Investigative and Forensic Accounting to its members.

However, growing financial fraud cases, recent stock marker scams, failure of non financial banking companies, phenomena of vanishing companies and plantation companies and failure of the regulatory mechanism to curb it has forced the Government of India to form Serious Fraud Investigation Office (SFIO) under Ministry of Corporate Affairs which can be regarded the first step of Government of India to recognize the importance and advance the profession of forensic accountants. The SFIO is a multidisciplinary organization having experts from financial sector, capital market, accountancy, forensic audit, taxation, law, information technology, company law, customs and investigation. These experts have been taken from various organizations like banks, Securities & Exchange Board of India, Comptroller and Auditor General and concerned organizations and departments of the Government. However, the main important law enforcement agency involved directly in combating white-collar crimes is the Police, CBI, DRI etc. There is a total lack on the part of these law enforcement agencies to train their investigators in this specialized part of investigating white-collar crimes involving forensic accounting. The investigation of the major financial crimes is handled by ordinary investigating officers who after spending some time in investigation of conventional crimes are shunted to the economic offence wing and they are expected to handle the financial crime cases involving complex & intricate financial records which is required to be analyzed to unearth crime or unique MO adopted by the white collar criminal. The result is obvious, the case dies its natural death and the criminals roam free as the IO given his lack of specialized knowledge & qualification fails to properly investigate the financial crime to its logical conclusion. On the other hand if we look at the western countries particularly USA, the law enforcement agencies of which like DEA, FBI, CIA has well marshaled its pool of special agents having forensic accounting backgrounds that are the backbone of the bureau’s financial crimes and terrorism financing units and investigate with professional acumen, the complex financial crime like money laundering, internet crimes, financial institution fraud and other economic crimes. Today, there are more than 600 FBI agents with accounting backgrounds. Thus, it is highly imperative on the part of law enforcement agencies in India that they follow the suit and engage specialist forensic accountant on its roll whose engagements relating to criminal matters typically arise in the aftermath of financial fraud.

The Indian Law which refers to Forensic Accounting:

1)      The Companies Act, 1956:

a)       Section 235 and 237: There are provisions in Companies Act (Section 235 and 237) which empowers the Central Government to inspect the books of accounts of a company, to direct special audit, to order investigation into the affairs of a company and to launch prosecution for violation of the Companies Act, 1956. Books of accounts and other documents of the companies are inspected by the officers of the Directorate of Inspection and Investigation and the Registrars of Companies. These inspections are designed to find out whether the companies conduct their affairs in accordance with the provisions of the Companies Act, 1956 to see whether any unfair practices prejudicial to the public interest are being resorted to by any company or a group of companies and to examine whether there is any mismanagement which may adversely affect any interest of the shareholders, creditors, employees and others. Wherever inspection reports disclose any information that may be of interest to other Departments or agencies like the Ministry of Commerce and Industry, Central Board of Direct Taxes, Enforcement Directorate, State Government or Provident Fund Authorities, such information is passed on to them. If an inspection discloses a prima facie case of fraud or cheating, action is initiated under provisions of the Companies Act, 1956 or the same is referred to the Central Bureau of Investigation.

b)       Provisions of Sick Industrial Companies Act incorporated into the Companies Act, 1956: The Section 424A(5) of the Companies Act, 1956 empowers National Company Law Tribunal (NCLT) to examine as preliminary issue whether the company is a sick industrial company u\s 2(46AA). Thus even before examining the viability of the scheme of revival proposed by the company, NCLT can check the genuineness of the reference made to it. Thus, inquiry by operating agency will only be to enable NCLT to decide the viability of the scheme and to assess whether the company has the ability to revive on its own. Further, Section 424B of the Companies Act, 1956 empowers the tribunal to make such inquiry as it may deem fit for determining whether any industrial company has become a sick industrial company. Further, the Tribunal may, if it deems necessary or expedient so to do for the expeditious disposal of an inquiry, require by order any operating agency to enquire into the scheme for revival and make a report with respect to such matter as may be specified in the order. Operating agency is group of experts consisting of persons having special knowledge in banking & industry in which sick industrial company is engaged and includes public financial institution, State level institution, scheduled bank or any other any other person as may be specified by general or special order as its agency by the Board. Thus, Forensic Accountant can be part of operating agency and investigate whether the reference made by the company is genuine or the accounts are manipulated or fabricated to suit the scheme of reference made to NCLT to declare it as sick company and thereby siphon public funds.

2)       SEBI Act, 1992:

The share market is highly volatile and the brokers indulge into various unfair and fraudulent trade practices like synchronized share trading, manipulate and fabricate the books of accounts and cheat the gullible investors. Regulation 11 C of the SEBI Act, 1992 empowers the SEBI to direct any person to investigate the affairs of intermediaries or brokers associated with the securities market whose transactions in securities are being dealt with in a manner detrimental to the investors or the securities market. Thus fraudulent and unfair trade practices of the brokers or market intermediaries are investigated by the investigator appointed by SEBI which require the broker or market intermediary to furnish information, books of accounts, registers, documents or records etc. which is analyzed by the investigator to find out any manipulation, fraudulent practice or otherwise of the broker. Thus, Forensic Accountant can play a lead role in assisting the SEBI to unearth the complex share related frauds perpetrated by the brokers.

3)      The Insurance Act, 1938:

Section 33 of the said Act empowers the IRDA to direct any person (“Investigating Authority”) to investigate the affairs of any insurer. The investigating authority may seek assistance of the auditor (or actuary or both) who shall be the Chartered Accountant within the meaning of Chartered Accountant Act, 1949 for the purpose of assisting him in any investigation. The books of account, registers and other documents are taken by the investigating authority in its custody to analyze it to find out the manipulations or fabrication in the books of accounts. Thus, Chartered Accountants plays a front role as an Forensic Accountant and aid in the investigation conducted into the affairs of the insurer as per the provisions of Insurance Act, 1938.

4)  The Prevention of Money-Laundering Act, 2002:

Section 3 of the Prevention of Money Laundering Act, 2002 defines the offence of money laundering as involvement of a person in any process or activity connected with the proceeds of crime and projecting it as untainted property. The three important stages in the money laundering process are:

• Placement: Physical disposal of cash acquired from illegal sources by depositing the cash in domestic banks or other kinds of financial institutions.

• Layering: Working through complex layers of financial transactions to distance the illicit proceeds from their source and disguise the audit trail.

• Integration: Making the wealth derived from crime appears legitimate.

Forensic Accountant can often be involved in the following antimony laundering activities:

• Investigating and analyzing financial evidence to establish a suspicious transaction;

• Developing computerized applications to assist in the analysis and presentation of financial evidence;

• Communicating their findings in the form of reports, exhibits and collections of documents that assist the banks in submission of the suspicious transaction reports to the regulator; and

• Assisting in legal proceedings, including testifying in court as an expert witness and preparing visual aids to support trial evidence.

5)  The Companies (Auditor’s Report) Order, 2003:

CARO, 2003 requires the auditor to report to the effect that if a substantial part of fixed assets have been disposed off during the year, whether it has affected the going concern status. In order to carry out the duties, the auditor has to draw a corollary and reference to the section 293 Companies Act, 1956, AS 24 (’Discontinuing Operations’) and to AAS 16 (Going Concern) and thereafter make his observations on this matter. It also requires the auditor to report on Frauds i.e.; if any fraud on or by the company has been noticed or reported during the year.

Expert forensic accounting evidence

Who is an expert witness?

An expert witness is a witness, who by virtue of education, training, skill, or experience, is believed to have knowledge in a particular subject beyond that of the average person, sufficient that others may officially (and legally) rely upon the witness’s specialized (scientific, technical or other) opinion about an evidence or fact issue within the scope of their expertise, referred to as the expert opinion, as an assistance to the fact-finder. Expert evidence is evidence given to a court or tribunal by a person, skilled and experienced in some professional or technical sphere, of the conclusions he has reached on the basis of his knowledge, from facts reported to him or discovered by him by tests, measurements or similar means. It is commonly given by, for example, doctors, chemists, surveyors, architects, accountants and the like. In a Scottish case, Davie v Edinburgh Magistrates (1953) , it was said that the function of an expert witness “…is to furnish the judge with the necessary scientific criteria for testing the accuracy of his conclusions, so as to enable the judge to form his own independent judgment by the application of those criteria to the facts proved in evidence” .

An expert witness is different from ordinary witness

Expert witnesses have a different status from ordinary witnesses when giving evidence at a Court or other judicial or quasi-judicial tribunals. The evidence of the “expert” differs from that of the ordinary witness who testifies as to facts observed, in that the expert is permitted to express his/her opinion on a matter that has occurred in the past, or may occur in the future which have not been actually observed by the expert, who is providing evidence. The relevance and weight which the Court or tribunal will attribute to such an opinion within the total evidence which is adduced is a matter for the Court or tribunal.

An expert, unlike other witnesses, is allowed, because of his special qualifications and/or experience, to give opinion evidence. It is for his opinion evidence that he is called, not for his view of the facts or circumstances of the dispute, although his interpretation of the facts is often necessary in order to explain and/or justify his conclusions.

Forensic Accountant as an Expert Witness:

The tradition and law relating to the status of the experts as witnesses dates back to English Courts around 1550. However, the first recorded use of an accountant as an expert witness was in Meyer V. Sefton, 2 Stark. 274 (1817). The use of Forensic Accountant testifying as an expert witness in the Court of law is becoming increasingly prevalent today in view of the rapid increase in the financial fraud cases. In court cases where the knowledge of an expert can help to better explain the facts in issue or relevant facts, an “expert witness” may be called upon to give expert testimony.

Section 45 of the Evidence Act which makes opinion of experts admissible, lays down that when the Court has to form an opinion upon a point of foreign law, or of science, or art, or as to identity of handwriting or finger impressions, the opinions upon that point of persons specially skilled in such foreign law, science or art, or in questions as to identity of handwriting, or finger impressions are relevant facts. However, neither the Indian Evidence Act nor there is any seminal judicial pronouncements which clarifies as to when, how and under what circumstances, the testimony of Forensic Accounting Expert would be admissible or inadmissible.

In order, to bring the evidence of a witness as that of an expert it has to be shown that he has made a special study of the subject or acquired a special experience therein or in other words that he is skilled and has adequate knowledge of the subject. The Cost Accountant or Chartered Accountant can be considered as an expert to give testimony within the meaning of Section 45 of the Evidence Act. Moreover, the draft of “The Companies Bill, 2008″ includes the definition u/s 2 (1) (zn) which interalia includes Cost Accountant and Chartered Accountant in the definition of “Expert” which can be also considered/extended for relying upon their testimony in the Criminal/civil cases by the court.

In USA, however, the admissibility of the Forensic Accounting Expert testimony is supported by the Judicial Pronouncements and Federal Rule of Evidence. Over the years, the US Supreme Court has delivered several decisions clarifying its standards for the admission of expert testimony:

In Frye v. U.S., the Court stated that expert testimony will be admitted if based on a methodology “generally accepted” by the scientific community.

In Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993) the Court concluded that the trial judge must act as a gatekeeper for expert testimony, considering several nonexclusive factors applicable

to the testimony’s reliability and relevance, including:

• Whether the theory or technique has been or can be tested,

• Whether the theory or technique has been subjected to peer review or publication,

• The known or potential rate of error, and

• Whether the theory or technique is generally accepted in the relevant scientific community.

Although Daubert focused on the admissibility of scientific expert testimony, its progeny have had a great impact on Financial Expert testimony. In Kumho Tire Co. V. Carmichael, 526 U.S. 137 (1999), the Court made clear that the gatekeeper function applies to all expert testimony, not just scientifically-based testimony.

Rule 702 of the Federal Rules of Evidence effectively codifies the Supreme Court’s decisions in “Daubert” and “Kumho”. Rule 702 provides that if the Court finds that scientific, technical or other specialized knowledge “will assist the trier of fact to understand the evidence or to determine a fact in issue,” and if the Court finds that the witness is qualified as an expert “by knowledge, skill, experience, training, or education,” then the Court may permit the witness to testify — so long as the witness’ testimony is based on “sufficient facts or data,” the testimony “is the product of reliable principles and methods,” and the witness has “applied the principles and methodology reliably to the facts of the case.

Further, concerning determinations of nonscientific expert testimony reliability, financial expert testimony (which includes Forensic Accountant Testimony) in particular, the Advisory Committee on the Federal Rules of Evidence and the Standing Committee on Rules of Practice and Procedure (“Committee”) which proposed amendments to the texts of Rules 701, 702, and 703, specifically observed:

“Some types of expert testimony will not rely on anything like a scientific method, and so will have to be evaluated by reference to other standard principles attendant to the particular area of expertise. . . . The expert’s testimony must be grounded in an accepted body of learning or experience in the expert’s field, and the expert must explain how the conclusion is so grounded. “Whether the testimony concerns economic principles, accounting standards, property valuation or other non-scientific subjects, it should be evaluated by reference to the ‘knowledge and experience’ of that particular field.”

Therefore, under the Federal Rules of Evidence, a judge will permit an accountant to testify as an expert witness only if the judge decides that:

The accountant’s testimony will help the jurors or judge understand the evidence or determine a fact in issue.

The accountant is qualified as an expert by knowledge, skill, experience, training, or education.

The accountant can show that his or her testimony (a) will be based on sufficient facts or data and (b) will be the product of reliable principles and methods that have been applied reliably to the facts of the case. (These requirements are often referred to in shorthand as “qualification, reliability, and fit.”)

Thus, under the rule announced in Daubert v. Merrill-Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993) and expanded in Kumho Tire Co. v. Carmichael, 526 U.S. 137 (1999), the courts must ensure that experts-scientific and otherwise-will offer testimony that is methodologically sound and relevant to the facts of the case before admitting their expert testimony.

Qualifying as an Expert Witness

Challenges to financial expert testimony have skyrocketed in recent years. Since Daubert v. Merrell Dow Pharmaceuticals, Inc. (1993), an increasing number of testifying experts have been subjected to challenges by opposing counsel in an attempt to prevent the experts from testifying (Journal of Forensic Accounting: 1524-5586/Vol.IV(2003), Page-113). Figlewicz and Sprohge in their article, “The CPA’s Expert Witness Role in Litigation Services: A Maze of Legal and Accounting Standards,” offer ten guidelines to help avoid legal challenges:

1. Know the relevant professional standards.
2. Apply the relevant professional standards.
3. Know the relevant professional literature.
4. Know the relevant professional organizations.
5. Use generally accepted analytical methods.
6. Use multiple analytical methods.
7. Synthesize the conclusions of the multiple analytical methods.
8. Disclose all significant analytical assumptions and variables.
9. Subject the analysis to peer review.
10. Test the analysis-and the conclusions-for reasonableness.

Now the various investigation agencies such as Police, CBI etc. are taking the help of CA/CWA as a Forensic Accountant and using their report as evidence in the cases of criminal/civil nature. Whether the aforesaid principles/guidelines laid down by the two US Supreme Court Judgments incorporated into Federal Rules of Evidence would be followed by Indian Courts or not will become clear in the due course of time.

However, the fact is that though till today there is general acceptance of admissibility of scientific evidence and expert’s opinion in Indian Courts, there is no special law with respect to this which lays down criteria, principles or guidelines in clear terms with regard to when the expert opinion would be admissible and when it will not as is the case under the US federal law. Section 45 of the Indian Evidence Act is insufficient in this regard. However, in case of doubt, the principles laid down by US Supreme Court can be adhered to. In conclusion, one should understand that it is ultimately for the Court Of Law to decide as to who is qualified as an expert by knowledge, skill, experience, training or education, who may testify thereto in the form of an opinion or otherwise if:

1. The testimony is based upon sufficient facts or data,

2. The test is the product of reliable principles and methods, and

3. The witness has applied the principles and methods reliably to the facts of the case

However, no doubt, with the rapid increase in the cases involving misappropriation of funds, manipulation of books of accounts, banking fraud cases, Securities scams etc. involving complex financial transactions, the Forensic Accountants and admissibility of their testimony needs to be elucidated and these would be determining factors for deciding the fate of these cases. The involvement of Forensic Accountant in financial fraud cases and his testimony will not only take these cases to logical conclusion but also will go a long way ahead to put a curb on these menace of white collar offences.

Neeraj Aarora

(Advocate)

Amid going concern over possible misuse of data under government control, the government has set up a panel comprising of senior babus to prepare a blueprint laying down the ground rules for privacy and data protection and fixing the criminal liability of offenders. The government has moved forward to enact new legislation on privacy in the backdrop of Aadhaar, the project to provide unique identity cards to residents of the country, and the National Intelligence Grid (Natgrid) which will give access to 21 categories of database like rail and air travel, income tax, phone calls, bank account details, credit card transactions, visa and immigration records, driving licenses of all citizens. The NIG database will be accessed by a total of 11 agencies, including the recently set-up National Investigation Agency (NIA). The Civil Right Activists made a huge cry over the possible misuse of the individual privacy and insisted on legislative measure to stop the possible misuse and punish the violators of the privacy, including the government.

The present Information Technology Act, 2000 does contain some provisions which deal with data base security and privacy for instance Section 43, 43 A, 66E and 72A. However, these provisions deals with the security of the electronic records, e-commerce transactions, and web content alone and do not address “individual privacy”. As the organizations, government non government acquires more personal information store in electronic form, privacy and confidentiality have become urgent issues. This author feels that the privacy of an individual be given due respect and should be protected by uniform, national legislation. Privacy legislation needs to be constructed carefully and prudently to protect the privacy of individuals, while facilitating the ongoing national mission to ensure the security of the state that can benefit us all.

Neraj Aarora

(Advocate)

The SEBI was established under an act of Parliament in 1992 in accordance with the provisions of SEBI Act, 1992. The main objective of SEBI as reflected in its preamble is to protect the interest of investors in securities and to promote the development of, and to regulate the securities market. The SEBI is thus a “Public Authority” as defined u/s 2 (h) of the RTI Act. The RTI Applications have flooded the SEBI which largely comes from that of investors who are victim of various fraudulent practices relating to the securities market, some of which are so gross that they even attract provisions of IPC or Information Technology Act, 2000 besides SEBI Act, 1992. The brokers or the market intermediaries who themselves are the perpetrators of the fraudulent practice would not supply the information and the investors look upon the SEBI as market regulator under whose regulatory regime the stock exchanges & broker falls. The SEBI has deep pervasive control over the stock exchanges under the various provisions of the Securities Contracts (Regulation) Act, 1956 as well as SEBI Act, 1992 which gives vast regulatory power to SEBI over stock exchanges. Moreover, the various judicial pronouncements show that the Stock Exchange is “State” or instrumentality of “State” under Article 12 of Constitution. Moreover, the SEBI itself in a RTI case has stated that ‘public authority’ is broader and more generic than the word ‘state’ under Article 12 of the Constitution of India. Therefore, the Stock Exchange being “State” is also “Public Authority” under the RTI Act. The Chief Information Commissioner accepting the contention of the SEBI held that Stock Exchange are public authority & directed them to put RTI mechanism in place which was upheld by the Hon’ble Delhi High Court.  The order of the CIC clearly directs the Securities and Exchange Board of India (Sebi) as market regulator to use its power pro-actively to seek information from market intermediaries to address investor grievances & ensure that stock exchanges function in a transparent manner, especially in respect of investor protection. However, the issue whether the Stock Exchange is public authority or not is still controversial and the pending adjudication before the Hon’ble Bombay High Court. However, the CIC in Bhojraj case has observed that the stay by the Bombay High Court on the issue whether the BSE is a “Public Authority” within the meaning of the RTI Act would not preclude the SEBI from accessing information from the Stock Exchange u/s 2(f) of the RTI Act.

In view of the aforesaid rulings, the SEBI as a market regulator endeavor to provide the information sought from it by the investors under the RTI Act, 2005 to ensure market transparency and fair play in the stock market. The rationale for bringing the bourses under the purview of the RTI Act is in fact very sound and cannot be questioned as the investor and client protection is an important function of SEBI as capital market regulator. Last but not the least, any denial of the information on the part of the SEBI would be against the very objective & Preamble of SEBI Act as well as the RTI Act. The information sought by the investing public with respect to their shares trades executed via brokers/stock exchanges relates to an public activity, are within the access of SEBI. The information sought by the investors should be provided by the SEBI by exercising its power under RTI Act over Stock Exchanges, which would go a long way to ensure transparency, integrity and accountability in the share market and the transparency of such information is vital in the larger interest of the investing public. The denial of such information in actual possession & within the reach of the SEBI would increase the incidents of share frauds as the fraudsters illegal activities in the stock market would not come to light being immune from the RTI Act which would harm the economic growth as public would lose faith in the stock market the working of which is of public nature and therefore, not good in the larger interest of investing public.

Neeraj Aarora

(Advocate)