In 2008, a series of cyber-intrusions at the World Bank raised concerns about the security of international financial data held at the institution. The Bank’s chief vendor for cyber-security, Satyam Computer Services, Ltd. of India, came under scrutiny as the IT system the company had designed appeared vulnerable. The facts that emerged about the scandal subsequently included a massive accounting fraud, an ineffective World Bank response to the emergency and persistent questions about the integrity of the Bank and its actions. Satyam, a billion-dollar IT outsourcing corporation collapsed under the weight of the fraud in January 2009, and is now known as “India’s Enron.”
In the spring and summer of 2008, the information system of the World Bank suffered a series of cyber intrusions. An e-mail obtained by Fox News showed that a minimum of 18 World Bank servers had been breached, and that of those, five contained sensitive data.
The Bank’s IT services had attracted concern before. For years, the Department of Institutional Integrity (INT), the Bank’s anti-corruption unit, had been investigating the relationship between Mohamed Muhsin, Chief Information Officer at the World Bank until 2005, and Satyam, the Bank’s ‘strategic partner’ in IT systems. In 2005, Muhsin retired under a cloud, as well as under investigation for receiving ‘improper benefits’ from Satyam.
Satyam was India’s fourth largest IT company and operated in 65 countries around the world. The company, at that point, claimed to employ 52,865 workers and serve 690 companies, including 185 Fortune 500 firms. Work in the U.S. accounted for 62 percent of Satyam’s revenues, and the company was headquartered in Hyderabad, India. Under Muhsin, Satyam had become deeply embedded as a ‘back office’ IT services provider at the World Bank, and in 2005, the company registered as a potential vendor with the UN.
After the cyber breaches at the World Bank came to light, Satyam was immediately suspected by both internal and external observers. Nonetheless, the Bank repeatedly denied that the company was at fault. In December 2008, the World Bank admitted to GAP that Satyam had been suspended from consideration for future contracts by the Bank in February 2008, and debarred for eight years in September 2008. The debarment, Bank officials told GAP, was a penalty for giving improper benefits to staff members at the Bank and for collecting on undocumented invoices. Muhsin, it turned out, had been debarred from future work at the Bank permanently. Given what the Bank knew about high-level corruption at Satyam, the confidence expressed by Bank management that the company was not behind the cyber-attacks seemed oddly misplaced.
As Satyam’s status at the World Bank eroded in 2008, the company undertook to re-register its services through subsidiaries with new vendor numbers at UN funds and programs. Over the course of 2008, Satyam re-registered and became an approved vendor through its Swiss and U.S. operations in August and September. At a number of funds and programs, Satyam’s registration was approved with notable alacrity – in the same day. For reasons unknown, the World Bank apparently had not flagged Satyam as a risky vendor prone to corruption with the Inter-agency Procurement Working Group at the United Nations.
The Confession and the World Bank’s Opaqueness
On January 7, 2009, Raju confessed that he had “cooked the Satyam books,” and that $1 billion in claimed cash assets did not exist. As a consequence, the government of India expressed shock – which did not seem entirely genuine – sacked the Satyam board and began efforts to salvage the remains of the company. At the time, Raju claimed that the fraud began as an effort to obscure minor losses by the company and grew over the years to a gap between real and actual revenues that he could no longer conceal. He flatly denied stealing from the company to benefit himself and his family, and he denied that any other officials related to Satyam or its clients were involved. In light of more recent disclosures, these claims are dubious. (Months later, it was discovered that a whistleblower’s internal disclosures prompted Raju’s confession, and not his own conscience).
Then, on January 11, 2009, the World Bank announced that two other India-based IT companies had also been debarred from direct future work: Wipro Technologies and Megasoft Consultants, Ltd.
Because of its close relationship to Satyam, Megasoft attracted attention when identified as a debarred firm by the Bank. FoxNews reported that as early as 2003, Megasoft’s founder-chairman, Ravindra Sannareddy, was running a software services division in the U.S. for Satyam Group. In 2004, Satyam co-founder Srini Raju, Ramalinga Raju’s brother, merged one of his private companies into Megasoft, which began to bid successfully for World Bank contracts soon afterward.
At the time it announced the three debarments, the Bank also stated that, in the future, it would disclose the names of its own direct contractors who had been debarred. The step brought corporate procurement regulations closer to the disclosure policies in effect for debarments associated with projects and loans in borrowing countries.
But already much damage has been done. The World Bank had information in 2006 that high-level Satyam management had improperly influenced Muhsin, but management did not reveal this either to the SEC in the United States or the Securities Exchange Board of India (where Satyam is publicly traded). Nor was the UN Inter-Agency Procurement Working Group informed, although its purpose is to share information across the UN system about vendors in order to contract services most efficiently. Further, sources say that the World Bank and the UN Working Group met in June, but apparently the Satyam issue was neither mentioned nor considered. After Satyam was suspended by the World Bank in February last year, the UN contracted the company for $6 million plus, just five months later.
On January 20, 2009, prosecutors in India revealed that about 10,000 Satyam employees may not have ever existed, and the funds paid to them as salaries may have been deposited in Raju-related bank accounts instead. In the US, the SEC announced an investigation and, to date, at numerous class action investors’ lawsuits have been filed against Satyam.
On January 14, 2009, GAP wrote a detailed letter to World Bank Managing Director Juan José Daboub asking whether the Bank would cooperate in the SEC and SEBI investigations of Satyam, among other things, or whether the Bank will invoke its immunities. In response, Daboub replied with a short paragraph that failed to answer any inquiries. His note rejected transparency at a time when the Bank was under fire for concealing allegations of corruption involving an IT firm that solicited contracts throughout the UN system, even as the World Bank banned it from future work.
Months later, in April 2009, a company named Tech Mahindra won the bidding to control Satyam. The sale process, however, was plagued with transparency problems and conflicts of interest. The new Satyam board, appointed by the Government of India, promised to execute the sale transparently, but for reasons unknown did not consult with shareholders when designing the terms of the bidding process.
Later on in April, the complexity of the Satyam fraud deepened when details emerged from the Indian Criminal Bureau of Investigation (CBI), describing an elaborate system of generating false invoices to inflate the company’s revenues on a grand scale. Based on an artificially profitable picture of the company, the Raju family then apparently offloaded Satyam stock through a complex array of companies that hid the identities of the beneficiaries of the sales.
In May 2009, it was discovered that the World Bank’s Administrative Tribunal (AT) found a former senior manager guilty that previous March of accepting ‘improper benefits’ from institutional IT vendors – among them, Satyam. The decision was peculiar for many reasons.
In November 2009, new charges were filed by the CBI alleging that the fraud involved approximately $1 billion more than Satyam CEO Ramalinga Raju originally admitted. New evidence showed that the missing Satyam assets may not have been simply invented to inflate the value of the company – the money trail suggested the inflated assets were stolen in a complicated confidence scam involving Raju’s relatives.
GAP continues to monitor the developments in the Satyam case. In November 2008 GAP filed a Freedom of Information Act (FOIA) request with the Justice Department to learn what the Bank and U.S. government knew about corruption at the highest levels of Satyam management, and when they knew it. In December 2009, after three FOIA requests and two responses from the DOJ asserting that it had no information from the World Bank concerning corruption at Satyam, GAP received four documents in full and one in part from the Department. The remaining 13 documents were withheld in full. GAP is currently pursuing a lawsuit against the DOJ in which we contest the decision to withhold these documents. DOJ also failed to account for crucial documents that GAP asserts are in the possession of the Criminal Division. In addition, the DOJ consistently missed statuary deadlines in responding to our requests and appeals.
1/11/11: The Satyam Fraud, Two Years Later
10/6/10: What’s Going on with Satyam?
8/ 27/10 “Suivez la piste”...of the Fading Fraud at Satyam
7/28/10: Parallel Universes?
7/27/10: In India, the Satyam Investigation Grinds On
2/24/09: World Bank Exempts Its Own Operations from Accountability Demanded of Borrowers
2/10/09: World Bank Refuses to Divulge Procedural Info in Letter to GAP
1/14/09: GAP Letter To World Bank Asks for Debarment Clarification