The state-owned Punjab National Bank's (PNB) risk management system is going to come under close scrutiny from the Reserve Bank of India (RBI) for laxity in the SWIFT messaging system and non-reconciliation of Nostro balances to detect the reported fraud.
These two key elements - Swift and Nostro - are at the heart of the USD $1.77 billion (Rs 11,395 crore) fraud, as claimed by the PNB, perpetrated by its customer Nirav Modi to whom the letter of undertaking (LoU) were issued by the PNB. The LoUs were issued by PNB to the branches of half a dozen other banks based on which the funds were transferred to PNB's Nostro account.
SWIFT refers to Society for Worldwide Inter-Bank Financial Telecommunication. The SWIFT codes, like the IFSC code in the inter-bank domestic transfers, are used for inter-bank international money transfers and messaging. In fact, the banks are identified with the alphanumeric SWIFT code. In the present case, the overseas branches of other banks got the information about the bank fraud from the SWIFT messaging from PNB. "How a message in SWIFT goes undetected in the bank. The amounts were large. The proper auditing of a SWIFT messaging would have easily raised a red flag," sources say. PNB later realized that the documents submitted by Nirav Modi's firms were not in order.
It is the same with Nostro account of PNB with other banks overseas. Banks hold Nostro account with each other for cross border foreign currency transactions. There are many transactions through the day, but banks makes a combined statement at the end of the day. There are generally weekly or fortnightly reports for analysis. In fact, the RBI, as part of its risk management, advices banks to do reconciliation. "How come the reconciliation didn't show that there is something amiss," sources say. The Indian banks affected by the PNB fraud deposited the money in the PNB's Nostro account. The money was then transferred outside the bank's system.
The banks have been using the SWIFT and the Nostro account for decades without any issues. Clearly, the PNB case shows there was laxity in its risk management system.