Banks still haven't learnt their lesson! RBI again says fix the gaps in SWIFT systems
BusinessToday.In September 5, 2018
The Reserve Bank of India (RBI) has been calling for a comprehensive audit of SWIFT systems in use since 2016, long before the Rs 13,000 crore Punjab National Bank scam broke. But banks are yet to pay heed, and hence the regulator has reportedly issued show-cause letters to several banks.
To remind you, the reason the scam escaped detection for so long is that rogue bank employees had issued fraudulent Letters of Undertaking (LoU) by using the SWIFT messaging system, without recording the transactions in the bank's core banking software (CBS) - something he was supposed to do since the two systems were not integrated.
As details about the scam surfaced earlier this year, the apex bank had once again cracked the whip. According to The Economic Times, in a confidential advisory to CEOs of all banks, the RBI had directed them to put in place a slew of measures to curb such frauds.
To begin with, banks were directed to immediately ensure that no SWIFT message, creating funded or non-funded exposure to banks, got sent without first ensuring that the underlying transaction was duly reflected in the CBS/accounting system.
Secondly, they were asked to implement straight-through processing between both systems by April 30, 2018. Moreover, a detailed timeline was issued to banks for implementation of 20-odd controls related to SWIFT and Nostro accounts. Some of these measures had to be implemented with immediate effect while the rest had to be put in place between March and June-end.
Other measures suggested by the RBI included putting in place a system to generate alerts on breach of any control limits as well as any other unusual feature in the transactions; auditing SWIFT/Nostro transactions for any anomaly by sourcing the data in raw form from the originating system; reconciling payment messages every one or two hours by comparing the outward messages with SWIFT confirmation; and setting limits for all corporate customers (fund and non-fund based limits), which would be monitored centrally by bank's risk management division every week.
But now, having discovered that many banks are yet to fully implement the measures, the regulator has asked them to explain the delay. Citing bankers the daily added that the show-cause letters issued in August-end points out lapses in close to 25 banks.
"There is a degree of paranoia. I believe banks have been told to follow a two-step authentication for large value transaction. Some of these measures may slow down a bank. But that's the price you pay after a scam," said a source.
Edited By Sushmita Choudhury Agarwal