17 months before PNB fraud, RBI warned banks of tech abuse
The circular has emerged a day after the Centre said the PNB fraud was a result of failure of the RBI.
Mumbai: The Reserve Bank of India had long back, in June 2016, warned the banks about the abuse of SWIFT interbank network for "unauthorized transfer of funds".
The RBI circular has emerged a day after the Centre said the Rs 11,300 crore fraud at state-run Punjab National Bank was a "manifestation of supervisory failure" at the country's central bank.
In a letter to the RBI, the government said the failure to detect the fraud, the biggest ever in India's banking sector, raised questions about the central bank's "efficacy of supervision to detect and check systemic failure", NewsRise and other media reported.
PNB, the second largest state-run bank, had on February 14 detected a USD 1.77 billion fraud at its Brady House branch in Horniman Circle area of south Mumbai and named the firms led by Modi and his uncle Mehul Choksi's Gitanjali Group and some other diamond and jewelry merchants as suspects.
In the notice put out, the RBI had called for the implementation of Cyber Security Framework in Banks in the wake of increase in the number, frequency and impact of cyber incidents.
The central bank had then advised the banks to put in place a Cyber Security Policy containing an appropriate approach to combat cyber threats.
Seventeen months before, the RBI had cautioned banks on the abuse of SWIFT after an attempt was made to swindle another government bank, the Union Bank of India.
It advised the banks to get the SWIFT infrastructure comprehensively audited for malicious software script or activities. It also asked the banks to take appropriate steps to rectify malicious activity and to patch vulnerabilities in the SWIFT IT.
SWIFT (Society for Worldwide Interbank Financial Telecommunications) is a messaging system used by banks the world over to send information and instructions in an encrypted format through a secure channel.
The PNB fraud case included the alleged misuse of the SWIFT interbank messaging system and incomplete ledger entries.
According to court documents filed by the CBI, PNB branch deputy manager Gokulnath Shetty issued a series of fraudulent Letters of Undertaking - essentially guarantees sent to other banks so that they would provide loans to a customer, in this case a group of jewellery companies.
These letters were sent to overseas branches of banks, thought to be almost all Indian, that would then lend money to the jewellery firms.
Shetty did so using the bank's SWIFT system to log in with passwords that allowed him, and in at least some instances a more junior official, to serve as both the person who sent messages and as the person who reviewed them for approval, according to court documents and interviews with bank executives.
After entering the transactions on SWIFT, Gokulnath Shetty did not record them on the bank's internal system.
Because PNB's internal software system was not linked with SWIFT, employees were expected to manually log SWIFT activity. If that was not done, the transactions did not show up on the bank's books and thus the fraud was pulled off.